Initial commit

8 files changed, 237 insertions, 0 deletions

diff --git a/README b/README
new file mode 100644
index 0000000..68004e9
--- /dev/null
+++ b/README
@@ -0,0 +1,2 @@
+This is ansible playbooks for deploying a toy GitLab instance for
+playing. Don't use this for producion (at least yet).
diff --git a/gitlab.yml b/gitlab.yml
new file mode 100644
index 0000000..6bcc3d8
--- /dev/null
+++ b/gitlab.yml
@@ -0,0 +1,49 @@
+- hosts: gitlab
+  remote_user: root
+  become: no
+  roles:
+    - gitlab
+  vars:
+    root_password: "{{ lookup('pipe', 'pass wmf/wmf-gitlab.vm.liw.fi/root') }}"
+    runner_token: "{{ lookup('pipe', 'pass wmf/wmf-gitlab.vm.liw.fi/runner_token') }}"
+
+    domain_name: wmf-gitlab3.vm.liw.fi
+    external_url: "https://{{ domain_name }}"
+
+    hostname: wmf-gitlab
+    mail_hostname: "{{ domain_name }}"
+
+    debian_codename: stretch
+    debian_mirror: deb.debian.org
+
+    gitlab_apt_signing_key: |
+      -----BEGIN PGP PUBLIC KEY BLOCK-----
+      Version: GnuPG v1.4.11 (GNU/Linux)
+
+      mQINBFUxDA4BEAC0Pwepk/QZK7QOv6loLtUqmPCJtUuOS3Gu410FoOCgh5agWmXe
+      J2pCTejLIMWPEG1Q35lrv5PRlcRA+XLIcYd6x7pF4+sDE1lOZVBndUMSHDReq+r+
+      lzRB0Rd6S75RshBRDuwHfBfzjmFcyPqqYdiY3YUqk+hHl/w8m5QlxgLDnp2Vjh2B
+      yzJqDtJh2+TmvY4XD91Q1fvihZkN3RFBgIjjs4xVQ+wptjg8FsPovgA+QED+hkFc
+      bBveClexICHi6mTFG+1HV1MfcZnIRDlggTCUj/U8TGnU5crs6GVbbxtKfTCAZYlQ
+      k5Q2JoPE4156wNFPQ7/Eyr3GnP62oySmuaCDzVVOlnmu4GMTVq/LVQZV3wOAdHM1
+      +9i0ob/SLYT5QKuL5jYj99rz2wy4HWxGR6TrSc/Ls0sc2MvZBeIXpOsPI2rxOeS+
+      3Kbz8E+0ezNWxHC2LBQezW1ikNfLow/vwIBDCS9ApDAdW8VN28cROoiCMd6yxnVI
+      1P2nMCkDMCBNqvcWtGrhUvpFD4jfaQ8661GEspqMbrXuNQ//JsrD9n98dJDWdCUV
+      0LWBEyAJTOV9kIEH128MlPK8SLNkvCBZNJS4pzUxJFmf3LbDmYMuqcgz1d5NltMk
+      tzVEpVJ4tgZ0gyn4f/yuZHobq6hP1YHgu3lNt7Aibi6dX5pfw2oWqufuPwARAQAB
+      tEJHaXRMYWIgQi5WLiAocGFja2FnZSByZXBvc2l0b3J5IHNpZ25pbmcga2V5KSA8
+      cGFja2FnZXNAZ2l0bGFiLmNvbT6JAj4EEwECACgFAlUxDA4CGwMFCQlmAYAGCwkI
+      BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEBQhmpbhXnj0iN0QAIGHf0CShvrEZXOq
+      8Tlq+zJ42CQTOLa9Hijd85mqwijgoBwCdLaePaOqOBIkqev3UDfcoMJP9/JuXMpI
+      9H+JvfY/USwP7FVTpdyC+iecWOSJ/qdbxJEau2wyGwsVhcas9iOExzd6tjsS61Td
+      1bpdTBYG7eAenCu5WYU/cb0OhPbzRuUiLrtpt43tx2cXIU+XcEC/R9aym7EPw3WG
+      SePegNhKbtr3LaTuRswgO464LHgJ0YsUx9789QSyuhHtQGznBpBDj0F/xVjnxRs4
+      6vpd46AWad0G7RhDCWduuG0qx1/1ZBbQKKjRq/1Uw54qiVJB0T/7qtQ9OliUonDj
+      Vgkj3w1HGXTwKVSkDwEqyn+SDWERA9k04DQrOLEG0qi9NGLYy59v4SaU3ftZw0L6
+      jnCJksnACtrsksJWPI0Gbs+wbII6fhu8Zc1iV3hdzi92lDMv0W1KzM7FCrz3ex6i
+      3oL+ntZW/PuHNSUVBlr2FkkSr/EmRkBoD9efZsG7+5vYImtkSZSaiMi5IsexjTEH
+      HkP0xG0OUaCagSNrNolDyLEmTjhOmky67oE1VIOIbMajXzeNdqYahz8+kBQ5vgpr
+      0PqlNbnVgCiTlFjTVGHUj84SKh/Gii+GRHlCV1d5UL/GzJppZ5MfpjRXOTamqU/C
+      O0JLVZiTnW+KSqbLEdflanh8IPTF
+      =jmzU
+      -----END PGP PUBLIC KEY BLOCK-----
diff --git a/hosts b/hosts
new file mode 100644
index 0000000..4e20e3a
--- /dev/null
+++ b/hosts
@@ -0,0 +1,2 @@
+gitlab          ansible_ssh_host=wmf-gitlab3.vm.liw.fi
+runner          ansible_ssh_host=wmf-runner3.vm.liw.fi
diff --git a/roles/gitlab/handlers/main.yml b/roles/gitlab/handlers/main.yml
new file mode 100644
index 0000000..2e2bc02
--- /dev/null
+++ b/roles/gitlab/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: restart_postfix
+  systemd:
+    name: postfix
+    state: restarted
+
diff --git a/roles/gitlab/tasks/main.yml b/roles/gitlab/tasks/main.yml
new file mode 100644
index 0000000..5605e22
--- /dev/null
+++ b/roles/gitlab/tasks/main.yml
@@ -0,0 +1,70 @@
+- name: install helpful stuff
+  apt:
+    name:
+      - locales-all
+      - psmisc
+
+- name: install gitlab dependencies
+  apt:
+    name:
+      - curl
+      - openssh-server
+      - ca-certificates
+      - postfix
+      - apt-transport-https
+
+- name: set mailname
+  copy:
+    content: |
+      {{ mail_hostname }}
+    dest: /etc/mailname
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart_postfix
+
+- name: configure postfix
+  template:
+    src: main.cf.j2
+    dest: /etc/postfix/main.cf
+  notify: restart_postfix
+
+- name: install gitlab apt signing key
+  apt_key:
+    data: "{{ gitlab_apt_signing_key }}"
+
+- name: install gitlab apt sources.list
+  apt_repository:
+    update_cache: yes
+    codename: "{{ debian_codename }}"
+    repo: |
+      deb https://packages.gitlab.com/gitlab/gitlab-ce/debian/ {{ debian_codename }} main
+
+- name: install gitlab-ce
+  apt:
+    name: gitlab-ce
+
+- name: configure gitlab external url
+  lineinfile:
+    path: /etc/gitlab/gitlab.rb
+    regexp: "^external_url"
+    line: |
+      external_url '{{ external_url }}'
+
+- name: configure gitlab initial root password
+  lineinfile:
+    path: /etc/gitlab/gitlab.rb
+    regexp: "gitlab_rails.'initial_root_password'"
+    line: |
+      gitlab_rails['initial_root_password'] = "{{ root_password }}"
+
+- name: configure gitlab initial runner registration token
+  lineinfile:
+    path: /etc/gitlab/gitlab.rb
+    regexp: "gitlab_rails.'initial_shared_runners_registration_token'"
+    line: |
+      gitlab_rails['initial_shared_runners_registration_token'] = "{{runner_token }}"
+
+- name: start gitlab
+  shell:
+    dpkg-reconfigure gitlab-ce
diff --git a/roles/gitlab/templates/main.cf.j2 b/roles/gitlab/templates/main.cf.j2
new file mode 100644
index 0000000..3fcc001
--- /dev/null
+++ b/roles/gitlab/templates/main.cf.j2
@@ -0,0 +1,19 @@
+# Who are we? This varies depending on host.
+myhostname = {{ mail_hostname }}
+mydestination = {{ mail_hostname }}, localhost.localdomain, localhost
+
+
+# Configure various things. These should be the same everywhere.
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+inet_interfaces = 127.0.0.1
+myorigin = /etc/mailname
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+
+smtp_tls_security_level = may
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtp_tls_loglevel = 1
+
+smtpd_relay_restrictions =
+    permit_mynetworks
+    reject_unauth_destination
diff --git a/roles/runner/tasks/main.yml b/roles/runner/tasks/main.yml
new file mode 100644
index 0000000..f920d46
--- /dev/null
+++ b/roles/runner/tasks/main.yml
@@ -0,0 +1,42 @@
+- name: configure sources.lists for Debian release
+  copy:
+    content: |
+      deb http://deb.debian.org/debian {{ debian_codename }} main contrib non-free
+    dest: /etc/apt/sources.list
+
+- name: dist-upgrade
+  apt:
+    update_cache: yes
+    upgrade: dist
+
+- name: install helpful stuff
+  apt:
+    name:
+      - locales-all
+      - psmisc
+
+- name: install gitlab runner dependencies
+  apt:
+    name:
+      - apt-transport-https
+      - docker.io
+
+- name: install gitlab apt signing key
+  apt_key:
+    data: "{{ gitlab_apt_signing_key }}"
+
+- name: install gitlab apt sources.list
+  apt_repository:
+    update_cache: yes
+    codename: "{{ debian_codename }}"
+    repo: |
+      deb https://packages.gitlab.com/runner/gitlab-runner/debian/ {{ debian_codename }} main
+
+- name: install gitlab runner
+  apt:
+    name: gitlab-runner
+
+- name: configure gitlab runner
+  shell: |
+    gitlab-runner register -n -u "{{ gitlab_url }}" -r "{{ runner_token  }}" \
+      --executor docker --docker-image "{{ runner_docker_image }}"
diff --git a/runner.yml b/runner.yml
new file mode 100644
index 0000000..72e095f
--- /dev/null
+++ b/runner.yml
@@ -0,0 +1,48 @@
+- hosts: runner
+  remote_user: root
+  become: no
+  roles:
+    - runner
+  vars:
+    runner_token: "{{ lookup('pipe', 'pass wmf/wmf-gitlab.vm.liw.fi/runner_token') }}"
+
+    gitlab_url: "https://wmf-gitlab3.vm.liw.fi"
+
+    runner_docker_image: debian
+
+    hostname: wmf-runner
+
+    debian_codename: buster
+    debian_mirror: deb.debian.org
+
+    gitlab_apt_signing_key: |
+      -----BEGIN PGP PUBLIC KEY BLOCK-----
+      Version: GnuPG v1.4.11 (GNU/Linux)
+
+      mQINBFUxDA4BEAC0Pwepk/QZK7QOv6loLtUqmPCJtUuOS3Gu410FoOCgh5agWmXe
+      J2pCTejLIMWPEG1Q35lrv5PRlcRA+XLIcYd6x7pF4+sDE1lOZVBndUMSHDReq+r+
+      lzRB0Rd6S75RshBRDuwHfBfzjmFcyPqqYdiY3YUqk+hHl/w8m5QlxgLDnp2Vjh2B
+      yzJqDtJh2+TmvY4XD91Q1fvihZkN3RFBgIjjs4xVQ+wptjg8FsPovgA+QED+hkFc
+      bBveClexICHi6mTFG+1HV1MfcZnIRDlggTCUj/U8TGnU5crs6GVbbxtKfTCAZYlQ
+      k5Q2JoPE4156wNFPQ7/Eyr3GnP62oySmuaCDzVVOlnmu4GMTVq/LVQZV3wOAdHM1
+      +9i0ob/SLYT5QKuL5jYj99rz2wy4HWxGR6TrSc/Ls0sc2MvZBeIXpOsPI2rxOeS+
+      3Kbz8E+0ezNWxHC2LBQezW1ikNfLow/vwIBDCS9ApDAdW8VN28cROoiCMd6yxnVI
+      1P2nMCkDMCBNqvcWtGrhUvpFD4jfaQ8661GEspqMbrXuNQ//JsrD9n98dJDWdCUV
+      0LWBEyAJTOV9kIEH128MlPK8SLNkvCBZNJS4pzUxJFmf3LbDmYMuqcgz1d5NltMk
+      tzVEpVJ4tgZ0gyn4f/yuZHobq6hP1YHgu3lNt7Aibi6dX5pfw2oWqufuPwARAQAB
+      tEJHaXRMYWIgQi5WLiAocGFja2FnZSByZXBvc2l0b3J5IHNpZ25pbmcga2V5KSA8
+      cGFja2FnZXNAZ2l0bGFiLmNvbT6JAj4EEwECACgFAlUxDA4CGwMFCQlmAYAGCwkI
+      BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEBQhmpbhXnj0iN0QAIGHf0CShvrEZXOq
+      8Tlq+zJ42CQTOLa9Hijd85mqwijgoBwCdLaePaOqOBIkqev3UDfcoMJP9/JuXMpI
+      9H+JvfY/USwP7FVTpdyC+iecWOSJ/qdbxJEau2wyGwsVhcas9iOExzd6tjsS61Td
+      1bpdTBYG7eAenCu5WYU/cb0OhPbzRuUiLrtpt43tx2cXIU+XcEC/R9aym7EPw3WG
+      SePegNhKbtr3LaTuRswgO464LHgJ0YsUx9789QSyuhHtQGznBpBDj0F/xVjnxRs4
+      6vpd46AWad0G7RhDCWduuG0qx1/1ZBbQKKjRq/1Uw54qiVJB0T/7qtQ9OliUonDj
+      Vgkj3w1HGXTwKVSkDwEqyn+SDWERA9k04DQrOLEG0qi9NGLYy59v4SaU3ftZw0L6
+      jnCJksnACtrsksJWPI0Gbs+wbII6fhu8Zc1iV3hdzi92lDMv0W1KzM7FCrz3ex6i
+      3oL+ntZW/PuHNSUVBlr2FkkSr/EmRkBoD9efZsG7+5vYImtkSZSaiMi5IsexjTEH
+      HkP0xG0OUaCagSNrNolDyLEmTjhOmky67oE1VIOIbMajXzeNdqYahz8+kBQ5vgpr
+      0PqlNbnVgCiTlFjTVGHUj84SKh/Gii+GRHlCV1d5UL/GzJppZ5MfpjRXOTamqU/C
+      O0JLVZiTnW+KSqbLEdflanh8IPTF
+      =jmzU
+      -----END PGP PUBLIC KEY BLOCK-----