commit 408a3d8ce1a33bc9b5630a3e4b4f4e46a703a8ca Author: Jordan Holt Date: Sun Dec 12 20:54:00 2021 +0000 Initial commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..3d859ac --- /dev/null +++ b/README.md @@ -0,0 +1,85 @@ +# Vimium GitLab + +Self hosted [GitLab](https://about.gitlab.com/install) instance on Vimium.com. Deployed on Hetzner Cloud in the Helsinki datacentre. + +## Prerequisites +Create an API key in the Hetzner Cloud GUI (Project -> Security -> API Tokens) with the name `gitlab`. This may already be accessible via `pass api/hetzner/gitlab`. + +### SSH key +Replace :bearer with your API token from above and :sshkey with your SSH key. +``` +POST https://api.hetzner.cloud/v1/ssh_keys HTTP/1.1 +Authorization: Bearer :bearer +Content-Type: application/json + +{ + "name": "jordan", + "public_key": ":sshkey" +} +``` + +### Create the primary server +This instance will run GitLab CE. +``` +POST https://api.hetzner.cloud/v1/servers HTTP/1.1 +Authorization: Bearer :bearer +Content-Type: application/json + +{ + "name": "gitlab-nbg1-1", + "server_type": "cx31", + "location": "nbg1", + "start_after_create": true, + "image": "debian-10", + "labels": {"gitlab-role": "primary"}, + "ssh_keys": [ + "jordan" + ], + "automount": false +} +``` + +### Create the GitLab Runner instance +``` +POST https://api.hetzner.cloud/v1/servers HTTP/1.1 +Authorization: Bearer :bearer +Content-Type: application/json + +{ + "name": "gitlab-runner-nbg1-1", + "server_type": "cx21", + "location": "nbg1", + "start_after_create": true, + "image": "debian-10", + "labels": {"gitlab-role": "runner"}, + "ssh_keys": [ + "jordan" + ], + "automount": false +} +``` + +## Deployment +Ansible is used to provision both the primary GitLab instance and the GitLab runner. + +Run: +```bash +ansible-galaxy -r requirements.yml +ansible-playbook main.yml +``` + +## First time setup +SSH onto the GitLab instance and run: +```bash +grep 'Password:' /etc/gitlab/initial_root_password +``` + +Then login to the web interface with the username `root` and the password from above. + +1. Change admin password +1. Disable sign ups + +## Resources +- https://github.com/geerlingguy/ansible-role-gitlab +- https://github.com/riemers/ansible-gitlab-runner +- https://wyssmann.com/blog/2021/04/dynamic-inventory-with-ansible-and-hetzner-robot-and-hetzner-cloud/ \ No newline at end of file diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..a245af0 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +inventory = inventory/prod +log_path = /var/log/ansible.log +remote_user = root \ No newline at end of file diff --git a/inventory/prod b/inventory/prod new file mode 100644 index 0000000..3e8c3ec --- /dev/null +++ b/inventory/prod @@ -0,0 +1,2 @@ +[primary] +116.203.134.10 diff --git a/main.yml b/main.yml new file mode 100644 index 0000000..d27c14c --- /dev/null +++ b/main.yml @@ -0,0 +1,6 @@ +--- +- hosts: primary + vars_files: + - vars/primary.yml + roles: + - geerlingguy.gitlab \ No newline at end of file diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..cbc072a --- /dev/null +++ b/requirements.yml @@ -0,0 +1,6 @@ +--- +roles: + - name: geerlingguy.gitlab + +collections: + - name: hetzner.hcloud \ No newline at end of file diff --git a/vars/primary.yml b/vars/primary.yml new file mode 100644 index 0000000..285618d --- /dev/null +++ b/vars/primary.yml @@ -0,0 +1,4 @@ +gitlab_domain: git.vimium.com +gitlab_create_self_signed_cert: false +gitlab_letsencrypt_enable: true +gitlab_letsencrypt_contact_emails: ["hostmaster@vimium.com"] \ No newline at end of file