Gitea: Hello world.

2022-10-07 13:10:55 +02:00 · 2022-10-07 13:10:55 +02:00 · 7daf25ac4c
parent af99d563ed
commit 7daf25ac4c
1 changed files with 291 additions and 0 deletions
--- a/gitea.yml
+++ b/gitea.yml
@ -1,6 +1,297 @@
 ---

 - hosts: gitea
+  vars:
+    gitea_version: "1.17.2"
+    gitea_internal_token: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          65396439373538656633396363313333663233343661643739633135306131613434353335353634
+          6430393533646166323531623939666330393538383334370a346632646666636239366431643763
+          37626331666364646665353639613532353362313531316561646462303261383064396635363962
+          3039646438316264350a653537626634643431343764653034643662393531626532653337636439
+          31663832663039356437656531666564653366383839656438353262393662393636303536663938
+          32623837346462613738663165356464656635326565616637653363376334353035316264303662
+          39346334353266613234363664643030303565313065313334333833383337623637366132663435
+          61386535353635386339383731323464323135366362613734393833386632393166393261373433
+          61363664376330343465656431316163396533326634643636326537383032323636
  tasks:
    - name: Basic setup
      include_role: name=common
+
+    - name: Create git group
+      group:
+        name: git
+        state: present
+
+    - name: Create git-static group
+      group:
+        name: git-static
+        state: present
+
+    - name: Gitea user
+      user:
+        system: true
+        password: '!'
+        home: /home/git
+        shell: /bin/bash
+        comment: "Git Version Control"
+        group: git
+        name: git
+
+    - name: Gitea static user  # To compile and own static content
+      user:
+        system: true
+        password: '!'
+        comment: "To compile and own static gitea content."
+        group: git-static
+        name: git-static
+
+    - name: Download gitea
+      get_url:
+        dest: /usr/local/bin/gitea
+        url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64"
+        mode: 0755
+        owner: root
+        group: root
+      register: download_gitea
+
+    - name: Install dependencies
+      package:
+        name:
+          - git
+          - postgresql
+          - python3-psycopg2  # For Ansible
+          # - rsync  # for static file generation
+          # - nodejs # for static file generation
+          # - npm    # for static file generation
+          # - make   # for static file generation
+          - nginx
+        state: present
+
+    - name: Ensure locale en_US.UTF-8 exists
+      locale_gen:
+        name: en_US.UTF-8
+        state: present
+
+    - name: Create psql git user
+      become: true
+      become_user: postgres
+      postgresql_user:
+        user: git
+
+    - name: Create psql gitea DB
+      become: true
+      become_user: postgres
+      postgresql_db:
+        name: gitea
+        owner: git
+        encoding: UTF-8
+        lc_collate: en_US.UTF-8
+        lc_ctype: en_US.UTF-8
+        template: template0
+
+    - name: Create gitea hierarchy
+      file:
+        state: directory
+        mode: 0750
+        owner: git
+        group: git
+        path: "{{ item }}"
+      loop:
+        - /var/lib/gitea/custom
+        - /var/lib/gitea/data
+        - /var/lib/gitea/log
+
+    - name: Create gitea config hierarchy
+      file:
+        state: directory
+        mode: 0750
+        owner: root
+        group: git
+        path: /etc/gitea
+
+    - name: Setup app.ini
+      copy:
+        path: /etc/gitea/app.ini
+        mode: 0640
+        owner: root
+        group: git
+        content: |
+          APP_NAME = Gitea: Git with a cup of tea
+          RUN_USER = git
+          RUN_MODE = prod
+
+          [database]
+          DB_TYPE  = postgres
+          HOST     = /run/postgresql/
+          NAME     = gitea
+          USER     =
+          PASSWD   =
+          SCHEMA   =
+          SSL_MODE = disable
+          CHARSET  = utf8
+          PATH     = /var/lib/gitea/data/gitea.db
+          LOG_SQL  = false
+
+          [repository]
+          ROOT = /var/lib/gitea/data/gitea-repositories
+
+          [server]
+          SSH_DOMAIN       = git.afpy.org
+          DOMAIN           = git.afpy.org
+          HTTP_PORT        = 3000
+          ROOT_URL         = https://git.afpy.org/
+          DISABLE_SSH      = false
+          SSH_PORT         = 22
+          LFS_START_SERVER = false
+          OFFLINE_MODE     = false
+
+          [lfs]
+          PATH = /var/lib/gitea/data/lfs
+
+          [mailer]
+          ENABLED = false
+
+          [service]
+          REGISTER_EMAIL_CONFIRM            = false
+          ENABLE_NOTIFY_MAIL                = false
+          DISABLE_REGISTRATION              = true
+          ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+          ENABLE_CAPTCHA                    = false
+          REQUIRE_SIGNIN_VIEW               = false
+          DEFAULT_KEEP_EMAIL_PRIVATE        = false
+          DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+          DEFAULT_ENABLE_TIMETRACKING       = true
+          NO_REPLY_ADDRESS                  = noreply.localhost
+
+          [picture]
+          DISABLE_GRAVATAR        = false
+          ENABLE_FEDERATED_AVATAR = true
+
+          [openid]
+          ENABLE_OPENID_SIGNIN = true
+          ENABLE_OPENID_SIGNUP = true
+
+          [session]
+          PROVIDER = file
+
+          [log]
+          MODE      = console
+          LEVEL     = info
+          ROOT_PATH = /var/lib/gitea/log
+          ROUTER    = console
+
+          [repository.pull-request]
+          DEFAULT_MERGE_STYLE = merge
+
+          [repository.signing]
+          DEFAULT_TRUST_MODEL = committer
+
+          [security]
+          INSTALL_LOCK       = true
+          INTERNAL_TOKEN     = {{ gitea_internal_token }}
+          PASSWORD_HASH_ALGO = pbkdf2
+
+
+    # Public asset generation (to allow nginx to serve them) needs nodejs>14.
+
+    # - name: Create gitea static hierarchy
+    #   file:
+    #     state: directory
+    #     mode: 0755
+    #     owner: git-static
+    #     group: git-static
+    #     path: "{{ item }}"
+    #   loop:
+    #     - /var/lib/gitea-static/source
+    #     - /var/lib/gitea-static/public
+    #
+    # - name: Download gitea tarball  # For the static content
+    #   unarchive:
+    #     src: "https://github.com/go-gitea/gitea/archive/refs/tags/v{{ gitea_version }}.tar.gz"
+    #     dest: /var/lib/gitea-static/source/
+    #     remote_src: true
+    #     owner: git-static
+    #     group: git-static
+    #   register: download_gitea_tarball
+    #
+    # - name: Compile static assets
+    #   command: make frontend
+    #   args:
+    #     chdir: "/var/lib/gitea-static/source/gitea-{{ gitea_version }}"
+    #   become: true
+    #   become_user: git-static
+    #   when: download_gitea_tarball is changed
+    #
+    # - name: Copy public assets
+    #   synchronize:
+    #     src: "/var/lib/gitea-static/source/gitea-{{ gitea_version }}/public/"
+    #     dest: "/var/lib/gitea-static/public/"
+
+    - name: Setup gitea systemd service
+      copy:
+        dest: /etc/systemd/system/gitea.service
+        owner: root
+        group: root
+        mode: 0644
+        content: |
+          [Unit]
+          Description=Gitea (Git with a cup of tea)
+          After=syslog.target
+          After=network.target
+          Wants=postgresql.service
+          After=postgresql.service
+
+          [Service]
+          RestartSec=2s
+          Type=simple
+          User=git
+          Group=git
+          WorkingDirectory=/var/lib/gitea/
+          ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
+          Restart=always
+          Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
+
+          [Install]
+          WantedBy=multi-user.target
+
+    - name: Setup nginx
+      include_role: name=nginx
+      vars:
+        nginx_domain: git.afpy.org
+        nginx_certificates: ['git.afpy.org']
+        nginx_conf: |
+          server
+          {
+              listen [::]:80; listen 80;
+              server_name git.afpy.org;
+              access_log /var/log/nginx/git.afpy.org-access.log;
+              error_log /var/log/nginx/git.afpy.org-error.log;
+              return 301 https://git.afpy.org$request_uri;
+          }
+
+          server
+          {
+              listen [::]:443 ssl; listen 443 ssl;
+              server_name git.afpy.org;
+              access_log /var/log/nginx/git.afpy.org-access.log;
+              error_log /var/log/nginx/git.afpy.org-error.log;
+              include snippets/letsencrypt-git.afpy.org.conf;
+              client_max_body_size 16M;
+
+              # location /_/static/assets/ {
+              #     alias /var/lib/gitea-static/public/;
+              # }
+
+              location / {
+                  proxy_pass http://localhost:3000;
+                  proxy_set_header Host $host;
+                  proxy_set_header X-Real-IP $remote_addr;
+                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                  proxy_set_header X-Forwarded-Proto $scheme;
+              }
+
+          }
+
+    - name: Start gitea
+      service: name=gitea enabled=yes state=started daemon_reload=yes