Gabriel Radureau
1a1d7da329
The vault auth disable task added in 437fd506 wipes all gitea_cicd_* per-app JWT roles every ansible run (side effect). Gate it behind a default-off flag so normal re-runs preserve those roles. Opt in with --extra-vars vault_oidc_force_reset=true when intentionally rebuilding the OIDC backend (e.g. bound_issuer config drift).
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
Arcodange Factory
%%{init: { 'logLevel': 'debug', 'theme': 'base', 'rough':true } }%%
flowchart
prepare_hd>HD setup]
prepare_pg>PG Setup]
prepare_gitea>Gitea Setup]
origin_repo[[original repositories]]
github_repo_m[[gitea mirrors]]
gitlab_repo_m[[gitea mirrors]]
origin_repo -. mirrored .->gitlab_repo_m
origin_repo -. mirrored .->github_repo_m
tofu.state -. manages providers/go-gitea .- origin_repo
tofu.state -. manages providers/gitlabhq/gitlab .- gitlab_repo_m
tofu.state -. manages providers/integrations/github .- github_repo_m
subgraph Home
subgraph pi1
runner[/gitea runners\]
subgraph small HD
backup_data
end
end
subgraph pi2
PG[(Postgres)]
subgraph Gitea
origin_repo
end
subgraph HD
PG_data
Gitea_data
end
end
subgraph pi3
subgraph ai
ollama
end
end
subgraph "master (macbook pro)"
ansible{{ansible control-node}}
tofu{{opentofu control-node}}
subgraph ansible_scripts
direction TB
prepare_hd --> prepare_pg --> prepare_gitea
end
end
end
subgraph Internet
subgraph Gitlab
subgraph Group Arcodange
gitlab_repo_m
end
end
subgraph Github
subgraph Organization Arcodange
github_repo_m
end
end
subgraph GCP
subgraph project arcodange
subgraph gs://arcodange-tf
tofu.state
end
end
end
end
tofu == plan/apply ==> tofu.state
ansible == deploy ==> HD
ansible == deploy ==> PG
ansible == deploy ==> Gitea
ansible --- ansible_scripts
classDef done fill:gold,stroke:indigo,stroke-width:4px,color:blue;
class prepare_hd,nodeId2 done;
🏹💻🪽