commit 5e5addeac69cf650951890f27dff5c74d2ad7f7f Author: Michael Zhang Date: Fri Nov 24 15:43:17 2023 -0600 a diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a6a5869 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +terraform.tfvars.json +.terraform \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..9eec179 --- /dev/null +++ b/README.md @@ -0,0 +1,13 @@ +## How to add new tailscale client + +On client: + +``` +tailscale up --login-server https://mzhang.io:15851 +``` + +On server: + +``` +sudo /path/to/headscale nodes register --user michael --key +``` diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..cf36f72 --- /dev/null +++ b/main.tf @@ -0,0 +1,6 @@ +module "gitea" { + source = "./services/gitea" + providers = { + nomad = nomad + } +} diff --git a/providers.tf b/providers.tf new file mode 100644 index 0000000..60c4f89 --- /dev/null +++ b/providers.tf @@ -0,0 +1,4 @@ +provider "nomad" { + address = "http://apps2.tail98468.ts.net:4646" + region = "us-east-2" +} \ No newline at end of file diff --git a/services/caddy/conf/caddy.nomad.hcl b/services/caddy/conf/caddy.nomad.hcl new file mode 100644 index 0000000..fea9115 --- /dev/null +++ b/services/caddy/conf/caddy.nomad.hcl @@ -0,0 +1,5 @@ +job "caddy" { + group "proxy" { + + } +} \ No newline at end of file diff --git a/services/caddy/job.tf b/services/caddy/job.tf new file mode 100644 index 0000000..ff05ae2 --- /dev/null +++ b/services/caddy/job.tf @@ -0,0 +1,6 @@ +resource "nomad_job" "app" { + jobspec = templatefile("${path.module}/conf/caddy.nomad.hcl", { + # caddyfile_internal = data.template_file.caddyfile-internal.rendered + caddyfile_public = data.template_file.caddyfile-public.rendered + }) +} diff --git a/services/gitea/conf/app.ini.tpl b/services/gitea/conf/app.ini.tpl new file mode 100644 index 0000000..a81bad0 --- /dev/null +++ b/services/gitea/conf/app.ini.tpl @@ -0,0 +1,122 @@ +; This file lists the default values used by Gitea +; Sample file: https://github.com/go-gitea/gitea/blob/master/custom/conf/app.example.ini +; Docs: https://docs.gitea.io/en-us/config-cheat-sheet/ + +APP_NAME = Michael's Forge +RUN_MODE = prod +RUN_USER = git + +[repository] +ROOT = /data/git/repositories + +[repository.local] +LOCAL_COPY_PATH = /data/gitea/tmp/local-repo + +[repository.upload] +TEMP_PATH = /data/gitea/uploads + +[server] +APP_DATA_PATH = /data/gitea +DOMAIN = git2.mrkaran.dev +SSH_DOMAIN = koadings.mrkaran.dev +HTTP_PORT = 3000 +ROOT_URL = https://git2.mrkaran.dev/ +DISABLE_SSH = false +SSH_PORT = 4222 +SSH_LISTEN_PORT = 22 +LFS_START_SERVER = true +LFS_CONTENT_PATH = /data/git/lfs +LFS_JWT_SECRET = "${gitea_lfs_jwt_secret}" +OFFLINE_MODE = true +LANDING_PAGE = explore + +[ui] +THEME_COLOR_META_TAG = "#6B46C1" + +[ui.meta] +AUTHOR = Karan +DESCRIPTION = Karan's self-hosted Gitea instance +KEYWORDS = git, gitea, karan, git.mrkaran.dev, mrkaran + +[database] +PATH = /data/gitea/gitea.db +DB_TYPE = sqlite3 +HOST = localhost:3306 +NAME = gitea +USER = root +PASSWD = +SCHEMA = +SSL_MODE = disable +CHARSET = utf8 + +[indexer] +ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve + +[session] +PROVIDER_CONFIG = /data/gitea/sessions +PROVIDER = file +COOKIE_SECURE = true + +[picture] +AVATAR_UPLOAD_PATH = /data/gitea/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars +DISABLE_GRAVATAR = false +ENABLE_FEDERATED_AVATAR = true + +[attachment] +PATH = /data/gitea/attachments + +[log] +ROOT_PATH = /data/gitea/log +MODE = file +LEVEL = info + +[security] +INSTALL_LOCK = true +SECRET_KEY = "${gitea_secret_key}" +INTERNAL_TOKEN = "${gitea_internal_token}" + +[service] +DISABLE_REGISTRATION = true +REQUIRE_SIGNIN_VIEW = false +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = false +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.localhost + +[oauth2] +JWT_SECRET = "${gitea_oauth2_jwt_secret}" + +[mailer] +ENABLED = false + +[openid] +ENABLE_OPENID_SIGNIN = true +ENABLE_OPENID_SIGNUP = true + +[metrics] +ENABLED = true + +[cron] +ENABLED = true +RUN_AT_START = false + +[cron.archive_cleanup] +RUN_AT_START = true +SCHEDULE = @every 24h +OLDER_THAN = 24h + +[cron.update_mirrors] +SCHEDULE = @every 3h + +[cron.repo_health_check] +SCHEDULE = @every 24h +TIMEOUT = 60s + +[cron.check_repo_stats] +RUN_AT_START = true +SCHEDULE = @every 24h \ No newline at end of file diff --git a/services/gitea/conf/gitea.nomad.hcl b/services/gitea/conf/gitea.nomad.hcl new file mode 100644 index 0000000..b8fe303 --- /dev/null +++ b/services/gitea/conf/gitea.nomad.hcl @@ -0,0 +1,13 @@ +job "gitea" { + group "app" { + network { + port "http" { + to = 3000 + } + } + + task "web" { + driver = "docker" + } + } +} diff --git a/services/gitea/data.tf b/services/gitea/data.tf new file mode 100644 index 0000000..0ae1f31 --- /dev/null +++ b/services/gitea/data.tf @@ -0,0 +1,9 @@ +data "template_file" "gitea-config" { + template = file("${path.module}/conf/app.ini.tpl") + vars = { + gitea_secret_key = var.gitea_secret_key + gitea_internal_token = var.gitea_internal_token + gitea_lfs_jwt_secret = var.gitea_lfs_jwt_secret + gitea_oauth2_jwt_secret = var.gitea_oauth2_jwt_secret + } +} diff --git a/services/gitea/job.tf b/services/gitea/job.tf new file mode 100644 index 0000000..b1d6952 --- /dev/null +++ b/services/gitea/job.tf @@ -0,0 +1,5 @@ +resource "nomad_job" "app" { + jobspec = templatefile("${path.module}/conf/gitea.nomad.hcl", { + gitea_config = data.template_file.gitea-config.rendered + }) +} diff --git a/services/gitea/providers.tf b/services/gitea/providers.tf new file mode 100644 index 0000000..b281597 --- /dev/null +++ b/services/gitea/providers.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + nomad = { + source = "hashicorp/nomad" + } + } +}