feat: add git.skudak.com Gitea instance and skudak domain migrations

Gitea Skudak (git.skudak.com): - New Gitea instance with PostgreSQL in podman pod under git user - SSH access via Gitea's built-in SSH server on port 2222 - Registration restricted to @skudak.com emails with email confirmation - SMTP configured for email delivery Domain migrations: - wiki.skudakrennsport.com → wiki.skudak.com (302 redirect) - cloud.skudakrennsport.com + cloud.skudak.com (dual-domain serving) - BookStack APP_URL updated to wiki.skudak.com - Nextcloud trusted_domains updated for cloud.skudak.com Infrastructure: - SELinux context for git user container storage (container_file_t) - Firewall rule for port 2222/tcp (Gitea Skudak SSH) - Caddy reverse proxy for git.skudak.com Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-15 22:27:02 -05:00
parent 9e665a841d
commit c96aeafb3f
10 changed files with 184 additions and 12 deletions
--- a/ansible/roles/git/tasks/podman.yml
+++ b/ansible/roles/git/tasks/podman.yml
@@ -45,9 +45,14 @@
    - "{{ git_home }}/volumes"
    - "{{ git_home }}/volumes/gitea"
    - "{{ git_home }}/volumes/gitea/data"
-    # NOTE: psql directory is created by PostgreSQL container with container user ownership
+    - "{{ git_home }}/volumes/gitea/psql"
+    - "{{ git_home }}/volumes/gitea-skudak"
+    - "{{ git_home }}/volumes/gitea-skudak/data"
+    - "{{ git_home }}/volumes/gitea-skudak/psql"
+  # NOTE: psql directories may already exist with postgres ownership - ignore errors
+  failed_when: false
  notify: restorecon git
-  tags: git, gitea
+  tags: git, gitea, gitea-skudak

 # SELinux context for container volumes
 - name: selinux context for git container volumes
@@ -57,7 +62,17 @@
    setype: container_file_t
    state: present
  notify: restorecon git
-  tags: git, gitea, selinux
+  tags: git, gitea, gitea-skudak, selinux
+
+# SELinux context for container storage (images, overlays, etc.)
+- name: selinux context for git container storage
+  become: true
+  community.general.sefcontext:
+    target: "{{ git_home }}/.local/share/containers(/.*)?"
+    setype: container_file_t
+    state: present
+  notify: restorecon git
+  tags: git, gitea, gitea-skudak, selinux

 # Enable podman socket for SSH key lookup via AuthorizedKeysCommand
 - name: enable podman socket for git user