add missing tasks for iptables and postgres
This commit is contained in:
parent
2a106c9e07
commit
bac286e432
|
@ -21,10 +21,11 @@ gitea_bin_dir: "{{ gitea_base_dir }}/bin"
|
|||
gitea_config_dir: "{{ gitea_base_dir }}/custom/conf"
|
||||
gitea_data_dir: "{{ gitea_base_dir }}/data"
|
||||
|
||||
gitea_bind_url: localhost
|
||||
gitea_bind_ip: 127.0.0.1
|
||||
gitea_bind_port: 61000
|
||||
gitea_bind_protocol: http
|
||||
gitea_listen_url: "{{ gitea_bind_url }}"
|
||||
gitea_listen_address: gitea.example.com
|
||||
gitea_listen_protocol: "{{ gitea_bind_protocol }}"
|
||||
|
||||
gitea_install_lock: true
|
||||
gitea_secret: "1234567ABCDEFG"
|
||||
|
@ -32,12 +33,47 @@ gitea_run_mode: prod
|
|||
gitea_landing_page: explore
|
||||
gitea_disable_registration: true
|
||||
|
||||
# gitea_db_type: # mysql, postgres, sqlite, mssql
|
||||
# gitea_db_host: # dbserver
|
||||
# gitea_db_port: # 5432
|
||||
# gitea_db_name: # gitea
|
||||
# gitea_db_user: # gitea
|
||||
# gitea_db_passwd: # password
|
||||
gitea_postgres_enabled: False
|
||||
gitea_postgres_tls_enabled: False
|
||||
gitea_postgres_server: postgres.example.com
|
||||
gitea_postgres_port: 5432
|
||||
gitea_postgres_superuser: postgres
|
||||
gitea_postgres_password: secure
|
||||
|
||||
gitea_postgres_db:
|
||||
name: gitea
|
||||
lc_collate: en_US.UTF-8
|
||||
lc_ctype: en_US.UTF-8'
|
||||
encoding: UTF-8
|
||||
template: template0
|
||||
login_host: localhost
|
||||
login_user: "{{ gitea_postgres_superuser }}"
|
||||
login_password: "{{ gitea_postgres_password }}"
|
||||
# login_unix_socket: # defaults to not set
|
||||
port: "{{ gitea_postgres_port }}"
|
||||
# owner: # defaults to not set
|
||||
state: present
|
||||
|
||||
gitea_postgres_user:
|
||||
name: pggitea
|
||||
password: gitea
|
||||
encrypted: 'yes'
|
||||
# priv: # defaults to not set
|
||||
# role_attr_flags: # defaults to not set
|
||||
db: "{{ gitea_postgres_db.name }}"
|
||||
login_host: localhost
|
||||
login_user: "{{ gitea_postgres_superuser }}"
|
||||
login_password: "{{ gitea_postgres_password }}"
|
||||
# login_unix_socket: # defaults to not set
|
||||
port: "{{ gitea_postgres_port }}"
|
||||
state: present
|
||||
|
||||
gitea_iptables_enabled: False
|
||||
gitea_open_ports:
|
||||
- name: allow_gitea_web
|
||||
rules: |
|
||||
-A INPUT -m state --state NEW -p tcp --dport {{ gitea_bind_port }} -j ACCEPT
|
||||
state: present
|
||||
|
||||
gitea_global_log_level: Info
|
||||
gitea_global_log_dir: "{{ gitea_base_dir }}/log"
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
state: restarted
|
||||
daemon_reload: yes
|
||||
enabled: yes
|
||||
listen:
|
||||
- gitea_restart
|
||||
listen: __gitea_restart
|
||||
become: True
|
||||
become_user: root
|
||||
|
|
|
@ -72,10 +72,23 @@
|
|||
become_user: "{{ gitea_user }}"
|
||||
when: gitea_installed.stat.exists == False or gitea_current.stdout is version_compare(gitea_version, operator='<=', strict=True)
|
||||
|
||||
- name: Copy systemd unit file
|
||||
template:
|
||||
src: "etc/systemd/system/gitea.service.j2"
|
||||
dest: "/etc/systemd/system/gitea.service"
|
||||
notify: __gitea_restart
|
||||
- block:
|
||||
- name: Copy systemd unit file
|
||||
template:
|
||||
src: "etc/systemd/system/gitea.service.j2"
|
||||
dest: "/etc/systemd/system/gitea.service"
|
||||
notify: __gitea_restart
|
||||
|
||||
- name: Open ports in iptables
|
||||
iptables_raw:
|
||||
name: "{{ item.name }}"
|
||||
rules: "{{ item.rules }}"
|
||||
state: "{{ item.state }}"
|
||||
weight: "{{ item.weight|default(omit) }}"
|
||||
table: "{{ item.table|default(omit) }}"
|
||||
with_items: "{{ gitea_open_ports }}"
|
||||
loop_control:
|
||||
label: "{{item.name}}"
|
||||
when: gitea_iptables_enabled
|
||||
become: True
|
||||
become_user: root
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
- include_tasks: prepare.yml
|
||||
- import_tasks: storage.yml
|
||||
when: gitea_lvm_enabled
|
||||
- import_tasks: install.yml
|
||||
- include_tasks: install.yml
|
||||
- import_tasks: tls.yml
|
||||
when: gitea_tls_enabled
|
||||
tags: tls_renewal
|
||||
- include_tasks: post_tasks.yml
|
||||
|
|
9
tasks/post_tasks.yml
Normal file
9
tasks/post_tasks.yml
Normal file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
- name: Ensure gitea service is up and running
|
||||
systemd:
|
||||
state: started
|
||||
daemon_reload: yes
|
||||
enabled: yes
|
||||
name: gitea
|
||||
become: True
|
||||
become_user: root
|
|
@ -32,3 +32,39 @@
|
|||
- "{{ gitea_packages }}"
|
||||
become: True
|
||||
become_user: root
|
||||
|
||||
- block:
|
||||
- name: Setup postgres db '{{ gitea_postgres_db.name }}'
|
||||
postgresql_db:
|
||||
name: "{{ gitea_postgres_db.name }}"
|
||||
lc_collate: "{{ gitea_postgres_db.lc_collate | default('en_US.UTF-8') }}"
|
||||
lc_ctype: "{{ gitea_postgres_db.lc_ctype | default('en_US.UTF-8') }}"
|
||||
encoding: "{{ gitea_postgres_db.encoding | default('UTF-8') }}"
|
||||
template: "{{ gitea_postgres_db.template | default('template0') }}"
|
||||
login_host: "{{ gitea_postgres_db.login_host | default('localhost') }}"
|
||||
login_password: "{{ gitea_postgres_db.login_password | default(omit) }}"
|
||||
login_user: "{{ gitea_postgres_db.login_user | default(postgresql_user) }}"
|
||||
login_unix_socket: "{{ gitea_postgres_db.login_unix_socket | default(omit) }}"
|
||||
port: "{{ gitea_postgres_db.port | default(omit) }}"
|
||||
owner: "{{ gitea_postgres_db.owner | default(omit) }}"
|
||||
state: "{{ gitea_postgres_db.state | default('present') }}"
|
||||
no_log: True
|
||||
when: gitea_postgres_db is defined
|
||||
|
||||
- name: Setup postgres user '{{ gitea_postgres_user.name }}'
|
||||
postgresql_user:
|
||||
name: "{{ gitea_postgres_user.name }}"
|
||||
password: "{{ 'md5' + (gitea_postgres_user.password + gitea_postgres_user.name) | hash('md5') }}"
|
||||
encrypted: "{{ gitea_postgres_user.encrypted | default('yes') }}"
|
||||
priv: "{{ gitea_postgres_user.priv | default(omit) }}"
|
||||
role_attr_flags: "{{ gitea_postgres_user.role_attr_flags | default(omit) }}"
|
||||
db: "{{ gitea_postgres_user.db | default(omit) }}"
|
||||
login_host: "{{ gitea_postgres_user.login_host | default('localhost') }}"
|
||||
login_password: "{{ gitea_postgres_user.login_password | default(omit) }}"
|
||||
login_user: "{{ gitea_postgres_user.login_user | default(omit) }}"
|
||||
login_unix_socket: "{{ gitea_postgres_user.login_unix_socket | default(omit) }}"
|
||||
port: "{{ gitea_postgres_user.port | default(omit) }}"
|
||||
state: "{{ gitea_postgres_user.state | default('present') }}"
|
||||
no_log: True
|
||||
when: gitea_postgres_user is defined
|
||||
delegate_to: "{{ gitea_postgres_server }}"
|
||||
|
|
|
@ -65,10 +65,10 @@ ENABLE_HARD_LINE_BREAK = false
|
|||
FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
|
||||
|
||||
[server]
|
||||
PROTOCOL = http
|
||||
DOMAIN = {{ gitea_listen_url }}
|
||||
ROOT_URL = {{ gitea_bind_protocol }}://%(DOMAIN)s/
|
||||
HTTP_ADDR = 127.0.0.1
|
||||
PROTOCOL = {{ gitea_bind_protocol }}
|
||||
DOMAIN = {{ gitea_listen_address }}
|
||||
ROOT_URL = {{ gitea_listen_protocol }}://%(DOMAIN)s/
|
||||
HTTP_ADDR = {{ gitea_bind_ip }}
|
||||
HTTP_PORT = {{ gitea_bind_port }}
|
||||
UNIX_SOCKET_PERMISSION = 666
|
||||
LANDING_PAGE = {{ gitea_landing_page }}
|
||||
|
@ -81,12 +81,14 @@ RSA = 2048
|
|||
DSA = 1024
|
||||
|
||||
[database]
|
||||
DB_TYPE = {{ gitea_db_type }}
|
||||
HOST = {{ gitea_db_host }}:{{ gitea_db_port }}
|
||||
NAME = {{ gitea_db_name }}
|
||||
USER = {{ gitea_db_user }}
|
||||
PASSWD = {{ gitea_db_passwd }}
|
||||
SSL_MODE = disable
|
||||
{% if gitea_postgres_enabled %}
|
||||
DB_TYPE = postgres
|
||||
HOST = {{ gitea_postgres_server }}:{{ gitea_postgres_port }}
|
||||
NAME = {{ gitea_postgres_db.name }}
|
||||
USER = {{ gitea_postgres_user.name }}
|
||||
PASSWD = {{ gitea_postgres_user.password }}
|
||||
SSL_MODE = {{ 'disable' if gitea_postgres_tls_enabled else 'enabled' }}
|
||||
{% endif %}
|
||||
|
||||
[indexer]
|
||||
ISSUE_INDEXER_PATH = {{ gitea_data_dir }}/indexers/issues.bleve
|
||||
|
@ -164,4 +166,3 @@ UPDATE_EXISTING = true
|
|||
SHOW_FOOTER_BRANDING = false
|
||||
SHOW_FOOTER_VERSION = false
|
||||
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user