Compare commits

..

No commits in common. "3047267d195bcb67bf7ccbddc5ba71708ff04cbb" and "06548bf13572f3a81e9c2bb3a87e7edc3272bdbe" have entirely different histories.

10 changed files with 50 additions and 174 deletions

View File

@ -3,7 +3,7 @@
This is my failsafe (and also my helpful migration tool) for restoring the OpenPunk server. This handles setting everything back up, including: This is my failsafe (and also my helpful migration tool) for restoring the OpenPunk server. This handles setting everything back up, including:
- gitea - gitea
- backup and restoring are also supported - sadly, no db migration is supported right now. maybe a future todo?
- blog - blog
- cron job for grabbing the `HEAD` of https://github.com/CPunch/openpunk && building the hugo site - cron job for grabbing the `HEAD` of https://github.com/CPunch/openpunk && building the hugo site
- tor mirror - tor mirror
@ -30,18 +30,6 @@ ansible-playbook -i hosts --ask-vault-pass run.yml
``` ```
> NOTE: The 'secrets' directory has been omitted from this repo (so it's not going to run without the provided files) > NOTE: The 'secrets' directory has been omitted from this repo (so it's not going to run without the provided files)
## Backup and restore
Backup Gitea using the 'backup' tag
```sh
ansible-playbook -i hosts run.yml --tags backup
```
then, restore from the backup using the 'restore' tag
```sh
ansible-playbook -i hosts run.yml --tags restore
```
## Example hosts file ## Example hosts file
``` ```
[hosts] [hosts]

View File

@ -15,15 +15,9 @@
- fail2ban - fail2ban
- goaccess - goaccess
- htop - htop
- sqlite3
- zsh # :D - zsh # :D
- python3-certbot-nginx - python3-certbot-nginx
- name: Grab package facts
package_facts:
manager: auto
tags: always
- name: Setup zsh - name: Setup zsh
user: user:
name: "{{ ansible_user }}" name: "{{ ansible_user }}"

View File

@ -1,3 +1,2 @@
--- ---
giteaPort: 3000 giteaPort: 3000
giteaBackup: backups/gitea-dump.zip

View File

@ -1,51 +1,26 @@
--- ---
# based on advice from https://docs.gitea.io/en-us/backup-and-restore/
- name: Stop Gitea - name: Stop Gitea
systemd: systemd:
name: gitea name: gitea
enabled: yes enabled: yes
state: stopped state: stopped
tags: backup
- name: Make Temp dir
file:
path: /etc/gitea/temp
state: directory
owner: gitea
tags: backup
- name: Dump Gitea - name: Dump Gitea
shell: shell:
cmd: gitea dump -c /etc/gitea/app.ini --work-path=/etc/gitea --file=gitea-dump.zip --tempdir=/etc/gitea/temp cmd: gitea dump -c /etc/gitea/app.ini --work-path=/etc/gitea --file=gitea-dump.zip
chdir: /etc/gitea chdir: /etc/gitea
become: true become: true
become_method: su become_method: su
become_user: gitea become_user: gitea
tags: backup
- name: Fetch backup
fetch:
src: /etc/gitea/gitea-dump.zip
dest: "{{ giteaBackup }}"
flat: true
tags: backup
- name: Remove remote dump
file:
path: "{{ giteaBackup }}"
state: absent
tags: backup
- name: Remove Temp
file:
path: /etc/gitea/temp
state: absent
tags: backup
- name: Start Gitea - name: Start Gitea
systemd: systemd:
name: gitea name: gitea
enabled: yes enabled: yes
state: started state: started
tags: backup
- name: Fetch backup
fetch:
src: /etc/gitea/gitea-dump.zip
dest: backups/gitea-dump.zip
flat: true

View File

@ -4,7 +4,13 @@
path: /etc/apt/trusted.gpg.d/morph027-gitea.gpg path: /etc/apt/trusted.gpg.d/morph027-gitea.gpg
register: gitea_key register: gitea_key
- name: Add Gitea key, repository && install - name: Grab package facts
package_facts:
manager: auto
- name: Install Gitea
block:
- name: Add Gitea key, repository && install
block: block:
- name: Import Gitea key - name: Import Gitea key
shell: curl -s https://packaging.gitlab.io/gitea/gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/morph027-gitea.gpg --import && sudo chmod 644 /etc/apt/trusted.gpg.d/morph027-gitea.gpg shell: curl -s https://packaging.gitlab.io/gitea/gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/morph027-gitea.gpg --import && sudo chmod 644 /etc/apt/trusted.gpg.d/morph027-gitea.gpg
@ -18,22 +24,22 @@
- name: Add Gitea package - name: Add Gitea package
package: package:
name: gitea name: gitea
when: "'gitea' not in ansible_facts.packages"
- name: Configure Gitea - name: Configure Gitea
template: template:
src: templates/app.ini src: templates/app.ini
dest: /etc/gitea/app.ini dest: /etc/gitea/app.ini
owner: gitea owner: gitea
when: "'gitea' not in ansible_facts.packages" force: no # we don't want to kill our existing config D:
- name: Backup db - name: Reload Gitea
systemd:
name: gitea
enabled: yes
state: started
- name: Backup db
include_tasks: backup.yml include_tasks: backup.yml
tags: tags: ['never', 'backup']
- never tags: ['gitea', 'backup']
- backup
- name: Restore db
include_tasks: restore.yml
tags:
- never
- restore

View File

@ -1,92 +0,0 @@
---
# based on advice from https://docs.gitea.io/en-us/backup-and-restore/
- name: Stop Gitea
systemd:
name: gitea
enabled: yes
state: stopped
tags: restore
- name: Make restore dir
file:
path: /etc/gitea/gitea-dump
state: directory
owner: gitea
tags: restore
- name: Extract backup to host
unarchive:
src: "{{ giteaBackup }}"
dest: /etc/gitea/gitea-dump
owner: gitea
tags: restore
- name: Delete Gitea
file:
path: /var/lib/gitea
state: absent
tags: restore
- name: Create Gitea
file:
path: /var/lib/gitea
state: directory
owner: gitea
tags: restore
- name: Install data
copy:
src: /etc/gitea/gitea-dump/data/
dest: /var/lib/gitea/data
remote_src: true
owner: gitea
tags: restore
- name: Install log
copy:
src: /etc/gitea/gitea-dump/log/
dest: /var/lib/gitea/log/
remote_src: true
owner: gitea
tags: restore
ignore_errors: true
- name: Install repositories
copy:
src: /etc/gitea/gitea-dump/repos/
dest: /var/lib/gitea/gitea-repositories/
remote_src: true
owner: gitea
tags: restore
- name: Install config
copy:
src: /etc/gitea/gitea-dump/app.ini
dest: /etc/gitea/app.ini
owner: gitea
remote_src: true
tags: restore
- name: Generate sqlite3 db
shell: sqlite3 /var/lib/gitea/data/gitea.db </etc/gitea/gitea-dump/gitea-db.sql
become: true
become_method: su
become_user: gitea
tags: restore
- name: Start Gitea
systemd:
name: gitea
enabled: yes
state: started
tags: restore
- name: Finalize
shell:
cmd: ./gitea admin regenerate hooks -c /etc/gitea/app.ini
chdir: /usr/bin
become: true
become_method: su
become_user: gitea
tags: restore

View File

@ -43,7 +43,6 @@ NO_REPLY_ADDRESS = noreply.localhost
[picture] [picture]
DISABLE_GRAVATAR = true DISABLE_GRAVATAR = true
ENABLE_FEDERATED_AVATAR = false ENABLE_FEDERATED_AVATAR = false
REPOSITORY_AVATAR_FALLBACK = random
[openid] [openid]
ENABLE_OPENID_SIGNIN = false ENABLE_OPENID_SIGNIN = false

View File

@ -23,6 +23,12 @@
force: no force: no
notify: setup nginx notify: setup nginx
- name: Uninstall nginx config for git.{{ domain }}
file:
path: /etc/nginx/conf.d/git.{{ domain }}.conf
state: absent
notify: setup nginx
- name: Install nginx config for our Hidden Service - name: Install nginx config for our Hidden Service
template: template:
src: templates/tor.conf src: templates/tor.conf

View File

@ -1,6 +1,9 @@
--- ---
- name: Setup certbot - name: Setup certbot for {{ domain }}
shell: "certbot --nginx --non-interactive --agree-tos --email {{ contact_email }} -d {{ domain }} -d git.{{ domain }}" shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }}"
- name: Setup certbot for git.{{ domain }}
shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d git.{{ domain }}"
- name: Reload Nginx - name: Reload Nginx
systemd: systemd:

View File

@ -11,12 +11,10 @@
- role: essential - role: essential
- role: firewall - role: firewall
- role: git - role: git
tags: secrets
- role: deadswitch - role: deadswitch
tags: secrets
- role: blog - role: blog
- role: gitea - role: gitea
tags: [backup]
- role: nginx - role: nginx
- role: goaccess - role: goaccess
- role: tor - role: tor
tags: secrets