blob: 2d0e065042ffadb4b4b788bf7c4470bc48d8c657 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
---
- name: Copy container build files
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ DATA_ROOT }}/git"
owner: "{{ USER }}"
group: "{{ USER }}"
mode: preserve
loop:
- gitolite-cgit
- runner-zola
- runner-mirror
- name: Build gitolite cgit image
containers.podman.podman_image:
name: gitolite-cgit
path: "{{ DATA_ROOT }}/git/gitolite-cgit"
force: true
register: cgito_build
# Example ssh config snippet (~/.ssh/config)
# host git.memzero.de
# user git
# port 8022
# identityfile ~/.ssh/memzero
- name: Gitolite cgit
containers.podman.podman_container:
name: cgito
image: gitolite-cgit
network: "{{ NETWORK }}"
ports:
- "8022:22"
env:
SSH_KEY: "{{ lookup('file', lookup('env', 'HOME') + '/.ssh/memzero.pub') }}"
volumes:
# Use 'Z' to privately relable selinux contexts.
- "{{ DATA_ROOT }}/git/repos:/var/lib/git:Z"
recreate: "{{ cgito_build.changed }}"
notify: Restart nginx
- name: Open port for gitolite ssh port
ansible.posix.firewalld:
port: 8022/tcp
permanent: true
immediate: true
state: enabled
become: true
- name: Build zola runner image
containers.podman.podman_image:
name: runner-zola
path: "{{ DATA_ROOT }}/git/runner-zola"
force: true
register: runner_zola_build
- name: Start zola runner
containers.podman.podman_container:
name: runner-zola
image: runner-zola
network: "{{ NETWORK }}"
volumes:
# Mount the webserver webroot to deploy the blog.
# Use 'z' to shared-ly relable selinux contexts.
- "{{ DATA_ROOT }}/nginx/www:/www:z"
recreate: "{{ runner_zola_build.changed }}"
- name: Build mirror runner image
containers.podman.podman_image:
name: runner-mirror
path: "{{ DATA_ROOT }}/git/runner-mirror"
force: true
register: runner_mirror_build
- name: Start mirror runner
containers.podman.podman_container:
name: runner-mirror
image: runner-mirror
network: "{{ NETWORK }}"
volumes:
# Use 'z' to shared-ly relable selinux contexts.
- "{{ DATA_ROOT }}/git/repos/projects.list:/projects.list:ro,z"
# Use 'Z' to privately relable selinux contexts.
- "{{ DATA_ROOT }}/git/runner-mirror/mirror.key:/mirror.key:ro,Z"
recreate: "{{ runner_mirror_build.changed }}"
|