commit
59caf6a8c9
8 changed files with 261 additions and 0 deletions
Unified View
Diff Options
-
+10 -0defaults/main.yml
-
+12 -0handlers/main.yml
-
+19 -0tasks/config.yml
-
+86 -0tasks/deploy.yml
-
+16 -0tasks/install.yml
-
+28 -0tasks/main.yml
-
+27 -0templates/systemd.service.j2
-
+63 -0vars/main.yml
+ 10
- 0
defaults/main.yml
View File
| @@ -0,0 +1,10 @@ | |||||
| gitea_http_addr: 127.0.0.1 | |||||
| gitea_http_port: 3000 | |||||
| #gitea_download_url: https://dl.gitea.io/gitea/1.4/gitea-1.4-linux-amd64 | |||||
| gitea_download_url: https://github.com/go-gitea/gitea/releases/download/v1.4.0/gitea-1.4.0-linux-amd64 | |||||
| gitea_download_checksum: sha256:f4c4c7eecc6dd8cd5401883a33924223177b4fa0a40ecd867ad90dc6387a4080 | |||||
| gitea_admin_username: testadmin | |||||
| gitea_admin_password: testadmin | |||||
| gitea_admin_email: admin@example.com | |||||
+ 12
- 0
handlers/main.yml
View File
| @@ -0,0 +1,12 @@ | |||||
| --- | |||||
| - name: systemd daemon-reload | |||||
| systemd: | |||||
| daemon_reload: yes | |||||
| - name: restart gitea | |||||
| systemd: | |||||
| name: gitea.service | |||||
| state: restarted | |||||
| listen: | |||||
| - restart gitea | |||||
+ 19
- 0
tasks/config.yml
View File
| @@ -0,0 +1,19 @@ | |||||
| --- | |||||
| # https://github.com/ansible/ansible/issues/30599 | |||||
| - name: "fill config file with a global variable because of ansible bug #30599" | |||||
| copy: | |||||
| content: RUN_MODE = prod | |||||
| dest: /etc/gitea/app.ini | |||||
| force: no | |||||
| - name: gitea config | |||||
| ini_file: | |||||
| path: /etc/gitea/app.ini | |||||
| section: "{{ item.section }}" | |||||
| option: "{{ item.option }}" | |||||
| value: "{{ item.value }}" | |||||
| owner: git | |||||
| group: git | |||||
| notify: restart gitea | |||||
| with_items: "{{ _gitea_config }}" | |||||
+ 86
- 0
tasks/deploy.yml
View File
| @@ -0,0 +1,86 @@ | |||||
| --- | |||||
| - name: debian packages | |||||
| apt: | |||||
| pkg: "{{item}}" | |||||
| with_items: | |||||
| - ca-certificates | |||||
| - git | |||||
| - golang | |||||
| - name: download gitea | |||||
| get_url: | |||||
| url: "{{ gitea_download_url }}" | |||||
| dest: /usr/local/bin/gitea | |||||
| checksum: "{{ gitea_download_checksum }}" | |||||
| - name: gitea executable | |||||
| file: | |||||
| path: /usr/local/bin/gitea | |||||
| mode: u=rwx,g=rx,o=rx | |||||
| # - name: allow gitea executable to bind on privileged port | |||||
| # capabilities: | |||||
| # path: /usr/local/bin/gitea | |||||
| # capability: cap_sys_chroot+eip | |||||
| # state: present | |||||
| - name: git user | |||||
| user: | |||||
| name: git | |||||
| system: yes | |||||
| home: /srv/git | |||||
| - name: gitea home directory | |||||
| file: | |||||
| path: /srv/git | |||||
| mode: u=rwx,g=rx,o=rx | |||||
| owner: git | |||||
| group: git | |||||
| state: directory | |||||
| - name: gitea repos directory | |||||
| file: | |||||
| path: /srv/git/repos | |||||
| mode: u=rwx,g=rx,o=rx | |||||
| owner: git | |||||
| group: git | |||||
| state: directory | |||||
| - name: gitea work directory | |||||
| file: | |||||
| path: /var/lib/gitea | |||||
| mode: u=rwx,g=rx,o=rx | |||||
| owner: git | |||||
| group: git | |||||
| state: directory | |||||
| - name: gitea config directory | |||||
| file: | |||||
| path: /etc/gitea | |||||
| mode: u=rwx,g=rx,o=rx | |||||
| owner: git | |||||
| group: git | |||||
| state: directory | |||||
| - name: gitea log directory | |||||
| file: | |||||
| path: /var/log/gitea | |||||
| mode: u=rwx,g=rx,o=rx | |||||
| owner: git | |||||
| group: git | |||||
| state: directory | |||||
| - import_tasks: config.yml | |||||
| - name: systemd service unit | |||||
| template: | |||||
| src: systemd.service.j2 | |||||
| dest: /etc/systemd/system/gitea.service | |||||
| notify: | |||||
| - systemd daemon-reload | |||||
| - restart gitea | |||||
| - name: gitea started | |||||
| systemd: | |||||
| name: gitea.service | |||||
| state: started | |||||
+ 16
- 0
tasks/install.yml
View File
| @@ -0,0 +1,16 @@ | |||||
| --- | |||||
| - name: wait for gitea http port to be open | |||||
| wait_for: | |||||
| port: "{{ gitea_http_port }}" | |||||
| - name: create gitea admin user | |||||
| command: "/usr/local/bin/gitea admin create-user --name {{ gitea_admin_username }} --password {{ gitea_admin_password }} --email {{ gitea_admin_email }} --admin --config /etc/gitea/app.ini" | |||||
| register: _gitea_create_admin_user | |||||
| failed_when: _gitea_create_admin_user.rc == 1 and 'user already exists' not in _gitea_create_admin_user.stderr | |||||
| changed_when: _gitea_create_admin_user.rc == 0 | |||||
| #no_log: true | |||||
| - debug: | |||||
| msg: "{{ _gitea_create_admin_user }}" | |||||
+ 28
- 0
tasks/main.yml
View File
| @@ -0,0 +1,28 @@ | |||||
| --- | |||||
| - import_tasks: deploy.yml | |||||
| - name: flush handlers | |||||
| meta: flush_handlers | |||||
| - include_role: | |||||
| name: certificate | |||||
| vars: | |||||
| certificate_name: gitea | |||||
| certificate_directory: /etc/ssl | |||||
| certificate_key_usage: | |||||
| - digitalSignature | |||||
| - keyEncipherment | |||||
| certificate_extended_key_usage: | |||||
| - serverAuth | |||||
| certificate_alt_names: | |||||
| - "{{ gitea_server_name | regex_replace( '(.*)','DNS:\\1' ) }}" | |||||
| - include_role: | |||||
| name: nginx | |||||
| vars: | |||||
| nginx_vhosts: "{{ _gitea_nginx_vhosts }}" | |||||
| - name: flush handlers | |||||
| meta: flush_handlers | |||||
+ 27
- 0
templates/systemd.service.j2
View File
| @@ -0,0 +1,27 @@ | |||||
| [Unit] | |||||
| Description=Gitea (Git with a cup of tea) | |||||
| After=syslog.target | |||||
| After=network.target | |||||
| #After=mysqld.service | |||||
| #After=postgresql.service | |||||
| #After=memcached.service | |||||
| #After=redis.service | |||||
| [Service] | |||||
| # Modify these two values and uncomment them if you have | |||||
| # repos with lots of files and get an HTTP error 500 because | |||||
| # of that | |||||
| ### | |||||
| #LimitMEMLOCK=infinity | |||||
| #LimitNOFILE=65535 | |||||
| RestartSec=2s | |||||
| Type=simple | |||||
| User=git | |||||
| Group=git | |||||
| WorkingDirectory=~ | |||||
| ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini | |||||
| Restart=always | |||||
| Environment=USER=git HOME=/srv/git GITEA_WORK_DIR=/var/lib/gitea | |||||
| [Install] | |||||
| WantedBy=multi-user.target | |||||
+ 63
- 0
vars/main.yml
View File
| @@ -0,0 +1,63 @@ | |||||
| _gitea_nginx_vhosts: | |||||
| - name: gitea | |||||
| server_names: | |||||
| - "{{ gitea_server_name }}" | |||||
| locations: | |||||
| - location: / | |||||
| proxy_pass: http://localhost:3000 | |||||
| _gitea_config: | |||||
| - section: null | |||||
| option: RUN_MODE | |||||
| value: prod | |||||
| - section: null | |||||
| option: APP_NAME | |||||
| value: "{{ gitea_app_name | default(gitea_server_name) }}" | |||||
| - section: server | |||||
| option: HTTP_ADDR | |||||
| value: "{{ gitea_http_addr }}" | |||||
| - section: server | |||||
| option: HTTP_PORT | |||||
| value: "{{ gitea_http_port }}" | |||||
| - section: server | |||||
| option: ROOT_URL | |||||
| value: "https://{{ gitea_server_name }}/" | |||||
| - section: server | |||||
| option: DOMAIN | |||||
| value: "{{ gitea_server_name }}" | |||||
| - section: server | |||||
| option: SSH_DOMAIN | |||||
| value: "{{ gitea_server_name }}" | |||||
| - section: repository | |||||
| option: ROOT | |||||
| value: /srv/git/repos | |||||
| - section: database | |||||
| option: DB_TYPE | |||||
| value: sqlite3 | |||||
| - section: database | |||||
| option: PATH | |||||
| value: "/var/lib/gitea/data/gitea.db" | |||||
| - section: log | |||||
| option: ROOT_PATH | |||||
| value: /var/log/gitea | |||||
| # see: Support automatic installation via configuration management (ansible, puppet, chef, etc) #2324 | |||||
| # https://github.com/go-gitea/gitea/issues/2324 | |||||
| - section: security | |||||
| option: INSTALL_LOCK | |||||
| value: true | |||||
| - section: security | |||||
| option: DISABLE_GIT_HOOKS | |||||
| value: true | |||||