209 lines
4.7 KiB
YAML
209 lines
4.7 KiB
YAML
---
|
|
|
|
- name: install certs
|
|
copy:
|
|
src: "/usr/local/etc/letsencrypt/live/{{ item }}"
|
|
dest: "/usr/local/etc/certs/"
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
tags:
|
|
- letsencrypt-certs
|
|
notify: reload nginx
|
|
vars:
|
|
prediff_cmd: echo
|
|
with_items:
|
|
- "{{ gitea_url }}"
|
|
|
|
|
|
- name: create dir structure
|
|
file:
|
|
path: "{{ gitea_user.home }}/{{ item.name }}"
|
|
state: directory
|
|
mode: 0755
|
|
owner: "{{ item.owner | default(gitea_user.username) }}"
|
|
group: "{{ item.group | default(gitea_user.username) }}"
|
|
loop_control:
|
|
label: "{{ gitea_user.home }}/{{ item.name }}"
|
|
with_items:
|
|
- name: data
|
|
|
|
- name: data/git
|
|
- name: data/gitea
|
|
|
|
# for overriding gitea's go-templates
|
|
# from role/gitea/files/tmpl/
|
|
- name: data/gitea/templates
|
|
- name: data/gitea/templates/custom
|
|
- name: data/gitea/templates/user/dashboard
|
|
|
|
- name: data/gitea/conf
|
|
- name: data/gitea/tmp
|
|
- name: data/gitea/indexers
|
|
- name: data/gitea/attachments
|
|
- name: data/gitea/avatars
|
|
- name: data/gitea/repo-avatars
|
|
- name: data/gitea/log
|
|
|
|
- name: redis
|
|
owner: '999'
|
|
group: '999'
|
|
- name: redis/data
|
|
owner: '999'
|
|
group: '999'
|
|
|
|
tags:
|
|
- gitea-mirror
|
|
|
|
- name: template ssh passthrough script
|
|
template:
|
|
src: ssh-passthrough.j2
|
|
dest: /usr/local/bin/gitea
|
|
mode: 0755
|
|
owner: git
|
|
group: git
|
|
when: gitea_ssh_enabled
|
|
tags:
|
|
- gitea-mirror
|
|
|
|
- name: copy the ssh keys used for the ssh shim (gitea manages authorized_keys)
|
|
copy:
|
|
src: "private/gitea/{{ item.name }}"
|
|
dest: "{{ gitea_user.home }}/.ssh/{{ item.name }}"
|
|
mode: "{{ item.mode }}"
|
|
owner: "{{ gitea_user.username }}"
|
|
group: "{{ gitea_user.username }}"
|
|
no_log: true
|
|
when: gitea_ssh_enabled
|
|
with_items:
|
|
- name: id_rsa
|
|
mode: "0600"
|
|
- name: id_rsa.pub
|
|
mode: "0644"
|
|
|
|
- name: template config
|
|
template:
|
|
src: app.ini.j2
|
|
dest: "{{ gitea_user.home }}/data/gitea/conf/app.ini"
|
|
owner: git
|
|
group: git
|
|
mode: 0644
|
|
notify: restart gitea
|
|
tags:
|
|
- gitea-config
|
|
- gitea-mirror
|
|
|
|
- name: template robots.txt and sitemap.xml
|
|
template:
|
|
src: "{{ item }}.j2"
|
|
dest: "{{ gitea_user.home }}/data/gitea/{{ item }}"
|
|
owner: www-data
|
|
group: www-data
|
|
mode: 0644
|
|
with_items:
|
|
- robots.txt
|
|
- sitemap.xml
|
|
tags:
|
|
- robots
|
|
- gitea-robots
|
|
|
|
- name: copy gitea templates
|
|
copy:
|
|
src: "tmpl/{{ item }}"
|
|
dest: "{{ gitea_user.home }}/data/gitea/templates/{{ item }}"
|
|
owner: www-data
|
|
group: www-data
|
|
mode: 0644
|
|
with_items:
|
|
- home.tmpl
|
|
- custom/extra_links.tmpl
|
|
- custom/extra_tabs.tmpl
|
|
- user/dashboard/feeds.tmpl
|
|
- user/dashboard/repolist.tmpl
|
|
tags:
|
|
- gitea-templates
|
|
when: gitea_custom_tmpl_enabled
|
|
notify: restart gitea
|
|
|
|
- name: template nginx vhost
|
|
template:
|
|
src: 01-gitea.j2
|
|
dest: /etc/nginx/sites-enabled/01-{{ gitea_url }}
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags:
|
|
- nginx
|
|
- gitea-nginx
|
|
notify: reload nginx
|
|
|
|
- name: redis container for gitea
|
|
docker_container:
|
|
name: gitea-redis
|
|
image: "redis:latest"
|
|
restart_policy: "unless-stopped"
|
|
auto_remove: false
|
|
detach: true
|
|
pull: true
|
|
state: started
|
|
container_default_behavior: compatibility
|
|
env:
|
|
REDIS_HOST: redis-gitea
|
|
networks_cli_compatible: false
|
|
networks:
|
|
- name: bridgewithdns
|
|
healthcheck:
|
|
interval: 30s
|
|
timeout: 60s
|
|
start_period: 10s
|
|
test: "redis-cli --raw incr ping"
|
|
mounts:
|
|
- type: bind
|
|
source: "{{ gitea_user.home }}/redis/data"
|
|
target: /data
|
|
tags:
|
|
- redis
|
|
- gitea-redis-container
|
|
- gitea-container
|
|
- docker-containers
|
|
|
|
- name: start container
|
|
docker_container:
|
|
name: gitea
|
|
image: gitea/gitea:latest
|
|
detach: true
|
|
pull: true
|
|
restart_policy: "unless-stopped"
|
|
state: "{{ container_state | default('started') }}"
|
|
container_default_behavior: compatibility
|
|
ports:
|
|
- "127.0.0.1:{{ gitea_ssh_port }}:22"
|
|
volumes:
|
|
- "{{ gitea_user.home }}/data:/data"
|
|
- "{{ gitea_user.home }}/.ssh/:/data/git/.ssh"
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
env:
|
|
USER_UID: "{{ gitea_user.uid }}"
|
|
USER_GID: "{{ gitea_user.gid }}"
|
|
networks_cli_compatible: false
|
|
network_mode: bridgewithdns
|
|
networks:
|
|
- name: bridgewithdns
|
|
ipv4_address: "{{ bridgewithdns.gitea }}"
|
|
tags:
|
|
- gitea-container
|
|
- docker-containers
|
|
|
|
- name: template filebeat config
|
|
template:
|
|
src: filebeat-gitea.yml.j2
|
|
dest: "/etc/filebeat/inputs.d/gitea.yml"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags:
|
|
- filebeat
|
|
- filebeat-input
|
|
notify: restart filebeat
|