10 changed files with 62 additions and 158 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -0,0 +1,36 @@
+---
+kind: pipeline
+type: docker
+name: Static Verification
+steps:
+  - name: ansible-lint
+    image: python:3.10.6
+    commands:
+      # Make sure to update the ansible version below as well
+      - pip --disable-pip-version-check install ansible==7.2.0 ansible-lint==6.16.1 > /dev/null 2> /dev/null
+      - ansible-lint -c .ansible-lint ansible
+
+---
+kind: pipeline
+type: docker
+name: Check
+steps:
+  - name: ansible-playbook --check
+    image: python:3.10.6
+    environment:
+      SSH_KEY:
+        from_secret: ssh_key
+      VAULT_PASSWORD:
+        from_secret: vault_password
+    commands:
+      - pip install ansible==7.2.0 > /dev/null 2> /dev/null
+
+      - mkdir "$HOME/.ssh"
+      - echo "$SSH_KEY" > "$HOME/.ssh/id"
+      - chmod 0600 ~/.ssh/id
+      - ssh-keyscan -p 2309 vmd98928.contaboserver.net > "$HOME/.ssh/known_hosts"
+
+      - echo "$VAULT_PASSWORD" > "$HOME/vault_password"
+
+      - cd ansible
+      - ansible-playbook --private-key "$HOME/.ssh/id" --vault-password-file "$HOME/vault_password" --check playbooks/misc-all.yaml
--- a/.gitea/workflows/check.yaml
+++ b/.gitea/workflows/check.yaml
@ -1,15 +0,0 @@
-name: Check
-on: [push]
-jobs:
-  "Lint Ansible Files":
-    runs-on: ubuntu-22.04
-    steps:
-      - run: apt-get update
-      - run: apt-get install -y python3 python3-pip python3-venv
-      - run: python3 --version
-      - name: Check out repo
-        uses: actions/checkout@v3
-      - run: python3 -m venv venv
-      - run: venv/bin/pip --disable-pip-version-check install ansible==7.2.0 ansible-lint==6.16.1 > /dev/null 2> /dev/null
-      - run: venv/bin/ansible-lint -c .ansible-lint ansible
-  # TODO: Reimplement ansible-play --check step from old drone config
--- a/TODO.md
+++ b/TODO.md
@ -14,5 +14,3 @@
 - [x] Make Gitea display graphs in Notebooks (see https://docs.gitea.io/en-us/external-renderers/).
 - [x] Factorio server
 - [ ] Add flag for Gitea backups (after which Gitea will be up but no contain the sites source code)
- [x] Add Gitea actions
- [ ] Remove drone
--- a/docker/docker/caddy/Caddyfile
+++ b/docker/docker/caddy/Caddyfile
@ -1,7 +1,3 @@
-{
-    admin off
-}
-
 pbrinkmeier.de {
    file_server {
        root /srv/pbrinkmeier.de
--- a/docker/docker/drone/docker-compose.yaml
+++ b/docker/docker/drone/docker-compose.yaml
@ -12,7 +12,7 @@ services:
      DRONE_SERVER_PROTO: https
    volumes:
      - /var/lib/pbri/docker/drone:/data
-    restart: unless-stopped
+    restart: always

  drone_runner:
    image: drone/drone-runner-docker:1
@ -24,7 +24,7 @@ services:
      DRONE_RUNNER_NAME: shamash
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
-    restart: unless-stopped
+    restart: always

 networks:
  default:
--- a/docker/docker/gitea/Dockerfile
+++ b/docker/docker/gitea/Dockerfile
@ -1,3 +1,5 @@
- FROM gitea/act_runner:0.2.5
+FROM gitea/gitea:1.20

- COPY runner-config.yaml /opt/runner-config.yaml
+RUN apk --no-cache add gcc python3-dev py3-pip linux-headers musl-dev libffi-dev
+RUN pip3 install --upgrade pip
+RUN pip3 install jupyter
--- a/docker/docker/gitea/README.md
+++ b/docker/docker/gitea/README.md
@ -1,17 +1,6 @@
-# gitea
-
 Add a `.env` file like this:

 ```
 GITEA_DB_PASSWORD=...
 GITEA_SMTP_PASSWORD=...
-GITEA_RUNNER_REGISTRATION_TOKEN=...
 ```
-
-You should keep an eye on `GITEA_RUNNER_REGISTRATION_TOKEN`. I suspect
-it might change over time, e.g. when restarting or updating Gitea.
-
-## Files
-
- `runner-config.yaml`: Configuration for `gitea/act_runner`. Generated using `act_runner generate-config` then adjusted
- `Dockerfile`: Creates an image based on `gitea/act_runner` that comes with `runner-config.yaml` in `/opt` (to avoid the extra mount)
--- a/docker/docker/gitea/docker-compose.yaml
+++ b/docker/docker/gitea/docker-compose.yaml
@ -2,8 +2,9 @@ version: "3"

 services:
  gitea:
-    image: gitea/gitea:1.20.3
-    restart: unless-stopped
+    image: pbrinkmeier/gitea
+    build: .
+    restart: always
    environment:
      # Ref: https://docs.gitea.io/en-us/config-cheat-sheet
      # User is created by misc-docker.yaml
@ -35,17 +36,17 @@ services:
      GITEA__service__DEFAULT_ENABLE_TIMETRACKING: "false"
      GITEA__service__DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME: "false"
      GITEA__mailer__ENABLED: "true"
-      GITEA__mailer__PROTOCOL: smtps
-      GITEA__mailer__SMTP_ADDR: smtp.mailbox.org
-      GITEA__mailer__SMTP_HOST: 465
+      GITEA__mailer__HOST: smtp.mailbox.org:465
      GITEA__mailer__FROM: git@pbrinkmeier.de
      GITEA__mailer__USER: hallo@pbrinkmeier.de
      GITEA__mailer__PASSWD: "${GITEA_SMTP_PASSWORD}"
      GITEA__openid__ENABLE_OPENID_SIGNIN: "false"
      GITEA__openid__ENABLE_OPENID_SIGNUP: "false"
-      # Enable Gitea actions
-      # Ref: https://docs.gitea.com/usage/actions/quickstart
-      GITEA__actions__ENABLED: "true"
+      GITEA__markup_0x2E_jupyter__ENABLED: "true"
+      GITEA__markup_0x2E_jupyter__FILE_EXTENSIONS: ".ipynb"
+      GITEA__markup_0x2E_jupyter__RENDER_COMMAND: "jupyter nbconvert --stdin --stdout --to html --template basic"
+      GITEA__markup_0x2E_jupyter__IS_INPUT_FILE: "false"
+      GITEA__markup_0x2E_sanitizer_0x2E_jupyter_0x2E_img__ALLOW_DATA_URI_IMAGES: "true"
    volumes:
      - /var/lib/pbri/docker/gitea:/data
      - /etc/timezone:/etc/timezone:ro
@ -57,7 +58,7 @@ services:

  gitea_db:
    image: postgres:14.5-alpine
-    restart: unless-stopped
+    restart: always
    environment:
      POSTGRES_DB: gitea
      POSTGRES_USER: gitea
@ -65,21 +66,6 @@ services:
    volumes:
      - /var/lib/pbri/docker/gitea_db:/var/lib/postgresql/data

-  gitea_runner:
-    image: pbrinkmeier/act_runner:0.2.5
-    build: .
-    restart: unless-stopped
-    environment:
-      CONFIG_FILE: /opt/runner-config.yaml
-      GITEA_INSTANCE_URL: "https://git.pbrinkmeier.de"
-      GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}"
-      GITEA_RUNNER_NAME: "basic-bitchboy"
-    volumes:
-      - /var/lib/pbri/docker/gitea_runner_data:/data
-      - /var/run/docker.sock:/var/run/docker.sock
-    depends_on:
-      - gitea
-
 networks:
  default:
    name: caddy-network
--- a/docker/docker/gitea/runner-config.yaml
+++ b/docker/docker/gitea/runner-config.yaml
@ -1,85 +0,0 @@
-log:
-  # The level of logging, can be trace, debug, info, warn, error, fatal
-  level: info
-
-runner:
-  # Where to store the registration result.
-  file: .runner
-  # Execute how many tasks concurrently at the same time.
-  capacity: 1
-  # Extra environment variables to run jobs.
-  # envs:
-  #   A_TEST_ENV_NAME_1: a_test_env_value_1
-  #   A_TEST_ENV_NAME_2: a_test_env_value_2
-  # Extra environment variables to run jobs from a file.
-  # It will be ignored if it's empty or the file doesn't exist.
-  # env_file: .env
-  # The timeout for a job to be finished.
-  # Please note that the Gitea instance also has a timeout (3h by default) for the job.
-  # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
-  timeout: 3h
-  # Whether skip verifying the TLS certificate of the Gitea instance.
-  insecure: false
-  # The timeout for fetching the job from the Gitea instance.
-  fetch_timeout: 5s
-  # The interval for fetching the job from the Gitea instance.
-  fetch_interval: 2s
-  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
-  # Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"]
-  # If it's empty when registering, it will ask for inputting labels.
-  # If it's empty when execute `deamon`, will use labels in `.runner` file.
-  # Some (most?) GitHub actions use node for scripting, so just using
-  # ubuntu:22.04 here is not enough.
-  labels:
-    - "ubuntu-22.04:docker://node:16-bullseye"
-
-cache:
-  # Enable cache server to use actions/cache.
-  enabled: false
-  # The directory to store the cache data.
-  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
-  dir: ""
-  # The host of the cache server.
-  # It's not for the address to listen, but the address to connect from job containers.
-  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
-  host: ""
-  # The port of the cache server.
-  # 0 means to use a random available port.
-  port: 0
-  # The external cache server URL. Valid only when enable is true.
-  # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
-  # The URL should generally end with "/".
-  external_server: ""
-
-container:
-  # Specifies the network to which the container will connect.
-  # Could be host, bridge or the name of a custom network.
-  # If it's empty, act_runner will create a network automatically.
-  network: ""
-  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
-  privileged: false
-  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
-  options:
-  # The parent directory of a job's working directory.
-  # If it's empty, /workspace will be used.
-  workdir_parent:
-  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
-  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
-  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
-  # valid_volumes:
-  #   - data
-  #   - /src/*.json
-  # If you want to allow any volume, please use the following configuration:
-  # valid_volumes:
-  #   - '**'
-  valid_volumes: []
-  # overrides the docker client host with the specified one.
-  # If it's empty, act_runner will find an available docker host automatically.
-  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
-  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
-  docker_host: ""
-
-host:
-  # The parent directory of a job's working directory.
-  # If it's empty, $HOME/.cache/act/ will be used.
-  workdir_parent:
--- a/docker/envs/gitea/.env
+++ b/docker/envs/gitea/.env
@ -1,14 +1,11 @@
 $ANSIBLE_VAULT;1.1;AES256
-35623364633833623964623536646534373634663736613561333561343136333965306638396532
-6162393239383936386338666565306132646230383066630a336337613636383431623738343663
-61343262363631376665383035323139313863626331666439336134613035663439376231343863
-3032353139643138640a383365356630323835383538393734643134343133653033383663333464
-62386361633435633664306531623835353665326432393932336163316561653866343137323030
-63643262323436356166373533363235366238393633336631336266373837373932313134303563
-65633337393938623134636538653561356565333831356638373862376333336163363438626438
-39343436383732313561396236656530303064363961663636353538346264633532633866333162
-35303032303662646166333537373566316462633536333463323433353539623363323036643763
-34376365613932303133366236613235636238643139666663356436326532616437383432303437
-39376535656266383465373837643634383937656431323265386163373138336164383666383962
-64623762613332363731323739666238613634646237396331666463363663313461313966356233
-30653362353061333739303234336461373337346632646433623462623765353330
+32303131323835666635366533363238303766643063633934353139323837396336373734393263
+6334616639373630616437646437626666343161373338310a323234313330323839663165653038
+66386266373562363966643666653234656337373166626131383565313334333234373532633133
+6265656232613337380a393531323765373332613162346365373831373733623166363136326239
+66386262393836343634353061363131313936666665343634326430393939633336656666626530
+32633762306136356464386262633132646633373066316434343437356636313831313462366533
+37343864636265666166613761386639316534386365343439623634373039383237353839656130
+36353036623336653336663738636632326238326133663039633330656530376335343539646465
+61663436626235306462336636393332313562646633373637396664636661333131663864393138
+6161396237323233333961353231643236393232623635303465