Use simpler file structure

.ansible-lint

@@ -1,5 +0,0 @@
-parseable: true
-quiet: true
-skip_list:
-  - '501'
-use_default_rules: true

.gitignore

@@ -12,3 +12,5 @@ vault
 vaults/
 
 node_modules/
+
+roles/

.gitlab-ci.yml

@@ -3,40 +3,24 @@ stages:
   - test
 
 cache:
-  key: "$CI_COMMIT_REF_SLUG"
+  key: $CI_COMMIT_REF_SLUG
   paths:
     - .cache/pip
     - node_modules/
 
 lint:
-  stage: lint
-  image: python:3.7
-  before_script:
-    - pip install ansible ansible-lint --quiet
-  script:
-    - ansible-lint playbook.yml
-  only:
-    refs:
-      - development
-      - merge_requests
-
-pretty-lint:
   stage: lint
   image: node:12
   before_script:
-    - npm install
+    - npm install prettier --no-save
   script:
-    - npx prettier "roles/**/*.yml" --check
+    - npx prettier '**/*.yml' --check
-  only:
-    refs:
-      - development
-      - merge_requests
 
 syntax-test:
   stage: test
   image: python:3.7
   before_script:
-    - pip install ansible ansible-lint --quiet
+    - pip install ansible --quiet
-    - ansible-galaxy install -r roles/requirements.yml
+    - ansible-galaxy install -r requirements.yml
   script:
     - ansible-playbook playbook.yml --syntax-check

.prettier.json

@@ -1,9 +0,0 @@
-{
-    "singleQuote": true,
-    "printWidth": 90,
-    "tabWidth": 2,
-    "useTabs": false,
-    "bracketSpacing": true,
-    "parser": "yaml"
-}
-

.prettierrc.yml

@@ -0,0 +1,5 @@
+singleQuote: true
+printWidth: 90
+tabWidth: 2
+useTabs: false
+bracketSpacing: true

playbook.yml

@@ -1,5 +1,29 @@
 - hosts: gitlab
-  become: yes
+  become: true
   become_method: sudo
+  pre_tasks:
+    - name: install packages
+      apt:
+        name: '{{ packages }}'
+        state: present
+    - include_role:
+        name: common
+        tasks_from: 'setup.yml'
+    - include_role:
+        name: common
+        tasks_from: 'network.yml'
+    - include_role:
+        name: common
+        tasks_from: 'host.yml'
   roles:
-    - gitlab
+    - common
+  tasks:
+    - include_role:
+        name: common
+        tasks_from: 'ssl.yml'
+    - import_tasks: 'tasks.yml'
+  vars_files:
+    - 'vars/main.yml'
+    - 'vars/network.yml'
+    - 'vars/postgres.yml'
+    - 'vars/email.yml'

roles/.gitignore

@@ -1,6 +0,0 @@
-# ignore all external roles and files in the roles dir
-/*
-
-!.gitignore
-!requirements.yml
-!gitlab*/

roles/gitlab/meta/main.yml

@@ -1,16 +0,0 @@
-dependencies:
-  - common
-
-galaxy_info:
-  author: sonny
-  description: "Gitlab omnibus installation"
-  license: "license GPLv3"
-  min_ansible_version: 2.7
-  issue_tracker_url: "https://git.fudiggity.nl/ansible/gitlab/-/issues"
-  platforms:
-    - name: Debian
-      versions:
-        - buster
-  galaxy_tags:
-    - development
-    - system

tasks.yml

@@ -1,17 +1,10 @@
-- include_role:
-    name: common
-    tasks_from: "network.yml"
-- include_role:
-    name: common
-    tasks_from: "host.yml"
-
 - name: copy gitlab firewall template
   template:
-    src: "nftables.j2"
+    src: 'templates/nftables.j2'
-    dest: "/etc/nftables.conf"
+    dest: '/etc/nftables.conf'
     owner: root
     group: root
-    mode: "0600"
+    mode: '0600'
   notify: restart nftables
 
 - name: create gitlab config dir
@@ -20,53 +13,48 @@
     state: directory
     owner: root
     group: root
-    mode: "0644"
+    mode: '0644'
 
 - name: copy gitlab config
   template:
-    src: "gitlab.j2"
+    src: 'templates/gitlab.j2'
-    dest: "/etc/gitlab/gitlab.rb"
+    dest: '/etc/gitlab/gitlab.rb'
     owner: root
     group: root
-    mode: "0600"
+    mode: '0600'
 
-- name: install packages
+- name: copy postfix config
-  apt:
+  template:
-    name:
+    src: 'templates/postfix.j2'
-      - curl
+    dest: '/etc/postfix/main.cf'
-      - openssh-server
+    owner: root
-      - ca-certificates
+    group: root
-      - postfix
+    mode: '0644'
-    state: present
   notify: restart postfix
 
 - name: check installed packages
   package_facts:
     manager: apt
 
-- include_role:
-    name: common
-    tasks_from: "ssl.yml"
-
 - name: download gitlab setup script
   get_url:
-    url: "{{ gitlab_setup_script }}"
+    url: '{{ gitlab_setup_script }}'
     dest: /tmp/
-    mode: "0750"
+    mode: '0750'
   when: "'gitlab-ee' not in ansible_facts.packages"
 
 - name: run gitlab setup script
   command: /tmp/script.deb.sh
   when: "'gitlab-ee' not in ansible_facts.packages"
 
-- name: install gitlab # noqa 403
+- name: install gitlab
   apt:
-    name: "gitlab-ee"
+    name: 'gitlab-ee'
     update_cache: true
     state: latest
   register: package_install
 
 # Updates reconfigure automatically
 - name: reconfigure gitlab
-  command: gitlab-ctl reconfigure
+  command: 'gitlab-ctl reconfigure'
-  when: not package_install.changed # noqa 503
+  when: not package_install.changed

templates/gitlab.j2

@@ -71,9 +71,9 @@ external_url 'https://git.fudiggity.nl'
 # gitlab_rails['max_request_duration_seconds'] = 57
 
 ### Email Settings
-# gitlab_rails['gitlab_email_enabled'] = true
+gitlab_rails['gitlab_email_enabled'] = true
-# gitlab_rails['gitlab_email_from'] = 'example@example.com'
+gitlab_rails['gitlab_email_from'] = '{{ smtp_username }}'
-# gitlab_rails['gitlab_email_display_name'] = 'Example'
+gitlab_rails['gitlab_email_display_name'] = 'Gitlab'
 # gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
 # gitlab_rails['gitlab_email_subject_suffix'] = ''
 # gitlab_rails['gitlab_email_smime_enabled'] = false
@@ -625,19 +625,19 @@ gitlab_rails['db_sslmode'] = "require"
 ###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
 ###! **Use smtp instead of sendmail/postfix.**
 
-# gitlab_rails['smtp_enable'] = true
+gitlab_rails['smtp_enable'] = true
-# gitlab_rails['smtp_address'] = "smtp.server"
+gitlab_rails['smtp_address'] = "{{ smtp_server }}"
-# gitlab_rails['smtp_port'] = 465
+gitlab_rails['smtp_port'] = {{ smtp_port }}
-# gitlab_rails['smtp_user_name'] = "smtp user"
+gitlab_rails['smtp_user_name'] = "{{ smtp_username }}"
-# gitlab_rails['smtp_password'] = "smtp password"
+gitlab_rails['smtp_password'] = "{{ smtp_password }}"
 # gitlab_rails['smtp_domain'] = "example.com"
-# gitlab_rails['smtp_authentication'] = "login"
+gitlab_rails['smtp_authentication'] = "login"
-# gitlab_rails['smtp_enable_starttls_auto'] = true
+gitlab_rails['smtp_enable_starttls_auto'] = true
-# gitlab_rails['smtp_tls'] = false
+gitlab_rails['smtp_tls'] = true
 
 ###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
 ###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
-# gitlab_rails['smtp_openssl_verify_mode'] = 'none'
+gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
 
 # gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
 # gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
@@ -797,7 +797,7 @@ gitlab_rails['db_sslmode'] = "require"
 # user['home'] = "/var/opt/gitlab"
 
 # user['git_user_name'] = "GitLab"
-# user['git_user_email'] = "gitlab@#{node['fqdn']}"
+user['git_user_email'] = "{{ smtp_username }}"
 
 ################################################################################
 ## GitLab Unicorn

templates/postfix.j2

@@ -0,0 +1,46 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
+# fresh installs.
+compatibility_level = 2
+
+
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+myhostname = {{ smtp_domain }}
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+mydestination = $myhostname, localhost.localdomain, localhost
+relayhost = 
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+inet_protocols = all

vars/email.yml

@@ -0,0 +1,13 @@
+smtp_server: 'smtp.transip.email'
+smtp_port: 465
+smtp_username: 'gitlab@fudiggity.nl'
+smtp_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          61333133363037363433356134346438306431626664313230386439373338623437353866376232
+          6463383937636262666261656534353231663262303838630a323862363161653262636339306363
+          62663639663030356263323539336231336335303761303965356132636265356661636534323363
+          3165353961373137350a333864386439323163383835326664383665333363326438356231643030
+          64313064353331663232653637343862303737656431316336373531353461623531633531333164
+          65376632636666316166323465653134366463313863333137623838326134363739363338316461
+          336533373134643132383363393032376638
+smtp_domain: 'fudiggity.nl'

vars/main.yml

@@ -0,0 +1,12 @@
+default_user: 'sonny'
+
+app_name: 'gitlab'
+app_user: 'root'
+
+packages:
+  - curl
+  - openssh-server
+  - ca-certificates
+  - postfix
+
+gitlab_setup_script: 'https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh'

vars/network.yml

@@ -0,0 +1,6 @@
+host_interface: 'en*'
+host_ip: '192.168.178.88'
+host_subnet: '24'
+host_gateway: '192.168.178.1'
+host_dns: '192.168.178.1'
+hostname: 'gitlab.fudiggity.nl'

vars/postgres.yml

@@ -1,19 +1,7 @@
-host_interface: "en*"
+postgres_host: '192.168.178.165'
-host_ip: "192.168.178.88"
+postgres_port: '5432'
-host_subnet: "24"
+postgres_db: 'gitlab'
-host_gateway: "192.168.178.1"
+postgres_user: 'gitlab'
-host_dns: "192.168.178.1"
-hostname: "gitlab.fudiggity.nl"
-
-default_user: "sonny"
-
-app_name: "gitlab"
-app_user: "root"
-
-postgres_host: "192.168.178.165"
-postgres_port: "5432"
-postgres_db: "gitlab"
-postgres_user: "gitlab"
 postgres_password: !vault |
   $ANSIBLE_VAULT;1.1;AES256
   66343661313333383264343865656339306430633565626261373934343537623332353438353736
@@ -22,5 +10,3 @@ postgres_password: !vault |
   6233323030313461390a653266613562353261343866316239313161643466643239386130616534
   33316162633762303936616463393662643339336532623138623536366263333634306237643662
   3662363761663761373334663038663833663839363731633631
-
-gitlab_setup_script: "https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh"