#!/usr/bin/ansible-playbook # vim:ft=ansible: --- - name: Set up Gitea block: - name: Set up PostgreSQL block: - name: Create DB user postgresql_user: name: gitea password: "{{ gitea.db.pass }}" login_host: "{{ gitea.db.hostname }}" login_user: "{{ psql.ansible.user }}" login_password: "{{ psql.ansible.pass }}" - name: Create DB postgresql_db: name: gitea owner: gitea encoding: UNICODE login_host: "{{ gitea.db.hostname }}" login_user: "{{ psql.ansible.user }}" login_password: "{{ psql.ansible.pass }}" tags: [ postgresql ] - name: Set up Apache block: - name: Enable modules command: cmd: a2enmod "{{ item }}" creates: "/etc/apache2/mods-enabled/{{ item }}.load" loop: - proxy - proxy_http notify: restart apache - name: Template out vhost template: src: "apache2-vhost-ssl.conf" dest: "/etc/apache2/sites-available/{{ gitea.url }}.conf" notify: restart apache - name: Create webroot file: state: directory path: "{{ gitea_webroot }}" - name: Enable site command: cmd: "a2ensite {{ gitea.url }}.conf" creates: "/etc/apache2/sites-enabled/{{ gitea.url }}.conf" notify: restart apache - name: Generate certificate include_role: name: https vars: website_url: "{{ gitea.url }}" - name: Install git apt: name: git - name: Install Gitea get_url: url: "https://dl.gitea.io/gitea/1.12/gitea-1.12-linux-amd64" dest: "/usr/local/bin/gitea" mode: "0755" notify: restart gitea - name: Create Gitea user user: name: git password: "!" home: "/home/git" shell: "/bin/bash" - name: Create directory structure file: state: directory owner: git group: git mode: "0750" path: "/var/lib/{{ item }}" loop: - "gitea" - "gitea/custom" - "gitea/data" - "gitea/log" - name: Create config directory file: state: directory recurse: yes mode: "0750" owner: "root" group: "git" path: "/etc/gitea" - name: Create repositories directory file: state: directory mode: "0700" owner: git group: git path: "{{ gitea.root }}" - name: Set up EFS mount block: - name: Install required packages apt: name: - nfs-client - name: Create EFS efs: name: "{{ gitea.efs.name }}" encrypt: yes region: "{{ gitea.efs.region }}" targets: - subnet_id: "{{ gitea.efs.subnet_id }}" security_groups: [ "{{ gitea.efs.security_group }}" ] register: efs - name: Mount EFS mount: path: "{{ gitea.root }}" src: "{{ efs.efs.filesystem_address }}" fstype: nfs4 opts: "nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport" state: mounted when: gitea.efs.name is defined tags: [ giteaefs ] - name: Check for config stat: path="/etc/gitea/app.ini" register: p - name: Deploy config block: - name: Generate INTERNAL_TOKEN command: /usr/local/bin/gitea generate secret INTERNAL_TOKEN register: gitea_internal_token - name: Generate SECRET_KEY command: /usr/local/bin/gitea generate secret SECRET_KEY register: gitea_secret_key - name: Generate JWT_SECRET command: /usr/local/bin/gitea generate secret JWT_SECRET register: gitea_jwt_secret - name: Generate LFS_JWT_SECRET command: /usr/local/bin/gitea generate secret LFS_JWT_SECRET register: gitea_lfs_jwt_secret - name: Template out app.ini template: src: "app.ini" dest: "/etc/gitea/app.ini" mode: "0640" owner: "root" group: "git" when: not p.stat.exists - name: Template out service template: src: "gitea.service" dest: "/etc/systemd/system/gitea.service" notify: restart gitea - name: Start and enable service systemd: daemon_reload: yes name: "gitea.service" enabled: yes state: "started" - name: Template out backup module template: src: "backup.sh" dest: "/opt/backups/modules/{{ gitea.url }}.sh" mode: "0600" become: yes