Deploy mastodon v0.1

roles/infra/tasks/git.yml

@@ -0,0 +1,46 @@
+#SPDX-License-Identifier: MIT-0
+---
+# tasks file for git
+
+- name: Create git directory
+  ansible.builtin.file:
+    path: /home/apps/git
+    state: directory
+
+- name: Create main git container
+  containers.podman.podman_container:
+    name: gitea
+    image: docker.gitea.com/gitea:1.25.4
+    env:
+      USER_UID: 1000
+      USER_GID: 1000
+      SSH_PORT: 222
+    network:
+      - podman
+    volumes:
+      - "/home/apps/git:/data:z"
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "222:22"
+    generate_systemd:
+      new: true
+      restart_policy: "always"
+      path: "~/.config/systemd/user/"
+    label:
+      traefik.enable: "true"
+      traefik.http.routers.gitea.rule: "Host(`git.wtf.lt`)"
+      traefik.http.middlewares.gitea-https-redirect.redirectscheme.scheme: "https"
+      traefik.http.routers.gitea.middlewares: "gitea-https-redirect"
+      traefik.http.routers.gitea-secure.entrypoints: "https"
+      traefik.http.routers.gitea-secure.rule: "Host(`git.wtf.lt`)"
+      traefik.http.routers.gitea-secure.tls: "true"
+      traefik.http.routers.gitea-secure.tls.certresolver: "lets-encrypt"
+      traefik.http.services.gitea.loadbalancer.server.port: "3000"
+
+- name: Activate gitea container service
+  ansible.builtin.systemd_service:
+    name: container-gitea.service
+    state: started
+    enabled: true
+    scope: user

roles/infra/tasks/main.yml

@@ -0,0 +1,9 @@
+#SPDX-License-Identifier: MIT-0
+---
+# tasks file for infra role
+
+- name: Install traefik
+  ansible.builtin.include_tasks: traefik.yml
+
+- name: Install gitea
+  ansible.builtin.include_tasks: git.yml

roles/infra/tasks/traefik.yml

@@ -0,0 +1,54 @@
+#SPDX-License-Identifier: MIT-0
+---
+# tasks file for traefik
+
+- name: Create acme file
+  ansible.builtin.file:
+    path: "~/{{ infra_acme.storage }}"
+    state: file
+    mode: "0600"
+
+- name: Setup local socket for traefik
+  ansible.builtin.systemd_service:
+    name: podman.socket
+    state: started
+    enabled: true
+    scope: user
+
+- name: Create main traefik container
+  containers.podman.podman_container:
+    name: traefik
+    image: docker.io/library/traefik:latest
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"
+    network:
+      - podman
+    security_opt:
+      - "label=type:container_runtime_t"
+    volumes:
+      - "/run/user/1000/podman/podman.sock:/var/run/docker.sock:z"
+      - "/home/apps/acme.json:/acme.json:z"
+    command: >-
+      --api.dashboard=true
+      --api.insecure=true
+      --certificatesresolvers.lets-encrypt.acme.email={{ infra_acme.email }}
+      --certificatesresolvers.lets-encrypt.acme.storage=/{{ infra_acme.storage }}
+      --certificatesresolvers.lets-encrypt.acme.tlschallenge=true
+      --entrypoints.http.address=:80
+      --entrypoints.http.http.redirections.entryPoint.to=https
+      --entrypoints.http.http.redirections.entryPoint.scheme=https
+      --entrypoints.https.address=:443
+      --providers.docker=true
+    generate_systemd:
+      new: true
+      restart_policy: "always"
+      path: "~/.config/systemd/user/"
+
+- name: Activate traefik container service
+  ansible.builtin.systemd_service:
+    name: container-traefik.service
+    state: started
+    enabled: true
+    scope: user