web: Add initial gitlab service

62547117 · James T. Lee · 45c2e42d · 62547117 · 62547117 · 62547117
Commit 62547117 authored Nov 27, 2020 by James T. Lee
Showing with 61 additions and 1 deletion

data/node/web.yaml data/node/web.yaml +1 -0

manifests/service/bitwarden.pp manifests/service/bitwarden.pp +0 -1

manifests/service/gitlab.pp manifests/service/gitlab.pp +60 -0

No files found.
--- a/data/node/web.yaml
+++ b/data/node/web.yaml
 ---
 classes:
+  - 'nest::service::gitlab'
  - 'private::web'
--- a/manifests/service/bitwarden.pp
+++ b/manifests/service/bitwarden.pp
 class nest::service::bitwarden (
  Hash[String[1], String[1]] $env = {},
 ) {
-  include '::nest'
  include '::nest::service::docker'
  package { 'app-emulation/docker-compose':

--- a/manifests/service/gitlab.pp
+++ b/manifests/service/gitlab.pp
+class nest::service::gitlab {
+  include 'nest::service::docker'
+  nest::lib::srv { 'gitlab': }
+  $gitlab_omnibus_config = @(GITLAB_OMNIBUS_CONFIG)
+    external_url 'https://gitlab.james.tl'
+    # For proxied SSL
+    # See: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
+    nginx['listen_port'] = 80
+    nginx['listen_https'] = false
+    | GITLAB_OMNIBUS_CONFIG
+  file { '/srv/gitlab/gitlab.rb':
+    mode    => '0600',
+    owner   => 'root',
+    group   => 'root',
+    content => $gitlab_omnibus_config,
+    require => Nest::Lib::Srv['gitlab'],
+    notify  => Docker::Run['gitlab'],
+  }
+  docker_network { 'gitlab':
+    ensure           => present,
+    subnet           => ['172.18.0.0/24', 'fc00:18::/64'],
+    additional_flags => '--ipv6',
+  }
+  docker::run { 'gitlab':
+    image            => 'gitlab/gitlab-ee',
+    net              => 'gitlab',
+    extra_parameters => [
+      '--ip 172.18.0.2',
+      '--ip6 fc00:18::2',
+    ],
+    env              => ["GITLAB_OMNIBUS_CONFIG=from_file('/omnibus_config.rb')"],
+    volumes          => [
+      '/srv/gitlab/gitlab.rb:/omnibus_config.rb:ro',
+      '/srv/gitlab/config:/etc/gitlab',
+      '/srv/gitlab/logs:/var/log/gitlab',
+      '/srv/gitlab/data:/var/opt/gitlab',
+    ],
+    service_provider => 'systemd',
+    require          => Docker_network['gitlab'],
+  }
+  firewall { '100 gitlab nat':
+    table    => nat,
+    chain    => 'POSTROUTING',
+    source   => 'fc00:18::/64',
+    jump     => 'MASQUERADE',
+    provider => ip6tables,
+  }
+  nest::lib::revproxy { 'gitlab.james.tl':
+    destination => 'http://172.18.0.2/',
+    ip          => ['104.156.227.40', '2001:19f0:300:2005::40'],
+  }
+}