Postgresql support added.

2026-02-09 20:16:17 +01:00
parent 4340021552
commit 18e2fe1204
3 changed files with 74 additions and 22 deletions
--- a/README.org
+++ b/README.org
@@ -6,19 +6,22 @@

 This role installs and configures a [[https://docs.gitea.com/][Gitea]] server.

-It uses SQLite as its default database service.
+It uses SQLite as its default database service - with optional PostgreSQL support.

 Use the =ds-ufw= role to configure the firewall.

+Use the =ds-posgresql= to configure the database.
+
 * Role Workflow

 1. Download and install the Gitea binary
-2. Set up the user and group for the service
-3. Create the required directory structure
-4. Wait for the secret creation and storage in SOPS - if secrets are not present
-5. Deploy the Gitea configuration
-6. Deploy the Gitea service file
-7. Enable and start the service
+2. (Optionally) Set up the PostgreSQL user and database
+3. Set up the user and group for the service
+4. Create the required directory structure
+5. Wait for the secret creation and storage in SOPS - if secrets are not present
+6. Deploy the Gitea configuration
+7. Deploy the Gitea service file
+8. Enable and start the service

 * Defaults

@@ -34,24 +37,27 @@ gitea_group: git
 - git
 - sudo
 - ca-certificates
+- (optional) PosgreSQL database

 * Variables

-| Variable             | Type   | Comment                    |
-|----------------------+--------+----------------------------|
-| gitea_user           | string | Gitea user                 |
-| gitea_group          | string | Gitea group                |
-| gitea_binary_url     | string | Download URL of Gitea      |
-| gitea_checksum_url   | string | Checksum URL of the binary |
-| gitea_app_name       | string | Gitea server title         |
-| gitea_ssh_domain     | string | SSH domain                 |
-| gitea_domain         | string | Domain to reach Gitea      |
-| gitea_http_port      | int    | HTTP port                  |
-| gitea_ssh_port       | int    | SSH port                   |
-| gitea_root_url       | string | Protocol + FQDN + port     |
-| gitea_lfs_jwt_secret | string | LFS storage secret         |
-| gitea_internal_token | string | Internal token             |
-| gitea_jwt_secret     | string | JWT secret                 |
+| Variable              | Type   | Comment                                      |
+|-----------------------+--------+----------------------------------------------|
+| gitea_user            | string | Gitea user                                   |
+| gitea_group           | string | Gitea group                                  |
+| gitea_binary_url      | string | Download URL of Gitea                        |
+| gitea_checksum_url    | string | Checksum URL of the binary                   |
+| gitea_app_name        | string | Gitea server title                           |
+| gitea_ssh_domain      | string | SSH domain                                   |
+| gitea_domain          | string | Domain to reach Gitea                        |
+| gitea_http_port       | int    | HTTP port                                    |
+| gitea_ssh_port        | int    | SSH port                                     |
+| gitea_root_url        | string | Protocol + FQDN + port                       |
+| gitea_lfs_jwt_secret  | string | LFS storage secret                           |
+| gitea_internal_token  | string | Internal token                               |
+| gitea_jwt_secret      | string | JWT secret                                   |
+| gitea_database_server | string | DB server - 'postgresql' or empty for sqlite |
+| gitea_db_password     | string | PosgreSQL db password (if pgsql is used)     |

 * Handlers

--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,6 +8,42 @@
    update_cache: true
    state: present

+- name: Set up the PostgreSQL database
+  block:
+    - name: Ensure PostgreSQL Python client is installed
+      ansible.builtin.apt:
+        name: python3-psycopg2
+        update_cache: true
+        state: present
+
+    - name: Create the gitea DB role
+      community.postgresql.postgresql_user:
+        name: gitea
+        password: "{{ gitea_db_password }}"
+        role_attr_flags: "NOSUPERUSER,NOCREATEDB,NOCREATEROLE"
+      become_user: postgres
+
+    - name: Create the gitea database
+      community.postgresql.postgresql_db:
+        name: giteadb
+        owner: gitea
+        template: template0
+        encoding: UTF8
+        lc_collate: en_US.UTF-8
+        lc_ctype: en_US.UTF-8
+      become_user: postgres
+
+    - name: Ensure pg_hba.conf has local access for gitea
+      ansible.builtin.lineinfile:
+        path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
+        regexp: '^local\s+giteadb\s+gitea\s+'
+        line: 'local    giteadb    gitea    scram-sha-256'
+        state: present
+        backup: yes
+      notify:
+        - Reload_postgresql
+  when: gitea_database_server | default('') == "postgresql"
+
 - name: Create the gitea group
  ansible.builtin.group:
    name: "{{ gitea_group }}"
--- a/templates/app.ini.j2
+++ b/templates/app.ini.j2
@@ -5,6 +5,15 @@ RUN_USER = {{ gitea_user }}
 WORK_PATH = /var/lib/gitea
 RUN_MODE = prod

+{% if gitea_database_server | default('') == "postgresql" %}
+[database]
+DB_TYPE  = postgres
+HOST     = 127.0.0.1:5432
+NAME     = giteadb
+USER     = gitea
+PASSWD   = {{ gitea_db_password }}
+SSL_MODE = disable
+{% else %}
 [database]
 DB_TYPE = sqlite3
 HOST = 127.0.0.1:3306
@@ -15,6 +24,7 @@ SCHEMA =
 SSL_MODE = disable
 PATH = /var/lib/gitea/data/gitea.db
 LOG_SQL = false
+{% endif %}

 [repository]
 ROOT = /var/lib/gitea/data/gitea-repositories