From 6b5613146fa88da9f7cb17f7c53e57b685fba411 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 29 Mar 2019 14:59:19 +0100 Subject: [PATCH] Role that installs and configure a gitea.io service. --- gitea/defaults/main.yml | 68 +++++++++++++++++++++++++++ gitea/handlers/main.yml | 6 +++ gitea/meta/main.yml | 7 +++ gitea/tasks/main.yml | 31 ++++++++++++ gitea/templates/app.ini.j2 | 57 ++++++++++++++++++++++ gitea/templates/gitea.service.systemd | 42 +++++++++++++++++ gitea/vars/main.yml | 6 +++ 7 files changed, 217 insertions(+) create mode 100644 gitea/defaults/main.yml create mode 100644 gitea/handlers/main.yml create mode 100644 gitea/meta/main.yml create mode 100644 gitea/tasks/main.yml create mode 100644 gitea/templates/app.ini.j2 create mode 100644 gitea/templates/gitea.service.systemd create mode 100644 gitea/vars/main.yml diff --git a/gitea/defaults/main.yml b/gitea/defaults/main.yml new file mode 100644 index 00000000..64b08b99 --- /dev/null +++ b/gitea/defaults/main.yml @@ -0,0 +1,68 @@ +--- +# +# https://gitea.io +# +# We use the server ssh daemon, and nginx in front of the service by default. +# So we do not start in http mode and we do not use the embedded letsencrypt support +# +gitea_version: 1.8 +gitea_download_url: 'https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64' +gitea_bin_path: /usr/local/bin/gitea + +gitea_conf_dir: /etc/gitea +gitea_data_dir: /var/lib/gitea +gitea_data_subdirs: + - custom + - data + - log + - sock + +gitea_repository_data: '{{ gitea_data_dir }}/repositories' + +gitea_server_protocol: unix +gitea_http_addr: '{{ gitea_data_dir }}/sock/gitea.sock' +# home, explore +gitea_landing_page: home +gitea_user: gitea +gitea_group: '{{ gitea_user }}' +gitea_run_mode: prod +gitea_db: postgresql +gitea_local_postgresql: True +gitea_local_mysql: False +gitea_local_mariadb: False +gitea_nginx_frontend: True +gitea_local_redis: True +gitea_local_memcache: True + +gitea_start_lfs: 'true' +gitea_lfs_content_path: '{{ gitea_data_dir }}/data/lfs' +#gitea_lfs_jwt_secret: put it into a vault file +gitea_lfs_http_auth_expiry: 20m + +gitea_required_packages: + - git + +gitea_db_name: gitea +gitea_db_user: gitea_u +#gitea_db_pwd: put it into a vault file +gitea_db_host: localhost +gitea_db_port: 5432 +gitea_db_ssl_mode: 'enable' + +gitea_ldap_auth: False +gitea_app_name: "Gitea" +gitea_disable_registration: 'false' +gitea_install_lock: 'false' +gitea_mailer_enabled: False +gitea_mail_from: gitea@localhost +gitea_mailer_type: sendmail +gitea_sendmail_path: /usr/sbin/sendmail +gitea_cache_provider: redis +#gitea_cache_host: '127.0.0.1:11211' +gitea_cache_host: 'network=tcp,addr=127.0.0.1:6379,password=macaron,db=0,pool_size=100,idle_timeout=180' +gitea_session_provider: memcache +gitea_session_config: '127.0.0.1:11211' + +gitea_prometheus_metrics: False +#gitea_prometheus_bearer_token: put it into a vault file +gitea_prometheus_bearer_token: '' \ No newline at end of file diff --git a/gitea/handlers/main.yml b/gitea/handlers/main.yml new file mode 100644 index 00000000..04ba04ff --- /dev/null +++ b/gitea/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: reload gitea + service: name=gitea state=reloaded + +- name: restart gitea + service: name=gitea state=restarted \ No newline at end of file diff --git a/gitea/meta/main.yml b/gitea/meta/main.yml new file mode 100644 index 00000000..4d09858e --- /dev/null +++ b/gitea/meta/main.yml @@ -0,0 +1,7 @@ +--- +dependencies: + - { role: '../../library/roles/postgresql', gitea_local_postgresql } + - { role: '../../library/roles/mysql', gitea_local_mysql } + - { role: '../../library/roles/nginx', gitea_nginx_frontend } + - { role: '../../library/roles/redis', when gitea_local_redis } + - { role: '../../library/roles/memcached', when gitea_local_memcache } diff --git a/gitea/tasks/main.yml b/gitea/tasks/main.yml new file mode 100644 index 00000000..0b767dcb --- /dev/null +++ b/gitea/tasks/main.yml @@ -0,0 +1,31 @@ +--- +- block: + - name: Create the gitea service user + user: name={{ gitea_user }} home=/srv/gitea createhome=yes shell=/bin/bash system=yes + + - name: Create the gitea directory tree + file: dest={{ gitea_data_dir }}/{{ item }} state=directory owner={{ gitea_user }} group={{ gitea_group }} + with_items: '{{ gitea_data_subdirs }}' + + - name: Create the gitea conf directory + file: dest={{ gitea_conf_dir }} state=directory owner=root group={{ gitea_group }} mode=0750 + + - name: Download the gitea binary + get_url: url={{ gitea_download_url }} dest={{ gitea_bin_path }} owner=root group={{ gitea_group }} mode=0750 + + - name: Install the required packages + package: state=present use=auto name={{ gitea_required_packages }} + + - name: Configure gitea + template: src=app.ini.j2 dest={{ gitea_conf_dir }}/app.ini owner=root group={{ gitea_group }} mode=0640 + notify: reload gitea + + - name: Install the gitea systemd unit + template: src=gitea.service.systemd dest=/etc/systemd/system/gitea.service + register: gitea_systemd_unit + + - name: Reload the systemd configuration + command: systemctl daemon-reload + when: gitea_systemd_unit is changed + + tags: [ 'git', 'gitea' ] \ No newline at end of file diff --git a/gitea/templates/app.ini.j2 b/gitea/templates/app.ini.j2 new file mode 100644 index 00000000..4e41a1b8 --- /dev/null +++ b/gitea/templates/app.ini.j2 @@ -0,0 +1,57 @@ +[default] +APP_NAME = {{ gitea_app_name }} +RUN_USER = {{ gitea_user }} +RUN_MODE= {{ gitea_run_mode }} + +[repository] +ROOT = {{ gitea_repository_data }} + +[server] +PROTOCOL = {{ gitea_server_protocol }} +HTTP_ADDR = {{ gitea_http_addr }} +LANDING_PAGE = {{ gitea_landing_page }} +LFS_START_SERVER = {{ gitea_start_lfs }} +LFS_CONTENT_PATH = {{ gitea_lfs_content_path }} +LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }} +LFS_HTTP_AUTH_EXPIRY = {{ gitea_lfs_http_auth_expiry }} + +[database] +DB_TYPE = {{ gitea_db }} +HOST = {{ gitea_db_host }}:{{ gitea_db_port }} +NAME = {{ gitea_db_name }} +USER = {{ gitea_db_user }} +PASSWD = {{ gitea_db_pwd }} +SSL_MODE = {{ gitea_db_ssl_mode }} + +[security] +INSTALL_LOCK = {{ gitea_install_lock }} + +[service] +DISABLE_REGISTRATION = {{ gitea_disable_registration }} + +{% if gitea_mailer_enabled %} +[mailer] +ENABLED = true +FROM = {{ gitea_mail_from }} +MAILER_TYPE = {{ gitea_mailer_type }} +SENDMAIL_PATH = {{ gitea_sendmail_path }} +{% endif %} + +[cache] +ADAPTER = {{ gitea_cache_provider }} +HOST = {{ gitea_cache_host }} + +[session] +PROVIDER = {{ gitea_session_provider }} +PROVIDER_CONFIG = {{ gitea_session_config }} + +{% if gitea_prometheus_metrics %} +[metrics] +ENABLED = true +TOKEN = '{{ gitea_prometheus_bearer_token }}' +{% endif %} + +[other] +SHOW_FOOTER_VERSION = false +SHOW_FOOTER_TEMPLATE_LOAD_TIME = false + diff --git a/gitea/templates/gitea.service.systemd b/gitea/templates/gitea.service.systemd new file mode 100644 index 00000000..9458dc26 --- /dev/null +++ b/gitea/templates/gitea.service.systemd @@ -0,0 +1,42 @@ +[Unit] +Description=Gitea (Git with a cup of tea) +After=syslog.target +After=network.target +{% if gitea_local_mysql %} +Requires=mysql.service +{% endif %} +#Requires=mariadb.service +{% if gitea_local_postgresql %} +Requires=postgresql.service +{% endif %} +{% if gitea_local_redis %} +Requires=redis.service +{% endif %} +{% if gitea_local_memcache %} +Requires=memcached.service +{% endif %} + +[Service] +# Modify these two values and uncomment them if you have +# repos with lots of files and get an HTTP error 500 because +# of that +### +#LimitMEMLOCK=infinity +#LimitNOFILE=65535 +RestartSec=2s +Type=simple +User={{ gitea_user }} +Group={{ gitea_user }} +WorkingDirectory={{ gitea_data_dir }} +ExecStart=/usr/local/bin/gitea web -c {{ gitea_conf_dir }}/app.ini +Restart=always +Environment=USER={{ gitea_user }} HOME=/srv/gitea GITEA_WORK_DIR={{ gitea_data_dir }} +# If you want to bind Gitea to a port below 1024 uncomment +# the two values below +### +#CapabilityBoundingSet=CAP_NET_BIND_SERVICE +#AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target + diff --git a/gitea/vars/main.yml b/gitea/vars/main.yml new file mode 100644 index 00000000..5e466664 --- /dev/null +++ b/gitea/vars/main.yml @@ -0,0 +1,6 @@ +--- +nginx_use_common_virthost: True +redis_install: True +http_port: 80 +https_port: 443 +