[gitea] Role to deploy git2

2022-11-25 11:10:54 +01:00 · 2022-11-25 11:10:54 +01:00 · 356f574a31
parent 0bd8604717
commit 356f574a31
7 changed files with 180 additions and 0 deletions
--- a/group_vars/gitea.yml
+++ b/group_vars/gitea.yml
@ -0,0 +1,19 @@
 ---
 glob_gitea:
  version: 1.17.3
  home_path: /stock/git
  data_path: /stock/gitea
  config:
    app_name: "CR@NS Gitea"
    oauth2:
      jwt_secret: "{{ vault.gitea.oauth2.jwt_secret }}"
    security:
      internal_token: "{{ vault.gitea.security.internal_token }}"
      secret_key: "{{ vault.gitea.security.secret_key }}"
    database:
      passwd: "{{ vault.gitea.database.passwd }}"
    server:
      ssh_domain: git2.crans.org
      domain: git2.crans.org
      root_url: https://git2.crans.org/
      lfs_jwt_secret: "{{ vault.gitea.server.lfs_jwt_secret }}"
--- a/3
+++ b/3
@ -102,6 +102,9 @@ voyager.adm.crans.org
 [galene]
 neree.adm.crans.org
 [gitea]
 sputnik.adm.crans.org
 [gitlab]
 gitzly.adm.crans.org
--- a/plays/gitea.yml
+++ b/plays/gitea.yml
@ -0,0 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts: gitea
  vars:
    gitea: "{{ glob_gitea | default({}) | combine(loc_gitea | default({})) }}"
  roles:
    - gitea
--- a/roles/gitea/handlers/main.yml
+++ b/roles/gitea/handlers/main.yml
@ -0,0 +1,9 @@
 ---
 - name: systemctl daemon-reload
  ansible.builtin.systemd:
    daemon_reload: true
 - name: systemctl restart gitea.service
  ansible.builtin.systemd:
    name: gitea
    state: restarted
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@ -0,0 +1,49 @@
 ---
 - name: download gitea binary
  ansible.builtin.get_url:
    url: "https://dl.gitea.io/gitea/{{ gitea.version }}/gitea-{{ gitea.version }}-linux-amd64"
    dest: /usr/local/sbin/gitea
    mode: 0755
  notify: systemctl restart gitea.service
 - name: create user git
  ansible.builtin.user:
    name: git
    system: true
    shell: /bin/bash
    comment: "Git Version Control"
    home: "{{ gitea.home_path }}"
 - name: create gitea directories
  ansible.builtin.file:
    path: '{{ item.path }}'
    mode: '{{ item.mode | default("0755") }}'
    group: git
    owner: '{{ item.owner | default("git") }}'
    state: directory
  loop:
    - { path: /etc/gitea/, mode: "0750", owner: root }
    - { path: "{{ gitea.data_path }}", mode: "0750" }
    - path: "{{ (gitea.data_path, 'custom') | path_join }}"
    - path: "{{ (gitea.data_path, 'data') | path_join }}"
    - path: "{{ (gitea.data_path, 'log') | path_join }}"
  notify: systemctl restart gitea.service
 - name: deploy gitea configuration
  ansible.builtin.template:
    src: gitea/app.ini.j2
    dest: /etc/gitea/app.ini
    mode: '0640'
    group: git
  notify: systemctl restart gitea.service
 - name: deploy systemd unit
  ansible.builtin.template:
    src: systemd/system/gitea.service.j2
    dest: /etc/systemd/system/gitea.service
  notify: systemctl daemon-reload
 - name: systemctl enable gitea.service
  ansible.builtin.systemd:
    name: gitea
    enabled: true
--- a/roles/gitea/templates/gitea/app.ini.j2
+++ b/roles/gitea/templates/gitea/app.ini.j2
@ -0,0 +1,74 @@
 {{ ansible_header | comment }}
 APP_NAME = {{ gitea.config.app_name }}
 RUN_USER = git
 RUN_MODE = prod
 [oauth2]
 JWT_SECRET = {{ gitea.config.oauth2.jwt_secret }}
 [security]
 INTERNAL_TOKEN = {{ gitea.config.security.internal_token }}
 INSTALL_LOCK   = true
 SECRET_KEY     = {{ gitea.config.security.secret_key }}
 [database]
 DB_TYPE  = sqlite3
 NAME     = gitea
 USER     = gitea
 PASSWD   = {{ gitea.config.database.passwd }}
 SCHEMA   =
 SSL_MODE = disable
 CHARSET  = utf8
 PATH     = {{ (gitea.data_path, 'data', 'gitea.db') | path_join }}
 LOG_SQL  = false
 [repository]
 ROOT = {{ (gitea.home_path, 'gitea-repositories') | path_join }}
 [server]
 SSH_DOMAIN       = {{ gitea.config.server.ssh_domain }}
 DOMAIN           = {{ gitea.config.server.domain }}
 HTTP_ADDR        = 127.0.0.1
 HTTP_PORT        = 3000
 ROOT_URL         = {{ gitea.config.server.root_url }}
 DISABLE_SSH      = false
 SSH_PORT         = 22
 LFS_START_SERVER = true
 LFS_CONTENT_PATH = {{ (gitea.data_path, 'data', 'lfs') | path_join }}
 LFS_JWT_SECRET   = {{ gitea.config.server.lfs_jwt_secret }}
 OFFLINE_MODE     = false
 [mailer]
 ENABLED = false
 [service]
 REGISTER_EMAIL_CONFIRM            = false
 ENABLE_NOTIFY_MAIL                = false
 DISABLE_REGISTRATION              = true
 ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
 ENABLE_CAPTCHA                    = false
 REQUIRE_SIGNIN_VIEW               = false
 DEFAULT_KEEP_EMAIL_PRIVATE        = false
 DEFAULT_ALLOW_CREATE_ORGANIZATION = false
 DEFAULT_ENABLE_TIMETRACKING       = true
 NO_REPLY_ADDRESS                  = noreply.localhost
 [picture]
 DISABLE_GRAVATAR        = true
 ENABLE_FEDERATED_AVATAR = false
 [openid]
 ENABLE_OPENID_SIGNIN = false
 ENABLE_OPENID_SIGNUP = false
 [session]
 PROVIDER = file
 [log]
 MODE                 = console
 LEVEL                = warning
 ROOT_PATH            = {{ (gitea.data_path, 'log') | path_join }}
 REDIRECT_MACARON_LOG = true
 MACARON              = console
 ROUTER               = console
--- a/roles/gitea/templates/systemd/system/gitea.service.j2
+++ b/roles/gitea/templates/systemd/system/gitea.service.j2
@ -0,0 +1,19 @@
 {{ ansible_header | comment }}
 [Unit]
 Description=Gitea (Git with a cup of tea)
 After=syslog.target
 After=network.target
 [Service]
 RestartSec=2s
 Type=simple
 User=git
 Group=git
 WorkingDirectory={{ gitea.data_path }}
 ExecStart=/usr/local/sbin/gitea web --config /etc/gitea/app.ini
 Restart=always
 Environment=USER=git HOME={{ gitea.home_path }} GITEA_WORK_DIR={{ gitea.data_path }}
 [Install]
 WantedBy=multi-user.target