mirror of
https://github.com/roles-ansible/ansible_role_gitea.git
synced 2024-08-16 11:39:50 +02:00
commit
9e7f0b0eff
12 changed files with 57 additions and 56 deletions
|
@ -12,7 +12,7 @@
|
|||
daemon_reload: true
|
||||
when: ansible_service_mgr == "systemd"
|
||||
|
||||
- name: "systemctl restart fail2ban"
|
||||
- name: "Systemctl restart fail2ban"
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
name: fail2ban
|
||||
|
|
|
@ -3,6 +3,10 @@
|
|||
ansible.builtin.service_facts:
|
||||
|
||||
- name: Backup block
|
||||
when:
|
||||
- ansible_facts.services["gitea.service"] is defined
|
||||
- ansible_facts.services["gitea.service"].state == "running"
|
||||
- gitea_active_version.stdout != gitea_version_target
|
||||
block:
|
||||
- name: Stopping gitea before upgrade
|
||||
become: true
|
||||
|
@ -36,10 +40,6 @@
|
|||
state: stopped
|
||||
when: ansible_service_mgr == "systemd"
|
||||
|
||||
- name: print updateing error
|
||||
- name: Print updateing error
|
||||
ansible.builtin.debug:
|
||||
msg: "failed to backup gitea"
|
||||
when:
|
||||
- ansible_facts.services["gitea.service"] is defined
|
||||
- ansible_facts.services["gitea.service"].state == "running"
|
||||
- gitea_active_version.stdout != gitea_version_target
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
- name: create directory for custom footer
|
||||
- name: Create directory for custom footer
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
|
@ -11,7 +11,7 @@
|
|||
- "{{ gitea_custom }}/templates"
|
||||
- "{{ gitea_custom }}/templates/custom"
|
||||
|
||||
- name: transfer custom footer template
|
||||
- name: Transfer custom footer template
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: "{{ lookup('first_found', transfer_custom_footer) }}"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
- name: create directory for custom logos
|
||||
- name: Create directory for custom logos
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
|
@ -11,7 +11,7 @@
|
|||
- "{{ gitea_custom }}/public"
|
||||
- "{{ gitea_custom }}/public/img"
|
||||
|
||||
- name: transfer custom logo.svg
|
||||
- name: Transfer custom logo.svg
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: "{{ lookup('first_found', transfer_custom_logo_logosvg) }}"
|
||||
|
@ -22,7 +22,7 @@
|
|||
tags: skip_ansible_lint
|
||||
ignore_errors: true
|
||||
|
||||
- name: transfer custom logo.png
|
||||
- name: Transfer custom logo.png
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: "{{ lookup('first_found', transfer_custom_logo_logopng) }}"
|
||||
|
@ -33,7 +33,7 @@
|
|||
tags: skip_ansible_lint
|
||||
ignore_errors: true
|
||||
|
||||
- name: transfer custom favicon.png
|
||||
- name: Transfer custom favicon.png
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: "{{ lookup('first_found', transfer_custom_logo_faviconpng) }}"
|
||||
|
@ -44,7 +44,7 @@
|
|||
tags: skip_ansible_lint
|
||||
ignore_errors: true
|
||||
|
||||
- name: transfer custom apple-touch-icon.png
|
||||
- name: Transfer custom apple-touch-icon.png
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: "{{ lookup('first_found', transfer_custom_logo_appletouchiconpng) }}"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
- name: create public directory for custom public web files
|
||||
- name: Create public directory for custom public web files
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
|
@ -10,7 +10,7 @@
|
|||
with_items:
|
||||
- "{{ gitea_custom }}/public"
|
||||
|
||||
- name: transfer custom public web data
|
||||
- name: Transfer custom public web data
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: "{{ gitea_customize_files_path }}"
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
notify: systemctl restart fail2ban
|
||||
notify: "Systemctl restart fail2ban"
|
||||
when: "'fail2ban' in ansible_facts.packages"
|
||||
|
||||
- name: Install fail2ban jail
|
||||
|
@ -18,12 +18,12 @@
|
|||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
notify: systemctl restart fail2ban
|
||||
notify: "Systemctl restart fail2ban"
|
||||
when: "'fail2ban' in ansible_facts.packages"
|
||||
|
||||
- name: warn if fail2ban is not installed
|
||||
- name: Warn if fail2ban is not installed
|
||||
ansible.builtin.fail:
|
||||
msg: "the package fail2ban is not installed. no fail2ban filters deployed."
|
||||
when: "'fail2ban' not in ansible_facts.packages"
|
||||
tags: skip_ansible_lint
|
||||
ignore_errors: true
|
||||
tags: skip_ansible_lint_ignore-errors
|
||||
|
|
|
@ -1,38 +1,38 @@
|
|||
---
|
||||
- name: generate gitea SECRET_KEY if not provided
|
||||
- name: Generate gitea SECRET_KEY if not provided
|
||||
become: true
|
||||
ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret SECRET_KEY > {{ gitea_configuraion_path }}/gitea_secret_key'
|
||||
args:
|
||||
creates: '{{ gitea_configuraion_path }}/gitea_secret_key'
|
||||
when: gitea_secret_key | string | length == 0
|
||||
|
||||
- name: read gitea SECRET_KEY from file
|
||||
- name: Read gitea SECRET_KEY from file
|
||||
become: true
|
||||
ansible.builtin.slurp:
|
||||
src: '{{ gitea_configuraion_path }}/gitea_secret_key'
|
||||
register: remote_secret_key
|
||||
when: gitea_secret_key | string | length == 0
|
||||
|
||||
- name: set fact gitea_secret_key
|
||||
- name: Set fact gitea_secret_key
|
||||
ansible.builtin.set_fact:
|
||||
gitea_secret_key: "{{ remote_secret_key['content'] | b64decode }}"
|
||||
when: gitea_secret_key | string | length == 0
|
||||
when: gitea_secret_key | string | length == 0
|
||||
|
||||
- name: generate gitea INTERNAL_TOKEN if not provided
|
||||
- name: Generate gitea INTERNAL_TOKEN if not provided
|
||||
become: true
|
||||
ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret INTERNAL_TOKEN > {{ gitea_configuraion_path }}/gitea_internal_token'
|
||||
args:
|
||||
creates: '{{ gitea_configuraion_path }}/gitea_internal_token'
|
||||
when: gitea_internal_token | string | length == 0
|
||||
|
||||
- name: read gitea INTERNAL_TOKEN from file
|
||||
- name: Read gitea INTERNAL_TOKEN from file
|
||||
become: true
|
||||
ansible.builtin.slurp:
|
||||
src: '{{ gitea_configuraion_path }}/gitea_internal_token'
|
||||
register: remote_internal_token
|
||||
when: gitea_internal_token | string | length == 0
|
||||
|
||||
- name: set fact gitea_internal_token
|
||||
- name: Set fact gitea_internal_token
|
||||
ansible.builtin.set_fact:
|
||||
gitea_internal_token: "{{ remote_internal_token['content'] | b64decode }}"
|
||||
when: gitea_internal_token | string | length == 0
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
delay: 2
|
||||
|
||||
- name: Install block
|
||||
when: (not gitea_version_check | bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version_target))
|
||||
block:
|
||||
- name: Download gitea archive
|
||||
ansible.builtin.get_url:
|
||||
|
@ -75,4 +76,3 @@
|
|||
owner: root
|
||||
group: root
|
||||
notify: "Restart gitea"
|
||||
when: (not gitea_version_check|bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version_target))
|
||||
|
|
|
@ -1,38 +1,38 @@
|
|||
---
|
||||
- name: generate OAuth2 JWT_SECRET if not provided
|
||||
- name: Generate OAuth2 JWT_SECRET if not provided
|
||||
become: true
|
||||
ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_oauth_jwt_secret'
|
||||
args:
|
||||
creates: '{{ gitea_configuraion_path }}/gitea_oauth_jwt_secret'
|
||||
when: gitea_oauth2_jwt_secret | length == 0
|
||||
|
||||
- name: read OAuth2 JWT_SECRET from file
|
||||
- name: Read OAuth2 JWT_SECRET from file
|
||||
become: true
|
||||
ansible.builtin.slurp:
|
||||
src: '{{ gitea_configuraion_path }}/gitea_oauth_jwt_secret'
|
||||
register: oauth_jwt_secret
|
||||
when: gitea_oauth2_jwt_secret | length == 0
|
||||
|
||||
- name: set fact gitea_oauth2_jwt_secret
|
||||
- name: Set fact gitea_oauth2_jwt_secret
|
||||
ansible.builtin.set_fact:
|
||||
gitea_oauth2_jwt_secret: "{{ oauth_jwt_secret['content'] | b64decode }}"
|
||||
when: gitea_oauth2_jwt_secret | length == 0
|
||||
|
||||
- name: generate LFS JWT_SECRET if not provided
|
||||
- name: Generate LFS JWT_SECRET if not provided
|
||||
become: true
|
||||
ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_lfs_jwt_secret'
|
||||
args:
|
||||
creates: '{{ gitea_configuraion_path }}/gitea_lfs_jwt_secret'
|
||||
when: gitea_lfs_jwt_secret | length == 0
|
||||
|
||||
- name: read LFS JWT_SECRET from file
|
||||
- name: Read LFS JWT_SECRET from file
|
||||
become: true
|
||||
ansible.builtin.slurp:
|
||||
src: '{{ gitea_configuraion_path }}/gitea_lfs_jwt_secret'
|
||||
register: lfs_jwt_secret
|
||||
when: gitea_lfs_jwt_secret | length == 0
|
||||
|
||||
- name: set fact gitea_lfs_jwt_secret
|
||||
- name: Set fact gitea_lfs_jwt_secret
|
||||
ansible.builtin.set_fact:
|
||||
gitea_lfs_jwt_secret: "{{ lfs_jwt_secret['content'] | b64decode }}"
|
||||
when: gitea_lfs_jwt_secret | length == 0
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
- name: perform optional versionscheck
|
||||
- name: Perform optional versionscheck
|
||||
ansible.builtin.include_tasks: versioncheck.yml
|
||||
when: submodules_versioncheck|bool
|
||||
|
||||
|
@ -13,44 +13,44 @@
|
|||
- name: Gather versioning information
|
||||
ansible.builtin.include_tasks: set_version.yml
|
||||
|
||||
- name: backup gitea before update
|
||||
- name: Backup gitea before update
|
||||
ansible.builtin.include_tasks: backup.yml
|
||||
when: gitea_backup_on_upgrade|bool
|
||||
|
||||
- name: create gitea user and role
|
||||
- name: Create gitea user and role
|
||||
ansible.builtin.include_tasks: create_user.yml
|
||||
|
||||
- name: install or update gitea
|
||||
- name: Install or update gitea
|
||||
ansible.builtin.include_tasks: install.yml
|
||||
|
||||
- name: Create directories
|
||||
ansible.builtin.include_tasks: directory.yml
|
||||
|
||||
- name: setup gitea systemd service
|
||||
- name: Setup gitea systemd service
|
||||
ansible.builtin.include_tasks: install_systemd.yml
|
||||
when: ansible_service_mgr == "systemd"
|
||||
|
||||
- name: generate JWT Secrets if undefined
|
||||
- name: Generate JWT Secrets if undefined
|
||||
ansible.builtin.include_tasks: jwt_secrets.yml
|
||||
|
||||
- name: generate gitea secrets if undefined
|
||||
- name: Generate gitea secrets if undefined
|
||||
ansible.builtin.include_tasks: gitea_secrets.yml
|
||||
|
||||
- name: configure gitea
|
||||
- name: Configure gitea
|
||||
ansible.builtin.include_tasks: configure.yml
|
||||
|
||||
- name: deploy optional fail2ban rules
|
||||
- name: Deploy optional fail2ban rules
|
||||
ansible.builtin.include_tasks: fail2ban.yml
|
||||
when: gitea_fail2ban_enabled|bool
|
||||
|
||||
- name: optionally customize gitea
|
||||
- name: Optionally customize gitea
|
||||
ansible.builtin.include_tasks: customize_logo.yml
|
||||
when: gitea_customize_logo|bool
|
||||
|
||||
- name: optionally customize footer
|
||||
- name: Optionally customize footer
|
||||
ansible.builtin.include_tasks: customize_footer.yml
|
||||
when: gitea_customize_footer|bool
|
||||
|
||||
- name: optionally deploy public files
|
||||
- name: Optionally deploy public files
|
||||
ansible.builtin.include_tasks: customize_public_files.yml
|
||||
when: gitea_customize_files|bool
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
failed_when: false
|
||||
|
||||
- name: "Determine 'latest' version release"
|
||||
when: gitea_version == "latest"
|
||||
block:
|
||||
- name: "Get latest gitea release metadata"
|
||||
ansible.builtin.uri:
|
||||
|
@ -21,7 +22,7 @@
|
|||
msg: |
|
||||
"You are running this playbook in check mode:
|
||||
Please set the Gitea version with the variable 'gitea_version', because the URI module cannot detect the latest version in this mode."
|
||||
when: ansible_check_mode and ( gitea_version == 'latest' or gitea_version == 'present' )
|
||||
when: ansible_check_mode and (gitea_version == 'latest' or gitea_version == 'present')
|
||||
|
||||
- name: "Set fact latest gitea release"
|
||||
ansible.builtin.set_fact:
|
||||
|
@ -32,9 +33,8 @@
|
|||
ansible.builtin.set_fact:
|
||||
gitea_version_target: "{{ gitea_remote_version }}"
|
||||
when: not ansible_check_mode
|
||||
when: gitea_version == "latest"
|
||||
|
||||
- name: "Set gitea version target ({{ gitea_version }})"
|
||||
- name: "Set gitea version target {{ gitea_version }}"
|
||||
ansible.builtin.set_fact:
|
||||
gitea_version_target: "{{ gitea_version }}"
|
||||
when: gitea_version != "latest"
|
||||
|
|
|
@ -8,37 +8,38 @@
|
|||
path: '/etc/.ansible-version'
|
||||
state: directory
|
||||
mode: 0755
|
||||
when: submodules_versioncheck|bool
|
||||
when: submodules_versioncheck | bool
|
||||
|
||||
- name: check playbook version
|
||||
- name: Check playbook version
|
||||
become: true
|
||||
ansible.builtin.slurp:
|
||||
src: "/etc/.ansible-version/{{ playbook_version_path }}"
|
||||
register: playbook_version
|
||||
when: submodules_versioncheck|bool
|
||||
when: submodules_versioncheck | bool
|
||||
ignore_errors: true
|
||||
failed_when: false
|
||||
|
||||
- name: Print remote role version
|
||||
ansible.builtin.debug:
|
||||
msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
|
||||
when: submodules_versioncheck|bool
|
||||
when: submodules_versioncheck | bool
|
||||
|
||||
- name: Print locale role version
|
||||
ansible.builtin.debug:
|
||||
msg: "Local role version: '{{ playbook_version_number | string }}'."
|
||||
when: submodules_versioncheck|bool
|
||||
when: submodules_versioncheck | bool
|
||||
|
||||
- name: Check if your version is outdated
|
||||
ansible.builtin.fail:
|
||||
msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!"
|
||||
when:
|
||||
- playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck|bool
|
||||
- playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool
|
||||
|
||||
- name: write new version to remote disk
|
||||
- name: Write new version to remote disk
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
content: "{{ playbook_version_number }}"
|
||||
dest: "/etc/.ansible-version/{{ playbook_version_path }}"
|
||||
mode: '0644'
|
||||
when: submodules_versioncheck|bool
|
||||
when: submodules_versioncheck | bool
|
||||
tags: skip_ansible_lint_template-instead-of-copy
|
||||
|
|
Loading…
Reference in a new issue