From e920a10a5c15b53683ee5caff122ec9378032cd5 Mon Sep 17 00:00:00 2001 From: Jonas Gunz Date: Sat, 9 Oct 2021 19:04:39 +0200 Subject: gitea: WIP --- roles/gitea/tasks/ldap.yml | 28 ++++++++++++ roles/gitea/tasks/main.yml | 103 ++++++++++++++++++++++++++++++++++++++++++ roles/gitea/tasks/secrets.yml | 36 +++++++++++++++ roles/gitea/tasks/update.yml | 23 ++++++++++ 4 files changed, 190 insertions(+) create mode 100644 roles/gitea/tasks/ldap.yml create mode 100644 roles/gitea/tasks/main.yml create mode 100644 roles/gitea/tasks/secrets.yml create mode 100644 roles/gitea/tasks/update.yml (limited to 'roles/gitea/tasks') diff --git a/roles/gitea/tasks/ldap.yml b/roles/gitea/tasks/ldap.yml new file mode 100644 index 0000000..75a561f --- /dev/null +++ b/roles/gitea/tasks/ldap.yml @@ -0,0 +1,28 @@ +--- +- name: Check if LDAP is installed + command: gitea --config /etc/gitea/app.ini --work-path /var/lib/gitea admin auth list + become_user: git + become: yes + register: check_ldap + +- name: Configure LDAP Login provider + command: + cmd: >- + gitea --config /etc/gitea/app.ini --work-path /var/lib/gitea admin auth add-ldap + --name ldap-prod + --security-protocol "{{ gitea.ldap.security }}" + --host "{{ gitea.ldap.host }}" + --port "{{ gitea.ldap.port }}" + --bind-dn "{{ gitea.ldap.base_dn }}" + --bind-password "{{ gitea.ldap.bind_pw }}" + --user-search-base "{{ gitea.ldap.user_search_base }}" + --user-filter "{{ gitea.ldap.user_filter }}" + --admin-filter "{{ gitea.ldap.admin_filter }}" + --username-attribute "{{ gitea.ldap.username_attribute }}" + --firstname-attribute "{{ gitea.ldap.firstname_attribute }}" + --surname-attribute "{{ gitea.ldap.surname_attribute }}" + --email-attribute "{{ gitea.ldap.email_attribute }}" + --synchronize-users + become_user: git + become: yes + when: not check_ldap.stdout | regex_search("ldap-prod") diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml new file mode 100644 index 0000000..a5d7081 --- /dev/null +++ b/roles/gitea/tasks/main.yml @@ -0,0 +1,103 @@ +--- +- name: Install packages + apt: + name: + - git + become: yes + +- name: Create User + user: + name: git + home: /home/git + shell: /bin/bash + system: yes + state: present + become: yes + +- name: Folder structure + file: + path: '{{ item }}' + owner: git + group: git + mode: '750' + state: directory + become: yes + loop: + - /var/lib/gitea/ + - /var/lib/gitea/custom + - /var/lib/gitea/data + - /var/lib/gitea/log + +- name: Config folder + file: + path: /etc/gitea + owner: root + group: git + mode: '750' + state: directory + become: yes + +- name: Check for update + stat: + path: /usr/local/bin/gitea + checksum_algorithm: sha256 + register: gitea_bin_stat + ignore_errors: yes + +- name: perform update + include: update.yml + when: + - (not gitea_bin_stat.stat.exists) or (gitea_bin_stat.stat.checksum != gitea.version.sha) + +- name: Check if initial setup is needed + include_tasks: secrets.yml + +- name: Read secret Key + slurp: + src: /etc/gitea/secret_key + become: yes + register: sec_key + +- name: Read secret Key + slurp: + src: /etc/gitea/internal_token + become: yes + register: int_tok + +- name: Install gitea config file + template: + src: app.ini.j2 + dest: /etc/gitea/app.ini + owner: root + group: git + mode: '640' + become: yes + notify: + - Handle systemd + +- name: Check for changed cert + command: /bin/true + when: + - cert_changed + notify: + - Handle systemd + +- name: Install gitea unit file + copy: + src: gitea.service + dest: /etc/systemd/system/gitea.service + become: yes + notify: + - Handle systemd + +- name: Flush handlers + meta: flush_handlers + +- name: Wait 10s for gitea to start + wait_for: + timeout: 10 + delegate_to: localhost +# This only install base configuration. Group settings have to be set manually in gitea... +- name: Install LDAP + include_tasks: ldap.yml + when: gitea.ldap.enable diff --git a/roles/gitea/tasks/secrets.yml b/roles/gitea/tasks/secrets.yml new file mode 100644 index 0000000..cde4dd8 --- /dev/null +++ b/roles/gitea/tasks/secrets.yml @@ -0,0 +1,36 @@ +--- +- name: Generate SECRET_KEY + command: + cmd: gitea generate secret SECRET_KEY + creates: /etc/gitea/secret_key + become_user: git + become: yes + register: gen_sec_key + +- name: Save secret Key + copy: + content: '{{ gen_sec_key.stdout }}' + dest: /etc/gitea/secret_key + owner: root + group: git + mode: '640' + become: yes + when: gen_sec_key.changed + +- name: Generate INTERNAL_TOKEN + command: + cmd: gitea generate secret INTERNAL_TOKEN + creates: /etc/gitea/internal_token + become_user: git + become: yes + register: gen_int_tok + +- name: Save INTERNAL_TOKEN + copy: + content: '{{ gen_int_tok.stdout }}' + dest: /etc/gitea/internal_token + owner: root + group: git + mode: '640' + become: yes + when: gen_int_tok.changed diff --git a/roles/gitea/tasks/update.yml b/roles/gitea/tasks/update.yml new file mode 100644 index 0000000..5b6d458 --- /dev/null +++ b/roles/gitea/tasks/update.yml @@ -0,0 +1,23 @@ +--- + +# initial ? + +- name: Stop gitea + systemd: + name: gitea + state: stopped + become: yes + when: not gitea_bin_stat.failed + ignore_errors: yes + +- name: Download Gitea + get_url: + url: 'https://dl.gitea.io/gitea/{{ gitea.version.ver }}/gitea-{{ gitea.version.ver }}-linux-amd64' + checksum: 'sha256:{{ gitea.version.sha }}' + dest: /usr/local/bin/gitea + owner: root + group: root + mode: '755' + become: yes + notify: + - Handle systemd -- cgit v1.2.3