Migration commit; fresh start
This commit is contained in:
parent
e7ad4e1f09
commit
bcbed674fb
|
@ -0,0 +1,2 @@
|
|||
.vagrant
|
||||
*.log
|
2
LICENSE
2
LICENSE
|
@ -1,4 +1,4 @@
|
|||
MIT License Copyright (c) <year> <copyright holders>
|
||||
MIT License Copyright (c) 2021 "Stichting Disroot.org"
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
|
||||
- hosts: gitea
|
||||
roles:
|
||||
- postgresql
|
||||
- gitea
|
||||
|
||||
vars_files:
|
||||
- ../defaults/main.yml
|
15
README.md
15
README.md
|
@ -1,3 +1,14 @@
|
|||
# gitea
|
||||
# Gitea - Ansible Role
|
||||
|
||||
This role covers deployment, configuration and software updates of Gitea. This role is released under MIT Licence and we give no warranty for this piece of software. Currently supported OS - Debian.
|
||||
|
||||
You can deploy test instance using `Vagrantfile` attached to the role.
|
||||
`vagrant up`
|
||||
|
||||
`ansible-playbook -b Playbooks/gitea.yml`
|
||||
|
||||
Then you can then access gitea from your computer on `http://192.168.33.14:3000`
|
||||
|
||||
## Playbook
|
||||
The playbook includes postgresql role and deploys entire stack needed to run Gitea. Additional roles are also available in the Ansible roles repos in git.
|
||||
|
||||
This role deploys, updates and configures Gitea, https://gitea.io
|
|
@ -0,0 +1,20 @@
|
|||
# -*- mode: ruby -*-
|
||||
# vi: set ft=ruby :
|
||||
|
||||
# All Vagrant configuration is done below. The "2" in Vagrant.configure
|
||||
# configures the configuration version (we support older styles for
|
||||
# backwards compatibility). Please don't change it unless you know what
|
||||
# you're doing.
|
||||
Vagrant.configure("2") do |config|
|
||||
#config.ssh.insert_key = false
|
||||
config.vm.define "gitea" do |gitea|
|
||||
gitea.vm.box = "generic/debian10"
|
||||
gitea.vm.provider :libvirt do |libvirt|
|
||||
libvirt.memory = 256
|
||||
end
|
||||
gitea.vm.network "forwarded_port", guest: 80, host: 8888, host_ip: "192.168.33.14"
|
||||
gitea.vm.network "forwarded_port", guest: 443, host: 4443, host_ip: "192.168.33.14"
|
||||
gitea.vm.network "private_network", ip: "192.168.33.14"
|
||||
|
||||
end
|
||||
end
|
|
@ -0,0 +1,123 @@
|
|||
---
|
||||
|
||||
gitea_bindir: "/usr/local/bin/gitea"
|
||||
gitea_lib_dir: "/var/lib/gitea"
|
||||
gitea_user: 'git'
|
||||
gitea_group: 'git'
|
||||
gitea_confdir: '/etc/gitea/app.ini'
|
||||
gitea_version: '1.13.6'
|
||||
|
||||
|
||||
#[CONFIG]
|
||||
|
||||
# App.ini file variables
|
||||
gitea_base_config:
|
||||
- 'APP_NAME = Gitea: Git with a cup of tea'
|
||||
- 'RUN_USER = git'
|
||||
- 'RUN_MODE = prod'
|
||||
|
||||
gitea_oauth2_config:
|
||||
- 'JWT_SECRET = ' #41 random chars
|
||||
|
||||
gitea_ui_config:
|
||||
- 'DEFAULT_THEME = arc-green'
|
||||
|
||||
gitea_security_config:
|
||||
- 'INTERNAL_TOKEN = ' #106 random chars
|
||||
- 'INSTALL_LOCK = true'
|
||||
- 'SECRET_KEY = ' #64 random chars
|
||||
|
||||
gitea_database_config:
|
||||
- 'DB_TYPE = postgres'
|
||||
- 'HOST = localhost:5432'
|
||||
- 'NAME = gitea'
|
||||
- 'USER = admin'
|
||||
- 'PASSWD = changeme'
|
||||
- 'SSL_MODE = disable'
|
||||
- 'PATH = /home/git/data/gitea.db'
|
||||
|
||||
gitea_repository_config:
|
||||
- 'ROOT = /home/git/gitea-repositories'
|
||||
|
||||
gitea_server_config:
|
||||
- 'SSH_DOMAIN = git.example.org'
|
||||
- 'DOMAIN = git.example.org'
|
||||
- 'HTTP_PORT = 3000'
|
||||
- 'ROOT_URL = https://git.example.org'
|
||||
- 'DISABLE_SSH = false'
|
||||
- 'SSH_PORT = 22'
|
||||
- 'LFS_START_SERVER = true'
|
||||
- 'LFS_CONTENT_PATH = /home/git/data/lfs'
|
||||
- 'LFS_JWT_SECRET = ' #40 random chars
|
||||
- 'OFFLINE_MODE = false'
|
||||
|
||||
gitea_mailer_config:
|
||||
- 'ENABLED = true'
|
||||
- 'HOST = mail.example.org:587'
|
||||
- 'FROM = noreply@example.org'
|
||||
- 'USER = noreply@example.org'
|
||||
- 'PASSWD = CHANGEME' #PASSWD
|
||||
- 'IS_TLS_ENABLED = true'
|
||||
|
||||
gitea_service_config:
|
||||
- 'REGISTER_EMAIL_CONFIRM = true'
|
||||
- 'ENABLE_NOTIFY_MAIL = true'
|
||||
- 'DISABLE_REGISTRATION = false'
|
||||
- 'ALLOW_ONLY_EXTERNAL_REGISTRATION = false'
|
||||
- 'ENABLE_CAPTCHA = false'
|
||||
- 'REQUIRE_SIGNIN_VIEW = true'
|
||||
- 'DEFAULT_KEEP_EMAIL_PRIVATE = true'
|
||||
- 'DEFAULT_ALLOW_CREATE_ORGANIZATION = true'
|
||||
- 'DEFAULT_ENABLE_TIMETRACKING = true'
|
||||
- 'NO_REPLY_ADDRESS = noreply@example.org'
|
||||
|
||||
gitea_picture_config:
|
||||
- 'DISABLE_GRAVATAR = true'
|
||||
- 'ENABLE_FEDERATED_AVATAR = true'
|
||||
|
||||
gitea_openid_config:
|
||||
- 'ENABLE_OPENID_SIGNIN = false'
|
||||
- 'ENABLE_OPENID_SIGNUP = false'
|
||||
|
||||
gitea_session_config:
|
||||
- 'PROVIDER = file'
|
||||
|
||||
gitea_log_config:
|
||||
- 'MODE = file'
|
||||
- 'LEVEL = Info'
|
||||
- 'ROOT_PATH = /home/git/log'
|
||||
|
||||
|
||||
#apt
|
||||
gitea_apt_list:
|
||||
- git
|
||||
|
||||
|
||||
|
||||
# POSTGRES
|
||||
postgresql_version: 12
|
||||
postgresql_listen_addresses:
|
||||
- "127.0.0.1"
|
||||
|
||||
postgresql_pg_hba_default:
|
||||
- { type: local, database: all, user: '{{ postgresql_admin_user }}', address: '', method: '{{ postgresql_default_auth_method }}', comment: '' }
|
||||
- { type: local, database: all, user: all, address: '', method: '{{ postgresql_default_auth_method }}', comment: '"local" is for Unix domain socket connections only' }
|
||||
- { type: host, database: all, user: all, address: '127.0.0.1/32', method: '{{ postgresql_default_auth_method_hosts }}', comment: 'IPv4 local connections:' }
|
||||
|
||||
postgresql_databases:
|
||||
- name: gitea
|
||||
owner: admin # optional; specify the owner of the database
|
||||
hstore: no # flag to install the hstore extension on this database (yes/no)
|
||||
uuid_ossp: no # flag to install the uuid-ossp extension on this database (yes/no)
|
||||
citext: no # flag to install the citext extension on this database (yes/no)
|
||||
|
||||
postgresql_users:
|
||||
- name: admin
|
||||
pass: changeme
|
||||
encrypted: yes # denotes if the password is already encrypted.
|
||||
|
||||
postgresql_user_privileges:
|
||||
- name: admin # user name
|
||||
db: gitea # database
|
||||
priv: "ALL" # privilege string format: example: INSERT,UPDATE/table:SELECT/anothertable:ALL
|
||||
role_attr_flags: "" # role attribute flags
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
|
||||
- name: 'Restart gitea'
|
||||
systemd:
|
||||
name: gitea
|
||||
state: restarted
|
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
|
||||
- name: '[DIR] - Create bin dir'
|
||||
file:
|
||||
path: '{{ gitea_bindir }}'
|
||||
state: directory
|
||||
owner: "{{ gitea_user }}"
|
||||
group: "{{ gitea_group }}"
|
||||
mode: '0750'
|
||||
|
||||
- name: '[DIR] - Create lib dir'
|
||||
file:
|
||||
path: '{{ gitea_lib_dir }}'
|
||||
state: directory
|
||||
mode: '0750'
|
||||
owner: "{{ gitea_user }}"
|
||||
group: "{{ gitea_group }}"
|
||||
|
||||
- name: '[DIR] - Create lib dirs'
|
||||
file:
|
||||
path: "{{ gitea_lib_dir }}/{{ item }}"
|
||||
state: directory
|
||||
mode: '0750'
|
||||
owner: "{{ gitea_user }}"
|
||||
group: "{{ gitea_group }}"
|
||||
with_items:
|
||||
- 'custom'
|
||||
- 'data'
|
||||
- 'log'
|
||||
|
||||
- name: '[DIR] - Create etc dir'
|
||||
file:
|
||||
path: /etc/gitea
|
||||
state: directory
|
||||
mode: '0770'
|
||||
owner: "{{ gitea_user }}"
|
||||
group: "{{ gitea_group }}"
|
||||
|
||||
- name: '[CONF] - Deploy gitea config'
|
||||
template:
|
||||
src: etc/gitea/app.ini.j2
|
||||
dest: "{{ gitea_confdir }}"
|
||||
owner: "{{ gitea_user }}"
|
||||
group: "{{ gitea_group }}"
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
|
||||
- name: '[INSTALL] - Install dependencies'
|
||||
apt:
|
||||
name: "{{ gitea_apt_list }}"
|
||||
update_cache: yes
|
||||
|
||||
|
||||
- name: '[INSTALL] - Download gitea binary'
|
||||
get_url:
|
||||
url: 'https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64'
|
||||
dest: '{{ gitea_bindir }}/gitea'
|
||||
mode: '0750'
|
||||
owner: '{{ gitea_user }}'
|
||||
group: '{{ gitea_group }}'
|
||||
force: 'yes'
|
||||
notify: 'Restart gitea'
|
||||
|
||||
|
||||
- name: '[INSTALL] - Set rights to read-only'
|
||||
file:
|
||||
path: '/etc/gitea'
|
||||
mode: '0750'
|
||||
|
||||
- name: '[INSTALL] - Set rights to read-only'
|
||||
file:
|
||||
path: '/etc/gitea/app.ini'
|
||||
mode: '0640'
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
- name: "[GITEA]- Create user"
|
||||
include: user.yml
|
||||
|
||||
- name: "[GITEA] - configure"
|
||||
include: configure.yml
|
||||
|
||||
- name: "[GITEA] - systemd"
|
||||
include: systemd.yml
|
||||
|
||||
- name: "[GITEA] - install"
|
||||
include: install.yml
|
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
|
||||
- name: '[SYSTEMD] - Deploy Systemd config'
|
||||
template:
|
||||
src: etc/systemd/system/gitea.service.j2
|
||||
dest: /etc/systemd/system/gitea.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
register: gitea_systemd
|
||||
|
||||
- name: '[SYSTEMD] - Enable systemd'
|
||||
systemd:
|
||||
name: gitea
|
||||
enabled: yes
|
||||
state: started
|
||||
daemon_reload: yes
|
||||
notify: Restart gitea
|
||||
|
||||
- name: "[SYSTEMD] - Daemon-reload"
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
name: gitea
|
||||
when: gitea_systemd.changed
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
|
||||
- name: Add group
|
||||
group:
|
||||
name: '{{ gitea_group }}'
|
||||
state: present
|
||||
|
||||
- name: Add user
|
||||
user:
|
||||
name: '{{ gitea_user }}'
|
||||
shell: /bin/bash
|
||||
group: '{{ gitea_group }}'
|
|
@ -0,0 +1,70 @@
|
|||
# {{ ansible_managed }}
|
||||
{% for item in gitea_base_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
[oauth2]
|
||||
{% for item in gitea_oauth2_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[ui]
|
||||
{% for item in gitea_ui_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[security]
|
||||
{% for item in gitea_security_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
[database]
|
||||
{% for item in gitea_database_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[repository]
|
||||
{% for item in gitea_repository_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[server]
|
||||
{% for item in gitea_server_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
[mailer]
|
||||
{% for item in gitea_mailer_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[service]
|
||||
{% for item in gitea_service_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
[picture]
|
||||
{% for item in gitea_picture_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
[openid]
|
||||
{% for item in gitea_openid_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
[session]
|
||||
{% for item in gitea_session_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[log]
|
||||
{% for item in gitea_log_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
|
@ -0,0 +1,34 @@
|
|||
[Unit]
|
||||
Description=Gitea (Git with a cup of tea)
|
||||
After=syslog.target
|
||||
After=network.target
|
||||
#Requires=mysql.service
|
||||
#Requires=mariadb.service
|
||||
#Requires=postgresql.service
|
||||
#Requires=memcached.service
|
||||
#Requires=redis.service
|
||||
|
||||
[Service]
|
||||
# Modify these two values and uncomment them if you have
|
||||
# repos with lots of files and get an HTTP error 500 because
|
||||
# of that
|
||||
###
|
||||
#LimitMEMLOCK=infinity
|
||||
#LimitNOFILE=65535
|
||||
RestartSec=2s
|
||||
Type=simple
|
||||
User={{ gitea_user }}
|
||||
Group={{ gitea_group }}
|
||||
WorkingDirectory=/var/lib/gitea/
|
||||
ExecStart={{ gitea_bindir }}/gitea web -c {{ gitea_confdir }}
|
||||
Restart=always
|
||||
RestartSec=3
|
||||
Environment=USER={{ gitea_user }} HOME=/home/{{ gitea_user }} GITEA_WORK_DIR=/var/lib/gitea
|
||||
# If you want to bind Gitea to a port below 1024 uncomment
|
||||
# the two values below
|
||||
###
|
||||
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
#AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue