Role that installs and configure a gitea.io service.

gitea/defaults/main.yml

@@ -0,0 +1,68 @@
+---
+#
+# https://gitea.io
+#
+# We use the server ssh daemon, and nginx in front of the service by default.
+# So we do not start in http mode and we do not use the embedded letsencrypt support
+#
+gitea_version: 1.8
+gitea_download_url: 'https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64'
+gitea_bin_path: /usr/local/bin/gitea
+
+gitea_conf_dir: /etc/gitea
+gitea_data_dir: /var/lib/gitea
+gitea_data_subdirs:
+  - custom
+  - data
+  - log
+  - sock
+
+gitea_repository_data: '{{ gitea_data_dir }}/repositories'
+
+gitea_server_protocol: unix
+gitea_http_addr: '{{ gitea_data_dir }}/sock/gitea.sock'
+# home, explore
+gitea_landing_page: home
+gitea_user: gitea
+gitea_group: '{{ gitea_user }}'
+gitea_run_mode: prod
+gitea_db: postgresql
+gitea_local_postgresql: True
+gitea_local_mysql: False
+gitea_local_mariadb: False
+gitea_nginx_frontend: True
+gitea_local_redis: True
+gitea_local_memcache: True
+
+gitea_start_lfs: 'true'
+gitea_lfs_content_path: '{{ gitea_data_dir }}/data/lfs'
+#gitea_lfs_jwt_secret: put it into a vault file
+gitea_lfs_http_auth_expiry: 20m
+
+gitea_required_packages:
+  - git
+
+gitea_db_name: gitea
+gitea_db_user: gitea_u
+#gitea_db_pwd: put it into a vault file
+gitea_db_host: localhost
+gitea_db_port: 5432
+gitea_db_ssl_mode: 'enable'
+
+gitea_ldap_auth: False
+gitea_app_name: "Gitea"
+gitea_disable_registration: 'false'
+gitea_install_lock: 'false'
+gitea_mailer_enabled: False
+gitea_mail_from: gitea@localhost
+gitea_mailer_type: sendmail
+gitea_sendmail_path: /usr/sbin/sendmail
+gitea_cache_provider: redis
+#gitea_cache_host: '127.0.0.1:11211'
+gitea_cache_host: 'network=tcp,addr=127.0.0.1:6379,password=macaron,db=0,pool_size=100,idle_timeout=180'
+gitea_session_provider: memcache
+gitea_session_config: '127.0.0.1:11211'
+
+gitea_prometheus_metrics: False
+#gitea_prometheus_bearer_token: put it into a vault file
+gitea_prometheus_bearer_token: ''

gitea/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: reload gitea
+  service: name=gitea state=reloaded
+
+- name: restart gitea
+  service: name=gitea state=restarted

gitea/meta/main.yml

@@ -0,0 +1,7 @@
+---
+dependencies:
+  - { role: '../../library/roles/postgresql', gitea_local_postgresql }
+  - { role: '../../library/roles/mysql', gitea_local_mysql }
+  - { role: '../../library/roles/nginx', gitea_nginx_frontend }
+  - { role: '../../library/roles/redis', when gitea_local_redis }
+  - { role: '../../library/roles/memcached', when gitea_local_memcache }

gitea/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+- block:
+  - name: Create the gitea service user
+    user: name={{ gitea_user }} home=/srv/gitea createhome=yes shell=/bin/bash system=yes
+
+  - name: Create the gitea directory tree
+    file: dest={{ gitea_data_dir }}/{{ item }} state=directory owner={{ gitea_user }} group={{ gitea_group }}
+    with_items: '{{ gitea_data_subdirs }}'
+
+  - name: Create the gitea conf directory
+    file: dest={{ gitea_conf_dir }} state=directory owner=root group={{ gitea_group }} mode=0750
+
+  - name: Download the gitea binary
+    get_url: url={{ gitea_download_url }} dest={{ gitea_bin_path }} owner=root group={{ gitea_group }} mode=0750
+
+  - name: Install the required packages
+    package: state=present use=auto name={{ gitea_required_packages }}
+
+  - name: Configure gitea
+    template: src=app.ini.j2 dest={{ gitea_conf_dir }}/app.ini owner=root group={{ gitea_group }} mode=0640
+    notify: reload gitea
+
+  - name: Install the gitea systemd unit
+    template: src=gitea.service.systemd dest=/etc/systemd/system/gitea.service
+    register: gitea_systemd_unit
+
+  - name: Reload the systemd configuration
+    command: systemctl daemon-reload
+    when: gitea_systemd_unit is changed
+
+  tags: [ 'git', 'gitea' ]

gitea/templates/app.ini.j2

@@ -0,0 +1,57 @@
+[default]
+APP_NAME = {{ gitea_app_name }}
+RUN_USER = {{ gitea_user }}
+RUN_MODE= {{ gitea_run_mode }}
+
+[repository]
+ROOT = {{ gitea_repository_data }}
+
+[server]
+PROTOCOL = {{ gitea_server_protocol }}
+HTTP_ADDR = {{ gitea_http_addr }}
+LANDING_PAGE = {{ gitea_landing_page }}
+LFS_START_SERVER = {{ gitea_start_lfs }}
+LFS_CONTENT_PATH = {{ gitea_lfs_content_path }}
+LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
+LFS_HTTP_AUTH_EXPIRY = {{ gitea_lfs_http_auth_expiry }}
+
+[database]
+DB_TYPE = {{ gitea_db }}
+HOST = {{ gitea_db_host }}:{{ gitea_db_port }}
+NAME = {{ gitea_db_name }}
+USER = {{ gitea_db_user }}
+PASSWD = {{ gitea_db_pwd }}
+SSL_MODE = {{ gitea_db_ssl_mode }}
+
+[security]
+INSTALL_LOCK = {{ gitea_install_lock }}
+
+[service]
+DISABLE_REGISTRATION = {{ gitea_disable_registration }}
+
+{% if gitea_mailer_enabled %}
+[mailer]
+ENABLED = true
+FROM = {{ gitea_mail_from }}
+MAILER_TYPE = {{ gitea_mailer_type }}
+SENDMAIL_PATH = {{ gitea_sendmail_path }}
+{% endif %}
+
+[cache]
+ADAPTER = {{ gitea_cache_provider }}
+HOST = {{ gitea_cache_host }}
+
+[session]
+PROVIDER = {{ gitea_session_provider }}
+PROVIDER_CONFIG = {{ gitea_session_config }}
+
+{% if gitea_prometheus_metrics %}
+[metrics]
+ENABLED = true
+TOKEN = '{{ gitea_prometheus_bearer_token }}'
+{% endif %}
+
+[other]
+SHOW_FOOTER_VERSION = false
+SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
+

gitea/templates/gitea.service.systemd

@@ -0,0 +1,42 @@
+[Unit]
+Description=Gitea (Git with a cup of tea)
+After=syslog.target
+After=network.target
+{% if gitea_local_mysql %}
+Requires=mysql.service
+{% endif %}
+#Requires=mariadb.service
+{% if gitea_local_postgresql %}
+Requires=postgresql.service
+{% endif %}
+{% if gitea_local_redis %}
+Requires=redis.service
+{% endif %}
+{% if gitea_local_memcache %}
+Requires=memcached.service
+{% endif %}
+
+[Service]
+# Modify these two values and uncomment them if you have
+# repos with lots of files and get an HTTP error 500 because
+# of that
+###
+#LimitMEMLOCK=infinity
+#LimitNOFILE=65535
+RestartSec=2s
+Type=simple
+User={{ gitea_user }}
+Group={{ gitea_user }}
+WorkingDirectory={{ gitea_data_dir }}
+ExecStart=/usr/local/bin/gitea web -c {{ gitea_conf_dir }}/app.ini
+Restart=always
+Environment=USER={{ gitea_user }} HOME=/srv/gitea GITEA_WORK_DIR={{ gitea_data_dir }}
+# If you want to bind Gitea to a port below 1024 uncomment
+# the two values below
+###
+#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
+

gitea/vars/main.yml

@@ -0,0 +1,6 @@
+---
+nginx_use_common_virthost: True
+redis_install: True
+http_port: 80
+https_port: 443
+