Init

2023-04-15 00:40:47 +02:00 · 2023-04-15 00:40:47 +02:00 · af1b1c1e7b
commit af1b1c1e7b
parent 6b17777336
5 changed files with 145 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,2 +1,15 @@
 ---
 # defaults file for ${REPO_NAME_TITLE}
+
+gitea_version: 1.19.1
+gitea_app_name: Gitea
+gitea_run_mode: prod
+gitea_run_user: git
+
+gitea_config:
+  server: "{{ gitea_config_server }}"
+
+gitea_config_server:
+  DOMAIN: exemple.com
+  SSH_DOMAIN: ssh.exemple.com
+  ROOT_URL: https://exemple.com
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,2 +1,51 @@
 ---
 # tasks file for Ansible-Gitea-Role
+
+- name: Ensure deps are installed
+  ansible.builtin.apt:
+    name: "{{ gitea_deps }}"
+
+- name: Download gitea binary
+  ansible.builtin.get_url:
+    url: "{{ gitea_dl_url }}"
+    dest: /usr/local/bin/gitea
+    mode: 755
+    owner: root
+    group: root
+
+- name: Create git user
+  ansible.builtin.user:
+    name: "{{ gitea_run_user }}"
+    system: true
+    shell: /bin/bash
+    home: /home/"{{ gitea_run_user }}"
+    create_home: true
+
+- name: Create Gitea folders
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    mode: "{{ item.mode }}"
+    owner: "{{ item.user }}"
+    group: "{{ item.group }}"
+    recurse: true
+  loop: "{{ gitea_init_folders }}"
+
+- name: Update Gitea config
+  ansible.builtin.template:
+    src: app.ini.j2
+    dest: /etc/gitea/app.ini
+    mode: "640"
+    owner: root
+    group: "{{ gitea_run_user }}"
+
+- name: Add service file
+  ansible.builtin.template:
+    src: gitea.service.j2
+    dest: /etc/systemd/system/gitea.service
+    mode: "644"
+
+- name: Enable and start Gitea service
+  ansible.builtin.systemd:
+    name: gitea
+    daemon_reload: true
+    state: started
--- a/templates/app.ini.j2
+++ b/templates/app.ini.j2
@ -0,0 +1,15 @@
+{{ ansible_managed | comment }}
+
+APP_NAME = {{ gitea_app_name }}
+RUN_MODE = {{ gitea_run_mode }}
+RUN_USER = {{ gitea_run_user }}
+
+{% for section in config %}
+{% if section == "" %}
+[{{ section }}]
+{% for entry, value in config[section].items() %}
+{{ entry }} = {{ value }}
+{% endfor %}
+
+
+{% endfor %}
--- a/templates/gitea.service.j2
+++ b/templates/gitea.service.j2
@ -0,0 +1,43 @@
+{{ ansible_managed | comment }}
+
+[Unit]
+Description=Gitea (Git with a cup of tea)
+After=syslog.target
+After=network.target
+
+[Service]
+# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
+# LimitNOFILE=524288:524288
+RestartSec=2s
+Type=simple
+User={{ gitea_run_user }}
+Group={{ gitea_run_user }}
+WorkingDirectory=/var/lib/gitea/
+# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
+# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
+#RuntimeDirectory=gitea
+ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
+Restart=always
+Environment=USER={{ gitea_run_user }} HOME=/home/{{ gitea_run_user }} GITEA_WORK_DIR=/var/lib/gitea
+# If you install Git to directory prefix other than default PATH (which happens
+# for example if you install other versions of Git side-to-side with
+# distribution version), uncomment below line and add that prefix to PATH
+# Don't forget to place git-lfs binary on the PATH below if you want to enable
+# Git LFS support
+#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
+# If you want to bind Gitea to a port below 1024, uncomment
+# the two values below, or use socket activation to pass Gitea its ports as above
+###
+#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+###
+# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
+# set the following value to false to allow capabilities to be applied on gitea process. The following
+# value if set to true sandboxes gitea service and prevent any processes from running with privileges
+# in the host user namespace.
+###
+#PrivateUsers=false
+###
+
+[Install]
+WantedBy=multi-user.target
--- a/vars/main.yml
+++ b/vars/main.yml
@ -1,2 +1,27 @@
 ---
 # vars file for Ansible-Gitea-Role
+
+gitea_dl_url_root: https://dl.gitea.com/gitea
+gitea_dl_filename: "gitea-{{ gitea_version }}-linux-amd64"
+gitea_dl_url: "{{ gitea_dl_url_root }}/{{ gitea_version }}/{{ gitea_dl_filename }}"
+
+gitea_deps:
+  - git
+
+gitea_init_folders:
+  - path: /var/lib/gitea/custom
+    mode: 750
+    user: "{{ gitea_run_user }}"
+    group: "{{ gitea_run_user }}"
+  - path: /var/lib/gitea/data
+    mode: 750
+    user: "{{ gitea_run_user }}"
+    group: "{{ gitea_run_user }}"
+  - path: /var/lib/gitea/log
+    mode: 750
+    user: "{{ gitea_run_user }}"
+    group: "{{ gitea_run_user }}"
+  - path: /etc/gitea
+    mode: 750
+    user: root
+    group: "{{ gitea_run_user }}"