Add Gitea Actions runner, ansible-lint CI, vault setup, and fix group_vars layout

- Move group_vars into inventory/ so playbooks can find them (was only
  visible to ad-hoc commands via CWD)
- Add Ansible Vault for sensitive variables (gitea/grafana passwords,
  tokens, db credentials) with vault_password_file outside the repo
- Enable Gitea Actions and deploy act_runner with Docker backend on
  the gitea VM
- Add .gitea/workflows/lint.yml to run ansible-lint on every push
- Set up Gitea → GitHub push mirror (sync_on_commit)
- Fix ansible.cfg stdout_callback for ansible-core 2.20 compatibility
- Add python-psycopg2 to gitea role (required for postgresql modules)
- Add docker to gitea_runner role (required by act_runner at startup)
- Exclude password hashes and VM images from git

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Adyrem
2026-05-13 17:34:03 +02:00
parent 72d07f49e3
commit 39be9fafe7
25 changed files with 1584 additions and 6 deletions
+5 -5
View File
@@ -3,10 +3,10 @@ gitea_http_port: 3000
gitea_domain: "{{ ansible_host }}"
gitea_db_name: gitea
gitea_db_user: gitea
gitea_db_password: gitea
gitea_secret_key: "REDACTED_SECRET_KEY"
gitea_internal_token: "REDACTED_INTERNAL_TOKEN"
gitea_db_password: "{{ vault_gitea_db_password }}"
gitea_secret_key: "{{ vault_gitea_secret_key }}"
gitea_internal_token: "{{ vault_gitea_internal_token }}"
gitea_admin_user: adyrem
gitea_admin_password: "" # set in vault or at runtime
gitea_admin_email: "" # set in group_vars or vault
gitea_admin_password: "{{ vault_gitea_admin_password }}"
gitea_admin_email: "{{ vault_gitea_admin_email }}"
+1
View File
@@ -4,6 +4,7 @@
name:
- gitea
- postgresql
- python-psycopg2
state: present
- name: Initialize PostgreSQL cluster
+3
View File
@@ -45,6 +45,9 @@ PROVIDER = db
[cache]
ADAPTER = memory
[actions]
ENABLED = true
[indexer]
ISSUE_INDEXER_TYPE = bleve
REPO_INDEXER_ENABLED = true