Get basic gitea instance working.

- add note to readme about the annoying gotcha I found.

ansible/roles/awfulAll/readme.org

@@ -0,0 +1,7 @@
+* awful-1
+this shit does too much. I should probably break it out a bit.
+
+** things to note
+i have gitea shit set up on a single network so that it can be isolated from the rest of my services. the traefik container ALSO must have access to that instance or it won't be able to forward data to the gt server.
+
+real fucking confused there for like 30 minutes.

ansible/roles/awfulAll/templates/awful-compose.yml

@@ -18,15 +18,23 @@ services:
     ports:
       - "80:80"
       - "443:443"
-      - "222:222"
+      - "222:222" # gitea ssh
       - "8080:8080"
     environment:
       DO_AUTH_TOKEN: "{{ DO_AUTH_TOKEN }}"
+    networks:
+      gitea:      
     volumes:
       - "/home/josiah/apps/awful/letsencrypt/:/letsencrypt"
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
-      - "/home/josiah/apps/test/traefik.yml:/etc/traefik/traefik.yml"
+      - "/home/josiah/apps/awful/traefik.yml:/etc/traefik/traefik.yml"
       - traefik_logs:/log
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.edge.rule=hostregexp(`{host:.+}`)"      
+      - "traefik.http.routers.edge.entrypoints=web"
+      - "traefik.http.routers.edge.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"      
 
   whoami:
     image: "containous/whoami"
@@ -35,7 +43,8 @@ services:
       - "traefik.http.routers.whoami.rule=Host(`whoami.awful.club`)"
       - "traefik.http.routers.whoami.entrypoints=websecure"
       - "traefik.http.routers.whoami.tls.certresolver=awful-letsencrypt"
-
+      - "traefik.http.routers.whoami.tls=true"
+      
   nginx: 
     image: nginx:1.17.10
     volumes:
@@ -48,3 +57,52 @@ services:
       - "traefik.http.routers.nginx.rule=Host(`awful.club`)||Host(`jowj.net`)"
       - "traefik.http.routers.nginx.entrypoints=websecure"
       - "traefik.http.routers.nginx.tls.certresolver=awful-letsencrypt"
+
+  gitea-server:
+    image: gitea/gitea:latest
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - DB_TYPE=postgres
+      - DB_HOST=172.28.1.3:5432
+      - DB_NAME={{ GITEA_DB_NAME }}
+      - DB_USER={{ GITEA_DB_USER }}
+      - DB_PASSWD={{ GITEA_DB_PASSWD }}
+    networks:
+      gitea:
+        ipv4_address: 172.28.1.2
+    volumes:
+      - /mnt/volume_sfo2_01/gitea:/data
+    depends_on:
+      - gitea-db
+    labels:
+      # global rules
+      - "traefik.enable=true"
+
+      # the web ui
+      - "traefik.http.routers.gitea-web.rule=Host(`git.awful.club`)"      
+      - "traefik.http.routers.gitea-web.entrypoints=websecure"
+      - "traefik.http.routers.gitea-web.service=gitea-web-svc"
+      - "traefik.http.routers.gitea-web.tls=true"      
+      - "traefik.http.routers.gitea-web.tls.certresolver=awful-letsencrypt"
+      - "traefik.http.services.gitea-web-svc.loadbalancer.server.port=3000"
+
+
+      # handle ssh
+      - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)"
+      - "traefik.tcp.routers.gitea-ssh.entrypoints=ssh"
+      - "traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc"
+      - "traefik.tcp.services.gitea-ssh-svc.loadbalancer.server.port=22"      
+      
+  gitea-db:
+    image: postgres:9.6
+    environment:
+      - POSTGRES_USER={{ GITEA_POSTGRES_USER }}
+      - POSTGRES_PASSWORD={{ GITEA_POSTGRES_USER }}
+      - POSTGRES_DB={{ GITEA_POSTGRES_USER }}
+    networks:
+      gitea:
+        ipv4_address: 172.28.1.3
+    volumes:
+      - /mnt/volume_sfo2_01/psql:/var/lib/postgresql/data
+      

ansible/roles/awfulAll/templates/traefik.yml

@@ -11,7 +11,9 @@ api:
   insecure: false
 entryPoints:
   ssh: 
-    address: ":22"
+    address: ":222"
+  gitea-web: 
+    address: ":3000"    
   web:
     address: ":80"
   websecure: