Import the old role.

README.md

@@ -1,31 +1,36 @@
 Role Name
 =========
 
-A brief description of the role goes here.
-
-Requirements
-------------
-
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+A role that installs the gitea git repository server, <https://gitea.io>
 
 Role Variables
 --------------
 
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+The most important variables are listed below:
+
+``` yaml
+gitea_version: 1.11.3
+gitea_local_postgresql: True
+gitea_local_mysql: False
+gitea_local_mariadb: False
+gitea_nginx_frontend: True
+gitea_local_redis: True
+gitea_local_memcache: True
+gitea_app_configurations:
+  - { section: 'mailer', option: 'ENABLED', value: 'true', state: 'present' }
+  - { section: 'mailer', option: 'FROM', value: '{{ gitea_mail_from }}', state: 'present' }
+  - { section: 'mailer', option: 'MAILER_TYPE', value: '{{ gitea_mailer_type }}', state: 'present' }
+  - { section: 'mailer', option: 'SENDMAIL_PATH', value: '{{ gitea_sendmail_path }}', state: 'present' }
+  - { section: 'metrics', option: 'ENABLED', value: 'true', state: 'present' }
+  - { section: 'metrics', option: 'TOKEN', value: '{{ gitea_prometheus_bearer_token }}', state: 'present' }
+```
 
 Dependencies
 ------------
 
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
-
-Example Playbook
-----------------
-
-Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
-
-    - hosts: servers
-      roles:
-         - { role: username.rolename, x: 42 }
+* nginx
+* mysql, when a local mysql installation is required
+* postgresql, when a local postgresql installation is required
 
 License
 -------
@@ -35,4 +40,4 @@ EUPL-1.2
 Author Information
 ------------------
 
-An optional section for the role authors to include contact information, or a website (HTML is not allowed).
+Andrea Dell'Amico, <andrea.dellamico@isti.cnr.it>

defaults/main.yml

@@ -1,2 +1,78 @@
 ---
-# defaults file for ansible-role-template
+#
+# https://gitea.io
+#
+# We use the server ssh daemon, and nginx in front of the service by default.
+# So we do not start in http mode and we do not use the embedded letsencrypt support
+#
+gitea_version: 1.11.3
+gitea_download_url: 'https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64'
+gitea_bin_path: /usr/local/bin/gitea
+
+gitea_conf_dir: /etc/gitea
+gitea_data_dir: /var/lib/gitea
+gitea_data_subdirs:
+  - custom
+  - data
+  - log
+  - sock
+
+gitea_repository_data: '{{ gitea_data_dir }}/repositories'
+
+gitea_server_protocol: unix
+gitea_http_addr: '{{ gitea_data_dir }}/sock/gitea.sock'
+gitea_http_port: 3000
+gitea_root_url: https://{{ ansible_fqdn }}
+
+# home, explore
+gitea_landing_page: explore
+gitea_user: gitea
+gitea_group: '{{ gitea_user }}'
+gitea_run_mode: prod
+gitea_db: postgres
+gitea_local_postgresql: True
+gitea_local_mysql: False
+gitea_local_mariadb: False
+gitea_nginx_frontend: True
+gitea_local_redis: True
+gitea_local_memcache: True
+
+gitea_start_lfs: 'true'
+gitea_lfs_content_path: '{{ gitea_data_dir }}/data/lfs'
+#gitea_lfs_jwt_secret: put it into a vault file
+gitea_lfs_http_auth_expiry: 20m
+
+gitea_required_packages:
+  - git
+
+gitea_db_name: gitea
+gitea_db_user: gitea_u
+#gitea_db_pwd: put it into a vault file
+gitea_db_host: localhost
+gitea_db_port: 5432
+gitea_db_ssl_mode: 'disable'
+
+gitea_app_name: "Gitea"
+gitea_disable_registration: 'false'
+gitea_install_lock: 'false'
+gitea_mailer_enabled: False
+gitea_mail_from: gitea@localhost
+gitea_mailer_type: sendmail
+gitea_sendmail_path: /usr/sbin/sendmail
+gitea_cache_provider: memcache
+gitea_cache_host: '127.0.0.1:11211'
+gitea_session_provider: redis
+gitea_session_config: 'network=tcp,addr=127.0.0.1:6379,db=0,pool_size=100,idle_timeout=180'
+
+gitea_prometheus_metrics: False
+#gitea_prometheus_bearer_token: put it into a vault file
+gitea_prometheus_bearer_token: ''
+gitea_log_level: Info
+
+gitea_app_configurations: []
+#   - { section: 'mailer', option: 'ENABLED', value: 'true', state: 'present' }
+#   - { section: 'mailer', option: 'FROM', value: '{{ gitea_mail_from }}', state: 'present' }
+#   - { section: 'mailer', option: 'MAILER_TYPE', value: '{{ gitea_mailer_type }}', state: 'present' }
+#   - { section: 'mailer', option: 'SENDMAIL_PATH', value: '{{ gitea_sendmail_path }}', state: 'present' }
+#   - { section: 'metrics', option: 'ENABLED', value: 'true', state: 'present' }
+#   - { section: 'metrics', option: 'TOKEN', value: '{{ gitea_prometheus_bearer_token }}', state: 'present' }

handlers/main.yml

@@ -1,2 +1,6 @@
 ---
-# handlers file for ansible-role-template
+- name: reload gitea
+  service: name=gitea state=reloaded
+
+- name: restart gitea
+  service: name=gitea state=restarted

meta/main.yml

@@ -1,61 +1,53 @@
 galaxy_info:
-  author: your name
-  description: your description
+  author: Andrea Dell'Amico
+  description: Systems Architect
   company: ISTI-CNR
 
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
   issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning
 
-  # Some suggested licenses:
-  # - BSD (default)
-  # - MIT
-  # - GPLv2
-  # - GPLv3
-  # - Apache
-  # - CC-BY
-  license: EUPL-1.2
+  license: EUPL 1.2+
 
   min_ansible_version: 2.8
 
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
-  # min_ansible_container_version:
-
-  # Optionally specify the branch Galaxy will use when accessing the GitHub
-  # repo for this role. During role install, if no tags are available,
-  # Galaxy will use this branch. During import Galaxy will access files on
-  # this branch. If Travis integration is configured, only notifications for this
-  # branch will be accepted. Otherwise, in all cases, the repo's default branch
-  # (usually master) will be used.
-  #github_branch:
-
-  #
-  # Provide a list of supported platforms, and for each platform a list of versions.
-  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
   # To view available platforms and versions (or releases), visit:
   # https://galaxy.ansible.com/api/v1/platforms/
   #
-  # platforms:
-  # - name: Fedora
-  #   versions:
-  #   - all
-  #   - 25
-  # - name: SomePlatform
-  #   versions:
-  #   - all
-  #   - 1.0
-  #   - 7
-  #   - 99.99
+  platforms:
+    - name: Ubuntu
+      versions:
+        - bionic
+    - name: EL
+      versions:
+        - 7
+        - 8
 
-  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.
+  galaxy_tags:
+    - users
 
-dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.
+dependencies:
+  - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-postgresql.git'
+    when: gitea_local_postgresql
+    name: postgresql
+    version: master
+    state: latest
+  - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-mysql.git'
+    when: gitea_local_mysql
+    name: mysql
+    version: master
+    state: latest
+  - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-nginx.git'
+    when: gitea_nginx_frontend
+    name: nginx
+    version: master
+    state: latest
+  - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-redis.git'
+    when: gitea_local_redis
+    name: redis
+    version: master
+    state: latest
+  - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-memcached.git'
+    when: gitea_local_memcache
+    name: memcached
+    version: master
+    state: latest
 

tasks/main.yml

@@ -1,2 +1,46 @@
 ---
-# tasks file for ansible-role-template
+- block:
+  - name: Create the gitea service user
+    user: name={{ gitea_user }} home=/srv/gitea createhome=yes shell=/bin/bash system=yes
+
+  - name: Create the gitea directory tree
+    file: dest={{ gitea_data_dir }}/{{ item }} state=directory owner={{ gitea_user }} group={{ gitea_group }}
+    with_items: '{{ gitea_data_subdirs }}'
+
+  - name: Create the gitea conf directory
+    file: dest={{ gitea_conf_dir }} state=directory owner=root group={{ gitea_group }} mode=0750
+
+  - name: Download the gitea binary
+    get_url: url={{ gitea_download_url }} dest={{ gitea_bin_path }} owner=root group={{ gitea_group }} mode=0750
+
+  - name: Install the required packages
+    package: state=present use=auto name={{ gitea_required_packages }}
+
+  - name: Check if the gitea configuration file exists
+    stat: path={{ gitea_conf_dir }}/app.ini
+    register: gitea_app_ini
+
+  - name: Change the gitea configuration. After the installation
+    ini_file: path={{ gitea_conf_dir }}/app.ini section={{ item.section }} option={{ item.option }} value={{ item.value }} state={{ item.state }} owner={{ gitea_user }} group={{ gitea_group }} mode=0640 create=no
+    with_items: '{{ gitea_app_configurations }}'
+    when:
+      - gitea_app_ini.stat.exists
+      - gitea_app_configurations is defined
+    notify: restart gitea
+
+  - name: Install the gitea configuration file. At install time only
+    template: src=app.ini.j2 dest={{ gitea_conf_dir }}/app.ini owner={{ gitea_user }} group={{ gitea_group }} mode=0640 force=no
+    notify: restart gitea
+
+  - name: Install the gitea systemd unit
+    template: src=gitea.service.systemd dest=/etc/systemd/system/gitea.service
+    register: gitea_systemd_unit
+
+  - name: Reload the systemd configuration
+    command: systemctl daemon-reload
+    when: gitea_systemd_unit is changed
+
+  - name: Ensure that the gitea service is running and enabled
+    service: name=gitea state=started enabled=yes
+
+  tags: [ 'git', 'gitea' ]

templates/app.ini.j2

@@ -0,0 +1,65 @@
+APP_NAME = {{ gitea_app_name }}
+RUN_USER = {{ gitea_user }}
+RUN_MODE= {{ gitea_run_mode }}
+
+[repository]
+ROOT = {{ gitea_repository_data }}
+
+[server]
+PROTOCOL = {{ gitea_server_protocol }}
+HTTP_ADDR = {{ gitea_http_addr }}
+LANDING_PAGE = {{ gitea_landing_page }}
+LFS_START_SERVER = {{ gitea_start_lfs }}
+LFS_CONTENT_PATH = {{ gitea_lfs_content_path }}
+LFS_HTTP_AUTH_EXPIRY = {{ gitea_lfs_http_auth_expiry }}
+SSH_DOMAIN           = localhost
+DOMAIN               = localhost
+HTTP_PORT            = {{ gitea_http_port }}
+ROOT_URL             = {{ gitea_root_url }}
+DISABLE_SSH          = false
+SSH_PORT             = 22
+OFFLINE_MODE         = false
+
+[database]
+DB_TYPE = {{ gitea_db }}
+HOST = {{ gitea_db_host }}:{{ gitea_db_port }}
+NAME = {{ gitea_db_name }}
+USER = {{ gitea_db_user }}
+PASSWD = {{ gitea_db_pwd }}
+SSL_MODE = {{ gitea_db_ssl_mode }}
+
+[security]
+INSTALL_LOCK = {{ gitea_install_lock }}
+
+[service]
+DISABLE_REGISTRATION = {{ gitea_disable_registration }}
+NO_REPLY_ADDRESS = {{ gitea_mail_from }}
+
+{% if gitea_mailer_enabled %}
+[mailer]
+ENABLED = true
+FROM = {{ gitea_mail_from }}
+MAILER_TYPE = {{ gitea_mailer_type }}
+SENDMAIL_PATH = {{ gitea_sendmail_path }}
+{% endif %}
+
+[cache]
+ADAPTER = {{ gitea_cache_provider }}
+HOST = {{ gitea_cache_host }}
+
+[session]
+PROVIDER = {{ gitea_session_provider }}
+PROVIDER_CONFIG = {{ gitea_session_config }}
+
+{% if gitea_prometheus_metrics %}
+[metrics]
+ENABLED = true
+TOKEN = '{{ gitea_prometheus_bearer_token }}'
+{% endif %}
+
+[other]
+SHOW_FOOTER_VERSION = false
+SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
+
+[log]
+LEVEL = {{ gitea_log_level }}

templates/gitea.service.systemd

@@ -0,0 +1,42 @@
+[Unit]
+Description=Gitea (Git with a cup of tea)
+After=syslog.target
+After=network.target
+{% if gitea_local_mysql %}
+Requires=mysql.service
+{% endif %}
+#Requires=mariadb.service
+{% if gitea_local_postgresql %}
+Requires=postgresql.service
+{% endif %}
+{% if gitea_local_redis %}
+Requires=redis.service
+{% endif %}
+{% if gitea_local_memcache %}
+Requires=memcached.service
+{% endif %}
+
+[Service]
+# Modify these two values and uncomment them if you have
+# repos with lots of files and get an HTTP error 500 because
+# of that
+###
+#LimitMEMLOCK=infinity
+#LimitNOFILE=65535
+RestartSec=2s
+Type=simple
+User={{ gitea_user }}
+Group={{ gitea_user }}
+WorkingDirectory={{ gitea_data_dir }}
+ExecStart=/usr/local/bin/gitea web -c {{ gitea_conf_dir }}/app.ini
+Restart=always
+Environment=USER={{ gitea_user }} HOME=/srv/gitea GITEA_WORK_DIR={{ gitea_data_dir }}
+# If you want to bind Gitea to a port below 1024 uncomment
+# the two values below
+###
+#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
+

vars/main.yml

@@ -1,2 +1,6 @@
 ---
-# vars file for ansible-role-template
+nginx_use_common_virthost: True
+redis_install: True
+http_port: 80
+https_port: 443
+