From bcbed674fb2e4ed577580fea934695cf7dc6d37a Mon Sep 17 00:00:00 2001 From: muppeth Date: Thu, 8 Apr 2021 11:29:16 +0200 Subject: [PATCH] Migration commit; fresh start --- .gitignore | 2 + LICENSE | 2 +- Playbooks/gitea.yml | 9 ++ README.md | 15 ++- Vagrantfile | 20 +++ defaults/main.yml | 123 ++++++++++++++++++ handlers/main.yml | 6 + tasks/configure.yml | 44 +++++++ tasks/install.yml | 28 ++++ tasks/main.yml | 13 ++ tasks/systemd.yml | 24 ++++ tasks/user.yml | 12 ++ templates/etc/gitea/app.ini.j2 | 70 ++++++++++ templates/etc/systemd/system/gitea.service.j2 | 34 +++++ 14 files changed, 399 insertions(+), 3 deletions(-) create mode 100644 .gitignore create mode 100644 Playbooks/gitea.yml create mode 100644 Vagrantfile create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 tasks/configure.yml create mode 100644 tasks/install.yml create mode 100644 tasks/main.yml create mode 100644 tasks/systemd.yml create mode 100644 tasks/user.yml create mode 100644 templates/etc/gitea/app.ini.j2 create mode 100644 templates/etc/systemd/system/gitea.service.j2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..95eda73 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.vagrant +*.log diff --git a/LICENSE b/LICENSE index 204b93d..d745f27 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -MIT License Copyright (c) +MIT License Copyright (c) 2021 "Stichting Disroot.org" Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/Playbooks/gitea.yml b/Playbooks/gitea.yml new file mode 100644 index 0000000..86216e5 --- /dev/null +++ b/Playbooks/gitea.yml @@ -0,0 +1,9 @@ +--- + +- hosts: gitea + roles: + - postgresql + - gitea + + vars_files: + - ../defaults/main.yml diff --git a/README.md b/README.md index 78dcea6..c79b955 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,14 @@ -# gitea +# Gitea - Ansible Role + +This role covers deployment, configuration and software updates of Gitea. This role is released under MIT Licence and we give no warranty for this piece of software. Currently supported OS - Debian. + +You can deploy test instance using `Vagrantfile` attached to the role. +`vagrant up` + +`ansible-playbook -b Playbooks/gitea.yml` + +Then you can then access gitea from your computer on `http://192.168.33.14:3000` + +## Playbook +The playbook includes postgresql role and deploys entire stack needed to run Gitea. Additional roles are also available in the Ansible roles repos in git. -This role deploys, updates and configures Gitea, https://gitea.io \ No newline at end of file diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..0608180 --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,20 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure("2") do |config| + #config.ssh.insert_key = false + config.vm.define "gitea" do |gitea| + gitea.vm.box = "generic/debian10" + gitea.vm.provider :libvirt do |libvirt| + libvirt.memory = 256 + end + gitea.vm.network "forwarded_port", guest: 80, host: 8888, host_ip: "192.168.33.14" + gitea.vm.network "forwarded_port", guest: 443, host: 4443, host_ip: "192.168.33.14" + gitea.vm.network "private_network", ip: "192.168.33.14" + +end +end diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..54740da --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,123 @@ +--- + +gitea_bindir: "/usr/local/bin/gitea" +gitea_lib_dir: "/var/lib/gitea" +gitea_user: 'git' +gitea_group: 'git' +gitea_confdir: '/etc/gitea/app.ini' +gitea_version: '1.13.6' + + +#[CONFIG] + +# App.ini file variables +gitea_base_config: + - 'APP_NAME = Gitea: Git with a cup of tea' + - 'RUN_USER = git' + - 'RUN_MODE = prod' + +gitea_oauth2_config: + - 'JWT_SECRET = ' #41 random chars + +gitea_ui_config: + - 'DEFAULT_THEME = arc-green' + +gitea_security_config: + - 'INTERNAL_TOKEN = ' #106 random chars + - 'INSTALL_LOCK = true' + - 'SECRET_KEY = ' #64 random chars + +gitea_database_config: + - 'DB_TYPE = postgres' + - 'HOST = localhost:5432' + - 'NAME = gitea' + - 'USER = admin' + - 'PASSWD = changeme' + - 'SSL_MODE = disable' + - 'PATH = /home/git/data/gitea.db' + +gitea_repository_config: + - 'ROOT = /home/git/gitea-repositories' + +gitea_server_config: + - 'SSH_DOMAIN = git.example.org' + - 'DOMAIN = git.example.org' + - 'HTTP_PORT = 3000' + - 'ROOT_URL = https://git.example.org' + - 'DISABLE_SSH = false' + - 'SSH_PORT = 22' + - 'LFS_START_SERVER = true' + - 'LFS_CONTENT_PATH = /home/git/data/lfs' + - 'LFS_JWT_SECRET = ' #40 random chars + - 'OFFLINE_MODE = false' + +gitea_mailer_config: + - 'ENABLED = true' + - 'HOST = mail.example.org:587' + - 'FROM = noreply@example.org' + - 'USER = noreply@example.org' + - 'PASSWD = CHANGEME' #PASSWD + - 'IS_TLS_ENABLED = true' + +gitea_service_config: + - 'REGISTER_EMAIL_CONFIRM = true' + - 'ENABLE_NOTIFY_MAIL = true' + - 'DISABLE_REGISTRATION = false' + - 'ALLOW_ONLY_EXTERNAL_REGISTRATION = false' + - 'ENABLE_CAPTCHA = false' + - 'REQUIRE_SIGNIN_VIEW = true' + - 'DEFAULT_KEEP_EMAIL_PRIVATE = true' + - 'DEFAULT_ALLOW_CREATE_ORGANIZATION = true' + - 'DEFAULT_ENABLE_TIMETRACKING = true' + - 'NO_REPLY_ADDRESS = noreply@example.org' + +gitea_picture_config: + - 'DISABLE_GRAVATAR = true' + - 'ENABLE_FEDERATED_AVATAR = true' + +gitea_openid_config: + - 'ENABLE_OPENID_SIGNIN = false' + - 'ENABLE_OPENID_SIGNUP = false' + +gitea_session_config: + - 'PROVIDER = file' + +gitea_log_config: + - 'MODE = file' + - 'LEVEL = Info' + - 'ROOT_PATH = /home/git/log' + + +#apt +gitea_apt_list: + - git + + + +# POSTGRES +postgresql_version: 12 +postgresql_listen_addresses: + - "127.0.0.1" + +postgresql_pg_hba_default: + - { type: local, database: all, user: '{{ postgresql_admin_user }}', address: '', method: '{{ postgresql_default_auth_method }}', comment: '' } + - { type: local, database: all, user: all, address: '', method: '{{ postgresql_default_auth_method }}', comment: '"local" is for Unix domain socket connections only' } + - { type: host, database: all, user: all, address: '127.0.0.1/32', method: '{{ postgresql_default_auth_method_hosts }}', comment: 'IPv4 local connections:' } + +postgresql_databases: + - name: gitea + owner: admin # optional; specify the owner of the database + hstore: no # flag to install the hstore extension on this database (yes/no) + uuid_ossp: no # flag to install the uuid-ossp extension on this database (yes/no) + citext: no # flag to install the citext extension on this database (yes/no) + +postgresql_users: + - name: admin + pass: changeme + encrypted: yes # denotes if the password is already encrypted. + +postgresql_user_privileges: + - name: admin # user name + db: gitea # database + priv: "ALL" # privilege string format: example: INSERT,UPDATE/table:SELECT/anothertable:ALL + role_attr_flags: "" # role attribute flags diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..23cf09d --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: 'Restart gitea' + systemd: + name: gitea + state: restarted diff --git a/tasks/configure.yml b/tasks/configure.yml new file mode 100644 index 0000000..55990ef --- /dev/null +++ b/tasks/configure.yml @@ -0,0 +1,44 @@ +--- + +- name: '[DIR] - Create bin dir' + file: + path: '{{ gitea_bindir }}' + state: directory + owner: "{{ gitea_user }}" + group: "{{ gitea_group }}" + mode: '0750' + +- name: '[DIR] - Create lib dir' + file: + path: '{{ gitea_lib_dir }}' + state: directory + mode: '0750' + owner: "{{ gitea_user }}" + group: "{{ gitea_group }}" + +- name: '[DIR] - Create lib dirs' + file: + path: "{{ gitea_lib_dir }}/{{ item }}" + state: directory + mode: '0750' + owner: "{{ gitea_user }}" + group: "{{ gitea_group }}" + with_items: + - 'custom' + - 'data' + - 'log' + +- name: '[DIR] - Create etc dir' + file: + path: /etc/gitea + state: directory + mode: '0770' + owner: "{{ gitea_user }}" + group: "{{ gitea_group }}" + +- name: '[CONF] - Deploy gitea config' + template: + src: etc/gitea/app.ini.j2 + dest: "{{ gitea_confdir }}" + owner: "{{ gitea_user }}" + group: "{{ gitea_group }}" diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 0000000..722b7c8 --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,28 @@ +--- + +- name: '[INSTALL] - Install dependencies' + apt: + name: "{{ gitea_apt_list }}" + update_cache: yes + + +- name: '[INSTALL] - Download gitea binary' + get_url: + url: 'https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64' + dest: '{{ gitea_bindir }}/gitea' + mode: '0750' + owner: '{{ gitea_user }}' + group: '{{ gitea_group }}' + force: 'yes' + notify: 'Restart gitea' + + +- name: '[INSTALL] - Set rights to read-only' + file: + path: '/etc/gitea' + mode: '0750' + +- name: '[INSTALL] - Set rights to read-only' + file: + path: '/etc/gitea/app.ini' + mode: '0640' diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..219a966 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,13 @@ +--- + +- name: "[GITEA]- Create user" + include: user.yml + +- name: "[GITEA] - configure" + include: configure.yml + +- name: "[GITEA] - systemd" + include: systemd.yml + +- name: "[GITEA] - install" + include: install.yml diff --git a/tasks/systemd.yml b/tasks/systemd.yml new file mode 100644 index 0000000..6bae96b --- /dev/null +++ b/tasks/systemd.yml @@ -0,0 +1,24 @@ +--- + +- name: '[SYSTEMD] - Deploy Systemd config' + template: + src: etc/systemd/system/gitea.service.j2 + dest: /etc/systemd/system/gitea.service + owner: root + group: root + mode: 0644 + register: gitea_systemd + +- name: '[SYSTEMD] - Enable systemd' + systemd: + name: gitea + enabled: yes + state: started + daemon_reload: yes + notify: Restart gitea + +- name: "[SYSTEMD] - Daemon-reload" + systemd: + daemon_reload: yes + name: gitea + when: gitea_systemd.changed diff --git a/tasks/user.yml b/tasks/user.yml new file mode 100644 index 0000000..9eaf717 --- /dev/null +++ b/tasks/user.yml @@ -0,0 +1,12 @@ +--- + +- name: Add group + group: + name: '{{ gitea_group }}' + state: present + +- name: Add user + user: + name: '{{ gitea_user }}' + shell: /bin/bash + group: '{{ gitea_group }}' diff --git a/templates/etc/gitea/app.ini.j2 b/templates/etc/gitea/app.ini.j2 new file mode 100644 index 0000000..a562cf9 --- /dev/null +++ b/templates/etc/gitea/app.ini.j2 @@ -0,0 +1,70 @@ +# {{ ansible_managed }} +{% for item in gitea_base_config %} +{{ item }} +{% endfor %} + + +[oauth2] +{% for item in gitea_oauth2_config %} +{{ item }} +{% endfor %} + +[ui] +{% for item in gitea_ui_config %} +{{ item }} +{% endfor %} + +[security] +{% for item in gitea_security_config %} +{{ item }} +{% endfor %} + + +[database] +{% for item in gitea_database_config %} +{{ item }} +{% endfor %} + +[repository] +{% for item in gitea_repository_config %} +{{ item }} +{% endfor %} + +[server] +{% for item in gitea_server_config %} +{{ item }} +{% endfor %} + + +[mailer] +{% for item in gitea_mailer_config %} +{{ item }} +{% endfor %} + +[service] +{% for item in gitea_service_config %} +{{ item }} +{% endfor %} + + +[picture] +{% for item in gitea_picture_config %} +{{ item }} +{% endfor %} + + +[openid] +{% for item in gitea_openid_config %} +{{ item }} +{% endfor %} + + +[session] +{% for item in gitea_session_config %} +{{ item }} +{% endfor %} + +[log] +{% for item in gitea_log_config %} +{{ item }} +{% endfor %} diff --git a/templates/etc/systemd/system/gitea.service.j2 b/templates/etc/systemd/system/gitea.service.j2 new file mode 100644 index 0000000..b10dc6c --- /dev/null +++ b/templates/etc/systemd/system/gitea.service.j2 @@ -0,0 +1,34 @@ +[Unit] +Description=Gitea (Git with a cup of tea) +After=syslog.target +After=network.target +#Requires=mysql.service +#Requires=mariadb.service +#Requires=postgresql.service +#Requires=memcached.service +#Requires=redis.service + +[Service] +# Modify these two values and uncomment them if you have +# repos with lots of files and get an HTTP error 500 because +# of that +### +#LimitMEMLOCK=infinity +#LimitNOFILE=65535 +RestartSec=2s +Type=simple +User={{ gitea_user }} +Group={{ gitea_group }} +WorkingDirectory=/var/lib/gitea/ +ExecStart={{ gitea_bindir }}/gitea web -c {{ gitea_confdir }} +Restart=always +RestartSec=3 +Environment=USER={{ gitea_user }} HOME=/home/{{ gitea_user }} GITEA_WORK_DIR=/var/lib/gitea +# If you want to bind Gitea to a port below 1024 uncomment +# the two values below +### +#CapabilityBoundingSet=CAP_NET_BIND_SERVICE +#AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target