initial commit
This commit is contained in:
parent
e190c7d272
commit
2a106c9e07
63
README.md
63
README.md
|
@ -1,2 +1,63 @@
|
|||
# xoxys.gitea
|
||||
# sit-lnx.gitea
|
||||
Deploy a gitea (git with a cup of tea) instance.
|
||||
|
||||
## Role Variables
|
||||
```yaml
|
||||
gitea_user: "gitea_adm"
|
||||
gitea_user_home: "/home/{{ gitea_user }}"
|
||||
gitea_group: "{{ gitea_user }}"
|
||||
gitea_packages: ["git"]
|
||||
|
||||
# Create separate LVM storage for gitea
|
||||
gitea_lvm_enabled: False
|
||||
# This variables are only necessary if gitea_lvm_enabled is 'True'
|
||||
# Set physical volumes to use in LVM
|
||||
gitea_lvm_pvs: #['/dev/sdb', '/dev/sdc']
|
||||
gitea_lvm_vg: #"vg_gitea"
|
||||
gitea_lvm_lv: #"lv_gitea"
|
||||
gitea_lvm_size: #"50G"
|
||||
|
||||
gitea_base_dir: "/opt/gitea"
|
||||
gitea_bin_dir: "{{ gitea_base_dir }}/bin"
|
||||
gitea_config_dir: "{{ gitea_base_dir }}/custom/conf"
|
||||
gitea_data_dir: "{{ gitea_base_dir }}/data"
|
||||
gitea_log_dir: "{{ gitea_base_dir }}/log"
|
||||
|
||||
gitea_bind_url: localhost
|
||||
gitea_bind_port: 61000
|
||||
gitea_bind_protocol: http
|
||||
|
||||
gitea_db_type: #mysql, postgres, sqlite, mssql
|
||||
gitea_db_host: #dbserver
|
||||
gitea_db_port: #5432
|
||||
gitea_db_name: #gitea
|
||||
gitea_db_user: #gitea
|
||||
gitea_db_passwd: #password
|
||||
|
||||
# Variables containing the tls cert/private key
|
||||
gitea_tls_chained_cert: #"{{ my_vaulted_cert }}"
|
||||
gitea_tls_priv_key: #"{{ my_vaulted_key }}"
|
||||
|
||||
gitea_install_lock: true
|
||||
# This secret is publicly known and should not used in production!
|
||||
# Use host_vars/group_vars and ansible vault to deploy a strong secret
|
||||
gitea_secret: "1234567ABCDEFG"
|
||||
gitea_run_mode: prod
|
||||
gitea_landing_page: explore
|
||||
gitea_disable_registration: true
|
||||
gitea_log_level: Debug
|
||||
```
|
||||
|
||||
## Examples
|
||||
### Playbook
|
||||
```yaml
|
||||
- hosts: gitea
|
||||
|
||||
roles:
|
||||
- xoxys.nginx
|
||||
- xoxys.gitea
|
||||
|
||||
```
|
||||
|
||||
## Dependencies
|
||||
None. It is recommendet to deploy gitea with nginx as reverse proxy.
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
---
|
||||
gitea_user: "gitea_adm"
|
||||
gitea_user_home: "/home/{{ gitea_user }}"
|
||||
gitea_group: "{{ gitea_user }}"
|
||||
|
||||
gitea_packages:
|
||||
- git
|
||||
|
||||
# Create separate LVM storage for gitea
|
||||
gitea_lvm_enabled: False
|
||||
# This variables are only necessary if gitea_lvm_enabled is 'True'
|
||||
# Set physical volumes to use in LVM
|
||||
# gitea_lvm_pvs: # ['/dev/sdb', '/dev/sdc']
|
||||
# gitea_lvm_vg: # "vg_gitea"
|
||||
# gitea_lvm_lv: # "lv_gitea"
|
||||
# gitea_lvm_fstype: # ext4
|
||||
# gitea_lvm_size: # "50G"
|
||||
|
||||
gitea_base_dir: "/opt/gitea"
|
||||
gitea_bin_dir: "{{ gitea_base_dir }}/bin"
|
||||
gitea_config_dir: "{{ gitea_base_dir }}/custom/conf"
|
||||
gitea_data_dir: "{{ gitea_base_dir }}/data"
|
||||
|
||||
gitea_bind_url: localhost
|
||||
gitea_bind_port: 61000
|
||||
gitea_bind_protocol: http
|
||||
gitea_listen_url: "{{ gitea_bind_url }}"
|
||||
|
||||
gitea_install_lock: true
|
||||
gitea_secret: "1234567ABCDEFG"
|
||||
gitea_run_mode: prod
|
||||
gitea_landing_page: explore
|
||||
gitea_disable_registration: true
|
||||
|
||||
# gitea_db_type: # mysql, postgres, sqlite, mssql
|
||||
# gitea_db_host: # dbserver
|
||||
# gitea_db_port: # 5432
|
||||
# gitea_db_name: # gitea
|
||||
# gitea_db_user: # gitea
|
||||
# gitea_db_passwd: # password
|
||||
|
||||
gitea_global_log_level: Info
|
||||
gitea_global_log_dir: "{{ gitea_base_dir }}/log"
|
||||
gitea_file_log_level: "{{ gitea_global_log_level }}"
|
||||
gitea_file_log_rotate_enabled: True
|
||||
gitea_file_log_rotate_daily_enabled: True
|
||||
gitea_file_log_rotate_max_days: 7
|
||||
|
||||
gitea_repository_upload_max_filesize: 3
|
||||
gitea_repository_upload_max_files: 5
|
||||
gitea_attachment_max_filesize: 3
|
||||
gitea_attachment_max_files: 5
|
||||
|
||||
gitea_mail_service_enabled: False
|
||||
gitea_mail_service_from: <System> systemmail@example.com
|
||||
|
||||
gitea_tls_enabled: False
|
||||
gitea_tls_cert_path: "{{ gitea_base_dir }}/tls/certs/mycert.pem"
|
||||
gitea_tls_key_path: "{{ gitea_base_dir }}/tls/private/mykey.pem"
|
||||
gitea_tls_source_use_content: False
|
||||
gitea_tls_source_use_files: True
|
||||
gitea_tls_cert_source: mycert.pem
|
||||
gitea_tls_key_source: mykey.pem
|
|
@ -0,0 +1,9 @@
|
|||
# Source global definitions
|
||||
if [ -f /etc/bashrc ]; then
|
||||
. /etc/bashrc
|
||||
fi
|
||||
|
||||
while read filename
|
||||
do
|
||||
source "$filename"
|
||||
done < <(find -L ~/.bashrc.d -type f)
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
- name: Restart Gitea Service
|
||||
systemd:
|
||||
name: gitea
|
||||
state: restarted
|
||||
daemon_reload: yes
|
||||
enabled: yes
|
||||
listen:
|
||||
- gitea_restart
|
||||
become: True
|
||||
become_user: root
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
galaxy_info:
|
||||
author: Robert Kaussow
|
||||
description: Install Gitea Git Service
|
||||
license: MIT
|
||||
min_ansible_version: 2.4
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 7
|
||||
galaxy_tags:
|
||||
- gitea
|
||||
- git
|
||||
dependencies: []
|
|
@ -0,0 +1,81 @@
|
|||
---
|
||||
- name: Prepare base folder
|
||||
file:
|
||||
path: "{{ gitea_base_dir }}"
|
||||
state: directory
|
||||
owner: "{{ gitea_user }}"
|
||||
group: "{{ gitea_user }}"
|
||||
mode: 0750
|
||||
become: True
|
||||
become_user: root
|
||||
|
||||
- block:
|
||||
- name: Prepare folder structure
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- "{{ gitea_bin_dir }}"
|
||||
- "{{ gitea_config_dir }}"
|
||||
- "{{ gitea_data_dir }}"
|
||||
- "{{ gitea_global_log_dir }}"
|
||||
|
||||
- name: Download Gitea binary
|
||||
get_url:
|
||||
url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64"
|
||||
dest: "{{ gitea_bin_dir }}/gitea-{{ gitea_version }}"
|
||||
mode: 0750
|
||||
|
||||
- name: Link Version {{ gitea_version }} to latest
|
||||
file:
|
||||
src: "{{ gitea_bin_dir }}/gitea-{{ gitea_version }}"
|
||||
dest: "{{ gitea_base_dir }}/gitea-latest"
|
||||
state: link
|
||||
|
||||
# - name: Register current INTERNAL_TOKEN
|
||||
# shell: "awk -F '=' '/INTERNAL_TOKEN/ {print $2}' {{ gitea_config_dir }}/app.ini | tr -d ' '"
|
||||
# register: internal_token
|
||||
# changed_when: False
|
||||
|
||||
# - name: Remove INTERNAL_TOKEN
|
||||
# ini_file:
|
||||
# path: "{{ gitea_config_dir }}/app.ini"
|
||||
# section: security
|
||||
# option: INTERNAL_TOKEN
|
||||
# state: absent
|
||||
# changed_when: False
|
||||
|
||||
- name: Copy config file
|
||||
template:
|
||||
src: "custom/conf/app.ini.j2"
|
||||
dest: "{{ gitea_config_dir }}/app.ini"
|
||||
mode: 0600
|
||||
notify: __gitea_restart
|
||||
register: add_config
|
||||
|
||||
# - name: Re-add INTERNAL_TOKEN if configuration not changed
|
||||
# ini_file:
|
||||
# path: "{{ gitea_config_dir }}/app.ini"
|
||||
# section: security
|
||||
# option: INTERNAL_TOKEN
|
||||
# value: "{{ internal_token.stdout }}"
|
||||
# changed_when: False
|
||||
# when: not add_config.changed
|
||||
|
||||
# - name: Copy env file
|
||||
# template:
|
||||
# src: "custom/conf/gitea.env.j2"
|
||||
# dest: "{{ gitea_config_dir }}/gitea.env"
|
||||
# notify:
|
||||
# - gitea_restart
|
||||
become: True
|
||||
become_user: "{{ gitea_user }}"
|
||||
when: gitea_installed.stat.exists == False or gitea_current.stdout is version_compare(gitea_version, operator='<=', strict=True)
|
||||
|
||||
- name: Copy systemd unit file
|
||||
template:
|
||||
src: "etc/systemd/system/gitea.service.j2"
|
||||
dest: "/etc/systemd/system/gitea.service"
|
||||
notify: __gitea_restart
|
||||
become: True
|
||||
become_user: root
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
- include_tasks: prepare.yml
|
||||
- import_tasks: storage.yml
|
||||
when: gitea_lvm_enabled
|
||||
- import_tasks: install.yml
|
||||
- import_tasks: tls.yml
|
||||
when: gitea_tls_enabled
|
||||
tags: tls_renewal
|
|
@ -0,0 +1,34 @@
|
|||
- block:
|
||||
- name: Stat gitea-latest
|
||||
stat:
|
||||
path: "{{ gitea_base_dir }}/gitea-latest"
|
||||
register: gitea_installed
|
||||
|
||||
- name: Get running version
|
||||
shell: "{{ gitea_base_dir }}/gitea-latest -v | rev | cut -d ' ' -f5 | rev"
|
||||
register: gitea_current
|
||||
changed_when: False
|
||||
when: gitea_installed.stat.exists
|
||||
|
||||
- name: Create group '{{ gitea_group }}'
|
||||
group:
|
||||
name: "{{ gitea_group }}"
|
||||
state: present
|
||||
gid: "{{ gitea__gid|default(omit) }}"
|
||||
|
||||
- name: Create user '{{ gitea_user }}'
|
||||
user:
|
||||
comment: Gitea
|
||||
name: "{{ gitea_user }}"
|
||||
home: "{{ gitea_user_home }}"
|
||||
uid: "{{ gitea_uid|default(omit) }}"
|
||||
group: "{{ gitea_group }}"
|
||||
|
||||
- name: Install dependencies
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- "{{ gitea_packages }}"
|
||||
become: True
|
||||
become_user: root
|
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
- block:
|
||||
- name: Create volume group '{{ gitea_lvm_vg }}'
|
||||
lvg:
|
||||
vg: "{{ gitea_lvm_vg }}"
|
||||
pvs: "{{ gitea_lvm_pvs|join(',') }}"
|
||||
|
||||
- name: Create logical volume '{{ gitea_lvm_lv }}'
|
||||
lvol:
|
||||
vg: "{{ gitea_lvm_vg }}"
|
||||
lv: "{{ gitea_lvm_lv }}"
|
||||
size: "{{ gitea_lvm_size }}"
|
||||
|
||||
- name: Create filesystem for '/dev/mapper/{{ gitea_lvm_vg }}-{{ gitea_lvm_lv }}'
|
||||
filesystem:
|
||||
fstype: "{{ gitea_lvm_fstype }}"
|
||||
dev: "/dev/mapper/{{ gitea_lvm_vg }}-{{ gitea_lvm_lv }}"
|
||||
resizefs: True
|
||||
|
||||
- name: Mount volume to '{{ gitea_base_dir }}'
|
||||
mount:
|
||||
path: "{{ gitea_base_dir }}"
|
||||
src: "/dev/mapper/{{ gitea_lvm_vg }}-{{ gitea_lvm_lv }}"
|
||||
fstype: "{{ gitea_lvm_fstype }}"
|
||||
state: mounted
|
||||
become: True
|
||||
become_user: root
|
|
@ -0,0 +1,43 @@
|
|||
---
|
||||
- block:
|
||||
- name: Create tls folder structure
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ gitea_user }}"
|
||||
group: "{{ gitea_group }}"
|
||||
recurse: True
|
||||
with_items:
|
||||
- "{{ gitea_tls_cert_path | dirname }}"
|
||||
- "{{ gitea_tls_key_path | dirname }}"
|
||||
become: True
|
||||
become_user: root
|
||||
|
||||
- block:
|
||||
- name: Copy certs and private key (file)
|
||||
copy:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
mode: "{{ item.mode }}"
|
||||
with_items:
|
||||
- { src: "{{ gitea_tls_key_source }}", dest: '{{ gitea_tls_key_path }}', mode: '0600' }
|
||||
- { src: "{{ gitea_tls_cert_source }}", dest: '{{ gitea_tls_cert_path }}', mode: '0750' }
|
||||
loop_control:
|
||||
label: "{{ item.dest }}"
|
||||
register: __gitea_certs_file
|
||||
when: gitea_tls_source_use_files
|
||||
|
||||
- name: Copy certs and private key (content)
|
||||
copy:
|
||||
content: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
mode: "{{ item.mode }}"
|
||||
with_items:
|
||||
- { src: "{{ gitea_tls_key_source }}", dest: '{{ gitea_tls_key_path }}', mode: '0600' }
|
||||
- { src: "{{ gitea_tls_cert_source }}", dest: '{{ gitea_tls_cert_path }}', mode: '0750' }
|
||||
loop_control:
|
||||
label: "{{ item.dest }}"
|
||||
register: __gitea_certs_content
|
||||
when: gitea_tls_source_use_content
|
||||
become: True
|
||||
become_user: "{{ gitea_user }}"
|
|
@ -0,0 +1,4 @@
|
|||
## {{ ansible_managed }}
|
||||
export USER={{ gitea_user }}
|
||||
export HOME={{ gitea_user_home }}
|
||||
export GITEA_WORK_DIR={{ gitea_base_dir }}
|
|
@ -0,0 +1,167 @@
|
|||
; {{ ansible_managed }}
|
||||
APP_NAME = Gitea: Git with a cup of tea
|
||||
RUN_USER = {{ gitea_user }}
|
||||
RUN_MODE = {{ gitea_run_mode }}
|
||||
|
||||
[repository]
|
||||
ROOT = {{ gitea_data_dir }}/repos
|
||||
SCRIPT_TYPE = bash
|
||||
FORCE_PRIVATE = false
|
||||
DEFAULT_PRIVATE = last
|
||||
DISABLE_HTTP_GIT = false
|
||||
PREFERRED_LICENSES = MIT License
|
||||
|
||||
[repository.editor]
|
||||
LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
|
||||
PREVIEWABLE_FILE_MODES = markdown
|
||||
|
||||
[repository.local]
|
||||
LOCAL_COPY_PATH = tmp/local-repo
|
||||
|
||||
[repository.upload]
|
||||
ENABLED = true
|
||||
TEMP_PATH = tmp/uploads
|
||||
FILE_MAX_SIZE = {{ gitea_repository_upload_max_filesize }}
|
||||
MAX_FILES = {{ gitea_repository_upload_max_files }}
|
||||
|
||||
[repository.pull-request]
|
||||
WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP]
|
||||
|
||||
[attachment]
|
||||
ENABLE = true
|
||||
PATH = data/attachments
|
||||
ALLOWED_TYPES = */*
|
||||
MAX_SIZE = {{ gitea_attachment_max_filesize }}
|
||||
MAX_FILES = {{ gitea_attachment_max_files }}
|
||||
|
||||
[ui]
|
||||
EXPLORE_PAGING_NUM = 20
|
||||
ISSUE_PAGING_NUM = 10
|
||||
FEED_MAX_COMMIT_NUM = 5
|
||||
MAX_DISPLAY_FILE_SIZE = 8388608
|
||||
SHOW_USER_EMAIL = true
|
||||
GRAPH_MAX_COMMIT_NUM = 100
|
||||
CODE_COMMENT_LINES = 4
|
||||
DEFAULT_THEME = gitea
|
||||
ENABLE_CAPTCHA = false
|
||||
ENABLE_TIMETRACKING = true
|
||||
|
||||
[ui.admin]
|
||||
USER_PAGING_NUM = 50
|
||||
REPO_PAGING_NUM = 50
|
||||
NOTICE_PAGING_NUM = 25
|
||||
ORG_PAGING_NUM = 50
|
||||
ENABLE_PPROF = false
|
||||
|
||||
[ui.user]
|
||||
REPO_PAGING_NUM = 15
|
||||
|
||||
[api]
|
||||
ENABLE_SWAGGER = true
|
||||
MAX_RESPONSE_ITEMS = 50
|
||||
|
||||
[markdown]
|
||||
ENABLE_HARD_LINE_BREAK = false
|
||||
FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
|
||||
|
||||
[server]
|
||||
PROTOCOL = http
|
||||
DOMAIN = {{ gitea_listen_url }}
|
||||
ROOT_URL = {{ gitea_bind_protocol }}://%(DOMAIN)s/
|
||||
HTTP_ADDR = 127.0.0.1
|
||||
HTTP_PORT = {{ gitea_bind_port }}
|
||||
UNIX_SOCKET_PERMISSION = 666
|
||||
LANDING_PAGE = {{ gitea_landing_page }}
|
||||
START_SSH_SERVER = false
|
||||
|
||||
[ssh.minimum_key_sizes]
|
||||
ED25519 = 256
|
||||
ECDSA = 256
|
||||
RSA = 2048
|
||||
DSA = 1024
|
||||
|
||||
[database]
|
||||
DB_TYPE = {{ gitea_db_type }}
|
||||
HOST = {{ gitea_db_host }}:{{ gitea_db_port }}
|
||||
NAME = {{ gitea_db_name }}
|
||||
USER = {{ gitea_db_user }}
|
||||
PASSWD = {{ gitea_db_passwd }}
|
||||
SSL_MODE = disable
|
||||
|
||||
[indexer]
|
||||
ISSUE_INDEXER_PATH = {{ gitea_data_dir }}/indexers/issues.bleve
|
||||
REPO_INDEXER_PATH = {{ gitea_data_dir }}/indexers/repos.bleve
|
||||
REPO_INDEXER_ENABLED = true
|
||||
|
||||
[security]
|
||||
INSTALL_LOCK = {{ gitea_install_lock }}
|
||||
SECRET_KEY = {{ gitea_secret }}
|
||||
MIN_PASSWORD_LENGTH = 8
|
||||
DISABLE_GIT_HOOKS = false
|
||||
|
||||
[service]
|
||||
DISABLE_REGISTRATION = {{ gitea_disable_registration }}
|
||||
DEFAULT_KEEP_EMAIL_PRIVATE = false
|
||||
ENABLE_TIMETRACKING = true
|
||||
{% if gitea_mail_service_enabled %}
|
||||
ENABLE_NOTIFY_MAIL = true
|
||||
|
||||
[mailer]
|
||||
ENABLED = true
|
||||
FROM = {{ gitea_mail_service_from }}
|
||||
USE_SENDMAIL = true
|
||||
SENDMAIL_PATH = /usr/sbin/sendmail
|
||||
{% else %}
|
||||
[mailer]
|
||||
ENABLED = false
|
||||
{% endif %}
|
||||
|
||||
[picture]
|
||||
AVATAR_UPLOAD_PATH = {{ gitea_data_dir }}/avatars
|
||||
DISABLE_GRAVATAR = true
|
||||
ENABLE_FEDERATED_AVATAR = false
|
||||
|
||||
[log]
|
||||
ROOT_PATH = {{ gitea_global_log_dir }}
|
||||
MODE = file
|
||||
BUFFER_LEN = 10000
|
||||
LEVEL = {{ gitea_global_log_level }}
|
||||
|
||||
[log.file]
|
||||
LEVEL = {{ gitea_file_log_level }}
|
||||
LOG_ROTATE = {{ gitea_file_log_rotate_enabled | lower }}
|
||||
MAX_LINES = 1000000
|
||||
MAX_SIZE_SHIFT = 28
|
||||
DAILY_ROTATE = {{ gitea_file_log_rotate_daily_enabled | lower }}
|
||||
MAX_DAYS = {{ gitea_file_log_rotate_max_days }}
|
||||
|
||||
[cron]
|
||||
ENABLED = true
|
||||
RUN_AT_START = false
|
||||
|
||||
[cron.update_mirrors]
|
||||
SCHEDULE = @every 10m
|
||||
|
||||
[cron.repo_health_check]
|
||||
SCHEDULE = @every 24h
|
||||
TIMEOUT = 60s
|
||||
|
||||
[cron.check_repo_stats]
|
||||
RUN_AT_START = true
|
||||
SCHEDULE = @every 24h
|
||||
|
||||
[cron.archive_cleanup]
|
||||
RUN_AT_START = true
|
||||
SCHEDULE = @every 24h
|
||||
OLDER_THAN = 24h
|
||||
|
||||
[cron.sync_external_users]
|
||||
RUN_AT_START = true
|
||||
SCHEDULE = @every 24h
|
||||
UPDATE_EXISTING = true
|
||||
|
||||
[other]
|
||||
SHOW_FOOTER_BRANDING = false
|
||||
SHOW_FOOTER_VERSION = false
|
||||
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
## {{ ansible_managed }}
|
||||
USER={{ gitea_user }}
|
||||
HOME={{ gitea_user_home }}
|
||||
GITEA_WORK_DIR={{ gitea_base_dir }}
|
|
@ -0,0 +1,17 @@
|
|||
## {{ ansible_managed }}
|
||||
[Unit]
|
||||
Description=Gitea (Git with a cup of tea)
|
||||
After=syslog.target
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
EnvironmentFile={{ gitea_config_dir }}/gitea.env
|
||||
User={{ gitea_user }}
|
||||
Group={{ gitea_group }}
|
||||
WorkingDirectory={{ gitea_base_dir }}
|
||||
ExecStart={{ gitea_base_dir }}/gitea-latest web
|
||||
PrivateTmp=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue