From cc02aae4817ece158fc98d4bca302fadc7263a1e Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Sun, 19 Feb 2023 13:22:37 +0000 Subject: [PATCH] gitea: Initial version of role --- roles/gitea/defaults/main.yml | 2 + roles/gitea/files/gitea.service | 16 ++++++ roles/gitea/handlers/main.yml | 5 ++ roles/gitea/meta/main.yml | 4 ++ roles/gitea/tasks/main.yml | 99 ++++++++++++++++++++++++++++++++ roles/gitea/templates/app.ini.j2 | 74 ++++++++++++++++++++++++ 6 files changed, 200 insertions(+) create mode 100644 roles/gitea/defaults/main.yml create mode 100644 roles/gitea/files/gitea.service create mode 100644 roles/gitea/handlers/main.yml create mode 100644 roles/gitea/meta/main.yml create mode 100644 roles/gitea/tasks/main.yml create mode 100644 roles/gitea/templates/app.ini.j2 diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml new file mode 100644 index 0000000..6a37123 --- /dev/null +++ b/roles/gitea/defaults/main.yml @@ -0,0 +1,2 @@ +--- +gitea_url: "https://dl.gitea.com/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-{{ ansible_system | lower }}-amd64" diff --git a/roles/gitea/files/gitea.service b/roles/gitea/files/gitea.service new file mode 100644 index 0000000..0dfec4a --- /dev/null +++ b/roles/gitea/files/gitea.service @@ -0,0 +1,16 @@ +[Unit] +Description=Gitea (Git with a cup of tea) +After=syslog.target +After=network.target + +[Service] +Type=simple +User=gitea +Group=gitea +WorkingDirectory=/srv/gitea +ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini +Restart=always +Environment=HOME=/srv/gitea GITEA_WORK_DIR=/srv/gitea + +[Install] +WantedBy=multi-user.target diff --git a/roles/gitea/handlers/main.yml b/roles/gitea/handlers/main.yml new file mode 100644 index 0000000..a8e19c4 --- /dev/null +++ b/roles/gitea/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Restart gitea + ansible.builtin.service: + name: gitea + state: restarted diff --git a/roles/gitea/meta/main.yml b/roles/gitea/meta/main.yml new file mode 100644 index 0000000..f9c5d0d --- /dev/null +++ b/roles/gitea/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: + - {role: git} + - {role: nginx/server} diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml new file mode 100644 index 0000000..208eed0 --- /dev/null +++ b/roles/gitea/tasks/main.yml @@ -0,0 +1,99 @@ +--- +- name: Download binary + ansible.builtin.get_url: + url: "{{ gitea_url }}" + checksum: "sha256:{{ gitea_url }}.sha256" + dest: /usr/local/bin/gitea + mode: 0755 + owner: root + group: "{{ ansible_wheel }}" + notify: Restart gitea + +- name: Create group + ansible.builtin.group: + name: gitea + gid: 303 + +- name: Create user + ansible.builtin.user: + name: gitea + comment: Service Gitea + createhome: false + group: gitea + home: /var/empty + shell: /sbin/nologin + uid: 303 + +- name: Create config directory + ansible.builtin.file: + path: /etc/gitea + state: directory + mode: 0750 + owner: root + group: gitea + +- name: Create config + ansible.builtin.template: + dest: /etc/gitea/app.ini + src: app.ini.j2 + mode: 0640 + owner: root + group: gitea + notify: Restart gitea + +- name: Create data directory + ansible.builtin.file: + path: /export/gitea + state: directory + mode: 0750 + owner: gitea + group: gitea + +- name: Link data directory + ansible.builtin.file: + path: /srv/gitea + state: link + src: /export/gitea + owner: root + group: "{{ ansible_wheel }}" + follow: false + +- name: Create service file + ansible.builtin.copy: + dest: /etc/systemd/system/gitea.service + src: gitea.service + mode: 0644 + owner: root + group: "{{ ansible_wheel }}" + notify: Restart gitea + +- name: Enable service + ansible.builtin.service: + name: gitea + state: started + enabled: true + +- name: Allow nginx to connect gitea + ansible.posix.seboolean: + name: httpd_can_network_connect + state: true + persistent: true + +- name: Copy nginx config + ansible.builtin.copy: + dest: "/etc/nginx/conf.d/{{ inventory_hostname }}/gitea.conf" + content: | + location / { + proxy_pass http://127.0.0.1:3000; + } + mode: 0644 + owner: root + group: "{{ ansible_wheel }}" + notify: Restart nginx + +- name: Add gitea alias for root + ansible.builtin.blockinfile: + path: /root/.bash_profile + block: | + # run gitea as gitea user + alias gitea='sudo -u gitea HOME=/srv/gitea GITEA_WORK_DIR=/srv/gitea /usr/local/bin/gitea -c /etc/gitea/app.ini' diff --git a/roles/gitea/templates/app.ini.j2 b/roles/gitea/templates/app.ini.j2 new file mode 100644 index 0000000..cf6abb5 --- /dev/null +++ b/roles/gitea/templates/app.ini.j2 @@ -0,0 +1,74 @@ +APP_NAME = foo.sh - GIT +RUN_USER = gitea +RUN_MODE = prod + +[database] +DB_TYPE = mysql +HOST = sqldb02.home.foo.sh +NAME = gitea +USER = gitea +PASSWD = {{ gitea_mysql_pass }} +SCHEMA = +SSL_MODE = true +CHARSET = utf8 +PATH = /srv/gitea/data/gitea.db +LOG_SQL = false + +[repository] +ROOT = /srv/gitea/data/gitea-repositories + +[server] +SSH_DOMAIN = localhost +DOMAIN = git.foo.sh +HTTP_ADDR = 127.0.0.1 +HTTP_PORT = 3000 +ROOT_URL = https://git.foo.sh/ +DISABLE_SSH = true +SSH_PORT = 22 +LFS_START_SERVER = true +LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }} +OFFLINE_MODE = false + +[lfs] +PATH = /srv/gitea/data/lfs + +[mailer] +ENABLED = false + +[service] +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = false +DISABLE_REGISTRATION = true +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +REQUIRE_SIGNIN_VIEW = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.localhost + +[openid] +ENABLE_OPENID_SIGNIN = false +ENABLE_OPENID_SIGNUP = false + +[session] +PROVIDER = file + +[log] +MODE = console +LEVEL = info +ROOT_PATH = /srv/gitea/log +ROUTER = console + +[repository.pull-request] +DEFAULT_MERGE_STYLE = merge + +[repository.signing] +DEFAULT_TRUST_MODEL = committer + +[security] +INSTALL_LOCK = true +INTERNAL_TOKEN = {{ gitea_internal_token }} +PASSWORD_HASH_ALGO = pbkdf2 +REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128 +REVERSE_PROXY_LIMIT = 1