From 1b832cbd1d7c5c5ebd8eacf19231d80bc8dbd3d8 Mon Sep 17 00:00:00 2001 From: Gabriel Radureau Date: Tue, 13 Aug 2024 17:28:44 +0200 Subject: [PATCH] setup gitea mailer --- ansible/README.md | 19 ++++++++++++++++++- .../inventory/group_vars/hard_disk/gitea.yml | 8 ++++++++ .../group_vars/hard_disk/gitea_vault.yml | 8 ++++++++ 3 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 ansible/arcodange/factory/inventory/group_vars/hard_disk/gitea_vault.yml diff --git a/ansible/README.md b/ansible/README.md index f0249ce..73d1ec5 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -19,7 +19,24 @@ git clone -q --depth 1 --branch master https://github.com/arcodange/ssh-agent.gi docker run -d --name=ssh-agent docker-ssh-agent:latest docker run --rm --volumes-from=ssh-agent -v ~/.ssh:/.ssh -it docker-ssh-agent:latest ssh-add /root/.ssh/id_rsa docker run --rm -u root --name test --volumes-from=ssh-agent -v $PWD:/home/arcodange/code arcodange-ansible:0.0.0 \ -ansible-playbook ansible/arcodange/factory/playbooks/setup/01_system.yml -i ansible/arcodange/factory/inventory -vv +# -e ANSIBLE_VAULT_PASSWORD_FILE=$ANSIBLE_VAULT_PASSWORD_FILE -v $ANSIBLE_VAULT_PASSWORD_FILE:$ANSIBLE_VAULT_PASSWORD_FILE \ before the arcodange-ansible image name +ansible-playbook ansible/arcodange/factory/playbooks/setup/03cicd.yml -i ansible/arcodange/factory/inventory -vv +``` + +### use vault with single password + +> [!IMPORTANT] +> Required for gitea mailer +> ```sh +> kubectl create secret generic arcodange-ansible-vault --from-literal="pass=" -n kube-system` +> ``` +> to be set as a file variable for gitea runners + +```sh +ANSIBLE_VAULT_PASSWORD_FILE=~/.local/bin/read-vault-key.sh; +mkdir -p `dirname $ANSIBLE_VAULT_PASSWORD_FILE`; set +o histexpand; +echo -e "#!/bin/bash\nkubectl get secret -n kube-system arcodange-ansible-vault --template='{{index .data.pass | base64decode}}'" > $ANSIBLE_VAULT_PASSWORD_FILE; +set -o histexpand; chmod +x $ANSIBLE_VAULT_PASSWORD_FILE; echo 'export ANSIBLE_VAULT_PASSWORD_FILE=$ANSIBLE_VAULT_PASSWORD_FILE' >> `find ~ -maxdepth 1 -type f -name '\.*profile' -or -name '\.bashrc' | head -n1` ``` ### a tool to reuse a ssh agent (not required) diff --git a/ansible/arcodange/factory/inventory/group_vars/hard_disk/gitea.yml b/ansible/arcodange/factory/inventory/group_vars/hard_disk/gitea.yml index acc63ed..7e863ae 100644 --- a/ansible/arcodange/factory/inventory/group_vars/hard_disk/gitea.yml +++ b/ansible/arcodange/factory/inventory/group_vars/hard_disk/gitea.yml @@ -27,11 +27,19 @@ gitea: environment: USER_UID: 1000 USER_GID: 1000 + # https://github.com/go-gitea/gitea/blob/main/contrib/environment-to-ini/README GITEA__database__DB_TYPE: postgres GITEA__database__HOST: postgres:5432 GITEA__database__NAME: "{{ gitea_database.db_name }}" GITEA__database__USER: "{{ gitea_database.db_user }}" GITEA__database__PASSWD: "{{ gitea_database.db_password }}" + GITEA__mailer__ENABLED: true + GITEA__mailer__PROTOCOL: smtps + GITEA__mailer__FROM: gitea.arcodange@orange.fr + GITEA__mailer__USER: gitea.arcodange@orange.fr + GITEA__mailer__SMTP_ADDR: smtp.orange.fr + GITEA__mailer__SMTP_PORT: 465 + GITEA__mailer__PASSWD: '{{ gitea_vault.GITEA__mailer__PASSWD }}' networks: - gitea ports: diff --git a/ansible/arcodange/factory/inventory/group_vars/hard_disk/gitea_vault.yml b/ansible/arcodange/factory/inventory/group_vars/hard_disk/gitea_vault.yml new file mode 100644 index 0000000..ba7e292 --- /dev/null +++ b/ansible/arcodange/factory/inventory/group_vars/hard_disk/gitea_vault.yml @@ -0,0 +1,8 @@ +$ANSIBLE_VAULT;1.1;AES256 +33313163383239336537323061393666626430633263316637393032346464636561616166633332 +3861353632626535336234643561356434653036663165300a363138343731643235666562303564 +31633264633966666333656162313533396431396664336232646165626131396665303233393638 +3261636464326534630a666332636135643230343636383139306436616238623536373764333434 +38363666363039303633353365356236393462393166313539353333386465363163666134393638 +35613239653231333639343363303938373139373638663462633864656339336366623862613736 +313839346363623535313733613736663462