add missing tasks for iptables and postgres

2018-12-08 23:11:49 +01:00 · 2018-12-08 23:11:49 +01:00 · bac286e432
commit bac286e432
parent 2a106c9e07
7 changed files with 122 additions and 27 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -21,10 +21,11 @@ gitea_bin_dir: "{{ gitea_base_dir }}/bin"
 gitea_config_dir: "{{ gitea_base_dir }}/custom/conf"
 gitea_data_dir: "{{ gitea_base_dir }}/data"

-gitea_bind_url: localhost
+gitea_bind_ip: 127.0.0.1
 gitea_bind_port: 61000
 gitea_bind_protocol: http
-gitea_listen_url: "{{ gitea_bind_url }}"
+gitea_listen_address: gitea.example.com
+gitea_listen_protocol: "{{ gitea_bind_protocol }}"

 gitea_install_lock: true
 gitea_secret: "1234567ABCDEFG"
@ -32,12 +33,47 @@ gitea_run_mode: prod
 gitea_landing_page: explore
 gitea_disable_registration: true

-# gitea_db_type: # mysql, postgres, sqlite, mssql
-# gitea_db_host: # dbserver
-# gitea_db_port: # 5432
-# gitea_db_name: # gitea
-# gitea_db_user: # gitea
-# gitea_db_passwd: # password
+gitea_postgres_enabled: False
+gitea_postgres_tls_enabled: False
+gitea_postgres_server: postgres.example.com
+gitea_postgres_port: 5432
+gitea_postgres_superuser: postgres
+gitea_postgres_password: secure
+
+gitea_postgres_db:
+  name: gitea
+  lc_collate: en_US.UTF-8
+  lc_ctype: en_US.UTF-8'
+  encoding: UTF-8
+  template: template0
+  login_host: localhost
+  login_user: "{{ gitea_postgres_superuser }}"
+  login_password: "{{ gitea_postgres_password }}"
+  # login_unix_socket: # defaults to not set
+  port: "{{ gitea_postgres_port }}"
+  # owner: # defaults to not set
+  state: present
+
+gitea_postgres_user:
+  name: pggitea
+  password: gitea
+  encrypted: 'yes'
+  # priv: # defaults to not set
+  # role_attr_flags: # defaults to not set
+  db: "{{ gitea_postgres_db.name }}"
+  login_host: localhost
+  login_user: "{{ gitea_postgres_superuser }}"
+  login_password: "{{ gitea_postgres_password }}"
+  # login_unix_socket: # defaults to not set
+  port: "{{ gitea_postgres_port }}"
+  state: present
+
+gitea_iptables_enabled: False
+gitea_open_ports:
+  - name: allow_gitea_web
+    rules: |
+      -A INPUT -m state --state NEW -p tcp --dport {{ gitea_bind_port }} -j ACCEPT
+    state: present

 gitea_global_log_level: Info
 gitea_global_log_dir:  "{{ gitea_base_dir }}/log"
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -5,7 +5,6 @@
    state: restarted
    daemon_reload: yes
    enabled: yes
-  listen:
-  - gitea_restart
+  listen: __gitea_restart
  become: True
  become_user: root
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -72,10 +72,23 @@
  become_user: "{{ gitea_user }}"
  when: gitea_installed.stat.exists == False or gitea_current.stdout is version_compare(gitea_version, operator='<=', strict=True)

- name: Copy systemd unit file
-  template:
-    src: "etc/systemd/system/gitea.service.j2"
-    dest: "/etc/systemd/system/gitea.service"
-  notify: __gitea_restart
+- block:
+    - name: Copy systemd unit file
+      template:
+        src: "etc/systemd/system/gitea.service.j2"
+        dest: "/etc/systemd/system/gitea.service"
+      notify: __gitea_restart
+
+    - name: Open ports in iptables
+      iptables_raw:
+        name: "{{ item.name }}"
+        rules: "{{ item.rules }}"
+        state: "{{ item.state }}"
+        weight: "{{ item.weight|default(omit) }}"
+        table: "{{ item.table|default(omit) }}"
+      with_items: "{{ gitea_open_ports }}"
+      loop_control:
+        label: "{{item.name}}"
+      when: gitea_iptables_enabled
  become: True
  become_user: root
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -2,7 +2,8 @@
 - include_tasks: prepare.yml
 - import_tasks: storage.yml
  when: gitea_lvm_enabled
- import_tasks: install.yml
+- include_tasks: install.yml
 - import_tasks: tls.yml
  when: gitea_tls_enabled
  tags: tls_renewal
+- include_tasks: post_tasks.yml
--- a/tasks/post_tasks.yml
+++ b/tasks/post_tasks.yml
@ -0,0 +1,9 @@
+---
+- name: Ensure gitea service is up and running
+  systemd:
+    state: started
+    daemon_reload: yes
+    enabled: yes
+    name: gitea
+  become: True
+  become_user: root
--- a/tasks/prepare.yml
+++ b/tasks/prepare.yml
@ -32,3 +32,39 @@
        - "{{ gitea_packages }}"
  become: True
  become_user: root
+
+- block:
+    - name: Setup postgres db '{{ gitea_postgres_db.name }}'
+      postgresql_db:
+        name: "{{ gitea_postgres_db.name }}"
+        lc_collate: "{{ gitea_postgres_db.lc_collate | default('en_US.UTF-8') }}"
+        lc_ctype: "{{ gitea_postgres_db.lc_ctype | default('en_US.UTF-8') }}"
+        encoding: "{{ gitea_postgres_db.encoding | default('UTF-8') }}"
+        template: "{{ gitea_postgres_db.template | default('template0') }}"
+        login_host: "{{ gitea_postgres_db.login_host | default('localhost') }}"
+        login_password: "{{ gitea_postgres_db.login_password | default(omit) }}"
+        login_user: "{{ gitea_postgres_db.login_user | default(postgresql_user) }}"
+        login_unix_socket: "{{ gitea_postgres_db.login_unix_socket | default(omit) }}"
+        port: "{{ gitea_postgres_db.port | default(omit) }}"
+        owner: "{{ gitea_postgres_db.owner | default(omit) }}"
+        state: "{{ gitea_postgres_db.state | default('present') }}"
+      no_log: True
+      when: gitea_postgres_db is defined
+
+    - name: Setup postgres user '{{ gitea_postgres_user.name }}'
+      postgresql_user:
+        name: "{{ gitea_postgres_user.name }}"
+        password: "{{ 'md5' + (gitea_postgres_user.password + gitea_postgres_user.name) | hash('md5') }}"
+        encrypted: "{{ gitea_postgres_user.encrypted | default('yes') }}"
+        priv: "{{ gitea_postgres_user.priv | default(omit) }}"
+        role_attr_flags: "{{ gitea_postgres_user.role_attr_flags | default(omit) }}"
+        db: "{{ gitea_postgres_user.db | default(omit) }}"
+        login_host: "{{ gitea_postgres_user.login_host | default('localhost') }}"
+        login_password: "{{ gitea_postgres_user.login_password | default(omit) }}"
+        login_user: "{{ gitea_postgres_user.login_user | default(omit) }}"
+        login_unix_socket: "{{ gitea_postgres_user.login_unix_socket | default(omit) }}"
+        port: "{{ gitea_postgres_user.port | default(omit) }}"
+        state: "{{ gitea_postgres_user.state | default('present') }}"
+      no_log: True
+      when: gitea_postgres_user is defined
+  delegate_to: "{{ gitea_postgres_server }}"
--- a/templates/custom/conf/app.ini.j2
+++ b/templates/custom/conf/app.ini.j2
@ -65,10 +65,10 @@ ENABLE_HARD_LINE_BREAK = false
 FILE_EXTENSIONS        = .md,.markdown,.mdown,.mkd

 [server]
-PROTOCOL               = http
-DOMAIN                 = {{ gitea_listen_url }}
-ROOT_URL               = {{ gitea_bind_protocol }}://%(DOMAIN)s/
-HTTP_ADDR              = 127.0.0.1
+PROTOCOL               = {{ gitea_bind_protocol }}
+DOMAIN                 = {{ gitea_listen_address }}
+ROOT_URL               = {{ gitea_listen_protocol }}://%(DOMAIN)s/
+HTTP_ADDR              = {{ gitea_bind_ip }}
 HTTP_PORT              = {{ gitea_bind_port }}
 UNIX_SOCKET_PERMISSION = 666
 LANDING_PAGE           = {{ gitea_landing_page }}
@ -81,12 +81,14 @@ RSA     = 2048
 DSA     = 1024

 [database]
-DB_TYPE  = {{ gitea_db_type }}
-HOST     = {{ gitea_db_host }}:{{ gitea_db_port }}
-NAME     = {{ gitea_db_name }}
-USER     = {{ gitea_db_user }}
-PASSWD   = {{ gitea_db_passwd }}
-SSL_MODE = disable
+{% if gitea_postgres_enabled %}
+DB_TYPE  = postgres
+HOST     = {{ gitea_postgres_server }}:{{ gitea_postgres_port }}
+NAME     = {{ gitea_postgres_db.name }}
+USER     = {{ gitea_postgres_user.name }}
+PASSWD   = {{ gitea_postgres_user.password }}
+SSL_MODE = {{ 'disable' if gitea_postgres_tls_enabled else 'enabled' }}
+{% endif %}

 [indexer]
 ISSUE_INDEXER_PATH   = {{ gitea_data_dir }}/indexers/issues.bleve
@ -164,4 +166,3 @@ UPDATE_EXISTING = true
 SHOW_FOOTER_BRANDING           = false
 SHOW_FOOTER_VERSION            = false
 SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
-