gitea: Split to a role.

gitea.yml

@@ -19,298 +19,5 @@
     - name: Basic setup
       include_role: name=common
 
-    - name: Create git group
-      group:
-        name: git
-        state: present
-
-    - name: Create git-static group
-      group:
-        name: git-static
-        state: present
-
-    - name: Gitea user
-      user:
-        system: true
-        password: '!'
-        home: /home/git
-        shell: /bin/bash
-        comment: "Git Version Control"
-        group: git
-        name: git
-
-    - name: Gitea static user  # To compile and own static content
-      user:
-        system: true
-        password: '!'
-        comment: "To compile and own static gitea content."
-        group: git-static
-        name: git-static
-
-    - name: Download gitea
-      get_url:
-        dest: /usr/local/bin/gitea
-        url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64"
-        mode: 0755
-        owner: root
-        group: root
-      register: download_gitea
-
-    - name: Install dependencies
-      package:
-        name:
-          - git
-          - postgresql
-          - python3-psycopg2  # For Ansible
-          # - rsync  # for static file generation
-          # - nodejs # for static file generation
-          # - npm    # for static file generation
-          # - make   # for static file generation
-          - nginx
-        state: present
-
-    - name: Ensure locale en_US.UTF-8 exists
-      locale_gen:
-        name: en_US.UTF-8
-        state: present
-
-    - name: Create psql git user
-      become: true
-      become_user: postgres
-      postgresql_user:
-        user: git
-
-    - name: Create psql gitea DB
-      become: true
-      become_user: postgres
-      postgresql_db:
-        name: gitea
-        owner: git
-        encoding: UTF-8
-        lc_collate: en_US.UTF-8
-        lc_ctype: en_US.UTF-8
-        template: template0
-
-    - name: Create gitea hierarchy
-      file:
-        state: directory
-        mode: 0750
-        owner: git
-        group: git
-        path: "{{ item }}"
-      loop:
-        - /var/lib/gitea/custom
-        - /var/lib/gitea/data
-        - /var/lib/gitea/log
-
-    - name: Create gitea config hierarchy
-      file:
-        state: directory
-        mode: 0750
-        owner: root
-        group: git
-        path: /etc/gitea
-
-    - name: Setup nginx
-      include_role: name=nginx
-      vars:
-        nginx_domain: git.afpy.org
-        nginx_certificates: ['git.afpy.org']
-        nginx_conf: |
-          server
-          {
-              listen [::]:80; listen 80;
-              server_name git.afpy.org;
-              access_log /var/log/nginx/git.afpy.org-access.log;
-              error_log /var/log/nginx/git.afpy.org-error.log;
-              return 301 https://git.afpy.org$request_uri;
-          }
-
-          server
-          {
-              listen [::]:443 ssl; listen 443 ssl;
-              server_name git.afpy.org;
-              access_log /var/log/nginx/git.afpy.org-access.log;
-              error_log /var/log/nginx/git.afpy.org-error.log;
-              include snippets/letsencrypt-git.afpy.org.conf;
-              client_max_body_size 16M;
-
-              # location /_/static/assets/ {
-              #     alias /var/lib/gitea-static/public/;
-              # }
-
-              location / {
-                  proxy_pass http://localhost:3000;
-                  proxy_set_header Host $host;
-                  proxy_set_header X-Real-IP $remote_addr;
-                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-                  proxy_set_header X-Forwarded-Proto $scheme;
-              }
-
-          }
-
-    - name: Setup app.ini
-      notify: restart gitea
-      copy:
-        dest: /etc/gitea/app.ini
-        mode: 0640
-        owner: root
-        group: git
-        content: |
-          APP_NAME = Le Gitea de l'AFPy
-          RUN_USER = git
-          RUN_MODE = prod
-
-          [database]
-          DB_TYPE  = postgres
-          HOST     = /run/postgresql/
-          NAME     = gitea
-          USER     =
-          PASSWD   =
-          SCHEMA   =
-          SSL_MODE = disable
-          CHARSET  = utf8
-          PATH     = /var/lib/gitea/data/gitea.db
-          LOG_SQL  = false
-
-          [repository]
-          ROOT = /var/lib/gitea/data/gitea-repositories
-          DEFAULT_PRIVATE = public
-
-          [server]
-          SSH_DOMAIN       = git.afpy.org
-          DOMAIN           = git.afpy.org
-          HTTP_PORT        = 3000
-          ROOT_URL         = https://git.afpy.org/
-          OFFLINE_MODE     = true
-          DISABLE_SSH      = false
-          SSH_PORT         = 22
-          LFS_START_SERVER = false
-          OFFLINE_MODE     = false
-
-          [mailer]
-          ENABLED       = true
-          FROM          = gitea@mydomain.com
-          MAILER_TYPE   = sendmail
-          SENDMAIL_PATH = /usr/sbin/sendmail
-          SENDMAIL_ARGS = "--"
-
-          [service]
-          REGISTER_EMAIL_CONFIRM            = true
-          ENABLE_NOTIFY_MAIL                = false
-          DISABLE_REGISTRATION              = true
-          ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
-          ENABLE_CAPTCHA                    = true
-          REQUIRE_SIGNIN_VIEW               = false
-          DEFAULT_KEEP_EMAIL_PRIVATE        = false
-          DEFAULT_ALLOW_CREATE_ORGANIZATION = true
-          DEFAULT_ENABLE_TIMETRACKING       = true
-          NO_REPLY_ADDRESS                  = noreply.localhost
-
-          [picture]
-          DISABLE_GRAVATAR        = true
-          ENABLE_FEDERATED_AVATAR = true
-
-          [openid]
-          ENABLE_OPENID_SIGNIN = true
-          ENABLE_OPENID_SIGNUP = true
-
-          [session]
-          PROVIDER = db
-          COOKIE_SECURE = true
-
-          [log]
-          MODE      = console
-          LEVEL     = info
-          ROOT_PATH = /var/lib/gitea/log
-          ROUTER    = console
-
-          # [i18n]
-          # see https://github.com/go-gitea/gitea/issues/21199
-          # LANGS     = fr_FR,en_US
-          # NAMES     = Français,English
-
-          [packages]
-          ENABLED = false
-
-          [repository.pull-request]
-          DEFAULT_MERGE_STYLE = merge
-
-          [repository.signing]
-          DEFAULT_TRUST_MODEL = committer
-
-          [security]
-          INSTALL_LOCK       = true
-          INTERNAL_TOKEN     = {{ gitea_internal_token }}
-          PASSWORD_HASH_ALGO = pbkdf2
-          LOGIN_REMEMBER_DAYS = 90
-
-
-    # Public asset generation (to allow nginx to serve them) needs nodejs>14.
-
-    # - name: Create gitea static hierarchy
-    #   file:
-    #     state: directory
-    #     mode: 0755
-    #     owner: git-static
-    #     group: git-static
-    #     path: "{{ item }}"
-    #   loop:
-    #     - /var/lib/gitea-static/source
-    #     - /var/lib/gitea-static/public
-    #
-    # - name: Download gitea tarball  # For the static content
-    #   unarchive:
-    #     src: "https://github.com/go-gitea/gitea/archive/refs/tags/v{{ gitea_version }}.tar.gz"
-    #     dest: /var/lib/gitea-static/source/
-    #     remote_src: true
-    #     owner: git-static
-    #     group: git-static
-    #   register: download_gitea_tarball
-    #
-    # - name: Compile static assets
-    #   command: make frontend
-    #   args:
-    #     chdir: "/var/lib/gitea-static/source/gitea-{{ gitea_version }}"
-    #   become: true
-    #   become_user: git-static
-    #   when: download_gitea_tarball is changed
-    #
-    # - name: Copy public assets
-    #   synchronize:
-    #     src: "/var/lib/gitea-static/source/gitea-{{ gitea_version }}/public/"
-    #     dest: "/var/lib/gitea-static/public/"
-
-    - name: Setup gitea systemd service
-      copy:
-        dest: /etc/systemd/system/gitea.service
-        owner: root
-        group: root
-        mode: 0644
-        content: |
-          [Unit]
-          Description=Gitea (Git with a cup of tea)
-          After=syslog.target
-          After=network.target
-          Wants=postgresql.service
-          After=postgresql.service
-
-          [Service]
-          RestartSec=2s
-          Type=simple
-          User=git
-          Group=git
-          WorkingDirectory=/var/lib/gitea/
-          ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
-          Restart=always
-          Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
-
-          [Install]
-          WantedBy=multi-user.target
-
-    - name: Start gitea
-      service: name=gitea enabled=yes state=started daemon_reload=yes
-
-  handlers:
-    - name: restart gitea
-      service: name=gitea state=restarted
+    - name: Setup gitea
+      include_role: name=gitea

roles/gitea/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+
+- name: restart gitea
+  service: name=gitea state=restarted

roles/gitea/tasks/main.yml

@@ -0,0 +1,186 @@
+---
+
+- name: Create git group
+  group:
+    name: git
+    state: present
+
+- name: Create git-static group
+  group:
+    name: git-static
+    state: present
+
+- name: Gitea user
+  user:
+    system: true
+    password: '!'
+    home: /home/git
+    shell: /bin/bash
+    comment: "Git Version Control"
+    group: git
+    name: git
+
+- name: Gitea static user  # To compile and own static content
+  user:
+    system: true
+    password: '!'
+    comment: "To compile and own static gitea content."
+    group: git-static
+    name: git-static
+
+- name: Download gitea
+  get_url:
+    dest: /usr/local/bin/gitea
+    url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64"
+    mode: 0755
+    owner: root
+    group: root
+  register: download_gitea
+
+- name: Install dependencies
+  package:
+    name:
+      - git
+      - postgresql
+      - python3-psycopg2  # For Ansible
+      # - rsync  # for static file generation
+      # - nodejs # for static file generation
+      # - npm    # for static file generation
+      # - make   # for static file generation
+      - nginx
+    state: present
+
+- name: Ensure locale en_US.UTF-8 exists
+  locale_gen:
+    name: en_US.UTF-8
+    state: present
+
+- name: Create psql git user
+  become: true
+  become_user: postgres
+  postgresql_user:
+    user: git
+
+- name: Create psql gitea DB
+  become: true
+  become_user: postgres
+  postgresql_db:
+    name: gitea
+    owner: git
+    encoding: UTF-8
+    lc_collate: en_US.UTF-8
+    lc_ctype: en_US.UTF-8
+    template: template0
+
+- name: Create gitea hierarchy
+  file:
+    state: directory
+    mode: 0750
+    owner: git
+    group: git
+    path: "{{ item }}"
+  loop:
+    - /var/lib/gitea/custom
+    - /var/lib/gitea/data
+    - /var/lib/gitea/log
+
+- name: Create gitea config hierarchy
+  file:
+    state: directory
+    mode: 0750
+    owner: root
+    group: git
+    path: /etc/gitea
+
+- name: Setup nginx
+  include_role: name=nginx
+  vars:
+    nginx_domain: git.afpy.org
+    nginx_certificates: ['git.afpy.org']
+    nginx_conf: |
+      server
+      {
+          listen [::]:80; listen 80;
+          server_name git.afpy.org;
+          access_log /var/log/nginx/git.afpy.org-access.log;
+          error_log /var/log/nginx/git.afpy.org-error.log;
+          return 301 https://git.afpy.org$request_uri;
+      }
+
+      server
+      {
+          listen [::]:443 ssl; listen 443 ssl;
+          server_name git.afpy.org;
+          access_log /var/log/nginx/git.afpy.org-access.log;
+          error_log /var/log/nginx/git.afpy.org-error.log;
+          include snippets/letsencrypt-git.afpy.org.conf;
+          client_max_body_size 16M;
+
+          # location /_/static/assets/ {
+          #     alias /var/lib/gitea-static/public/;
+          # }
+
+          location / {
+              proxy_pass http://localhost:3000;
+              proxy_set_header Host $host;
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+              proxy_set_header X-Forwarded-Proto $scheme;
+          }
+
+      }
+
+- name: Setup app.ini
+  notify: restart gitea
+  template:
+    src: app.ini.j2
+    dest: /etc/gitea/app.ini
+    mode: 0640
+    owner: root
+    group: git
+
+- name: Setup gitea systemd service
+  template:
+    src: gitea.service.j2
+    dest: /etc/systemd/system/gitea.service
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Start gitea
+  service: name=gitea enabled=yes state=started daemon_reload=yes
+
+# Public asset generation (to allow nginx to serve them) needs nodejs>14.
+
+# - name: Create gitea static hierarchy
+#   file:
+#     state: directory
+#     mode: 0755
+#     owner: git-static
+#     group: git-static
+#     path: "{{ item }}"
+#   loop:
+#     - /var/lib/gitea-static/source
+#     - /var/lib/gitea-static/public
+#
+# - name: Download gitea tarball  # For the static content
+#   unarchive:
+#     src: "https://github.com/go-gitea/gitea/archive/refs/tags/v{{ gitea_version }}.tar.gz"
+#     dest: /var/lib/gitea-static/source/
+#     remote_src: true
+#     owner: git-static
+#     group: git-static
+#   register: download_gitea_tarball
+#
+# - name: Compile static assets
+#   command: make frontend
+#   args:
+#     chdir: "/var/lib/gitea-static/source/gitea-{{ gitea_version }}"
+#   become: true
+#   become_user: git-static
+#   when: download_gitea_tarball is changed
+#
+# - name: Copy public assets
+#   synchronize:
+#     src: "/var/lib/gitea-static/source/gitea-{{ gitea_version }}/public/"
+#     dest: "/var/lib/gitea-static/public/"

roles/gitea/templates/app.ini.j2

@@ -0,0 +1,87 @@
+APP_NAME = Le Gitea de l'AFPy
+RUN_USER = git
+RUN_MODE = prod
+
+[database]
+DB_TYPE  = postgres
+HOST     = /run/postgresql/
+NAME     = gitea
+USER     =
+PASSWD   =
+SCHEMA   =
+SSL_MODE = disable
+CHARSET  = utf8
+PATH     = /var/lib/gitea/data/gitea.db
+LOG_SQL  = false
+
+[repository]
+ROOT = /var/lib/gitea/data/gitea-repositories
+DEFAULT_PRIVATE = public
+
+[server]
+SSH_DOMAIN       = git.afpy.org
+DOMAIN           = git.afpy.org
+HTTP_PORT        = 3000
+ROOT_URL         = https://git.afpy.org/
+OFFLINE_MODE     = true
+DISABLE_SSH      = false
+SSH_PORT         = 22
+LFS_START_SERVER = false
+OFFLINE_MODE     = false
+
+[mailer]
+ENABLED       = true
+FROM          = gitea@mydomain.com
+MAILER_TYPE   = sendmail
+SENDMAIL_PATH = /usr/sbin/sendmail
+SENDMAIL_ARGS = "--"
+
+[service]
+REGISTER_EMAIL_CONFIRM            = true
+ENABLE_NOTIFY_MAIL                = false
+DISABLE_REGISTRATION              = true
+ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+ENABLE_CAPTCHA                    = true
+REQUIRE_SIGNIN_VIEW               = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING       = true
+NO_REPLY_ADDRESS                  = noreply.localhost
+
+[picture]
+DISABLE_GRAVATAR        = true
+ENABLE_FEDERATED_AVATAR = true
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+
+[session]
+PROVIDER = db
+COOKIE_SECURE = true
+
+[log]
+MODE      = console
+LEVEL     = info
+ROOT_PATH = /var/lib/gitea/log
+ROUTER    = console
+
+# [i18n]
+# see https://github.com/go-gitea/gitea/issues/21199
+# LANGS     = fr_FR,en_US
+# NAMES     = Français,English
+
+[packages]
+ENABLED = false
+
+[repository.pull-request]
+DEFAULT_MERGE_STYLE = merge
+
+[repository.signing]
+DEFAULT_TRUST_MODEL = committer
+
+[security]
+INSTALL_LOCK       = true
+INTERNAL_TOKEN     = {{ gitea_internal_token }}
+PASSWORD_HASH_ALGO = pbkdf2
+LOGIN_REMEMBER_DAYS = 90

roles/gitea/templates/gitea.service.j2

@@ -0,0 +1,19 @@
+[Unit]
+Description=Gitea (Git with a cup of tea)
+After=syslog.target
+After=network.target
+Wants=postgresql.service
+After=postgresql.service
+
+[Service]
+RestartSec=2s
+Type=simple
+User=git
+Group=git
+WorkingDirectory=/var/lib/gitea/
+ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
+Restart=always
+Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
+
+[Install]
+WantedBy=multi-user.target