From 108cbf6588e751f2f92c2c817a288017cf3c1869 Mon Sep 17 00:00:00 2001
From: Paul Brinkmeier <hallo@pbrinkmeier.de>
Date: Wed, 14 Sep 2022 19:31:54 +0200
Subject: [PATCH] Add gitea config running on port 30000

---
 TODO.md                          |  4 ++-
 ansible/README.md                | 10 +++---
 ansible/misc-docker.yaml         | 18 +++++++---
 docker/gitea/docker-compose.yaml | 57 ++++++++++++++++++++++++++++++++
 4 files changed, 79 insertions(+), 10 deletions(-)
 create mode 100644 docker/gitea/docker-compose.yaml

diff --git a/TODO.md b/TODO.md
index 7ff5400..5f2d208 100644
--- a/TODO.md
+++ b/TODO.md
@@ -2,8 +2,10 @@
 
 - [ ] Update Readme (CI, Git, plantuml, etc.)
 - [ ] Split `docker/web/docker-compose.yaml` into different configs (e.g. `web`, `gitlab`, `drone`) using the same network
-- [ ] Use `/var/lib/pbri/docker/...` instead of Docker volumes (makes backups easier)
+- [x] Use `/var/lib/pbri/docker/...` instead of Docker volumes (makes backups easier)
     - [x] Make it inaccessible to anyone but root (`-rw------`)
 - [x] Add [Drone runner](https://docs.drone.io/runner/docker/installation/linux/)
 - [ ] Figure out how to dependably store `.env` files (Ansible vault? Something else?)
 - [ ] Check out docker swarm and current best practices for Ansible
+- [ ] Use Gitea instead of GitLab
+- [ ] Add drone exec runner for Nix builds with shared `/nix`
diff --git a/ansible/README.md b/ansible/README.md
index 593ede6..4c3ce89 100644
--- a/ansible/README.md
+++ b/ansible/README.md
@@ -20,12 +20,12 @@ Sets up:
 
 ## `misc-docker.yaml`
 
-- Deploys Docker configurations from `../docker`
+Deploys Docker configurations from `../docker`:
+
+- Copies configuration into `/etc/pbri/docker`
+- Creates folder `/var/lib/pbri/docker` for storing application files
+- Creates users with `42xxx` UIDs for running containers
 
 ## `misc-sites.yaml`
 
 Checks out static sites into `/home/paul/Sites` which is mounted into `/srv` in the Caddy container.
-
-## `misc-backup.yaml`
-
-Backs up relevant Docker volumes.
diff --git a/ansible/misc-docker.yaml b/ansible/misc-docker.yaml
index 82e1e65..69c0c22 100644
--- a/ansible/misc-docker.yaml
+++ b/ansible/misc-docker.yaml
@@ -26,15 +26,25 @@
         debug: yes
       loop:
         - name: web
-          state: present
+          state: absent
         - name: runner
           state: absent
-    - name: Add jupyter user with UID 42000
+        - name: gitea
+          state: present
+    - name: Add users for running containers
       become: yes
       ansible.builtin.user:
-        name: jupyter
-        uid: 42000
+        name: "{{ item.name }}"
+        uid: "{{ item.uid }}"
+        create_home: no
         state: present
+      loop:
+        - name: jupyter
+          uid: 42000
+          state: present
+        - name: gitea
+          uid: 42001
+          state: present
     - name: Add Notebooks folder
       become: yes
       ansible.builtin.file:
diff --git a/docker/gitea/docker-compose.yaml b/docker/gitea/docker-compose.yaml
new file mode 100644
index 0000000..697d0bb
--- /dev/null
+++ b/docker/gitea/docker-compose.yaml
@@ -0,0 +1,57 @@
+version: "3"
+
+services:
+  gitea:
+    image: gitea/gitea:1.17.1
+    restart: always
+    environment:
+      USER: gitea
+      USER_UID: 42001
+      USER_GID: 42001
+      GITEA__server__DOMAIN: pbrinkmeier.de
+      GITEA__server__HTTP_PORT: 3000
+      GITEA__server__ROOT_URL: http://pbrinkmeier.de:30000/
+      GITEA__server__SSH_DOMAIN: pbrinkmeier.de
+      GITEA__server__SSH_LISTEN_PORT: 3000
+      GITEA__server__SSH_PORT: 30001
+      GITEA__server__OFFLINE_MODE: "true"
+      GITEA__database__DB_TYPE: postgres
+      GITEA__database__HOST: gitea_db:5432
+      GITEA__database__NAME: gitea
+      GITEA__database__USER: gitea
+      GITEA__database__PASSWD: "${GITEA_DB_PASSWORD}"
+      GITEA__picture__DISABLE_GRAVATAR: "true"
+      GITEA__picture__FEDERATED_AVATAR: "false"
+      GITEA__service__DISABLE_REGISTRATION: "true"
+      GITEA__service__REGISTER_EMAIL_CONFIRM: "true"
+      GITEA__service__ENABLE_NOTIFY_MAIL: "true"
+      GITEA__service__NOREPLY_ADDRESS: noreply.pbrinkmeier.de
+      GITEA__service__ENABLE_TIMETRACKING: "false"
+      GITEA__service__DEFAULT_ENABLE_TIMETRACKING: "false"
+      GITEA__service__DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME: "false"
+      GITEA__mailer__ENABLED: "true"
+      GITEA__mailer__HOST: smtp.mailbox.org:465
+      GITEA__mailer__FROM: git@pbrinkmeier.de
+      GITEA__mailer__USER: hallo@pbrinkmeier.de
+      GITEA__mailer__PASSWD: "${GITEA_SMTP_PASSWORD}"
+      GITEA__openid__ENABLE_OPENID_SIGNIN: "false"
+      GITEA__openid__ENABLE_OPENID_SIGNUP: "false"
+    volumes:
+      - /var/lib/pbri/docker/gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "30000:3000"
+      - "30001:22"
+    depends_on:
+      - gitea_db
+
+  gitea_db:
+    image: postgres:14.5-alpine
+    restart: always
+    environment:
+      POSTGRES_DB: gitea
+      POSTGRES_USER: gitea
+      POSTGRES_PASSWORD: "${GITEA_DB_PASSWORD}"
+    volumes:
+      - /var/lib/pbri/docker/gitea_db:/var/lib/postgresql/data