commit 5cc9799b9710f5f9d553da65cce739458a3b447f Author: Yuri Lima Date: Tue Feb 3 08:46:07 2026 +0100 first commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..08b8417 --- /dev/null +++ b/.gitignore @@ -0,0 +1,83 @@ +# Docker volumes and data directories +# Ignore gitea directory contents but keep important configuration files +gitea/* +# Exception: Track Gitea configuration files (important for server recovery) +!gitea/gitea/ +!gitea/gitea/conf/ +!gitea/gitea/conf/app.ini +!gitea/gitea/home/ +!gitea/gitea/home/.gitconfig + +# Ignore Gitea data files (even if parent directories are un-ignored) +gitea/gitea/attachments/ +gitea/gitea/avatars/ +gitea/gitea/gitea.db +gitea/gitea/indexers/ +gitea/gitea/queues/ +gitea/gitea/repo-archive/ +gitea/gitea/repo-avatars/ +gitea/gitea/sessions/ +gitea/gitea/gitea +gitea/gitea/cert.pem +gitea/gitea/key.pem +gitea/gitea/log/ +gitea/gitea/tmp/ +gitea/gitea/packages/ +gitea/gitea/jwt/ +gitea/gitea/actions_artifacts/ +gitea/gitea/actions_log/ + +https_portal/data/ +https_portal/log/ + +# Environment files +.env +.env.local +.env.*.local +*.env + +# SSL certificates and keys +*.pem +*.key +*.crt +*.cert +*.csr + +# Logs +*.log +logs/ +*.log.* + +# IDE and editor files +.cursor/ +.vscode/ +.idea/ +*.swp +*.swo +*~ +.DS_Store + +# Backup and old directories +*-OLD/ +*-old/ +*.bak +*.backup +*.tmp + +# OS-specific files +.DS_Store +.DS_Store? +._* +.Spotlight-V100 +.Trashes +ehthumbs.db +Thumbs.db + +# Temporary files +*.tmp +*.temp +tmp/ +temp/ + +# Containerd (if not needed in repo) +containerd/ diff --git a/README.md b/README.md new file mode 100644 index 0000000..f36eb58 --- /dev/null +++ b/README.md @@ -0,0 +1,28 @@ +# DevOps Infrastructure + +This repository contains Docker Compose configuration for DevOps infrastructure services. + +## Services + +- **Gitea**: Self-hosted Git service +- **Node Exporter**: Prometheus node exporter for system metrics +- **HTTPS Portal**: Nginx-based reverse proxy with automatic SSL certificate management + +## Configuration + +Important configuration files are tracked in this repository: +- `docker-compose.yml`: Service definitions and configuration +- `gitea/gitea/conf/app.ini`: Gitea application configuration +- `gitea/gitea/home/.gitconfig`: Git configuration for Gitea + +## Setup + +1. Ensure Docker and Docker Compose are installed +2. Create external network: `docker network create devops` +3. Run: `docker-compose up -d` + +## Notes + +- Data directories (databases, logs, attachments) are excluded from version control +- SSL certificates are managed by HTTPS Portal and stored in `https_portal/data/` +- Gitea data is stored in `./gitea/` directory diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..146589f --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,64 @@ +--- +networks: + devops: + name: devops + external: true + +services: + gitea: + image: gitea/gitea:1.24.5 + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + restart: always + networks: + - devops + volumes: + - ./gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + - /home/git/.ssh/:/data/git/.ssh + ports: + - "8418:8418" + - "222:22" + node_exporter: + image: quay.io/prometheus/node-exporter:latest + container_name: node_exporter + network_mode: host + pid: host + restart: unless-stopped + command: + - "--path.procfs=/host/proc" + - "--path.sysfs=/host/sys" + - "--path.rootfs=/host" + - "--collector.filesystem.ignored-mount-points=^/(sys|proc|dev)($$|/)" + volumes: + - "/proc:/host/proc:ro" + - "/sys:/host/sys:ro" + - "/:/host:ro,rslave" + https_portal: + container_name: https_portal + image: "steveltn/https-portal:1.23.0" + restart: unless-stopped + user: "root" + networks: + - devops # internal network + ports: + - "80:80" + - "443:443" + environment: + STAGE: "production" # Use Let's Encrypt production server + WEBSOCKET: "true" # Enable websocket support + DEBUG: "true" + RENEW_MARGIN_DAYS: 30 + CLIENT_MAX_BODY_SIZE: 0 + # FORCE_RENEW: 'true' + DOMAINS: 'gitea.phx-erp.de -> gitea:8418' + volumes: + - ./https_portal/data:/var/lib/https-portal # ssl_certs, vhost.d, htdocs + - ./https_portal/log:/var/log/nginx # nginx logs + depends_on: + - gitea + + diff --git a/gitea/gitea/conf/app.ini b/gitea/gitea/conf/app.ini new file mode 100644 index 0000000..333ac85 --- /dev/null +++ b/gitea/gitea/conf/app.ini @@ -0,0 +1,156 @@ +; https://docs.gitea.com/administration/logging-config +; https://docs.gitea.com/administration/config-cheat-sheet +APP_NAME = PHX Git +RUN_MODE = prod +; RUN_USER = git +WORK_PATH = /data/gitea + +[repository] +ROOT = /data/git/repositories +DEFAULT_PRIVATE = private +DEFAULT_PUSH_CREATE_PRIVATE = true + +[repository.local] +LOCAL_COPY_PATH = /data/gitea/tmp/local-repo + +[repository.upload] +TEMP_PATH = /data/gitea/uploads +FILE_MAX_SIZE = 500 +MAX_FILES = 5 + +[server] +PROTOCOL = http +; CERT_FILE = cert.pem +; KEY_FILE = key.pem +APP_DATA_PATH = /data/gitea +DOMAIN = gitea.phx-erp.de +SSH_DOMAIN = gitea.phx-erp.de +HTTP_PORT = 8418 +ROOT_URL = https://%(DOMAIN)s ;%(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/ ;https://%(DOMAIN)s +; ROOT_URL = https://gitea.phx-erp.de/ +DISABLE_SSH = false +SSH_PORT = 222 +SSH_LISTEN_PORT = 22 +LFS_START_SERVER = true +LFS_JWT_SECRET = PgKhCDMdjKt3lqOaAsWOIVf314j8AiV3jvzK-fqA-fU +OFFLINE_MODE = false +; SSH_CREATE_AUTHORIZED_KEYS_FILE = false +; ENABLE_ACME=true +; ACME_ACCEPTTOS=true +; ACME_DIRECTORY=https +; ACME_EMAIL=y.m.lima19@gmail.com +; REDIRECT_OTHER_PORT = true +; PORT_TO_REDIRECT = 3080 + +[database] +PATH = /data/gitea/gitea.db +DB_TYPE = sqlite3 +HOST = localhost:3306 +NAME = gitea +USER = root +PASSWD = +LOG_SQL = false +SCHEMA = +SSL_MODE = disable +CHARSET = utf8 + +[indexer] +ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve + +[session] +PROVIDER_CONFIG = /data/gitea/sessions +PROVIDER = file + +[picture] +AVATAR_UPLOAD_PATH = /data/gitea/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars + +[attachment] +PATH = /data/gitea/attachments + +[log] +MODE = console +LEVEL = info +ROOT_PATH = /data/gitea/log +STACKTRACE_LEVEL = None +logger.router.MODE = , +logger.xorm.MODE = , +logger.access.MODE = + +; this is the config options of "console" mode (used by MODE=console above) +[log.console] +MODE = console +FLAGS = stdflags +PREFIX = +COLORIZE = true + +[security] +INSTALL_LOCK = true +SECRET_KEY = +REVERSE_PROXY_LIMIT = 1 +REVERSE_PROXY_TRUSTED_PROXIES = * +INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2ODI1MDcyMjd9.Y-AiH7g5yXscV6FqtRqDC_hUWs9FpM7HWLPb_EQTamM +PASSWORD_HASH_ALGO = pbkdf2 + +[service] +DISABLE_REGISTRATION = false +REQUIRE_SIGNIN_VIEW = false +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = false +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.localhost + +[lfs] +PATH = /data/git/lfs + +[mailer] +ENABLED = true +FROM = info@phx-erp.de +PROTOCOL = smtps +SMTP_ADDR = mail.phx-erp.de +SMTP_PORT = 465 +USER = internal@phx-erp.de +PASSWD = `8Kb2p4!o1` + +[openid] +ENABLE_OPENID_SIGNIN = true +ENABLE_OPENID_SIGNUP = true + +[cron.update_checker] +ENABLED = true + +[repository.pull-request] +DEFAULT_MERGE_STYLE = merge + +[repository.signing] +DEFAULT_TRUST_MODEL = committer + +[oauth2] +JWT_SECRET = 3NIRibkUEPf2ScwnYUsXiG5RSEX7e3h_yWWqY1zfFCQ + +[cron.resync_all_sshkeys] +ENABLED = true +RUN_AT_START = true + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[repository.issue] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; List of reasons why a Pull Request or Issue can be locked +LOCK_REASONS = Too heated,Off-topic,Resolved,Spam +;; Maximum number of pinned Issues per repo +;; Set to 0 to disable pinning Issues +MAX_PINNED = 3 + +[project] +PROJECT_BOARD_BASIC_KANBAN_TYPE = To Do, In Progress, Done +PROJECT_BOARD_BUG_TRIAGE_TYPE = Needs Triage, High Priority, Low Priority, Closed + +[webhook] +ALLOWED_HOST_LIST=teamcity.phx-erp.de,23.88.107.109,ansible.phx-erp.de,167.235.254.4 +; 23.88.107.109 -> Teamcity Ip \ No newline at end of file diff --git a/gitea/gitea/home/.gitconfig b/gitea/gitea/home/.gitconfig new file mode 100644 index 0000000..0dbdb31 --- /dev/null +++ b/gitea/gitea/home/.gitconfig @@ -0,0 +1,22 @@ +[user] + name = Gitea + email = gitea@fake.local +[core] + quotePath = false + logAllRefUpdates = true + commitGraph = true +[gc] + reflogExpire = 90 + writeCommitGraph = true +[receive] + advertisePushOptions = true + procReceiveRefs = refs/for +[fetch] + writeCommitGraph = true +[safe] + directory = * +[uploadpack] + allowfilter = true + allowAnySHA1InWant = true +[diff] + algorithm = histogram