feat: update deployment configuration and encrypted env loader

- Update Ansible playbooks and roles for application deployment - Add new Gitea/Traefik troubleshooting playbooks - Update Docker Compose configurations (base, local, staging, production) - Enhance EncryptedEnvLoader with improved error handling - Add deployment scripts (autossh setup, migration, secret testing) - Update CI/CD workflows and documentation - Add Semaphore stack configuration
2025-11-02 20:38:06 +01:00
parent 7b7f0b41d2
commit 24cbbccf4c
44 changed files with 5280 additions and 276 deletions
--- a/deployment/ansible/playbooks/fix-gitea-traefik-dynamic-config.yml
+++ b/deployment/ansible/playbooks/fix-gitea-traefik-dynamic-config.yml
@@ -0,0 +1,143 @@
+---
+- name: Fix Gitea Traefik Configuration - Remove Dynamic Config and Use Labels
+  hosts: production
+  gather_facts: yes
+  become: no
+
+  vars:
+    traefik_stack_path: "{{ stacks_base_path }}/traefik"
+    gitea_stack_path: "{{ stacks_base_path }}/gitea"
+
+  tasks:
+    - name: Backup dynamic Gitea configuration
+      shell: |
+        cd {{ traefik_stack_path }}/dynamic
+        if [ -f gitea.yml ]; then
+          cp gitea.yml gitea.yml.backup-$(date +%Y%m%d-%H%M%S)
+          echo "Backed up to gitea.yml.backup-$(date +%Y%m%d-%H%M%S)"
+        else
+          echo "File not found, nothing to backup"
+        fi
+      args:
+        executable: /bin/bash
+      register: backup_result
+      ignore_errors: yes
+      failed_when: false
+
+    - name: Display backup result
+      debug:
+        msg: "{{ backup_result.stdout_lines }}"
+
+    - name: Remove dynamic Gitea configuration
+      file:
+        path: "{{ traefik_stack_path }}/dynamic/gitea.yml"
+        state: absent
+      register: remove_config
+
+    - name: Restart Traefik to reload configuration
+      community.docker.docker_compose_v2:
+        project_src: "{{ traefik_stack_path }}"
+        state: present
+        pull: never
+        recreate: always
+        services:
+          - traefik
+      register: traefik_restart
+      when: remove_config.changed
+
+    - name: Wait for Traefik to be ready
+      wait_for:
+        port: 443
+        host: localhost
+        timeout: 30
+      delegate_to: localhost
+      when: traefik_restart.changed
+      ignore_errors: yes
+
+    - name: Check if Gitea docker-compose.yml already has Traefik labels
+      shell: |
+        grep -q "traefik.enable=true" {{ gitea_stack_path }}/docker-compose.yml && echo "Labels already present" || echo "Labels missing"
+      register: labels_check
+      ignore_errors: yes
+      failed_when: false
+
+    - name: Copy docker-compose.yml from local to ensure labels are present
+      copy:
+        src: "{{ playbook_dir }}/../../stacks/gitea/docker-compose.yml"
+        dest: "{{ gitea_stack_path }}/docker-compose.yml"
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: '0644'
+      register: labels_added
+      when: "'Labels missing' in labels_check.stdout"
+
+    - name: Recreate Gitea container with labels
+      community.docker.docker_compose_v2:
+        project_src: "{{ gitea_stack_path }}"
+        state: present
+        pull: never
+        recreate: always
+        remove_orphans: no
+      register: gitea_recreate
+      when: labels_added.changed
+
+    - name: Wait for Gitea to be healthy
+      shell: |
+        for i in {1..30}; do
+          if docker exec gitea curl -f http://localhost:3000/api/healthz >/dev/null 2>&1; then
+            echo "Gitea is healthy"
+            exit 0
+          fi
+          echo "Waiting for Gitea... ($i/30)"
+          sleep 2
+        done
+        echo "Health check timeout"
+        exit 1
+      args:
+        executable: /bin/bash
+      register: health_wait
+      ignore_errors: yes
+      failed_when: false
+      when: gitea_recreate.changed
+
+    - name: Display health wait result
+      debug:
+        msg: "{{ health_wait.stdout_lines }}"
+      when: gitea_recreate.changed
+
+    - name: Check Traefik service registration
+      shell: |
+        sleep 5  # Give Traefik time to discover
+        docker exec traefik wget -qO- http://localhost:8080/api/http/services 2>&1 | grep -i gitea || echo "Service not found (may take a few seconds)"
+      register: traefik_service
+      ignore_errors: yes
+      failed_when: false
+
+    - name: Display Traefik service registration
+      debug:
+        msg: "{{ traefik_service.stdout_lines }}"
+
+    - name: Test external Gitea access
+      shell: |
+        sleep 3  # Give Traefik time to update routing
+        curl -k -H "User-Agent: Mozilla/5.0" -s -o /dev/null -w "HTTP Status: %{http_code}\n" https://git.michaelschiemer.de/ 2>&1 || echo "Connection failed"
+      args:
+        executable: /bin/bash
+      register: external_test
+      ignore_errors: yes
+      failed_when: false
+
+    - name: Display external test result
+      debug:
+        msg: "{{ external_test.stdout_lines }}"
+
+    - name: Summary
+      debug:
+        msg:
+          - "=== FIX SUMMARY ==="
+          - "Dynamic config removed: {{ 'Yes' if remove_config.changed else 'Already removed' }}"
+          - "Labels added to docker-compose.yml: {{ 'Yes' if labels_added.changed else 'Already present' }}"
+          - "Gitea container recreated: {{ 'Yes' if gitea_recreate.changed else 'No' }}"
+          - ""
+          - "Gitea should now be accessible via https://git.michaelschiemer.de"
+          - "If issue persists, check Traefik logs for errors"