Initial commit

ansible.cfg

@@ -1,4 +0,0 @@
-[defaults]
-roles_path = ./roles
-remote_user = ansible
-inventory = ./inventory.yml

inventory.yml

@@ -1,3 +0,0 @@
-gitlab:
-  hosts:
-    192.168.178.88:

playbook.yml

@@ -1,29 +1,6 @@
-- hosts: gitlab
+- hosts: localhost
-  become: true
-  become_method: sudo
-  pre_tasks:
-    - name: install packages
-      apt:
-        name: '{{ packages }}'
-        state: present
-    - include_role:
-        name: common
-        tasks_from: 'setup.yml'
-    - include_role:
-        name: common
-        tasks_from: 'network.yml'
-    - include_role:
-        name: common
-        tasks_from: 'host.yml'
-  roles:
-    - common
   tasks:
-    - include_role:
-        name: common
-        tasks_from: 'ssl.yml'
     - import_tasks: 'tasks.yml'
   vars_files:
     - 'vars/main.yml'
-    - 'vars/network.yml'
-    - 'vars/postgres.yml'
     - 'vars/email.yml'

requirements.yml

@@ -1,4 +0,0 @@
-- src: git+https://git.fudiggity.nl/ansible/common.git
-  name: common
-  version: master
-  scm: git

tasks.yml

@@ -1,60 +1,39 @@
-- name: copy gitlab firewall template
+- name: create gitlab home directory
-  template:
-    src: 'templates/nftables.j2'
-    dest: '/etc/nftables.conf'
-    owner: root
-    group: root
-    mode: '0600'
-  notify: restart nftables
-
-- name: create gitlab config dir
   file:
-    path: /etc/gitlab
+    path: '{{ gitlab_home }}'
     state: directory
-    owner: root
+    mode: '0755'
-    group: root
-    mode: '0644'
 
-- name: copy gitlab config
+- name: create gitlab app directory
+  become: true
+  file:
+    path: '{{ app_dir }}'
+    state: directory
+    mode: '0755'
+    owner: 'sonny'
+    group: 'sonny'
+
+- name: copy docker-compose file
+  become: true
   template:
-    src: 'templates/gitlab.j2'
+    src: 'templates/docker-compose.j2'
-    dest: '/etc/gitlab/gitlab.rb'
+    dest: '{{ app_dir }}/docker-compose.yml'
-    owner: root
+    owner: 'sonny'
-    group: root
+    group: 'sonny'
-    mode: '0600'
+    mode: '0755'
 
-- name: copy postfix config
+- name: stop gitlab
-  template:
+  docker_compose:
-    src: 'templates/postfix.j2'
+    project_src: '{{ app_dir }}'
-    dest: '/etc/postfix/main.cf'
+    state: absent
-    owner: root
+  environment:
-    group: root
+    GITLAB_HOME: '{{ gitlab_home }}'
-    mode: '0644'
-  notify: restart postfix
 
-- name: check installed packages
+- name: start gitlab
-  package_facts:
+  docker_compose:
-    manager: apt
+    pull: true
+    project_src: '{{ app_dir }}'
+  environment:
+    GITLAB_HOME: '{{ gitlab_home }}'
 
-- name: download gitlab setup script
+# TODO: update router config (for SSH)
-  get_url:
-    url: '{{ gitlab_setup_script }}'
-    dest: /tmp/
-    mode: '0750'
-  when: "'gitlab-ee' not in ansible_facts.packages"
-
-- name: run gitlab setup script
-  command: /tmp/script.deb.sh
-  when: "'gitlab-ee' not in ansible_facts.packages"
-
-- name: install gitlab
-  apt:
-    name: 'gitlab-ee'
-    update_cache: true
-    state: latest
-  register: package_install
-
-# Updates reconfigure automatically
-- name: reconfigure gitlab
-  command: 'gitlab-ctl reconfigure'
-  when: not package_install.changed

templates/docker-compose.j2

@@ -0,0 +1,31 @@
+version: '3.6'
+services:
+  web:
+    image: 'gitlab/gitlab-ee:{{ image_tag }}'
+    restart: always
+    hostname: '{{ hostname }}'
+    environment:
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url 'https://{{ hostname }}'
+        gitlab_rails['gitlab_email_enabled'] = true
+        gitlab_rails['gitlab_email_from'] = '{{ smtp_username }}'
+        gitlab_rails['gitlab_email_display_name'] = 'Gitlab'
+        gitlab_rails['smtp_enable'] = true
+        gitlab_rails['smtp_address'] = '{{ smtp_server }}'
+        gitlab_rails['smtp_port'] = {{ smtp_port }}
+        gitlab_rails['smtp_user_name'] = '{{ smtp_username }}'
+        gitlab_rails['smtp_password'] = '{{ smtp_password }}'
+        gitlab_rails['smtp_authentication'] = 'login'
+        gitlab_rails['smtp_enable_starttls_auto'] = true
+        gitlab_rails['smtp_tls'] = true
+        gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
+        user['git_user_email'] = '{{ smtp_username }}'
+    ports:
+      - '9090:80'
+      - '9093:443'
+      - '22:22'
+    volumes:
+      - '$GITLAB_HOME/config:/etc/gitlab'
+      - '$GITLAB_HOME/logs:/var/log/gitlab'
+      - '$GITLAB_HOME/data:/var/opt/gitlab'
+    shm_size: '256m'

templates/nftables.j2

@@ -1,19 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-# vim:set ts=2 sw=2 et:
-
-flush ruleset
-
-table inet filter {
-	chain input {
-		type filter hook input priority 0; policy drop;
-
-		# accept any localhost traffic
-		iif lo accept
-
-		# accept traffic originated from us
-		ct state { established, related } accept
-
-		tcp dport { 22, 80, 443 } accept
-	}
-}

templates/postfix.j2

@@ -1,46 +0,0 @@
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-
-
-# Debian specific:  Specifying a file name will cause the first
-# line of that file to be used as the name.  The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-
-# appending .domain is the MUA's job.
-append_dot_mydomain = no
-
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-
-readme_directory = no
-
-# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
-# fresh installs.
-compatibility_level = 2
-
-
-
-# TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-
-smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-myhostname = {{ smtp_domain }}
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-mydestination = $myhostname, localhost.localdomain, localhost
-relayhost = 
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = all
-inet_protocols = all

vars/main.yml

@@ -1,12 +1,6 @@
-default_user: 'sonny'
+hostname: 'git.fudiggity.nl'
 
-app_name: 'gitlab'
+image_tag: '15.6.1-ee.0'
-app_user: 'root'
 
-packages:
+app_dir: '/srv/docker/gitlab'
-  - curl
+gitlab_home: '{{ ansible_env.HOME }}/vm/gitlab'
-  - openssh-server
-  - ca-certificates
-  - postfix
-
-gitlab_setup_script: 'https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh'

vars/network.yml

@@ -1,6 +0,0 @@
-host_interface: 'en*'
-host_ip: '192.168.178.88'
-host_subnet: '24'
-host_gateway: '192.168.178.1'
-host_dns: '192.168.178.1'
-hostname: 'gitlab.fudiggity.nl'

vars/postgres.yml

@@ -1,12 +0,0 @@
-postgres_host: '192.168.178.165'
-postgres_port: '5432'
-postgres_db: 'gitlab'
-postgres_user: 'gitlab'
-postgres_password: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  66343661313333383264343865656339306430633565626261373934343537623332353438353736
-  3336656666326139363333316163343334666638313230330a356666613131393532316333313733
-  32306132633237303562373762393136623466383337626264663032626538393133646137656231
-  6233323030313461390a653266613562353261343866316239313161643466643239386130616534
-  33316162633762303936616463393662643339336532623138623536366263333634306237643662
-  3662363761663761373334663038663833663839363731633631