Switch to terraform

ansible/gitea/migration/group_vars/gitea_servers.yml

@@ -0,0 +1,69 @@
+---
+# =============================================================================
+# Gitea Migration Configuration
+# =============================================================================
+# Migrating from stuslab.cc to code.stuslab.cc with Authentik OAuth
+#
+# Before running:
+#   1. Ensure Authentik is deployed at auth.stuslab.cc
+#   2. Create group_vars/vault.yml from vault.yml.example
+#   3. Add DNS record: code.stuslab.cc -> 94.130.181.201
+#   4. Run: ansible-playbook -i inventory.yml playbook.yml --ask-vault-pass
+# =============================================================================
+
+# =============================================================================
+# Domain Configuration
+# =============================================================================
+# Old domain (will redirect to new)
+gitea_old_domain: "stuslab.cc"
+
+# New domain for Gitea
+gitea_domain: "code.stuslab.cc"
+
+# SSH domain (for git clone URLs)
+gitea_ssh_domain: "code.stuslab.cc"
+
+# =============================================================================
+# Let's Encrypt Configuration
+# =============================================================================
+letsencrypt_email: "vlad.stus@gmail.com"
+
+# =============================================================================
+# Paths
+# =============================================================================
+# Existing Gitea installation path on VPS
+gitea_base_dir: "/root/gitea"
+
+# Data directory (contains repos, database, config)
+gitea_data_dir: "{{ gitea_base_dir }}/gitea_data"
+
+# Backup directory on VPS
+gitea_backup_dir: "/root/gitea-backups"
+
+# =============================================================================
+# Authentik Configuration
+# =============================================================================
+# Domain where Authentik is deployed
+authentik_domain: "auth.stuslab.cc"
+
+# OAuth provider name (must match exactly in Gitea UI)
+gitea_oauth_provider_name: "Authentik"
+
+# OAuth client ID (used in Authentik and Gitea)
+gitea_oauth_client_id: "gitea"
+
+# =============================================================================
+# Docker Configuration
+# =============================================================================
+gitea_image: "gitea/gitea:latest"
+gitea_http_port: 3000
+gitea_ssh_port: 2222
+
+# =============================================================================
+# Migration Flags
+# =============================================================================
+# Create backup before migration (recommended)
+gitea_create_backup: true
+
+# Upload backup to GDrive via rclone (requires rclone configured on VPS)
+gitea_backup_to_gdrive: false

ansible/gitea/migration/group_vars/vault.yml

@@ -0,0 +1,51 @@
+$ANSIBLE_VAULT;1.1;AES256
+66313066626635366538383531303838363335366332373763343030373535343935343463363037
+3661653331333337613763316135653338636265656238300a343233383237316565306161326435
+62616533386336333932393230383332383839363366373566306165383936366361663864393231
+3536343039663639650a643539323937623334616230363337306661616463313239306438326238
+31663535333137323831303266336161353232626564613436613732626461343733623963376565
+61303663326633616263613461383263353734303462363634393562663064663332363738303832
+66636663653762343636323936656362646236383539666464373862336461363864373963313039
+31313166656665663035353130643761616161353837313839636631373236343666343838653837
+36366266636339323931383362646634343164666138633364623538383466363662656635636366
+33326637303363353961633434376330623836666434383237346430373739333333396539636366
+32396339663930353131323032343433656332373635643638623862363164636661313735626639
+36613838366231636636623439393137353138613562646664336366663864306664316130656237
+33643235646334306336613662303532653033343034643737326230653161326136313132666231
+64323734623231623933353763383564353438343236323333613461363031363530356431393461
+38636532636532633532613862636635353532666330373034353164326662656638356233306633
+37653532306530633135393232316635333863626564666231623961366237366161656437623665
+39643134623835316139623236633166636364313866343636326466393035653365626130363533
+31633137653463333561653132636234633230373030376633623166383364646536646261633731
+37626538623831613431353766656661346565643633353034343533316134616166316136306339
+35323666306439393865626465396336623662353161396366653532326633346436336566646336
+38373539353334386134646237653534343430343439366533383738653938336530666266636563
+66313130313438363830386538306662393264643838656136623136386565303366636362306564
+62343030616361616661393063313938663433323662373531333435333032353831663537636461
+62666665646566656562303666333830363337663436633435653934656137626664616163303461
+32376363353534366235383635333538316431313736663237623966363431343434386263376132
+37353764313136323335633133343466343830343366363536303237333835303165333337636230
+37643132643866616633376566623264633534343334306537316461616132336265626537333666
+61353933366532363363613465313861333362383531306230343238313633633934626264366530
+64316335623637363537336162303933393935613734326535613738333262323033373935313632
+63393332346132353735356161393438643264343264326634353562613536303566623464646363
+61663639336466666364353838323931323134333461303831383265626139303135303566376433
+64383339373961303137616530616632366562326662646131363534613065623363633731313639
+36353363633836316436666564396438353161623765356230333166346436346662373032336263
+34613135623138306331626264316132363838376363373462616338613432343737646231333563
+33633062613030643832663263376231316431616239373639646532623639646362393234656364
+61393462346631633365613463323361626664316563656461646137386332366565366135623364
+36343664333039343538353663346532623733386464306265396565363966363535353837366238
+36643635623131313636393237643737343565656166653337656666636231343066383962306539
+64303666613437353039353630353633353630336336636539333166373561626634353363623765
+62626464386130646536323933653464656332373632366535633436346336306337313063356466
+66663233616434383230316564343132663132373431396137623334333636363231336334333535
+63336464623736306531653039333833316631393636363861613938386563613136636561626663
+66323638653337333732326335376630633065623437386330323136623766313334306663613866
+38383636353934386662633232303239656134633162396432393363336138366239323330643161
+39666333393032373363633435316136366663643931366561643735633262323236373465323363
+34323163353461616433613464646435326335336464333962646361666662656566636339646335
+31633266663761666432656464323135343534346663383862306461323762306461626161356265
+64653965643563643263386430653933613566303537636563636536366133383838336335316363
+31653666323965346535646439316163346166343261656432343465386634313037323736376464
+3562623165376161663466356130613064366433323662346430

ansible/gitea/migration/group_vars/vault.yml.example

@@ -0,0 +1,20 @@
+---
+# =============================================================================
+# Gitea Migration Vault Secrets
+# =============================================================================
+# Copy to vault.yml and encrypt:
+#   cp vault.yml.example vault.yml
+#   # Edit vault.yml with your values
+#   ansible-vault encrypt vault.yml
+#
+# Run playbook with:
+#   ansible-playbook -i inventory.yml playbook.yml --ask-vault-pass
+# =============================================================================
+
+# =============================================================================
+# Authentik API Access
+# =============================================================================
+# Bootstrap token from Authentik deployment
+# Get from VPS:
+#   ssh root@auth.stuslab.cc "grep AUTHENTIK_BOOTSTRAP_TOKEN /opt/authentik/authentik.env"
+vault_authentik_bootstrap_token: "PASTE_AUTHENTIK_BOOTSTRAP_TOKEN_HERE"