commit message from python script

gitlab/group_vars/all/main.yml

@@ -1,6 +1,7 @@
 gitlab_dir: 
-  - "/home/{{ansible_user}}/.gitlab"
+  - "/home/{{ansible_user}}/.gitlab2"
-  - "/home/{{ansible_user}}/.gitlab/config"
+  - "/home/{{ansible_user}}/.gitlab2/config"
-  - "/home/{{ansible_user}}/.gitlab/log"
+  - "/home/{{ansible_user}}/.gitlab2/log"
-  - "/home/{{ansible_user}}/.gitlab/data"
+  - "/home/{{ansible_user}}/.gitlab2/data"
+  - "/home/{{ansible_user}}/.gitlab2/cert"
 

gitlab/roles/docker_gitlab/files/traefik.yml

@@ -0,0 +1,53 @@
+global:
+  checkNewVersion: true
+  sendAnonymousUsage: false
+
+log:
+  level: DEBUG
+
+accessLog:
+   filePath: "/certs/access.log"
+   format: json
+
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+   address: ":443"
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+  file:
+    filename: /etc/traefik/traefik.yml # THIS IS THE IMPORTANT PART
+    watch: true
+
+api:
+   dashboard: true
+#   insecure: true
+ 
+http:
+  routers:
+  middlewares:
+    redirect:
+      redirectScheme:
+        scheme: https
+
+tls:
+  stores:
+     default:
+        defaultCertificate:
+           certFile: "/certs/gitlab.cer"
+           keyFile: "/certs/gitlab.key"
+  certificates:
+    - certFile: "/certs/gitlab.cer"
+      keyFile: "/certs/gitlab.key"
+  options:
+    myTLSOptions:
+      minVersion: versionTLS13
+      cipherSuites:
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

gitlab/roles/docker_gitlab/tasks/main.yml

@@ -7,6 +7,37 @@
     group: "{{ansible_user}}"
     mode: 0777
 
+- name: Copy traefik Config
+  copy:
+    src: traefik.yml
+    dest: "{{gitlab_dir[0]}}/traefik.yml"
+    owner: "{{ansible_user}}"
+    group: "{{ansible_user}}"
+    mode: 0777
+
+- name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
+  openssl_privatekey:
+    path: "{{gitlab_dir[4]}}/gitlab.key"
+     
+- name: Generate an OpenSSL Certificate Signing Request
+  openssl_csr:
+    path: "{{gitlab_dir[4]}}/gitlab.csr"
+    privatekey_path: "{{gitlab_dir[4]}}/gitlab.key"
+    common_name: gitlab.man-dan-03
+    subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}"
+  with_dict:
+    dns_server:
+            #- j337114.servers.jiffybox.net
+            #- "{{ansible_hostname}}"
+      - "man-dan-03"
+
+- name: Generate a Self Signed OpenSSL certificate
+  openssl_certificate:
+    path: "{{gitlab_dir[4]}}/gitlab.cer"
+    privatekey_path: "{{gitlab_dir[4]}}/gitlab.key"
+    csr_path: "{{gitlab_dir[4]}}/gitlab.csr"
+    provider: selfsigned
+
 #- name: deploy Docker Compose stack
 #  docker_compose:
 #    project_src: "{{jenkins_dir[0]}}"

gitlab/roles/docker_gitlab/templates/docker-compose.yml.j2

@@ -1,5 +1,37 @@
 version: '3.8'
 services:
+  traefik:
+    image: traefik:latest
+    command:
+      - "--api=true"
+      - "--api.dashboard=true"
+      - "--log.level=DEBUG"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.network=web"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+     # - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+     # - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+     # für Testzwecke geeignet, da Let's Encrypt "rate limiting" einsetzt
+     # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+     # - "--certificatesresolvers.myresolver.acme.email=webmaster@example.net"
+     # - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    labels:
+      - "traefik.enable=true"
+      - traefik.http.routers.api.rule=Host("traefik.{{ansible_hostname}}")
+      - "traefik.http.routers.api.service=api@internal"
+      - "traefik.http.routers.api.middlewares=auth"
+      - "traefik.http.middlewares.auth.basicauth.users=JonnyBravo:$$apr1$$sl3.va5H$$DwEAtzKda4XA6lypIZ/271"
+      - "traefik.http.routers.api.entrypoints=websecure"
+      - "traefik.http.routers.api.tls=true"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - {{gitlab_dir[0]}}/traefik.yml:/etc/traefik/traefik.yml
+      - {{gitlab_dir[4]}}:/certs 
+    ports:
+      - 80:80
+      - 443:443
   web:
     image: 'gitlab/gitlab-ce:latest'
     restart: always
@@ -9,11 +41,16 @@ services:
       GITLAB_OMNIBUS_CONFIG: |
         external_url 'http://{{ansible_host}}:{{web_port}}'
         gitlab_rails['gitlab_shell_ssh_port'] = {{ssh_port}}
+        nginx['listen_port'] = 80
     ports:
-      - '{{web_port}}:8929'
       - '{{ssh_port}}:22'
     volumes:
       - '{{gitlab_dir[1]}}:/etc/gitlab'
       - '{{gitlab_dir[2]}}:/var/log/gitlab'
       - '{{gitlab_dir[3]}}:/var/opt/gitlab'
+    labels:
+      - "traefik.enable=true"
+      - traefik.http.routers.wordpress.rule=Host("gitlab.{{ansible_hostname}}")
+      - "traefik.http.routers.wordpress.entrypoints=websecure"
+      - "traefik.http.routers.wordpress.tls=true"
     shm_size: '{{shm_size}}'