├── .editorconfig ├── .github ├── issue_template.md └── pull_request_template.md ├── .gitignore ├── .lgtm ├── CONTRIBUTING.md ├── DCO ├── LICENSE ├── MAINTAINERS ├── README.md ├── ansible ├── group_vars │ └── all.yml ├── host_vars │ ├── dchi │ │ └── drone.yml │ └── pangu │ │ ├── drone.yml │ │ ├── lgtm.yml │ │ └── minio.yml ├── hosts.ini ├── playbook.yml └── roles │ ├── base │ ├── tasks │ │ ├── main.yml │ │ └── ubuntu.yml │ └── vars │ │ └── ubuntu.yml │ ├── demo │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── compose.j2 │ │ ├── default.j2 │ │ └── service.j2 │ ├── docker-gc │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── service.j2 │ │ └── timer.j2 │ ├── docker │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── default.j2 │ │ └── service.j2 │ ├── downloads │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── compose.j2 │ │ ├── default.j2 │ │ └── service.j2 │ ├── drone │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── compose.j2 │ │ ├── default.j2 │ │ └── service.j2 │ ├── lgtm │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── compose.j2 │ │ ├── default.j2 │ │ └── service.j2 │ ├── pages │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── compose.j2 │ │ ├── default.j2 │ │ └── service.j2 │ ├── root │ ├── defaults │ │ └── main.yml │ └── tasks │ │ └── main.yml │ ├── traefik │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── compose.j2 │ │ ├── config.j2 │ │ ├── default.j2 │ │ └── service.j2 │ └── users │ ├── defaults │ └── main.yml │ └── tasks │ └── main.yml ├── bin ├── ansible ├── playbook └── terraform ├── docs ├── LABELS.md └── terraform.png ├── templates └── user_data.yml └── terraform ├── demos.tf ├── domains.tf ├── outputs.tf ├── providers.tf ├── servers.tf ├── sshkeys.tf ├── templates.tf ├── terraform.tfstate └── variables.tf /.editorconfig: -------------------------------------------------------------------------------- 1 | # http://editorconfig.org 2 | 3 | root = true 4 | 5 | [*] 6 | charset = utf-8 7 | insert_final_newline = true 8 | trim_trailing_whitespace = true 9 | 10 | [*.go] 11 | indent_style = tab 12 | indent_size = 8 13 | 14 | [*.{tmpl,html}] 15 | indent_style = tab 16 | indent_size = 4 17 | 18 | [*.{less,yml}] 19 | indent_style = space 20 | indent_size = 4 21 | 22 | [*.js] 23 | indent_style = space 24 | indent_size = 4 25 | 26 | [Makefile] 27 | indent_style = tab 28 | -------------------------------------------------------------------------------- /.github/issue_template.md: -------------------------------------------------------------------------------- 1 | 9 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | Please check the following: 2 | 3 | 1. Make sure you are targeting the `master` branch, pull requests on release branches are only allowed for bug fixes. 4 | 2. Read contributing guidelines: https://github.com/go-gitea/infrastructure/blob/master/CONTRIBUTING.md 5 | 3. Describe what your pull request does and which issue you're targeting (if any) 6 | 7 | **You MUST delete the content above including this line before posting, otherwise your pull request will be invalid.** 8 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .vault 2 | 3 | playbook.retry 4 | terraform.tfstate.backup 5 | terraform/.terraform 6 | -------------------------------------------------------------------------------- /.lgtm: -------------------------------------------------------------------------------- 1 | pattern = "(?)LGTM" 2 | self_approval_off = true 3 | ignore_maintainers_file = true 4 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contribution Guidelines 2 | 3 | ## Introduction 4 | 5 | This document explains how to contribute changes to the Gitea project. It assumes you have followed the [installation instructions](https://github.com/go-gitea/docs/tree/master/en-US/installation). Sensitive security-related issues should be reported to [security@gitea.io](mailto:security@gitea.io). 6 | 7 | ## Bug reports 8 | 9 | Please search the issues on the issue tracker with a variety of keywords to ensure your bug is not already reported. 10 | 11 | If unique, [open an issue](https://github.com/go-gitea/gitea/issues/new) and answer the questions so we can understand and reproduce the problematic behavior. 12 | 13 | To show us that the issue you are having is in Gitea itself, please write clear, concise instructions so we can reproduce the behavior (even if it seems obvious). The more detailed and specific you are, the faster we can fix the issue. Check out [How to Report Bugs Effectively](http://www.chiark.greenend.org.uk/~sgtatham/bugs.html). 14 | 15 | Please be kind, remember that Gitea comes at no cost to you, and you're getting free help. 16 | 17 | ## Discuss your design 18 | 19 | The project welcomes submissions but please let everyone know what you're working on if you want to change or add something to the Gitea repositories. 20 | 21 | Before starting to write something new for the Gitea project, please [file an issue](https://github.com/go-gitea/gitea/issues/new). Significant changes must go through the [change proposal process](https://github.com/go-gitea/proposals) before they can be accepted. 22 | 23 | This process gives everyone a chance to validate the design, helps prevent duplication of effort, and ensures that the idea fits inside the goals for the project and tools. It also checks that the design is sound before code is written; the code review tool is not the place for high-level discussions. 24 | 25 | ## Testing redux 26 | 27 | Before sending code out for review, run all the tests for the whole tree to make sure the changes don't break other usage and keep the compatibility on upgrade. To make sure you are running the test suite exactly like we do, you should install the CLI for [Drone CI](https://github.com/drone/drone), as we are using the server for continous testing, following [these instructions](http://readme.drone.io/0.5/install/cli/). After that you can simply call `drone exec` within your working directory and it will try to run the test suite locally. 28 | 29 | ## Code review 30 | 31 | Changes to Gitea must be reviewed before they are accepted, no matter who makes the change even if it is an owner or a maintainer. We use GitHub's pull request workflow to do that and we also use [LGTM](http://lgtm.co) to ensure every PR is reviewed by at least 2 maintainers. 32 | 33 | Please try to make your pull request easy to review for us. Please read the "[How to get faster PR reviews](https://github.com/kubernetes/community/blob/master/contributors/devel/faster_reviews.md)" guide, it has lots of useful tips for any project you may want to contribute. Some of the key points: 34 | 35 | * Make small pull requests. The smaller, the faster to review and the more likely it will be merged soon. 36 | * Don't make changes unrelated to your PR. Maybe there are typos on some comments, maybe refactoring would be welcome on a function... but if that is not related to your PR, please make *another* PR for that. 37 | * Split big pull requests into multiple small ones. An incremental change will be faster to review than a huge PR. 38 | 39 | ## Sign your work 40 | 41 | The sign-off is a simple line at the end of the explanation for the patch. Your signature certifies that you wrote the patch or otherwise have the right to pass it on as an open-source patch. The rules are pretty simple: If you can certify [DCO](DCO), then you just add a line to every git commit message: 42 | 43 | ``` 44 | Signed-off-by: Joe Smith 45 | ``` 46 | 47 | Please use your real name, we really dislike pseudonyms or anonymous contributions. We are in the open-source world without secrets. If you set your `user.name` and `user.email` git configs, you can sign your commit automatically with `git commit -s`. 48 | 49 | ## Maintainers 50 | 51 | To make sure every PR is checked, we have [team maintainers](https://github.com/orgs/go-gitea/teams/maintainers). Every PR **MUST** be reviewed by at least two maintainers (or owners) before it can get merged. A maintainer should be a contributor of Gitea (or Gogs) and contributed at least 4 accepted PRs. A contributor should apply as a maintainer in the [Gitter develop channel](https://gitter.im/go-gitea/develop). The owners or the team maintainers may invite the contributor. A maintainer should spend some time on code reviews. If a maintainer has no time to do that, they should apply to leave the maintainers team and we will give them the honor of being a member of the [advisors team](https://github.com/orgs/go-gitea/teams/advisors). Of course, if an advisor has time to code review, we will gladly welcome them back to the maintainers team. If a maintainer is inactive for more than 3 months and forgets to leave the maintainers team, the owners may move him or her from the maintainers team to the advisors team. 52 | 53 | ## Owners 54 | 55 | Since Gitea is a pure community organization without any company support, to keep the development healthy we will elect three owners every year. All contributors may vote to elect up to three candidates, one of which will be the main owner, and the other two the assistant owners. When the new owners have been elected, the old owners will give up ownership to the newly elected owners. If an owner is unable to do so, the other owners will assist in ceding ownership to the newly elected owners. 56 | 57 | After the election, the new owners should proactively agree with our [CONTRIBUTING](CONTRIBUTING.md) requirements on the [Gitter main channel](https://gitter.im/go-gitea/gitea). Below are the words to speak: 58 | 59 | ``` 60 | I'm honored to having been elected an owner of Gitea, I agree with [CONTRIBUTING](CONTRIBUTING.md). I will spend part of my time on Gitea and lead the development of Gitea. 61 | ``` 62 | 63 | To honor the past owners, here's the history of the owners and the time they served: 64 | 65 | * 2016-11-04 ~ 2017-12-31 66 | * [Lunny Xiao](https://github.com/lunny) 67 | * [Thomas Boerger](https://github.com/tboerger) 68 | * [Kim Carlbäcker](https://github.com/bkcsoft) 69 | 70 | ## Versions 71 | 72 | Gitea has the `master` branch as a tip branch and has version branches such as `v0.9`. `v0.9` is a release branch and we will tag `v0.9.0` for binary download. If `v0.9.0` has bugs, we will accept pull requests on the `v0.9` branch and publish a `v0.9.1` tag, after bringing the bug fix also to the master branch. 73 | 74 | Since the `master` branch is a tip version, if you wish to use Gitea in production, please download the latest release tag version. All the branches will be protected via GitHub, all the PRs to every branch must be reviewed by two maintainers and must pass the automatic tests. 75 | 76 | ## Copyright 77 | 78 | Code that you contribute should use the standard copyright header: 79 | 80 | ``` 81 | // Copyright 2017 The Gitea Authors. All rights reserved. 82 | // Use of this source code is governed by a MIT-style 83 | // license that can be found in the LICENSE file. 84 | ``` 85 | 86 | Files in the repository contain copyright from the year they are added to the year they are last changed. If the copyright author is changed, just paste the header below the old one. 87 | -------------------------------------------------------------------------------- /DCO: -------------------------------------------------------------------------------- 1 | Developer Certificate of Origin 2 | Version 1.1 3 | 4 | Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 5 | 660 York Street, Suite 102, 6 | San Francisco, CA 94110 USA 7 | 8 | Everyone is permitted to copy and distribute verbatim copies of this 9 | license document, but changing it is not allowed. 10 | 11 | 12 | Developer's Certificate of Origin 1.1 13 | 14 | By making a contribution to this project, I certify that: 15 | 16 | (a) The contribution was created in whole or in part by me and I 17 | have the right to submit it under the open source license 18 | indicated in the file; or 19 | 20 | (b) The contribution is based upon previous work that, to the best 21 | of my knowledge, is covered under an appropriate open source 22 | license and I have the right under that license to submit that 23 | work with modifications, whether created in whole or in part 24 | by me, under the same open source license (unless I am 25 | permitted to submit under a different license), as indicated 26 | in the file; or 27 | 28 | (c) The contribution was provided directly to me by some other 29 | person who certified (a), (b) or (c) and I have not modified 30 | it. 31 | 32 | (d) I understand and agree that this project and the contribution 33 | are public and that a record of the contribution (including all 34 | personal information I submit with it, including my sign-off) is 35 | maintained indefinitely and may be redistributed consistent with 36 | this project or the open source license(s) involved. -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [yyyy] [name of copyright owner] 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /MAINTAINERS: -------------------------------------------------------------------------------- 1 | Alexey Makhov (@makhov) 2 | Andrey Nering (@andreynering) 3 | Bo-Yi Wu (@appleboy) 4 | Ethan Koenig (@ethantkoenig) 5 | Kees de Vries (@Bwko) 6 | Kim Carlbäcker (@bkcsoft) 7 | LefsFlare (@LefsFlarey) 8 | Lunny Xiao (@lunny) 9 | Matthias Loibl (@metalmatze) 10 | Morgan Bazalgette (@thehowl) 11 | Rachid Zarouali (@xinity) 12 | Rémy Boulanouar (@DblK) 13 | Sandro Santilli (@strk) 14 | Thibault Meyer (@0xbaadf00d) 15 | Thomas Boerger (@tboerger) 16 | Patrick G (@geek1011) 17 | Antoine Girard (@sapk) 18 | Lauris Bukšis-Haberkorns (@lafriks) 19 | Jonas Östanbäck (@cez81) 20 | David Schneiderbauer (@daviian) 21 | Peter Žeby (@morlinest) 22 | Matti Ranta (@techknowlogick) 23 | Jonas Franz (@jonasfranz) 24 | Alexey Terentyev (@axifive) 25 | Lanre Adelowo (@adelowo) 26 | Konrad Langenberg (@kolaente) 27 | He-Long Zhang (@BetaCat0) 28 | Andrew Thornton (@zeripath) 29 | 30 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Gitea: Infrastructure 2 | 3 | [![Join the chat at https://img.shields.io/discord/322538954119184384.svg](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/NsatcWJ) 4 | 5 | This repository presents the used scripting to setup our entire infrastructure 6 | used within the Gitea development. Feel free to use it or to improve it. 7 | We would be happy if you also brings back improvements to our infrastructure. 8 | 9 | ## Docs 10 | 11 | * [Labels](docs/LABELS.md) 12 | 13 | ## Terraform 14 | 15 | ![Terraform](docs/terraform.png) 16 | 17 | ## Contributing 18 | 19 | Fork -> Patch -> Push -> Pull Request 20 | 21 | ## Authors 22 | 23 | * [Maintainers](https://github.com/orgs/go-gitea/people) 24 | * [Contributors](https://github.com/go-gitea/infrastructure/graphs/contributors) 25 | 26 | ## License 27 | 28 | This project is under the Apache-2.0 License. See the [LICENSE](LICENSE) file 29 | for the full license text. 30 | 31 | ## Copyright 32 | 33 | ``` 34 | Copyright (c) 2016 The Gitea Authors 35 | ``` 36 | -------------------------------------------------------------------------------- /ansible/group_vars/all.yml: -------------------------------------------------------------------------------- 1 | root_castles: 2 | - tboerger/homeshick-base 3 | - tboerger/homeshick-vim 4 | - tboerger/homeshick-linux 5 | 6 | root_sshkeys: | 7 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNxqUBNvl59j7Xkw3I1rXkiz0LWNvOK2KFFgLB4C101xv6C/UGjCJPlAWYl5lrTokICqi8fmLkVzAuhhGaPs28Eo55lARl1uZoTSuuobKaZHc/SZzIqn2NgSYV9WNzskpo8IkN2K5DWCYr73x6tskJ5BT9hcXWaPRb8s7dEPnw7NduhMroqlNBFgCwIgkYrjjNNIEZt5G5q2aYFLmIRRZ1JimuAJBlmQJCw+W049tjjNUKY4f2Fm9zIbktPZvSgT2kRvMWxUc8KR1kyzMVaDgqFJKQFjEoZ3kKTfkf3FV2O6tIZHA9fnRYABQy+7HAjRRFcVEu7usu12BKZ0QHKhWT lunny@gitea.io 8 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB+wCwJEbmp2zS0aREkMdUGyfinYTCsb56Cprbr+Oe1WMpsuf0efBUy5ZJ0AIfsfT40elnzyxCpw2m5WlzR1TgpEOMcuB21dqhqA5L10eoWjbMXf5N2fyeKMUguBjuIwemzRj2sIQwAoDY3FWfafrUwwswtbIBkZWT4kiwXwOqsXgzkqGf+w37oP0XhxF+HliN9qwx95RVQa9322ErLlRN4tsJs0qv6XyZGmyWO934ksPCsHXuPwz2iONXUWzf9SeTSJEfQyNup++LqMaXVbTggc+fNzJM5tyDAFLxbMSdVmbey7MAeluWLe5MKlBysFnlE68nXh8aoB11gr+w1+o6DTntbjjUlzpw5yTMnRMVHMOEDcBOv5ABaOU8D7jm45GnFtcH/hnPYecOWP639x7M20QGT4Z/9pN7WVlSyxW2lha2t2oi2Gn+5VEcN5YKsHKW7TyH1mg+miumwwR8Nvq93M7dnncA1+T/w1waJUriYGjYszqMMkhx/HVLo5ySdB2nsn0qkCP1/9RMn+3vVbyCiqeZOodo8iNRrdrwKJss9SH9AwHwodFfaoF0wgYbbGtB6frX1mRB1Z6UMlef4NomuPnXfMJxrrdFcbyyOIQQhzZg1EhoHF8BS5/laqw/DFg2xQ41cAVk8VludwBNeICI0ow+tR4wUyWeoA3cPQ== lauris@nix.lv 9 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClV5D6vq8Gouppt0JoQgwgM2z75rvJP0XYN+i9+C50scnrvkcjZnNbreFbNVHuadjk/eTdJq6/Vlpows8S8hzZbN9ltv5PrSUICYbVPDvNjN5P3Q/2uX1SiTMHP8Znf32pYDFfRpJZt5GBG0Sj3RpRudLaOZQ9809b8W/vRDHJlknTvXWz/2wX2HUQjpd48fRl/2MlmX5CxGWt2EGxO92NAVHruNt4vD7AAnT0GOOAk6UPUgsFD3BAQapkAAkaAaeZxK3xYdhOGD4+te7nwq4UNqUkkOLLBaEWEY1ZUXx1gBRx2/3wjqYM+UMhjGaQoXJqYNs6/LSsSinnFlCB0pKp techknowlogick@gitea.io 10 | 11 | users: 12 | - name: lunny 13 | uid: 1001 14 | shell: /bin/bash 15 | castles: 16 | - tboerger/homeshick-base 17 | - tboerger/homeshick-vim 18 | - tboerger/homeshick-linux 19 | groups: 20 | - sudo 21 | sshkeys: | 22 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNxqUBNvl59j7Xkw3I1rXkiz0LWNvOK2KFFgLB4C101xv6C/UGjCJPlAWYl5lrTokICqi8fmLkVzAuhhGaPs28Eo55lARl1uZoTSuuobKaZHc/SZzIqn2NgSYV9WNzskpo8IkN2K5DWCYr73x6tskJ5BT9hcXWaPRb8s7dEPnw7NduhMroqlNBFgCwIgkYrjjNNIEZt5G5q2aYFLmIRRZ1JimuAJBlmQJCw+W049tjjNUKY4f2Fm9zIbktPZvSgT2kRvMWxUc8KR1kyzMVaDgqFJKQFjEoZ3kKTfkf3FV2O6tIZHA9fnRYABQy+7HAjRRFcVEu7usu12BKZ0QHKhWT lunny@gitea.io 23 | - name: lafriks 24 | uid: 1004 25 | shell: /bin/bash 26 | castles: 27 | - tboerger/homeshick-base 28 | - tboerger/homeshick-vim 29 | - tboerger/homeshick-linux 30 | groups: 31 | - sudo 32 | sshkeys: | 33 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB+wCwJEbmp2zS0aREkMdUGyfinYTCsb56Cprbr+Oe1WMpsuf0efBUy5ZJ0AIfsfT40elnzyxCpw2m5WlzR1TgpEOMcuB21dqhqA5L10eoWjbMXf5N2fyeKMUguBjuIwemzRj2sIQwAoDY3FWfafrUwwswtbIBkZWT4kiwXwOqsXgzkqGf+w37oP0XhxF+HliN9qwx95RVQa9322ErLlRN4tsJs0qv6XyZGmyWO934ksPCsHXuPwz2iONXUWzf9SeTSJEfQyNup++LqMaXVbTggc+fNzJM5tyDAFLxbMSdVmbey7MAeluWLe5MKlBysFnlE68nXh8aoB11gr+w1+o6DTntbjjUlzpw5yTMnRMVHMOEDcBOv5ABaOU8D7jm45GnFtcH/hnPYecOWP639x7M20QGT4Z/9pN7WVlSyxW2lha2t2oi2Gn+5VEcN5YKsHKW7TyH1mg+miumwwR8Nvq93M7dnncA1+T/w1waJUriYGjYszqMMkhx/HVLo5ySdB2nsn0qkCP1/9RMn+3vVbyCiqeZOodo8iNRrdrwKJss9SH9AwHwodFfaoF0wgYbbGtB6frX1mRB1Z6UMlef4NomuPnXfMJxrrdFcbyyOIQQhzZg1EhoHF8BS5/laqw/DFg2xQ41cAVk8VludwBNeICI0ow+tR4wUyWeoA3cPQ== lauris@nix.lv 34 | - name: techknowlogick 35 | uid: 1005 36 | shell: /bin/bash 37 | castles: 38 | - tboerger/homeshick-base 39 | - tboerger/homeshick-vim 40 | - tboerger/homeshick-linux 41 | groups: 42 | - sudo 43 | sshkeys: | 44 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClV5D6vq8Gouppt0JoQgwgM2z75rvJP0XYN+i9+C50scnrvkcjZnNbreFbNVHuadjk/eTdJq6/Vlpows8S8hzZbN9ltv5PrSUICYbVPDvNjN5P3Q/2uX1SiTMHP8Znf32pYDFfRpJZt5GBG0Sj3RpRudLaOZQ9809b8W/vRDHJlknTvXWz/2wX2HUQjpd48fRl/2MlmX5CxGWt2EGxO92NAVHruNt4vD7AAnT0GOOAk6UPUgsFD3BAQapkAAkaAaeZxK3xYdhOGD4+te7nwq4UNqUkkOLLBaEWEY1ZUXx1gBRx2/3wjqYM+UMhjGaQoXJqYNs6/LSsSinnFlCB0pKp techknowlogick@gitea.io 45 | 46 | 47 | users_available: 48 | - lunny 49 | - lafriks 50 | - techknowlogick 51 | 52 | traefik_cloudflare_email: !vault | 53 | $ANSIBLE_VAULT;1.1;AES256 54 | 39303065666339663763306465643233633630653338616539623236386262633837343065643162 55 | 6533373132393566666635643466626239356165623665660a323763383661386332303737336462 56 | 61393866633661326263613930613632303732663735653334343664326237376465366135613764 57 | 3864633665336361630a346666643530623439373030643833343761353436663861396433623136 58 | 3937 59 | 60 | traefik_cloudflare_apikey: !vault | 61 | $ANSIBLE_VAULT;1.1;AES256 62 | 61383661663033383161306536313332643663356436313137393633656631623732326261633962 63 | 6163623565356530343562383633633934303138303639310a356363626436393731343634346534 64 | 30663230343962633731323935346635656531363866626637303832616436666664356364666463 65 | 6533323738633463630a323064626662636166376162656630623262623639333135363731393533 66 | 37333739653637373130363964653336326234396161663365363437363466323464313239303934 67 | 3931323432373336646234663963653030623434663135383139 68 | -------------------------------------------------------------------------------- /ansible/host_vars/dchi/drone.yml: -------------------------------------------------------------------------------- 1 | drone_domain: drone.try.gitea.io 2 | drone_orgs: gitea 3 | drone_admins: lafriks,lunny,techknowlogick 4 | drone_max_procs: 1 5 | drone_gitea: true 6 | drone_gitea_url: https://try.gitea.io 7 | drone_gitea_skip_verify: false 8 | 9 | drone_secret: !vault | 10 | $ANSIBLE_VAULT;1.1;AES256 11 | 33396362313237376239323631386235343930613537623363613663326165373664663362323732 12 | 3166323537636530613634326436663539333631646636370a353466643231643366343738396239 13 | 30623036633535396238396539333939646366346132633834366432343230663564336232653566 14 | 6162663762646266390a633834316430323931313137633364393535303838643835303766613161 15 | 38623337323936386436646638363030356665356232336330646439653235326232 16 | -------------------------------------------------------------------------------- /ansible/host_vars/pangu/drone.yml: -------------------------------------------------------------------------------- 1 | drone_domain: drone.gitea.io 2 | drone_orgs: go-gitea 3 | drone_admins: lafriks,lunny,techknowlogick 4 | drone_max_procs: 2 5 | drone_github: true 6 | 7 | drone_secret: !vault | 8 | $ANSIBLE_VAULT;1.1;AES256 9 | 31363030316336373437656164363162646539393137633932666230333739333036363734313237 10 | 6265383139366564383865366232663137343733396238390a613631623539656634336365323132 11 | 61643832323137656631643334636333396439343865636266633962663933313636303138333061 12 | 3935343561363133390a313730663934626363343431663266653862363930363866316264623666 13 | 61393831386436313666653838333238306431383534396663636635633731356663 14 | 15 | drone_github_client: !vault | 16 | $ANSIBLE_VAULT;1.1;AES256 17 | 64343364643039386330393632353262613234383532623566623238326639353030393364626639 18 | 6539336263326138326136386232316530396336386363650a366165336631633964633334323731 19 | 32643733653662663935623432373664366336376237353734666133386637323265353332396365 20 | 3563623166316461330a383161656562626661636161333836323931396238656133393438353464 21 | 32666233646162643530623539396439363265326337353666363633383437613762 22 | 23 | drone_github_secret: !vault | 24 | $ANSIBLE_VAULT;1.1;AES256 25 | 37356261303961666132383539376162613939393936623334626366633264326437386537343432 26 | 6335636561613937373434316165303732616339613332300a363436616233366435313431366335 27 | 39343763656463636564393932623165633830386531653838613562313432393039633939663365 28 | 6339326134366236330a383162386462633661373334366138666131383631636661613862383131 29 | 31636336666231316666666161306436656431346139636563636139613664346435663763336239 30 | 3665393437343934613738653564343163343861376163323837 31 | -------------------------------------------------------------------------------- /ansible/host_vars/pangu/lgtm.yml: -------------------------------------------------------------------------------- 1 | lgtm_debug: true 2 | lgtm_client: !vault | 3 | $ANSIBLE_VAULT;1.1;AES256 4 | 37633363353037653737656536376239613033306436343032386666323166303236373864303561 5 | 3131663133323130616536393033316266363630306132610a396531313333303736333738656233 6 | 32333334343162386265653639313063373630626266356338303936626135626663623733626461 7 | 3164663839623731620a643330663664373737666166623431613963646666613333393961363131 8 | 37326632653833346438323433383766363438373864623530643430623465623665 9 | lgtm_secret: !vault | 10 | $ANSIBLE_VAULT;1.1;AES256 11 | 31316534313331333337633063343639353232636161396232393762316135613463653338633766 12 | 6533646631303539333034313431316664393936303032320a333564353866656565633932326563 13 | 38633830653939666663323339313739663063303930336439306334663336363932333132353834 14 | 3762663238613435640a336531663965373339326264323437316663316366663738653430376634 15 | 66313066373134633663333066353934353833646634343233303033653238343438353536636564 16 | 3135663562373833376636663137623265383662343331366162 17 | -------------------------------------------------------------------------------- /ansible/host_vars/pangu/minio.yml: -------------------------------------------------------------------------------- 1 | minio_access: !vault | 2 | $ANSIBLE_VAULT;1.1;AES256 3 | 65623830663533373032613338333637633738303532376465646332656238393365306236653730 4 | 3863333664393966613031353030366438626135376633390a333037633838623235666666376464 5 | 38613662396236333435366135656231336637383436613663383739346633383263653462383433 6 | 6538373139363035360a613032643139376134346538376262396166383863383565613163393133 7 | 62313361376430356230373130633435373466386364356263653766623038383161 8 | minio_secret: !vault | 9 | $ANSIBLE_VAULT;1.1;AES256 10 | 34336533656239373630333030666130316366656533643835643739303164646161356562306437 11 | 6137663663326635393861353662306438653234373339640a346435616239323962336362373339 12 | 30393562613339376235333435313433346531643934356336663732323934393161306166333431 13 | 3161636662353234610a666263326362346631393161363162653738313230363936383637303133 14 | 33623430646330353136666461383939633164616366336233343736663664633439643332306565 15 | 3733313933353432336162333135643863626663633135656661 16 | -------------------------------------------------------------------------------- /ansible/hosts.ini: -------------------------------------------------------------------------------- 1 | [server] 2 | dchi ansible_user=root ansible_host=dchi.gitea.io ansible_port=22022 3 | pangu ansible_user=root ansible_host=pangu.gitea.io ansible_port=22022 4 | -------------------------------------------------------------------------------- /ansible/playbook.yml: -------------------------------------------------------------------------------- 1 | - hosts: server 2 | gather_facts: False 3 | 4 | tasks: 5 | - name: bootstrap 6 | raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal) 7 | changed_when: False 8 | 9 | - hosts: server 10 | roles: 11 | - base 12 | - root 13 | - users 14 | - docker 15 | - docker-gc 16 | - traefik 17 | 18 | - hosts: dchi 19 | roles: 20 | - drone 21 | - demo 22 | 23 | - hosts: pangu 24 | roles: 25 | - drone 26 | - pages 27 | - downloads 28 | - lgtm 29 | -------------------------------------------------------------------------------- /ansible/roles/base/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: vars 2 | include_vars: ubuntu.yml 3 | when: ansible_distribution == 'Ubuntu' 4 | tags: 5 | - base 6 | 7 | - name: ubuntu 8 | import_tasks: ubuntu.yml 9 | when: ansible_distribution == 'Ubuntu' 10 | tags: 11 | - base 12 | -------------------------------------------------------------------------------- /ansible/roles/base/tasks/ubuntu.yml: -------------------------------------------------------------------------------- 1 | - name: install 2 | with_items: '{{ base_packages }}' 3 | package: 4 | name: '{{ item }}' 5 | state: present 6 | tags: 7 | - base 8 | -------------------------------------------------------------------------------- /ansible/roles/base/vars/ubuntu.yml: -------------------------------------------------------------------------------- 1 | base_packages: 2 | - apt-transport-https 3 | - software-properties-common 4 | - htop 5 | - tree 6 | -------------------------------------------------------------------------------- /ansible/roles/demo/defaults/main.yml: -------------------------------------------------------------------------------- 1 | demo_container: gitea/gitea:latest 2 | demo_domain: try.gitea.io 3 | demo_ssh: 22 4 | -------------------------------------------------------------------------------- /ansible/roles/demo/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: restart demo 2 | systemd: 3 | name: demo 4 | state: restarted 5 | daemon_reload: yes 6 | -------------------------------------------------------------------------------- /ansible/roles/demo/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: dirs 2 | with_items: 3 | - /compose/demo 4 | file: 5 | path: '{{ item }}' 6 | state: directory 7 | tags: 8 | - demo 9 | 10 | - name: compose 11 | notify: 12 | - restart demo 13 | template: 14 | src: compose.j2 15 | dest: /compose/demo/docker-compose.yml 16 | tags: 17 | - demo 18 | 19 | - name: default 20 | notify: 21 | - restart demo 22 | template: 23 | src: default.j2 24 | dest: /compose/demo/.env 25 | tags: 26 | - demo 27 | 28 | - name: service 29 | notify: 30 | - restart demo 31 | template: 32 | src: service.j2 33 | dest: /etc/systemd/system/demo.service 34 | tags: 35 | - demo 36 | 37 | - name: start 38 | systemd: 39 | name: demo 40 | state: started 41 | daemon_reload: yes 42 | masked: no 43 | enabled: yes 44 | tags: 45 | - demo 46 | -------------------------------------------------------------------------------- /ansible/roles/demo/templates/compose.j2: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | networks: 4 | traefik: 5 | external: 6 | name: traefik_general 7 | internal: 8 | external: false 9 | 10 | volumes: 11 | git: 12 | driver: local 13 | gitea: 14 | driver: local 15 | ssh: 16 | driver: local 17 | 18 | services: 19 | server: 20 | image: ${DEMO_CONTAINER} 21 | restart: always 22 | networks: 23 | - traefik 24 | - internal 25 | labels: 26 | - traefik.docker.network=traefik_general 27 | - traefik.port=3000 28 | - traefik.frontend.rule=Host:${DEMO_DOMAIN} 29 | healthcheck: 30 | test: ["NONE"] 31 | interval: 30s 32 | timeout: 10s 33 | retries: 5 34 | volumes: 35 | - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro 36 | - git:/data/git 37 | - gitea:/data/gitea 38 | - ssh:/data/ssh 39 | ports: 40 | - ${DEMO_SSH}:22 41 | -------------------------------------------------------------------------------- /ansible/roles/demo/templates/default.j2: -------------------------------------------------------------------------------- 1 | DEMO_CONTAINER={{ demo_container }} 2 | DEMO_DOMAIN={{ demo_domain }} 3 | DEMO_SSH={{ demo_ssh | default(22) }} 4 | -------------------------------------------------------------------------------- /ansible/roles/demo/templates/service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Demo 3 | 4 | Requires=docker.service 5 | After=docker.service 6 | 7 | [Service] 8 | Restart=always 9 | WorkingDirectory=/compose/demo 10 | 11 | ExecStop=/bin/sh -c '/usr/local/bin/docker-compose kill || true' 12 | ExecStopPost=/bin/sh -c '/usr/local/bin/docker-compose down --remove-orphans || true' 13 | 14 | ExecStartPre=/bin/sh -c '/usr/local/bin/docker-compose pull --ignore-pull-failures || true' 15 | ExecStart=/usr/local/bin/docker-compose up --abort-on-container-exit --remove-orphans 16 | 17 | [Install] 18 | WantedBy=multi-user.target 19 | -------------------------------------------------------------------------------- /ansible/roles/docker-gc/defaults/main.yml: -------------------------------------------------------------------------------- 1 | docker_gc_container: spotify/docker-gc:latest 2 | docker_gc_interval: daily 3 | -------------------------------------------------------------------------------- /ansible/roles/docker-gc/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: restart docker-gc 2 | systemd: 3 | name: docker-gc.timer 4 | state: restarted 5 | daemon_reload: yes 6 | -------------------------------------------------------------------------------- /ansible/roles/docker-gc/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: timer 2 | notify: 3 | - restart docker-gc 4 | template: 5 | src: timer.j2 6 | dest: /etc/systemd/system/docker-gc.timer 7 | tags: 8 | - docker-gc 9 | 10 | - name: service 11 | notify: 12 | - restart docker-gc 13 | template: 14 | src: service.j2 15 | dest: /etc/systemd/system/docker-gc.service 16 | tags: 17 | - docker-gc 18 | 19 | - name: start 20 | systemd: 21 | name: docker-gc.timer 22 | state: started 23 | daemon_reload: yes 24 | masked: no 25 | enabled: yes 26 | tags: 27 | - docker-gc 28 | -------------------------------------------------------------------------------- /ansible/roles/docker-gc/templates/service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Docker GC 3 | 4 | Requires=docker.service 5 | After=docker.service 6 | 7 | [Service] 8 | Type=oneshot 9 | 10 | ExecStart=/usr/bin/docker run --rm \ 11 | --volume /var/run/docker.sock:/var/run/docker.sock \ 12 | --volume /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro \ 13 | {{ docker_gc_container }} 14 | -------------------------------------------------------------------------------- /ansible/roles/docker-gc/templates/timer.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Docker GC 3 | 4 | [Timer] 5 | OnCalendar={{ docker_gc_interval }} 6 | Persistent=true 7 | 8 | [Install] 9 | WantedBy=timers.target 10 | -------------------------------------------------------------------------------- /ansible/roles/docker/defaults/main.yml: -------------------------------------------------------------------------------- 1 | docker_deps: 2 | - apt-transport-https 3 | - ca-certificates 4 | - software-properties-common 5 | 6 | docker_packages: 7 | - docker-ce 8 | 9 | docker_services: 10 | - docker 11 | 12 | docker_compose_url: https://github.com/docker/compose/releases/download/1.14.0/docker-compose-Linux-x86_64 13 | docker_compose_checksum: eda2bcd4077daacb763e0745764b9b722bcf4fc6 14 | 15 | docker_opts: 16 | -------------------------------------------------------------------------------- /ansible/roles/docker/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: restart docker 2 | with_items: '{{ docker_services }}' 3 | systemd: 4 | name: '{{ item }}' 5 | state: restarted 6 | daemon_reload: yes 7 | -------------------------------------------------------------------------------- /ansible/roles/docker/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: deps 2 | with_items: '{{ docker_deps }}' 3 | package: 4 | name: '{{ item }}' 5 | state: present 6 | tags: 7 | - docker 8 | 9 | - name: key1 10 | apt_key: 11 | url: https://download.docker.com/linux/ubuntu/gpg 12 | id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 13 | state: present 14 | tags: 15 | - docker 16 | 17 | - name: key2 18 | apt_key: 19 | keyserver: hkp://p80.pool.sks-keyservers.net:80 20 | id: 58118E89F3A912897C070ADBF76221572C52609D 21 | state: present 22 | tags: 23 | - docker 24 | 25 | - name: repo 26 | apt_repository: 27 | repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable 28 | filename: docker 29 | update_cache: yes 30 | state: present 31 | tags: 32 | - docker 33 | 34 | - name: install 35 | with_items: '{{ docker_packages }}' 36 | package: 37 | name: '{{ item }}' 38 | state: present 39 | tags: 40 | - docker 41 | 42 | - name: service 43 | notify: 44 | - restart docker 45 | template: 46 | src: service.j2 47 | dest: /etc/systemd/system/docker.service 48 | tags: 49 | - docker 50 | 51 | - name: default 52 | notify: 53 | - restart docker 54 | template: 55 | src: default.j2 56 | dest: /etc/default/docker 57 | tags: 58 | - docker 59 | 60 | - name: start 61 | with_items: '{{ docker_services }}' 62 | systemd: 63 | name: '{{ item }}' 64 | state: started 65 | daemon_reload: yes 66 | masked: no 67 | enabled: yes 68 | tags: 69 | - docker 70 | 71 | - name: compose 72 | get_url: 73 | url: '{{ docker_compose_url }}' 74 | dest: /usr/local/bin/docker-compose 75 | checksum: sha1:{{ docker_compose_checksum }} 76 | mode: u=rwx,g=rx,o=rx 77 | tags: 78 | - docker 79 | -------------------------------------------------------------------------------- /ansible/roles/docker/templates/default.j2: -------------------------------------------------------------------------------- 1 | DOCKER_OPTS="{{ docker_opts }}" 2 | -------------------------------------------------------------------------------- /ansible/roles/docker/templates/service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Docker 3 | 4 | After=network.target 5 | After=docker.socket 6 | Requires=docker.socket 7 | 8 | [Service] 9 | EnvironmentFile=-/etc/default/docker 10 | 11 | Type=notify 12 | TimeoutStartSec=0 13 | Delegate=yes 14 | KillMode=process 15 | LimitNOFILE=1048576 16 | LimitNPROC=infinity 17 | LimitCORE=infinity 18 | TasksMax=infinity 19 | Restart=on-failure 20 | StartLimitBurst=3 21 | StartLimitInterval=60s 22 | 23 | ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS 24 | ExecReload=/bin/kill -s HUP $MAINPID 25 | 26 | [Install] 27 | WantedBy=multi-user.target 28 | -------------------------------------------------------------------------------- /ansible/roles/downloads/defaults/main.yml: -------------------------------------------------------------------------------- 1 | downloads_container: techknowlogick/caddy-s3browser:latest 2 | downloads_domain: dl.gitea.io 3 | 4 | minio_container: webhippie/minio:latest 5 | minio_domain: storage.gitea.io 6 | minio_access: 7 | minio_secret: 8 | -------------------------------------------------------------------------------- /ansible/roles/downloads/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: restart downloads 2 | systemd: 3 | name: downloads 4 | state: restarted 5 | daemon_reload: yes 6 | -------------------------------------------------------------------------------- /ansible/roles/downloads/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: dirs 2 | with_items: 3 | - /compose/downloads 4 | file: 5 | path: '{{ item }}' 6 | state: directory 7 | tags: 8 | - downloads 9 | 10 | - name: compose 11 | notify: 12 | - restart downloads 13 | template: 14 | src: compose.j2 15 | dest: /compose/downloads/docker-compose.yml 16 | tags: 17 | - downloads 18 | 19 | - name: default 20 | notify: 21 | - restart downloads 22 | template: 23 | src: default.j2 24 | dest: /compose/downloads/.env 25 | tags: 26 | - downloads 27 | 28 | - name: service 29 | notify: 30 | - restart downloads 31 | template: 32 | src: service.j2 33 | dest: /etc/systemd/system/downloads.service 34 | tags: 35 | - downloads 36 | 37 | - name: start 38 | systemd: 39 | name: downloads 40 | state: started 41 | daemon_reload: yes 42 | masked: no 43 | enabled: yes 44 | tags: 45 | - downloads 46 | -------------------------------------------------------------------------------- /ansible/roles/downloads/templates/compose.j2: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | networks: 4 | traefik: 5 | external: 6 | name: traefik_general 7 | 8 | volumes: 9 | server: 10 | driver: local 11 | 12 | services: 13 | server: 14 | image: ${DOWNLOADS_CONTAINER} 15 | restart: always 16 | environment: 17 | - S3_KEY=${MINIO_ACCESS} 18 | - S3_SECRET=${MINIO_SECRET} 19 | - S3_BUCKET=releases 20 | - S3_ENDPOINT=storage.gitea.io 21 | - S3_PROTO=https 22 | - S3_HOST=storage.gitea.io 23 | - S3_EXTRA=/releases/ 24 | networks: 25 | - traefik 26 | labels: 27 | - traefik.docker.network=traefik_general 28 | - traefik.port=80 29 | - traefik.frontend.rule=Host:${DOWNLOADS_DOMAIN} 30 | healthcheck: 31 | test: ["CMD", "wget", "-O", "-", "http://localhost/"] 32 | interval: 30s 33 | timeout: 10s 34 | retries: 5 35 | volumes: 36 | - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro 37 | 38 | minio: 39 | image: ${MINIO_CONTAINER} 40 | restart: always 41 | environment: 42 | - MINIO_ACCESS_KEY=${MINIO_ACCESS} 43 | - MINIO_SECRET_KEY=${MINIO_SECRET} 44 | networks: 45 | - traefik 46 | labels: 47 | - traefik.docker.network=traefik_general 48 | - traefik.port=9000 49 | - traefik.frontend.rule=Host:${MINIO_DOMAIN} 50 | #healthcheck: 51 | # test: ["CMD", "curl", "-f", "http://localhost:9000/minio/"] 52 | # interval: 30s 53 | # timeout: 10s 54 | # retries: 5 55 | volumes: 56 | - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro 57 | - server:/var/lib/minio 58 | -------------------------------------------------------------------------------- /ansible/roles/downloads/templates/default.j2: -------------------------------------------------------------------------------- 1 | DOWNLOADS_CONTAINER={{ downloads_container }} 2 | DOWNLOADS_DOMAIN={{ downloads_domain }} 3 | 4 | MINIO_CONTAINER={{ minio_container }} 5 | MINIO_DOMAIN={{ minio_domain }} 6 | MINIO_ACCESS={{ minio_access }} 7 | MINIO_SECRET={{ minio_secret }} 8 | -------------------------------------------------------------------------------- /ansible/roles/downloads/templates/service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Downloads 3 | 4 | Requires=docker.service 5 | After=docker.service 6 | 7 | [Service] 8 | Restart=always 9 | WorkingDirectory=/compose/downloads 10 | 11 | ExecStop=/bin/sh -c '/usr/local/bin/docker-compose kill || true' 12 | ExecStopPost=/bin/sh -c '/usr/local/bin/docker-compose down --remove-orphans || true' 13 | 14 | ExecStartPre=/bin/sh -c '/usr/local/bin/docker-compose pull --ignore-pull-failures || true' 15 | ExecStart=/usr/local/bin/docker-compose up --abort-on-container-exit --remove-orphans 16 | 17 | [Install] 18 | WantedBy=multi-user.target 19 | -------------------------------------------------------------------------------- /ansible/roles/drone/defaults/main.yml: -------------------------------------------------------------------------------- 1 | drone_server: drone/drone:0.8 2 | drone_agent: drone/agent:0.8 3 | drone_domain: 4 | drone_debug: true 5 | drone_open: true 6 | drone_orgs: 7 | drone_admins: 8 | drone_max_procs: 2 9 | drone_secret: 10 | 11 | drone_github: false 12 | drone_github_client: 13 | drone_github_secret: 14 | 15 | drone_gitea: false 16 | drone_gitea_url: 17 | drone_gitea_skip_verify: false 18 | -------------------------------------------------------------------------------- /ansible/roles/drone/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: restart drone 2 | systemd: 3 | name: drone 4 | state: restarted 5 | daemon_reload: yes 6 | -------------------------------------------------------------------------------- /ansible/roles/drone/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: dirs 2 | with_items: 3 | - /compose/drone 4 | file: 5 | path: '{{ item }}' 6 | state: directory 7 | tags: 8 | - drone 9 | 10 | - name: compose 11 | notify: 12 | - restart drone 13 | template: 14 | src: compose.j2 15 | dest: /compose/drone/docker-compose.yml 16 | tags: 17 | - drone 18 | 19 | - name: default 20 | notify: 21 | - restart drone 22 | template: 23 | src: default.j2 24 | dest: /compose/drone/.env 25 | tags: 26 | - drone 27 | 28 | - name: service 29 | notify: 30 | - restart drone 31 | template: 32 | src: service.j2 33 | dest: /etc/systemd/system/drone.service 34 | tags: 35 | - drone 36 | 37 | - name: start 38 | systemd: 39 | name: drone 40 | state: started 41 | daemon_reload: yes 42 | masked: no 43 | enabled: yes 44 | tags: 45 | - drone 46 | -------------------------------------------------------------------------------- /ansible/roles/drone/templates/compose.j2: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | networks: 4 | traefik: 5 | external: 6 | name: traefik_general 7 | internal: 8 | external: false 9 | 10 | volumes: 11 | server: 12 | driver: local 13 | 14 | services: 15 | server: 16 | image: ${DRONE_SERVER} 17 | restart: always 18 | environment: 19 | - DRONE_GITHUB=${DRONE_GITHUB} 20 | - DRONE_GITHUB_CLIENT=${DRONE_GITHUB_CLIENT} 21 | - DRONE_GITHUB_SECRET=${DRONE_GITHUB_SECRET} 22 | - DRONE_GOGS=${DRONE_GITEA} 23 | - DRONE_GOGS_URL=${DRONE_GITEA_URL} 24 | - DRONE_GOGS_SKIP_VERIFY=${DRONE_GITEA_SKIP_VERIFY} 25 | - DRONE_DEBUG=${DRONE_DEBUG} 26 | - DRONE_SECRET=${DRONE_SECRET} 27 | - DRONE_OPEN=${DRONE_OPEN} 28 | - DRONE_ORGS=${DRONE_ORGS} 29 | - DRONE_ADMIN=${DRONE_ADMIN} 30 | - DRONE_HOST=https://${DRONE_DOMAIN} 31 | - DRONE_VOLUME=/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro 32 | - DRONE_NETWORK=drone_internal 33 | - DATABASE_DRIVER=sqlite3 34 | - DATABASE_CONFIG=/var/lib/drone/database.sqlite3 35 | networks: 36 | - traefik 37 | - internal 38 | labels: 39 | - traefik.docker.network=traefik_general 40 | - traefik.port=8000 41 | - traefik.frontend.rule=Host:${DRONE_DOMAIN} 42 | healthcheck: 43 | test: ["NONE"] 44 | interval: 30s 45 | timeout: 10s 46 | retries: 5 47 | volumes: 48 | - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro 49 | - server:/var/lib/drone 50 | 51 | agent: 52 | image: ${DRONE_AGENT} 53 | restart: always 54 | environment: 55 | - DRONE_SERVER=server:9000 56 | - DRONE_DEBUG=${DRONE_DEBUG} 57 | - DRONE_SECRET=${DRONE_SECRET} 58 | - DRONE_MAX_PROCS=${DRONE_MAX_PROCS} 59 | networks: 60 | - internal 61 | depends_on: 62 | - server 63 | labels: 64 | - traefik.enable=false 65 | healthcheck: 66 | test: ["NONE"] 67 | interval: 30s 68 | timeout: 10s 69 | retries: 5 70 | volumes: 71 | - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro 72 | - /var/run/docker.sock:/var/run/docker.sock 73 | -------------------------------------------------------------------------------- /ansible/roles/drone/templates/default.j2: -------------------------------------------------------------------------------- 1 | DRONE_SERVER={{ drone_server }} 2 | DRONE_AGENT={{ drone_agent }} 3 | DRONE_DOMAIN={{ drone_domain }} 4 | DRONE_SERVER_HOST=https://{{ drone_domain }} 5 | DRONE_DEBUG={{ drone_debug | default(False) | lower }} 6 | DRONE_SECRET={{ drone_secret }} 7 | DRONE_OPEN={{ drone_open | default(False) | lower }} 8 | DRONE_ORGS={{ drone_orgs | default("") }} 9 | DRONE_ADMIN={{ drone_admins | default("") }} 10 | DRONE_MAX_PROCS={{ drone_max_procs | default(5) }} 11 | 12 | DRONE_GITHUB={{ drone_github | default(False) | lower }} 13 | DRONE_GITHUB_CLIENT={{ drone_github_client | default("") }} 14 | DRONE_GITHUB_SECRET={{ drone_github_secret | default("") }} 15 | 16 | DRONE_GITEA={{ drone_gitea | default(False) | lower }} 17 | DRONE_GITEA_URL={{ drone_gitea_url | default("") }} 18 | DRONE_GITEA_SKIP_VERIFY={{ drone_gitea_skip_verify | default(False) | lower }} 19 | -------------------------------------------------------------------------------- /ansible/roles/drone/templates/service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Drone 3 | 4 | Requires=docker.service 5 | After=docker.service 6 | 7 | [Service] 8 | Restart=always 9 | WorkingDirectory=/compose/drone 10 | 11 | ExecStop=/bin/sh -c '/usr/local/bin/docker-compose kill || true' 12 | ExecStopPost=/bin/sh -c '/usr/local/bin/docker-compose down --remove-orphans || true' 13 | 14 | ExecStartPre=/bin/sh -c '/usr/local/bin/docker-compose pull --ignore-pull-failures || true' 15 | ExecStart=/usr/local/bin/docker-compose up --abort-on-container-exit --remove-orphans 16 | 17 | [Install] 18 | WantedBy=multi-user.target 19 | -------------------------------------------------------------------------------- /ansible/roles/lgtm/defaults/main.yml: -------------------------------------------------------------------------------- 1 | lgtm_container: gitea/lgtm:latest 2 | lgtm_domain: lgtm.gitea.io 3 | lgtm_debug: false 4 | lgtm_client: 5 | lgtm_secret: 6 | -------------------------------------------------------------------------------- /ansible/roles/lgtm/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: restart lgtm 2 | systemd: 3 | name: lgtm 4 | state: restarted 5 | daemon_reload: yes 6 | -------------------------------------------------------------------------------- /ansible/roles/lgtm/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: dirs 2 | with_items: 3 | - /compose/lgtm 4 | file: 5 | path: '{{ item }}' 6 | state: directory 7 | tags: 8 | - lgtm 9 | 10 | - name: compose 11 | notify: 12 | - restart lgtm 13 | template: 14 | src: compose.j2 15 | dest: /compose/lgtm/docker-compose.yml 16 | tags: 17 | - lgtm 18 | 19 | - name: default 20 | notify: 21 | - restart lgtm 22 | template: 23 | src: default.j2 24 | dest: /compose/lgtm/.env 25 | tags: 26 | - lgtm 27 | 28 | - name: service 29 | notify: 30 | - restart lgtm 31 | template: 32 | src: service.j2 33 | dest: /etc/systemd/system/lgtm.service 34 | tags: 35 | - lgtm 36 | 37 | - name: start 38 | systemd: 39 | name: lgtm 40 | state: started 41 | daemon_reload: yes 42 | masked: no 43 | enabled: yes 44 | tags: 45 | - lgtm 46 | -------------------------------------------------------------------------------- /ansible/roles/lgtm/templates/compose.j2: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | networks: 4 | traefik: 5 | external: 6 | name: traefik_general 7 | 8 | volumes: 9 | server: 10 | driver: local 11 | 12 | services: 13 | server: 14 | image: ${LGTM_CONTAINER} 15 | restart: always 16 | environment: 17 | - DEBUG=${LGTM_DEBUG} 18 | - GITHUB_CLIENT=${LGTM_CLIENT} 19 | - GITHUB_SECRET=${LGTM_SECRET} 20 | networks: 21 | - traefik 22 | labels: 23 | - traefik.docker.network=traefik_general 24 | - traefik.port=8000 25 | - traefik.frontend.rule=Host:${LGTM_DOMAIN} 26 | healthcheck: 27 | test: ["NONE"] 28 | interval: 30s 29 | timeout: 10s 30 | retries: 5 31 | volumes: 32 | - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro 33 | - server:/var/lib/lgtm 34 | 35 | -------------------------------------------------------------------------------- /ansible/roles/lgtm/templates/default.j2: -------------------------------------------------------------------------------- 1 | LGTM_CONTAINER={{ lgtm_container }} 2 | LGTM_DOMAIN={{ lgtm_domain }} 3 | LGTM_DEBUG={{ lgtm_debug }} 4 | LGTM_CLIENT={{ lgtm_client }} 5 | LGTM_SECRET={{ lgtm_secret }} 6 | -------------------------------------------------------------------------------- /ansible/roles/lgtm/templates/service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=LGTM 3 | 4 | Requires=docker.service 5 | After=docker.service 6 | 7 | [Service] 8 | Restart=always 9 | WorkingDirectory=/compose/lgtm 10 | 11 | ExecStop=/bin/sh -c '/usr/local/bin/docker-compose kill || true' 12 | ExecStopPost=/bin/sh -c '/usr/local/bin/docker-compose down --remove-orphans || true' 13 | 14 | ExecStartPre=/bin/sh -c '/usr/local/bin/docker-compose pull --ignore-pull-failures || true' 15 | ExecStart=/usr/local/bin/docker-compose up --abort-on-container-exit --remove-orphans 16 | 17 | [Install] 18 | WantedBy=multi-user.target 19 | -------------------------------------------------------------------------------- /ansible/roles/pages/defaults/main.yml: -------------------------------------------------------------------------------- 1 | pages_redirects_container: gitea/redirects:latest 2 | pages_redirects_domain: code.gitea.io 3 | 4 | pages_blog_container: gitea/blog:latest 5 | pages_blog_domain: blog.gitea.io 6 | 7 | pages_docs_container: gitea/docs:latest 8 | pages_docs_domain: docs.gitea.io 9 | 10 | pages_website_container: gitea/website:latest 11 | pages_website_domain: gitea.io 12 | -------------------------------------------------------------------------------- /ansible/roles/pages/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: restart pages 2 | systemd: 3 | name: pages 4 | state: restarted 5 | daemon_reload: yes 6 | -------------------------------------------------------------------------------- /ansible/roles/pages/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: dirs 2 | with_items: 3 | - /compose/pages 4 | file: 5 | path: '{{ item }}' 6 | state: directory 7 | tags: 8 | - pages 9 | 10 | - name: compose 11 | notify: 12 | - restart pages 13 | template: 14 | src: compose.j2 15 | dest: /compose/pages/docker-compose.yml 16 | tags: 17 | - pages 18 | 19 | - name: default 20 | notify: 21 | - restart pages 22 | template: 23 | src: default.j2 24 | dest: /compose/pages/.env 25 | tags: 26 | - pages 27 | 28 | - name: service 29 | notify: 30 | - restart pages 31 | template: 32 | src: service.j2 33 | dest: /etc/systemd/system/pages.service 34 | tags: 35 | - pages 36 | 37 | - name: start 38 | systemd: 39 | name: pages 40 | state: started 41 | daemon_reload: yes 42 | masked: no 43 | enabled: yes 44 | tags: 45 | - pages 46 | -------------------------------------------------------------------------------- /ansible/roles/pages/templates/compose.j2: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | networks: 4 | traefik: 5 | external: 6 | name: traefik_general 7 | 8 | services: 9 | redirects: 10 | image: ${PAGES_REDIRECTS_CONTAINER} 11 | restart: always 12 | networks: 13 | - traefik 14 | labels: 15 | - traefik.docker.network=traefik_general 16 | - traefik.port=80 17 | - traefik.frontend.rule=Host:${PAGES_REDIRECTS_DOMAIN} 18 | healthcheck: 19 | test: ["NONE"] 20 | interval: 30s 21 | timeout: 10s 22 | retries: 5 23 | volumes: 24 | - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro 25 | 26 | blog: 27 | image: ${PAGES_BLOG_CONTAINER} 28 | restart: always 29 | networks: 30 | - traefik 31 | labels: 32 | - traefik.docker.network=traefik_general 33 | - traefik.port=80 34 | - traefik.frontend.rule=Host:${PAGES_BLOG_DOMAIN} 35 | healthcheck: 36 | test: ["NONE"] 37 | interval: 30s 38 | timeout: 10s 39 | retries: 5 40 | volumes: 41 | - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro 42 | 43 | docs: 44 | image: ${PAGES_DOCS_CONTAINER} 45 | restart: always 46 | networks: 47 | - traefik 48 | labels: 49 | - traefik.docker.network=traefik_general 50 | - traefik.port=80 51 | - traefik.frontend.rule=Host:${PAGES_DOCS_DOMAIN} 52 | healthcheck: 53 | test: ["NONE"] 54 | interval: 30s 55 | timeout: 10s 56 | retries: 5 57 | volumes: 58 | - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro 59 | 60 | website: 61 | image: ${PAGES_WEBSITE_CONTAINER} 62 | restart: always 63 | networks: 64 | - traefik 65 | labels: 66 | - traefik.docker.network=traefik_general 67 | - traefik.port=80 68 | - traefik.frontend.rule=Host:${PAGES_WEBSITE_DOMAIN} 69 | healthcheck: 70 | test: ["NONE"] 71 | interval: 30s 72 | timeout: 10s 73 | retries: 5 74 | volumes: 75 | - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro 76 | -------------------------------------------------------------------------------- /ansible/roles/pages/templates/default.j2: -------------------------------------------------------------------------------- 1 | PAGES_REDIRECTS_DOMAIN={{ pages_redirects_domain }} 2 | PAGES_REDIRECTS_CONTAINER={{ pages_redirects_container }} 3 | 4 | PAGES_BLOG_DOMAIN={{ pages_blog_domain }} 5 | PAGES_BLOG_CONTAINER={{ pages_blog_container }} 6 | 7 | PAGES_DOCS_DOMAIN={{ pages_docs_domain }} 8 | PAGES_DOCS_CONTAINER={{ pages_docs_container }} 9 | 10 | PAGES_WEBSITE_DOMAIN={{ pages_website_domain }} 11 | PAGES_WEBSITE_CONTAINER={{ pages_website_container }} 12 | -------------------------------------------------------------------------------- /ansible/roles/pages/templates/service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Pages 3 | 4 | Requires=docker.service 5 | After=docker.service 6 | 7 | [Service] 8 | Restart=always 9 | WorkingDirectory=/compose/pages 10 | 11 | ExecStop=/bin/sh -c '/usr/local/bin/docker-compose kill || true' 12 | ExecStopPost=/bin/sh -c '/usr/local/bin/docker-compose down --remove-orphans || true' 13 | 14 | ExecStartPre=/bin/sh -c '/usr/local/bin/docker-compose pull --ignore-pull-failures || true' 15 | ExecStart=/usr/local/bin/docker-compose up --abort-on-container-exit --remove-orphans 16 | 17 | [Install] 18 | WantedBy=multi-user.target 19 | -------------------------------------------------------------------------------- /ansible/roles/root/defaults/main.yml: -------------------------------------------------------------------------------- 1 | root_castles: [] 2 | root_sshkeys: 3 | root_private_key: 4 | root_public_key: 5 | -------------------------------------------------------------------------------- /ansible/roles/root/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: install 2 | with_items: 3 | - git 4 | package: 5 | name: '{{ item }}' 6 | state: present 7 | tags: 8 | - root 9 | 10 | - name: homeshick 11 | git: 12 | repo: https://github.com/andsens/homeshick.git 13 | dest: /root/.homesick/repos/homeshick 14 | tags: 15 | - root 16 | 17 | - name: castles 18 | with_items: '{{ root_castles }}' 19 | when: root_castles|default(None) != None 20 | git: 21 | repo: https://github.com/{{ item }}.git 22 | dest: /root/.homesick/repos/{{ item | basename }} 23 | tags: 24 | - root 25 | 26 | - name: links 27 | with_items: '{{ root_castles }}' 28 | when: root_castles|default(None) != None 29 | command: /root/.homesick/repos/homeshick/bin/homeshick -f -b -q link {{ item | basename }} 30 | tags: 31 | - root 32 | 33 | - name: sshkeys 34 | when: root_sshkeys|default(None) != None 35 | authorized_key: 36 | user: root 37 | key: '{{ root_sshkeys }}' 38 | path: /root/.ssh/authorized_keys 39 | exclusive: yes 40 | state: present 41 | tags: 42 | - root 43 | -------------------------------------------------------------------------------- /ansible/roles/traefik/defaults/main.yml: -------------------------------------------------------------------------------- 1 | traefik_container: traefik:v1.4.5 2 | traefik_domain: gitea.io 3 | traefik_email: info@gitea.io 4 | traefik_loglevel: INFO 5 | 6 | traefik_cloudflare_email: 7 | traefik_cloudflare_apikey: 8 | 9 | traefik_watchtower_container: webhippie/watchtower:latest 10 | traefik_watchtower_cleanup: true 11 | -------------------------------------------------------------------------------- /ansible/roles/traefik/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: restart traefik 2 | systemd: 3 | name: traefik 4 | state: restarted 5 | daemon_reload: yes 6 | -------------------------------------------------------------------------------- /ansible/roles/traefik/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: acme 2 | copy: 3 | content: "" 4 | dest: /etc/acme.json 5 | mode: u=rw,g=,o= 6 | force: no 7 | tags: 8 | - traefik 9 | 10 | - name: config 11 | notify: 12 | - restart traefik 13 | template: 14 | src: config.j2 15 | dest: /etc/traefik.toml 16 | tags: 17 | - traefik 18 | 19 | - name: dirs 20 | with_items: 21 | - /compose/traefik 22 | file: 23 | path: '{{ item }}' 24 | state: directory 25 | tags: 26 | - traefik 27 | 28 | - name: compose 29 | notify: 30 | - restart traefik 31 | template: 32 | src: compose.j2 33 | dest: /compose/traefik/docker-compose.yml 34 | tags: 35 | - traefik 36 | 37 | - name: default 38 | notify: 39 | - restart traefik 40 | template: 41 | src: default.j2 42 | dest: /compose/traefik/.env 43 | tags: 44 | - traefik 45 | 46 | - name: service 47 | notify: 48 | - restart traefik 49 | template: 50 | src: service.j2 51 | dest: /etc/systemd/system/traefik.service 52 | tags: 53 | - traefik 54 | 55 | - name: start 56 | systemd: 57 | name: traefik 58 | state: started 59 | daemon_reload: yes 60 | masked: no 61 | enabled: yes 62 | tags: 63 | - traefik 64 | -------------------------------------------------------------------------------- /ansible/roles/traefik/templates/compose.j2: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | networks: 4 | general: 5 | driver: bridge 6 | 7 | services: 8 | server: 9 | image: ${TRAEFIK_CONTAINER} 10 | restart: always 11 | command: -c /etc/traefik.toml 12 | environment: 13 | - CLOUDFLARE_EMAIL=${TRAEFIK_CLOUDFLARE_EMAIL} 14 | - CLOUDFLARE_API_KEY=${TRAEFIK_CLOUDFLARE_APIKEY} 15 | ports: 16 | - 80:80 17 | - 443:443 18 | networks: 19 | - general 20 | labels: 21 | - traefik.enable=false 22 | healthcheck: 23 | test: ["NONE"] 24 | interval: 30s 25 | timeout: 10s 26 | retries: 5 27 | volumes: 28 | - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro 29 | - /var/run/docker.sock:/var/run/docker.sock 30 | - /etc/acme.json:/etc/acme.json 31 | - /etc/traefik.toml:/etc/traefik.toml 32 | 33 | watchtower: 34 | image: ${TRAEFIK_WATCHTOWER_CONTAINER} 35 | restart: always 36 | environment: 37 | - WATCHTOWER_CLEANUP=${TRAEFIK_WATCHTOWER_CLEANUP} 38 | labels: 39 | - traefik.enable=false 40 | volumes: 41 | - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro 42 | - /var/run/docker.sock:/var/run/docker.sock 43 | -------------------------------------------------------------------------------- /ansible/roles/traefik/templates/config.j2: -------------------------------------------------------------------------------- 1 | defaultEntryPoints = ["http", "https"] 2 | logLevel = "{{ traefik_loglevel }}" 3 | 4 | [entryPoints] 5 | [entryPoints.http] 6 | address = ":80" 7 | [entryPoints.http.redirect] 8 | entryPoint = "https" 9 | [entryPoints.https] 10 | address = ":443" 11 | [entryPoints.https.tls] 12 | 13 | [acme] 14 | email = "{{ traefik_email }}" 15 | storage = "/etc/acme.json" 16 | entryPoint = "https" 17 | onDemand = true 18 | dnsProvider = "cloudflare" 19 | acmeLogging = true 20 | 21 | [docker] 22 | domain = "{{ traefik_domain }}" 23 | watch = true 24 | -------------------------------------------------------------------------------- /ansible/roles/traefik/templates/default.j2: -------------------------------------------------------------------------------- 1 | TRAEFIK_CONTAINER={{ traefik_container }} 2 | 3 | TRAEFIK_CLOUDFLARE_EMAIL={{ traefik_cloudflare_email }} 4 | TRAEFIK_CLOUDFLARE_APIKEY={{ traefik_cloudflare_apikey }} 5 | 6 | TRAEFIK_WATCHTOWER_CONTAINER={{ traefik_watchtower_container }} 7 | TRAEFIK_WATCHTOWER_CLEANUP={{ traefik_watchtower_cleanup | default(False) | lower }} 8 | -------------------------------------------------------------------------------- /ansible/roles/traefik/templates/service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Traefik 3 | 4 | Requires=docker.service 5 | After=docker.service 6 | 7 | [Service] 8 | Restart=always 9 | WorkingDirectory=/compose/traefik 10 | TimeoutStartSec=300 11 | 12 | ExecStop=/bin/sh -c '/usr/local/bin/docker-compose kill || true' 13 | ExecStopPost=/bin/sh -c '/usr/local/bin/docker-compose down --remove-orphans || true' 14 | 15 | ExecStartPre=/bin/sh -c '/usr/local/bin/docker-compose pull --ignore-pull-failures || true' 16 | ExecStart=/usr/local/bin/docker-compose up --abort-on-container-exit --remove-orphans 17 | 18 | [Install] 19 | WantedBy=multi-user.target 20 | -------------------------------------------------------------------------------- /ansible/roles/users/defaults/main.yml: -------------------------------------------------------------------------------- 1 | users: [] 2 | users_available: [] 3 | -------------------------------------------------------------------------------- /ansible/roles/users/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: install 2 | with_items: 3 | - git 4 | package: 5 | name: '{{ item }}' 6 | state: present 7 | tags: 8 | - users 9 | 10 | - name: group 11 | with_items: '{{ users }}' 12 | when: item.name in users_available 13 | group: 14 | name: '{{ item.name }}' 15 | gid: '{{ item.uid }}' 16 | state: present 17 | tags: 18 | - users 19 | 20 | - name: create 21 | with_items: '{{ users }}' 22 | when: item.name in users_available 23 | user: 24 | name: '{{ item.name }}' 25 | uid: '{{ item.uid }}' 26 | group: '{{ item.name }}' 27 | shell: '{{ item.shell }}' 28 | groups: '{{ item.groups | join(",") }}' 29 | generate_ssh_key: yes 30 | append: yes 31 | createhome: yes 32 | state: present 33 | tags: 34 | - users 35 | 36 | - name: homeshick 37 | with_items: '{{ users }}' 38 | when: item.name in users_available 39 | become: yes 40 | become_user: '{{ item.name }}' 41 | git: 42 | repo: https://github.com/andsens/homeshick.git 43 | dest: /home/{{ item.name }}/.homesick/repos/homeshick 44 | tags: 45 | - users 46 | 47 | - name: castles 48 | with_subelements: ['{{ users }}', castles] 49 | when: item.0.name in users_available 50 | become: yes 51 | become_user: '{{ item.0.name }}' 52 | git: 53 | repo: https://github.com/{{ item.1 }}.git 54 | dest: /home/{{ item.0.name }}/.homesick/repos/{{ item.1 | basename }} 55 | tags: 56 | - users 57 | 58 | - name: links 59 | with_subelements: ['{{ users }}', castles] 60 | when: item.0.name in users_available 61 | become: yes 62 | become_user: '{{ item.0.name }}' 63 | command: /home/{{ item.0.name }}/.homesick/repos/homeshick/bin/homeshick -f -b -q link {{ item.1 | basename }} 64 | tags: 65 | - users 66 | 67 | - name: sshkeys 68 | with_items: '{{ users }}' 69 | when: item.name in users_available 70 | authorized_key: 71 | user: '{{ item.name }}' 72 | key: '{{ item.sshkeys }}' 73 | exclusive: yes 74 | state: present 75 | tags: 76 | - users 77 | -------------------------------------------------------------------------------- /bin/ansible: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | if [ -L $0 ] 5 | then 6 | ROOT=$(realpath -e $(dirname $(readlink -e $0))/..) 7 | else 8 | ROOT=$(realpath -e $(dirname $0)/..) 9 | fi 10 | 11 | if ! which ansible > /dev/null 12 | then 13 | echo "Failed to detect ansible!" 14 | exit 1 15 | fi 16 | 17 | if ! test -f ${ROOT}/.vault 18 | then 19 | echo "Failed to find .vault file!" 20 | exit 1 21 | fi 22 | 23 | exec ansible \ 24 | --vault-password-file=${ROOT}/.vault \ 25 | --inventory-file=${ROOT}/ansible/hosts.ini $@ 26 | -------------------------------------------------------------------------------- /bin/playbook: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | if [ -L $0 ] 5 | then 6 | ROOT=$(realpath -e $(dirname $(readlink -e $0))/..) 7 | else 8 | ROOT=$(realpath -e $(dirname $0)/..) 9 | fi 10 | 11 | if ! which ansible-playbook > /dev/null 12 | then 13 | echo "Failed to detect ansible-playbook!" 14 | exit 1 15 | fi 16 | 17 | if ! test -f ${ROOT}/.vault 18 | then 19 | echo "Failed to find .vault file!" 20 | exit 1 21 | fi 22 | 23 | exec ansible-playbook \ 24 | --vault-password-file=${ROOT}/.vault \ 25 | --inventory-file=${ROOT}/ansible/hosts.ini \ 26 | ${ROOT}/ansible/playbook.yml $@ 27 | -------------------------------------------------------------------------------- /bin/terraform: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | if [ -L $0 ] 5 | then 6 | ROOT=$(realpath -e $(dirname $(readlink -e $0))/..) 7 | else 8 | ROOT=$(realpath -e $(dirname $0)/..) 9 | fi 10 | 11 | if ! which terraform > /dev/null 12 | then 13 | echo "Failed to detect terraform!" 14 | exit 1 15 | fi 16 | 17 | pushd ${ROOT}/terraform > /dev/null 18 | exec terraform $@ 19 | popd > /dev/null 20 | -------------------------------------------------------------------------------- /docs/LABELS.md: -------------------------------------------------------------------------------- 1 | # Labels 2 | 3 | We got a specific list of available labels within our GitHub repositories. To 4 | update or add our labels you should simply use [ghi](https://github.com/stephencelis/ghi) 5 | to make it as easy as possible available via the CLI. The installation of this 6 | tool is out of the scope of this documentation. 7 | 8 | ## List 9 | 10 | * in progress 11 | * kind/api 12 | * kind/bug 13 | * kind/breaking 14 | * kind/deployment 15 | * kind/docs 16 | * kind/enhancement 17 | * kind/feature 18 | * kind/lint 19 | * kind/proposal 20 | * kind/question 21 | * kind/regression 22 | * kind/security 23 | * kind/testing 24 | * kind/ui 25 | * lgtm/done 26 | * lgtm/need 1 27 | * lgtm/need 2 28 | * priority/critical 29 | * priority/low 30 | * priority/maybe 31 | * priority/medium 32 | * reviewed/duplicate 33 | * reviewed/invalid 34 | * reviewed/wontfix 35 | * status/blocked 36 | * status/needs-feedback 37 | * status/wip 38 | 39 | ## Update 40 | 41 | To update the list of labels you have to get into the folder of the specific 42 | cloned repository, than you can simply execute the following commands. 43 | 44 | ``` 45 | ghi label -D 'help wanted' 46 | 47 | ghi label 'bug' -c ee0701 -r kind/bug 48 | ghi label 'duplicate' -c cccccc -r reviewed/duplicate 49 | ghi label 'enhancement' -c 84b6eb -r kind/enhancement 50 | ghi label 'invalid' -c e6e6e6 -r reviewed/invalid 51 | ghi label 'question' -c cc317c -r kind/question 52 | ghi label 'wontfix' -c ffffff -r reviewed/wontfix 53 | 54 | ghi label 'in progress' -c ededed 55 | ghi label 'kind/deployment' -c c5def5 56 | ghi label 'kind/docs' -c c2e0c6 57 | ghi label 'kind/feature' -c 006b75 58 | ghi label 'kind/lint' -c f9d0c4 59 | ghi label 'kind/proposal' -c 5319e7 60 | ghi label 'kind/regression' -c c92f0b 61 | ghi label 'kind/security' -c 0052cc 62 | ghi label 'kind/testing' -c d4c5f9 63 | ghi label 'kind/translation' -c c0c0c0 64 | ghi label 'kind/ui' -c fef2c0 65 | ghi label 'lgtm/done' -c 0e8a16 66 | ghi label 'lgtm/need 1' -c f9d0c4 67 | ghi label 'lgtm/need 2' -c d93f0b 68 | ghi label 'priority/critical' -c fbca04 69 | ghi label 'priority/low' -c bfd4f2 70 | ghi label 'priority/maybe' -c fef2c0 71 | ghi label 'priority/medium' -c fbca04 72 | ghi label 'status/blocked' -c d4c5f9 73 | ghi label 'status/needs-feedback' -c 1d76db 74 | ghi label 'status/wip' -c fbca04 75 | ``` 76 | -------------------------------------------------------------------------------- /docs/terraform.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/go-gitea/infrastructure/4bad11c63e9a6a969b52491fa96e59e481aefac3/docs/terraform.png -------------------------------------------------------------------------------- /templates/user_data.yml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | write_files: 4 | - path: /etc/ssh/sshd_config 5 | content: | 6 | Port ${ssh_port} 7 | Protocol 2 8 | 9 | AddressFamily any 10 | ListenAddress 0.0.0.0 11 | ListenAddress :: 12 | 13 | SyslogFacility AUTH 14 | LogLevel INFO 15 | 16 | HostKey /etc/ssh/ssh_host_ed25519_key 17 | HostKey /etc/ssh/ssh_host_rsa_key 18 | HostKey /etc/ssh/ssh_host_dsa_key 19 | HostKey /etc/ssh/ssh_host_ecdsa_key 20 | 21 | KeyRegenerationInterval 3600 22 | ServerKeyBits 1024 23 | LoginGraceTime 120 24 | 25 | UseDNS no 26 | AllowAgentForwarding no 27 | AllowTcpForwarding no 28 | PrintMotd no 29 | PrintLastLog no 30 | PermitUserEnvironment yes 31 | PermitRootLogin yes 32 | ChallengeResponseAuthentication no 33 | PasswordAuthentication no 34 | PermitEmptyPasswords no 35 | StrictModes yes 36 | RSAAuthentication yes 37 | PubkeyAuthentication yes 38 | IgnoreRhosts yes 39 | RhostsRSAAuthentication no 40 | HostbasedAuthentication no 41 | TCPKeepAlive yes 42 | UsePrivilegeSeparation yes 43 | 44 | X11Forwarding yes 45 | X11DisplayOffset 10 46 | 47 | AcceptEnv LANG LC_* 48 | AuthorizedKeysFile %h/.ssh/authorized_keys 49 | Banner none 50 | Subsystem sftp /usr/lib/openssh/sftp-server 51 | -------------------------------------------------------------------------------- /terraform/demos.tf: -------------------------------------------------------------------------------- 1 | resource "digitalocean_droplet" "demo" { 2 | count = "${var.demo_count}" 3 | name = "${lookup(var.demo_names, count.index)}" 4 | 5 | image = "${lookup(var.demo_images, count.index)}" 6 | region = "${lookup(var.demo_regions, count.index)}" 7 | size = "${lookup(var.demo_sizes, count.index)}" 8 | user_data = "${data.template_file.user_data.rendered}" 9 | 10 | ssh_keys = ["${digitalocean_ssh_key.owners.*.id}"] 11 | 12 | ipv6 = true 13 | backups = false 14 | private_networking = false 15 | resize_disk = false 16 | } 17 | 18 | resource "cloudflare_record" "demov4" { 19 | count = "${var.demo_count}" 20 | name = "${lookup(var.demo_names, count.index)}" 21 | 22 | domain = "${var.cloudflare_domain}" 23 | value = "${element(digitalocean_droplet.demo.*.ipv4_address, count.index)}" 24 | type = "A" 25 | } 26 | 27 | resource "cloudflare_record" "demov6" { 28 | count = "${var.demo_count}" 29 | name = "${lookup(var.demo_names, count.index)}" 30 | 31 | domain = "${var.cloudflare_domain}" 32 | value = "${element(digitalocean_droplet.demo.*.ipv6_address, count.index)}" 33 | type = "AAAA" 34 | } 35 | -------------------------------------------------------------------------------- /terraform/domains.tf: -------------------------------------------------------------------------------- 1 | resource "cloudflare_record" "mx1" { 2 | domain = "${var.cloudflare_domain}" 3 | name = "@" 4 | value = "mx.zoho.com" 5 | type = "MX" 6 | priority = 10 7 | proxied = false 8 | } 9 | 10 | resource "cloudflare_record" "mx2" { 11 | domain = "${var.cloudflare_domain}" 12 | name = "@" 13 | value = "mx2.zoho.com" 14 | type = "MX" 15 | priority = 20 16 | proxied = false 17 | } 18 | 19 | resource "cloudflare_record" "mx3" { 20 | domain = "${var.cloudflare_domain}" 21 | name = "mailgun" 22 | value = "mxa.mailgun.org" 23 | type = "MX" 24 | priority = 10 25 | proxied = false 26 | } 27 | 28 | resource "cloudflare_record" "mx4" { 29 | domain = "${var.cloudflare_domain}" 30 | name = "mailgun" 31 | value = "mxb.mailgun.org" 32 | type = "MX" 33 | priority = 10 34 | proxied = false 35 | } 36 | 37 | resource "cloudflare_record" "spf1" { 38 | domain = "${var.cloudflare_domain}" 39 | name = "zoho" 40 | value = "v=spf1 mx include:zoho.com ~all" 41 | type = "SPF" 42 | proxied = false 43 | } 44 | 45 | resource "cloudflare_record" "txt1" { 46 | domain = "${var.cloudflare_domain}" 47 | name = "_acme-challenge.coverage" 48 | value = "OPuLFURRN5kvhFzJBMCY9AMY6DThIi7YonbaheKguGc" 49 | type = "TXT" 50 | proxied = false 51 | } 52 | 53 | resource "cloudflare_record" "txt2" { 54 | domain = "${var.cloudflare_domain}" 55 | name = "@" 56 | value = "v=spf1 include:zoho.com ~all" 57 | type = "TXT" 58 | proxied = false 59 | } 60 | 61 | resource "cloudflare_record" "txt3" { 62 | domain = "${var.cloudflare_domain}" 63 | name = "k1._domainkey.mailgun" 64 | value = "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUz1pPYWPp2BPsov+ds4O1PVe2FaptKqPaxXqwk/BDv8xeWf9FnMmt2+m+cODM8jr+c9pZeSmkhXkX/VVbIaaZE3ilpJymn+cHmHRXhGWhjB9eMw4Md6DswQtzu55U8m6PUaP7q2e2LZaMW6NafXsCsjj2RrGRedgFIOtw02E6RQIDAQAB" 65 | type = "TXT" 66 | proxied = false 67 | } 68 | 69 | resource "cloudflare_record" "txt4" { 70 | domain = "${var.cloudflare_domain}" 71 | name = "mailgun" 72 | value = "v=spf1 include:mailgun.org ~all" 73 | type = "TXT" 74 | proxied = false 75 | } 76 | 77 | resource "cloudflare_record" "txt5" { 78 | domain = "${var.cloudflare_domain}" 79 | name = "zoho._domainkey" 80 | value = "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdlMfEWjnNTTEnlfrCUmdXDYehLExTJWTJFPv8VileUh9RBCXoHAeUOasCxD4xJq6iEd/mVoaV0ojTppYnf4++G3UJRYUIRrlLDnVD6vQfAQegIT9wVyANj98kFxi5ptJLZNqFSfWz1+/E4M/ekp+A1Rynh9rrW+rvC5yLstudYwIDAQAB" 81 | type = "TXT" 82 | proxied = false 83 | } 84 | 85 | resource "cloudflare_record" "discourse" { 86 | domain = "${var.cloudflare_domain}" 87 | name = "discourse" 88 | value = "gitea.hosted-by-discourse.com" 89 | type = "CNAME" 90 | proxied = false 91 | } 92 | 93 | resource "cloudflare_record" "mailgun" { 94 | domain = "${var.cloudflare_domain}" 95 | name = "email.mailgun" 96 | value = "mailgun.org" 97 | type = "CNAME" 98 | proxied = false 99 | } 100 | 101 | resource "cloudflare_record" "status" { 102 | domain = "${var.cloudflare_domain}" 103 | name = "status" 104 | value = "stats.uptimerobot.com" 105 | type = "CNAME" 106 | proxied = false 107 | } 108 | 109 | resource "cloudflare_record" "zoho" { 110 | domain = "${var.cloudflare_domain}" 111 | name = "zb14818752" 112 | value = "zmverify.zoho.com" 113 | type = "CNAME" 114 | proxied = false 115 | } 116 | 117 | resource "cloudflare_record" "gitea" { 118 | domain = "${var.cloudflare_domain}" 119 | name = "@" 120 | value = "${lookup(var.server_names, 0)}.${var.cloudflare_domain}" 121 | type = "CNAME" 122 | proxied = true 123 | } 124 | 125 | resource "cloudflare_record" "blog" { 126 | domain = "${var.cloudflare_domain}" 127 | name = "blog" 128 | value = "${lookup(var.server_names, 0)}.${var.cloudflare_domain}" 129 | type = "CNAME" 130 | proxied = true 131 | } 132 | 133 | resource "cloudflare_record" "code" { 134 | domain = "${var.cloudflare_domain}" 135 | name = "code" 136 | value = "${lookup(var.server_names, 0)}.${var.cloudflare_domain}" 137 | type = "CNAME" 138 | proxied = true 139 | } 140 | 141 | resource "cloudflare_record" "coverage" { 142 | domain = "${var.cloudflare_domain}" 143 | name = "coverage" 144 | value = "${lookup(var.server_names, 0)}.${var.cloudflare_domain}" 145 | type = "CNAME" 146 | proxied = false 147 | } 148 | 149 | resource "cloudflare_record" "dl" { 150 | domain = "${var.cloudflare_domain}" 151 | name = "dl" 152 | value = "${lookup(var.server_names, 0)}.${var.cloudflare_domain}" 153 | type = "CNAME" 154 | proxied = true 155 | } 156 | 157 | resource "cloudflare_record" "docs" { 158 | domain = "${var.cloudflare_domain}" 159 | name = "docs" 160 | value = "${lookup(var.server_names, 0)}.${var.cloudflare_domain}" 161 | type = "CNAME" 162 | proxied = true 163 | } 164 | 165 | resource "cloudflare_record" "drone" { 166 | domain = "${var.cloudflare_domain}" 167 | name = "drone" 168 | value = "${lookup(var.server_names, 0)}.${var.cloudflare_domain}" 169 | type = "CNAME" 170 | proxied = false 171 | } 172 | 173 | resource "cloudflare_record" "lgtm" { 174 | domain = "${var.cloudflare_domain}" 175 | name = "lgtm" 176 | value = "${lookup(var.server_names, 0)}.${var.cloudflare_domain}" 177 | type = "CNAME" 178 | proxied = false 179 | } 180 | 181 | resource "cloudflare_record" "storage" { 182 | domain = "${var.cloudflare_domain}" 183 | name = "storage" 184 | value = "${lookup(var.server_names, 0)}.${var.cloudflare_domain}" 185 | type = "CNAME" 186 | proxied = false 187 | } 188 | 189 | resource "cloudflare_record" "try" { 190 | domain = "${var.cloudflare_domain}" 191 | name = "try" 192 | value = "${lookup(var.demo_names, 0)}.${var.cloudflare_domain}" 193 | type = "CNAME" 194 | proxied = false 195 | depends_on = ["digitalocean_droplet.demo"] 196 | } 197 | 198 | resource "cloudflare_record" "try-drone" { 199 | domain = "${var.cloudflare_domain}" 200 | name = "drone.try" 201 | value = "${lookup(var.demo_names, 0)}.${var.cloudflare_domain}" 202 | type = "CNAME" 203 | proxied = false 204 | depends_on = ["digitalocean_droplet.demo"] 205 | } 206 | 207 | -------------------------------------------------------------------------------- /terraform/outputs.tf: -------------------------------------------------------------------------------- 1 | output "demo_ipv4" { 2 | value = "${join(" ", digitalocean_droplet.demo.*.ipv4_address)}" 3 | } 4 | 5 | output "demo_ipv6" { 6 | value = "${join(" ", digitalocean_droplet.demo.*.ipv6_address)}" 7 | } 8 | 9 | output "demo_names" { 10 | value = "${join(" ", cloudflare_record.demov4.*.hostname)}" 11 | } 12 | 13 | output "server_ipv4" { 14 | value = "${join(" ", digitalocean_droplet.server.*.ipv4_address)}" 15 | } 16 | 17 | output "server_ipv6" { 18 | value = "${join(" ", digitalocean_droplet.server.*.ipv6_address)}" 19 | } 20 | 21 | output "server_names" { 22 | value = "${join(" ", cloudflare_record.serverv4.*.hostname)}" 23 | } 24 | -------------------------------------------------------------------------------- /terraform/providers.tf: -------------------------------------------------------------------------------- 1 | provider "digitalocean" { 2 | token = "${var.do_token}" 3 | } 4 | 5 | provider "cloudflare" { 6 | email = "${var.cloudflare_email}" 7 | token = "${var.cloudflare_token}" 8 | } 9 | -------------------------------------------------------------------------------- /terraform/servers.tf: -------------------------------------------------------------------------------- 1 | resource "digitalocean_droplet" "server" { 2 | count = "${var.server_count}" 3 | name = "${lookup(var.server_names, count.index)}" 4 | 5 | image = "${lookup(var.server_images, count.index)}" 6 | region = "${lookup(var.server_regions, count.index)}" 7 | size = "${lookup(var.server_sizes, count.index)}" 8 | user_data = "${data.template_file.user_data.rendered}" 9 | 10 | ssh_keys = ["${digitalocean_ssh_key.owners.*.id}"] 11 | 12 | ipv6 = true 13 | backups = true 14 | private_networking = false 15 | resize_disk = true 16 | } 17 | 18 | resource "cloudflare_record" "serverv4" { 19 | count = "${var.server_count}" 20 | name = "${lookup(var.server_names, count.index)}" 21 | 22 | domain = "${var.cloudflare_domain}" 23 | value = "${element(digitalocean_droplet.server.*.ipv4_address, count.index)}" 24 | type = "A" 25 | } 26 | 27 | resource "cloudflare_record" "serverv6" { 28 | count = "${var.server_count}" 29 | name = "${lookup(var.server_names, count.index)}" 30 | 31 | domain = "${var.cloudflare_domain}" 32 | value = "${element(digitalocean_droplet.server.*.ipv6_address, count.index)}" 33 | type = "AAAA" 34 | } 35 | -------------------------------------------------------------------------------- /terraform/sshkeys.tf: -------------------------------------------------------------------------------- 1 | resource "digitalocean_ssh_key" "owners" { 2 | count = "${length(var.ssh_keys)}" 3 | name = "${element(keys(var.ssh_keys), count.index)}" 4 | 5 | public_key = "${element(values(var.ssh_keys), count.index)}" 6 | } 7 | -------------------------------------------------------------------------------- /terraform/templates.tf: -------------------------------------------------------------------------------- 1 | data "template_file" "user_data" { 2 | template = "${file("../templates/user_data.yml")}" 3 | 4 | vars { 5 | ssh_port = "${var.ssh_port}" 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /terraform/terraform.tfstate: -------------------------------------------------------------------------------- 1 | { 2 | "version": 3, 3 | "terraform_version": "0.11.3", 4 | "serial": 14, 5 | "lineage": "991a4abf-6c70-4e3c-976f-6e907fba07ff", 6 | "modules": [ 7 | { 8 | "path": [ 9 | "root" 10 | ], 11 | "outputs": { 12 | "demo_ipv4": { 13 | "sensitive": false, 14 | "type": "string", 15 | "value": "167.99.148.217" 16 | }, 17 | "demo_ipv6": { 18 | "sensitive": false, 19 | "type": "string", 20 | "value": "2604:a880:0400:00d1:0000:0000:06b0:2001" 21 | }, 22 | "demo_names": { 23 | "sensitive": false, 24 | "type": "string", 25 | "value": "dchi.gitea.io" 26 | }, 27 | "server_ipv4": { 28 | "sensitive": false, 29 | "type": "string", 30 | "value": "167.99.153.18" 31 | }, 32 | "server_ipv6": { 33 | "sensitive": false, 34 | "type": "string", 35 | "value": "2604:a880:0400:00d1:0000:0000:06b0:1001" 36 | }, 37 | "server_names": { 38 | "sensitive": false, 39 | "type": "string", 40 | "value": "pangu.gitea.io" 41 | } 42 | }, 43 | "resources": { 44 | "cloudflare_record.blog": { 45 | "type": "cloudflare_record", 46 | "depends_on": [], 47 | "primary": { 48 | "id": "1012986e6111a851cbcc194863225ad6", 49 | "attributes": { 50 | "domain": "gitea.io", 51 | "hostname": "blog.gitea.io", 52 | "id": "1012986e6111a851cbcc194863225ad6", 53 | "name": "blog", 54 | "priority": "0", 55 | "proxied": "true", 56 | "ttl": "1", 57 | "type": "CNAME", 58 | "value": "pangu.gitea.io", 59 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 60 | }, 61 | "meta": { 62 | "schema_version": "1" 63 | }, 64 | "tainted": false 65 | }, 66 | "deposed": [], 67 | "provider": "provider.cloudflare" 68 | }, 69 | "cloudflare_record.code": { 70 | "type": "cloudflare_record", 71 | "depends_on": [], 72 | "primary": { 73 | "id": "9d430516d7dd3e4b1912d198bfef3957", 74 | "attributes": { 75 | "domain": "gitea.io", 76 | "hostname": "code.gitea.io", 77 | "id": "9d430516d7dd3e4b1912d198bfef3957", 78 | "name": "code", 79 | "priority": "0", 80 | "proxied": "true", 81 | "ttl": "1", 82 | "type": "CNAME", 83 | "value": "pangu.gitea.io", 84 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 85 | }, 86 | "meta": { 87 | "schema_version": "1" 88 | }, 89 | "tainted": false 90 | }, 91 | "deposed": [], 92 | "provider": "provider.cloudflare" 93 | }, 94 | "cloudflare_record.coverage": { 95 | "type": "cloudflare_record", 96 | "depends_on": [], 97 | "primary": { 98 | "id": "de995017301788e5781813e01207b254", 99 | "attributes": { 100 | "domain": "gitea.io", 101 | "hostname": "coverage.gitea.io", 102 | "id": "de995017301788e5781813e01207b254", 103 | "name": "coverage", 104 | "priority": "0", 105 | "proxied": "false", 106 | "ttl": "1", 107 | "type": "CNAME", 108 | "value": "pangu.gitea.io", 109 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 110 | }, 111 | "meta": { 112 | "schema_version": "1" 113 | }, 114 | "tainted": false 115 | }, 116 | "deposed": [], 117 | "provider": "provider.cloudflare" 118 | }, 119 | "cloudflare_record.demov4": { 120 | "type": "cloudflare_record", 121 | "depends_on": [ 122 | "digitalocean_droplet.demo.*" 123 | ], 124 | "primary": { 125 | "id": "69ab114beb578098ccbd77cabcfb172a", 126 | "attributes": { 127 | "domain": "gitea.io", 128 | "hostname": "dchi.gitea.io", 129 | "id": "69ab114beb578098ccbd77cabcfb172a", 130 | "name": "dchi", 131 | "priority": "0", 132 | "proxied": "false", 133 | "ttl": "1", 134 | "type": "A", 135 | "value": "167.99.148.217", 136 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 137 | }, 138 | "meta": { 139 | "schema_version": "1" 140 | }, 141 | "tainted": false 142 | }, 143 | "deposed": [], 144 | "provider": "provider.cloudflare" 145 | }, 146 | "cloudflare_record.demov6": { 147 | "type": "cloudflare_record", 148 | "depends_on": [ 149 | "digitalocean_droplet.demo.*" 150 | ], 151 | "primary": { 152 | "id": "a95f8e2dbe29053bf417d8ea4f322f42", 153 | "attributes": { 154 | "domain": "gitea.io", 155 | "hostname": "dchi.gitea.io", 156 | "id": "a95f8e2dbe29053bf417d8ea4f322f42", 157 | "name": "dchi", 158 | "priority": "0", 159 | "proxied": "false", 160 | "ttl": "1", 161 | "type": "AAAA", 162 | "value": "2604:a880:0400:00d1:0000:0000:06b0:2001", 163 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 164 | }, 165 | "meta": { 166 | "schema_version": "1" 167 | }, 168 | "tainted": false 169 | }, 170 | "deposed": [], 171 | "provider": "provider.cloudflare" 172 | }, 173 | "cloudflare_record.discourse": { 174 | "type": "cloudflare_record", 175 | "depends_on": [], 176 | "primary": { 177 | "id": "fc3d6b6d900b5f16b4e9b4508ec78f6d", 178 | "attributes": { 179 | "domain": "gitea.io", 180 | "hostname": "discourse.gitea.io", 181 | "id": "fc3d6b6d900b5f16b4e9b4508ec78f6d", 182 | "name": "discourse", 183 | "priority": "0", 184 | "proxied": "false", 185 | "ttl": "1", 186 | "type": "CNAME", 187 | "value": "gitea.hosted-by-discourse.com", 188 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 189 | }, 190 | "meta": { 191 | "schema_version": "1" 192 | }, 193 | "tainted": false 194 | }, 195 | "deposed": [], 196 | "provider": "provider.cloudflare" 197 | }, 198 | "cloudflare_record.dl": { 199 | "type": "cloudflare_record", 200 | "depends_on": [], 201 | "primary": { 202 | "id": "f32777a6850a1b8c21a7e887aa013523", 203 | "attributes": { 204 | "domain": "gitea.io", 205 | "hostname": "dl.gitea.io", 206 | "id": "f32777a6850a1b8c21a7e887aa013523", 207 | "name": "dl", 208 | "priority": "0", 209 | "proxied": "true", 210 | "ttl": "1", 211 | "type": "CNAME", 212 | "value": "pangu.gitea.io", 213 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 214 | }, 215 | "meta": { 216 | "schema_version": "1" 217 | }, 218 | "tainted": false 219 | }, 220 | "deposed": [], 221 | "provider": "provider.cloudflare" 222 | }, 223 | "cloudflare_record.docs": { 224 | "type": "cloudflare_record", 225 | "depends_on": [], 226 | "primary": { 227 | "id": "386f62480c57e29cfea975a587def64c", 228 | "attributes": { 229 | "domain": "gitea.io", 230 | "hostname": "docs.gitea.io", 231 | "id": "386f62480c57e29cfea975a587def64c", 232 | "name": "docs", 233 | "priority": "0", 234 | "proxied": "true", 235 | "ttl": "1", 236 | "type": "CNAME", 237 | "value": "pangu.gitea.io", 238 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 239 | }, 240 | "meta": { 241 | "schema_version": "1" 242 | }, 243 | "tainted": false 244 | }, 245 | "deposed": [], 246 | "provider": "provider.cloudflare" 247 | }, 248 | "cloudflare_record.drone": { 249 | "type": "cloudflare_record", 250 | "depends_on": [], 251 | "primary": { 252 | "id": "912a966233459a42293dcce31018b2f3", 253 | "attributes": { 254 | "domain": "gitea.io", 255 | "hostname": "drone.gitea.io", 256 | "id": "912a966233459a42293dcce31018b2f3", 257 | "name": "drone", 258 | "priority": "0", 259 | "proxied": "false", 260 | "ttl": "1", 261 | "type": "CNAME", 262 | "value": "pangu.gitea.io", 263 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 264 | }, 265 | "meta": { 266 | "schema_version": "1" 267 | }, 268 | "tainted": false 269 | }, 270 | "deposed": [], 271 | "provider": "provider.cloudflare" 272 | }, 273 | "cloudflare_record.gitea": { 274 | "type": "cloudflare_record", 275 | "depends_on": [], 276 | "primary": { 277 | "id": "df1d526c125453398cdc3a8583d0d334", 278 | "attributes": { 279 | "domain": "gitea.io", 280 | "hostname": "gitea.io", 281 | "id": "df1d526c125453398cdc3a8583d0d334", 282 | "name": "@", 283 | "priority": "0", 284 | "proxied": "true", 285 | "ttl": "1", 286 | "type": "CNAME", 287 | "value": "pangu.gitea.io", 288 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 289 | }, 290 | "meta": { 291 | "schema_version": "1" 292 | }, 293 | "tainted": false 294 | }, 295 | "deposed": [], 296 | "provider": "provider.cloudflare" 297 | }, 298 | "cloudflare_record.lgtm": { 299 | "type": "cloudflare_record", 300 | "depends_on": [], 301 | "primary": { 302 | "id": "ad377a4c6b314043d0c9930a2c1cc251", 303 | "attributes": { 304 | "domain": "gitea.io", 305 | "hostname": "lgtm.gitea.io", 306 | "id": "ad377a4c6b314043d0c9930a2c1cc251", 307 | "name": "lgtm", 308 | "priority": "0", 309 | "proxied": "false", 310 | "ttl": "1", 311 | "type": "CNAME", 312 | "value": "pangu.gitea.io", 313 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 314 | }, 315 | "meta": { 316 | "schema_version": "1" 317 | }, 318 | "tainted": false 319 | }, 320 | "deposed": [], 321 | "provider": "provider.cloudflare" 322 | }, 323 | "cloudflare_record.mailgun": { 324 | "type": "cloudflare_record", 325 | "depends_on": [], 326 | "primary": { 327 | "id": "5a9605e7bd09d015fcef97797315e1f2", 328 | "attributes": { 329 | "domain": "gitea.io", 330 | "hostname": "email.mailgun.gitea.io", 331 | "id": "5a9605e7bd09d015fcef97797315e1f2", 332 | "name": "email.mailgun", 333 | "priority": "0", 334 | "proxied": "false", 335 | "ttl": "1", 336 | "type": "CNAME", 337 | "value": "mailgun.org", 338 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 339 | }, 340 | "meta": { 341 | "schema_version": "1" 342 | }, 343 | "tainted": false 344 | }, 345 | "deposed": [], 346 | "provider": "provider.cloudflare" 347 | }, 348 | "cloudflare_record.mx1": { 349 | "type": "cloudflare_record", 350 | "depends_on": [], 351 | "primary": { 352 | "id": "b36d0b3bba97f6da7e3fc46380001cfb", 353 | "attributes": { 354 | "domain": "gitea.io", 355 | "hostname": "gitea.io", 356 | "id": "b36d0b3bba97f6da7e3fc46380001cfb", 357 | "name": "@", 358 | "priority": "10", 359 | "proxied": "false", 360 | "ttl": "1", 361 | "type": "MX", 362 | "value": "mx.zoho.com", 363 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 364 | }, 365 | "meta": { 366 | "schema_version": "1" 367 | }, 368 | "tainted": false 369 | }, 370 | "deposed": [], 371 | "provider": "provider.cloudflare" 372 | }, 373 | "cloudflare_record.mx2": { 374 | "type": "cloudflare_record", 375 | "depends_on": [], 376 | "primary": { 377 | "id": "d02a2cab5bb0dead472bebb826b521f1", 378 | "attributes": { 379 | "domain": "gitea.io", 380 | "hostname": "gitea.io", 381 | "id": "d02a2cab5bb0dead472bebb826b521f1", 382 | "name": "@", 383 | "priority": "20", 384 | "proxied": "false", 385 | "ttl": "1", 386 | "type": "MX", 387 | "value": "mx2.zoho.com", 388 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 389 | }, 390 | "meta": { 391 | "schema_version": "1" 392 | }, 393 | "tainted": false 394 | }, 395 | "deposed": [], 396 | "provider": "provider.cloudflare" 397 | }, 398 | "cloudflare_record.mx3": { 399 | "type": "cloudflare_record", 400 | "depends_on": [], 401 | "primary": { 402 | "id": "13f312a45c61de2eeb5ca906c3628d41", 403 | "attributes": { 404 | "domain": "gitea.io", 405 | "hostname": "mailgun.gitea.io", 406 | "id": "13f312a45c61de2eeb5ca906c3628d41", 407 | "name": "mailgun", 408 | "priority": "10", 409 | "proxied": "false", 410 | "ttl": "1", 411 | "type": "MX", 412 | "value": "mxa.mailgun.org", 413 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 414 | }, 415 | "meta": { 416 | "schema_version": "1" 417 | }, 418 | "tainted": false 419 | }, 420 | "deposed": [], 421 | "provider": "provider.cloudflare" 422 | }, 423 | "cloudflare_record.mx4": { 424 | "type": "cloudflare_record", 425 | "depends_on": [], 426 | "primary": { 427 | "id": "249d224dc01db9268f41dfd21e094ddd", 428 | "attributes": { 429 | "domain": "gitea.io", 430 | "hostname": "mailgun.gitea.io", 431 | "id": "249d224dc01db9268f41dfd21e094ddd", 432 | "name": "mailgun", 433 | "priority": "10", 434 | "proxied": "false", 435 | "ttl": "1", 436 | "type": "MX", 437 | "value": "mxb.mailgun.org", 438 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 439 | }, 440 | "meta": { 441 | "schema_version": "1" 442 | }, 443 | "tainted": false 444 | }, 445 | "deposed": [], 446 | "provider": "provider.cloudflare" 447 | }, 448 | "cloudflare_record.serverv4": { 449 | "type": "cloudflare_record", 450 | "depends_on": [ 451 | "digitalocean_droplet.server.*" 452 | ], 453 | "primary": { 454 | "id": "2f4427394dfe46ece789df0913575167", 455 | "attributes": { 456 | "domain": "gitea.io", 457 | "hostname": "pangu.gitea.io", 458 | "id": "2f4427394dfe46ece789df0913575167", 459 | "name": "pangu", 460 | "priority": "0", 461 | "proxied": "false", 462 | "ttl": "1", 463 | "type": "A", 464 | "value": "167.99.153.18", 465 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 466 | }, 467 | "meta": { 468 | "schema_version": "1" 469 | }, 470 | "tainted": false 471 | }, 472 | "deposed": [], 473 | "provider": "provider.cloudflare" 474 | }, 475 | "cloudflare_record.serverv6": { 476 | "type": "cloudflare_record", 477 | "depends_on": [ 478 | "digitalocean_droplet.server.*" 479 | ], 480 | "primary": { 481 | "id": "a1236c88e14456facb7171850fcd599e", 482 | "attributes": { 483 | "domain": "gitea.io", 484 | "hostname": "pangu.gitea.io", 485 | "id": "a1236c88e14456facb7171850fcd599e", 486 | "name": "pangu", 487 | "priority": "0", 488 | "proxied": "false", 489 | "ttl": "1", 490 | "type": "AAAA", 491 | "value": "2604:a880:0400:00d1:0000:0000:06b0:1001", 492 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 493 | }, 494 | "meta": { 495 | "schema_version": "1" 496 | }, 497 | "tainted": false 498 | }, 499 | "deposed": [], 500 | "provider": "provider.cloudflare" 501 | }, 502 | "cloudflare_record.spf1": { 503 | "type": "cloudflare_record", 504 | "depends_on": [], 505 | "primary": { 506 | "id": "562136ca875bd2604e6d80cd84a8b486", 507 | "attributes": { 508 | "domain": "gitea.io", 509 | "hostname": "zoho.gitea.io", 510 | "id": "562136ca875bd2604e6d80cd84a8b486", 511 | "name": "zoho", 512 | "priority": "0", 513 | "proxied": "false", 514 | "ttl": "1", 515 | "type": "SPF", 516 | "value": "v=spf1 mx include:zoho.com ~all", 517 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 518 | }, 519 | "meta": { 520 | "schema_version": "1" 521 | }, 522 | "tainted": false 523 | }, 524 | "deposed": [], 525 | "provider": "provider.cloudflare" 526 | }, 527 | "cloudflare_record.status": { 528 | "type": "cloudflare_record", 529 | "depends_on": [], 530 | "primary": { 531 | "id": "acb83a5cfa9f77b96758bd1a0d519258", 532 | "attributes": { 533 | "domain": "gitea.io", 534 | "hostname": "status.gitea.io", 535 | "id": "acb83a5cfa9f77b96758bd1a0d519258", 536 | "name": "status", 537 | "priority": "0", 538 | "proxied": "false", 539 | "ttl": "1", 540 | "type": "CNAME", 541 | "value": "stats.uptimerobot.com", 542 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 543 | }, 544 | "meta": { 545 | "schema_version": "1" 546 | }, 547 | "tainted": false 548 | }, 549 | "deposed": [], 550 | "provider": "provider.cloudflare" 551 | }, 552 | "cloudflare_record.storage": { 553 | "type": "cloudflare_record", 554 | "depends_on": [], 555 | "primary": { 556 | "id": "48ecb0888b0804955feb39c54b042d45", 557 | "attributes": { 558 | "domain": "gitea.io", 559 | "hostname": "storage.gitea.io", 560 | "id": "48ecb0888b0804955feb39c54b042d45", 561 | "name": "storage", 562 | "priority": "0", 563 | "proxied": "false", 564 | "ttl": "1", 565 | "type": "CNAME", 566 | "value": "pangu.gitea.io", 567 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 568 | }, 569 | "meta": { 570 | "schema_version": "1" 571 | }, 572 | "tainted": false 573 | }, 574 | "deposed": [], 575 | "provider": "provider.cloudflare" 576 | }, 577 | "cloudflare_record.try": { 578 | "type": "cloudflare_record", 579 | "depends_on": [ 580 | "digitalocean_droplet.demo" 581 | ], 582 | "primary": { 583 | "id": "f1530d8b39da765b0e56050adac8ebd9", 584 | "attributes": { 585 | "domain": "gitea.io", 586 | "hostname": "try.gitea.io", 587 | "id": "f1530d8b39da765b0e56050adac8ebd9", 588 | "name": "try", 589 | "priority": "0", 590 | "proxied": "false", 591 | "ttl": "1", 592 | "type": "CNAME", 593 | "value": "dchi.gitea.io", 594 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 595 | }, 596 | "meta": { 597 | "schema_version": "1" 598 | }, 599 | "tainted": false 600 | }, 601 | "deposed": [], 602 | "provider": "provider.cloudflare" 603 | }, 604 | "cloudflare_record.try-drone": { 605 | "type": "cloudflare_record", 606 | "depends_on": [ 607 | "digitalocean_droplet.demo" 608 | ], 609 | "primary": { 610 | "id": "57b2ef1b0b372bb2fd6f63af19fd504b", 611 | "attributes": { 612 | "domain": "gitea.io", 613 | "hostname": "drone.try.gitea.io", 614 | "id": "57b2ef1b0b372bb2fd6f63af19fd504b", 615 | "name": "drone.try", 616 | "priority": "0", 617 | "proxied": "false", 618 | "ttl": "1", 619 | "type": "CNAME", 620 | "value": "dchi.gitea.io", 621 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 622 | }, 623 | "meta": { 624 | "schema_version": "1" 625 | }, 626 | "tainted": false 627 | }, 628 | "deposed": [], 629 | "provider": "provider.cloudflare" 630 | }, 631 | "cloudflare_record.txt1": { 632 | "type": "cloudflare_record", 633 | "depends_on": [], 634 | "primary": { 635 | "id": "2fa30dd0914c6f9dbb8954b98ad15859", 636 | "attributes": { 637 | "domain": "gitea.io", 638 | "hostname": "_acme-challenge.coverage.gitea.io", 639 | "id": "2fa30dd0914c6f9dbb8954b98ad15859", 640 | "name": "_acme-challenge.coverage", 641 | "priority": "0", 642 | "proxied": "false", 643 | "ttl": "1", 644 | "type": "TXT", 645 | "value": "OPuLFURRN5kvhFzJBMCY9AMY6DThIi7YonbaheKguGc", 646 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 647 | }, 648 | "meta": { 649 | "schema_version": "1" 650 | }, 651 | "tainted": false 652 | }, 653 | "deposed": [], 654 | "provider": "provider.cloudflare" 655 | }, 656 | "cloudflare_record.txt2": { 657 | "type": "cloudflare_record", 658 | "depends_on": [], 659 | "primary": { 660 | "id": "09e98a311dfc4b17d067349219de3309", 661 | "attributes": { 662 | "domain": "gitea.io", 663 | "hostname": "gitea.io", 664 | "id": "09e98a311dfc4b17d067349219de3309", 665 | "name": "@", 666 | "priority": "0", 667 | "proxied": "false", 668 | "ttl": "1", 669 | "type": "TXT", 670 | "value": "v=spf1 include:zoho.com ~all", 671 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 672 | }, 673 | "meta": { 674 | "schema_version": "1" 675 | }, 676 | "tainted": false 677 | }, 678 | "deposed": [], 679 | "provider": "provider.cloudflare" 680 | }, 681 | "cloudflare_record.txt3": { 682 | "type": "cloudflare_record", 683 | "depends_on": [], 684 | "primary": { 685 | "id": "2a78feab22c530bac4888e6de658dbc3", 686 | "attributes": { 687 | "domain": "gitea.io", 688 | "hostname": "k1._domainkey.mailgun.gitea.io", 689 | "id": "2a78feab22c530bac4888e6de658dbc3", 690 | "name": "k1._domainkey.mailgun", 691 | "priority": "0", 692 | "proxied": "false", 693 | "ttl": "1", 694 | "type": "TXT", 695 | "value": "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUz1pPYWPp2BPsov+ds4O1PVe2FaptKqPaxXqwk/BDv8xeWf9FnMmt2+m+cODM8jr+c9pZeSmkhXkX/VVbIaaZE3ilpJymn+cHmHRXhGWhjB9eMw4Md6DswQtzu55U8m6PUaP7q2e2LZaMW6NafXsCsjj2RrGRedgFIOtw02E6RQIDAQAB", 696 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 697 | }, 698 | "meta": { 699 | "schema_version": "1" 700 | }, 701 | "tainted": false 702 | }, 703 | "deposed": [], 704 | "provider": "provider.cloudflare" 705 | }, 706 | "cloudflare_record.txt4": { 707 | "type": "cloudflare_record", 708 | "depends_on": [], 709 | "primary": { 710 | "id": "ca81d81e5707724b43462357aebf8eaf", 711 | "attributes": { 712 | "domain": "gitea.io", 713 | "hostname": "mailgun.gitea.io", 714 | "id": "ca81d81e5707724b43462357aebf8eaf", 715 | "name": "mailgun", 716 | "priority": "0", 717 | "proxied": "false", 718 | "ttl": "1", 719 | "type": "TXT", 720 | "value": "v=spf1 include:mailgun.org ~all", 721 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 722 | }, 723 | "meta": { 724 | "schema_version": "1" 725 | }, 726 | "tainted": false 727 | }, 728 | "deposed": [], 729 | "provider": "provider.cloudflare" 730 | }, 731 | "cloudflare_record.txt5": { 732 | "type": "cloudflare_record", 733 | "depends_on": [], 734 | "primary": { 735 | "id": "c83ff486197547cf3a1675147201b285", 736 | "attributes": { 737 | "domain": "gitea.io", 738 | "hostname": "zoho._domainkey.gitea.io", 739 | "id": "c83ff486197547cf3a1675147201b285", 740 | "name": "zoho._domainkey", 741 | "priority": "0", 742 | "proxied": "false", 743 | "ttl": "1", 744 | "type": "TXT", 745 | "value": "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdlMfEWjnNTTEnlfrCUmdXDYehLExTJWTJFPv8VileUh9RBCXoHAeUOasCxD4xJq6iEd/mVoaV0ojTppYnf4++G3UJRYUIRrlLDnVD6vQfAQegIT9wVyANj98kFxi5ptJLZNqFSfWz1+/E4M/ekp+A1Rynh9rrW+rvC5yLstudYwIDAQAB", 746 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 747 | }, 748 | "meta": { 749 | "schema_version": "1" 750 | }, 751 | "tainted": false 752 | }, 753 | "deposed": [], 754 | "provider": "provider.cloudflare" 755 | }, 756 | "cloudflare_record.zoho": { 757 | "type": "cloudflare_record", 758 | "depends_on": [], 759 | "primary": { 760 | "id": "c552893ddbfbaa86cb5d19b445a610c3", 761 | "attributes": { 762 | "domain": "gitea.io", 763 | "hostname": "zb14818752.gitea.io", 764 | "id": "c552893ddbfbaa86cb5d19b445a610c3", 765 | "name": "zb14818752", 766 | "priority": "0", 767 | "proxied": "false", 768 | "ttl": "1", 769 | "type": "CNAME", 770 | "value": "zmverify.zoho.com", 771 | "zone_id": "2e9b920df675c8371c0639e71695b4a3" 772 | }, 773 | "meta": { 774 | "schema_version": "1" 775 | }, 776 | "tainted": false 777 | }, 778 | "deposed": [], 779 | "provider": "provider.cloudflare" 780 | }, 781 | "data.template_file.user_data": { 782 | "type": "template_file", 783 | "depends_on": [], 784 | "primary": { 785 | "id": "34a830f40f84116ea7c6c2f5c83fb0a5e9dade50b49bd5fedd6bfd1b18c4e965", 786 | "attributes": { 787 | "id": "34a830f40f84116ea7c6c2f5c83fb0a5e9dade50b49bd5fedd6bfd1b18c4e965", 788 | "rendered": "#cloud-config\n\nwrite_files:\n - path: /etc/ssh/sshd_config\n content: |\n Port 22022\n Protocol 2\n\n AddressFamily any\n ListenAddress 0.0.0.0\n ListenAddress ::\n\n SyslogFacility AUTH\n LogLevel INFO\n\n HostKey /etc/ssh/ssh_host_ed25519_key\n HostKey /etc/ssh/ssh_host_rsa_key\n HostKey /etc/ssh/ssh_host_dsa_key\n HostKey /etc/ssh/ssh_host_ecdsa_key\n\n KeyRegenerationInterval 3600\n ServerKeyBits 1024\n LoginGraceTime 120\n\n UseDNS no\n AllowAgentForwarding no\n AllowTcpForwarding no\n PrintMotd no\n PrintLastLog no\n PermitUserEnvironment yes\n PermitRootLogin yes\n ChallengeResponseAuthentication no\n PasswordAuthentication no\n PermitEmptyPasswords no\n StrictModes yes\n RSAAuthentication yes\n PubkeyAuthentication yes\n IgnoreRhosts yes\n RhostsRSAAuthentication no\n HostbasedAuthentication no\n TCPKeepAlive yes\n UsePrivilegeSeparation yes\n\n X11Forwarding yes\n X11DisplayOffset 10\n\n AcceptEnv LANG LC_*\n AuthorizedKeysFile %h/.ssh/authorized_keys\n Banner none\n Subsystem sftp /usr/lib/openssh/sftp-server\n", 789 | "template": "#cloud-config\n\nwrite_files:\n - path: /etc/ssh/sshd_config\n content: |\n Port ${ssh_port}\n Protocol 2\n\n AddressFamily any\n ListenAddress 0.0.0.0\n ListenAddress ::\n\n SyslogFacility AUTH\n LogLevel INFO\n\n HostKey /etc/ssh/ssh_host_ed25519_key\n HostKey /etc/ssh/ssh_host_rsa_key\n HostKey /etc/ssh/ssh_host_dsa_key\n HostKey /etc/ssh/ssh_host_ecdsa_key\n\n KeyRegenerationInterval 3600\n ServerKeyBits 1024\n LoginGraceTime 120\n\n UseDNS no\n AllowAgentForwarding no\n AllowTcpForwarding no\n PrintMotd no\n PrintLastLog no\n PermitUserEnvironment yes\n PermitRootLogin yes\n ChallengeResponseAuthentication no\n PasswordAuthentication no\n PermitEmptyPasswords no\n StrictModes yes\n RSAAuthentication yes\n PubkeyAuthentication yes\n IgnoreRhosts yes\n RhostsRSAAuthentication no\n HostbasedAuthentication no\n TCPKeepAlive yes\n UsePrivilegeSeparation yes\n\n X11Forwarding yes\n X11DisplayOffset 10\n\n AcceptEnv LANG LC_*\n AuthorizedKeysFile %h/.ssh/authorized_keys\n Banner none\n Subsystem sftp /usr/lib/openssh/sftp-server\n", 790 | "vars.%": "1", 791 | "vars.ssh_port": "22022" 792 | }, 793 | "meta": {}, 794 | "tainted": false 795 | }, 796 | "deposed": [], 797 | "provider": "provider.template" 798 | }, 799 | "digitalocean_droplet.demo": { 800 | "type": "digitalocean_droplet", 801 | "depends_on": [ 802 | "data.template_file.user_data", 803 | "digitalocean_ssh_key.owners.*" 804 | ], 805 | "primary": { 806 | "id": "87806546", 807 | "attributes": { 808 | "backups": "false", 809 | "disk": "50", 810 | "id": "87806546", 811 | "image": "ubuntu-16-04-x64", 812 | "ipv4_address": "167.99.148.217", 813 | "ipv6": "true", 814 | "ipv6_address": "2604:a880:0400:00d1:0000:0000:06b0:2001", 815 | "ipv6_address_private": "", 816 | "locked": "false", 817 | "name": "dchi", 818 | "price_hourly": "0.01488", 819 | "price_monthly": "10", 820 | "private_networking": "false", 821 | "region": "nyc1", 822 | "resize_disk": "false", 823 | "size": "s-1vcpu-2gb", 824 | "ssh_keys.#": "9", 825 | "ssh_keys.0": "19612366", 826 | "ssh_keys.1": "19612363", 827 | "ssh_keys.2": "19612364", 828 | "ssh_keys.3": "19612365", 829 | "ssh_keys.4": "19612860", 830 | "ssh_keys.5": "19612859", 831 | "ssh_keys.6": "19612862", 832 | "ssh_keys.7": "19612861", 833 | "ssh_keys.8": "19612858", 834 | "status": "active", 835 | "tags.#": "0", 836 | "user_data": "#cloud-config\n\nwrite_files:\n - path: /etc/ssh/sshd_config\n content: |\n Port 22022\n Protocol 2\n\n AddressFamily any\n ListenAddress 0.0.0.0\n ListenAddress ::\n\n SyslogFacility AUTH\n LogLevel INFO\n\n HostKey /etc/ssh/ssh_host_ed25519_key\n HostKey /etc/ssh/ssh_host_rsa_key\n HostKey /etc/ssh/ssh_host_dsa_key\n HostKey /etc/ssh/ssh_host_ecdsa_key\n\n KeyRegenerationInterval 3600\n ServerKeyBits 1024\n LoginGraceTime 120\n\n UseDNS no\n AllowAgentForwarding no\n AllowTcpForwarding no\n PrintMotd no\n PrintLastLog no\n PermitUserEnvironment yes\n PermitRootLogin yes\n ChallengeResponseAuthentication no\n PasswordAuthentication no\n PermitEmptyPasswords no\n StrictModes yes\n RSAAuthentication yes\n PubkeyAuthentication yes\n IgnoreRhosts yes\n RhostsRSAAuthentication no\n HostbasedAuthentication no\n TCPKeepAlive yes\n UsePrivilegeSeparation yes\n\n X11Forwarding yes\n X11DisplayOffset 10\n\n AcceptEnv LANG LC_*\n AuthorizedKeysFile %h/.ssh/authorized_keys\n Banner none\n Subsystem sftp /usr/lib/openssh/sftp-server\n", 837 | "vcpus": "1" 838 | }, 839 | "meta": {}, 840 | "tainted": false 841 | }, 842 | "deposed": [], 843 | "provider": "provider.digitalocean" 844 | }, 845 | "digitalocean_droplet.server": { 846 | "type": "digitalocean_droplet", 847 | "depends_on": [ 848 | "data.template_file.user_data", 849 | "digitalocean_ssh_key.owners.*" 850 | ], 851 | "primary": { 852 | "id": "87806385", 853 | "attributes": { 854 | "backups": "true", 855 | "disk": "160", 856 | "id": "87806385", 857 | "image": "ubuntu-16-04-x64", 858 | "ipv4_address": "167.99.153.18", 859 | "ipv6": "true", 860 | "ipv6_address": "2604:a880:0400:00d1:0000:0000:06b0:1001", 861 | "ipv6_address_private": "", 862 | "locked": "false", 863 | "name": "pangu", 864 | "price_hourly": "0.05952", 865 | "price_monthly": "40", 866 | "private_networking": "false", 867 | "region": "nyc1", 868 | "resize_disk": "true", 869 | "size": "s-4vcpu-8gb", 870 | "ssh_keys.#": "9", 871 | "ssh_keys.0": "19612366", 872 | "ssh_keys.1": "19612363", 873 | "ssh_keys.2": "19612364", 874 | "ssh_keys.3": "19612365", 875 | "ssh_keys.4": "19612860", 876 | "ssh_keys.5": "19612859", 877 | "ssh_keys.6": "19612862", 878 | "ssh_keys.7": "19612861", 879 | "ssh_keys.8": "19612858", 880 | "status": "active", 881 | "tags.#": "0", 882 | "user_data": "#cloud-config\n\nwrite_files:\n - path: /etc/ssh/sshd_config\n content: |\n Port 22022\n Protocol 2\n\n AddressFamily any\n ListenAddress 0.0.0.0\n ListenAddress ::\n\n SyslogFacility AUTH\n LogLevel INFO\n\n HostKey /etc/ssh/ssh_host_ed25519_key\n HostKey /etc/ssh/ssh_host_rsa_key\n HostKey /etc/ssh/ssh_host_dsa_key\n HostKey /etc/ssh/ssh_host_ecdsa_key\n\n KeyRegenerationInterval 3600\n ServerKeyBits 1024\n LoginGraceTime 120\n\n UseDNS no\n AllowAgentForwarding no\n AllowTcpForwarding no\n PrintMotd no\n PrintLastLog no\n PermitUserEnvironment yes\n PermitRootLogin yes\n ChallengeResponseAuthentication no\n PasswordAuthentication no\n PermitEmptyPasswords no\n StrictModes yes\n RSAAuthentication yes\n PubkeyAuthentication yes\n IgnoreRhosts yes\n RhostsRSAAuthentication no\n HostbasedAuthentication no\n TCPKeepAlive yes\n UsePrivilegeSeparation yes\n\n X11Forwarding yes\n X11DisplayOffset 10\n\n AcceptEnv LANG LC_*\n AuthorizedKeysFile %h/.ssh/authorized_keys\n Banner none\n Subsystem sftp /usr/lib/openssh/sftp-server\n", 883 | "vcpus": "4" 884 | }, 885 | "meta": {}, 886 | "tainted": false 887 | }, 888 | "deposed": [], 889 | "provider": "provider.digitalocean" 890 | }, 891 | "digitalocean_ssh_key.owners.0": { 892 | "type": "digitalocean_ssh_key", 893 | "depends_on": [], 894 | "primary": { 895 | "id": "19612366", 896 | "attributes": { 897 | "fingerprint": "49:da:8a:9d:a9:61:71:f8:cc:61:24:aa:c0:fb:3f:a0", 898 | "id": "19612366", 899 | "name": "appleboy1", 900 | "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3uQtMr300gb2icmedgrYgsI/slCgS8mDkPS1G0rlEACyMund4lMo+C8vTnhfoq7CmWGFDuGXXMGcgnnhiN67EXf4xKwCiypmvV4hrisd5FDyluNvUo9wdsqcq3Nv8jNYid27uidgx2v1o4bjidV8F163M5OuQV/Ij1uYsoZ4GiZvLAq5W09twqThEcz9Us9PljQlpqMxoF68hEyL3FM7MioOPshQiENf/3yRohHTzcDYI369hjJu7OpFqp+VORDc/Lma8bOufd/jGZsOBSiV9wjwYLHUHJsSzYv2Cg+jdmUnYjfqUsabwH1bjTVtiRKiXfZMeFF8ju5d9I7ExNp4x appleboy@gitea.io" 901 | }, 902 | "meta": {}, 903 | "tainted": false 904 | }, 905 | "deposed": [], 906 | "provider": "provider.digitalocean" 907 | }, 908 | "digitalocean_ssh_key.owners.1": { 909 | "type": "digitalocean_ssh_key", 910 | "depends_on": [], 911 | "primary": { 912 | "id": "19612363", 913 | "attributes": { 914 | "fingerprint": "ab:61:f7:f7:c9:ea:ac:2a:a7:01:03:e8:5a:3c:51:5f", 915 | "id": "19612363", 916 | "name": "bkc1", 917 | "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCianSaWiFmKklsBv1GlN2wLx9MTfVqjUHSKyYz54AbCBBpXzOx6mrc86DiNuYHmCGDJAHywtCEQfZQTC0gqI62bKhjtI7tVo3Pp47cpAYLX8i4DR5YOHDTZTBRrLAsoACu+Cv905LD/R7FAtR5rKDXl8706HS0ftIiB1bsOBaH2UMIKZHfKg2swR4uMRsLec8GC4lZ5G1kVbtuT9jor7lvWPABstdp7eAe7Ty6/K0HvAo9IXdPdIbKUxVAkwpYnCsh+Ri4AFwWSnDTpBp/w2v4MarhMFno3Qm+3Kqusug1V8/XxsxPD1PVPVZnRocbuocTcuB1uhyWMYh29x7hN6bp bkc@gitea.io" 918 | }, 919 | "meta": {}, 920 | "tainted": false 921 | }, 922 | "deposed": [], 923 | "provider": "provider.digitalocean" 924 | }, 925 | "digitalocean_ssh_key.owners.2": { 926 | "type": "digitalocean_ssh_key", 927 | "depends_on": [], 928 | "primary": { 929 | "id": "19612364", 930 | "attributes": { 931 | "fingerprint": "99:ec:9a:38:01:0b:a8:ef:b9:bd:30:a2:68:5d:5d:cc", 932 | "id": "19612364", 933 | "name": "bkc2", 934 | "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2Sovl8XfHqhiAo1GQpsJ/Z8YMvs+xPt1NMsHa5mqAtaMSGsaxIgfpL80+oSX7/itHZJfi7OcRz7R8LzJfy6WKMZUzSkkXXZlxYT328qlMzRPOtkyDWBgIY7ArcDkiyY2MFnbv5uIgilpRKFxFNxx7TuUucOmrB9SHTINy1rDiLHbvZTyJH83WVRo8V6+2JB1N1hyBWbsLNRL9VTAb3v1RvRaDUq92HJqLN77SrxHitst/7PnSimIdnPN04pogP8bDqD/XVL08ZAOXgIQvXqHIC6V+UebLSw18tw/Iac7rYNyYo949NnzQCZ0lB3/yi+L/3Hq9rpiDp3GmANQRRcBN bkc@gitea.io" 935 | }, 936 | "meta": {}, 937 | "tainted": false 938 | }, 939 | "deposed": [], 940 | "provider": "provider.digitalocean" 941 | }, 942 | "digitalocean_ssh_key.owners.3": { 943 | "type": "digitalocean_ssh_key", 944 | "depends_on": [], 945 | "primary": { 946 | "id": "19612365", 947 | "attributes": { 948 | "fingerprint": "e7:53:11:6e:ee:3b:52:79:26:2e:36:f6:61:6a:e6:3f", 949 | "id": "19612365", 950 | "name": "bkc3", 951 | "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9WgmBjn7jlFzAz7QPE5p3F+wG2Dbcg616J/vQk1e0Z4hlRSejoFoA9JVV8IuKBdXYDCieqctvbd01S/5dyDOq8rIoyLa1vfYAqkztzShjZ91WAnv8JOU2o5YC1HtiSKP4ygDzTztr97L1Mv29S3RM1ZFjiNo/0gncMK2uI7z9BgzTXkHEvWPqOy+ca8f6HFVDTL5wfer1oY0gkj4fbYdHclpFrMQh0WBI/Z4YvZz7oRmJHajyRfmTu5X/iLsFk8daP+O7wJpQPwKsefczZmrHyKLC4DgrcHEBzvfyfRa/MQNdJZ+ohayomX51xpsAfBOb4AlJbM7o2SgyJcnfolK7 bkc@gitea.io" 952 | }, 953 | "meta": {}, 954 | "tainted": false 955 | }, 956 | "deposed": [], 957 | "provider": "provider.digitalocean" 958 | }, 959 | "digitalocean_ssh_key.owners.4": { 960 | "type": "digitalocean_ssh_key", 961 | "depends_on": [], 962 | "primary": { 963 | "id": "19612860", 964 | "attributes": { 965 | "fingerprint": "8a:31:31:b7:e8:72:16:35:43:73:08:a4:a1:fd:a6:c7", 966 | "id": "19612860", 967 | "name": "bkc4", 968 | "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRTsax/+U1Qz3GeTFEZnNQbqrX0sIqgxWDrZ/6ZRIfjZBunkredTz8PtU1hq0F9jW7R+/DWr3vK0puGucHLhn4ds3WcEOADWcMXHHP5p36EQwaXgKzbUTLAGDjBbK+J2MPlPLMd/46aNT4RKs+6ft3ZueJHrWo6qkf80PjtLr1z0U+ixEVf9kjuCED/l3ODIamajw2eoyA9qQKjishZRVTm6uac6IYUYDQlibCOxjZL52zVCFYwG6KE/3pzARBugNRljn5VPVahFlPo1NMlWXziIvmzDF5cblt7rfdeHXlx8IaO/jVW8ze1OWiiCt32hEwWZobtsNoaeEXbLaUsdzp bkc@gitea.io" 969 | }, 970 | "meta": {}, 971 | "tainted": false 972 | }, 973 | "deposed": [], 974 | "provider": "provider.digitalocean" 975 | }, 976 | "digitalocean_ssh_key.owners.5": { 977 | "type": "digitalocean_ssh_key", 978 | "depends_on": [], 979 | "primary": { 980 | "id": "19612859", 981 | "attributes": { 982 | "fingerprint": "3f:c0:02:84:fc:c4:31:79:04:89:66:47:ce:63:b9:ba", 983 | "id": "19612859", 984 | "name": "lunny1", 985 | "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNxqUBNvl59j7Xkw3I1rXkiz0LWNvOK2KFFgLB4C101xv6C/UGjCJPlAWYl5lrTokICqi8fmLkVzAuhhGaPs28Eo55lARl1uZoTSuuobKaZHc/SZzIqn2NgSYV9WNzskpo8IkN2K5DWCYr73x6tskJ5BT9hcXWaPRb8s7dEPnw7NduhMroqlNBFgCwIgkYrjjNNIEZt5G5q2aYFLmIRRZ1JimuAJBlmQJCw+W049tjjNUKY4f2Fm9zIbktPZvSgT2kRvMWxUc8KR1kyzMVaDgqFJKQFjEoZ3kKTfkf3FV2O6tIZHA9fnRYABQy+7HAjRRFcVEu7usu12BKZ0QHKhWT lunny@gitea.io" 986 | }, 987 | "meta": {}, 988 | "tainted": false 989 | }, 990 | "deposed": [], 991 | "provider": "provider.digitalocean" 992 | }, 993 | "digitalocean_ssh_key.owners.6": { 994 | "type": "digitalocean_ssh_key", 995 | "depends_on": [], 996 | "primary": { 997 | "id": "19612862", 998 | "attributes": { 999 | "fingerprint": "9d:90:a2:25:e6:cf:06:0a:1f:fb:62:5e:5d:dc:e8:d9", 1000 | "id": "19612862", 1001 | "name": "tboerger1", 1002 | "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCc1nE4kCs9WXEEbotF+0Rivnr/9I0fc56QLZTqIr4Rsl3iZcvVDgYJmh6rPcl9xKBptNo/jK1EJF/bm2APf6wIU5Q7tNjeIw5IMJnBRBfPdQujXumb1LZMGnQvPT/gHdpVZvPkYlKkBocOJGPG99GZL0FlXXpc4eDYrgCMfCzRFG1SbQWcUdipbJJgELmbiOy7c5eHtb9i51x7g99pC91WnpInuN4pa0AFHwDQpBhS8RSLFEAfWNNs4T3SiYiUUq0lIHBoIoTM8fTTzhshXAlGWuwsZ9c9luEAw+n4QL8oD9a2ycWTJ3JCRK3CC/+J2MqCROSL4zpVA7+PFrloScMV tboerger@gitea.io" 1003 | }, 1004 | "meta": {}, 1005 | "tainted": false 1006 | }, 1007 | "deposed": [], 1008 | "provider": "provider.digitalocean" 1009 | }, 1010 | "digitalocean_ssh_key.owners.7": { 1011 | "type": "digitalocean_ssh_key", 1012 | "depends_on": [], 1013 | "primary": { 1014 | "id": "19612861", 1015 | "attributes": { 1016 | "fingerprint": "22:dd:fe:b7:76:2d:c6:ba:6a:19:b8:fe:b0:69:14:38", 1017 | "id": "19612861", 1018 | "name": "tboerger2", 1019 | "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1vlBRSgKE2LN6Tbp5pQ4qVVOXlqUnhI4fkEJLCGAGmsQGu5usxNvp9UJq0cGt6Sq1htoDmgIjEZwCE/np8/O7ZQPyHpwOWtUlS4WWiXKW0GYaeoYsuMabMLbuV1CpSZhb93zy7ZLIKUYpP7WHyZmivDaXnYkn2IOu3fvDtTQdXbwlCer96dIQjNE/KEH4/gUXetrLMYYg26gUnSDeHaxGrLQAfA9jNG1EbXiUkx8cFmZLEREHjwkBAHcwZDkqbLvZr+ExAKIVUcSzj1ep5sOrtSpbwxRtmDscviFPruJmsx/Jjl9fMhpZq8lIQb6aQ0qq09KGv1WP4YbLGRItvq9T tboerger@gitea.io" 1020 | }, 1021 | "meta": {}, 1022 | "tainted": false 1023 | }, 1024 | "deposed": [], 1025 | "provider": "provider.digitalocean" 1026 | }, 1027 | "digitalocean_ssh_key.owners.8": { 1028 | "type": "digitalocean_ssh_key", 1029 | "depends_on": [], 1030 | "primary": { 1031 | "id": "19612858", 1032 | "attributes": { 1033 | "fingerprint": "1b:c1:0d:c1:6a:6b:5a:69:21:14:62:e1:96:3a:e0:b1", 1034 | "id": "19612858", 1035 | "name": "tboerger3", 1036 | "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjASyOuvhSdzOeJCC/9crxcuztTY/AeFV7v59wQrCwozS2hPBcy5UJ4li80ly79t2D/ppCsiGDQjxCpMUKq++canqCIRZ1d6/6ylQPZIQw0rCGRHXDIKlc99i3Fz94XD85ZtFdGe2TWq1T2EEgmCRM9dGWq+f5iloRxnoSrCTXpy8JshnO5kMyQovChKzLBKdHIxddBDlEHxvWI0UcvWNuA8J2nrrOfMdMVKdPa5xeveX2V5oW3YClku7b/W6jO1rdkZ0tyl1n+wbETGmWQC+V4HE5qxK0u+Zmyz/4J+82sKQC6uEWbC9dFRslq+84rd4LyCD2467ZmzzV6HcyWJhL tboerger@gitea.io" 1037 | }, 1038 | "meta": {}, 1039 | "tainted": false 1040 | }, 1041 | "deposed": [], 1042 | "provider": "provider.digitalocean" 1043 | } 1044 | }, 1045 | "depends_on": [] 1046 | } 1047 | ] 1048 | } 1049 | -------------------------------------------------------------------------------- /terraform/variables.tf: -------------------------------------------------------------------------------- 1 | variable "do_token" { 2 | type = "string" 3 | } 4 | 5 | variable "cloudflare_email" { 6 | default = "admin@gitea.io" 7 | type = "string" 8 | } 9 | 10 | variable "cloudflare_token" { 11 | type = "string" 12 | } 13 | 14 | variable "cloudflare_domain" { 15 | type = "string" 16 | default = "gitea.io" 17 | } 18 | 19 | variable "demo_count" { 20 | type = "string" 21 | default = "1" 22 | } 23 | 24 | variable "demo_images" { 25 | type = "map" 26 | 27 | default = { 28 | "0" = "ubuntu-16-04-x64" 29 | } 30 | } 31 | 32 | variable "demo_names" { 33 | type = "map" 34 | 35 | default = { 36 | "0" = "dchi" 37 | } 38 | } 39 | 40 | variable "demo_regions" { 41 | type = "map" 42 | 43 | default = { 44 | "0" = "nyc1" 45 | } 46 | } 47 | 48 | variable "demo_sizes" { 49 | type = "map" 50 | 51 | default = { 52 | "0" = "s-1vcpu-2gb" 53 | } 54 | } 55 | 56 | variable "server_count" { 57 | type = "string" 58 | default = "1" 59 | } 60 | 61 | variable "server_images" { 62 | type = "map" 63 | 64 | default = { 65 | "0" = "ubuntu-16-04-x64" 66 | } 67 | } 68 | 69 | variable "server_names" { 70 | type = "map" 71 | 72 | default = { 73 | "0" = "pangu" 74 | } 75 | } 76 | 77 | variable "server_regions" { 78 | type = "map" 79 | 80 | default = { 81 | "0" = "nyc1" 82 | } 83 | } 84 | 85 | variable "server_sizes" { 86 | type = "map" 87 | 88 | default = { 89 | "0" = "s-4vcpu-8gb" 90 | } 91 | } 92 | 93 | variable "ssh_keys" { 94 | type = "map" 95 | 96 | default = { 97 | "lunny1" = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNxqUBNvl59j7Xkw3I1rXkiz0LWNvOK2KFFgLB4C101xv6C/UGjCJPlAWYl5lrTokICqi8fmLkVzAuhhGaPs28Eo55lARl1uZoTSuuobKaZHc/SZzIqn2NgSYV9WNzskpo8IkN2K5DWCYr73x6tskJ5BT9hcXWaPRb8s7dEPnw7NduhMroqlNBFgCwIgkYrjjNNIEZt5G5q2aYFLmIRRZ1JimuAJBlmQJCw+W049tjjNUKY4f2Fm9zIbktPZvSgT2kRvMWxUc8KR1kyzMVaDgqFJKQFjEoZ3kKTfkf3FV2O6tIZHA9fnRYABQy+7HAjRRFcVEu7usu12BKZ0QHKhWT lunny@gitea.io" 98 | "lafriks1" = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB+wCwJEbmp2zS0aREkMdUGyfinYTCsb56Cprbr+Oe1WMpsuf0efBUy5ZJ0AIfsfT40elnzyxCpw2m5WlzR1TgpEOMcuB21dqhqA5L10eoWjbMXf5N2fyeKMUguBjuIwemzRj2sIQwAoDY3FWfafrUwwswtbIBkZWT4kiwXwOqsXgzkqGf+w37oP0XhxF+HliN9qwx95RVQa9322ErLlRN4tsJs0qv6XyZGmyWO934ksPCsHXuPwz2iONXUWzf9SeTSJEfQyNup++LqMaXVbTggc+fNzJM5tyDAFLxbMSdVmbey7MAeluWLe5MKlBysFnlE68nXh8aoB11gr+w1+o6DTntbjjUlzpw5yTMnRMVHMOEDcBOv5ABaOU8D7jm45GnFtcH/hnPYecOWP639x7M20QGT4Z/9pN7WVlSyxW2lha2t2oi2Gn+5VEcN5YKsHKW7TyH1mg+miumwwR8Nvq93M7dnncA1+T/w1waJUriYGjYszqMMkhx/HVLo5ySdB2nsn0qkCP1/9RMn+3vVbyCiqeZOodo8iNRrdrwKJss9SH9AwHwodFfaoF0wgYbbGtB6frX1mRB1Z6UMlef4NomuPnXfMJxrrdFcbyyOIQQhzZg1EhoHF8BS5/laqw/DFg2xQ41cAVk8VludwBNeICI0ow+tR4wUyWeoA3cPQ== lauris@nix.lv" 99 | "techknowlogick1" = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClV5D6vq8Gouppt0JoQgwgM2z75rvJP0XYN+i9+C50scnrvkcjZnNbreFbNVHuadjk/eTdJq6/Vlpows8S8hzZbN9ltv5PrSUICYbVPDvNjN5P3Q/2uX1SiTMHP8Znf32pYDFfRpJZt5GBG0Sj3RpRudLaOZQ9809b8W/vRDHJlknTvXWz/2wX2HUQjpd48fRl/2MlmX5CxGWt2EGxO92NAVHruNt4vD7AAnT0GOOAk6UPUgsFD3BAQapkAAkaAaeZxK3xYdhOGD4+te7nwq4UNqUkkOLLBaEWEY1ZUXx1gBRx2/3wjqYM+UMhjGaQoXJqYNs6/LSsSinnFlCB0pKp techknowlogick@gitea.io" 100 | } 101 | } 102 | 103 | variable "ssh_port" { 104 | type = "string" 105 | default = "22022" 106 | } 107 | --------------------------------------------------------------------------------