diff --git a/init.yaml b/init.yaml index dab8295..70728a7 100644 --- a/init.yaml +++ b/init.yaml @@ -5,10 +5,12 @@ vars_files: - vars/services.yml - vars/environment.yml + - vars/databases.yml roles: - geerlingguy.docker - geerlingguy.pip + - geerlingguy.mysql - kadet.docker-swarm tasks: diff --git a/roles/kadet.docker-swarm/tasks/main.yml b/roles/kadet.docker-swarm/tasks/main.yml index e0565e4..4a717d6 100644 --- a/roles/kadet.docker-swarm/tasks/main.yml +++ b/roles/kadet.docker-swarm/tasks/main.yml @@ -3,6 +3,7 @@ community.docker.docker_swarm: state: present advertise_addr: "{{ swarm_addr|default(omit) }}" + task_history_retention_limit: "{{ swarm_task_history_limit|default(3) }}" - name: Init global networks for swarm community.docker.docker_network: @@ -10,3 +11,7 @@ driver: "{{ item.driver|default('overlay') }}" scope: swarm loop: "{{ swarm_global_networks }}" + +- name: Set swarm_host_address fact + set_fact: + swarm_host_address: "{{ ansible_docker0.ipv4.address }}" diff --git a/services/gitea/stack.yml b/services/gitea/stack.yml index abaa9aa..b428226 100644 --- a/services/gitea/stack.yml +++ b/services/gitea/stack.yml @@ -11,16 +11,15 @@ services: - USER_GID={{ git_user.group }} - ROOT_URL=http://git.{{ main_domain }}/ - DB_TYPE=mysql - - DB_HOST=db:3306 - - DB_NAME=gitea - - DB_USER=gitea - - DB_PASSWD=gitea + - DB_HOST={{ database_mysql_host }}:3306 + - DB_NAME={{ database.name }} + - DB_USER={{ database.user }} + - DB_PASSWD={{ database.password }} ports: - 127.0.0.1:2222:22 networks: - "{{ ingress_network }}" - default - depends_on: ['db'] volumes: - "{{ repositories_path }}:/data" - "{{ git_user.home }}/.ssh:/data/git/.ssh" @@ -31,14 +30,3 @@ services: - traefik.enable=true - traefik.http.routers.{{ service }}.rule=Host(`git.{{ main_domain }}`) - traefik.http.services.{{ service }}.loadbalancer.server.port=3000 - - db: - image: mysql:5.7 - restart: always - environment: - - MYSQL_ROOT_PASSWORD=gitea - - MYSQL_USER=gitea - - MYSQL_PASSWORD=gitea - - MYSQL_DATABASE=gitea - volumes: - - db_data:/var/lib/mysql diff --git a/vars/databases.yml b/vars/databases.yml new file mode 100644 index 0000000..ee0c312 --- /dev/null +++ b/vars/databases.yml @@ -0,0 +1,57 @@ +mysql_root_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63373634623230333965653830623535363363363930666331303933303061333135373163366434 + 6263633764613336356130343562333635623731346636650a613063323833363038356566306633 + 33376461626236663765323234613966613036616635646362316230313162333838326263393563 + 3134373663326635650a303837303133353830366236346536333238366664633131613437346363 + 30316362393664316261363834633464303632323461626463636263626236346566323165323738 + 3036323064333065663430316362363630313065613437343938 + +mysql_databases: + - name: gitea + - name: wipe + - name: keylighter + +mysql_users: + - name: gitea + priv: gitea.*:ALL + host: '172.%' + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30636438636462653666616466313837303063666463656462383737326662636231393933353735 + 3262636431363230323834313637626136396362656564350a643732306466643536323937353531 + 62643935653066373330633732623162376431356535663766393435636336343561373861653534 + 6565323737646632610a383561386133303963613333656532623636363039336265356334373230 + 35356139353564373630363838393166316339616434306461396238626361653638 + - name: keylighter + priv: keylighter.*:ALL + host: '172.%' + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63656537653463313639373130666537373365393866623031616265643762353739643965326132 + 3764653563333266616132393335613335363361633531660a373730363362666230363836393266 + 62346536356636653664306131643636303164356531656139616463363337343866386135616135 + 3765393631656264660a346264613933663136636464666430633062623438386561363137383538 + 36613162336666323933333833643838373465333764643134663631333631383231 + - name: shitcode + priv: shitcode.*:ALL + host: '172.%' + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 39306237636162363632396565633635373166333732333139343036666434303938613038646665 + 3839373166306433643232323535636239333730613566310a326239393635326635623830343732 + 61613137616236303230626639666334326466333931613430613166333161646536313661343738 + 3732386638376330350a353334383464313866613738646566636665396566623062373564323933 + 65396634613136306630643964386637653936346236386333323262363430303261 + - name: wipe + priv: wipe.*:ALL + host: '172.%' + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63313762333536383933373232616461356632373963666438333339626434303661313131383061 + 6461316637326634393862626632316139656133353833360a383466303763663135383536376539 + 65373333353830613433663533633265303965356234396136326631626239646533383761326135 + 3365633834336464340a616133656265663039353236666565316431383631656435303166393538 + 63323630626239396263626536306632356635373535366335666265396630353430 + +mysql_user_passwords: "{{ mysql_users|items2dict(key_name='name', value_name='password') }}" diff --git a/vars/services.yml b/vars/services.yml index 42acd1a..377814f 100644 --- a/vars/services.yml +++ b/vars/services.yml @@ -13,6 +13,8 @@ ingress_network: traefik main_domain: kadet.local +database_mysql_host: "{{ swarm_host_address }}" + service_config: traefik: dashboard_users: @@ -25,4 +27,9 @@ service_config: 3634346265616162370a653132663638633234663432343839666531363734376433343836316137 35353236333161636466383462343234323461623233643339653739623932666637386633626330 6366666637366362663865313661306137383931613565663564 + gitea: + database: + name: gitea + user: gitea + password: "{{ mysql_user_passwords['gitea'] }}"