Initial CommitHEAD master

author: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
committer: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
commit: 95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree: cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /roles/services/containers/gitea/tasks
1 files changed, 171 insertions, 0 deletions
diff --git a/roles/services/containers/gitea/tasks/main.yml b/roles/services/containers/gitea/tasks/main.yml
new file mode 100644
index 0000000..fecec5e
--- /dev/null
+++ b/roles/services/containers/gitea/tasks/main.yml
@@ -0,0 +1,171 @@
+- name: set image fact
+  set_fact:
+    image: gitea/gitea:1.19.3
+- name: set other facts
+  vars:
+    array: "{{ image.split('/', 1) }}"
+  set_fact:
+    repo_tag: "{{ array.1 }}"
+    custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
+- name: create gitea directory
+  file:
+    path: "{{ docker_home }}/gitea"
+    state: directory
+    owner: "{{ docker_username }}"
+    group: "{{ docker_username }}"
+    mode: '0755'
+- name: login to docker registry
+  become: yes
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
+  docker_login:
+    docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
+    registry_url: "{{ docker_registry_url }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+- name: get gitea image
+  become: yes
+  docker_image:
+    name: "{{ image }}"
+    repository: "{{ custom_registry }}/{{ repo_tag }}"
+    push: yes
+    source: pull
+    force_source: yes
+- name: create git user on host
+  user:
+    name: "git"
+    uid: "{{ gitea_git_uid }}"
+    create_home: yes
+    generate_ssh_key: yes
+    shell: /bin/bash
+- name: get git user public key
+  command: cat /home/git/.ssh/id_rsa.pub
+  register: pubkey
+  changed_when: false
+- name: add git user public key to git user's authorized_keys file
+  authorized_key:
+    user: git
+    key: "{{ pubkey.stdout }}"
+- name: create fake host gitea
+  blockinfile:
+    path: /usr/local/bin/gitea
+    create: yes
+    owner: root
+    group: root
+    mode: '0755'
+    block: |
+      #!/bin/sh
+      ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
+- name: create gitea data directory
+  file:
+    path: "{{ docker_home }}/gitea/data"
+    state: directory
+    owner: "{{ gitea_git_uid }}"
+    group: "{{ gitea_git_uid }}"
+    mode: '0755'
+- name: create gitea config directory
+  file:
+    path: "{{ docker_home }}/gitea/config"
+    state: directory
+    owner: "{{ gitea_git_uid }}"
+    group: "{{ gitea_git_uid }}"
+    mode: '0755'
+- name: copy gitea config file
+  copy:
+    src: "{{ gitea_config }}"
+    dest: "{{ docker_home }}/gitea/config/app.ini"
+    owner: "{{ gitea_git_uid }}"
+    group: "{{ gitea_git_uid }}"
+    mode: '0644'
+- name: change gitea internal token
+  lineinfile:
+    path: "{{ docker_home }}/gitea/config/app.ini"
+    regexp: "^INTERNAL_TOKEN"
+    line: "INTERNAL_TOKEN = {{ gitea_internal_token }}"
+- name: change gitea lfs jwt secret
+  lineinfile:
+    path: "{{ docker_home }}/gitea/config/app.ini"
+    regexp: "^LFS_JWT_SECRET"
+    line: "LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}"
+- name: set permissions on gitea data
+  file:
+    path: "{{ docker_home }}/gitea/data/"
+    owner: "{{ gitea_git_uid }}"
+    group: "{{ gitea_git_uid }}"
+    mode: u=rwX,g=rX,o=rX
+    recurse: yes
+- name: set permissions on gitea config
+  file:
+    path: "{{ docker_home }}/gitea/config/"
+    owner: "{{ gitea_git_uid }}"
+    group: "{{ gitea_git_uid }}"
+    mode: u=rwX,g=rX,o=rX
+    recurse: yes
+- name: create gitea docker network
+  docker_network:
+    name: "{{ gitea_network_name }}"
+    driver: bridge
+    ipam_config:
+      - subnet: "{{ gitea_subnet }}"
+        gateway: "{{ gitea_gateway }}"
+- name: create and deploy gitea container
+  become: yes
+  docker_container:
+    name: "gitea"
+    hostname: "gitea"
+    image: "{{ custom_registry }}/{{ repo_tag }}"
+    purge_networks: yes
+    networks:
+      - name: "{{ gitea_network_name }}"
+        ipv4_address: "{{ gitea_ipv4 }}"
+    ports:
+      - "127.0.0.1:{{ gitea_external_port }}:3000"
+      - "127.0.0.1:2222:22"
+    state: 'started'
+    comparisons:
+      '*': strict
+    restart_policy: unless-stopped
+    env:
+      "USER_UID": "{{ gitea_git_uid }}"
+      "USER_GID": "{{ gitea_git_uid }}"
+    volumes:
+      - "{{ docker_home }}/gitea/data:/data"
+      - "{{ docker_home }}/gitea/config:/data/gitea/conf"
+      - "/home/git/.ssh/:/data/git/.ssh"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+- name: deploy nginx configuration
+  notify: restart nginx
+  register: nginx_config
+  copy:
+    src: "{{ gitea_nginx_config }}"
+    dest: /etc/nginx/sites-available/gitea.conf
+    owner: root
+    group: root
+    mode: '0644'
+- name: symlink site
+  file:
+    src: /etc/nginx/sites-available/gitea.conf
+    dest: /etc/nginx/sites-enabled/gitea.conf
+    owner: root
+    group: root
+    state: link
author	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
committer	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
commit	95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree	cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /roles/services/containers/gitea/tasks

diff --git a/roles/services/containers/gitea/tasks/main.yml b/roles/services/containers/gitea/tasks/main.yml new file mode 100644 index 0000000..fecec5e --- /dev/null +++ b/roles/services/containers/gitea/tasks/main.yml
@@ -0,0 +1,171 @@
	1	- name: set image fact
	2	set_fact:
	3	image: gitea/gitea:1.19.3
	4
	5	- name: set other facts
	6	vars:
	7	array: "{{ image.split('/', 1) }}"
	8	set_fact:
	9	repo_tag: "{{ array.1 }}"
	10	custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
	11
	12	- name: create gitea directory
	13	file:
	14	path: "{{ docker_home }}/gitea"
	15	state: directory
	16	owner: "{{ docker_username }}"
	17	group: "{{ docker_username }}"
	18	mode: '0755'
	19
	20	- name: login to docker registry
	21	become: yes
	22	environment:
	23	XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
	24	docker_login:
	25	docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
	26	registry_url: "{{ docker_registry_url }}"
	27	username: "{{ docker_registry_username }}"
	28	password: "{{ docker_registry_password }}"
	29
	30	- name: get gitea image
	31	become: yes
	32	docker_image:
	33	name: "{{ image }}"
	34	repository: "{{ custom_registry }}/{{ repo_tag }}"
	35	push: yes
	36	source: pull
	37	force_source: yes
	38
	39	- name: create git user on host
	40	user:
	41	name: "git"
	42	uid: "{{ gitea_git_uid }}"
	43	create_home: yes
	44	generate_ssh_key: yes
	45	shell: /bin/bash
	46
	47	- name: get git user public key
	48	command: cat /home/git/.ssh/id_rsa.pub
	49	register: pubkey
	50	changed_when: false
	51
	52	- name: add git user public key to git user's authorized_keys file
	53	authorized_key:
	54	user: git
	55	key: "{{ pubkey.stdout }}"
	56
	57	- name: create fake host gitea
	58	blockinfile:
	59	path: /usr/local/bin/gitea
	60	create: yes
	61	owner: root
	62	group: root
	63	mode: '0755'
	64	block: \|
	65	#!/bin/sh
	66	ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
	67
	68	- name: create gitea data directory
	69	file:
	70	path: "{{ docker_home }}/gitea/data"
	71	state: directory
	72	owner: "{{ gitea_git_uid }}"
	73	group: "{{ gitea_git_uid }}"
	74	mode: '0755'
	75
	76	- name: create gitea config directory
	77	file:
	78	path: "{{ docker_home }}/gitea/config"
	79	state: directory
	80	owner: "{{ gitea_git_uid }}"
	81	group: "{{ gitea_git_uid }}"
	82	mode: '0755'
	83
	84	- name: copy gitea config file
	85	copy:
	86	src: "{{ gitea_config }}"
	87	dest: "{{ docker_home }}/gitea/config/app.ini"
	88	owner: "{{ gitea_git_uid }}"
	89	group: "{{ gitea_git_uid }}"
	90	mode: '0644'
	91
	92	- name: change gitea internal token
	93	lineinfile:
	94	path: "{{ docker_home }}/gitea/config/app.ini"
	95	regexp: "^INTERNAL_TOKEN"
	96	line: "INTERNAL_TOKEN = {{ gitea_internal_token }}"
	97
	98	- name: change gitea lfs jwt secret
	99	lineinfile:
	100	path: "{{ docker_home }}/gitea/config/app.ini"
	101	regexp: "^LFS_JWT_SECRET"
	102	line: "LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}"
	103
	104	- name: set permissions on gitea data
	105	file:
	106	path: "{{ docker_home }}/gitea/data/"
	107	owner: "{{ gitea_git_uid }}"
	108	group: "{{ gitea_git_uid }}"
	109	mode: u=rwX,g=rX,o=rX
	110	recurse: yes
	111
	112	- name: set permissions on gitea config
	113	file:
	114	path: "{{ docker_home }}/gitea/config/"
	115	owner: "{{ gitea_git_uid }}"
	116	group: "{{ gitea_git_uid }}"
	117	mode: u=rwX,g=rX,o=rX
	118	recurse: yes
	119
	120	- name: create gitea docker network
	121	docker_network:
	122	name: "{{ gitea_network_name }}"
	123	driver: bridge
	124	ipam_config:
	125	- subnet: "{{ gitea_subnet }}"
	126	gateway: "{{ gitea_gateway }}"
	127
	128	- name: create and deploy gitea container
	129	become: yes
	130	docker_container:
	131	name: "gitea"
	132	hostname: "gitea"
	133	image: "{{ custom_registry }}/{{ repo_tag }}"
	134	purge_networks: yes
	135	networks:
	136	- name: "{{ gitea_network_name }}"
	137	ipv4_address: "{{ gitea_ipv4 }}"
	138	ports:
	139	- "127.0.0.1:{{ gitea_external_port }}:3000"
	140	- "127.0.0.1:2222:22"
	141	state: 'started'
	142	comparisons:
	143	'*': strict
	144	restart_policy: unless-stopped
	145	env:
	146	"USER_UID": "{{ gitea_git_uid }}"
	147	"USER_GID": "{{ gitea_git_uid }}"
	148	volumes:
	149	- "{{ docker_home }}/gitea/data:/data"
	150	- "{{ docker_home }}/gitea/config:/data/gitea/conf"
	151	- "/home/git/.ssh/:/data/git/.ssh"
	152	- "/etc/timezone:/etc/timezone:ro"
	153	- "/etc/localtime:/etc/localtime:ro"
	154
	155	- name: deploy nginx configuration
	156	notify: restart nginx
	157	register: nginx_config
	158	copy:
	159	src: "{{ gitea_nginx_config }}"
	160	dest: /etc/nginx/sites-available/gitea.conf
	161	owner: root
	162	group: root
	163	mode: '0644'
	164
	165	- name: symlink site
	166	file:
	167	src: /etc/nginx/sites-available/gitea.conf
	168	dest: /etc/nginx/sites-enabled/gitea.conf
	169	owner: root
	170	group: root
	171	state: link