#!/usr/bin/ansible-playbook # vim:ft=ansible: --- - name: Set up webroot for {{ gitlab_repo }} block: - name: Add repository keys apt_key: url: "{{ item }}" loop: - "https://dl.yarnpkg.com/debian/pubkey.gpg" - name: Add repositories apt_repository: repo: "{{ item }}" loop: - "ppa:brightbox/ruby-ng" # Ruby version in 18.10 is out-of-date per GitLab 12.2 - "deb https://dl.yarnpkg.com/debian/ stable main" register: repo - name: Update repos apt: upgrade: "yes" update_cache: yes when: repo is changed - name: Install dependencies apt: name: - build-essential - checkinstall - cmake - curl - git - git-core - golang - graphicsmagick - libcurl4-openssl-dev - libffi-dev - libgdbm-dev - libicu-dev - libncurses5-dev - libre2-dev - libreadline-dev - libssl-dev - libxml2-dev - libxslt-dev - libyaml-dev - logrotate - nodejs - openssh-server - pkg-config - python-docutils - rsync - ruby - runit - yarn - zlib1g-dev - name: Add gitlab user user: name: git home: "/home/git" groups: - "redis" comment: "GitLab" shell: "/usr/sbin/nologin" - name: Set up MySQL block: - name: Create database mysql_db: name: gitlab login_user: root login_password: "{{ mysql_root_password }}" state: present - name: Create Gitlab user mysql_user: name: gitlab host: localhost password: "{{ gitlab_mysql_password }}" priv: "gitlab.*:ALL,GRANT" login_user: root login_password: "{{ mysql_root_password }}" - name: Clone and build GitLab block: - name: Clone GitLab git: depth: 1 dest: "/home/git/gitlab" force: yes repo: "https://gitlab.com/gitlab-org/gitlab-foss.git" version: 12-10-stable - name: Create public directory file: path: "/home/git/public" mode: "0755" state: directory - name: Create uploads directory file: path: "/home/git/public/uploads" mode: "0700" state: directory - name: Copy secrets copy: src: "/home/git/gitlab/config/secrets.yml.example" dest: "/home/git/gitlab/config/secrets.yml" remote_src: yes - name: Copy configs around copy: src: "{{ item.src }}" dest: "{{ item.dest }}" loop: - { src: "gitlab.yml", dest: "/home/git/gitlab/config/gitlab.yml" } - { src: "pumba.rb", dest: "/home/git/gitlab/config/puma.rb" } - { src: "rack_attack.rb", dest: "/home/git/gitlab/config/initializers/rack_attack.rb" } - { src: "resque.yml", dest: "/home/git/gitlab/config/resque.yml" } - name: Change permissions file: path: "{{ item.src }}" state: touch mode: "{{ item.mode }}" loop: - { src: "/home/git/gitlab/log", mode: "u+rwX,go-w" } - { src: "/home/git/gitlab/tmp", mode: "u+rwX" } - { src: "/home/git/gitlab/tmp/pids", mode: "u+rwX" } - { src: "/home/git/gitlab/tmp/sockets", mode: "u+rwX" } - { src: "/home/git/gitlab/builds", mode: "u+rwX" } - { src: "/home/git/gitlab/shared/artifacts", mode: "u+rwX" } - { src: "/home/git/gitlab/shared/pages", mode: "u+rwX" } - name: Configure git git_config: name: "{{ item.name }}" value: "{{ item.value }}" loop: - { name: "core.autocrlf", value: "input" } - { name: "gc.auto", value: "0" } - { name: "repack.writeBitmaps", value: "true" } - { name: "receive.advertisePushOptions", value: "true" } - { name: "core.fsyncObjectFiles", value: "true" } become: yes become_user: git - name: Set up Apache block: - name: Create webroot file: path: "{{ gitlab_webroot }}" src: "/home/git/public" mode: "0755" state: link - name: Copy over virtual host configs template: src: apache2-vhost-ssl.conf dest: "/etc/apache2/sites-available/{{ gitlab_url }}.conf" notify: restart apache - name: Enable config command: cmd: "a2ensite {{ gitlab_url }}.conf" creates: "/etc/apache2/sites-enabled/{{ gitlab_url }}.conf" notify: restart apache - name: Generate certificate include_role: name: https vars: website_url: "{{ gitlab_url }}" website_webroot: "{{ gitlab_webroot }}" become: yes