From eed30311704bac40dbedff2559d9bc1ac303d387 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Fri, 7 Feb 2020 08:57:48 +0000 Subject: [PATCH] Install gitea --- ansible/roles/docker/files/gitea/app.ini | 98 +++++++++++++++++++ .../docker/files/gitea/docker-compose.yml | 32 ++++++ ansible/roles/docker/tasks/gitea.yml | 52 ++++++++++ ansible/roles/docker/tasks/main.yml | 3 + ansible/roles/docker/vars/gitea.yml | 38 +++++++ 5 files changed, 223 insertions(+) create mode 100644 ansible/roles/docker/files/gitea/app.ini create mode 100644 ansible/roles/docker/files/gitea/docker-compose.yml create mode 100644 ansible/roles/docker/tasks/gitea.yml create mode 100644 ansible/roles/docker/vars/gitea.yml diff --git a/ansible/roles/docker/files/gitea/app.ini b/ansible/roles/docker/files/gitea/app.ini new file mode 100644 index 0000000..e6c76fe --- /dev/null +++ b/ansible/roles/docker/files/gitea/app.ini @@ -0,0 +1,98 @@ +APP_NAME = Gitea: Git with a cup of tea +RUN_MODE = prod +RUN_USER = git + +[repository] +ROOT = /data/git/repositories + +[repository.local] +LOCAL_COPY_PATH = /data/gitea/tmp/local-repo + +[repository.upload] +TEMP_PATH = /data/gitea/uploads + +[server] +APP_DATA_PATH = /data/gitea +SSH_DOMAIN = git.theorangeone.net +HTTP_PORT = 3000 +ROOT_URL = https://git.theorangeone.net/ +DISABLE_SSH = false +SSH_PORT = 22 +SSH_LISTEN_PORT = 3022 +START_SSH_SERVER = true +LFS_START_SERVER = true +LFS_CONTENT_PATH = /data/git/lfs +DOMAIN = git.theorangeone.net +LFS_JWT_SECRET = {{ gitea.lfs_jwt_secret }} +OFFLINE_MODE = false +LANDING_PAGE = explore +ENABLE_GZIP = true + +[ui] +DEFAULT_THEME = arc-green +THEMES = gitea,arc-green + +[database] +DB_TYPE = postgres +HOST = db:5432 +NAME = gitea +USER = gitea +PASSWD = gitea +SSL_MODE = disable +CHARSET = utf8 +LOG_SQL = false + +[indexer] +ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve + +[session] +PROVIDER_CONFIG = /data/gitea/sessions +PROVIDER = file +COOKIE_NAME = session + +[picture] +AVATAR_UPLOAD_PATH = /data/gitea/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars +DISABLE_GRAVATAR = false +ENABLE_FEDERATED_AVATAR = true + +[attachment] +PATH = /data/gitea/attachments + +[log] +ROOT_PATH = /data/gitea/log +MODE = file +LEVEL = info + +[security] +INSTALL_LOCK = true +SECRET_KEY = {{ gitea.secret_key }} +INTERNAL_TOKEN = {{ gitea.internal_token }} +COOKIE_USERNAME = gitea_username +COOKIE_REMEMBER_NAME = gitea_remember + +[service] +DISABLE_REGISTRATION = true +REQUIRE_SIGNIN_VIEW = false +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = false +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.example.org + +[oauth2] +JWT_SECRET = {{ gitea.jwt_secret }} + +[mailer] +ENABLED = false + +[openid] +ENABLE_OPENID_SIGNIN = false +ENABLE_OPENID_SIGNUP = false + +[cache] +ADAPTER = memory +INTERVAL = 60 diff --git a/ansible/roles/docker/files/gitea/docker-compose.yml b/ansible/roles/docker/files/gitea/docker-compose.yml new file mode 100644 index 0000000..607c1e4 --- /dev/null +++ b/ansible/roles/docker/files/gitea/docker-compose.yml @@ -0,0 +1,32 @@ +version: "3" + +services: + gitea: + image: gitea/gitea:1.10.2 + container_name: gitea + restart: unless-stopped + environment: + - USER_UID={{ docker_user.id }} + - USER_GID={{ docker_user.id }} + labels: + - "traefik.enable=true" + - "traefik.http.routers.gitea.rule=Host(`git.theorangeone.net`)" + - "traefik.http.routers.gitea.tls=true" + - "traefik.http.routers.gitea.tls.certresolver=le" + - "traefik.http.services.gitea-gitea.loadbalancer.server.port=3000" + ports: + - "{{ wireguard.clients.intersect.ip }}:3022:3022" + volumes: + - ./gitea:/data + - ./repos:/data/git + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + + db: + image: postgres:12-alpine + restart: unless-stopped + volumes: + - ./postgres:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD=gitea + - POSTGRES_USER=gitea diff --git a/ansible/roles/docker/tasks/gitea.yml b/ansible/roles/docker/tasks/gitea.yml new file mode 100644 index 0000000..276f8cc --- /dev/null +++ b/ansible/roles/docker/tasks/gitea.yml @@ -0,0 +1,52 @@ +- name: Include gitea variables + include_vars: gitea.yml + +- name: Create gitea directory + file: + path: '/opt/gitea' + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" + become: true + become_user: root + +- name: Create gitea config directory + file: + path: '/opt/gitea/gitea/gitea/conf' + state: directory + mode: "{{ docker_compose_directory_mask }}" + become: true + become_user: root + +- name: Install gitea compose file + template: + src: files/gitea/docker-compose.yml + dest: "/opt/gitea/docker-compose.yml" + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + validate: /usr/bin/docker-compose -f %s config + register: compose_file + become: true + become_user: root + +- name: Install gitea config file + template: + src: files/gitea/app.ini + dest: "/opt/gitea/gitea/gitea/conf/app.ini" + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + register: config_file + become: true + become_user: root + +- name: Cycle gitea container + docker_compose: + project_src: /opt/gitea + pull: true + remove_orphans: true + remove_volumes: true + state: "{{ item }}" + when: compose_file.changed or config_file.changed + loop: + - absent + - present diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index 7cc99cd..457cf69 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -33,3 +33,6 @@ - name: Install calibre include: calibre.yml + +- name: Install gitea + include: gitea.yml diff --git a/ansible/roles/docker/vars/gitea.yml b/ansible/roles/docker/vars/gitea.yml new file mode 100644 index 0000000..a002232 --- /dev/null +++ b/ansible/roles/docker/vars/gitea.yml @@ -0,0 +1,38 @@ +gitea: + jwt_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 37303933656432653862343063386566363732663764363530336134356536353039386637326564 + 3830323764306333643061393339313236616435666365660a643637353339353737636565313338 + 62643435393639376531326464333539623931363866396230633361313031303763313637383734 + 6338613633626661660a653133623561373237346266346666376666653737613536633232313536 + 38623262653837353065386266633261363431333535666539636365396237616361393064323163 + 3938306666643861636138366563386439323761386335623962 + secret_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38373166333035376233393336346366616334633864643365316131363931393266343532386130 + 3764653861303064613965313665313266393762636239370a366366626662373164383532353366 + 35393837646238646136663133356261633464653935393665616531323335636134336634373065 + 6666646263636532380a346264386638656538356265373066616463653036373766383861623731 + 30643762303436313736633962356630393330373862353561326534653736336566386635316230 + 30666361643065306237653131623439396530333161643637383861623433656165626435316633 + 32646263636232313135623134306139633163333839316463656236343966383463643064396463 + 61643436333135373865 + internal_token: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63306138636431656236306432666164326565643132666633313434626338306633343263356238 + 6236333661303439653837633165366661653330643038620a356432343262396132643234656134 + 66623031666461633038653933356235626163306238343035373630343162353831393561323032 + 3132656639393665660a623034313035643861623865383562303562373862346139313761346636 + 36633863386537393230633864646162313338623363616162373433643333656233363733306564 + 35633737343836613034373866353062323466636430346266393066346466313166663634313162 + 36663761333065653764613762643230326163643138643266383936663735366263623637306266 + 34616435313863393530336565323231626466343033383139376333633032633466643732343537 + 63306235613130616339316664616630663332333866373032373935653437306232 + lfs_jwt_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 32333832306662373064626334633465346437656230303162313735626530646638643564383439 + 6261663332613938373161316563646639353166633339310a393936353735663430333733383962 + 31376636663065656435376637663438363039643234626335393238386162393232613934303537 + 6431663036333331350a303332366162333862616534346161316531323039643762316365333865 + 35383235633166353930363034373235646466336530646463616661336361393835643533343534 + 3235316165373239633832316438303266343639356161303439