Merge pull request 'Linting during the CI.' (#3) from development into main

Reviewed-on: #3

.gitea/workflows/test.yml

@@ -0,0 +1,10 @@
+name: Test the role
+on:
+  - push
+
+jobs:
+  test-the-role:
+    runs-on: iron-runner
+    steps:
+      - uses: actions/checkout@v6
+      - run: ansible-lint --profile production .

README.org

@@ -2,20 +2,17 @@
 #+AUTHOR: DeadSwitch | The Silent Architect
 #+OPTIONS: toc:nil num:nil \n:t
 
-[[https://opensource.org/licenses/MIT][https://img.shields.io/badge/license-MIT-blue.svg]] [[https://img.shields.io/badge/version-3.0.2-green.svg]]
+[[https://opensource.org/licenses/MIT][https://img.shields.io/badge/license-MIT-blue.svg]] [[https://img.shields.io/badge/version-3.0.3-green.svg]]
 
-* ds-gitea
+* ds_gitea
 
 This role can install and configures a [[https://docs.gitea.com/][Gitea]] server.
 
-It uses SQLite as its default database service - with optional PostgreSQL support (=ds-posgresql=).
+- It uses SQLite as its default database service - with optional PostgreSQL support (=ds-posgresql=).
-
+- The role can set up a reverse proxy with SSL using Nginx (=ds-nginx=).
-The role can set up a reverse proxy with SSL using Nginx (=ds-nginx=).
+- Self-signed certificates and Let's Encrypt with =certbot= are supported.
-Self-signed certificates and Let's Encrypt with =certbot= are supported.
+- The =ds-ufw= role can configure the firewall.
-
+- The =ds-act_runner= role can configure and register Actions runners.
-The =ds-ufw= role can configure the firewall.
-
-The =ds-act_runner= role can configure and register Actions runners.
 
 * Role Behavior
 
@@ -150,7 +147,7 @@ You can find more playbook examples in the =examples= directory.
     gitea_db_password: Eegh7Aothooph7pa6eu7eitha_zaim0G
 
   roles:
-    - role: ds-gitea
+    - role: ds_gitea
 #+end_src
 
 * License

examples/certbot-playbook.yml

@@ -4,9 +4,9 @@
   become: true
 
   roles:
-    - role: ds-postgresql
+    - role: ds_postgresql
-    - role: ds-nginx
+    - role: ds_nginx
-    - role: ds-gitea
+    - role: ds_gitea
       vars:
         gitea_user: git
         gitea_group: git
@@ -26,9 +26,9 @@
         gitea_certbot_email: tom@tomsitcafe.com
         gitea_ssl_cert: /etc/letsencrypt/live/{{ gitea_domain }}/fullchain.pem
         gitea_ssl_key: /etc/letsencrypt/live/{{ gitea_domain }}/privkey.pem
-        gitea_ssl_trusted_certificate: /etc/letsencrypt/live/{{ gitea_domain }}/chain.pem 
+        gitea_ssl_trusted_certificate: /etc/letsencrypt/live/{{ gitea_domain }}/chain.pem
         # Secrets to SOPS
-        gitea_lfs_jwt_secret: G9bZrRHMhRQ8w4R0KkH2VLnx2rzq81ROQ951IQjlMs4 
+        gitea_lfs_jwt_secret: G9bZrRHMhRQ8w4R0KkH2VLnx2rzq81ROQ951IQjlMs4
         gitea_internal_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3NzA2Mzk1Njh9.ybbaeNLFiLbyvxfj4vkqhXSAXKRGpwvP8jIm9YLPgXw
         gitea_jwt_secret: uJni4x4e0AzpkLYc-t4keRJKOB6EaLzwVsdLeamkFyU
         gitea_db_password: Eegh7Aothooph7pa6eu7eitha_zaim0G

examples/lightweight-playbook.yml

@@ -3,7 +3,7 @@
   become: true
 
   roles:
-    - role: ds-gitea
+    - role: ds_gitea
       vars:
         gitea_user: git
         gitea_group: git
@@ -16,6 +16,6 @@
         gitea_ssh_port: 22
         gitea_root_url: http://{{ gitea_domain }}:{{ gitea_http_port }}
         # Secrets to SOPS
-        gitea_lfs_jwt_secret: G9bZrRHMhRQ8w4R0KkH2VLnx2rzq81ROQ951IQjlMs4 
+        gitea_lfs_jwt_secret: G9bZrRHMhRQ8w4R0KkH2VLnx2rzq81ROQ951IQjlMs4
         gitea_internal_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3NzA2Mzk1Njh9.ybbaeNLFiLbyvxfj4vkqhXSAXKRGpwvP8jIm9YLPgXw
         gitea_jwt_secret: uJni4x4e0AzpkLYc-t4keRJKOB6EaLzwVsdLeamkFyU

examples/self-signed-playbook.yml

@@ -3,9 +3,9 @@
   become: true
 
   roles:
-    - role: ds-postgresql
+    - role: ds_postgresql
-    - role: ds-nginx
+    - role: ds_nginx
-    - role: ds-gitea
+    - role: ds_gitea
       vars:
         gitea_user: git
         gitea_group: git
@@ -25,7 +25,7 @@
         gitea_ssl_key: /var/lib/gitea/certs/key.pem
         gitea_enable_http_redirect: true
         # Secrets to SOPS
-        gitea_lfs_jwt_secret: G9bZrRHMhRQ8w4R0KkH2VLnx2rzq81ROQ951IQjlMs4 
+        gitea_lfs_jwt_secret: G9bZrRHMhRQ8w4R0KkH2VLnx2rzq81ROQ951IQjlMs4
         gitea_internal_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3NzA2Mzk1Njh9.ybbaeNLFiLbyvxfj4vkqhXSAXKRGpwvP8jIm9YLPgXw
         gitea_jwt_secret: uJni4x4e0AzpkLYc-t4keRJKOB6EaLzwVsdLeamkFyU
         gitea_db_password: Eegh7Aothooph7pa6eu7eitha_zaim0G

tasks/main.yml

@@ -9,6 +9,7 @@
     state: present
 
 - name: Set up the PostgreSQL database
+  when: gitea_database_server | default('') == "postgresql"
   block:
     - name: Ensure PostgreSQL Python client is installed
       ansible.builtin.apt:
@@ -21,6 +22,7 @@
         name: gitea
         password: "{{ gitea_db_password }}"
         role_attr_flags: "NOSUPERUSER,NOCREATEDB,NOCREATEROLE"
+      become: true
       become_user: postgres
 
     - name: Create the gitea database
@@ -31,6 +33,7 @@
         encoding: UTF8
         lc_collate: en_US.UTF-8
         lc_ctype: en_US.UTF-8
+      become: true
       become_user: postgres
 
     - name: Ensure pg_hba.conf has local access for gitea
@@ -39,12 +42,12 @@
         regexp: '^local\s+giteadb\s+gitea\s+'
         line: 'local    giteadb    gitea    scram-sha-256'
         state: present
-        backup: yes
+        backup: true
       notify:
         - Reload_postgresql
-  when: gitea_database_server | default('') == "postgresql"
 
 - name: Set up the reverse proxy
+  when: gitea_reverse_proxy | default('') == "nginx"
   block:
     - name: Deploy the site configuration
       ansible.builtin.template:
@@ -64,7 +67,6 @@
         group: root
         force: true
       notify: Reload_nginx
-  when: gitea_reverse_proxy | default('') == "nginx"
 
 - name: Create the gitea group
   ansible.builtin.group:
@@ -80,12 +82,15 @@
     password: '*'
     system: true
     create_home: true
-    
+
 - name: Download the Gitea binary
   ansible.builtin.get_url:
     url: "{{ gitea_binary_url }}"
     dest: /usr/local/bin/gitea
     checksum: "sha256:{{ gitea_checksum_url }}"
+    owner: "{{ gitea_user }}"
+    group: "{{ gitea_group }}"
+    mode: '0750'
 
 - name: Set the permissions of the Gitea binary
   ansible.builtin.file:
@@ -103,7 +108,7 @@
   ansible.builtin.include_tasks:
     file: lets-encrypt.yml
   when: gitea_lets_encrypt | default(false)
-  
+
 - name: Pause to generate and save the secrets in SOPS
   ansible.builtin.pause:
     prompt: |
@@ -170,7 +175,7 @@
     mode: '0640'
   notify:
     - Restart_gitea
-    
+
 - name: Start and enable Gitea
   ansible.builtin.systemd_service:
     name: gitea.service

tasks/self-signed-cert.yml

@@ -13,6 +13,7 @@
     --host {{ gitea_domain }},{{ gitea_ssh_domain }}
     --out /var/lib/gitea/certs/cert.pem
     --keyout /var/lib/gitea/certs/key.pem
+  become: true
   become_user: "{{ gitea_user }}"
   args:
     creates: /var/lib/gitea/certs/cert.pem