From eed30311704bac40dbedff2559d9bc1ac303d387 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Fri, 7 Feb 2020 08:57:48 +0000
Subject: [PATCH] Install gitea

---
 ansible/roles/docker/files/gitea/app.ini      | 98 +++++++++++++++++++
 .../docker/files/gitea/docker-compose.yml     | 32 ++++++
 ansible/roles/docker/tasks/gitea.yml          | 52 ++++++++++
 ansible/roles/docker/tasks/main.yml           |  3 +
 ansible/roles/docker/vars/gitea.yml           | 38 +++++++
 5 files changed, 223 insertions(+)
 create mode 100644 ansible/roles/docker/files/gitea/app.ini
 create mode 100644 ansible/roles/docker/files/gitea/docker-compose.yml
 create mode 100644 ansible/roles/docker/tasks/gitea.yml
 create mode 100644 ansible/roles/docker/vars/gitea.yml

diff --git a/ansible/roles/docker/files/gitea/app.ini b/ansible/roles/docker/files/gitea/app.ini
new file mode 100644
index 0000000..e6c76fe
--- /dev/null
+++ b/ansible/roles/docker/files/gitea/app.ini
@@ -0,0 +1,98 @@
+APP_NAME = Gitea: Git with a cup of tea
+RUN_MODE = prod
+RUN_USER = git
+
+[repository]
+ROOT = /data/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH    = /data/gitea
+SSH_DOMAIN       = git.theorangeone.net
+HTTP_PORT        = 3000
+ROOT_URL         = https://git.theorangeone.net/
+DISABLE_SSH      = false
+SSH_PORT         = 22
+SSH_LISTEN_PORT  = 3022
+START_SSH_SERVER = true
+LFS_START_SERVER = true
+LFS_CONTENT_PATH = /data/git/lfs
+DOMAIN           = git.theorangeone.net
+LFS_JWT_SECRET   = {{ gitea.lfs_jwt_secret }}
+OFFLINE_MODE     = false
+LANDING_PAGE     = explore
+ENABLE_GZIP      = true
+
+[ui]
+DEFAULT_THEME    = arc-green
+THEMES           = gitea,arc-green
+
+[database]
+DB_TYPE  = postgres
+HOST     = db:5432
+NAME     = gitea
+USER     = gitea
+PASSWD   = gitea
+SSL_MODE = disable
+CHARSET  = utf8
+LOG_SQL  = false
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+PROVIDER        = file
+COOKIE_NAME     = session
+
+[picture]
+AVATAR_UPLOAD_PATH            = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+DISABLE_GRAVATAR              = false
+ENABLE_FEDERATED_AVATAR       = true
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+ROOT_PATH = /data/gitea/log
+MODE      = file
+LEVEL     = info
+
+[security]
+INSTALL_LOCK   = true
+SECRET_KEY     = {{ gitea.secret_key }}
+INTERNAL_TOKEN = {{ gitea.internal_token }}
+COOKIE_USERNAME = gitea_username
+COOKIE_REMEMBER_NAME = gitea_remember
+
+[service]
+DISABLE_REGISTRATION              = true
+REQUIRE_SIGNIN_VIEW               = false
+REGISTER_EMAIL_CONFIRM            = false
+ENABLE_NOTIFY_MAIL                = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+ENABLE_CAPTCHA                    = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING       = true
+NO_REPLY_ADDRESS                  = noreply.example.org
+
+[oauth2]
+JWT_SECRET = {{ gitea.jwt_secret }}
+
+[mailer]
+ENABLED = false
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[cache]
+ADAPTER         = memory
+INTERVAL        = 60
diff --git a/ansible/roles/docker/files/gitea/docker-compose.yml b/ansible/roles/docker/files/gitea/docker-compose.yml
new file mode 100644
index 0000000..607c1e4
--- /dev/null
+++ b/ansible/roles/docker/files/gitea/docker-compose.yml
@@ -0,0 +1,32 @@
+version: "3"
+
+services:
+  gitea:
+    image: gitea/gitea:1.10.2
+    container_name: gitea
+    restart: unless-stopped
+    environment:
+      - USER_UID={{ docker_user.id }}
+      - USER_GID={{ docker_user.id }}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gitea.rule=Host(`git.theorangeone.net`)"
+      - "traefik.http.routers.gitea.tls=true"
+      - "traefik.http.routers.gitea.tls.certresolver=le"
+      - "traefik.http.services.gitea-gitea.loadbalancer.server.port=3000"
+    ports:
+      - "{{ wireguard.clients.intersect.ip }}:3022:3022"
+    volumes:
+      - ./gitea:/data
+      - ./repos:/data/git
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+
+  db:
+    image: postgres:12-alpine
+    restart: unless-stopped
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=gitea
+      - POSTGRES_USER=gitea
diff --git a/ansible/roles/docker/tasks/gitea.yml b/ansible/roles/docker/tasks/gitea.yml
new file mode 100644
index 0000000..276f8cc
--- /dev/null
+++ b/ansible/roles/docker/tasks/gitea.yml
@@ -0,0 +1,52 @@
+- name: Include gitea variables
+  include_vars: gitea.yml
+
+- name: Create gitea directory
+  file:
+    path: '/opt/gitea'
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+  become_user: root
+
+- name: Create gitea config directory
+  file:
+    path: '/opt/gitea/gitea/gitea/conf'
+    state: directory
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+  become_user: root
+
+- name: Install gitea compose file
+  template:
+    src: files/gitea/docker-compose.yml
+    dest: "/opt/gitea/docker-compose.yml"
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: /usr/bin/docker-compose -f %s config
+  register: compose_file
+  become: true
+  become_user: root
+
+- name: Install gitea config file
+  template:
+    src: files/gitea/app.ini
+    dest: "/opt/gitea/gitea/gitea/conf/app.ini"
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+  register: config_file
+  become: true
+  become_user: root
+
+- name: Cycle gitea container
+  docker_compose:
+    project_src: /opt/gitea
+    pull: true
+    remove_orphans: true
+    remove_volumes: true
+    state: "{{ item }}"
+  when: compose_file.changed or config_file.changed
+  loop:
+    - absent
+    - present
diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml
index 7cc99cd..457cf69 100644
--- a/ansible/roles/docker/tasks/main.yml
+++ b/ansible/roles/docker/tasks/main.yml
@@ -33,3 +33,6 @@
 
 - name: Install calibre
   include: calibre.yml
+
+- name: Install gitea
+  include: gitea.yml
diff --git a/ansible/roles/docker/vars/gitea.yml b/ansible/roles/docker/vars/gitea.yml
new file mode 100644
index 0000000..a002232
--- /dev/null
+++ b/ansible/roles/docker/vars/gitea.yml
@@ -0,0 +1,38 @@
+gitea:
+  jwt_secret: !vault |
+    $ANSIBLE_VAULT;1.1;AES256
+    37303933656432653862343063386566363732663764363530336134356536353039386637326564
+    3830323764306333643061393339313236616435666365660a643637353339353737636565313338
+    62643435393639376531326464333539623931363866396230633361313031303763313637383734
+    6338613633626661660a653133623561373237346266346666376666653737613536633232313536
+    38623262653837353065386266633261363431333535666539636365396237616361393064323163
+    3938306666643861636138366563386439323761386335623962
+  secret_key: !vault |
+    $ANSIBLE_VAULT;1.1;AES256
+    38373166333035376233393336346366616334633864643365316131363931393266343532386130
+    3764653861303064613965313665313266393762636239370a366366626662373164383532353366
+    35393837646238646136663133356261633464653935393665616531323335636134336634373065
+    6666646263636532380a346264386638656538356265373066616463653036373766383861623731
+    30643762303436313736633962356630393330373862353561326534653736336566386635316230
+    30666361643065306237653131623439396530333161643637383861623433656165626435316633
+    32646263636232313135623134306139633163333839316463656236343966383463643064396463
+    61643436333135373865
+  internal_token: !vault |
+    $ANSIBLE_VAULT;1.1;AES256
+    63306138636431656236306432666164326565643132666633313434626338306633343263356238
+    6236333661303439653837633165366661653330643038620a356432343262396132643234656134
+    66623031666461633038653933356235626163306238343035373630343162353831393561323032
+    3132656639393665660a623034313035643861623865383562303562373862346139313761346636
+    36633863386537393230633864646162313338623363616162373433643333656233363733306564
+    35633737343836613034373866353062323466636430346266393066346466313166663634313162
+    36663761333065653764613762643230326163643138643266383936663735366263623637306266
+    34616435313863393530336565323231626466343033383139376333633032633466643732343537
+    63306235613130616339316664616630663332333866373032373935653437306232
+  lfs_jwt_secret: !vault |
+    $ANSIBLE_VAULT;1.1;AES256
+    32333832306662373064626334633465346437656230303162313735626530646638643564383439
+    6261663332613938373161316563646639353166633339310a393936353735663430333733383962
+    31376636663065656435376637663438363039643234626335393238386162393232613934303537
+    6431663036333331350a303332366162333862616534346161316531323039643762316365333865
+    35383235633166353930363034373235646466336530646463616661336361393835643533343534
+    3235316165373239633832316438303266343639356161303439