docs: rewrite README with structured overview and quick start guide

Replaces the minimal project description with a comprehensive README including a component overview table, quick start instructions, common Ansible operations, and links to detailed documentation. Aligns with Red Panda Approval™ standards.
2026-03-03 12:49:06 +00:00
parent c7be03a743
commit b4d60f2f38
219 changed files with 34586 additions and 2 deletions
--- a/ansible/gitea/deploy.yml
+++ b/ansible/gitea/deploy.yml
@@ -0,0 +1,229 @@
+---
+- name: Deploy Gitea
+  hosts: gitea
+  become: true
+  tasks:
+    - name: Check if host has gitea service
+      ansible.builtin.set_fact:
+        has_gitea_service: "{{ 'gitea' in services | default([]) }}"
+
+    - name: Skip hosts without gitea service
+      ansible.builtin.meta: end_host
+      when: not has_gitea_service
+
+    - name: Install required packages
+      ansible.builtin.apt:
+        name:
+          - git
+          - git-lfs
+          - curl
+          - memcached
+        state: present
+        update_cache: true
+
+    - name: Ensure Memcached is running
+      ansible.builtin.service:
+        name: memcached
+        state: started
+        enabled: true
+
+    - name: Create git system group
+      ansible.builtin.group:
+        name: "{{ gitea_group }}"
+        system: true
+        state: present
+
+    - name: Create git system user
+      ansible.builtin.user:
+        name: "{{ gitea_user }}"
+        group: "{{ gitea_group }}"
+        system: true
+        shell: /bin/bash
+        home: "{{ gitea_home_dir }}"
+        create_home: true
+        comment: "Git Version Control"
+
+    - name: Create Gitea directories
+      ansible.builtin.file:
+        path: "{{ item.path }}"
+        state: directory
+        owner: "{{ item.owner }}"
+        group: "{{ item.group }}"
+        mode: "{{ item.mode }}"
+      loop:
+        - { path: "{{ gitea_work_dir }}", owner: "{{ gitea_user }}", group: "{{ gitea_group }}", mode: "0755" }
+        - { path: "{{ gitea_work_dir }}/custom", owner: "{{ gitea_user }}", group: "{{ gitea_group }}", mode: "0755" }
+        - { path: "{{ gitea_data_dir }}", owner: "{{ gitea_user }}", group: "{{ gitea_group }}", mode: "0755" }
+        - { path: "{{ gitea_lfs_dir }}", owner: "{{ gitea_user }}", group: "{{ gitea_group }}", mode: "0755" }
+        - { path: "{{ gitea_repo_root }}", owner: "{{ gitea_user }}", group: "{{ gitea_group }}", mode: "0755" }
+        - { path: "/etc/gitea", owner: "root", group: "{{ gitea_group }}", mode: "0770" }
+
+    - name: Get installed Gitea version
+      ansible.builtin.command:
+        cmd: /usr/local/bin/gitea --version
+      register: gitea_installed_version
+      changed_when: false
+      failed_when: false
+
+    - name: Parse installed version
+      ansible.builtin.set_fact:
+        gitea_current_version: "{{ gitea_installed_version.stdout | regex_search('([0-9]+\\.[0-9]+\\.[0-9]+)') | default('0.0.0') }}"
+      when: gitea_installed_version.rc == 0
+
+    - name: Set current version to 0.0.0 if not installed
+      ansible.builtin.set_fact:
+        gitea_current_version: "0.0.0"
+      when: gitea_installed_version.rc != 0
+
+    - name: Get latest Gitea release version from GitHub
+      ansible.builtin.uri:
+        url: https://api.github.com/repos/go-gitea/gitea/releases/latest
+        return_content: true
+      register: gitea_latest_release
+
+    - name: Extract latest version number
+      ansible.builtin.set_fact:
+        gitea_latest_version: "{{ gitea_latest_release.json.tag_name | regex_replace('^v', '') }}"
+
+    - name: Display version information
+      ansible.builtin.debug:
+        msg: "Gitea: installed={{ gitea_current_version }}, latest={{ gitea_latest_version }}"
+
+    - name: Stop Gitea before upgrade
+      ansible.builtin.systemd:
+        name: gitea
+        state: stopped
+      when:
+        - gitea_current_version != gitea_latest_version
+        - gitea_current_version != "0.0.0"
+
+    - name: Download Gitea binary
+      ansible.builtin.get_url:
+        url: "https://dl.gitea.com/gitea/{{ gitea_latest_version }}/gitea-{{ gitea_latest_version }}-linux-amd64"
+        dest: /usr/local/bin/gitea
+        mode: '0755'
+        owner: root
+        group: root
+        force: true
+      when: gitea_current_version != gitea_latest_version
+      notify: restart gitea
+
+    - name: Template Gitea configuration
+      ansible.builtin.template:
+        src: app.ini.j2
+        dest: "{{ gitea_config_file }}"
+        owner: "{{ gitea_user }}"
+        group: "{{ gitea_group }}"
+        mode: '0640'
+      notify: restart gitea
+
+    - name: Create Gitea systemd service
+      ansible.builtin.copy:
+        dest: /etc/systemd/system/gitea.service
+        mode: '0644'
+        owner: root
+        group: root
+        content: |
+          [Unit]
+          Description=Gitea (Git with a cup of tea)
+          After=syslog.target
+          After=network.target
+          After=postgresql.service
+
+          [Service]
+          RestartSec=2s
+          Type=simple
+          User={{ gitea_user }}
+          Group={{ gitea_group }}
+          WorkingDirectory={{ gitea_work_dir }}/
+          ExecStart=/usr/local/bin/gitea web --config {{ gitea_config_file }}
+          Restart=always
+          Environment=USER={{ gitea_user }} HOME={{ gitea_home_dir }} GITEA_WORK_DIR={{ gitea_work_dir }}
+
+          [Install]
+          WantedBy=multi-user.target
+      notify: restart gitea
+
+    - name: Reload systemd daemon
+      ansible.builtin.systemd:
+        daemon_reload: true
+
+    - name: Enable and start Gitea service
+      ansible.builtin.systemd:
+        name: gitea
+        enabled: true
+        state: started
+
+    # OAuth2 Provider Configuration (Casdoor SSO)
+    - name: Flush handlers to ensure Gitea is restarted before healthcheck
+      ansible.builtin.meta: flush_handlers
+
+    - name: Wait for Gitea to be ready
+      ansible.builtin.uri:
+        url: "http://127.0.0.1:{{ gitea_web_port }}/api/healthz"
+        method: GET
+        status_code: 200
+      register: gitea_health
+      until: gitea_health.status == 200
+      retries: 30
+      delay: 5
+      when: gitea_oauth_enabled | default(false)
+
+    - name: Check if Casdoor OAuth source exists
+      ansible.builtin.command:
+        cmd: >
+          /usr/local/bin/gitea admin auth list
+          --config {{ gitea_config_file }}
+      become: true
+      become_user: "{{ gitea_user }}"
+      register: gitea_auth_list
+      changed_when: false
+      when: gitea_oauth_enabled | default(false)
+
+    - name: Add Casdoor OAuth2 authentication source
+      ansible.builtin.command:
+        cmd: >
+          /usr/local/bin/gitea admin auth add-oauth
+          --config {{ gitea_config_file }}
+          --name "{{ gitea_oauth_name }}"
+          --provider openidConnect
+          --key "{{ gitea_oauth_client_id }}"
+          --secret "{{ gitea_oauth_client_secret }}"
+          --auto-discover-url "https://id.ouranos.helu.ca/.well-known/openid-configuration"
+          --scopes "{{ gitea_oauth_scopes }}"
+          --skip-local-2fa
+          --group-claim-name ""
+          --admin-group ""
+      become: true
+      become_user: "{{ gitea_user }}"
+      when:
+        - gitea_oauth_enabled | default(false)
+        - gitea_oauth_name not in gitea_auth_list.stdout
+      notify: restart gitea
+
+    - name: Update Casdoor OAuth2 authentication source
+      ansible.builtin.command:
+        cmd: >
+          /usr/local/bin/gitea admin auth update-oauth
+          --config {{ gitea_config_file }}
+          --id {{ gitea_auth_list.stdout_lines | select('search', gitea_oauth_name) | first | regex_search('^\d+') }}
+          --name "{{ gitea_oauth_name }}"
+          --provider openidConnect
+          --key "{{ gitea_oauth_client_id }}"
+          --secret "{{ gitea_oauth_client_secret }}"
+          --auto-discover-url "https://id.ouranos.helu.ca/.well-known/openid-configuration"
+          --scopes "{{ gitea_oauth_scopes }}"
+          --skip-local-2fa
+      become: true
+      become_user: "{{ gitea_user }}"
+      when:
+        - gitea_oauth_enabled | default(false)
+        - gitea_oauth_name in gitea_auth_list.stdout
+      notify: restart gitea
+
+  handlers:
+    - name: restart gitea
+      ansible.builtin.systemd:
+        name: gitea
+        state: restarted
+        daemon_reload: true