first commit

.gitignore

@@ -0,0 +1,83 @@
+# Docker volumes and data directories
+# Ignore gitea directory contents but keep important configuration files
+gitea/*
+# Exception: Track Gitea configuration files (important for server recovery)
+!gitea/gitea/
+!gitea/gitea/conf/
+!gitea/gitea/conf/app.ini
+!gitea/gitea/home/
+!gitea/gitea/home/.gitconfig
+
+# Ignore Gitea data files (even if parent directories are un-ignored)
+gitea/gitea/attachments/
+gitea/gitea/avatars/
+gitea/gitea/gitea.db
+gitea/gitea/indexers/
+gitea/gitea/queues/
+gitea/gitea/repo-archive/
+gitea/gitea/repo-avatars/
+gitea/gitea/sessions/
+gitea/gitea/gitea
+gitea/gitea/cert.pem
+gitea/gitea/key.pem
+gitea/gitea/log/
+gitea/gitea/tmp/
+gitea/gitea/packages/
+gitea/gitea/jwt/
+gitea/gitea/actions_artifacts/
+gitea/gitea/actions_log/
+
+https_portal/data/
+https_portal/log/
+
+# Environment files
+.env
+.env.local
+.env.*.local
+*.env
+
+# SSL certificates and keys
+*.pem
+*.key
+*.crt
+*.cert
+*.csr
+
+# Logs
+*.log
+logs/
+*.log.*
+
+# IDE and editor files
+.cursor/
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+
+# Backup and old directories
+*-OLD/
+*-old/
+*.bak
+*.backup
+*.tmp
+
+# OS-specific files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Temporary files
+*.tmp
+*.temp
+tmp/
+temp/
+
+# Containerd (if not needed in repo)
+containerd/

README.md

@@ -0,0 +1,28 @@
+# DevOps Infrastructure
+
+This repository contains Docker Compose configuration for DevOps infrastructure services.
+
+## Services
+
+- **Gitea**: Self-hosted Git service
+- **Node Exporter**: Prometheus node exporter for system metrics
+- **HTTPS Portal**: Nginx-based reverse proxy with automatic SSL certificate management
+
+## Configuration
+
+Important configuration files are tracked in this repository:
+- `docker-compose.yml`: Service definitions and configuration
+- `gitea/gitea/conf/app.ini`: Gitea application configuration
+- `gitea/gitea/home/.gitconfig`: Git configuration for Gitea
+
+## Setup
+
+1. Ensure Docker and Docker Compose are installed
+2. Create external network: `docker network create devops`
+3. Run: `docker-compose up -d`
+
+## Notes
+
+- Data directories (databases, logs, attachments) are excluded from version control
+- SSL certificates are managed by HTTPS Portal and stored in `https_portal/data/`
+- Gitea data is stored in `./gitea/` directory

docker-compose.yml

@@ -0,0 +1,64 @@
+---
+networks:
+  devops:
+    name: devops
+    external: true
+
+services:
+  gitea:
+    image: gitea/gitea:1.24.5
+    container_name: gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+    restart: always
+    networks:
+      - devops
+    volumes:
+      - ./gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+      - /home/git/.ssh/:/data/git/.ssh
+    ports:
+      - "8418:8418"
+      - "222:22"
+  node_exporter:
+    image: quay.io/prometheus/node-exporter:latest
+    container_name: node_exporter
+    network_mode: host
+    pid: host
+    restart: unless-stopped
+    command:
+      - "--path.procfs=/host/proc"
+      - "--path.sysfs=/host/sys"
+      - "--path.rootfs=/host"
+      - "--collector.filesystem.ignored-mount-points=^/(sys|proc|dev)($$|/)"
+    volumes:
+      - "/proc:/host/proc:ro"
+      - "/sys:/host/sys:ro"
+      - "/:/host:ro,rslave"
+  https_portal:
+    container_name: https_portal
+    image: "steveltn/https-portal:1.23.0"
+    restart: unless-stopped
+    user: "root"
+    networks:
+      - devops # internal network
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      STAGE: "production" # Use Let's Encrypt production server
+      WEBSOCKET: "true" # Enable websocket support
+      DEBUG: "true"
+      RENEW_MARGIN_DAYS: 30
+      CLIENT_MAX_BODY_SIZE: 0
+      # FORCE_RENEW: 'true'
+      DOMAINS: 'gitea.phx-erp.de -> gitea:8418'
+    volumes:
+      - ./https_portal/data:/var/lib/https-portal # ssl_certs, vhost.d, htdocs
+      - ./https_portal/log:/var/log/nginx # nginx logs
+    depends_on:
+      - gitea
+
+

gitea/gitea/conf/app.ini

@@ -0,0 +1,156 @@
+; https://docs.gitea.com/administration/logging-config
+; https://docs.gitea.com/administration/config-cheat-sheet
+APP_NAME = PHX Git
+RUN_MODE = prod
+; RUN_USER = git
+WORK_PATH = /data/gitea
+
+[repository]
+ROOT = /data/git/repositories
+DEFAULT_PRIVATE = private
+DEFAULT_PUSH_CREATE_PRIVATE = true
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+FILE_MAX_SIZE = 500
+MAX_FILES = 5
+
+[server]
+PROTOCOL  = http
+; CERT_FILE = cert.pem
+; KEY_FILE  = key.pem
+APP_DATA_PATH = /data/gitea
+DOMAIN = gitea.phx-erp.de
+SSH_DOMAIN = gitea.phx-erp.de
+HTTP_PORT = 8418
+ROOT_URL = https://%(DOMAIN)s ;%(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/ ;https://%(DOMAIN)s
+; ROOT_URL = https://gitea.phx-erp.de/
+DISABLE_SSH = false
+SSH_PORT = 222
+SSH_LISTEN_PORT = 22
+LFS_START_SERVER = true
+LFS_JWT_SECRET = PgKhCDMdjKt3lqOaAsWOIVf314j8AiV3jvzK-fqA-fU
+OFFLINE_MODE = false
+; SSH_CREATE_AUTHORIZED_KEYS_FILE = false
+; ENABLE_ACME=true
+; ACME_ACCEPTTOS=true
+; ACME_DIRECTORY=https
+; ACME_EMAIL=y.m.lima19@gmail.com
+; REDIRECT_OTHER_PORT = true
+; PORT_TO_REDIRECT = 3080
+
+[database]
+PATH = /data/gitea/gitea.db
+DB_TYPE = sqlite3
+HOST = localhost:3306
+NAME = gitea
+USER = root
+PASSWD = 
+LOG_SQL = false
+SCHEMA = 
+SSL_MODE = disable
+CHARSET = utf8
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+PROVIDER = file
+
+[picture]
+AVATAR_UPLOAD_PATH = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+MODE = console
+LEVEL = info
+ROOT_PATH = /data/gitea/log
+STACKTRACE_LEVEL = None
+logger.router.MODE = ,
+logger.xorm.MODE = ,
+logger.access.MODE =
+
+; this is the config options of "console" mode (used by MODE=console above)
+[log.console]
+MODE = console
+FLAGS = stdflags
+PREFIX =
+COLORIZE = true
+
+[security]
+INSTALL_LOCK = true
+SECRET_KEY = 
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
+INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2ODI1MDcyMjd9.Y-AiH7g5yXscV6FqtRqDC_hUWs9FpM7HWLPb_EQTamM
+PASSWORD_HASH_ALGO = pbkdf2
+
+[service]
+DISABLE_REGISTRATION = false
+REQUIRE_SIGNIN_VIEW = false
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_NOTIFY_MAIL = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+ENABLE_CAPTCHA = false
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS = noreply.localhost
+
+[lfs]
+PATH = /data/git/lfs
+
+[mailer]
+ENABLED = true
+FROM           = info@phx-erp.de
+PROTOCOL       = smtps
+SMTP_ADDR      = mail.phx-erp.de
+SMTP_PORT      = 465
+USER           = internal@phx-erp.de
+PASSWD         = `8Kb2p4!o1`
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+
+[cron.update_checker]
+ENABLED = true
+
+[repository.pull-request]
+DEFAULT_MERGE_STYLE = merge
+
+[repository.signing]
+DEFAULT_TRUST_MODEL = committer
+
+[oauth2]
+JWT_SECRET = 3NIRibkUEPf2ScwnYUsXiG5RSEX7e3h_yWWqY1zfFCQ
+
+[cron.resync_all_sshkeys]
+ENABLED = true
+RUN_AT_START = true
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+[repository.issue]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; List of reasons why a Pull Request or Issue can be locked
+LOCK_REASONS = Too heated,Off-topic,Resolved,Spam
+;; Maximum number of pinned Issues per repo
+;; Set to 0 to disable pinning Issues
+MAX_PINNED = 3
+
+[project]
+PROJECT_BOARD_BASIC_KANBAN_TYPE = To Do, In Progress, Done
+PROJECT_BOARD_BUG_TRIAGE_TYPE = Needs Triage, High Priority, Low Priority, Closed
+
+[webhook]
+ALLOWED_HOST_LIST=teamcity.phx-erp.de,23.88.107.109,ansible.phx-erp.de,167.235.254.4
+; 23.88.107.109 -> Teamcity Ip

gitea/gitea/home/.gitconfig

@@ -0,0 +1,22 @@
+[user]
+	name = Gitea
+	email = gitea@fake.local
+[core]
+	quotePath = false
+	logAllRefUpdates = true
+	commitGraph = true
+[gc]
+	reflogExpire = 90
+	writeCommitGraph = true
+[receive]
+	advertisePushOptions = true
+	procReceiveRefs = refs/for
+[fetch]
+	writeCommitGraph = true
+[safe]
+	directory = *
+[uploadpack]
+	allowfilter = true
+	allowAnySHA1InWant = true
+[diff]
+	algorithm = histogram