Add Gitea role

roles/gitea/meta/main.yml

@@ -0,0 +1,6 @@
+---
+allow_duplicates: no
+dependencies:
+  - role: apache-php
+  - role: mysql
+  - role: redis

roles/gitea/tasks/main.yml

@@ -0,0 +1,84 @@
+#!/usr/bin/ansible-playbook
+# vim:ft=ansible:
+---
+- name: Set up Gitea
+  block:
+    - name: Set up MySQL
+      block:
+        - name: Create DB
+          mysql_db:
+            name: gitea
+            login_user: root
+            login_password: "{{ mysql_root_password }}"
+            state: present
+        - name: Create user
+          mysql_user:
+            name: gitea
+            host: localhost
+            password: "{{ gitea_mysql_password }}"
+            priv: "gitea.*:ALL,GRANT"
+            login_user: root
+            login_password: "{{ mysql_root_password }}"
+    - name: Set up Apache
+      block:
+        - name: Template out vhost
+          template:
+            src: "apache2-vhost-ssl.conf"
+            dest: "/etc/apache2/sites-available/{{ gitea_url }}.conf"
+        - name: Enable site
+          command:
+            cmd: "a2ensite {{ gitea_url }}.conf"
+            creates: "/etc/apache2/sites-enabled/{{ gitea_url }}.conf"
+          notify: restart apache
+        - name: Generate certificate
+          include_role:
+            name: https
+          vars:
+            website_url: "{{ gitea_url }}"
+    - name: Install git
+      apt:
+        name: git
+    - name: Install Gitea
+      get_url:
+        url: "https://dl.gitea.io/gitea/1.11.4/gitea-1.11.4-linux-amd64"
+        dest: "/usr/local/bin/gitea"
+        mode: "0755"
+    - name: Create Gitea user
+      user:
+        name: git
+        password: "!"
+        home: "/home/git"
+        shell: "/usr/sbin/nologin"
+    - name: Create directory structure
+      file:
+        state: directory
+        recurse: yes
+        owner: git
+        group: git
+        mode: "0750"
+        path: "/var/lib/{{ item }}"
+      loop:
+        - "gitea"
+        - "gitea/custom"
+        - "gitea/data"
+        - "gitea/log"
+    - name: Create config directory
+      file:
+        state: directory
+        recurse: yes
+        mode: "0750"
+        owner: "root"
+        group: "git"
+        path: "/etc/gitea"
+    - name: Generate INTERNAL_TOKEN"
+      command: /usr/local/bin/gitea generate secret INTERNAL_TOKEN
+      register: gitea_internal_token
+    - name: Generate SECRET_KEY"
+      command: /usr/local/bin/gitea generate secret SECRET_KEY
+      register: gitea_secret_key
+    - name: Template out app.ini
+      template:
+        src: "app.ini"
+        dest: "/etc/gitea/app.ini"
+        mode: "0640"
+  become: yes

roles/gitea/templates/apache2-vhost-ssl.conf

@@ -0,0 +1,30 @@
+# Configuration for {{ gitea_url }}
+# vim:ft=apache:
+
+# Accept connections from non-SNI clients
+SSLStrictSNIVHostCheck off
+
+# Website configuration
+<VirtualHost *:80>
+	ServerName {{ gitea_url }}
+	Redirect permanent / https://{{ gitea_url }}
+</VirtualHost>
+<VirtualHost *:443>
+	SSLEngine on
+	SSLCertificateFile /etc/pki/cert/crt/{{ gitea_url }}.crt
+	SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea_url }}.key
+	SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea_url }}-fullchain.crt
+	ServerName {{ gitea_url }}
+	DocumentRoot {{ gitea_webroot }}
+	<Directory "{{ gitea_webroot }}">
+		Require all granted
+		AllowOverride All
+		Options MultiViews FollowSymlinks
+	</Directory>
+	ProxyRequests off
+	ProxyPass / https://127.0.0.1:3000/ nocanon
+	ProxyPassReverse / https://127.0.0.1:3000/
+
+	RequestHeader set X_FORWARDED_PROTO 'https'
+	RequestHeader set X-Forwarded-Ssl on
+</VirtualHost>