bastian/deploy_home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2b4844b2113dfae906b8bb9c43c12fb7579c4cc2
deploy_home/ansible/roles/podman/tasks/containers/skudak/wiki.yml
Bastian de Byl c96aeafb3f feat: add git.skudak.com Gitea instance and skudak domain migrations 
Gitea Skudak (git.skudak.com):
- New Gitea instance with PostgreSQL in podman pod under git user
- SSH access via Gitea's built-in SSH server on port 2222
- Registration restricted to @skudak.com emails with email confirmation
- SMTP configured for email delivery

Domain migrations:
- wiki.skudakrennsport.com → wiki.skudak.com (302 redirect)
- cloud.skudakrennsport.com + cloud.skudak.com (dual-domain serving)
- BookStack APP_URL updated to wiki.skudak.com
- Nextcloud trusted_domains updated for cloud.skudak.com

Infrastructure:
- SELinux context for git user container storage (container_file_t)
- Firewall rule for port 2222/tcp (Gitea Skudak SSH)
- Caddy reverse proxy for git.skudak.com

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-15 22:27:02 -05:00

95 lines
2.6 KiB
YAML
Raw Blame History

---
- name: create required bookstack volumes
become: true
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ podman_subuid.stdout }}"
group: "{{ podman_user }}"
mode: 0755
notify: restorecon podman
loop:
- "{{ bookstack_path }}/mysql"
- "{{ bookstack_path }}/public"
- "{{ bookstack_path }}/storage"
- name: flush handlers
ansible.builtin.meta: flush_handlers
- name: unshare chown the bookstack upload volumes
become: true
become_user: "{{ podman_user }}"
changed_when: false
ansible.builtin.command: |
podman unshare chown -R 33:33 {{ bookstack_path }}/public {{ bookstack_path }}/storage
- import_tasks: podman/podman-check.yml
vars:
container_name: bookstack-db
container_image: "{{ db_image }}"
- name: create bookstack-db container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: bookstack-db
image: "{{ db_image }}"
restart_policy: on-failure:3
log_driver: journald
network:
- shared
env:
MYSQL_ROOT_PASSWORD: "{{ bookstack_db_root_pass }}"
TZ: "America/New_York"
MYSQL_DATABASE: bookstack
MYSQL_USER: bookstack
MYSQL_PASSWORD: "{{ bookstack_db_pass }}"
volumes:
- "{{ bookstack_path }}/mysql:/var/lib/mysql"
- name: create systemd startup job for bookstack-db
include_tasks: podman/systemd-generate.yml
vars:
container_name: bookstack-db
- import_tasks: podman/podman-check.yml
vars:
container_name: bookstack
container_image: "{{ image }}"
- name: create bookstack container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: bookstack
image: "{{ image }}"
restart_policy: on-failure:3
log_driver: journald
network:
- shared
env:
APP_URL: "https://wiki.skudak.com"
APP_KEY: "{{ bookstack_app_key }}"
DB_HOST: "bookstack-db"
DB_USERNAME: "bookstack"
DB_DATABASE: "bookstack"
DB_PASSWORD: "{{ bookstack_db_pass }}"
MAIL_DRIVER: "smtp"
MAIL_HOST: "{{ skudaknoreply_mail_host }}"
MAIL_PORT: 465
MAIL_ENCRYPTION: "ssl"
MAIL_USERNAME: "{{ skudaknoreply_mail_user }}"
MAIL_PASSWORD: "{{ skudaknoreply_mail_pass }}"
MAIL_FROM: "{{ skudaknoreply_mail_user }}"
MAIL_FROM_NAME: "Skudak Wiki"
ports:
- "6875:8080"
volumes:
- "{{ bookstack_path }}/public:/var/www/bookstack/public/uploads"
- "{{ bookstack_path }}/storage:/var/www/bookstack/storage/uploads"
- name: create systemd startup job for bookstack
include_tasks: podman/systemd-generate.yml
vars:
container_name: bookstack
Reference in New Issue View Git Blame Copy Permalink