DeadSwitch
764883f26d
The first working version is tested against a Debian machine. Reviewed-on: http://gitea.tomsitcafe.com:3000/iron/ds-gitea/pulls/1 Co-authored-by: DeadSwitch <deadswitch404@proton.me> Co-committed-by: DeadSwitch <deadswitch404@proton.me>
110 lines
2.7 KiB
YAML
110 lines
2.7 KiB
YAML
---
|
|
- name: Make sure dependencies are installed
|
|
ansible.builtin.apt:
|
|
name:
|
|
- git
|
|
- sudo
|
|
- ca-certificates
|
|
update_cache: true
|
|
state: present
|
|
|
|
- name: Create the gitea group
|
|
ansible.builtin.group:
|
|
name: "{{ gitea_group }}"
|
|
system: true
|
|
|
|
- name: Create the gitea user
|
|
ansible.builtin.user:
|
|
name: "{{ gitea_user }}"
|
|
group: "{{ gitea_group }}"
|
|
home: /home/{{ gitea_user }}
|
|
shell: /usr/sbin/nologin
|
|
system: true
|
|
create_home: true
|
|
|
|
- name: Download the Gitea binary
|
|
ansible.builtin.get_url:
|
|
url: "{{ gitea_binary_url }}"
|
|
dest: /usr/local/bin/gitea
|
|
checksum: "sha256:{{ gitea_checksum_url }}"
|
|
|
|
- name: Set the permissions of the Gitea binary
|
|
ansible.builtin.file:
|
|
path: /usr/local/bin/gitea
|
|
owner: "{{ gitea_user }}"
|
|
group: "{{ gitea_group }}"
|
|
mode: '0750'
|
|
|
|
- name: Pause to generate and save the secrets in SOPS
|
|
ansible.builtin.pause:
|
|
prompt: |
|
|
[SECURITY NOTICE]
|
|
If this is a fresh install, generate these secrets:
|
|
1. gitea generate secret INTERNAL_TOKEN - for gitea_internal_token
|
|
2. gitea generate secret JWT_SECRET - for gitea_lfs_jwt_secret
|
|
3. gitea generate secret JWT_SECRET - for gitea_jwt_secret
|
|
Copy the following keys into SOPS:
|
|
- gitea_internal_token
|
|
- gitea_lfs_jwt_secret
|
|
- gitea_jwt_secret
|
|
Press ENTER once done to continue.
|
|
when: gitea_internal_token is not defined
|
|
|
|
- name: Stop play until SOPS secrets are added
|
|
ansible.builtin.meta: end_play
|
|
when: gitea_internal_token is not defined
|
|
|
|
- name: Create the data dir base
|
|
ansible.builtin.file:
|
|
path: /var/lib/gitea
|
|
owner: "{{ gitea_user }}"
|
|
group: "{{ gitea_group }}"
|
|
mode: '0750'
|
|
state: directory
|
|
|
|
- name: Create the data dirs
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: "{{ gitea_user }}"
|
|
group: "{{ gitea_group }}"
|
|
mode: '0750'
|
|
state: directory
|
|
loop:
|
|
- /var/lib/gitea/custom
|
|
- /var/lib/gitea/data
|
|
- /var/lib/gitea/log
|
|
|
|
- name: Create the config dir
|
|
ansible.builtin.file:
|
|
path: /etc/gitea
|
|
owner: root
|
|
group: "{{ gitea_group }}"
|
|
mode: '0750'
|
|
state: directory
|
|
|
|
- name: Deploy the systemd service unit
|
|
ansible.builtin.template:
|
|
src: gitea.service.j2
|
|
dest: /etc/systemd/system/gitea.service
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
notify:
|
|
- Reload_systemd
|
|
|
|
- name: Deploy the Gitea configuration
|
|
ansible.builtin.template:
|
|
src: app.ini.j2
|
|
dest: /etc/gitea/app.ini
|
|
owner: root
|
|
group: "{{ gitea_group }}"
|
|
mode: '0640'
|
|
notify:
|
|
- Restart_gitea
|
|
|
|
- name: Start and enable Gitea
|
|
ansible.builtin.systemd_service:
|
|
name: gitea.service
|
|
state: started
|
|
enabled: true
|