ansible
/
xoxys.gitea
1
0
Fork 0
Code Issues Pull Requests 1 Releases Activity

initial commit

This commit is contained in:
Robert Kaussow 2018-12-08 22:21:48 +01:00
parent e190c7d272
commit 2a106c9e07
14 changed files with 544 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
README.md
View File

@ -1,2 +1,63 @@
# xoxys.gitea
# sit-lnx.gitea
Deploy a gitea (git with a cup of tea) instance.
## Role Variables
```yaml
gitea_user: "gitea_adm"
gitea_user_home: "/home/{{ gitea_user }}"
gitea_group: "{{ gitea_user }}"
gitea_packages: ["git"]
# Create separate LVM storage for gitea
gitea_lvm_enabled: False
# This variables are only necessary if gitea_lvm_enabled is 'True'
# Set physical volumes to use in LVM
gitea_lvm_pvs: #['/dev/sdb', '/dev/sdc']
gitea_lvm_vg: #"vg_gitea"
gitea_lvm_lv: #"lv_gitea"
gitea_lvm_size: #"50G"
gitea_base_dir: "/opt/gitea"
gitea_bin_dir: "{{ gitea_base_dir }}/bin"
gitea_config_dir: "{{ gitea_base_dir }}/custom/conf"
gitea_data_dir: "{{ gitea_base_dir }}/data"
gitea_log_dir: "{{ gitea_base_dir }}/log"
gitea_bind_url: localhost
gitea_bind_port: 61000
gitea_bind_protocol: http
gitea_db_type: #mysql, postgres, sqlite, mssql
gitea_db_host: #dbserver
gitea_db_port: #5432
gitea_db_name: #gitea
gitea_db_user: #gitea
gitea_db_passwd: #password
# Variables containing the tls cert/private key
gitea_tls_chained_cert: #"{{ my_vaulted_cert }}"
gitea_tls_priv_key: #"{{ my_vaulted_key }}"
gitea_install_lock: true
# This secret is publicly known and should not used in production!
# Use host_vars/group_vars and ansible vault to deploy a strong secret
gitea_secret: "1234567ABCDEFG"
gitea_run_mode: prod
gitea_landing_page: explore
gitea_disable_registration: true
gitea_log_level: Debug
```
## Examples
### Playbook
```yaml
- hosts: gitea
roles:
- xoxys.nginx
- xoxys.gitea
```
## Dependencies
None. It is recommendet to deploy gitea with nginx as reverse proxy.

63
defaults/main.yml Normal file
View File

@ -0,0 +1,63 @@
---
gitea_user: "gitea_adm"
gitea_user_home: "/home/{{ gitea_user }}"
gitea_group: "{{ gitea_user }}"
gitea_packages:
- git
# Create separate LVM storage for gitea
gitea_lvm_enabled: False
# This variables are only necessary if gitea_lvm_enabled is 'True'
# Set physical volumes to use in LVM
# gitea_lvm_pvs: # ['/dev/sdb', '/dev/sdc']
# gitea_lvm_vg: # "vg_gitea"
# gitea_lvm_lv: # "lv_gitea"
# gitea_lvm_fstype: # ext4
# gitea_lvm_size: # "50G"
gitea_base_dir: "/opt/gitea"
gitea_bin_dir: "{{ gitea_base_dir }}/bin"
gitea_config_dir: "{{ gitea_base_dir }}/custom/conf"
gitea_data_dir: "{{ gitea_base_dir }}/data"
gitea_bind_url: localhost
gitea_bind_port: 61000
gitea_bind_protocol: http
gitea_listen_url: "{{ gitea_bind_url }}"
gitea_install_lock: true
gitea_secret: "1234567ABCDEFG"
gitea_run_mode: prod
gitea_landing_page: explore
gitea_disable_registration: true
# gitea_db_type: # mysql, postgres, sqlite, mssql
# gitea_db_host: # dbserver
# gitea_db_port: # 5432
# gitea_db_name: # gitea
# gitea_db_user: # gitea
# gitea_db_passwd: # password
gitea_global_log_level: Info
gitea_global_log_dir: "{{ gitea_base_dir }}/log"
gitea_file_log_level: "{{ gitea_global_log_level }}"
gitea_file_log_rotate_enabled: True
gitea_file_log_rotate_daily_enabled: True
gitea_file_log_rotate_max_days: 7
gitea_repository_upload_max_filesize: 3
gitea_repository_upload_max_files: 5
gitea_attachment_max_filesize: 3
gitea_attachment_max_files: 5
gitea_mail_service_enabled: False
gitea_mail_service_from: <System> systemmail@example.com
gitea_tls_enabled: False
gitea_tls_cert_path: "{{ gitea_base_dir }}/tls/certs/mycert.pem"
gitea_tls_key_path: "{{ gitea_base_dir }}/tls/private/mykey.pem"
gitea_tls_source_use_content: False
gitea_tls_source_use_files: True
gitea_tls_cert_source: mycert.pem
gitea_tls_key_source: mykey.pem

9
files/bashrc Normal file
View File

@ -0,0 +1,9 @@
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
while read filename
do
source "$filename"
done < <(find -L ~/.bashrc.d -type f)

11
handlers/main.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: Restart Gitea Service
systemd:
name: gitea
state: restarted
daemon_reload: yes
enabled: yes
listen:
- gitea_restart
become: True
become_user: root

14
meta/main.yml Normal file
View File

@ -0,0 +1,14 @@
---
galaxy_info:
author: Robert Kaussow
description: Install Gitea Git Service
license: MIT
min_ansible_version: 2.4
platforms:
- name: EL
versions:
- 7
galaxy_tags:
- gitea
- git
dependencies: []

81
tasks/install.yml Normal file
View File

@ -0,0 +1,81 @@
---
- name: Prepare base folder
file:
path: "{{ gitea_base_dir }}"
state: directory
owner: "{{ gitea_user }}"
group: "{{ gitea_user }}"
mode: 0750
become: True
become_user: root
- block:
- name: Prepare folder structure
file:
path: "{{ item }}"
state: directory
with_items:
- "{{ gitea_bin_dir }}"
- "{{ gitea_config_dir }}"
- "{{ gitea_data_dir }}"
- "{{ gitea_global_log_dir }}"
- name: Download Gitea binary
get_url:
url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64"
dest: "{{ gitea_bin_dir }}/gitea-{{ gitea_version }}"
mode: 0750
- name: Link Version {{ gitea_version }} to latest
file:
src: "{{ gitea_bin_dir }}/gitea-{{ gitea_version }}"
dest: "{{ gitea_base_dir }}/gitea-latest"
state: link
# - name: Register current INTERNAL_TOKEN
# shell: "awk -F '=' '/INTERNAL_TOKEN/ {print $2}' {{ gitea_config_dir }}/app.ini | tr -d ' '"
# register: internal_token
# changed_when: False
# - name: Remove INTERNAL_TOKEN
# ini_file:
# path: "{{ gitea_config_dir }}/app.ini"
# section: security
# option: INTERNAL_TOKEN
# state: absent
# changed_when: False
- name: Copy config file
template:
src: "custom/conf/app.ini.j2"
dest: "{{ gitea_config_dir }}/app.ini"
mode: 0600
notify: __gitea_restart
register: add_config
# - name: Re-add INTERNAL_TOKEN if configuration not changed
# ini_file:
# path: "{{ gitea_config_dir }}/app.ini"
# section: security
# option: INTERNAL_TOKEN
# value: "{{ internal_token.stdout }}"
# changed_when: False
# when: not add_config.changed
# - name: Copy env file
# template:
# src: "custom/conf/gitea.env.j2"
# dest: "{{ gitea_config_dir }}/gitea.env"
# notify:
# - gitea_restart
become: True
become_user: "{{ gitea_user }}"
when: gitea_installed.stat.exists == False or gitea_current.stdout is version_compare(gitea_version, operator='<=', strict=True)
- name: Copy systemd unit file
template:
src: "etc/systemd/system/gitea.service.j2"
dest: "/etc/systemd/system/gitea.service"
notify: __gitea_restart
become: True
become_user: root

8
tasks/main.yml Normal file
View File

@ -0,0 +1,8 @@
---
- include_tasks: prepare.yml
- import_tasks: storage.yml
when: gitea_lvm_enabled
- import_tasks: install.yml
- import_tasks: tls.yml
when: gitea_tls_enabled
tags: tls_renewal

34
tasks/prepare.yml Normal file
View File

@ -0,0 +1,34 @@
- block:
- name: Stat gitea-latest
stat:
path: "{{ gitea_base_dir }}/gitea-latest"
register: gitea_installed
- name: Get running version
shell: "{{ gitea_base_dir }}/gitea-latest -v | rev | cut -d ' ' -f5 | rev"
register: gitea_current
changed_when: False
when: gitea_installed.stat.exists
- name: Create group '{{ gitea_group }}'
group:
name: "{{ gitea_group }}"
state: present
gid: "{{ gitea__gid|default(omit) }}"
- name: Create user '{{ gitea_user }}'
user:
comment: Gitea
name: "{{ gitea_user }}"
home: "{{ gitea_user_home }}"
uid: "{{ gitea_uid|default(omit) }}"
group: "{{ gitea_group }}"
- name: Install dependencies
package:
name: "{{ item }}"
state: present
with_items:
- "{{ gitea_packages }}"
become: True
become_user: root

27
tasks/storage.yml Normal file
View File

@ -0,0 +1,27 @@
---
- block:
- name: Create volume group '{{ gitea_lvm_vg }}'
lvg:
vg: "{{ gitea_lvm_vg }}"
pvs: "{{ gitea_lvm_pvs|join(',') }}"
- name: Create logical volume '{{ gitea_lvm_lv }}'
lvol:
vg: "{{ gitea_lvm_vg }}"
lv: "{{ gitea_lvm_lv }}"
size: "{{ gitea_lvm_size }}"
- name: Create filesystem for '/dev/mapper/{{ gitea_lvm_vg }}-{{ gitea_lvm_lv }}'
filesystem:
fstype: "{{ gitea_lvm_fstype }}"
dev: "/dev/mapper/{{ gitea_lvm_vg }}-{{ gitea_lvm_lv }}"
resizefs: True
- name: Mount volume to '{{ gitea_base_dir }}'
mount:
path: "{{ gitea_base_dir }}"
src: "/dev/mapper/{{ gitea_lvm_vg }}-{{ gitea_lvm_lv }}"
fstype: "{{ gitea_lvm_fstype }}"
state: mounted
become: True
become_user: root

43
tasks/tls.yml Normal file
View File

@ -0,0 +1,43 @@
---
- block:
- name: Create tls folder structure
file:
path: "{{ item }}"
state: directory
owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
recurse: True
with_items:
- "{{ gitea_tls_cert_path | dirname }}"
- "{{ gitea_tls_key_path | dirname }}"
become: True
become_user: root
- block:
- name: Copy certs and private key (file)
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: "{{ gitea_tls_key_source }}", dest: '{{ gitea_tls_key_path }}', mode: '0600' }
- { src: "{{ gitea_tls_cert_source }}", dest: '{{ gitea_tls_cert_path }}', mode: '0750' }
loop_control:
label: "{{ item.dest }}"
register: __gitea_certs_file
when: gitea_tls_source_use_files
- name: Copy certs and private key (content)
copy:
content: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: "{{ gitea_tls_key_source }}", dest: '{{ gitea_tls_key_path }}', mode: '0600' }
- { src: "{{ gitea_tls_cert_source }}", dest: '{{ gitea_tls_cert_path }}', mode: '0750' }
loop_control:
label: "{{ item.dest }}"
register: __gitea_certs_content
when: gitea_tls_source_use_content
become: True
become_user: "{{ gitea_user }}"

4
templates/bashrc.d/gitea.env.j2 Normal file
View File

@ -0,0 +1,4 @@
## {{ ansible_managed }}
export USER={{ gitea_user }}
export HOME={{ gitea_user_home }}
export GITEA_WORK_DIR={{ gitea_base_dir }}

167
templates/custom/conf/app.ini.j2 Normal file
View File

@ -0,0 +1,167 @@
; {{ ansible_managed }}
APP_NAME = Gitea: Git with a cup of tea
RUN_USER = {{ gitea_user }}
RUN_MODE = {{ gitea_run_mode }}
[repository]
ROOT = {{ gitea_data_dir }}/repos
SCRIPT_TYPE = bash
FORCE_PRIVATE = false
DEFAULT_PRIVATE = last
DISABLE_HTTP_GIT = false
PREFERRED_LICENSES = MIT License
[repository.editor]
LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
PREVIEWABLE_FILE_MODES = markdown
[repository.local]
LOCAL_COPY_PATH = tmp/local-repo
[repository.upload]
ENABLED = true
TEMP_PATH = tmp/uploads
FILE_MAX_SIZE = {{ gitea_repository_upload_max_filesize }}
MAX_FILES = {{ gitea_repository_upload_max_files }}
[repository.pull-request]
WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP]
[attachment]
ENABLE = true
PATH = data/attachments
ALLOWED_TYPES = */*
MAX_SIZE = {{ gitea_attachment_max_filesize }}
MAX_FILES = {{ gitea_attachment_max_files }}
[ui]
EXPLORE_PAGING_NUM = 20
ISSUE_PAGING_NUM = 10
FEED_MAX_COMMIT_NUM = 5
MAX_DISPLAY_FILE_SIZE = 8388608
SHOW_USER_EMAIL = true
GRAPH_MAX_COMMIT_NUM = 100
CODE_COMMENT_LINES = 4
DEFAULT_THEME = gitea
ENABLE_CAPTCHA = false
ENABLE_TIMETRACKING = true
[ui.admin]
USER_PAGING_NUM = 50
REPO_PAGING_NUM = 50
NOTICE_PAGING_NUM = 25
ORG_PAGING_NUM = 50
ENABLE_PPROF = false
[ui.user]
REPO_PAGING_NUM = 15
[api]
ENABLE_SWAGGER = true
MAX_RESPONSE_ITEMS = 50
[markdown]
ENABLE_HARD_LINE_BREAK = false
FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
[server]
PROTOCOL = http
DOMAIN = {{ gitea_listen_url }}
ROOT_URL = {{ gitea_bind_protocol }}://%(DOMAIN)s/
HTTP_ADDR = 127.0.0.1
HTTP_PORT = {{ gitea_bind_port }}
UNIX_SOCKET_PERMISSION = 666
LANDING_PAGE = {{ gitea_landing_page }}
START_SSH_SERVER = false
[ssh.minimum_key_sizes]
ED25519 = 256
ECDSA = 256
RSA = 2048
DSA = 1024
[database]
DB_TYPE = {{ gitea_db_type }}
HOST = {{ gitea_db_host }}:{{ gitea_db_port }}
NAME = {{ gitea_db_name }}
USER = {{ gitea_db_user }}
PASSWD = {{ gitea_db_passwd }}
SSL_MODE = disable
[indexer]
ISSUE_INDEXER_PATH = {{ gitea_data_dir }}/indexers/issues.bleve
REPO_INDEXER_PATH = {{ gitea_data_dir }}/indexers/repos.bleve
REPO_INDEXER_ENABLED = true
[security]
INSTALL_LOCK = {{ gitea_install_lock }}
SECRET_KEY = {{ gitea_secret }}
MIN_PASSWORD_LENGTH = 8
DISABLE_GIT_HOOKS = false
[service]
DISABLE_REGISTRATION = {{ gitea_disable_registration }}
DEFAULT_KEEP_EMAIL_PRIVATE = false
ENABLE_TIMETRACKING = true
{% if gitea_mail_service_enabled %}
ENABLE_NOTIFY_MAIL = true
[mailer]
ENABLED = true
FROM = {{ gitea_mail_service_from }}
USE_SENDMAIL = true
SENDMAIL_PATH = /usr/sbin/sendmail
{% else %}
[mailer]
ENABLED = false
{% endif %}
[picture]
AVATAR_UPLOAD_PATH = {{ gitea_data_dir }}/avatars
DISABLE_GRAVATAR = true
ENABLE_FEDERATED_AVATAR = false
[log]
ROOT_PATH = {{ gitea_global_log_dir }}
MODE = file
BUFFER_LEN = 10000
LEVEL = {{ gitea_global_log_level }}
[log.file]
LEVEL = {{ gitea_file_log_level }}
LOG_ROTATE = {{ gitea_file_log_rotate_enabled | lower }}
MAX_LINES = 1000000
MAX_SIZE_SHIFT = 28
DAILY_ROTATE = {{ gitea_file_log_rotate_daily_enabled | lower }}
MAX_DAYS = {{ gitea_file_log_rotate_max_days }}
[cron]
ENABLED = true
RUN_AT_START = false
[cron.update_mirrors]
SCHEDULE = @every 10m
[cron.repo_health_check]
SCHEDULE = @every 24h
TIMEOUT = 60s
[cron.check_repo_stats]
RUN_AT_START = true
SCHEDULE = @every 24h
[cron.archive_cleanup]
RUN_AT_START = true
SCHEDULE = @every 24h
OLDER_THAN = 24h
[cron.sync_external_users]
RUN_AT_START = true
SCHEDULE = @every 24h
UPDATE_EXISTING = true
[other]
SHOW_FOOTER_BRANDING = false
SHOW_FOOTER_VERSION = false
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false

4
templates/custom/conf/gitea.env.j2 Normal file
View File

@ -0,0 +1,4 @@
## {{ ansible_managed }}
USER={{ gitea_user }}
HOME={{ gitea_user_home }}
GITEA_WORK_DIR={{ gitea_base_dir }}

17
templates/etc/systemd/system/gitea.service.j2 Normal file
View File

@ -0,0 +1,17 @@
## {{ ansible_managed }}
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
[Service]
Type=simple
EnvironmentFile={{ gitea_config_dir }}/gitea.env
User={{ gitea_user }}
Group={{ gitea_group }}
WorkingDirectory={{ gitea_base_dir }}
ExecStart={{ gitea_base_dir }}/gitea-latest web
PrivateTmp=yes
[Install]
WantedBy=multi-user.target