Reorganize gitea vars

inventory/group_vars/9iron.club.yml

@@ -52,26 +52,28 @@ psql:
 
 ## WEBAPPS
 # Gitea
-gitea_mysql_password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          62353264353465316661353738666161313036373761666163663733656461316536636334386335
-          6161386630663739363439383237343065333239613134610a383036373735326536386464343164
-          31346337636665356630336234306534646362386663633734353166373761316139313734306630
-          3364306566323666310a323034303434613237643665643637633430353437316339356463646331
-          33353062343164396465326365653561626363343961326363633231303736316436643935646161
-          3933353234613430373930663832643934613233383635613433
-gitea_app_name: "9iron Gitea"
-gitea_disable_registration: "false"
-gitea_url: "git.9iron.club"
-gitea_admin_username: "salt"
-gitea_admin_email: "rehashedsalt@cock.li"
-gitea_admin_password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          35613039646236306236363930353231303331633765303039373736626666666530323433356466
-          3062633166313332643039613561303431613735396339650a376664373137643439303465376365
-          35313266376539366134343562626164616666306338343538663361393964626565303331383234
-          3565646664333966650a323530356664366262653763363439613534303764366436376634373639
-          62303264653836656162366362316461656363353539343632616462626231643632
+gitea:
+  mysql_password: !vault |
+            $ANSIBLE_VAULT;1.1;AES256
+            62353264353465316661353738666161313036373761666163663733656461316536636334386335
+            6161386630663739363439383237343065333239613134610a383036373735326536386464343164
+            31346337636665356630336234306534646362386663633734353166373761316139313734306630
+            3364306566323666310a323034303434613237643665643637633430353437316339356463646331
+            33353062343164396465326365653561626363343961326363633231303736316436643935646161
+            3933353234613430373930663832643934613233383635613433
+  app_name: "9iron Gitea"
+  disable_registration: "false"
+  url: "git.9iron.club"
+  admin:
+    user: "salt"
+    email: "rehashedsalt@cock.li"
+    pass: !vault |
+              $ANSIBLE_VAULT;1.1;AES256
+              35613039646236306236363930353231303331633765303039373736626666666530323433356466
+              3062633166313332643039613561303431613735396339650a376664373137643439303465376365
+              35313266376539366134343562626164616666306338343538663361393964626565303331383234
+              3565646664333966650a323530356664366262653763363439613534303764366436376634373639
+              62303264653836656162366362316461656363353539343632616462626231643632
 # Grafana
 grafana_mysql_password: !vault |
           $ANSIBLE_VAULT;1.1;AES256

roles/gitea/defaults/main.yml

@@ -1,7 +1,7 @@
 # vim:ft=ansible:
 gitea_root_directory: "/home/git/gitea-repositories"
-gitea_app_name: "Ansible Gitea"
+gitea.app_name: "Ansible Gitea"
 gitea_push_create_user: "true"
 gitea_push_create_org: "false"
-gitea_disable_registration: "true"
+gitea.disable_registration: "true"
 gitea_webroot: "/var/www/gitea"

roles/gitea/tasks/add_default_user.yml

@@ -10,11 +10,11 @@
           - admin
           - create-user
           - --username
-          - "{{ gitea_admin_username }}"
+          - "{{ gitea.admin.user }}"
           - --password
-          - "{{ gitea_admin_password }}"
+          - "{{ gitea.admin.pass }}"
           - --email
-          - "{{ gitea_admin_email }}"
+          - "{{ gitea.admin.email }}"
           - --config
           - /etc/gitea/app.ini
     - name: Promote user to admin
@@ -25,8 +25,8 @@
           - -u
           - gitea
           - -p
-          - "{{ gitea_mysql_password }}"
+          - "{{ gitea.mysql_password }}"
           - -e
-          - 'UPDATE user SET is_admin = 1 WHERE name = "{{ gitea_admin_username }}";'
+          - 'UPDATE user SET is_admin = 1 WHERE name = "{{ gitea.admin.user }}";'
   become: yes
   become_user: git

roles/gitea/tasks/main.yml

@@ -16,7 +16,7 @@
           mysql_user:
             name: gitea
             host: localhost
-            password: "{{ gitea_mysql_password }}"
+            password: "{{ gitea.mysql_password }}"
             priv: "gitea.*:ALL,GRANT"
             login_user: root
             login_password: "{{ mysql.root_password }}"
@@ -33,7 +33,7 @@
         - name: Template out vhost
           template:
             src: "apache2-vhost-ssl.conf"
-            dest: "/etc/apache2/sites-available/{{ gitea_url }}.conf"
+            dest: "/etc/apache2/sites-available/{{ gitea.url }}.conf"
           notify: restart apache
         - name: Create webroot
           file:
@@ -41,14 +41,14 @@
             path: "{{ gitea_webroot }}"
         - name: Enable site
           command:
-            cmd: "a2ensite {{ gitea_url }}.conf"
-            creates: "/etc/apache2/sites-enabled/{{ gitea_url }}.conf"
+            cmd: "a2ensite {{ gitea.url }}.conf"
+            creates: "/etc/apache2/sites-enabled/{{ gitea.url }}.conf"
           notify: restart apache
         - name: Generate certificate
           include_role:
             name: https
           vars:
-            website_url: "{{ gitea_url }}"
+            website_url: "{{ gitea.url }}"
     - name: Install git
       apt:
         name: git
@@ -130,6 +130,6 @@
     - name: Template out backup module
       template:
         src: "backup.sh"
-        dest: "/opt/backups/modules/{{ gitea_url }}.sh"
+        dest: "/opt/backups/modules/{{ gitea.url }}.sh"
         mode: "0600"
   become: yes

roles/gitea/templates/apache2-vhost-ssl.conf

@@ -1,4 +1,4 @@
-# Configuration for {{ gitea_url }}
+# Configuration for {{ gitea.url }}
 # vim:ft=apache:
 
 # Accept connections from non-SNI clients
@@ -8,17 +8,17 @@ SSLProxyEngine on
 
 # Website configuration
 <VirtualHost *:80>
-	ServerName {{ gitea_url }}
-	Redirect permanent / https://{{ gitea_url }}
+	ServerName {{ gitea.url }}
+	Redirect permanent / https://{{ gitea.url }}
 </VirtualHost>
 <VirtualHost *:443>
 	SSLEngine on
-	SSLCertificateFile /etc/pki/cert/crt/{{ gitea_url }}.crt
-	SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea_url }}.key
-	SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea_url }}-fullchain.crt
+	SSLCertificateFile /etc/pki/cert/crt/{{ gitea.url }}.crt
+	SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea.url }}.key
+	SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea.url }}-fullchain.crt
 	SSLProtocol {{ ssl_protocol }}
 	SSLCipherSuite {{ ssl_cipher_suite }}
-	ServerName {{ gitea_url }}
+	ServerName {{ gitea.url }}
 	DocumentRoot {{ gitea_webroot }}
 	<Directory "{{ gitea_webroot }}">
 		Require all granted

roles/gitea/templates/app.ini

@@ -1,4 +1,4 @@
-APP_NAME = {{ gitea_app_name }}
+APP_NAME = {{ gitea.app_name }}
 RUN_USER = git
 RUN_MODE = prod
 
@@ -7,7 +7,7 @@ DB_TYPE  = mysql
 HOST     = 127.0.0.1:3306
 NAME     = gitea
 USER     = gitea
-PASSWD   = {{ gitea_mysql_password }}
+PASSWD   = {{ gitea.mysql_password }}
 SSL_MODE = disable
 CHARSET  = utf8
 PATH     = /var/lib/gitea/data/gitea.db
@@ -43,10 +43,10 @@ PASSWORD_COMPLEXITY = off
 SECRET_KEY          = {{ gitea_secret_key.stdout }}
 
 [server]
-SSH_DOMAIN       = {{ gitea_url }}
-DOMAIN           = {{ gitea_url }}
+SSH_DOMAIN       = {{ gitea.url }}
+DOMAIN           = {{ gitea.url }}
 HTTP_PORT        = 3000
-ROOT_URL         = https://{{ gitea_url }}/
+ROOT_URL         = https://{{ gitea.url }}/
 DISABLE_SSH      = false
 SSH_PORT         = 22
 LFS_START_SERVER = true
@@ -57,7 +57,7 @@ OFFLINE_MODE     = true
 [service]
 REGISTER_EMAIL_CONFIRM            = true
 ENABLE_NOTIFY_MAIL                = true
-DISABLE_REGISTRATION              = {{ gitea_disable_registration }}
+DISABLE_REGISTRATION              = {{ gitea.disable_registration }}
 ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
 ENABLE_CAPTCHA                    = false
 REQUIRE_SIGNIN_VIEW               = false

roles/gitea/templates/backup.sh

@@ -9,7 +9,7 @@
 
 set -e
 
-export OUTDIR="$BACKUPSDIR/{{ gitea_url }}"
+export OUTDIR="$BACKUPSDIR/{{ gitea.url }}"
 retention=7 # 7-day retention period
 
 # Sanity checks