ansible/ansible_role_gitea
1
1
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_gitea.git synced 2024-08-16 11:39:50 +02:00
Code Issues Releases Activity

Merge pull request #12 from roles-ansible/scheme

Browse source 
new naming Scheme
This commit is contained in:
L3D 2021-03-22 21:51:12 +01:00 committed by GitHub
commit 59703f1160
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 126 additions and 105 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.yamllint
View file

@ -2,7 +2,7 @@
extends: default extends: default
rules: rules:
# 150 chars should be enough, but don't fail if a line is longer # 170 chars should be enough, but don't fail if a line is longer
line-length: line-length:
max: 150 max: 170
level: warning level: warning

7
handlers/main.yml
View file

@ -1,17 +1,20 @@
--- ---
- name: "Restart gitea" - name: "Restart gitea"
become: true
service: service:
name: gitea name: gitea
state: restarted state: restarted
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd"
- name: "Reload systemd" - name: "Reload systemd"
become: true
systemd: systemd:
daemon_reload: true daemon_reload: true
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd"
- name: "Restart fail2ban" - name: "systemctl restart fail2ban"
service: become: true
ansible.builtin.systemd:
name: fail2ban name: fail2ban
state: restarted state: restarted
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd"

13
tasks/backup.yml
View file

@ -1,15 +1,18 @@
--- ---
- name: Get service facts - name: Get service facts
service_facts: ansible.builtin.service_facts:
- block: - block:
- name: Stopping gitea before upgrade - name: Stopping gitea before upgrade
service: become: true
ansible.builtin.systemd:
name: gitea name: gitea
state: stopped state: stopped
when: ansible_service_mgr == "systemd"
- name: "Create backup directory" - name: "Create backup directory"
file: become: true
ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
owner: "{{ gitea_user }}" owner: "{{ gitea_user }}"
@ -19,13 +22,11 @@
- "{{ gitea_backup_location }}" - "{{ gitea_backup_location }}"
- name: Backing up gitea before upgrade - name: Backing up gitea before upgrade
command: ansible.builtin.command:
cmd: "gitea dump -c /etc/gitea/gitea.ini" cmd: "gitea dump -c /etc/gitea/gitea.ini"
chdir: "{{ gitea_backup_location }}" chdir: "{{ gitea_backup_location }}"
become: true become: true
become_method: su
become_user: "{{ gitea_user }}" become_user: "{{ gitea_user }}"
become_flags: "-s /bin/sh"
when: when:
- ansible_facts.services["gitea.service"] is defined - ansible_facts.services["gitea.service"] is defined
- ansible_facts.services["gitea.service"].state == "running" - ansible_facts.services["gitea.service"].state == "running"

18
tasks/configure.yml Normal file
View file

@ -0,0 +1,18 @@
---
- name: "Configure gitea"
become: true
ansible.builtin.template:
src: gitea.ini.j2
dest: /etc/gitea/gitea.ini
owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
mode: 0600
notify: "Restart gitea"
- name: "Service gitea"
become: true
ansible.builtin.systemd:
name: gitea
state: started
enabled: true
when: ansible_service_mgr == "systemd"

6
tasks/create_user.yml
View file

@ -1,12 +1,14 @@
--- ---
- name: "Create Gitea Group" - name: "Create Gitea Group"
group: become: true
ansible.builtin.group:
name: "{{ gitea_group }}" name: "{{ gitea_group }}"
system: true system: true
state: "present" state: "present"
- name: "Create Gitea user" - name: "Create Gitea user"
user: become: true
ansible.builtin.user:
name: "{{ gitea_user }}" name: "{{ gitea_user }}"
comment: "Gitea user" comment: "Gitea user"
home: "{{ gitea_home }}" home: "{{ gitea_home }}"

19
tasks/directory.yml Normal file
View file

@ -0,0 +1,19 @@
---
- name: "Create config and data directory"
become: true
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
mode: 'u=rwX,g=rX,o='
with_items:
- "/etc/gitea"
- "{{ gitea_home }}"
- "{{ gitea_home }}/data"
- "{{ gitea_home }}/custom"
- "{{ gitea_home }}/custom/https"
- "{{ gitea_home }}/custom/mailer"
- "{{ gitea_home }}/indexers"
- "{{ gitea_home }}/log"
- "{{ gitea_repository_root }}"

10
tasks/fail2ban.yml
View file

@ -1,18 +1,20 @@
--- ---
- name: Install fail2ban filter - name: Install fail2ban filter
template: become: true
ansible.builtin.template:
src: fail2ban/filter.conf.j2 src: fail2ban/filter.conf.j2
dest: /etc/fail2ban/filter.d/gitea.conf dest: /etc/fail2ban/filter.d/gitea.conf
owner: root owner: root
group: root group: root
mode: 0444 mode: 0444
notify: Restart fail2ban notify: systemctl restart fail2ban
- name: Install fail2ban jail - name: Install fail2ban jail
template: become: true
ansible.builtin.template:
src: fail2ban/jail.conf.j2 src: fail2ban/jail.conf.j2
dest: /etc/fail2ban/jail.d/gitea.conf dest: /etc/fail2ban/jail.d/gitea.conf
owner: root owner: root
group: root group: root
mode: 0444 mode: 0444
notify: Restart fail2ban notify: systemctl restart fail2ban

12
tasks/gitea_secrets.yml
View file

@ -1,38 +1,38 @@
--- ---
- name: generate gitea SECRET_KEY if not provided - name: generate gitea SECRET_KEY if not provided
become: true become: true
shell: 'umask 077; /usr/local/bin/gitea generate secret SECRET_KEY > /etc/gitea/gitea_secret_key' ansible.builtin.shell: 'umask 077; /usr/local/bin/gitea generate secret SECRET_KEY > /etc/gitea/gitea_secret_key'
args: args:
creates: '/etc/gitea/gitea_secret_key' creates: '/etc/gitea/gitea_secret_key'
when: gitea_secret_key | length == 0 when: gitea_secret_key | length == 0
- name: read gitea SECRET_KEY from file - name: read gitea SECRET_KEY from file
become: true become: true
slurp: ansible.builtin.slurp:
src: '/etc/gitea/gitea_secret_key' src: '/etc/gitea/gitea_secret_key'
register: remote_secret_key register: remote_secret_key
when: gitea_secret_key | length == 0 when: gitea_secret_key | length == 0
- name: set fact gitea_secret_key - name: set fact gitea_secret_key
set_fact: ansible.builtin.set_fact:
gitea_secret_key: "{{ remote_secret_key['content'] | b64decode }}" gitea_secret_key: "{{ remote_secret_key['content'] | b64decode }}"
when: gitea_secret_key | length == 0 when: gitea_secret_key | length == 0
- name: generate gitea INTERNAL_TOKEN if not provided - name: generate gitea INTERNAL_TOKEN if not provided
become: true become: true
shell: 'umask 077; /usr/local/bin/gitea generate secret INTERNAL_TOKEN > /etc/gitea/gitea_internal_token' ansible.builtin.shell: 'umask 077; /usr/local/bin/gitea generate secret INTERNAL_TOKEN > /etc/gitea/gitea_internal_token'
args: args:
creates: '/etc/gitea/gitea_internal_token' creates: '/etc/gitea/gitea_internal_token'
when: gitea_internal_token | length == 0 when: gitea_internal_token | length == 0
- name: read gitea INTERNAL_TOKEN from file - name: read gitea INTERNAL_TOKEN from file
become: true become: true
slurp: ansible.builtin.slurp:
src: '/etc/gitea/gitea_internal_token' src: '/etc/gitea/gitea_internal_token'
register: remote_internal_token register: remote_internal_token
when: gitea_internal_token | length == 0 when: gitea_internal_token | length == 0
- name: set fact gitea_internal_token - name: set fact gitea_internal_token
set_fact: ansible.builtin.set_fact:
gitea_internal_token: "{{ remote_internal_token['content'] | b64decode }}" gitea_internal_token: "{{ remote_internal_token['content'] | b64decode }}"
when: gitea_internal_token | length == 0 when: gitea_internal_token | length == 0

32
tasks/install.yml
View file

@ -1,7 +1,8 @@
--- ---
- block: - block:
- name: Update apt cache - name: Update apt cache
apt: become: true
ansible.builtin.apt:
cache_valid_time: 3600 cache_valid_time: 3600
update_cache: true update_cache: true
register: _pre_update_apt_cache register: _pre_update_apt_cache
@ -10,7 +11,8 @@
- ansible_pkg_mgr == "apt" - ansible_pkg_mgr == "apt"
- name: Install dependencies - name: Install dependencies
package: become: true
ansible.builtin.package:
name: "{{ gitea_dependencies }}" name: "{{ gitea_dependencies }}"
state: present state: present
register: _install_dep_packages register: _install_dep_packages
@ -20,9 +22,9 @@
- block: - block:
- name: Download gitea archive - name: Download gitea archive
get_url: ansible.builtin.get_url:
url: "{{ gitea_dl_url }}.xz" url: "{{ gitea_dl_url }}.xz"
dest: "/tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz" dest: "/tmp/{{ gitea_filename }}.xz"
checksum: "sha256:{{ gitea_dl_url }}.xz.sha256" checksum: "sha256:{{ gitea_dl_url }}.xz.sha256"
register: _download_archive register: _download_archive
until: _download_archive is succeeded until: _download_archive is succeeded
@ -30,38 +32,40 @@
delay: 2 delay: 2
- name: Download gitea asc file - name: Download gitea asc file
get_url: ansible.builtin.get_url:
url: "{{ gitea_dl_url }}.xz.asc" url: "{{ gitea_dl_url }}.xz.asc"
dest: "/tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz.asc" dest: "/tmp/{{ gitea_filename }}.xz.asc"
register: _download_asc register: _download_asc
until: _download_asc is succeeded until: _download_asc is succeeded
retries: 5 retries: 5
delay: 2 delay: 2
- name: Check gitea gpg key - name: Check gitea gpg key
command: "gpg --list-keys 0x{{ gitea_gpg_key }}" ansible.builtin.command: "gpg --list-keys 0x{{ gitea_gpg_key }}"
register: _gitea_gpg_key_status register: _gitea_gpg_key_status
changed_when: false changed_when: false
failed_when: _gitea_gpg_key_status.rc not in (0, 2) failed_when: _gitea_gpg_key_status.rc not in (0, 2)
- name: Import gitea gpg key - name: Import gitea gpg key
command: "gpg --keyserver {{ gitea_gpg_server }} --recv {{ gitea_gpg_key }}" become: true
ansible.builtin.command: "gpg --keyserver {{ gitea_gpg_server }} --recv {{ gitea_gpg_key }}"
register: _gitea_import_key register: _gitea_import_key
changed_when: '"imported: 1" in _gitea_import_key.stderr' changed_when: '"imported: 1" in _gitea_import_key.stderr'
when: _gitea_gpg_key_status.rc != 0 when: _gitea_gpg_key_status.rc != 0
- name: Check archive signature - name: Check archive signature
command: "gpg --verify /tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz.asc /tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz" ansible.builtin.command: "gpg --verify /tmp/{{ gitea_filename }}.xz.asc /tmp/{{ gitea_filename }}.xz"
changed_when: false changed_when: false
- name: Unpack gitea binary - name: Unpack gitea binary
command: ansible.builtin.command:
cmd: "xz -k -d /tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz" cmd: "xz -k -d /tmp/{{ gitea_filename }}.xz"
creates: "/tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}" creates: "/tmp/{{ gitea_filename }}"
- name: Propagate gitea binary - name: Propagate gitea binary
copy: become: true
src: "/tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}" ansible.builtin.copy:
src: "/tmp/{{ gitea_filename }}"
remote_src: true remote_src: true
dest: "/usr/local/bin/gitea" dest: "/usr/local/bin/gitea"
mode: 0755 mode: 0755

8
tasks/install_systemd.yml
View file

@ -1,6 +1,7 @@
--- ---
- name: "Setup systemd service" - name: "Setup systemd service"
template: become: true
ansible.builtin.template:
src: gitea.service.j2 src: gitea.service.j2
dest: /lib/systemd/system/gitea.service dest: /lib/systemd/system/gitea.service
owner: root owner: root
@ -10,8 +11,7 @@
- "Reload systemd" - "Reload systemd"
- "Restart gitea" - "Restart gitea"
# systemd to be reloaded the first time because
# it is the only way Systemd is going to be aware of the new unit file.
- name: "Reload systemd" - name: "Reload systemd"
systemd: become: true
ansible.builtin.systemd:
daemon_reload: true daemon_reload: true

12
tasks/jwt_secrets.yml
View file

@ -1,38 +1,38 @@
--- ---
- name: generate OAuth2 JWT_SECRET if not provided - name: generate OAuth2 JWT_SECRET if not provided
become: true become: true
shell: 'umask 077; /usr/local/bin/gitea generate secret JWT_SECRET > /etc/gitea/gitea_oauth_jwt_secret' ansible.builtin.shell: 'umask 077; /usr/local/bin/gitea generate secret JWT_SECRET > /etc/gitea/gitea_oauth_jwt_secret'
args: args:
creates: '/etc/gitea/gitea_oauth_jwt_secret' creates: '/etc/gitea/gitea_oauth_jwt_secret'
when: gitea_oauth2_jwt_secret | length == 0 when: gitea_oauth2_jwt_secret | length == 0
- name: read OAuth2 JWT_SECRET from file - name: read OAuth2 JWT_SECRET from file
become: true become: true
slurp: ansible.builtin.slurp:
src: '/etc/gitea/gitea_oauth_jwt_secret' src: '/etc/gitea/gitea_oauth_jwt_secret'
register: oauth_jwt_secret register: oauth_jwt_secret
when: gitea_oauth2_jwt_secret | length == 0 when: gitea_oauth2_jwt_secret | length == 0
- name: set fact gitea_oauth2_jwt_secret - name: set fact gitea_oauth2_jwt_secret
set_fact: ansible.builtin.set_fact:
gitea_oauth2_jwt_secret: "{{ oauth_jwt_secret['content'] | b64decode }}" gitea_oauth2_jwt_secret: "{{ oauth_jwt_secret['content'] | b64decode }}"
when: gitea_oauth2_jwt_secret | length == 0 when: gitea_oauth2_jwt_secret | length == 0
- name: generate LFS JWT_SECRET if not provided - name: generate LFS JWT_SECRET if not provided
become: true become: true
shell: 'umask 077; /usr/local/bin/gitea generate secret JWT_SECRET > /etc/gitea/gitea_lfs_jwt_secret' ansible.builtin.shell: 'umask 077; /usr/local/bin/gitea generate secret JWT_SECRET > /etc/gitea/gitea_lfs_jwt_secret'
args: args:
creates: '/etc/gitea/gitea_lfs_jwt_secret' creates: '/etc/gitea/gitea_lfs_jwt_secret'
when: gitea_lfs_jwt_secret | length == 0 when: gitea_lfs_jwt_secret | length == 0
- name: read LFS JWT_SECRET from file - name: read LFS JWT_SECRET from file
become: true become: true
slurp: ansible.builtin.slurp:
src: '/etc/gitea/gitea_lfs_jwt_secret' src: '/etc/gitea/gitea_lfs_jwt_secret'
register: lfs_jwt_secret register: lfs_jwt_secret
when: gitea_lfs_jwt_secret | length == 0 when: gitea_lfs_jwt_secret | length == 0
- name: set fact gitea_lfs_jwt_secret - name: set fact gitea_lfs_jwt_secret
set_fact: ansible.builtin.set_fact:
gitea_lfs_jwt_secret: "{{ lfs_jwt_secret['content'] | b64decode }}" gitea_lfs_jwt_secret: "{{ lfs_jwt_secret['content'] | b64decode }}"
when: gitea_lfs_jwt_secret | length == 0 when: gitea_lfs_jwt_secret | length == 0

77
tasks/main.yml
View file

@ -4,16 +4,10 @@
when: submodules_versioncheck|bool when: submodules_versioncheck|bool
- name: Gather variables for each operating system - name: Gather variables for each operating system
include_vars: "{{ item }}" ansible.builtin.include_vars: "{{ lookup('first_found', gitea_variables) }}"
with_first_found:
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_distribution | lower }}.yml"
- "{{ ansible_os_family | lower }}.yml"
- name: "Check gitea version" - name: "Check gitea version"
shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3" ansible.builtin.shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3"
args: args:
executable: /bin/bash executable: /bin/bash
register: gitea_active_version register: gitea_active_version
@ -22,64 +16,31 @@
when: gitea_version_check|bool when: gitea_version_check|bool
- name: backup gitea before update - name: backup gitea before update
include_tasks: backup.yml ansible.builtin.include_tasks: backup.yml
when: gitea_backup_on_upgrade|bool when: gitea_backup_on_upgrade|bool
- name: create gitea user and role
ansible.builtin.include_tasks: create_user.yml
- name: install or update gitea - name: install or update gitea
include_tasks: install.yml ansible.builtin.include_tasks: install.yml
- include: create_user.yml - name: Create directorys
ansible.builtin.include_tasks: directory.yml
- name: "Create config directory" - name: setup gitea systemd service
file: ansible.builtin.include_tasks: install_systemd.yml
path: "{{ item }}"
state: directory
owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
mode: '0755'
with_items:
- "/etc/gitea"
- name: "Create data directory"
file:
path: "{{ item }}"
state: directory
owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
mode: 'u=rwX,g=rX,o='
recurse: true
with_items:
- "{{ gitea_home }}"
- "{{ gitea_home }}/data"
- "{{ gitea_home }}/custom"
- "{{ gitea_home }}/custom/https"
- "{{ gitea_home }}/custom/mailer"
- "{{ gitea_home }}/indexers"
- "{{ gitea_home }}/log"
- "{{ gitea_repository_root }}"
- include: install_systemd.yml
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd"
- include_tasks: jwt_secrets.yml - name: generate JWT Secrets if undefined
ansible.builtin.include_tasks: jwt_secrets.yml
- include_tasks: gitea_secrets.yml - name: generate gitea secrets if undefined
ansible.builtin.include_tasks: gitea_secrets.yml
- name: "Configure gitea" - name: configure gitea
template: ansible.builtin.include_tasks: configure.yml
src: gitea.ini.j2
dest: /etc/gitea/gitea.ini
owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
mode: 0600
notify: "Restart gitea"
- name: "Service gitea" - name: deploy optional fail2ban rules
service: ansible.builtin.include_tasks: fail2ban.yml
name: gitea
state: started
enabled: true
when: ansible_service_mgr == "systemd"
- include: fail2ban.yml
when: gitea_fail2ban_enabled|bool when: gitea_fail2ban_enabled|bool

13
vars/main.yml
View file

@ -8,6 +8,17 @@ gitea_go_arch_map:
armv5l: 'arm-5' armv5l: 'arm-5'
gitea_arch: "{{ gitea_go_arch_map[ansible_architecture] | default(ansible_architecture) }}" gitea_arch: "{{ gitea_go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
gitea_filename: "gitea-{{ gitea_version }}.linux-{{ gitea_arch }}"
playbook_version_number: 6 # should be int gitea_variables:
files:
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_distribution | lower }}.yml"
- "{{ ansible_os_family | lower }}.yml"
paths:
- 'vars'
playbook_version_number: 7 # should be int
playbook_version_path: 'do1jlr.gitea.version' playbook_version_path: 'do1jlr.gitea.version'