From 2a106c9e073876e195ce0c5e69f2dc28a17e2cf1 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Sat, 8 Dec 2018 22:21:48 +0100
Subject: [PATCH] initial commit

---
 README.md                                     |  63 ++++++-
 defaults/main.yml                             |  63 +++++++
 files/bashrc                                  |   9 +
 handlers/main.yml                             |  11 ++
 meta/main.yml                                 |  14 ++
 tasks/install.yml                             |  81 +++++++++
 tasks/main.yml                                |   8 +
 tasks/prepare.yml                             |  34 ++++
 tasks/storage.yml                             |  27 +++
 tasks/tls.yml                                 |  43 +++++
 templates/bashrc.d/gitea.env.j2               |   4 +
 templates/custom/conf/app.ini.j2              | 167 ++++++++++++++++++
 templates/custom/conf/gitea.env.j2            |   4 +
 templates/etc/systemd/system/gitea.service.j2 |  17 ++
 14 files changed, 544 insertions(+), 1 deletion(-)
 create mode 100644 defaults/main.yml
 create mode 100644 files/bashrc
 create mode 100644 handlers/main.yml
 create mode 100644 meta/main.yml
 create mode 100644 tasks/install.yml
 create mode 100644 tasks/main.yml
 create mode 100644 tasks/prepare.yml
 create mode 100644 tasks/storage.yml
 create mode 100644 tasks/tls.yml
 create mode 100644 templates/bashrc.d/gitea.env.j2
 create mode 100644 templates/custom/conf/app.ini.j2
 create mode 100644 templates/custom/conf/gitea.env.j2
 create mode 100644 templates/etc/systemd/system/gitea.service.j2

diff --git a/README.md b/README.md
index 834a7dc..a4ca1c0 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,63 @@
-# xoxys.gitea
+# sit-lnx.gitea
+Deploy a gitea (git with a cup of tea) instance.
 
+## Role Variables
+```yaml
+gitea_user: "gitea_adm"
+gitea_user_home: "/home/{{ gitea_user }}"
+gitea_group: "{{ gitea_user }}"
+gitea_packages: ["git"]
+
+# Create separate LVM storage for gitea
+gitea_lvm_enabled: False
+# This variables are only necessary if gitea_lvm_enabled is 'True'
+# Set physical volumes to use in LVM
+gitea_lvm_pvs: #['/dev/sdb', '/dev/sdc']
+gitea_lvm_vg:  #"vg_gitea"
+gitea_lvm_lv: #"lv_gitea"
+gitea_lvm_size: #"50G"
+
+gitea_base_dir: "/opt/gitea"
+gitea_bin_dir: "{{ gitea_base_dir }}/bin"
+gitea_config_dir: "{{ gitea_base_dir }}/custom/conf"
+gitea_data_dir: "{{ gitea_base_dir }}/data"
+gitea_log_dir:  "{{ gitea_base_dir }}/log"
+
+gitea_bind_url: localhost
+gitea_bind_port: 61000
+gitea_bind_protocol: http
+
+gitea_db_type: #mysql, postgres, sqlite, mssql
+gitea_db_host: #dbserver
+gitea_db_port: #5432
+gitea_db_name: #gitea
+gitea_db_user: #gitea
+gitea_db_passwd: #password
+
+# Variables containing the tls cert/private key
+gitea_tls_chained_cert: #"{{ my_vaulted_cert }}"
+gitea_tls_priv_key: #"{{ my_vaulted_key }}"
+
+gitea_install_lock: true
+# This secret is publicly known and should not used in production!
+# Use host_vars/group_vars and ansible vault to deploy a strong secret
+gitea_secret: "1234567ABCDEFG"
+gitea_run_mode: prod
+gitea_landing_page: explore
+gitea_disable_registration: true
+gitea_log_level: Debug
+```
+
+## Examples
+### Playbook
+```yaml
+- hosts: gitea
+
+  roles:
+    - xoxys.nginx
+    - xoxys.gitea
+
+```
+
+## Dependencies
+None. It is recommendet to deploy gitea with nginx as reverse proxy.
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..80f2f7c
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,63 @@
+---
+gitea_user: "gitea_adm"
+gitea_user_home: "/home/{{ gitea_user }}"
+gitea_group: "{{ gitea_user }}"
+
+gitea_packages:
+  - git
+
+# Create separate LVM storage for gitea
+gitea_lvm_enabled: False
+# This variables are only necessary if gitea_lvm_enabled is 'True'
+# Set physical volumes to use in LVM
+# gitea_lvm_pvs: # ['/dev/sdb', '/dev/sdc']
+# gitea_lvm_vg:  # "vg_gitea"
+# gitea_lvm_lv: # "lv_gitea"
+# gitea_lvm_fstype: # ext4
+# gitea_lvm_size: # "50G"
+
+gitea_base_dir: "/opt/gitea"
+gitea_bin_dir: "{{ gitea_base_dir }}/bin"
+gitea_config_dir: "{{ gitea_base_dir }}/custom/conf"
+gitea_data_dir: "{{ gitea_base_dir }}/data"
+
+gitea_bind_url: localhost
+gitea_bind_port: 61000
+gitea_bind_protocol: http
+gitea_listen_url: "{{ gitea_bind_url }}"
+
+gitea_install_lock: true
+gitea_secret: "1234567ABCDEFG"
+gitea_run_mode: prod
+gitea_landing_page: explore
+gitea_disable_registration: true
+
+# gitea_db_type: # mysql, postgres, sqlite, mssql
+# gitea_db_host: # dbserver
+# gitea_db_port: # 5432
+# gitea_db_name: # gitea
+# gitea_db_user: # gitea
+# gitea_db_passwd: # password
+
+gitea_global_log_level: Info
+gitea_global_log_dir:  "{{ gitea_base_dir }}/log"
+gitea_file_log_level: "{{ gitea_global_log_level }}"
+gitea_file_log_rotate_enabled: True
+gitea_file_log_rotate_daily_enabled: True
+gitea_file_log_rotate_max_days: 7
+
+gitea_repository_upload_max_filesize: 3
+gitea_repository_upload_max_files: 5
+gitea_attachment_max_filesize: 3
+gitea_attachment_max_files: 5
+
+gitea_mail_service_enabled: False
+gitea_mail_service_from: <System> systemmail@example.com
+
+gitea_tls_enabled: False
+gitea_tls_cert_path: "{{ gitea_base_dir }}/tls/certs/mycert.pem"
+gitea_tls_key_path: "{{ gitea_base_dir }}/tls/private/mykey.pem"
+gitea_tls_source_use_content: False
+gitea_tls_source_use_files: True
+gitea_tls_cert_source: mycert.pem
+gitea_tls_key_source: mykey.pem
diff --git a/files/bashrc b/files/bashrc
new file mode 100644
index 0000000..0ac5c31
--- /dev/null
+++ b/files/bashrc
@@ -0,0 +1,9 @@
+# Source global definitions
+if [ -f /etc/bashrc ]; then
+  . /etc/bashrc
+fi
+
+while read filename
+do
+  source "$filename"
+done < <(find -L ~/.bashrc.d -type f)
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..d6d2c2e
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,11 @@
+---
+- name: Restart Gitea Service
+  systemd:
+    name: gitea
+    state: restarted
+    daemon_reload: yes
+    enabled: yes
+  listen:
+  - gitea_restart
+  become: True
+  become_user: root
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..0b2f515
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,14 @@
+---
+galaxy_info:
+  author: Robert Kaussow
+  description: Install Gitea Git Service
+  license: MIT
+  min_ansible_version: 2.4
+  platforms:
+  - name: EL
+    versions:
+    - 7                                                                                                                                                                                                     
+  galaxy_tags:
+  - gitea
+  - git  
+dependencies: []
diff --git a/tasks/install.yml b/tasks/install.yml
new file mode 100644
index 0000000..7e0b1ba
--- /dev/null
+++ b/tasks/install.yml
@@ -0,0 +1,81 @@
+---
+- name: Prepare base folder
+  file:
+    path: "{{ gitea_base_dir }}"
+    state: directory
+    owner: "{{ gitea_user }}"
+    group: "{{ gitea_user }}"
+    mode: 0750
+  become: True
+  become_user: root
+
+- block:
+    - name: Prepare folder structure
+      file:
+        path: "{{ item }}"
+        state: directory
+      with_items:
+        - "{{ gitea_bin_dir }}"
+        - "{{ gitea_config_dir }}"
+        - "{{ gitea_data_dir }}"
+        - "{{ gitea_global_log_dir }}"
+
+    - name: Download Gitea binary
+      get_url:
+        url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64"
+        dest: "{{ gitea_bin_dir }}/gitea-{{ gitea_version }}"
+        mode: 0750
+
+    - name: Link Version {{ gitea_version }} to latest
+      file:
+        src: "{{ gitea_bin_dir }}/gitea-{{ gitea_version }}"
+        dest: "{{ gitea_base_dir }}/gitea-latest"
+        state: link
+
+    # - name: Register current INTERNAL_TOKEN
+    #   shell: "awk -F '=' '/INTERNAL_TOKEN/ {print $2}' {{ gitea_config_dir }}/app.ini | tr -d ' '"
+    #   register: internal_token
+    #   changed_when: False
+
+    # - name: Remove INTERNAL_TOKEN
+    #   ini_file:
+    #     path: "{{ gitea_config_dir }}/app.ini"
+    #     section: security
+    #     option: INTERNAL_TOKEN
+    #     state: absent
+    #   changed_when: False
+
+    - name: Copy config file
+      template:
+        src: "custom/conf/app.ini.j2"
+        dest: "{{ gitea_config_dir }}/app.ini"
+        mode: 0600
+      notify: __gitea_restart
+      register: add_config
+
+    # - name: Re-add INTERNAL_TOKEN if configuration not changed
+    #   ini_file:
+    #     path: "{{ gitea_config_dir }}/app.ini"
+    #     section: security
+    #     option: INTERNAL_TOKEN
+    #     value: "{{ internal_token.stdout }}"
+    #   changed_when: False
+    #   when: not add_config.changed
+
+    # - name: Copy env file
+    #   template:
+    #     src: "custom/conf/gitea.env.j2"
+    #     dest: "{{ gitea_config_dir }}/gitea.env"
+    #   notify:
+    #   - gitea_restart
+  become: True
+  become_user: "{{ gitea_user }}"
+  when: gitea_installed.stat.exists == False or gitea_current.stdout is version_compare(gitea_version, operator='<=', strict=True)
+
+- name: Copy systemd unit file
+  template:
+    src: "etc/systemd/system/gitea.service.j2"
+    dest: "/etc/systemd/system/gitea.service"
+  notify: __gitea_restart
+  become: True
+  become_user: root
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..bc6668f
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+- include_tasks: prepare.yml
+- import_tasks: storage.yml
+  when: gitea_lvm_enabled
+- import_tasks: install.yml
+- import_tasks: tls.yml
+  when: gitea_tls_enabled
+  tags: tls_renewal
diff --git a/tasks/prepare.yml b/tasks/prepare.yml
new file mode 100644
index 0000000..572ef0c
--- /dev/null
+++ b/tasks/prepare.yml
@@ -0,0 +1,34 @@
+- block:
+    - name: Stat gitea-latest
+      stat:
+        path: "{{ gitea_base_dir }}/gitea-latest"
+      register: gitea_installed
+
+    - name: Get running version
+      shell: "{{ gitea_base_dir }}/gitea-latest -v | rev | cut -d ' ' -f5 | rev"
+      register: gitea_current
+      changed_when: False
+      when: gitea_installed.stat.exists
+
+    - name: Create group '{{ gitea_group }}'
+      group:
+        name: "{{ gitea_group }}"
+        state: present
+        gid: "{{ gitea__gid|default(omit) }}"
+
+    - name: Create user '{{ gitea_user }}'
+      user:
+        comment: Gitea
+        name: "{{ gitea_user }}"
+        home: "{{ gitea_user_home }}"
+        uid: "{{ gitea_uid|default(omit) }}"
+        group: "{{ gitea_group }}"
+
+    - name: Install dependencies
+      package:
+        name: "{{ item }}"
+        state: present
+      with_items:
+        - "{{ gitea_packages }}"
+  become: True
+  become_user: root
diff --git a/tasks/storage.yml b/tasks/storage.yml
new file mode 100644
index 0000000..4c5afac
--- /dev/null
+++ b/tasks/storage.yml
@@ -0,0 +1,27 @@
+---
+- block:
+  - name: Create volume group '{{ gitea_lvm_vg }}'
+    lvg:
+      vg: "{{ gitea_lvm_vg }}"
+      pvs: "{{ gitea_lvm_pvs|join(',') }}"
+
+  - name: Create logical volume '{{ gitea_lvm_lv }}'
+    lvol:
+      vg: "{{ gitea_lvm_vg }}"
+      lv: "{{ gitea_lvm_lv }}"
+      size: "{{ gitea_lvm_size }}"
+
+  - name: Create filesystem for '/dev/mapper/{{ gitea_lvm_vg }}-{{ gitea_lvm_lv }}'
+    filesystem:
+      fstype: "{{ gitea_lvm_fstype }}"
+      dev: "/dev/mapper/{{ gitea_lvm_vg }}-{{ gitea_lvm_lv }}"
+      resizefs: True
+
+  - name: Mount volume to '{{ gitea_base_dir }}'
+    mount:
+      path: "{{ gitea_base_dir }}"
+      src: "/dev/mapper/{{ gitea_lvm_vg }}-{{ gitea_lvm_lv }}"
+      fstype: "{{ gitea_lvm_fstype }}"
+      state: mounted
+  become: True
+  become_user: root
diff --git a/tasks/tls.yml b/tasks/tls.yml
new file mode 100644
index 0000000..1c3d0d6
--- /dev/null
+++ b/tasks/tls.yml
@@ -0,0 +1,43 @@
+---
+- block:
+  - name: Create tls folder structure
+    file:
+      path: "{{ item }}"
+      state: directory
+      owner: "{{ gitea_user }}"
+      group: "{{ gitea_group }}"
+      recurse: True
+    with_items:
+      - "{{ gitea_tls_cert_path | dirname }}"
+      - "{{ gitea_tls_key_path | dirname }}"
+  become: True
+  become_user: root
+
+- block:
+  - name: Copy certs and private key (file)
+    copy:
+      src: "{{ item.src }}"
+      dest: "{{ item.dest }}"
+      mode: "{{ item.mode }}"
+    with_items:
+      - { src: "{{ gitea_tls_key_source }}", dest: '{{ gitea_tls_key_path }}', mode: '0600' }
+      - { src: "{{ gitea_tls_cert_source }}", dest: '{{ gitea_tls_cert_path }}', mode: '0750' }
+    loop_control:
+      label: "{{ item.dest }}"
+    register: __gitea_certs_file
+    when: gitea_tls_source_use_files
+
+  - name: Copy certs and private key (content)
+    copy:
+      content: "{{ item.src }}"
+      dest: "{{ item.dest }}"
+      mode: "{{ item.mode }}"
+    with_items:
+      - { src: "{{ gitea_tls_key_source }}", dest: '{{ gitea_tls_key_path }}', mode: '0600' }
+      - { src: "{{ gitea_tls_cert_source }}", dest: '{{ gitea_tls_cert_path }}', mode: '0750' }
+    loop_control:
+      label: "{{ item.dest }}"
+    register: __gitea_certs_content
+    when: gitea_tls_source_use_content
+  become: True
+  become_user: "{{ gitea_user }}"
diff --git a/templates/bashrc.d/gitea.env.j2 b/templates/bashrc.d/gitea.env.j2
new file mode 100644
index 0000000..192012a
--- /dev/null
+++ b/templates/bashrc.d/gitea.env.j2
@@ -0,0 +1,4 @@
+## {{ ansible_managed }}
+export USER={{ gitea_user }}
+export HOME={{ gitea_user_home }}
+export GITEA_WORK_DIR={{ gitea_base_dir }}
diff --git a/templates/custom/conf/app.ini.j2 b/templates/custom/conf/app.ini.j2
new file mode 100644
index 0000000..94fd61b
--- /dev/null
+++ b/templates/custom/conf/app.ini.j2
@@ -0,0 +1,167 @@
+; {{ ansible_managed }}
+APP_NAME = Gitea: Git with a cup of tea
+RUN_USER = {{ gitea_user }}
+RUN_MODE = {{ gitea_run_mode }}
+
+[repository]
+ROOT               = {{ gitea_data_dir }}/repos
+SCRIPT_TYPE        = bash
+FORCE_PRIVATE      = false
+DEFAULT_PRIVATE    = last
+DISABLE_HTTP_GIT   = false
+PREFERRED_LICENSES = MIT License
+
+[repository.editor]
+LINE_WRAP_EXTENSIONS   = .txt,.md,.markdown,.mdown,.mkd,
+PREVIEWABLE_FILE_MODES = markdown
+
+[repository.local]
+LOCAL_COPY_PATH = tmp/local-repo
+
+[repository.upload]
+ENABLED       = true
+TEMP_PATH     = tmp/uploads
+FILE_MAX_SIZE = {{ gitea_repository_upload_max_filesize }}
+MAX_FILES     = {{ gitea_repository_upload_max_files }}
+
+[repository.pull-request]
+WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP]
+
+[attachment]
+ENABLE        = true
+PATH          = data/attachments
+ALLOWED_TYPES = */*
+MAX_SIZE      = {{ gitea_attachment_max_filesize }}
+MAX_FILES     = {{ gitea_attachment_max_files }}
+
+[ui]
+EXPLORE_PAGING_NUM    = 20
+ISSUE_PAGING_NUM      = 10
+FEED_MAX_COMMIT_NUM   = 5
+MAX_DISPLAY_FILE_SIZE = 8388608
+SHOW_USER_EMAIL       = true
+GRAPH_MAX_COMMIT_NUM  = 100
+CODE_COMMENT_LINES    = 4
+DEFAULT_THEME         = gitea
+ENABLE_CAPTCHA        = false
+ENABLE_TIMETRACKING   = true
+
+[ui.admin]
+USER_PAGING_NUM   = 50
+REPO_PAGING_NUM   = 50
+NOTICE_PAGING_NUM = 25
+ORG_PAGING_NUM    = 50
+ENABLE_PPROF      = false
+
+[ui.user]
+REPO_PAGING_NUM = 15
+
+[api]
+ENABLE_SWAGGER     = true
+MAX_RESPONSE_ITEMS = 50
+
+[markdown]
+ENABLE_HARD_LINE_BREAK = false
+FILE_EXTENSIONS        = .md,.markdown,.mdown,.mkd
+
+[server]
+PROTOCOL               = http
+DOMAIN                 = {{ gitea_listen_url }}
+ROOT_URL               = {{ gitea_bind_protocol }}://%(DOMAIN)s/
+HTTP_ADDR              = 127.0.0.1
+HTTP_PORT              = {{ gitea_bind_port }}
+UNIX_SOCKET_PERMISSION = 666
+LANDING_PAGE           = {{ gitea_landing_page }}
+START_SSH_SERVER       = false
+
+[ssh.minimum_key_sizes]
+ED25519 = 256
+ECDSA   = 256
+RSA     = 2048
+DSA     = 1024
+
+[database]
+DB_TYPE  = {{ gitea_db_type }}
+HOST     = {{ gitea_db_host }}:{{ gitea_db_port }}
+NAME     = {{ gitea_db_name }}
+USER     = {{ gitea_db_user }}
+PASSWD   = {{ gitea_db_passwd }}
+SSL_MODE = disable
+
+[indexer]
+ISSUE_INDEXER_PATH   = {{ gitea_data_dir }}/indexers/issues.bleve
+REPO_INDEXER_PATH    = {{ gitea_data_dir }}/indexers/repos.bleve
+REPO_INDEXER_ENABLED = true
+
+[security]
+INSTALL_LOCK        = {{ gitea_install_lock }}
+SECRET_KEY          = {{ gitea_secret }}
+MIN_PASSWORD_LENGTH = 8
+DISABLE_GIT_HOOKS   = false
+
+[service]
+DISABLE_REGISTRATION       = {{ gitea_disable_registration }}
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+ENABLE_TIMETRACKING        = true
+{% if gitea_mail_service_enabled %}
+ENABLE_NOTIFY_MAIL         = true
+
+[mailer]
+ENABLED       = true
+FROM          = {{ gitea_mail_service_from }}
+USE_SENDMAIL  = true
+SENDMAIL_PATH = /usr/sbin/sendmail
+{% else %}
+[mailer]
+ENABLED = false
+{% endif %}
+
+[picture]
+AVATAR_UPLOAD_PATH      = {{ gitea_data_dir }}/avatars
+DISABLE_GRAVATAR        = true
+ENABLE_FEDERATED_AVATAR = false
+
+[log]
+ROOT_PATH  = {{ gitea_global_log_dir }}
+MODE       = file
+BUFFER_LEN = 10000
+LEVEL      = {{ gitea_global_log_level }}
+
+[log.file]
+LEVEL          = {{ gitea_file_log_level }}
+LOG_ROTATE     = {{ gitea_file_log_rotate_enabled | lower }}
+MAX_LINES      = 1000000
+MAX_SIZE_SHIFT = 28
+DAILY_ROTATE   = {{ gitea_file_log_rotate_daily_enabled | lower }}
+MAX_DAYS       = {{ gitea_file_log_rotate_max_days }}
+
+[cron]
+ENABLED      = true
+RUN_AT_START = false
+
+[cron.update_mirrors]
+SCHEDULE = @every 10m
+
+[cron.repo_health_check]
+SCHEDULE = @every 24h
+TIMEOUT  = 60s
+
+[cron.check_repo_stats]
+RUN_AT_START = true
+SCHEDULE     = @every 24h
+
+[cron.archive_cleanup]
+RUN_AT_START = true
+SCHEDULE     = @every 24h
+OLDER_THAN   = 24h
+
+[cron.sync_external_users]
+RUN_AT_START    = true
+SCHEDULE        = @every 24h
+UPDATE_EXISTING = true
+
+[other]
+SHOW_FOOTER_BRANDING           = false
+SHOW_FOOTER_VERSION            = false
+SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
+
diff --git a/templates/custom/conf/gitea.env.j2 b/templates/custom/conf/gitea.env.j2
new file mode 100644
index 0000000..eb8e6ee
--- /dev/null
+++ b/templates/custom/conf/gitea.env.j2
@@ -0,0 +1,4 @@
+## {{ ansible_managed }}
+USER={{ gitea_user }}
+HOME={{ gitea_user_home }}
+GITEA_WORK_DIR={{ gitea_base_dir }}
diff --git a/templates/etc/systemd/system/gitea.service.j2 b/templates/etc/systemd/system/gitea.service.j2
new file mode 100644
index 0000000..8322a86
--- /dev/null
+++ b/templates/etc/systemd/system/gitea.service.j2
@@ -0,0 +1,17 @@
+## {{ ansible_managed }}
+[Unit]
+Description=Gitea (Git with a cup of tea)
+After=syslog.target
+After=network.target
+
+[Service]
+Type=simple
+EnvironmentFile={{ gitea_config_dir }}/gitea.env
+User={{ gitea_user }}
+Group={{ gitea_group }}
+WorkingDirectory={{ gitea_base_dir }}
+ExecStart={{ gitea_base_dir }}/gitea-latest web
+PrivateTmp=yes
+
+[Install]
+WantedBy=multi-user.target