From d726218270738805273deb00c919e6e819ca9798 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Mon, 10 Jun 2019 20:08:42 +0300 Subject: Initial commit --- README | 2 ++ gitlab.yml | 49 +++++++++++++++++++++++++++ hosts | 2 ++ roles/gitlab/handlers/main.yml | 5 +++ roles/gitlab/tasks/main.yml | 70 +++++++++++++++++++++++++++++++++++++++ roles/gitlab/templates/main.cf.j2 | 19 +++++++++++ roles/runner/tasks/main.yml | 42 +++++++++++++++++++++++ runner.yml | 48 +++++++++++++++++++++++++++ 8 files changed, 237 insertions(+) create mode 100644 README create mode 100644 gitlab.yml create mode 100644 hosts create mode 100644 roles/gitlab/handlers/main.yml create mode 100644 roles/gitlab/tasks/main.yml create mode 100644 roles/gitlab/templates/main.cf.j2 create mode 100644 roles/runner/tasks/main.yml create mode 100644 runner.yml diff --git a/README b/README new file mode 100644 index 0000000..68004e9 --- /dev/null +++ b/README @@ -0,0 +1,2 @@ +This is ansible playbooks for deploying a toy GitLab instance for +playing. Don't use this for producion (at least yet). diff --git a/gitlab.yml b/gitlab.yml new file mode 100644 index 0000000..6bcc3d8 --- /dev/null +++ b/gitlab.yml @@ -0,0 +1,49 @@ +- hosts: gitlab + remote_user: root + become: no + roles: + - gitlab + vars: + root_password: "{{ lookup('pipe', 'pass wmf/wmf-gitlab.vm.liw.fi/root') }}" + runner_token: "{{ lookup('pipe', 'pass wmf/wmf-gitlab.vm.liw.fi/runner_token') }}" + + domain_name: wmf-gitlab3.vm.liw.fi + external_url: "https://{{ domain_name }}" + + hostname: wmf-gitlab + mail_hostname: "{{ domain_name }}" + + debian_codename: stretch + debian_mirror: deb.debian.org + + gitlab_apt_signing_key: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: GnuPG v1.4.11 (GNU/Linux) + + mQINBFUxDA4BEAC0Pwepk/QZK7QOv6loLtUqmPCJtUuOS3Gu410FoOCgh5agWmXe + J2pCTejLIMWPEG1Q35lrv5PRlcRA+XLIcYd6x7pF4+sDE1lOZVBndUMSHDReq+r+ + lzRB0Rd6S75RshBRDuwHfBfzjmFcyPqqYdiY3YUqk+hHl/w8m5QlxgLDnp2Vjh2B + yzJqDtJh2+TmvY4XD91Q1fvihZkN3RFBgIjjs4xVQ+wptjg8FsPovgA+QED+hkFc + bBveClexICHi6mTFG+1HV1MfcZnIRDlggTCUj/U8TGnU5crs6GVbbxtKfTCAZYlQ + k5Q2JoPE4156wNFPQ7/Eyr3GnP62oySmuaCDzVVOlnmu4GMTVq/LVQZV3wOAdHM1 + +9i0ob/SLYT5QKuL5jYj99rz2wy4HWxGR6TrSc/Ls0sc2MvZBeIXpOsPI2rxOeS+ + 3Kbz8E+0ezNWxHC2LBQezW1ikNfLow/vwIBDCS9ApDAdW8VN28cROoiCMd6yxnVI + 1P2nMCkDMCBNqvcWtGrhUvpFD4jfaQ8661GEspqMbrXuNQ//JsrD9n98dJDWdCUV + 0LWBEyAJTOV9kIEH128MlPK8SLNkvCBZNJS4pzUxJFmf3LbDmYMuqcgz1d5NltMk + tzVEpVJ4tgZ0gyn4f/yuZHobq6hP1YHgu3lNt7Aibi6dX5pfw2oWqufuPwARAQAB + tEJHaXRMYWIgQi5WLiAocGFja2FnZSByZXBvc2l0b3J5IHNpZ25pbmcga2V5KSA8 + cGFja2FnZXNAZ2l0bGFiLmNvbT6JAj4EEwECACgFAlUxDA4CGwMFCQlmAYAGCwkI + BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEBQhmpbhXnj0iN0QAIGHf0CShvrEZXOq + 8Tlq+zJ42CQTOLa9Hijd85mqwijgoBwCdLaePaOqOBIkqev3UDfcoMJP9/JuXMpI + 9H+JvfY/USwP7FVTpdyC+iecWOSJ/qdbxJEau2wyGwsVhcas9iOExzd6tjsS61Td + 1bpdTBYG7eAenCu5WYU/cb0OhPbzRuUiLrtpt43tx2cXIU+XcEC/R9aym7EPw3WG + SePegNhKbtr3LaTuRswgO464LHgJ0YsUx9789QSyuhHtQGznBpBDj0F/xVjnxRs4 + 6vpd46AWad0G7RhDCWduuG0qx1/1ZBbQKKjRq/1Uw54qiVJB0T/7qtQ9OliUonDj + Vgkj3w1HGXTwKVSkDwEqyn+SDWERA9k04DQrOLEG0qi9NGLYy59v4SaU3ftZw0L6 + jnCJksnACtrsksJWPI0Gbs+wbII6fhu8Zc1iV3hdzi92lDMv0W1KzM7FCrz3ex6i + 3oL+ntZW/PuHNSUVBlr2FkkSr/EmRkBoD9efZsG7+5vYImtkSZSaiMi5IsexjTEH + HkP0xG0OUaCagSNrNolDyLEmTjhOmky67oE1VIOIbMajXzeNdqYahz8+kBQ5vgpr + 0PqlNbnVgCiTlFjTVGHUj84SKh/Gii+GRHlCV1d5UL/GzJppZ5MfpjRXOTamqU/C + O0JLVZiTnW+KSqbLEdflanh8IPTF + =jmzU + -----END PGP PUBLIC KEY BLOCK----- diff --git a/hosts b/hosts new file mode 100644 index 0000000..4e20e3a --- /dev/null +++ b/hosts @@ -0,0 +1,2 @@ +gitlab ansible_ssh_host=wmf-gitlab3.vm.liw.fi +runner ansible_ssh_host=wmf-runner3.vm.liw.fi diff --git a/roles/gitlab/handlers/main.yml b/roles/gitlab/handlers/main.yml new file mode 100644 index 0000000..2e2bc02 --- /dev/null +++ b/roles/gitlab/handlers/main.yml @@ -0,0 +1,5 @@ +- name: restart_postfix + systemd: + name: postfix + state: restarted + diff --git a/roles/gitlab/tasks/main.yml b/roles/gitlab/tasks/main.yml new file mode 100644 index 0000000..5605e22 --- /dev/null +++ b/roles/gitlab/tasks/main.yml @@ -0,0 +1,70 @@ +- name: install helpful stuff + apt: + name: + - locales-all + - psmisc + +- name: install gitlab dependencies + apt: + name: + - curl + - openssh-server + - ca-certificates + - postfix + - apt-transport-https + +- name: set mailname + copy: + content: | + {{ mail_hostname }} + dest: /etc/mailname + owner: root + group: root + mode: 0644 + notify: restart_postfix + +- name: configure postfix + template: + src: main.cf.j2 + dest: /etc/postfix/main.cf + notify: restart_postfix + +- name: install gitlab apt signing key + apt_key: + data: "{{ gitlab_apt_signing_key }}" + +- name: install gitlab apt sources.list + apt_repository: + update_cache: yes + codename: "{{ debian_codename }}" + repo: | + deb https://packages.gitlab.com/gitlab/gitlab-ce/debian/ {{ debian_codename }} main + +- name: install gitlab-ce + apt: + name: gitlab-ce + +- name: configure gitlab external url + lineinfile: + path: /etc/gitlab/gitlab.rb + regexp: "^external_url" + line: | + external_url '{{ external_url }}' + +- name: configure gitlab initial root password + lineinfile: + path: /etc/gitlab/gitlab.rb + regexp: "gitlab_rails.'initial_root_password'" + line: | + gitlab_rails['initial_root_password'] = "{{ root_password }}" + +- name: configure gitlab initial runner registration token + lineinfile: + path: /etc/gitlab/gitlab.rb + regexp: "gitlab_rails.'initial_shared_runners_registration_token'" + line: | + gitlab_rails['initial_shared_runners_registration_token'] = "{{runner_token }}" + +- name: start gitlab + shell: + dpkg-reconfigure gitlab-ce diff --git a/roles/gitlab/templates/main.cf.j2 b/roles/gitlab/templates/main.cf.j2 new file mode 100644 index 0000000..3fcc001 --- /dev/null +++ b/roles/gitlab/templates/main.cf.j2 @@ -0,0 +1,19 @@ +# Who are we? This varies depending on host. +myhostname = {{ mail_hostname }} +mydestination = {{ mail_hostname }}, localhost.localdomain, localhost + + +# Configure various things. These should be the same everywhere. +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +inet_interfaces = 127.0.0.1 +myorigin = /etc/mailname +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases + +smtp_tls_security_level = may +smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache +smtp_tls_loglevel = 1 + +smtpd_relay_restrictions = + permit_mynetworks + reject_unauth_destination diff --git a/roles/runner/tasks/main.yml b/roles/runner/tasks/main.yml new file mode 100644 index 0000000..f920d46 --- /dev/null +++ b/roles/runner/tasks/main.yml @@ -0,0 +1,42 @@ +- name: configure sources.lists for Debian release + copy: + content: | + deb http://deb.debian.org/debian {{ debian_codename }} main contrib non-free + dest: /etc/apt/sources.list + +- name: dist-upgrade + apt: + update_cache: yes + upgrade: dist + +- name: install helpful stuff + apt: + name: + - locales-all + - psmisc + +- name: install gitlab runner dependencies + apt: + name: + - apt-transport-https + - docker.io + +- name: install gitlab apt signing key + apt_key: + data: "{{ gitlab_apt_signing_key }}" + +- name: install gitlab apt sources.list + apt_repository: + update_cache: yes + codename: "{{ debian_codename }}" + repo: | + deb https://packages.gitlab.com/runner/gitlab-runner/debian/ {{ debian_codename }} main + +- name: install gitlab runner + apt: + name: gitlab-runner + +- name: configure gitlab runner + shell: | + gitlab-runner register -n -u "{{ gitlab_url }}" -r "{{ runner_token }}" \ + --executor docker --docker-image "{{ runner_docker_image }}" diff --git a/runner.yml b/runner.yml new file mode 100644 index 0000000..72e095f --- /dev/null +++ b/runner.yml @@ -0,0 +1,48 @@ +- hosts: runner + remote_user: root + become: no + roles: + - runner + vars: + runner_token: "{{ lookup('pipe', 'pass wmf/wmf-gitlab.vm.liw.fi/runner_token') }}" + + gitlab_url: "https://wmf-gitlab3.vm.liw.fi" + + runner_docker_image: debian + + hostname: wmf-runner + + debian_codename: buster + debian_mirror: deb.debian.org + + gitlab_apt_signing_key: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: GnuPG v1.4.11 (GNU/Linux) + + mQINBFUxDA4BEAC0Pwepk/QZK7QOv6loLtUqmPCJtUuOS3Gu410FoOCgh5agWmXe + J2pCTejLIMWPEG1Q35lrv5PRlcRA+XLIcYd6x7pF4+sDE1lOZVBndUMSHDReq+r+ + lzRB0Rd6S75RshBRDuwHfBfzjmFcyPqqYdiY3YUqk+hHl/w8m5QlxgLDnp2Vjh2B + yzJqDtJh2+TmvY4XD91Q1fvihZkN3RFBgIjjs4xVQ+wptjg8FsPovgA+QED+hkFc + bBveClexICHi6mTFG+1HV1MfcZnIRDlggTCUj/U8TGnU5crs6GVbbxtKfTCAZYlQ + k5Q2JoPE4156wNFPQ7/Eyr3GnP62oySmuaCDzVVOlnmu4GMTVq/LVQZV3wOAdHM1 + +9i0ob/SLYT5QKuL5jYj99rz2wy4HWxGR6TrSc/Ls0sc2MvZBeIXpOsPI2rxOeS+ + 3Kbz8E+0ezNWxHC2LBQezW1ikNfLow/vwIBDCS9ApDAdW8VN28cROoiCMd6yxnVI + 1P2nMCkDMCBNqvcWtGrhUvpFD4jfaQ8661GEspqMbrXuNQ//JsrD9n98dJDWdCUV + 0LWBEyAJTOV9kIEH128MlPK8SLNkvCBZNJS4pzUxJFmf3LbDmYMuqcgz1d5NltMk + tzVEpVJ4tgZ0gyn4f/yuZHobq6hP1YHgu3lNt7Aibi6dX5pfw2oWqufuPwARAQAB + tEJHaXRMYWIgQi5WLiAocGFja2FnZSByZXBvc2l0b3J5IHNpZ25pbmcga2V5KSA8 + cGFja2FnZXNAZ2l0bGFiLmNvbT6JAj4EEwECACgFAlUxDA4CGwMFCQlmAYAGCwkI + BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEBQhmpbhXnj0iN0QAIGHf0CShvrEZXOq + 8Tlq+zJ42CQTOLa9Hijd85mqwijgoBwCdLaePaOqOBIkqev3UDfcoMJP9/JuXMpI + 9H+JvfY/USwP7FVTpdyC+iecWOSJ/qdbxJEau2wyGwsVhcas9iOExzd6tjsS61Td + 1bpdTBYG7eAenCu5WYU/cb0OhPbzRuUiLrtpt43tx2cXIU+XcEC/R9aym7EPw3WG + SePegNhKbtr3LaTuRswgO464LHgJ0YsUx9789QSyuhHtQGznBpBDj0F/xVjnxRs4 + 6vpd46AWad0G7RhDCWduuG0qx1/1ZBbQKKjRq/1Uw54qiVJB0T/7qtQ9OliUonDj + Vgkj3w1HGXTwKVSkDwEqyn+SDWERA9k04DQrOLEG0qi9NGLYy59v4SaU3ftZw0L6 + jnCJksnACtrsksJWPI0Gbs+wbII6fhu8Zc1iV3hdzi92lDMv0W1KzM7FCrz3ex6i + 3oL+ntZW/PuHNSUVBlr2FkkSr/EmRkBoD9efZsG7+5vYImtkSZSaiMi5IsexjTEH + HkP0xG0OUaCagSNrNolDyLEmTjhOmky67oE1VIOIbMajXzeNdqYahz8+kBQ5vgpr + 0PqlNbnVgCiTlFjTVGHUj84SKh/Gii+GRHlCV1d5UL/GzJppZ5MfpjRXOTamqU/C + O0JLVZiTnW+KSqbLEdflanh8IPTF + =jmzU + -----END PGP PUBLIC KEY BLOCK----- -- cgit v1.2.1