Improve logging and infrastructure variable consistency
Changes: - Migrate Authentik to journald logging (remove file-based logs) - Update Gitea to use infrastructure variables for PostgreSQL access - Add comprehensive logging documentation to deployment guide - Add infrastructure variable pattern guide to integration docs Authentik Logging: - Remove LogDriver=k8s-file from server and worker containers - Remove logs directory creation from user setup tasks - Update deployment guide with journald examples and JSON log patterns Gitea Infrastructure Variables: - Add infrastructure dependencies section to role defaults - Replace hardcoded paths with postgresql_unix_socket_directories variable - Replace hardcoded 'postgres' group with postgresql_client_group variable - Add infrastructure variable validation in tasks - Remove manual socket permission override (handled by infrastructure) Documentation: - Add journald logging best practices to service integration guide - Add infrastructure variable pattern documentation with Gitea example - Update Authentik deployment guide with journald commands and JSON filtering - Document benefits: centralized logging, single source of truth, maintainability Validated on arch-vps: - Authentik logs accessible via journalctl and podman logs (identical output) - Gitea user added to postgres-clients group (GID 962) - No PostgreSQL socket permission errors after service restart
This commit is contained in:
@@ -39,9 +39,10 @@ caddy_sites_enabled_dir: "/etc/caddy/sites-enabled"
|
||||
# =================================================================
|
||||
|
||||
# Gitea manages its own database (Unix socket connection)
|
||||
# Uses infrastructure variables for consistent socket path reference
|
||||
gitea_db_type: "postgres"
|
||||
gitea_db_host: "/run/postgresql" # Unix socket directory
|
||||
gitea_db_port: 5432
|
||||
gitea_db_host: "{{ postgresql_unix_socket_directories }}" # Unix socket from infrastructure
|
||||
gitea_db_port: "{{ postgresql_port }}"
|
||||
gitea_db_name: "gitea"
|
||||
gitea_db_user: "gitea"
|
||||
gitea_db_password: "{{ vault_gitea_db_password }}"
|
||||
@@ -65,6 +66,16 @@ gitea_require_signin: false
|
||||
# SSH settings
|
||||
gitea_start_ssh_server: true
|
||||
|
||||
# =================================================================
|
||||
# Infrastructure Dependencies (Read-only)
|
||||
# =================================================================
|
||||
# These variables reference infrastructure services defined by their roles
|
||||
# Applications MUST NOT modify these values - they are provided by infrastructure
|
||||
|
||||
postgresql_unix_socket_directories: "/var/run/postgresql"
|
||||
postgresql_client_group: "postgres-clients"
|
||||
postgresql_port: 5432
|
||||
|
||||
# =================================================================
|
||||
# Rick-Infra Integration Notes
|
||||
# =================================================================
|
||||
|
||||
@@ -2,6 +2,15 @@
|
||||
# Gitea Service Role - Self-Contained Implementation
|
||||
# Manages Gitea Git service with own database
|
||||
|
||||
- name: Validate infrastructure variables are defined
|
||||
assert:
|
||||
that:
|
||||
- postgresql_unix_socket_directories is defined
|
||||
- postgresql_client_group is defined
|
||||
- postgresql_port is defined
|
||||
fail_msg: "Missing required infrastructure variables. Ensure PostgreSQL role has run first."
|
||||
success_msg: "Infrastructure variables validated successfully"
|
||||
|
||||
- name: Install Gitea from Arch repository
|
||||
pacman:
|
||||
name: gitea
|
||||
@@ -43,23 +52,16 @@
|
||||
group: "{{ gitea_group }}"
|
||||
mode: '0700'
|
||||
|
||||
# Socket access setup (following Authentik pattern)
|
||||
- name: Add git user to postgres group for socket access
|
||||
# Socket access setup (using infrastructure variables)
|
||||
- name: Add git user to PostgreSQL client group for socket access
|
||||
user:
|
||||
name: "{{ gitea_user }}"
|
||||
groups: postgres
|
||||
groups: "{{ postgresql_client_group }}"
|
||||
append: true
|
||||
|
||||
- name: Ensure git can access PostgreSQL socket directory
|
||||
file:
|
||||
path: "/var/run/postgresql"
|
||||
mode: '0770'
|
||||
group: postgres
|
||||
become: true
|
||||
|
||||
- name: Test PostgreSQL socket connectivity
|
||||
postgresql_ping:
|
||||
login_unix_socket: "/var/run/postgresql"
|
||||
login_unix_socket: "{{ postgresql_unix_socket_directories }}"
|
||||
login_user: "{{ gitea_user }}"
|
||||
become: true
|
||||
become_user: "{{ gitea_user }}"
|
||||
@@ -70,7 +72,7 @@
|
||||
name: "{{ gitea_db_user }}"
|
||||
password: "{{ gitea_db_password }}"
|
||||
encrypted: yes
|
||||
login_unix_socket: "/var/run/postgresql"
|
||||
login_unix_socket: "{{ postgresql_unix_socket_directories }}"
|
||||
login_user: postgres
|
||||
become: true
|
||||
become_user: postgres
|
||||
@@ -81,7 +83,7 @@
|
||||
owner: "{{ gitea_db_user }}"
|
||||
encoding: UTF8
|
||||
template: template0
|
||||
login_unix_socket: "/var/run/postgresql"
|
||||
login_unix_socket: "{{ postgresql_unix_socket_directories }}"
|
||||
login_user: postgres
|
||||
become: true
|
||||
become_user: postgres
|
||||
@@ -92,7 +94,7 @@
|
||||
privs: ALL
|
||||
type: database
|
||||
role: "{{ gitea_db_user }}"
|
||||
login_unix_socket: "/var/run/postgresql"
|
||||
login_unix_socket: "{{ postgresql_unix_socket_directories }}"
|
||||
login_user: postgres
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
Reference in New Issue
Block a user