Add GitLab role

a5784406 · Sven-Hendrik Haase · fa1da1a5 · a5784406 · a5784406 · a5784406
Commit a5784406 authored Aug 11, 2019 by Sven-Hendrik Haase
--- a/group_vars/all/archusers.yml
+++ b/group_vars/all/archusers.yml
@@ -264,6 +264,9 @@ arch_users:
    groups:
      - dev
      - multilib
+  gitlab:
+    name: ""
+    groups: []
  grazzolini:
    name: "Giancarlo Razzolini"
    ssh_key: grazzolini.pub

--- a/group_vars/all/vault_gitlab.yml
+++ b/group_vars/all/vault_gitlab.yml
+$ANSIBLE_VAULT;1.1;AES256
+30373662313233366335326465303964376230346234633438356330643962626338356133333764
+3639366535343030303632303766656663633937393561370a653062383335333531336363323835
+32663063313964353937663234313263363937653039333162616437393766666337356632366332
+3434636134643030640a613462353965333339643366313239643665346333383336633765316364
+35366330363333386665323232316334613333363134353039633935643738373835383934383632
+63313037613131613232343561333034323862363534363562333436616366306434366462646330
+656163303863373565656233646239633064
--- a/playbooks/gitlab.archlinux.org.yml
+++ b/playbooks/gitlab.archlinux.org.yml
+---
+
+- name: setup gitlab server
+  hosts: gitlab.archlinux.org
+  remote_user: root
+  roles:
+    - { role: common }
+    - { role: tools }
+    - { role: firewalld }
+    - { role: sshd }
+    - { role: root_ssh }
+    - { role: gitlab, gitlab_domain: "gitlab.archlinux.org" }
--- a/roles/gitlab/tasks/main.yml
+++ b/roles/gitlab/tasks/main.yml
+---
+
+- name: install docker dependencies
+  pacman: name=docker,python-docker state=present
+
+- name: start docker
+  service: name=docker enabled=yes state=started
+
+- name: start docker gitlab image
+  docker_container:
+    name: gitlab
+    image: gitlab/gitlab-ce:latest
+    domainname: "{{ gitlab_domain }}"
+    published_ports:
+      - "80:80"
+      - "443:443"
+      - "222:22"
+    pull: yes
+    restart_policy: always
+    env:
+      # See https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url 'https://{{ gitlab_domain }}'
+        letsencrypt['enable'] = true
+        letsencrypt['contact_emails'] = ['webmaster@archlinux.org']
+        gitlab_rails['lfs_enabled'] = true
+        gitlab_rails['gitlab_shell_ssh_port'] = 222
+        gitlab_rails['initial_root_password'] = "{{ gitlab_root_password }}"
+        gitlab_rails['smtp_enable'] = true
+        gitlab_rails['smtp_address'] = 'mail.archlinux.org'
+        gitlab_rails['smtp_port'] = 587
+        gitlab_rails['smtp_user_name'] = 'gitlab'
+        gitlab_rails['smtp_password'] = "{{ gitlab_root_password }}"
+        gitlab_rails['smtp_domain'] = 'gitlab.archlinux.org'
+        gitlab_rails['smtp_enable_starttls_auto'] = true
+        gitlab_rails['gitlab_email_enabled'] = true
+        gitlab_rails['gitlab_email_from'] = 'gitlab@archlinux.org'
+        gitlab_rails['gitlab_email_display_name'] = 'GitLab'
+        gitlab_rails['gitlab_email_reply_to'] = 'noreply@archlinux.org'
+        gitlab_rails['gitlab_default_theme'] = 2
+    volumes:
+      - "/srv/gitlab/config:/etc/gitlab"
+      - "/srv/gitlab/logs:/var/log/gitlab"
+      - "/srv/gitlab/data:/var/opt/gitlab"
+
+- name: open firewall holes
+  firewalld: port={{ item }} permanent=true state=enabled immediate=yes
+  when: configure_firewall
+  with_items:
+    - "80/tcp"
+    - "443/tcp"
+    - "222/tcp"
+  tags:
+    - firewall
+
+- name: make docker0 interface trusted
+  firewalld: interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
+  when: configure_firewall
+  with_items:
+    - "80/tcp"
+    - "443/tcp"
+    - "222/tcp"
+  tags:
+    - firewall