ansible/ansible_role_gitea
1
1
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_gitea.git synced 2024-08-16 11:39:50 +02:00
Code Issues Releases Activity

Merge pull request #92 from roles-ansible/forgejo

Browse source 
Option to install Forgejo
This commit is contained in:
L3D 2023-01-27 09:56:36 +01:00 committed by GitHub
commit f395277969
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 240 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
README.md
View file

@ -1,10 +1,11 @@
[![Ansible Galaxy](https://raw.githubusercontent.com/roles-ansible/ansible_role_gitea/main/.github/galaxy.svg?sanitize=true)](https://galaxy.ansible.com/do1jlr/gitea) [![MIT License](https://raw.githubusercontent.com/roles-ansible/ansible_role_gitea/main/.github/license.svg?sanitize=true)](https://github.com/roles-ansible/ansible_role_gitea/blob/main/LICENSE)
ansible role gitea
===================
ansible role gitea/forgejo
============================
This role installs and manages [gitea](https://gitea.io) - Git with a cup of tea. A painless self-hosted Git service. Gitea is a community managed lightweight code hosting solution written in Go.
This role installs and manages [gitea](https://gitea.io) or [forgejo](https://forgejo.org). A painless self-hosted Git service. Gitea is a community managed lightweight code hosting solution written in Go. Forgejo is a fork of it.
[Source code & screenshots](https://github.com/go-gitea/gitea).
[Source code forgejo](https://codeberg.org/forgejo/forgejo)
## Sample example of use in a playbook
@ -20,10 +21,10 @@ The following code has been tested with the latest Debian Stable, it should work
vars:
# Here we assume we are behind a reverse proxy that will
# handle https for us, so we bind on localhost:3000 using HTTP
# see https://docs.gitea.io/en-us/reverse-proxies/#nginx
gitea_fqdn: 'git.example.com'
gitea_root_url: 'https://git.example.com'
gitea_protocol: http
gitea_start_ssh: true
```
@ -31,6 +32,13 @@ The following code has been tested with the latest Debian Stable, it should work
-----------
Here is a deeper insight into the variables of this gitea role. For the exact function of some variables and the possibility to add more options we recommend a look at this [config cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet/).
### Chose between gitea and forgejo
There is a fork of gitea called forgejo. Why? Read the [forgejo FAQ](https://forgejo.org/faq/).
You have the option to choose between [gitea](https://gitea.io) and [forgejo](https://forgejo.org) by modifying the ``gitea_fork`` variable.
| variable name | default value | description |
| ------------- | ------------- | ----------- |
| `gitea_fork` | `gitea` | optional choose to install forgejo instead of gitea by setting this value to `forgejo`. |
### gitea update mechanism
To determine which gitea version to install, you can choose between two variants.
Either you define exactly which release you install. Or you use the option ``latest`` to always install the latest release from the [gitea releases](https://github.com/go-gitea/gitea/releases/latest).
@ -41,6 +49,7 @@ Either you define exactly which release you install. Or you use the option ``lat
| `gitea_version` | `latest` | Define either the exact release to install *(eg. `1.16.0`)* or use ``latest`` *(default)* to install the latest release. |
| `gitea_version_check` | `true` | Check if installed version != `gitea_version` before initiating binary download |
| `gitea_gpg_key` | `7C9E68152594688862D62AF62D9AE806EC1592E2` | the gpg key the gitea binary is signed with |
| `gitea_forgejo_gpg_key` | `EB114F5E6C0DC2BCDD183550A4B61A2DC5923710` | the gpg key the forgejo binary is signed with |
| `gitea_gpg_server` | `hkps://keys.openpgp.org` | A gpg key server where this role can download the gpg key |
| `gitea_backup_on_upgrade` | `false` | Optionally a backup can be created with every update of gitea. |
| `gitea_backup_location` | `{{ gitea_home }}/backups/` | Where to store the gitea backup if one is created with this role. |
@ -54,6 +63,7 @@ Either you define exactly which release you install. Or you use the option ``lat
| `gitea_home` | `/var/lib/gitea` | Base directory to work |
| `gitea_user_home` | `{{ gitea_home }}` | home of gitea user |
| `gitea_executable_path` | `/usr/local/bin/gitea` | Path for gitea executable |
| `gitea_forgejo_executable_path` | `/usr/local/bin/forgejo` | Path for forgejo executable |
| `gitea_configuraion_path` | `/etc/gitea` | Where to put the gitea.ini config |
| `gitea_shell` | `/bin/false` | UNIX shell used by gitea. Set it to `/bin/bash` if you don't use the gitea built-in ssh server. |
| `gitea_systemd_cap_net_bind_service` | `false` | Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file |
@ -97,6 +107,7 @@ Either you define exactly which release you install. Or you use the option ``lat
| `gitea_enable_repo_signing_extra` | | you can use this variable to pass additional config parameters in the `[repository.signing]` section of the config. |
### CORS ([cors](https://docs.gitea.io/en-us/config-cheat-sheet/#cors-cors))
| variable name | default value | description |
| ------------- | ------------- | ----------- |
| `gitea_enable_cors` | `false` | enable cors headers (disabled by default) |
| `gitea_cors_scheme` | `http` | scheme of allowed requests |
@ -133,7 +144,6 @@ Either you define exactly which release you install. Or you use the option ``lat
| `gitea_root_url` | `http://localhost:3000` | Root URL used to access your web app (full URL) |
| `gitea_http_listen` | `127.0.0.1` | HTTP listen address |
| `gitea_http_port` | `3000` | Bind port *(redirect from `80` will be activated if value is `443`)* |
| `gitea_start_ssh` | `true` | When enabled, use the built-in SSH server. |
| `gitea_ssh_domain` | `{{ gitea_http_domain ` | Domain name of this server, used for displayed clone URL |
| `gitea_ssh_port` | `2222` | SSH port displayed in clone URL. |

5
defaults/main.yml
View file

@ -1,9 +1,13 @@
---
# Choose between https://forgejo.org/ and https://gitea.io/
gitea_fork: 'gitea' # 'gitea' and 'forgejo' are valid options
# gitea version
# Use 'latest' to auto-update; upgrading past role version may lead to errors.
gitea_version: 'latest'
gitea_version_check: true
gitea_gpg_key: '7C9E68152594688862D62AF62D9AE806EC1592E2'
gitea_forgejo_gpg_key: 'EB114F5E6C0DC2BCDD183550A4B61A2DC5923710'
gitea_gpg_server: 'hkps://keys.openpgp.org'
gitea_backup_on_upgrade: false
gitea_backup_location: "{{ gitea_home }}/backups/"
@ -15,6 +19,7 @@ gitea_group: 'gitea'
gitea_home: '/var/lib/gitea'
gitea_user_home: '{{ gitea_home }}'
gitea_executable_path: '/usr/local/bin/gitea'
gitea_forgejo_executable_path: '/usr/local/bin/forgejo'
gitea_configuraion_path: '/etc/gitea'
gitea_shell: '/bin/false'
gitea_systemd_cap_net_bind_service: false

3
meta/main.yml
View file

@ -2,7 +2,7 @@
galaxy_info:
role_name: gitea
author: do1jlr
description: Ansible role to configure and deploy gitea, a painless self-hosted Git service.
description: Ansible role to configure and deploy gitea and forgejo, a painless self-hosted Git service.
license: "BSD-3-Clause"
min_ansible_version: "2.11"
platforms:
@ -20,6 +20,7 @@ galaxy_info:
- all
galaxy_tags:
- gitea
- forgejo
- git
- system
- development

2
tasks/backup.yml
View file

@ -29,7 +29,7 @@
- name: Backing up gitea before upgrade
become: true
ansible.builtin.command:
cmd: "sudo -u {{ gitea_user }} {{ gitea_executable_path }} dump -c {{ gitea_configuraion_path }}/gitea.ini"
cmd: "sudo -u {{ gitea_user }} {{ gitea_full_executable_path }} dump -c {{ gitea_configuraion_path }}/gitea.ini"
chdir: "{{ gitea_backup_location }}"
changed_when: true
rescue:

4
tasks/gitea_secrets.yml
View file

@ -1,7 +1,7 @@
---
- name: Generate gitea SECRET_KEY if not provided
become: true
ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret SECRET_KEY > {{ gitea_configuraion_path }}/gitea_secret_key'
ansible.builtin.shell: 'umask 077; {{ gitea_full_executable_path }} generate secret SECRET_KEY > {{ gitea_configuraion_path }}/gitea_secret_key'
args:
creates: '{{ gitea_configuraion_path }}/gitea_secret_key'
when: gitea_secret_key | string | length == 0
@ -20,7 +20,7 @@
- name: Generate gitea INTERNAL_TOKEN if not provided
become: true
ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret INTERNAL_TOKEN > {{ gitea_configuraion_path }}/gitea_internal_token'
ansible.builtin.shell: 'umask 077; {{ gitea_full_executable_path }} generate secret INTERNAL_TOKEN > {{ gitea_configuraion_path }}/gitea_internal_token'
args:
creates: '{{ gitea_configuraion_path }}/gitea_internal_token'
when: gitea_internal_token | string | length == 0

78
tasks/install_forgejo.yml Normal file
View file

@ -0,0 +1,78 @@
---
- name: Dependency block
block:
- name: Update apt cache
become: true
ansible.builtin.apt:
cache_valid_time: 3600
update_cache: true
register: _pre_update_apt_cache
until: _pre_update_apt_cache is succeeded
when:
- ansible_pkg_mgr == "apt"
- name: Install dependencies
become: true
ansible.builtin.package:
name: "{{ gitea_dependencies }}"
state: present
register: _install_dep_packages
until: _install_dep_packages is succeeded
retries: 5
delay: 2
- name: Install forgejo block
when: (not gitea_version_check | bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version_target))
block:
- name: Download forgejo archive
ansible.builtin.get_url:
url: "{{ gitea_forgejo_dl_url | first }}"
dest: "/tmp/{{ gitea_filename }}"
checksum: "sha256:{{ gitea_forgejo_checksum }}"
mode: 0640
register: _download_archive
until: _download_archive is succeeded
retries: 5
delay: 2
- name: Download forgejo asc file
ansible.builtin.get_url:
url: "{{ gitea_forgejo_signed_url | first }}"
dest: "/tmp/{{ gitea_filename }}.asc"
mode: 0640
register: _download_asc
until: _download_asc is succeeded
retries: 5
delay: 2
- name: Check forgejo gpg key
ansible.builtin.command: "gpg --list-keys 0x{{ gitea_forgejo_gpg_key }}"
register: _gitea_gpg_key_status
changed_when: false
failed_when: _gitea_gpg_key_status.rc not in (0, 2)
- name: Print gpg key staus on verbosity
ansible.builtin.debug:
msg: "{{ _gitea_gpg_key_status.stdout }}"
verbosity: 1
- name: Import forgejo gpg key
ansible.builtin.command: "gpg --keyserver {{ gitea_gpg_server }} --recv {{ gitea_forgejo_gpg_key }}"
register: _gitea_import_key
changed_when: '"imported: 1" in _gitea_import_key.stderr'
when: '_gitea_gpg_key_status.rc != 0 or "expired" in _gitea_gpg_key_status.stdout'
- name: Check archive signature
ansible.builtin.command: "gpg --verify /tmp/{{ gitea_filename }}.asc /tmp/{{ gitea_filename }}"
changed_when: false
- name: Propagate gitea binary
become: true
ansible.builtin.copy:
src: "/tmp/{{ gitea_filename }}"
remote_src: true
dest: "{{ gitea_full_executable_path }}"
mode: 0755
owner: root
group: root
notify: "Restart gitea"

6
tasks/install.yml → tasks/install_gitea.yml
View file

@ -21,7 +21,7 @@
retries: 5
delay: 2
- name: Install block
- name: Install gitea block
when: (not gitea_version_check | bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version_target))
block:
- name: Download gitea archive
@ -51,7 +51,7 @@
changed_when: false
failed_when: _gitea_gpg_key_status.rc not in (0, 2)
- name: print gpg key staus on verbosity
- name: Print gpg key staus on verbosity
ansible.builtin.debug:
msg: "{{ _gitea_gpg_key_status.stdout }}"
verbosity: 1
@ -76,7 +76,7 @@
ansible.builtin.copy:
src: "/tmp/{{ gitea_filename }}"
remote_src: true
dest: "{{ gitea_executable_path }}"
dest: "{{ gitea_full_executable_path }}"
mode: 0755
owner: root
group: root

4
tasks/jwt_secrets.yml
View file

@ -1,7 +1,7 @@
---
- name: Generate OAuth2 JWT_SECRET if not provided
become: true
ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_oauth_jwt_secret'
ansible.builtin.shell: 'umask 077; {{ gitea_full_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_oauth_jwt_secret'
args:
creates: '{{ gitea_configuraion_path }}/gitea_oauth_jwt_secret'
when: gitea_oauth2_jwt_secret | length == 0
@ -20,7 +20,7 @@
- name: Generate LFS JWT_SECRET if not provided
become: true
ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_lfs_jwt_secret'
ansible.builtin.shell: 'umask 077; {{ gitea_full_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_lfs_jwt_secret'
args:
creates: '{{ gitea_configuraion_path }}/gitea_lfs_jwt_secret'
when: gitea_lfs_jwt_secret | length == 0

15
tasks/main.yml
View file

@ -7,11 +7,20 @@
ansible.builtin.package_facts:
manager: auto
- name: Prepare gitea/forgejo variable import
block:
- name: Gather variables for gitea or forgejo
ansible.builtin.include_vars: "{{ lookup('first_found', gitea_fork_variables) }}"
rescue:
- name: Gitea/Forejo import info
ansible.builtin.fail:
msg: "Currently only {{ gitea_supported_forks }} are supported."
- name: Gather variables for each operating system
ansible.builtin.include_vars: "{{ lookup('first_found', gitea_variables) }}"
- name: Gather versioning information
ansible.builtin.include_tasks: set_version.yml
ansible.builtin.include_tasks: "set_{{ gitea_fork | lower }}_version.yml"
- name: Backup gitea before update
ansible.builtin.include_tasks: backup.yml
@ -20,8 +29,8 @@
- name: Create gitea user and role
ansible.builtin.include_tasks: create_user.yml
- name: Install or update gitea
ansible.builtin.include_tasks: install.yml
- name: "Install or update {{ gitea_fork }}"
ansible.builtin.include_tasks: "install_{{ gitea_fork | lower }}.yml"
- name: Create directories
ansible.builtin.include_tasks: directory.yml

98
tasks/set_forgejo_version.yml Normal file
View file

@ -0,0 +1,98 @@
---
- name: "Check forgejo installed version"
ansible.builtin.shell: "set -eo pipefail; {{ gitea_full_executable_path }} -v | cut -d' ' -f 3"
args:
executable: /bin/bash
register: gitea_active_version
changed_when: false
failed_when: false
- name: "Determine 'latest' version release"
when: gitea_version == "latest"
block:
- name: "Get latest forgejo release metadata"
ansible.builtin.uri:
url: 'https://codeberg.org/api/v1/repos/forgejo/forgejo/releases?limit=1'
return_content: true
register: gitea_forgejo_remote_metadata
when: not ansible_check_mode
- name: "Fail if running in check mode without versions set."
ansible.builtin.fail:
msg: |
"You are running this playbook in check mode:
Please set the Gitea version with the variable 'gitea_version', because the URI module cannot detect the latest version in this mode."
when: ansible_check_mode and (gitea_version == 'latest' or gitea_version == 'present')
- name: "Set fact latest forgejo release"
ansible.builtin.set_fact:
gitea_remote_version: "{{ gitea_forgejo_remote_metadata.json.0.tag_name[1:] }}"
when: not ansible_check_mode
- name: "Set forgejo version target (latest)"
ansible.builtin.set_fact:
gitea_version_target: "{{ gitea_remote_version }}"
when: not ansible_check_mode
- name: "Set gitea version target {{ gitea_version }}"
ansible.builtin.set_fact:
gitea_version_target: "{{ gitea_version }}"
when: gitea_version != "latest"
- name: "Get specific forgejo release metadata"
ansible.builtin.uri:
url: 'https://codeberg.org/api/v1/repos/forgejo/forgejo/releases/tags/v{{ gitea_version_target }}'
return_content: true
register: gitea_forgejo_remote_tags_metadata
when: not ansible_check_mode
- name: "Generate forgejo download url"
ansible.builtin.set_fact:
gitea_forgejo_dl_url: "{{ gitea_forgejo_remote_tags_metadata.json | community.general.json_query(gitea_forgejo_query_download) }}"
when: not ansible_check_mode
- name: "Generate forgejo download checksum url"
ansible.builtin.set_fact:
gitea_forgejo_checksum_url: "{{ gitea_forgejo_remote_tags_metadata.json | community.general.json_query(gitea_forgejo_query_checksum) }}"
when: not ansible_check_mode
- name: Get forgejo checksum
ansible.builtin.uri:
url: "{{ gitea_forgejo_checksum_url | first }}"
return_content: true
register: _gitea_forgejo_dl_checksum
when: not ansible_check_mode
- name: Set forjeo checksum
ansible.builtin.set_fact:
gitea_forgejo_checksum: "{{ _gitea_forgejo_dl_checksum.content.split(' ')[0] }}"
when: not ansible_check_mode
- name: "Generate forgejo download signed url"
ansible.builtin.set_fact:
gitea_forgejo_signed_url: "{{ gitea_forgejo_remote_tags_metadata.json | community.general.json_query(gitea_forgejo_query_signed) }}"
when: not ansible_check_mode
- name: "Set a example forgejo download link if in check mode"
ansible.builtin.set_fact:
gitea_forgejo_dl_url: ['https://codeberg.org/attachments/a00333ad-250a-4d30-a764-9a37fb24f419']
when: ansible_check_mode
- name: "Set a example forgejo checksum link if in check mode"
ansible.builtin.set_fact:
gitea_forgejo_checksum: 'f8c71464d1b250bf022eaa3df270c810950904ceb71da5cefc7ec24a034a4c87'
when: ansible_check_mode
- name: "Set a example forgejo checksum link if in check mode"
ansible.builtin.set_fact:
gitea_forgejo_signed_url: ['https://codeberg.org/attachments/ae5e50c6-e86e-4202-b95f-f142e8138e2f']
when: ansible_check_mode
- name: Show Download URLs
ansible.builtin.debug:
msg: "{{ item }}"
verbosity: 1
with_items:
- "gitea_forgejo_dl_url: {{ gitea_forgejo_dl_url | first }}"
- "gitea_forgejo_checksum: {{ gitea_forgejo_checksum }}"
- "gitea_forgejo_signed_url: {{ gitea_forgejo_signed_url | first }}"

2
tasks/set_version.yml → tasks/set_gitea_version.yml
View file

@ -1,6 +1,6 @@
---
- name: "Check gitea installed version"
ansible.builtin.shell: "set -eo pipefail; {{ gitea_executable_path }} -v | cut -d' ' -f 3"
ansible.builtin.shell: "set -eo pipefail; {{ gitea_full_executable_path }} -v | cut -d' ' -f 3"
args:
executable: /bin/bash
register: gitea_active_version

4
templates/gitea.service.j2
View file

@ -1,11 +1,11 @@
[Unit]
Description=Gitea git server
Description={{ gitea_fork }} git server
After=network.target
[Service]
User={{ gitea_user }}
Group={{ gitea_group }}
ExecStart={{ gitea_executable_path }} web -c {{ gitea_configuraion_path }}/gitea.ini --custom-path {{ gitea_custom }}/
ExecStart={{ gitea_full_executable_path }} web -c {{ gitea_configuraion_path }}/gitea.ini --custom-path {{ gitea_custom }}/
Restart=on-failure
WorkingDirectory={{ gitea_home }}
{% if gitea_systemd_cap_net_bind_service %}

7
vars/fork_forgejo.yml Normal file
View file

@ -0,0 +1,7 @@
---
# set filenames for forgejo
gitea_full_executable_path: "{{ gitea_forgejo_executable_path }}"
gitea_filename: "forgejo-{{ gitea_version_target }}-linux-{{ gitea_arch }}"
gitea_forgejo_query_download: "assets[?name==`{{ gitea_filename }}`].browser_download_url"
gitea_forgejo_query_checksum: "assets[?name==`{{ gitea_filename }}.sha256`].browser_download_url"
gitea_forgejo_query_signed: "assets[?name==`{{ gitea_filename }}.asc`].browser_download_url"

4
vars/fork_gitea.yml Normal file
View file

@ -0,0 +1,4 @@
---
# set filenames for gitea
gitea_full_executable_path: "{{ gitea_executable_path }}"
gitea_filename: "gitea-{{ gitea_version_target }}.linux-{{ gitea_arch }}"

10
vars/main.yml
View file

@ -8,7 +8,13 @@ gitea_go_arch_map:
armv5l: 'arm-5'
gitea_arch: "{{ gitea_go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
gitea_filename: "gitea-{{ gitea_version_target }}.linux-{{ gitea_arch }}"
gitea_supported_forks: 'gitea and forgejo'
gitea_fork_variables:
files:
- "fork_{{ gitea_fork | lower }}.yml"
paths:
- 'vars'
gitea_variables:
files:
@ -56,5 +62,5 @@ transfer_custom_footer:
- 'files/gitea_footer/extra_links_footer.tmpl'
- 'files/extra_links_footer.tmpl'
playbook_version_number: 41 # should be int
playbook_version_number: 42 # should be int
playbook_version_path: 'do1jlr.gitea.version'