From af1b1c1e7b2e67a625f0e5518cfe6028f1e246fc Mon Sep 17 00:00:00 2001 From: SebClem Date: Sat, 15 Apr 2023 00:40:47 +0200 Subject: [PATCH] Init --- defaults/main.yml | 13 ++++++++++ tasks/main.yml | 49 ++++++++++++++++++++++++++++++++++++++ templates/app.ini.j2 | 15 ++++++++++++ templates/gitea.service.j2 | 43 +++++++++++++++++++++++++++++++++ vars/main.yml | 25 +++++++++++++++++++ 5 files changed, 145 insertions(+) create mode 100644 templates/app.ini.j2 create mode 100644 templates/gitea.service.j2 diff --git a/defaults/main.yml b/defaults/main.yml index b9f11b7..56baf9e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,2 +1,15 @@ --- # defaults file for ${REPO_NAME_TITLE} + +gitea_version: 1.19.1 +gitea_app_name: Gitea +gitea_run_mode: prod +gitea_run_user: git + +gitea_config: + server: "{{ gitea_config_server }}" + +gitea_config_server: + DOMAIN: exemple.com + SSH_DOMAIN: ssh.exemple.com + ROOT_URL: https://exemple.com diff --git a/tasks/main.yml b/tasks/main.yml index e328a46..64be1c7 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,2 +1,51 @@ --- # tasks file for Ansible-Gitea-Role + +- name: Ensure deps are installed + ansible.builtin.apt: + name: "{{ gitea_deps }}" + +- name: Download gitea binary + ansible.builtin.get_url: + url: "{{ gitea_dl_url }}" + dest: /usr/local/bin/gitea + mode: 755 + owner: root + group: root + +- name: Create git user + ansible.builtin.user: + name: "{{ gitea_run_user }}" + system: true + shell: /bin/bash + home: /home/"{{ gitea_run_user }}" + create_home: true + +- name: Create Gitea folders + ansible.builtin.file: + path: "{{ item.path }}" + mode: "{{ item.mode }}" + owner: "{{ item.user }}" + group: "{{ item.group }}" + recurse: true + loop: "{{ gitea_init_folders }}" + +- name: Update Gitea config + ansible.builtin.template: + src: app.ini.j2 + dest: /etc/gitea/app.ini + mode: "640" + owner: root + group: "{{ gitea_run_user }}" + +- name: Add service file + ansible.builtin.template: + src: gitea.service.j2 + dest: /etc/systemd/system/gitea.service + mode: "644" + +- name: Enable and start Gitea service + ansible.builtin.systemd: + name: gitea + daemon_reload: true + state: started diff --git a/templates/app.ini.j2 b/templates/app.ini.j2 new file mode 100644 index 0000000..14555b2 --- /dev/null +++ b/templates/app.ini.j2 @@ -0,0 +1,15 @@ +{{ ansible_managed | comment }} + +APP_NAME = {{ gitea_app_name }} +RUN_MODE = {{ gitea_run_mode }} +RUN_USER = {{ gitea_run_user }} + +{% for section in config %} +{% if section == "" %} +[{{ section }}] +{% for entry, value in config[section].items() %} +{{ entry }} = {{ value }} +{% endfor %} + + +{% endfor %} \ No newline at end of file diff --git a/templates/gitea.service.j2 b/templates/gitea.service.j2 new file mode 100644 index 0000000..a7f8315 --- /dev/null +++ b/templates/gitea.service.j2 @@ -0,0 +1,43 @@ +{{ ansible_managed | comment }} + +[Unit] +Description=Gitea (Git with a cup of tea) +After=syslog.target +After=network.target + +[Service] +# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that +# LimitNOFILE=524288:524288 +RestartSec=2s +Type=simple +User={{ gitea_run_user }} +Group={{ gitea_run_user }} +WorkingDirectory=/var/lib/gitea/ +# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file +# (manually creating /run/gitea doesn't work, because it would not persist across reboots) +#RuntimeDirectory=gitea +ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini +Restart=always +Environment=USER={{ gitea_run_user }} HOME=/home/{{ gitea_run_user }} GITEA_WORK_DIR=/var/lib/gitea +# If you install Git to directory prefix other than default PATH (which happens +# for example if you install other versions of Git side-to-side with +# distribution version), uncomment below line and add that prefix to PATH +# Don't forget to place git-lfs binary on the PATH below if you want to enable +# Git LFS support +#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin +# If you want to bind Gitea to a port below 1024, uncomment +# the two values below, or use socket activation to pass Gitea its ports as above +### +#CapabilityBoundingSet=CAP_NET_BIND_SERVICE +#AmbientCapabilities=CAP_NET_BIND_SERVICE +### +# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to +# set the following value to false to allow capabilities to be applied on gitea process. The following +# value if set to true sandboxes gitea service and prevent any processes from running with privileges +# in the host user namespace. +### +#PrivateUsers=false +### + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml index 55349c3..0fc7e80 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,2 +1,27 @@ --- # vars file for Ansible-Gitea-Role + +gitea_dl_url_root: https://dl.gitea.com/gitea +gitea_dl_filename: "gitea-{{ gitea_version }}-linux-amd64" +gitea_dl_url: "{{ gitea_dl_url_root }}/{{ gitea_version }}/{{ gitea_dl_filename }}" + +gitea_deps: + - git + +gitea_init_folders: + - path: /var/lib/gitea/custom + mode: 750 + user: "{{ gitea_run_user }}" + group: "{{ gitea_run_user }}" + - path: /var/lib/gitea/data + mode: 750 + user: "{{ gitea_run_user }}" + group: "{{ gitea_run_user }}" + - path: /var/lib/gitea/log + mode: 750 + user: "{{ gitea_run_user }}" + group: "{{ gitea_run_user }}" + - path: /etc/gitea + mode: 750 + user: root + group: "{{ gitea_run_user }}"