aboutsummaryrefslogtreecommitdiff
path: root/roles/gitea/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/gitea/tasks')
-rw-r--r--roles/gitea/tasks/ldap.yml28
-rw-r--r--roles/gitea/tasks/main.yml103
-rw-r--r--roles/gitea/tasks/secrets.yml36
-rw-r--r--roles/gitea/tasks/update.yml23
4 files changed, 190 insertions, 0 deletions
diff --git a/roles/gitea/tasks/ldap.yml b/roles/gitea/tasks/ldap.yml
new file mode 100644
index 0000000..75a561f
--- /dev/null
+++ b/roles/gitea/tasks/ldap.yml
@@ -0,0 +1,28 @@
+---
+- name: Check if LDAP is installed
+ command: gitea --config /etc/gitea/app.ini --work-path /var/lib/gitea admin auth list
+ become_user: git
+ become: yes
+ register: check_ldap
+
+- name: Configure LDAP Login provider
+ command:
+ cmd: >-
+ gitea --config /etc/gitea/app.ini --work-path /var/lib/gitea admin auth add-ldap
+ --name ldap-prod
+ --security-protocol "{{ gitea.ldap.security }}"
+ --host "{{ gitea.ldap.host }}"
+ --port "{{ gitea.ldap.port }}"
+ --bind-dn "{{ gitea.ldap.base_dn }}"
+ --bind-password "{{ gitea.ldap.bind_pw }}"
+ --user-search-base "{{ gitea.ldap.user_search_base }}"
+ --user-filter "{{ gitea.ldap.user_filter }}"
+ --admin-filter "{{ gitea.ldap.admin_filter }}"
+ --username-attribute "{{ gitea.ldap.username_attribute }}"
+ --firstname-attribute "{{ gitea.ldap.firstname_attribute }}"
+ --surname-attribute "{{ gitea.ldap.surname_attribute }}"
+ --email-attribute "{{ gitea.ldap.email_attribute }}"
+ --synchronize-users
+ become_user: git
+ become: yes
+ when: not check_ldap.stdout | regex_search("ldap-prod")
diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
new file mode 100644
index 0000000..a5d7081
--- /dev/null
+++ b/roles/gitea/tasks/main.yml
@@ -0,0 +1,103 @@
+---
+- name: Install packages
+ apt:
+ name:
+ - git
+ become: yes
+
+- name: Create User
+ user:
+ name: git
+ home: /home/git
+ shell: /bin/bash
+ system: yes
+ state: present
+ become: yes
+
+- name: Folder structure
+ file:
+ path: '{{ item }}'
+ owner: git
+ group: git
+ mode: '750'
+ state: directory
+ become: yes
+ loop:
+ - /var/lib/gitea/
+ - /var/lib/gitea/custom
+ - /var/lib/gitea/data
+ - /var/lib/gitea/log
+
+- name: Config folder
+ file:
+ path: /etc/gitea
+ owner: root
+ group: git
+ mode: '750'
+ state: directory
+ become: yes
+
+- name: Check for update
+ stat:
+ path: /usr/local/bin/gitea
+ checksum_algorithm: sha256
+ register: gitea_bin_stat
+ ignore_errors: yes
+
+- name: perform update
+ include: update.yml
+ when:
+ - (not gitea_bin_stat.stat.exists) or (gitea_bin_stat.stat.checksum != gitea.version.sha)
+
+- name: Check if initial setup is needed
+ include_tasks: secrets.yml
+
+- name: Read secret Key
+ slurp:
+ src: /etc/gitea/secret_key
+ become: yes
+ register: sec_key
+
+- name: Read secret Key
+ slurp:
+ src: /etc/gitea/internal_token
+ become: yes
+ register: int_tok
+
+- name: Install gitea config file
+ template:
+ src: app.ini.j2
+ dest: /etc/gitea/app.ini
+ owner: root
+ group: git
+ mode: '640'
+ become: yes
+ notify:
+ - Handle systemd
+
+- name: Check for changed cert
+ command: /bin/true
+ when:
+ - cert_changed
+ notify:
+ - Handle systemd
+
+- name: Install gitea unit file
+ copy:
+ src: gitea.service
+ dest: /etc/systemd/system/gitea.service
+ become: yes
+ notify:
+ - Handle systemd
+
+- name: Flush handlers
+ meta: flush_handlers
+
+- name: Wait 10s for gitea to start
+ wait_for:
+ timeout: 10
+ delegate_to: localhost
+# This only install base configuration. Group settings have to be set manually in gitea...
+- name: Install LDAP
+ include_tasks: ldap.yml
+ when: gitea.ldap.enable
diff --git a/roles/gitea/tasks/secrets.yml b/roles/gitea/tasks/secrets.yml
new file mode 100644
index 0000000..cde4dd8
--- /dev/null
+++ b/roles/gitea/tasks/secrets.yml
@@ -0,0 +1,36 @@
+---
+- name: Generate SECRET_KEY
+ command:
+ cmd: gitea generate secret SECRET_KEY
+ creates: /etc/gitea/secret_key
+ become_user: git
+ become: yes
+ register: gen_sec_key
+
+- name: Save secret Key
+ copy:
+ content: '{{ gen_sec_key.stdout }}'
+ dest: /etc/gitea/secret_key
+ owner: root
+ group: git
+ mode: '640'
+ become: yes
+ when: gen_sec_key.changed
+
+- name: Generate INTERNAL_TOKEN
+ command:
+ cmd: gitea generate secret INTERNAL_TOKEN
+ creates: /etc/gitea/internal_token
+ become_user: git
+ become: yes
+ register: gen_int_tok
+
+- name: Save INTERNAL_TOKEN
+ copy:
+ content: '{{ gen_int_tok.stdout }}'
+ dest: /etc/gitea/internal_token
+ owner: root
+ group: git
+ mode: '640'
+ become: yes
+ when: gen_int_tok.changed
diff --git a/roles/gitea/tasks/update.yml b/roles/gitea/tasks/update.yml
new file mode 100644
index 0000000..5b6d458
--- /dev/null
+++ b/roles/gitea/tasks/update.yml
@@ -0,0 +1,23 @@
+---
+
+# initial ?
+
+- name: Stop gitea
+ systemd:
+ name: gitea
+ state: stopped
+ become: yes
+ when: not gitea_bin_stat.failed
+ ignore_errors: yes
+
+- name: Download Gitea
+ get_url:
+ url: 'https://dl.gitea.io/gitea/{{ gitea.version.ver }}/gitea-{{ gitea.version.ver }}-linux-amd64'
+ checksum: 'sha256:{{ gitea.version.sha }}'
+ dest: /usr/local/bin/gitea
+ owner: root
+ group: root
+ mode: '755'
+ become: yes
+ notify:
+ - Handle systemd
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-22 03:48:50 +0000