mirror of
https://github.com/CPunch/openpunk-ansible.git
synced 2024-11-22 23:40:06 +00:00
Compare commits
No commits in common. "3047267d195bcb67bf7ccbddc5ba71708ff04cbb" and "06548bf13572f3a81e9c2bb3a87e7edc3272bdbe" have entirely different histories.
3047267d19
...
06548bf135
14
README.md
14
README.md
@ -3,7 +3,7 @@
|
|||||||
This is my failsafe (and also my helpful migration tool) for restoring the OpenPunk server. This handles setting everything back up, including:
|
This is my failsafe (and also my helpful migration tool) for restoring the OpenPunk server. This handles setting everything back up, including:
|
||||||
|
|
||||||
- gitea
|
- gitea
|
||||||
- backup and restoring are also supported
|
- sadly, no db migration is supported right now. maybe a future todo?
|
||||||
- blog
|
- blog
|
||||||
- cron job for grabbing the `HEAD` of https://github.com/CPunch/openpunk && building the hugo site
|
- cron job for grabbing the `HEAD` of https://github.com/CPunch/openpunk && building the hugo site
|
||||||
- tor mirror
|
- tor mirror
|
||||||
@ -30,18 +30,6 @@ ansible-playbook -i hosts --ask-vault-pass run.yml
|
|||||||
```
|
```
|
||||||
> NOTE: The 'secrets' directory has been omitted from this repo (so it's not going to run without the provided files)
|
> NOTE: The 'secrets' directory has been omitted from this repo (so it's not going to run without the provided files)
|
||||||
|
|
||||||
## Backup and restore
|
|
||||||
|
|
||||||
Backup Gitea using the 'backup' tag
|
|
||||||
```sh
|
|
||||||
ansible-playbook -i hosts run.yml --tags backup
|
|
||||||
```
|
|
||||||
|
|
||||||
then, restore from the backup using the 'restore' tag
|
|
||||||
```sh
|
|
||||||
ansible-playbook -i hosts run.yml --tags restore
|
|
||||||
```
|
|
||||||
|
|
||||||
## Example hosts file
|
## Example hosts file
|
||||||
```
|
```
|
||||||
[hosts]
|
[hosts]
|
||||||
|
@ -15,15 +15,9 @@
|
|||||||
- fail2ban
|
- fail2ban
|
||||||
- goaccess
|
- goaccess
|
||||||
- htop
|
- htop
|
||||||
- sqlite3
|
|
||||||
- zsh # :D
|
- zsh # :D
|
||||||
- python3-certbot-nginx
|
- python3-certbot-nginx
|
||||||
|
|
||||||
- name: Grab package facts
|
|
||||||
package_facts:
|
|
||||||
manager: auto
|
|
||||||
tags: always
|
|
||||||
|
|
||||||
- name: Setup zsh
|
- name: Setup zsh
|
||||||
user:
|
user:
|
||||||
name: "{{ ansible_user }}"
|
name: "{{ ansible_user }}"
|
||||||
|
@ -1,3 +1,2 @@
|
|||||||
---
|
---
|
||||||
giteaPort: 3000
|
giteaPort: 3000
|
||||||
giteaBackup: backups/gitea-dump.zip
|
|
@ -1,51 +1,26 @@
|
|||||||
---
|
---
|
||||||
# based on advice from https://docs.gitea.io/en-us/backup-and-restore/
|
|
||||||
|
|
||||||
- name: Stop Gitea
|
- name: Stop Gitea
|
||||||
systemd:
|
systemd:
|
||||||
name: gitea
|
name: gitea
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: stopped
|
state: stopped
|
||||||
tags: backup
|
|
||||||
|
|
||||||
- name: Make Temp dir
|
|
||||||
file:
|
|
||||||
path: /etc/gitea/temp
|
|
||||||
state: directory
|
|
||||||
owner: gitea
|
|
||||||
tags: backup
|
|
||||||
|
|
||||||
- name: Dump Gitea
|
- name: Dump Gitea
|
||||||
shell:
|
shell:
|
||||||
cmd: gitea dump -c /etc/gitea/app.ini --work-path=/etc/gitea --file=gitea-dump.zip --tempdir=/etc/gitea/temp
|
cmd: gitea dump -c /etc/gitea/app.ini --work-path=/etc/gitea --file=gitea-dump.zip
|
||||||
chdir: /etc/gitea
|
chdir: /etc/gitea
|
||||||
become: true
|
become: true
|
||||||
become_method: su
|
become_method: su
|
||||||
become_user: gitea
|
become_user: gitea
|
||||||
tags: backup
|
|
||||||
|
|
||||||
- name: Fetch backup
|
|
||||||
fetch:
|
|
||||||
src: /etc/gitea/gitea-dump.zip
|
|
||||||
dest: "{{ giteaBackup }}"
|
|
||||||
flat: true
|
|
||||||
tags: backup
|
|
||||||
|
|
||||||
- name: Remove remote dump
|
|
||||||
file:
|
|
||||||
path: "{{ giteaBackup }}"
|
|
||||||
state: absent
|
|
||||||
tags: backup
|
|
||||||
|
|
||||||
- name: Remove Temp
|
|
||||||
file:
|
|
||||||
path: /etc/gitea/temp
|
|
||||||
state: absent
|
|
||||||
tags: backup
|
|
||||||
|
|
||||||
- name: Start Gitea
|
- name: Start Gitea
|
||||||
systemd:
|
systemd:
|
||||||
name: gitea
|
name: gitea
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: started
|
state: started
|
||||||
tags: backup
|
|
||||||
|
- name: Fetch backup
|
||||||
|
fetch:
|
||||||
|
src: /etc/gitea/gitea-dump.zip
|
||||||
|
dest: backups/gitea-dump.zip
|
||||||
|
flat: true
|
@ -4,7 +4,13 @@
|
|||||||
path: /etc/apt/trusted.gpg.d/morph027-gitea.gpg
|
path: /etc/apt/trusted.gpg.d/morph027-gitea.gpg
|
||||||
register: gitea_key
|
register: gitea_key
|
||||||
|
|
||||||
- name: Add Gitea key, repository && install
|
- name: Grab package facts
|
||||||
|
package_facts:
|
||||||
|
manager: auto
|
||||||
|
|
||||||
|
- name: Install Gitea
|
||||||
|
block:
|
||||||
|
- name: Add Gitea key, repository && install
|
||||||
block:
|
block:
|
||||||
- name: Import Gitea key
|
- name: Import Gitea key
|
||||||
shell: curl -s https://packaging.gitlab.io/gitea/gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/morph027-gitea.gpg --import && sudo chmod 644 /etc/apt/trusted.gpg.d/morph027-gitea.gpg
|
shell: curl -s https://packaging.gitlab.io/gitea/gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/morph027-gitea.gpg --import && sudo chmod 644 /etc/apt/trusted.gpg.d/morph027-gitea.gpg
|
||||||
@ -18,22 +24,22 @@
|
|||||||
- name: Add Gitea package
|
- name: Add Gitea package
|
||||||
package:
|
package:
|
||||||
name: gitea
|
name: gitea
|
||||||
|
when: "'gitea' not in ansible_facts.packages"
|
||||||
|
|
||||||
- name: Configure Gitea
|
- name: Configure Gitea
|
||||||
template:
|
template:
|
||||||
src: templates/app.ini
|
src: templates/app.ini
|
||||||
dest: /etc/gitea/app.ini
|
dest: /etc/gitea/app.ini
|
||||||
owner: gitea
|
owner: gitea
|
||||||
when: "'gitea' not in ansible_facts.packages"
|
force: no # we don't want to kill our existing config D:
|
||||||
|
|
||||||
- name: Backup db
|
- name: Reload Gitea
|
||||||
|
systemd:
|
||||||
|
name: gitea
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
||||||
|
|
||||||
|
- name: Backup db
|
||||||
include_tasks: backup.yml
|
include_tasks: backup.yml
|
||||||
tags:
|
tags: ['never', 'backup']
|
||||||
- never
|
tags: ['gitea', 'backup']
|
||||||
- backup
|
|
||||||
|
|
||||||
- name: Restore db
|
|
||||||
include_tasks: restore.yml
|
|
||||||
tags:
|
|
||||||
- never
|
|
||||||
- restore
|
|
||||||
|
@ -1,92 +0,0 @@
|
|||||||
---
|
|
||||||
# based on advice from https://docs.gitea.io/en-us/backup-and-restore/
|
|
||||||
|
|
||||||
- name: Stop Gitea
|
|
||||||
systemd:
|
|
||||||
name: gitea
|
|
||||||
enabled: yes
|
|
||||||
state: stopped
|
|
||||||
tags: restore
|
|
||||||
|
|
||||||
- name: Make restore dir
|
|
||||||
file:
|
|
||||||
path: /etc/gitea/gitea-dump
|
|
||||||
state: directory
|
|
||||||
owner: gitea
|
|
||||||
tags: restore
|
|
||||||
|
|
||||||
- name: Extract backup to host
|
|
||||||
unarchive:
|
|
||||||
src: "{{ giteaBackup }}"
|
|
||||||
dest: /etc/gitea/gitea-dump
|
|
||||||
owner: gitea
|
|
||||||
tags: restore
|
|
||||||
|
|
||||||
- name: Delete Gitea
|
|
||||||
file:
|
|
||||||
path: /var/lib/gitea
|
|
||||||
state: absent
|
|
||||||
tags: restore
|
|
||||||
|
|
||||||
- name: Create Gitea
|
|
||||||
file:
|
|
||||||
path: /var/lib/gitea
|
|
||||||
state: directory
|
|
||||||
owner: gitea
|
|
||||||
tags: restore
|
|
||||||
|
|
||||||
- name: Install data
|
|
||||||
copy:
|
|
||||||
src: /etc/gitea/gitea-dump/data/
|
|
||||||
dest: /var/lib/gitea/data
|
|
||||||
remote_src: true
|
|
||||||
owner: gitea
|
|
||||||
tags: restore
|
|
||||||
|
|
||||||
- name: Install log
|
|
||||||
copy:
|
|
||||||
src: /etc/gitea/gitea-dump/log/
|
|
||||||
dest: /var/lib/gitea/log/
|
|
||||||
remote_src: true
|
|
||||||
owner: gitea
|
|
||||||
tags: restore
|
|
||||||
ignore_errors: true
|
|
||||||
|
|
||||||
- name: Install repositories
|
|
||||||
copy:
|
|
||||||
src: /etc/gitea/gitea-dump/repos/
|
|
||||||
dest: /var/lib/gitea/gitea-repositories/
|
|
||||||
remote_src: true
|
|
||||||
owner: gitea
|
|
||||||
tags: restore
|
|
||||||
|
|
||||||
- name: Install config
|
|
||||||
copy:
|
|
||||||
src: /etc/gitea/gitea-dump/app.ini
|
|
||||||
dest: /etc/gitea/app.ini
|
|
||||||
owner: gitea
|
|
||||||
remote_src: true
|
|
||||||
tags: restore
|
|
||||||
|
|
||||||
- name: Generate sqlite3 db
|
|
||||||
shell: sqlite3 /var/lib/gitea/data/gitea.db </etc/gitea/gitea-dump/gitea-db.sql
|
|
||||||
become: true
|
|
||||||
become_method: su
|
|
||||||
become_user: gitea
|
|
||||||
tags: restore
|
|
||||||
|
|
||||||
- name: Start Gitea
|
|
||||||
systemd:
|
|
||||||
name: gitea
|
|
||||||
enabled: yes
|
|
||||||
state: started
|
|
||||||
tags: restore
|
|
||||||
|
|
||||||
- name: Finalize
|
|
||||||
shell:
|
|
||||||
cmd: ./gitea admin regenerate hooks -c /etc/gitea/app.ini
|
|
||||||
chdir: /usr/bin
|
|
||||||
become: true
|
|
||||||
become_method: su
|
|
||||||
become_user: gitea
|
|
||||||
tags: restore
|
|
@ -43,7 +43,6 @@ NO_REPLY_ADDRESS = noreply.localhost
|
|||||||
[picture]
|
[picture]
|
||||||
DISABLE_GRAVATAR = true
|
DISABLE_GRAVATAR = true
|
||||||
ENABLE_FEDERATED_AVATAR = false
|
ENABLE_FEDERATED_AVATAR = false
|
||||||
REPOSITORY_AVATAR_FALLBACK = random
|
|
||||||
|
|
||||||
[openid]
|
[openid]
|
||||||
ENABLE_OPENID_SIGNIN = false
|
ENABLE_OPENID_SIGNIN = false
|
||||||
|
@ -23,6 +23,12 @@
|
|||||||
force: no
|
force: no
|
||||||
notify: setup nginx
|
notify: setup nginx
|
||||||
|
|
||||||
|
- name: Uninstall nginx config for git.{{ domain }}
|
||||||
|
file:
|
||||||
|
path: /etc/nginx/conf.d/git.{{ domain }}.conf
|
||||||
|
state: absent
|
||||||
|
notify: setup nginx
|
||||||
|
|
||||||
- name: Install nginx config for our Hidden Service
|
- name: Install nginx config for our Hidden Service
|
||||||
template:
|
template:
|
||||||
src: templates/tor.conf
|
src: templates/tor.conf
|
||||||
|
@ -1,6 +1,9 @@
|
|||||||
---
|
---
|
||||||
- name: Setup certbot
|
- name: Setup certbot for {{ domain }}
|
||||||
shell: "certbot --nginx --non-interactive --agree-tos --email {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"
|
shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }}"
|
||||||
|
|
||||||
|
- name: Setup certbot for git.{{ domain }}
|
||||||
|
shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d git.{{ domain }}"
|
||||||
|
|
||||||
- name: Reload Nginx
|
- name: Reload Nginx
|
||||||
systemd:
|
systemd:
|
||||||
|
4
run.yml
4
run.yml
@ -11,12 +11,10 @@
|
|||||||
- role: essential
|
- role: essential
|
||||||
- role: firewall
|
- role: firewall
|
||||||
- role: git
|
- role: git
|
||||||
tags: secrets
|
|
||||||
- role: deadswitch
|
- role: deadswitch
|
||||||
tags: secrets
|
|
||||||
- role: blog
|
- role: blog
|
||||||
- role: gitea
|
- role: gitea
|
||||||
|
tags: [backup]
|
||||||
- role: nginx
|
- role: nginx
|
||||||
- role: goaccess
|
- role: goaccess
|
||||||
- role: tor
|
- role: tor
|
||||||
tags: secrets
|
|
Loading…
Reference in New Issue
Block a user