Robert Helewka
b4d60f2f38
Replaces the minimal project description with a comprehensive README including a component overview table, quick start instructions, common Ansible operations, and links to detailed documentation. Aligns with Red Panda Approval™ standards.
230 lines
7.6 KiB
YAML
230 lines
7.6 KiB
YAML
---
|
|
- name: Deploy Gitea
|
|
hosts: gitea
|
|
become: true
|
|
tasks:
|
|
- name: Check if host has gitea service
|
|
ansible.builtin.set_fact:
|
|
has_gitea_service: "{{ 'gitea' in services | default([]) }}"
|
|
|
|
- name: Skip hosts without gitea service
|
|
ansible.builtin.meta: end_host
|
|
when: not has_gitea_service
|
|
|
|
- name: Install required packages
|
|
ansible.builtin.apt:
|
|
name:
|
|
- git
|
|
- git-lfs
|
|
- curl
|
|
- memcached
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Ensure Memcached is running
|
|
ansible.builtin.service:
|
|
name: memcached
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Create git system group
|
|
ansible.builtin.group:
|
|
name: "{{ gitea_group }}"
|
|
system: true
|
|
state: present
|
|
|
|
- name: Create git system user
|
|
ansible.builtin.user:
|
|
name: "{{ gitea_user }}"
|
|
group: "{{ gitea_group }}"
|
|
system: true
|
|
shell: /bin/bash
|
|
home: "{{ gitea_home_dir }}"
|
|
create_home: true
|
|
comment: "Git Version Control"
|
|
|
|
- name: Create Gitea directories
|
|
ansible.builtin.file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
owner: "{{ item.owner }}"
|
|
group: "{{ item.group }}"
|
|
mode: "{{ item.mode }}"
|
|
loop:
|
|
- { path: "{{ gitea_work_dir }}", owner: "{{ gitea_user }}", group: "{{ gitea_group }}", mode: "0755" }
|
|
- { path: "{{ gitea_work_dir }}/custom", owner: "{{ gitea_user }}", group: "{{ gitea_group }}", mode: "0755" }
|
|
- { path: "{{ gitea_data_dir }}", owner: "{{ gitea_user }}", group: "{{ gitea_group }}", mode: "0755" }
|
|
- { path: "{{ gitea_lfs_dir }}", owner: "{{ gitea_user }}", group: "{{ gitea_group }}", mode: "0755" }
|
|
- { path: "{{ gitea_repo_root }}", owner: "{{ gitea_user }}", group: "{{ gitea_group }}", mode: "0755" }
|
|
- { path: "/etc/gitea", owner: "root", group: "{{ gitea_group }}", mode: "0770" }
|
|
|
|
- name: Get installed Gitea version
|
|
ansible.builtin.command:
|
|
cmd: /usr/local/bin/gitea --version
|
|
register: gitea_installed_version
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Parse installed version
|
|
ansible.builtin.set_fact:
|
|
gitea_current_version: "{{ gitea_installed_version.stdout | regex_search('([0-9]+\\.[0-9]+\\.[0-9]+)') | default('0.0.0') }}"
|
|
when: gitea_installed_version.rc == 0
|
|
|
|
- name: Set current version to 0.0.0 if not installed
|
|
ansible.builtin.set_fact:
|
|
gitea_current_version: "0.0.0"
|
|
when: gitea_installed_version.rc != 0
|
|
|
|
- name: Get latest Gitea release version from GitHub
|
|
ansible.builtin.uri:
|
|
url: https://api.github.com/repos/go-gitea/gitea/releases/latest
|
|
return_content: true
|
|
register: gitea_latest_release
|
|
|
|
- name: Extract latest version number
|
|
ansible.builtin.set_fact:
|
|
gitea_latest_version: "{{ gitea_latest_release.json.tag_name | regex_replace('^v', '') }}"
|
|
|
|
- name: Display version information
|
|
ansible.builtin.debug:
|
|
msg: "Gitea: installed={{ gitea_current_version }}, latest={{ gitea_latest_version }}"
|
|
|
|
- name: Stop Gitea before upgrade
|
|
ansible.builtin.systemd:
|
|
name: gitea
|
|
state: stopped
|
|
when:
|
|
- gitea_current_version != gitea_latest_version
|
|
- gitea_current_version != "0.0.0"
|
|
|
|
- name: Download Gitea binary
|
|
ansible.builtin.get_url:
|
|
url: "https://dl.gitea.com/gitea/{{ gitea_latest_version }}/gitea-{{ gitea_latest_version }}-linux-amd64"
|
|
dest: /usr/local/bin/gitea
|
|
mode: '0755'
|
|
owner: root
|
|
group: root
|
|
force: true
|
|
when: gitea_current_version != gitea_latest_version
|
|
notify: restart gitea
|
|
|
|
- name: Template Gitea configuration
|
|
ansible.builtin.template:
|
|
src: app.ini.j2
|
|
dest: "{{ gitea_config_file }}"
|
|
owner: "{{ gitea_user }}"
|
|
group: "{{ gitea_group }}"
|
|
mode: '0640'
|
|
notify: restart gitea
|
|
|
|
- name: Create Gitea systemd service
|
|
ansible.builtin.copy:
|
|
dest: /etc/systemd/system/gitea.service
|
|
mode: '0644'
|
|
owner: root
|
|
group: root
|
|
content: |
|
|
[Unit]
|
|
Description=Gitea (Git with a cup of tea)
|
|
After=syslog.target
|
|
After=network.target
|
|
After=postgresql.service
|
|
|
|
[Service]
|
|
RestartSec=2s
|
|
Type=simple
|
|
User={{ gitea_user }}
|
|
Group={{ gitea_group }}
|
|
WorkingDirectory={{ gitea_work_dir }}/
|
|
ExecStart=/usr/local/bin/gitea web --config {{ gitea_config_file }}
|
|
Restart=always
|
|
Environment=USER={{ gitea_user }} HOME={{ gitea_home_dir }} GITEA_WORK_DIR={{ gitea_work_dir }}
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
notify: restart gitea
|
|
|
|
- name: Reload systemd daemon
|
|
ansible.builtin.systemd:
|
|
daemon_reload: true
|
|
|
|
- name: Enable and start Gitea service
|
|
ansible.builtin.systemd:
|
|
name: gitea
|
|
enabled: true
|
|
state: started
|
|
|
|
# OAuth2 Provider Configuration (Casdoor SSO)
|
|
- name: Flush handlers to ensure Gitea is restarted before healthcheck
|
|
ansible.builtin.meta: flush_handlers
|
|
|
|
- name: Wait for Gitea to be ready
|
|
ansible.builtin.uri:
|
|
url: "http://127.0.0.1:{{ gitea_web_port }}/api/healthz"
|
|
method: GET
|
|
status_code: 200
|
|
register: gitea_health
|
|
until: gitea_health.status == 200
|
|
retries: 30
|
|
delay: 5
|
|
when: gitea_oauth_enabled | default(false)
|
|
|
|
- name: Check if Casdoor OAuth source exists
|
|
ansible.builtin.command:
|
|
cmd: >
|
|
/usr/local/bin/gitea admin auth list
|
|
--config {{ gitea_config_file }}
|
|
become: true
|
|
become_user: "{{ gitea_user }}"
|
|
register: gitea_auth_list
|
|
changed_when: false
|
|
when: gitea_oauth_enabled | default(false)
|
|
|
|
- name: Add Casdoor OAuth2 authentication source
|
|
ansible.builtin.command:
|
|
cmd: >
|
|
/usr/local/bin/gitea admin auth add-oauth
|
|
--config {{ gitea_config_file }}
|
|
--name "{{ gitea_oauth_name }}"
|
|
--provider openidConnect
|
|
--key "{{ gitea_oauth_client_id }}"
|
|
--secret "{{ gitea_oauth_client_secret }}"
|
|
--auto-discover-url "https://id.ouranos.helu.ca/.well-known/openid-configuration"
|
|
--scopes "{{ gitea_oauth_scopes }}"
|
|
--skip-local-2fa
|
|
--group-claim-name ""
|
|
--admin-group ""
|
|
become: true
|
|
become_user: "{{ gitea_user }}"
|
|
when:
|
|
- gitea_oauth_enabled | default(false)
|
|
- gitea_oauth_name not in gitea_auth_list.stdout
|
|
notify: restart gitea
|
|
|
|
- name: Update Casdoor OAuth2 authentication source
|
|
ansible.builtin.command:
|
|
cmd: >
|
|
/usr/local/bin/gitea admin auth update-oauth
|
|
--config {{ gitea_config_file }}
|
|
--id {{ gitea_auth_list.stdout_lines | select('search', gitea_oauth_name) | first | regex_search('^\d+') }}
|
|
--name "{{ gitea_oauth_name }}"
|
|
--provider openidConnect
|
|
--key "{{ gitea_oauth_client_id }}"
|
|
--secret "{{ gitea_oauth_client_secret }}"
|
|
--auto-discover-url "https://id.ouranos.helu.ca/.well-known/openid-configuration"
|
|
--scopes "{{ gitea_oauth_scopes }}"
|
|
--skip-local-2fa
|
|
become: true
|
|
become_user: "{{ gitea_user }}"
|
|
when:
|
|
- gitea_oauth_enabled | default(false)
|
|
- gitea_oauth_name in gitea_auth_list.stdout
|
|
notify: restart gitea
|
|
|
|
handlers:
|
|
- name: restart gitea
|
|
ansible.builtin.systemd:
|
|
name: gitea
|
|
state: restarted
|
|
daemon_reload: true
|