feat: abstracted all domain instances away to the configuration files

Taskfile.yml

@@ -1,5 +1,10 @@
 version: 3
-silent: true
+# silent: true
+
+vars:
+  DOMAIN: { sh: jq -r .domain < config/variables.secret.tf.json }
+  SUB_DOMAIN: { sh: jq -r .subdomain < config/variables.secret.tf.json }
+  FULL_DOMAIN: '{{.SUB_DOMAIN}}.{{.DOMAIN}}'
 
 includes:
   tf: { taskfile: terraform, dir: terraform }
@@ -26,9 +31,8 @@ tasks:
   push:
     dir: gitea
     vars:
-      TAG: git.maximhutz.com/web/git/gitea:latest
+      TAG: '{{.FULL_DOMAIN}}/web/gitea:latest'
     cmds:
-      - docker login git.maximhutz.com -u max
+      - docker login '{{.FULL_DOMAIN}}' -u max
       - defer: docker logout
-      - docker build . -t {{.TAG}} -f Dockerfile --platform linux/amd64,linux/arm64
-      - docker push {{.TAG}}
+      - docker buildx build -t {{.TAG}} -f Dockerfile --platform linux/amd64,linux/arm64 --push --provenance=false .

gitea/Dockerfile

@@ -2,4 +2,5 @@ FROM gitea/gitea:latest-rootless
 
 ADD --chown=git:git config /etc/gitea
 ADD --chown=git:git custom /etc/gitea-custom
+
 ENV GITEA_CUSTOM=/etc/gitea-custom

gitea/Dockerfile.dev

@@ -2,7 +2,6 @@ FROM gitea/gitea:latest-rootless
 
 ADD --chown=git:git config /etc/gitea
 ADD --chown=git:git custom /etc/gitea-custom
-ENV GITEA_CUSTOM=/etc/gitea-custom
 
 RUN rm /etc/gitea/app.ini
 RUN mv /etc/gitea/dev.app.ini /etc/gitea/app.ini

gitea/config/app.ini

@@ -24,32 +24,18 @@ DISABLE_SSH = false
 START_SSH_SERVER = true
 SSH_PORT = 22
 SSH_LISTEN_PORT = 22
-SSH_DOMAIN = git.maximhutz.com
+# SSH_DOMAIN = %(FULL_DOMAIN)s
 BUILTIN_SSH_SERVER_USER = git
 
-; --- Signed SSL ---
 PROTOCOL=https
 ENABLE_ACME=true
 ACME_ACCEPTTOS=true
 ACME_DIRECTORY=https
-ACME_EMAIL=proxy@maximhutz.com
-DOMAIN = git.maximhutz.com
-ROOT_URL = https://git.maximhutz.com/
+# ACME_EMAIL=%(EMAIL)s
+# DOMAIN = %(FULL_DOMAIN)s
+# ROOT_URL = %(ROOT_URL)s
 HTTP_PORT = 443
 
-; --- No SSL ---
-; DOMAIN = git.maximhutz.com
-; ROOT_URL = http://git.maximhutz.com/
-; HTTP_PORT = 80
-
-; --- Self-Signed SSL ---
-# PROTOCOL  = https
-# ROOT_URL  = https://git.maximhutz.com/
-# DOMAIN = git.maximhutz.com
-# HTTP_PORT = 443
-# CERT_FILE = cert.pem
-# KEY_FILE  = key.pem
-
 [database]
 DB_TYPE = sqlite3
 

gitea/config/dev.app.ini

@@ -28,12 +28,6 @@ SSH_LISTEN_PORT = 2222
 SSH_DOMAIN = localhost
 BUILTIN_SSH_SERVER_USER = git
 
-; --- No SSL ---
-; DOMAIN = localhost
-; ROOT_URL = http://localhost:80/
-; HTTP_PORT = 80
-
-; --- Self-Signed Certificate ---
 PROTOCOL  = https
 ROOT_URL  = https://localhost:443/
 DOMAIN = localhost

playbooks/deploy.yml

@@ -52,6 +52,10 @@
           GITEA__security__INTERNAL_TOKEN: "{{ internal_secret }}"
           GITEA__server__LFS_JWT_SECRET: "{{ lfs_secret }}"
           GITEA__oauth2__JWT_SECRET: "{{ jwt_secret }}"
+          GITEA__server__ACME_EMAIL: "{{ email }}"
+          GITEA__server__SSH_DOMAIN: "{{ full_domain.value }}"
+          GITEA__server__DOMAIN: "{{ full_domain.value }}"
+          GITEA__server__ROOT_URL: "https://{{ full_domain.value }}/"
         labels:
           docker-volume-backup.stop-during-backup: "true"
         volumes:

terraform/network.tf

@@ -1,9 +1,6 @@
 locals {
   # The IP block for the VPC.
   vpc_cidr = "10.0.0.0/16"
-
-  # Here is the domain name changes.
-  domain_name = "maximhutz.com"
 }
 
 data "aws_availability_zones" "all" {}

terraform/output.tf

@@ -25,3 +25,9 @@ output "boot_secret" {
   description = "The access secret to manipulate the codebase repository boot."
   sensitive   = true
 }
+
+output "full_domain" {
+  value       = "${var.subdomain}.${var.domain}"
+  description = "The domain of the Gitea instance."
+  sensitive   = true
+}

terraform/routing.tf

@@ -1,12 +1,12 @@
 # The Route53 DNS zone.
 data "aws_route53_zone" "main" {
-  name = local.domain_name
+  name = var.domain
 }
 
 # Push all domain traffic through the reverse proxy.
 resource "aws_route53_record" "domain" {
   zone_id = data.aws_route53_zone.main.zone_id
-  name    = "git.${data.aws_route53_zone.main.name}"
+  name    = "${var.subdomain}.${data.aws_route53_zone.main.name}"
   type    = "A"
   ttl     = "60"
   records = [aws_eip.public.public_ip]

terraform/variables.tf

@@ -27,3 +27,13 @@ variable "boot_role" {
   type        = string
   description = "The name of the role for boot access."
 }
+
+variable "domain" {
+  type        = string
+  description = "The name of the domain."
+}
+
+variable "subdomain" {
+  type        = string
+  description = "The name of the subdomain."
+}