From 95b73daa36b23565a8566f71f9b202d3459b685f Mon Sep 17 00:00:00 2001
From: Sam Chudnick <sam@chudnick.com>
Date: Sun, 25 Jun 2023 09:52:36 -0400
Subject: Initial Commit

---
 roles/services/containers/gitea/tasks/main.yml | 171 +++++++++++++++++++++++++
 1 file changed, 171 insertions(+)
 create mode 100644 roles/services/containers/gitea/tasks/main.yml

(limited to 'roles/services/containers/gitea/tasks')

diff --git a/roles/services/containers/gitea/tasks/main.yml b/roles/services/containers/gitea/tasks/main.yml
new file mode 100644
index 0000000..fecec5e
--- /dev/null
+++ b/roles/services/containers/gitea/tasks/main.yml
@@ -0,0 +1,171 @@
+- name: set image fact
+  set_fact:
+    image: gitea/gitea:1.19.3
+
+- name: set other facts
+  vars:
+    array: "{{ image.split('/', 1) }}"
+  set_fact:
+    repo_tag: "{{ array.1 }}"
+    custom_registry: "{{ docker_registry_url + '/' + docker_registry_username }}"
+
+- name: create gitea directory
+  file:
+    path: "{{ docker_home }}/gitea"
+    state: directory
+    owner: "{{ docker_username }}"
+    group: "{{ docker_username }}"
+    mode: '0755'
+
+- name: login to docker registry
+  become: yes
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
+  docker_login:
+    docker_host: "unix://run/user/{{ docker_uid }}/docker.sock"
+    registry_url: "{{ docker_registry_url }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+
+- name: get gitea image
+  become: yes
+  docker_image:
+    name: "{{ image }}"
+    repository: "{{ custom_registry }}/{{ repo_tag }}"
+    push: yes
+    source: pull
+    force_source: yes
+
+- name: create git user on host
+  user:
+    name: "git"
+    uid: "{{ gitea_git_uid }}"
+    create_home: yes
+    generate_ssh_key: yes
+    shell: /bin/bash
+
+- name: get git user public key
+  command: cat /home/git/.ssh/id_rsa.pub
+  register: pubkey
+  changed_when: false
+
+- name: add git user public key to git user's authorized_keys file
+  authorized_key:
+    user: git
+    key: "{{ pubkey.stdout }}"
+
+- name: create fake host gitea
+  blockinfile:
+    path: /usr/local/bin/gitea
+    create: yes
+    owner: root
+    group: root
+    mode: '0755'
+    block: |
+      #!/bin/sh
+      ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
+
+- name: create gitea data directory
+  file:
+    path: "{{ docker_home }}/gitea/data"
+    state: directory
+    owner: "{{ gitea_git_uid }}"
+    group: "{{ gitea_git_uid }}"
+    mode: '0755'
+
+- name: create gitea config directory
+  file:
+    path: "{{ docker_home }}/gitea/config"
+    state: directory
+    owner: "{{ gitea_git_uid }}"
+    group: "{{ gitea_git_uid }}"
+    mode: '0755'
+
+- name: copy gitea config file
+  copy:
+    src: "{{ gitea_config }}"
+    dest: "{{ docker_home }}/gitea/config/app.ini"
+    owner: "{{ gitea_git_uid }}"
+    group: "{{ gitea_git_uid }}"
+    mode: '0644'
+
+- name: change gitea internal token
+  lineinfile:
+    path: "{{ docker_home }}/gitea/config/app.ini"
+    regexp: "^INTERNAL_TOKEN"
+    line: "INTERNAL_TOKEN = {{ gitea_internal_token }}"
+
+- name: change gitea lfs jwt secret
+  lineinfile:
+    path: "{{ docker_home }}/gitea/config/app.ini"
+    regexp: "^LFS_JWT_SECRET"
+    line: "LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}"
+
+- name: set permissions on gitea data
+  file:
+    path: "{{ docker_home }}/gitea/data/"
+    owner: "{{ gitea_git_uid }}"
+    group: "{{ gitea_git_uid }}"
+    mode: u=rwX,g=rX,o=rX
+    recurse: yes
+
+- name: set permissions on gitea config
+  file:
+    path: "{{ docker_home }}/gitea/config/"
+    owner: "{{ gitea_git_uid }}"
+    group: "{{ gitea_git_uid }}"
+    mode: u=rwX,g=rX,o=rX
+    recurse: yes
+
+- name: create gitea docker network
+  docker_network:
+    name: "{{ gitea_network_name }}"
+    driver: bridge
+    ipam_config:
+      - subnet: "{{ gitea_subnet }}"
+        gateway: "{{ gitea_gateway }}"
+
+- name: create and deploy gitea container
+  become: yes
+  docker_container:
+    name: "gitea"
+    hostname: "gitea"
+    image: "{{ custom_registry }}/{{ repo_tag }}"
+    purge_networks: yes
+    networks:
+      - name: "{{ gitea_network_name }}"
+        ipv4_address: "{{ gitea_ipv4 }}"
+    ports:
+      - "127.0.0.1:{{ gitea_external_port }}:3000"
+      - "127.0.0.1:2222:22"
+    state: 'started'
+    comparisons:
+      '*': strict
+    restart_policy: unless-stopped
+    env:
+      "USER_UID": "{{ gitea_git_uid }}"
+      "USER_GID": "{{ gitea_git_uid }}"
+    volumes:
+      - "{{ docker_home }}/gitea/data:/data"
+      - "{{ docker_home }}/gitea/config:/data/gitea/conf"
+      - "/home/git/.ssh/:/data/git/.ssh"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+
+- name: deploy nginx configuration
+  notify: restart nginx
+  register: nginx_config
+  copy:
+    src: "{{ gitea_nginx_config }}"
+    dest: /etc/nginx/sites-available/gitea.conf
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: symlink site
+  file:
+    src: /etc/nginx/sites-available/gitea.conf
+    dest: /etc/nginx/sites-enabled/gitea.conf
+    owner: root
+    group: root
+    state: link
-- 
cgit v1.2.3