Files

Joakim 8e8aabd5e7 Improve logging and infrastructure variable consistency

Changes:
- Migrate Authentik to journald logging (remove file-based logs)
- Update Gitea to use infrastructure variables for PostgreSQL access
- Add comprehensive logging documentation to deployment guide
- Add infrastructure variable pattern guide to integration docs

Authentik Logging:
- Remove LogDriver=k8s-file from server and worker containers
- Remove logs directory creation from user setup tasks
- Update deployment guide with journald examples and JSON log patterns

Gitea Infrastructure Variables:
- Add infrastructure dependencies section to role defaults
- Replace hardcoded paths with postgresql_unix_socket_directories variable
- Replace hardcoded 'postgres' group with postgresql_client_group variable
- Add infrastructure variable validation in tasks
- Remove manual socket permission override (handled by infrastructure)

Documentation:
- Add journald logging best practices to service integration guide
- Add infrastructure variable pattern documentation with Gitea example
- Update Authentik deployment guide with journald commands and JSON filtering
- Document benefits: centralized logging, single source of truth, maintainability

Validated on arch-vps:
- Authentik logs accessible via journalctl and podman logs (identical output)
- Gitea user added to postgres-clients group (GID 962)
- No PostgreSQL socket permission errors after service restart

2025-12-14 17:16:21 +01:00

defaults

Improve logging and infrastructure variable consistency

2025-12-14 17:16:21 +01:00

handlers

Add self-contained Gitea Git service with PostgreSQL integration

2025-11-18 22:33:56 +01:00

README.md

Gitea Git Service Role

Self-contained Gitea Git service for rick-infra following the established architectural patterns.

Features

✅ Self-contained: Manages its own database and configuration
✅ Native Arch installation: Uses pacman packages
✅ PostgreSQL integration: Uses shared PostgreSQL infrastructure
✅ Caddy integration: Deploys reverse proxy configuration
✅ Security hardened: SystemD restrictions and secure defaults
✅ Production ready: HTTPS, SSH access, LFS support

Architecture

Dependencies: PostgreSQL infrastructure role
Database: Self-managed gitea database and user
Network: HTTP on :3000, SSH on :2222 (localhost)
Web access: https://git.domain.com (via Caddy)
SSH access: ssh://git@git.domain.com:2222

Configuration

Key variables (defaults in defaults/main.yml):

# Service
gitea_service_enabled: true
gitea_http_port: 3000
gitea_ssh_port: 2222

# Domain 
gitea_subdomain: "git"
gitea_domain: "{{ caddy_domain }}"

# Database (self-managed)
gitea_db_name: "gitea"
gitea_db_user: "gitea" 
gitea_db_password: "{{ vault_gitea_db_password }}"

# Application
gitea_app_name: "Gitea: Git with a cup of tea"
gitea_disable_registration: false
gitea_enable_lfs: true

Usage

Add vault password: Set vault_gitea_db_password in host_vars vault
Deploy: ansible-playbook site.yml --tags gitea
Access: Visit https://git.yourdomain.com to set up admin account

Dependencies

PostgreSQL infrastructure role (auto-included)
Caddy web server (for HTTPS access)
Vault password: vault_gitea_db_password

Self-Contained Design

This role follows rick-infra's self-contained service pattern:

Creates its own database and user via PostgreSQL infrastructure
Manages its own configuration and data
Deploys its own Caddy reverse proxy config
Independent lifecycle from other services

Rick-Infra Gitea Service
Git repository management with integrated CI/CD capabilities.