ghost-automation/ds_gitea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity
22 Commits 2 Branches 10 Tags
02426968fb4bfcc2f63bf36039afd40ec4302ec7
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
DeadSwitch 02426968fb Added an examples folder.
2026-02-11 13:12:25 +01:00
defaults
New defaults added.
2026-02-10 09:37:13 +01:00
examples
Added an examples folder.
2026-02-11 13:12:25 +01:00
handlers
Writing the Gitea role.
2026-02-09 13:04:40 +01:00
tasks
Let's Encrypt support with certbot.
2026-02-11 13:01:55 +01:00
templates
Let's Encrypt support with certbot.
2026-02-11 13:01:55 +01:00
README.org
Let's Encrypt support with certbot.
2026-02-11 13:01:55 +01:00

README.org

Gitea Server Installer Role

ds-gitea

This role installs and configures a Gitea server.

It uses SQLite as its default database service - with optional PostgreSQL support.

The role can set up a reverse proxy with SSL using Nginx. Self-signed certificates and Let's Encrypt with certbot are supported.

  • Use the ds-ufw role to configure the firewall.
  • Use the ds-posgresql role to configure the database.
  • Use the ds-nginx role to install the proxy server.
  • Use the ds-act_runner role to configure and register Actions runners.

Role Behavior

  1. Download and install the Gitea binary
  2. (Optionally) Set up the PostgreSQL user and database
  3. Set up the user and group for the service
  4. Create the required directory structure
  5. Wait for the secret creation and storage in SOPS - if secrets are not present
  6. Deploy the Gitea configuration
  7. Deploy the Gitea systemd service file
  8. (Optionally) Set up the reverse proxy with optional SSL
  9. Enable and start the service

Defaults 

gitea_user: git
gitea_group: git
gitea_http_port: 3000
gitea_ssh_port: 22
gitea_database_server: ''
gitea_reverse_proxy: ''

Requirements

  • Ansible >= 2.12
  • Debian 12+ or compatible
  • git
  • sudo
  • ca-certificates
  • (optional) PosgreSQL database
  • (optional) Nginx server

Variables

Variable Type Comment
gitea_user string Gitea user
gitea_group string Gitea group
gitea_binary_url string Download URL of Gitea
gitea_checksum_url string Checksum URL of the binary
gitea_app_name string Gitea server title
gitea_ssh_domain string SSH domain
gitea_domain string Domain to reach Gitea
gitea_http_port int HTTP port
gitea_ssh_port int SSH port
gitea_root_url string Protocol + FQDN + port
gitea_lfs_jwt_secret string LFS storage secret
gitea_internal_token string Internal token
gitea_jwt_secret string JWT secret
gitea_database_server string DB server - 'postgresql' or empty for sqlite
gitea_db_password string PosgreSQL db password (if pgsql is used)
gitea_reverse_proxy string Reverse proxy to use or not set for no proxy
gitea_enable_https boolean Configure HTTPS in the proxy
gitea_ssl_cert string SSL certificate
gitea_ssl_key string SSL key
gitea_enable_http_redirect boolean Redirect HTTP to HTTPS
gitea_self_signed boolean Generate a self-signed cert and key
gitea_lets_encrypt boolean Use certbot to configure the SSL
gitea_certbot_email string Email to register the certificates

Handlers

  • Reload_systemd: It runs a daemon-reload
  • Restart_gitea: It restarts the Gitea service

Secrets

Always save the production secrets in SOPS, or in Ansible Vault.

Generate the secrets manually when the playbook stops:

gitea generate secret INTERNAL_TOKEN
gitea generate secret JWT_SECRET

Use the JWT_SECRET command to generate the gitea_lfs_jwt_secret as well. It's an alias.

Then re-run the playbook to finish the installation.

Example Playbook 

- name: Deploy a Gitea server
  hosts: gitea
  become: true

  vars:
    gitea_user: git
    gitea_group: git
    gitea_binary_url: https://dl.gitea.com/gitea/1.25.4/gitea-1.25.4-linux-amd64
    gitea_checksum_url: https://dl.gitea.com/gitea/1.25.4/gitea-1.25.4-linux-amd64.sha256
    gitea_app_name: Tom's IT Cafe Gitea Server
    gitea_ssh_domain: gitea.tomsitcafe.com
    gitea_domain: gitea.tomsitcafe.com
    gitea_http_port: 3000
    gitea_root_url: https://gitea.tomsitcafe.com

    # Optional Postgresql database backend
    gitea_database_server: postgresql

    # Optional Nginx reverse proxy configuration
    gitea_reverse_proxy: nginx
    gitea_enable_https: true          # Use HTTPS
    gitea_self_signed: false          # Don't generate self-signed certs
    gitea_lets_encrypt: true          # Use certbot
    gitea_enable_http_redirect: true  # Redirect HTTP to HTTPS

    # Certbot configuration
    gitea_certbot_email: email@domain.tld
    gitea_ssl_cert: /etc/letsencrypt/live/{{ gitea_domain }}/fullchain.pem
    gitea_ssl_key: /etc/letsencrypt/live/{{ gitea_domain }}/privkey.pem
    gitea_ssl_trusted_certificate: /etc/letsencrypt/live/{{ gitea_domain }}/chain.pem 

    # In prod put the secrets in SOPS:
    gitea_lfs_jwt_secret: G9bZrRHMhRQ8w4R0KkH2VLnx2rzq81ROQ951IQjlMs4 
    gitea_internal_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3NzA2Mzk1Njh9.ybbaeNLFiLbyvxfj4vkqhXSAXKRGpwvP8jIm9YLPgXw
    gitea_jwt_secret: uJni4x4e0AzpkLYc-t4keRJKOB6EaLzwVsdLeamkFyU
    gitea_db_password: Eegh7Aothooph7pa6eu7eitha_zaim0G

  roles:
    - role: ds-gitea

License

MIT

[ Fear the Silence. Fear the Switch. ]

Reference in New Issue View Git Blame Copy Permalink
Description
This role can install and configures a Gitea server.
ansibleautomationdevopsgitearole
Readme 120 KiB
Releases 3
v3.1.0 Latest
2026-02-25 10:25:57 +01:00
Languages
Jinja 100%