diff --git a/handlers/main.yml b/handlers/main.yml index d687965..ebc1716 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -12,7 +12,7 @@ daemon_reload: true when: ansible_service_mgr == "systemd" -- name: "systemctl restart fail2ban" +- name: "Systemctl restart fail2ban" become: true ansible.builtin.systemd: name: fail2ban diff --git a/tasks/backup.yml b/tasks/backup.yml index 9d6f6e8..4c04e86 100644 --- a/tasks/backup.yml +++ b/tasks/backup.yml @@ -3,6 +3,10 @@ ansible.builtin.service_facts: - name: Backup block + when: + - ansible_facts.services["gitea.service"] is defined + - ansible_facts.services["gitea.service"].state == "running" + - gitea_active_version.stdout != gitea_version_target block: - name: Stopping gitea before upgrade become: true @@ -36,10 +40,6 @@ state: stopped when: ansible_service_mgr == "systemd" - - name: print updateing error + - name: Print updateing error ansible.builtin.debug: msg: "failed to backup gitea" - when: - - ansible_facts.services["gitea.service"] is defined - - ansible_facts.services["gitea.service"].state == "running" - - gitea_active_version.stdout != gitea_version_target diff --git a/tasks/customize_footer.yml b/tasks/customize_footer.yml index 598542d..f7f8931 100644 --- a/tasks/customize_footer.yml +++ b/tasks/customize_footer.yml @@ -1,5 +1,5 @@ --- -- name: create directory for custom footer +- name: Create directory for custom footer become: true ansible.builtin.file: path: "{{ item }}" @@ -11,7 +11,7 @@ - "{{ gitea_custom }}/templates" - "{{ gitea_custom }}/templates/custom" -- name: transfer custom footer template +- name: Transfer custom footer template become: true ansible.builtin.copy: src: "{{ lookup('first_found', transfer_custom_footer) }}" diff --git a/tasks/customize_logo.yml b/tasks/customize_logo.yml index b36448b..4d4d609 100644 --- a/tasks/customize_logo.yml +++ b/tasks/customize_logo.yml @@ -1,5 +1,5 @@ --- -- name: create directory for custom logos +- name: Create directory for custom logos become: true ansible.builtin.file: path: "{{ item }}" @@ -11,7 +11,7 @@ - "{{ gitea_custom }}/public" - "{{ gitea_custom }}/public/img" -- name: transfer custom logo.svg +- name: Transfer custom logo.svg become: true ansible.builtin.copy: src: "{{ lookup('first_found', transfer_custom_logo_logosvg) }}" @@ -22,7 +22,7 @@ tags: skip_ansible_lint ignore_errors: true -- name: transfer custom logo.png +- name: Transfer custom logo.png become: true ansible.builtin.copy: src: "{{ lookup('first_found', transfer_custom_logo_logopng) }}" @@ -33,7 +33,7 @@ tags: skip_ansible_lint ignore_errors: true -- name: transfer custom favicon.png +- name: Transfer custom favicon.png become: true ansible.builtin.copy: src: "{{ lookup('first_found', transfer_custom_logo_faviconpng) }}" @@ -44,7 +44,7 @@ tags: skip_ansible_lint ignore_errors: true -- name: transfer custom apple-touch-icon.png +- name: Transfer custom apple-touch-icon.png become: true ansible.builtin.copy: src: "{{ lookup('first_found', transfer_custom_logo_appletouchiconpng) }}" diff --git a/tasks/customize_public_files.yml b/tasks/customize_public_files.yml index dffda42..9c14c9a 100644 --- a/tasks/customize_public_files.yml +++ b/tasks/customize_public_files.yml @@ -1,5 +1,5 @@ --- -- name: create public directory for custom public web files +- name: Create public directory for custom public web files become: true ansible.builtin.file: path: "{{ item }}" @@ -10,7 +10,7 @@ with_items: - "{{ gitea_custom }}/public" -- name: transfer custom public web data +- name: Transfer custom public web data become: true ansible.builtin.copy: src: "{{ gitea_customize_files_path }}" diff --git a/tasks/fail2ban.yml b/tasks/fail2ban.yml index 5322539..aa41bde 100644 --- a/tasks/fail2ban.yml +++ b/tasks/fail2ban.yml @@ -7,7 +7,7 @@ owner: root group: root mode: 0444 - notify: systemctl restart fail2ban + notify: "Systemctl restart fail2ban" when: "'fail2ban' in ansible_facts.packages" - name: Install fail2ban jail @@ -18,12 +18,12 @@ owner: root group: root mode: 0444 - notify: systemctl restart fail2ban + notify: "Systemctl restart fail2ban" when: "'fail2ban' in ansible_facts.packages" -- name: warn if fail2ban is not installed +- name: Warn if fail2ban is not installed ansible.builtin.fail: msg: "the package fail2ban is not installed. no fail2ban filters deployed." when: "'fail2ban' not in ansible_facts.packages" - tags: skip_ansible_lint ignore_errors: true + tags: skip_ansible_lint_ignore-errors diff --git a/tasks/gitea_secrets.yml b/tasks/gitea_secrets.yml index f2ae535..b599d82 100644 --- a/tasks/gitea_secrets.yml +++ b/tasks/gitea_secrets.yml @@ -1,38 +1,38 @@ --- -- name: generate gitea SECRET_KEY if not provided +- name: Generate gitea SECRET_KEY if not provided become: true ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret SECRET_KEY > {{ gitea_configuraion_path }}/gitea_secret_key' args: creates: '{{ gitea_configuraion_path }}/gitea_secret_key' when: gitea_secret_key | string | length == 0 -- name: read gitea SECRET_KEY from file +- name: Read gitea SECRET_KEY from file become: true ansible.builtin.slurp: src: '{{ gitea_configuraion_path }}/gitea_secret_key' register: remote_secret_key when: gitea_secret_key | string | length == 0 -- name: set fact gitea_secret_key +- name: Set fact gitea_secret_key ansible.builtin.set_fact: gitea_secret_key: "{{ remote_secret_key['content'] | b64decode }}" - when: gitea_secret_key | string | length == 0 + when: gitea_secret_key | string | length == 0 -- name: generate gitea INTERNAL_TOKEN if not provided +- name: Generate gitea INTERNAL_TOKEN if not provided become: true ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret INTERNAL_TOKEN > {{ gitea_configuraion_path }}/gitea_internal_token' args: creates: '{{ gitea_configuraion_path }}/gitea_internal_token' when: gitea_internal_token | string | length == 0 -- name: read gitea INTERNAL_TOKEN from file +- name: Read gitea INTERNAL_TOKEN from file become: true ansible.builtin.slurp: src: '{{ gitea_configuraion_path }}/gitea_internal_token' register: remote_internal_token when: gitea_internal_token | string | length == 0 -- name: set fact gitea_internal_token +- name: Set fact gitea_internal_token ansible.builtin.set_fact: gitea_internal_token: "{{ remote_internal_token['content'] | b64decode }}" when: gitea_internal_token | string | length == 0 diff --git a/tasks/install.yml b/tasks/install.yml index 9c7cc96..58505aa 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -22,6 +22,7 @@ delay: 2 - name: Install block + when: (not gitea_version_check | bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version_target)) block: - name: Download gitea archive ansible.builtin.get_url: @@ -75,4 +76,3 @@ owner: root group: root notify: "Restart gitea" - when: (not gitea_version_check|bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version_target)) diff --git a/tasks/jwt_secrets.yml b/tasks/jwt_secrets.yml index 8a6eed7..d620350 100644 --- a/tasks/jwt_secrets.yml +++ b/tasks/jwt_secrets.yml @@ -1,38 +1,38 @@ --- -- name: generate OAuth2 JWT_SECRET if not provided +- name: Generate OAuth2 JWT_SECRET if not provided become: true ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_oauth_jwt_secret' args: creates: '{{ gitea_configuraion_path }}/gitea_oauth_jwt_secret' when: gitea_oauth2_jwt_secret | length == 0 -- name: read OAuth2 JWT_SECRET from file +- name: Read OAuth2 JWT_SECRET from file become: true ansible.builtin.slurp: src: '{{ gitea_configuraion_path }}/gitea_oauth_jwt_secret' register: oauth_jwt_secret when: gitea_oauth2_jwt_secret | length == 0 -- name: set fact gitea_oauth2_jwt_secret +- name: Set fact gitea_oauth2_jwt_secret ansible.builtin.set_fact: gitea_oauth2_jwt_secret: "{{ oauth_jwt_secret['content'] | b64decode }}" when: gitea_oauth2_jwt_secret | length == 0 -- name: generate LFS JWT_SECRET if not provided +- name: Generate LFS JWT_SECRET if not provided become: true ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_lfs_jwt_secret' args: creates: '{{ gitea_configuraion_path }}/gitea_lfs_jwt_secret' when: gitea_lfs_jwt_secret | length == 0 -- name: read LFS JWT_SECRET from file +- name: Read LFS JWT_SECRET from file become: true ansible.builtin.slurp: src: '{{ gitea_configuraion_path }}/gitea_lfs_jwt_secret' register: lfs_jwt_secret when: gitea_lfs_jwt_secret | length == 0 -- name: set fact gitea_lfs_jwt_secret +- name: Set fact gitea_lfs_jwt_secret ansible.builtin.set_fact: gitea_lfs_jwt_secret: "{{ lfs_jwt_secret['content'] | b64decode }}" when: gitea_lfs_jwt_secret | length == 0 diff --git a/tasks/main.yml b/tasks/main.yml index 628f617..4c43859 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: perform optional versionscheck +- name: Perform optional versionscheck ansible.builtin.include_tasks: versioncheck.yml when: submodules_versioncheck|bool @@ -13,44 +13,44 @@ - name: Gather versioning information ansible.builtin.include_tasks: set_version.yml -- name: backup gitea before update +- name: Backup gitea before update ansible.builtin.include_tasks: backup.yml when: gitea_backup_on_upgrade|bool -- name: create gitea user and role +- name: Create gitea user and role ansible.builtin.include_tasks: create_user.yml -- name: install or update gitea +- name: Install or update gitea ansible.builtin.include_tasks: install.yml - name: Create directories ansible.builtin.include_tasks: directory.yml -- name: setup gitea systemd service +- name: Setup gitea systemd service ansible.builtin.include_tasks: install_systemd.yml when: ansible_service_mgr == "systemd" -- name: generate JWT Secrets if undefined +- name: Generate JWT Secrets if undefined ansible.builtin.include_tasks: jwt_secrets.yml -- name: generate gitea secrets if undefined +- name: Generate gitea secrets if undefined ansible.builtin.include_tasks: gitea_secrets.yml -- name: configure gitea +- name: Configure gitea ansible.builtin.include_tasks: configure.yml -- name: deploy optional fail2ban rules +- name: Deploy optional fail2ban rules ansible.builtin.include_tasks: fail2ban.yml when: gitea_fail2ban_enabled|bool -- name: optionally customize gitea +- name: Optionally customize gitea ansible.builtin.include_tasks: customize_logo.yml when: gitea_customize_logo|bool -- name: optionally customize footer +- name: Optionally customize footer ansible.builtin.include_tasks: customize_footer.yml when: gitea_customize_footer|bool -- name: optionally deploy public files +- name: Optionally deploy public files ansible.builtin.include_tasks: customize_public_files.yml when: gitea_customize_files|bool diff --git a/tasks/set_version.yml b/tasks/set_version.yml index cf65a99..cd18b67 100644 --- a/tasks/set_version.yml +++ b/tasks/set_version.yml @@ -8,6 +8,7 @@ failed_when: false - name: "Determine 'latest' version release" + when: gitea_version == "latest" block: - name: "Get latest gitea release metadata" ansible.builtin.uri: @@ -21,7 +22,7 @@ msg: | "You are running this playbook in check mode: Please set the Gitea version with the variable 'gitea_version', because the URI module cannot detect the latest version in this mode." - when: ansible_check_mode and ( gitea_version == 'latest' or gitea_version == 'present' ) + when: ansible_check_mode and (gitea_version == 'latest' or gitea_version == 'present') - name: "Set fact latest gitea release" ansible.builtin.set_fact: @@ -32,9 +33,8 @@ ansible.builtin.set_fact: gitea_version_target: "{{ gitea_remote_version }}" when: not ansible_check_mode - when: gitea_version == "latest" -- name: "Set gitea version target ({{ gitea_version }})" +- name: "Set gitea version target {{ gitea_version }}" ansible.builtin.set_fact: gitea_version_target: "{{ gitea_version }}" when: gitea_version != "latest" diff --git a/tasks/versioncheck.yml b/tasks/versioncheck.yml index 9ea60f8..dd22a1a 100644 --- a/tasks/versioncheck.yml +++ b/tasks/versioncheck.yml @@ -8,37 +8,38 @@ path: '/etc/.ansible-version' state: directory mode: 0755 - when: submodules_versioncheck|bool + when: submodules_versioncheck | bool -- name: check playbook version +- name: Check playbook version become: true ansible.builtin.slurp: src: "/etc/.ansible-version/{{ playbook_version_path }}" register: playbook_version - when: submodules_versioncheck|bool + when: submodules_versioncheck | bool ignore_errors: true failed_when: false - name: Print remote role version ansible.builtin.debug: msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}" - when: submodules_versioncheck|bool + when: submodules_versioncheck | bool - name: Print locale role version ansible.builtin.debug: msg: "Local role version: '{{ playbook_version_number | string }}'." - when: submodules_versioncheck|bool + when: submodules_versioncheck | bool - name: Check if your version is outdated ansible.builtin.fail: msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!" when: - - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck|bool + - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool -- name: write new version to remote disk +- name: Write new version to remote disk become: true ansible.builtin.copy: content: "{{ playbook_version_number }}" dest: "/etc/.ansible-version/{{ playbook_version_path }}" mode: '0644' - when: submodules_versioncheck|bool + when: submodules_versioncheck | bool + tags: skip_ansible_lint_template-instead-of-copy