--- - name: Make sure dependencies are installed ansible.builtin.apt: name: - git - sudo - ca-certificates update_cache: true state: present - name: Set up the PostgreSQL database when: gitea_database_server | default('') == "postgresql" block: - name: Ensure PostgreSQL Python client is installed ansible.builtin.apt: name: python3-psycopg2 update_cache: true state: present - name: Create the gitea DB role community.postgresql.postgresql_user: name: gitea password: "{{ gitea_db_password }}" role_attr_flags: "NOSUPERUSER,NOCREATEDB,NOCREATEROLE" become: true become_user: postgres - name: Create the gitea database community.postgresql.postgresql_db: name: giteadb owner: gitea template: template0 encoding: UTF8 lc_collate: en_US.UTF-8 lc_ctype: en_US.UTF-8 become: true become_user: postgres - name: Ensure pg_hba.conf has local access for gitea ansible.builtin.lineinfile: path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf regexp: '^local\s+giteadb\s+gitea\s+' line: 'local giteadb gitea scram-sha-256' state: present backup: true notify: - Reload_postgresql - name: Set up the reverse proxy when: gitea_reverse_proxy | default('') == "nginx" block: - name: Deploy the site configuration ansible.builtin.template: src: gitea.j2 dest: /etc/nginx/sites-available/gitea owner: root group: root mode: '0644' notify: Reload_nginx - name: Enable the gitea site ansible.builtin.file: src: /etc/nginx/sites-available/gitea dest: /etc/nginx/sites-enabled/gitea state: link owner: root group: root force: true notify: Reload_nginx - name: Create the gitea group ansible.builtin.group: name: "{{ gitea_group }}" system: true - name: Create the gitea user ansible.builtin.user: name: "{{ gitea_user }}" group: "{{ gitea_group }}" home: /home/{{ gitea_user }} shell: /bin/bash password: '*' system: true create_home: true - name: Download the Gitea binary ansible.builtin.get_url: url: "{{ gitea_binary_url }}" dest: /usr/local/bin/gitea checksum: "sha256:{{ gitea_checksum_url }}" owner: "{{ gitea_user }}" group: "{{ gitea_group }}" mode: '0750' - name: Set the permissions of the Gitea binary ansible.builtin.file: path: /usr/local/bin/gitea owner: "{{ gitea_user }}" group: "{{ gitea_group }}" mode: '0750' - name: Generate self-signed certificates ansible.builtin.include_tasks: file: self-signed-cert.yml when: gitea_self_signed | default(false) - name: Configure the Let's Encrypt certificates ansible.builtin.include_tasks: file: lets-encrypt.yml when: gitea_lets_encrypt | default(false) - name: Pause to generate and save the secrets in SOPS ansible.builtin.pause: prompt: | [SECURITY NOTICE] If this is a fresh install, generate these secrets: 1. gitea generate secret INTERNAL_TOKEN - for gitea_internal_token 2. gitea generate secret JWT_SECRET - for gitea_lfs_jwt_secret 3. gitea generate secret JWT_SECRET - for gitea_jwt_secret Copy the following keys into SOPS: - gitea_internal_token - gitea_lfs_jwt_secret - gitea_jwt_secret Press ENTER once done to continue. when: gitea_internal_token is not defined - name: Stop play until SOPS secrets are added ansible.builtin.meta: end_play when: gitea_internal_token is not defined - name: Create the data dir base ansible.builtin.file: path: "{{ gitea_work_path }}" owner: "{{ gitea_user }}" group: "{{ gitea_group }}" mode: '0750' state: directory - name: Create the data dirs ansible.builtin.file: path: "{{ item }}" owner: "{{ gitea_user }}" group: "{{ gitea_group }}" mode: '0750' state: directory loop: - "{{ gitea_work_path }}/custom" - "{{ gitea_app_data_path }}" - "{{ gitea_log_path }}" - name: Create the config dir ansible.builtin.file: path: /etc/gitea owner: root group: "{{ gitea_group }}" mode: '0750' state: directory - name: Deploy the systemd service unit ansible.builtin.template: src: gitea.service.j2 dest: /etc/systemd/system/gitea.service owner: root group: root mode: '0644' notify: - Reload_systemd - name: Deploy the Gitea configuration ansible.builtin.template: src: app.ini.j2 dest: /etc/gitea/app.ini owner: root group: "{{ gitea_group }}" mode: '0640' notify: - Restart_gitea - name: Start and enable Gitea ansible.builtin.systemd_service: name: gitea.service state: started enabled: true