defaults = { 'backups': { 'paths': { '/home/git', }, }, 'gitea': { 'database': { 'username': 'gitea', 'password': repo.vault.password_for('{} postgresql gitea'.format(node.name)), 'database': 'gitea', }, 'app_name': 'Gitea', 'lfs_secret_key': repo.vault.password_for('{} gitea lfs_secret_key'.format(node.name)), 'security_secret_key': repo.vault.password_for('{} gitea security_secret_key'.format(node.name)), 'oauth_secret_key': repo.vault.password_for('{} gitea oauth_secret_key'.format(node.name)), 'internal_token': repo.vault.password_for('{} gitea internal_token'.format(node.name)), }, 'icinga2_api': { 'gitea': { 'services': { 'GITEA PROCESS': { 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit gitea', }, }, }, }, 'openssh': { 'allowed_users': { 'git', }, }, 'postgresql': { 'roles': { 'gitea': { 'password': repo.vault.password_for('{} postgresql gitea'.format(node.name)), }, }, 'databases': { 'gitea': { 'owner': 'gitea', }, }, }, } @metadata_reactor def nginx(metadata): if not node.has_bundle('nginx'): raise DoNotRunAgain return { 'nginx': { 'vhosts': { metadata.get('gitea/domain'): { 'proxy': { '/': { 'target': 'http://127.0.0.1:22000', }, }, 'website_check_path': '/user/login', 'website_check_string': 'Sign In', }, }, }, }