ghost-automation/ds_gitea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Merge pull request 'Added the PostgreSQL support to the role.' (#5) from development into main

Browse Source 
Reviewed-on: http://gitea.tomsitcafe.com:3000/iron/ds-gitea/pulls/5
This commit is contained in:
DeadSwitch
2026-02-09 20:33:58 +01:00
parent d716fefb88 2b3391bf18
commit 0f2c17071c
3 changed files with 83 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
README.org
View File

@@ -4,20 +4,24 @@
* ds-gitea
This role installs and configures a basic [[https://docs.gitea.com/][Gitea]] server.
This role installs and configures a [[https://docs.gitea.com/][Gitea]] server.
Currently it uses SQLite as its database service.
It uses SQLite as its default database service - with optional PostgreSQL support.
Use the =ds-ufw= role to set up the firewall.
Use the =ds-ufw= role to configure the firewall.
* Features
Use the =ds-posgresql= to configure the database.
- Download and install the Gitea binary
- Set up the user and group for the service
- Create the required directory structure
- Deploy the Gitea configuration
- Deploy the Gitea service file
- Enable and start the service
* Role Workflow
1. Download and install the Gitea binary
2. (Optionally) Set up the PostgreSQL user and database
3. Set up the user and group for the service
4. Create the required directory structure
5. Wait for the secret creation and storage in SOPS - if secrets are not present
6. Deploy the Gitea configuration
7. Deploy the Gitea service file
8. Enable and start the service
* Defaults
@@ -26,8 +30,6 @@ gitea_user: git
gitea_group: git
#+end_src
The remaining variables must be declared in the inventory.
* Requirements
- Ansible >= 2.12
@@ -35,24 +37,27 @@ The remaining variables must be declared in the inventory.
- git
- sudo
- ca-certificates
- (optional) PosgreSQL database
* Variables
| Variable | Type | Comment |
|----------------------+--------+----------------------------|
| gitea_user | string | Gitea user |
| gitea_group | string | Gitea group |
| gitea_binary_url | string | Download URL of Gitea |
| gitea_checksum_url | string | Checksum URL of the binary |
| gitea_app_name | string | Gitea application title |
| gitea_ssh_domain | string | SSH domain |
| gitea_domain | string | Domain to reach Gitea |
| gitea_http_port | int | Gitea HTTP port |
| gitea_ssh_port | int | Gitea SSH port |
| gitea_root_url | string | Protocol + FQDN |
| gitea_lfs_jwt_secret | string | LFS storage secret |
| gitea_internal_token | string | Internal token |
| gitea_jwt_secret | string | JWT secret |
| Variable | Type | Comment |
|-----------------------+--------+----------------------------------------------|
| gitea_user | string | Gitea user |
| gitea_group | string | Gitea group |
| gitea_binary_url | string | Download URL of Gitea |
| gitea_checksum_url | string | Checksum URL of the binary |
| gitea_app_name | string | Gitea server title |
| gitea_ssh_domain | string | SSH domain |
| gitea_domain | string | Domain to reach Gitea |
| gitea_http_port | int | HTTP port |
| gitea_ssh_port | int | SSH port |
| gitea_root_url | string | Protocol + FQDN + port |
| gitea_lfs_jwt_secret | string | LFS storage secret |
| gitea_internal_token | string | Internal token |
| gitea_jwt_secret | string | JWT secret |
| gitea_database_server | string | DB server - 'postgresql' or empty for sqlite |
| gitea_db_password | string | PosgreSQL db password (if pgsql is used) |
* Handlers
@@ -91,10 +96,15 @@ Then re-run the playbook to finish the installation.
gitea_domain: gitea.tomsitcafe.com
gitea_http_port: 3000
gitea_root_url: http://gitea.tomsitcafe.com:3000
# Optional
gitea_database_server: postgresql
# In prod put these secrets in SOPS:
gitea_lfs_jwt_secret: G9bZrRHMhRQ8w4R0KkH2VLnx2rzq81ROQ951IQjlMs4
gitea_internal_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3NzA2Mzk1Njh9.ybbaeNLFiLbyvxfj4vkqhXSAXKRGpwvP8jIm9YLPgXw
gitea_jwt_secret: uJni4x4e0AzpkLYc-t4keRJKOB6EaLzwVsdLeamkFyU
gitea_db_password: Eegh7Aothooph7pa6eu7eitha_zaim0G
roles:
- role: ds-gitea

36
tasks/main.yml
View File

@@ -8,6 +8,42 @@
update_cache: true
state: present
- name: Set up the PostgreSQL database
block:
- name: Ensure PostgreSQL Python client is installed
ansible.builtin.apt:
name: python3-psycopg2
update_cache: true
state: present
- name: Create the gitea DB role
community.postgresql.postgresql_user:
name: gitea
password: "{{ gitea_db_password }}"
role_attr_flags: "NOSUPERUSER,NOCREATEDB,NOCREATEROLE"
become_user: postgres
- name: Create the gitea database
community.postgresql.postgresql_db:
name: giteadb
owner: gitea
template: template0
encoding: UTF8
lc_collate: en_US.UTF-8
lc_ctype: en_US.UTF-8
become_user: postgres
- name: Ensure pg_hba.conf has local access for gitea
ansible.builtin.lineinfile:
path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
regexp: '^local\s+giteadb\s+gitea\s+'
line: 'local giteadb gitea scram-sha-256'
state: present
backup: yes
notify:
- Reload_postgresql
when: gitea_database_server | default('') == "postgresql"
- name: Create the gitea group
ansible.builtin.group:
name: "{{ gitea_group }}"

10
templates/app.ini.j2
View File

@@ -5,6 +5,15 @@ RUN_USER = {{ gitea_user }}
WORK_PATH = /var/lib/gitea
RUN_MODE = prod
{% if gitea_database_server | default('') == "postgresql" %}
[database]
DB_TYPE = postgres
HOST = 127.0.0.1:5432
NAME = giteadb
USER = gitea
PASSWD = {{ gitea_db_password }}
SSL_MODE = disable
{% else %}
[database]
DB_TYPE = sqlite3
HOST = 127.0.0.1:3306
@@ -15,6 +24,7 @@ SCHEMA =
SSL_MODE = disable
PATH = /var/lib/gitea/data/gitea.db
LOG_SQL = false
{% endif %}
[repository]
ROOT = /var/lib/gitea/data/gitea-repositories