defaults = { 'backups': { 'paths': { '/home/git', }, }, 'gitea': { 'app_name': 'Gitea', 'database': { 'username': 'gitea', 'password': repo.vault.password_for('{} postgresql gitea'.format(node.name)), 'database': 'gitea', }, 'email_domain_blocklist': set(), 'enable_git_hooks': False, 'internal_token': repo.vault.password_for('{} gitea internal_token'.format(node.name)), 'lfs_secret_key': repo.vault.password_for('{} gitea lfs_secret_key'.format(node.name)), 'oauth_secret_key': repo.vault.password_for('{} gitea oauth_secret_key'.format(node.name)), 'security_secret_key': repo.vault.password_for('{} gitea security_secret_key'.format(node.name)), }, 'icinga2_api': { 'gitea': { 'services': { 'GITEA PROCESS': { 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit gitea', }, }, }, }, 'openssh': { 'allowed_users': { 'git', }, }, 'postgresql': { 'roles': { 'gitea': { 'password': repo.vault.password_for('{} postgresql gitea'.format(node.name)), }, }, 'databases': { 'gitea': { 'owner': 'gitea', }, }, }, } @metadata_reactor.provides( 'nginx/vhosts', ) def nginx(metadata): if not node.has_bundle('nginx'): raise DoNotRunAgain return { 'nginx': { 'vhosts': { metadata.get('gitea/domain'): { 'proxy': { '/': { 'target': 'http://127.0.0.1:22000', }, }, 'website_check_path': '/user/login', 'website_check_string': 'Sign In', }, }, }, } @metadata_reactor.provides( 'icinga2_api/gitea/services', ) def icinga_check_for_new_release(metadata): return { 'icinga2_api': { 'gitea': { 'services': { 'GITEA UPDATE': { 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release go-gitea/gitea v{}'.format(metadata.get('gitea/version')), 'vars.notification.mail': True, 'check_interval': '60m', }, }, }, }, }