From 00f30da2d8329e27f34215b1d30dfa2f06e33fec Mon Sep 17 00:00:00 2001 From: Sven-Hendrik Haase Date: Sun, 13 Dec 2020 01:50:20 +0100 Subject: [PATCH] Add a way to let us provide additional addresses to machines configured via DHCP --- group_vars/hcloud.yml | 1 + host_vars/gitlab.archlinux.org | 1 + playbooks/gitlab.archlinux.org.yml | 7 ++++++- roles/common/tasks/main.yml | 10 ++++++++++ .../templates/additional_addresses.conf.j2 | 7 +++++++ roles/gitlab/tasks/main.yml | 16 ++++++++-------- 6 files changed, 33 insertions(+), 9 deletions(-) create mode 100644 roles/common/templates/additional_addresses.conf.j2 diff --git a/group_vars/hcloud.yml b/group_vars/hcloud.yml index 3f6012ae..70529c54 100644 --- a/group_vars/hcloud.yml +++ b/group_vars/hcloud.yml @@ -1,2 +1,3 @@ --- enable_zram_swap: true +dhcp: true diff --git a/host_vars/gitlab.archlinux.org b/host_vars/gitlab.archlinux.org index 0d479a01..6572f026 100644 --- a/host_vars/gitlab.archlinux.org +++ b/host_vars/gitlab.archlinux.org @@ -1,3 +1,4 @@ --- filesystem: btrfs gitlab_backupdir: /srv/gitlab/data/backups +additional_addresses: ["116.203.6.156/32", "2a01:4f8:c2c:5d2d::2/64"] diff --git a/playbooks/gitlab.archlinux.org.yml b/playbooks/gitlab.archlinux.org.yml index 63a15549..b7b56ec2 100644 --- a/playbooks/gitlab.archlinux.org.yml +++ b/playbooks/gitlab.archlinux.org.yml @@ -9,7 +9,12 @@ - { role: firewalld } - { role: sshd } - { role: root_ssh } - - { role: gitlab, gitlab_domain: "gitlab.archlinux.org" } + - { role: gitlab, + gitlab_domain: "gitlab.archlinux.org", + gitlab_primary_addresses: ['159.69.41.129', '[2a01:4f8:c2c:5d2d::1]'], + gitlab_pages_http_addresses: ['116.203.6.156:80', '[2a01:4f8:c2c:5d2d::2]:80'], + gitlab_pages_https_addresses: ['116.203.6.156:443', '[2a01:4f8:c2c:5d2d::2]:443'] + } - { role: borg_client, tags: ["borg"] } - { role: prometheus_exporters } - { role: fail2ban } diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 9fab025b..45d78a06 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -75,6 +75,16 @@ service: name=systemd-networkd state=started enabled=yes when: configure_network +- name: create additional network config directory + file: path=/etc/systemd/network/10-dhcp-ethernet.network.d state=directory owner=root group=root mode=0755 + when: dhcp|default(False) and additional_addresses is defined + +- name: configure additional network addresses + template: src=additional_addresses.conf.j2 dest=/etc/systemd/network/10-dhcp-ethernet.network.d/additional_addresses.conf owner=root group=root mode=0644 + notify: + - restart networkd + when: dhcp|default(False) and additional_addresses is defined + - name: start resolved service: name: systemd-resolved diff --git a/roles/common/templates/additional_addresses.conf.j2 b/roles/common/templates/additional_addresses.conf.j2 new file mode 100644 index 00000000..deee7b9c --- /dev/null +++ b/roles/common/templates/additional_addresses.conf.j2 @@ -0,0 +1,7 @@ +# Additional addresses to add to the default interface + +{% for address in additional_addresses %} +[Address] +Address={{ address }} + +{% endfor %} diff --git a/roles/gitlab/tasks/main.yml b/roles/gitlab/tasks/main.yml index 99e49425..6ae6a4aa 100644 --- a/roles/gitlab/tasks/main.yml +++ b/roles/gitlab/tasks/main.yml @@ -26,11 +26,18 @@ # 2. In order to logout properly we need to configure the "After sign out path" and set it to # https://accounts.archlinux.org/auth/realms/archlinux/protocol/openid-connect/logout?redirect_uri=https%3A//gitlab.archlinux.org # https://gitlab.com/gitlab-org/gitlab/issues/14414 + # + # In addition, see https://docs.gitlab.com/ee/administration/pages/ for the GitLab Pages trickery done below. GITLAB_OMNIBUS_CONFIG: | external_url 'https://{{ gitlab_domain }}' nginx['client_max_body_size'] = '2g' - nginx['listen_addresses'] = ["0.0.0.0", "[::]"] + nginx['listen_addresses'] = {{ gitlab_primary_addresses }} registry_nginx['listen_addresses'] = ['*', '[::]'] + gitlab_pages['inplace_chroot'] = true + pages_external_url "http://gitlab.archlinux.org" + pages_nginx['enable'] = false + gitlab_pages['external_http'] = {{ gitlab_pages_http_addresses }} + gitlab_pages['external_https'] = {{ gitlab_pages_https_addresses }} letsencrypt['enable'] = true letsencrypt['contact_emails'] = ['webmaster@archlinux.org'] gitlab_rails['lfs_enabled'] = true @@ -82,13 +89,6 @@ } } ] - # https://docs.gitlab.com/ee/administration/pages/ - pages_external_url "http://noop.archlinux.org" - nginx['listen_addresses'] = ['159.69.41.129', '[2a01:4f8:c2c:5d2d::1]'] - pages_nginx['enable'] = false - # "(Only for custom domains) Have a secondary IP." - gitlab_pages['external_http'] = ['1.2.3.4'] - gitlab_pages['external_https'] = ['1.2.3.4'] volumes: - "/srv/gitlab/config:/etc/gitlab" - "/srv/gitlab/logs:/var/log/gitlab"