diff --git a/ansible/group_vars/all/user.yml b/ansible/group_vars/all/user.yml index 0acf835..938ba9d 100644 --- a/ansible/group_vars/all/user.yml +++ b/ansible/group_vars/all/user.yml @@ -1,2 +1,3 @@ user: jake home: /home/{{ user }} +name: Jake Howard diff --git a/ansible/main.yml b/ansible/main.yml index fe0694c..01ba450 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -48,6 +48,7 @@ - grafana - gitlab - heimdall + - gitea - hosts: walker roles: diff --git a/ansible/roles/base/tasks/user.yml b/ansible/roles/base/tasks/user.yml index c21306d..062836f 100644 --- a/ansible/roles/base/tasks/user.yml +++ b/ansible/roles/base/tasks/user.yml @@ -2,7 +2,7 @@ user: name: "{{ user }}" home: "{{ home }}" - comment: Jake Howard + comment: "{{ name }}" shell: /bin/bash system: true become: true diff --git a/ansible/roles/gitea/files/docker-compose.yml b/ansible/roles/gitea/files/docker-compose.yml new file mode 100644 index 0000000..facac33 --- /dev/null +++ b/ansible/roles/gitea/files/docker-compose.yml @@ -0,0 +1,33 @@ +version: "2.3" + +services: + gitea: + image: gitea/gitea:1.13.1 + restart: unless-stopped + environment: + - USER_UID={{ docker_user.id }} + - USER_GID={{ docker_user.id }} + ports: + - 3022:3022 + depends_on: + - db + volumes: + - "{{ app_data_dir }}/gitea/app.ini:/data/gitea/conf/app.ini" + - "{{ app_data_dir }}/gitea/:/data" + - /mnt/tank/files/repositories:/data/git + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + labels: + - traefik.enable=true + - traefik.http.routers.gitea.rule=Host(`git.theorangeone.net`) + - traefik.http.routers.gitea.tls.certresolver=le + - traefik.http.services.gitea-gitea.loadbalancer.server.port=3000 + + db: + image: postgres:12-alpine + restart: unless-stopped + volumes: + - /mnt/tank/dbs/postgres/gitea/:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD=gitea + - POSTGRES_USER=gitea diff --git a/ansible/roles/gitea/files/gitea.ini b/ansible/roles/gitea/files/gitea.ini new file mode 100644 index 0000000..fe364c0 --- /dev/null +++ b/ansible/roles/gitea/files/gitea.ini @@ -0,0 +1,87 @@ +APP_NAME = Git with a cup of orange juice +RUN_USER = git +RUN_MODE = prod + +[oauth2] +JWT_SECRET = {{ gitea_jwt_secret }} + +[security] +INTERNAL_TOKEN = {{ gitea_internal_token }} +INSTALL_LOCK = true +SECRET_KEY = {{ gitea_secret_key }} +COOKIE_USERNAME = gitea_username +COOKIE_REMEMBER_NAME = gitea_remember +LOGIN_REMEMBER_DAYS = 28 + +[database] +DB_TYPE = postgres +HOST = db:5432 +NAME = gitea +USER = gitea +PASSWD = gitea +SSL_MODE = disable +CHARSET = utf8 +LOG_SQL = false + +[repository] +ROOT = /data/git/repositories + +[server] +SSH_DOMAIN = gitea +DOMAIN = git.theorangeone.net +HTTP_PORT = 3000 +ROOT_URL = https://git.theorangeone.net +DISABLE_SSH = false +SSH_PORT = 22 +SSH_LISTEN_PORT = 3022 +START_SSH_SERVER = true +LFS_START_SERVER = true +LFS_CONTENT_PATH = /data/git/lfs +LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }} +OFFLINE_MODE = false +LANDING_PAGE = explore +ENABLE_GZIP = true +APP_DATA_PATH = /data/gitea + +[service] +DISABLE_REGISTRATION = true + +[picture] +ENABLE_FEDERATED_AVATAR = true +AVATAR_UPLOAD_PATH = /data/gitea/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars + +[session] +PROVIDER_CONFIG = /data/gitea/sessions +PROVIDER = file +COOKIE_NAME = session +COOKIE_SECURE = true + +[log] +MODE = console +LEVEL = info + +[cache] +ADAPTER = memory +INTERVAL = 60 + +[cron] +RUN_AT_START = true + +[ui] +EXPLORE_PAGING_NUM = 1000 +DEFAULT_THEME = gitea +THEMES = gitea,arc-green +USE_SERVICE_WORKER = false +SHOW_USER_EMAIL = false + +[ui.meta] +AUTHOR = {{ name }} +DESCRIPTION = Git with a cup of orange juice + +[indexer] +ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve + +[other] +SHOW_FOOTER_VERSION = false +SHOW_FOOTER_TEMPLATE_LOAD_TIME = false diff --git a/ansible/roles/gitea/handlers/main.yml b/ansible/roles/gitea/handlers/main.yml new file mode 100644 index 0000000..ad94997 --- /dev/null +++ b/ansible/roles/gitea/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart gitea + shell: + chdir: /opt/gitea + cmd: "{{ docker_update_command }}" diff --git a/ansible/roles/gitea/tasks/main.yml b/ansible/roles/gitea/tasks/main.yml new file mode 100644 index 0000000..0d90027 --- /dev/null +++ b/ansible/roles/gitea/tasks/main.yml @@ -0,0 +1,25 @@ +- name: Create install directory + file: + path: /opt/gitea + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" + become: true + +- name: Install config + template: + src: files/gitea.ini + dest: "{{ app_data_dir }}/gitea/app.ini" + mode: "0644" + notify: restart gitea + become: true + +- name: Install compose file + template: + src: files/docker-compose.yml + dest: /opt/gitea/docker-compose.yml + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + validate: /usr/bin/docker-compose -f %s config + notify: restart gitea + become: true diff --git a/ansible/roles/gitea/vars/main.yml b/ansible/roles/gitea/vars/main.yml new file mode 100644 index 0000000..367cbc6 --- /dev/null +++ b/ansible/roles/gitea/vars/main.yml @@ -0,0 +1,37 @@ +gitea_internal_token: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62353933326630353361633130636566363334666530316233383335643230316331623431336431 + 6234653733386138343066326362383064656665386230640a376138316137323161353535333831 + 65666233316261326336316437343036336335363661653563323237623033633436636363376638 + 3263303931373934380a653666343436626432613835386637663935336365613333373230623661 + 30306565616663353838616164393263376533623063633431636533383861653033386133353838 + 39656530383365316564626234343763316630333637393334343532323031623562626465306162 + 39643161633939653266373033333963303366663836313239353664623930626638356237343366 + 33333361363730373535373031376138393363343233373634393731613532666632643030643230 + 35623761666361373630613361336630306462646330336666353963636534373138 +gitea_secret_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33303865313730666162353665376639386435323734653666376632353939346534343539346231 + 3664316663663562663432633265373364666136393037650a333638666331363030336432656263 + 34333566323434656534383435356362323436383339366364633931653636613566323761386463 + 6163646465613661360a613138303163653063393563336136363939613635633065326263303237 + 65363563613635306663316165646635613665323739303332643736383033653463396633653133 + 66343130623561326337626632613136643039613466626165653134306134333036393435303738 + 33313861623339623165396635623862636431666166336232646631653363363361353730386233 + 38323038353639303461 +gitea_lfs_jwt_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63343030636264333036376165636132306536313666313063323234653366623936636166626637 + 3435646265326564366561373837663065666665373763380a633964653666383335363063373431 + 37333066626434366235613535383534653533636366656635323136613234643461323637656564 + 3635616436356235640a306539323331623561326435643830616135613032663265303930663964 + 34376531393632653562366465323735376561333439613434303166636665326565333462313532 + 3865613733383266353838366139313461613237633461646566 +gitea_jwt_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 65656364646434383030353165333239626166353166646436343936323235353133363130646533 + 6631626263633730646531383735663337373236326330330a336131346463396365626364613664 + 36363536353532633836623630323862336531336237653237363835303166646530343533323537 + 3535646333646563610a323765613034383662323333336230363766313130643838623039353432 + 34633332343962393438613837376632303038343762626334363939646466313138626362316334 + 6636613666636338616230333839316466613365396634326562