olli/debian.ansible.gitea.server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
olli 2022-07-10 10:50:59 +02:00
commit 951fe81186
2 changed files with 253 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
README.md Normal file
View File

253
gitea.yml Normal file
View File

@ -0,0 +1,253 @@
---
- name: gitea
hosts: ds9.dedyn.io
tasks:
- name: Create /home/docker/gitea.{{inventory_hostname}} dir
ansible.builtin.file:
path: /home/docker/gitea.{{inventory_hostname}}
owner: root
group: docker
state: directory
mode: '0550'
- name: /home/docker/gitea.{{inventory_hostname}}/genpw.sh (generate Random PW for Gitea and DB)
blockinfile:
path: /home/docker/gitea.{{inventory_hostname}}/genpw.sh
create: yes
mode: 0550
owner: root
group: docker
marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: |
cd /home/docker/gitea.{{inventory_hostname}}
mysqluser=$(pwgen -s 32 1)
mysqlpassword=$(pwgen -s 32 1)
gtadminpassword=$(pwgen -s 32 1)
[ -f env ] || echo "GITEA__database__USER=!MYSQLUSER!
GITEA__database__PASSWD=!MYSQLPASSWORD!
GTADMINPASSWD=!GTADMINPASSWD!
" >env
[ -f env.db ] || echo "MARIADB_USER=!MYSQLUSER!
MARIADB_PASSWORD=!MYSQLPASSWORD!
" >env.db
[ -f env.phpmyadmin ] || echo "PMA_USER=!MYSQLUSER!
PMA_PASSWORD=!MYSQLPASSWORD!
" >env.phpmyadmin
chmod 440 env env.db env.phpmyadmin
chown root:docker env env.db env.phpmyadmin
sed -i "s/\!MYSQLUSER\!/$mysqluser/g" env env.db env.phpmyadmin
sed -i "s/\!MYSQLPASSWORD\!/$mysqlpassword/g" env env.db env.phpmyadmin
sed -i "s/\!GTADMINPASSWD\!/$gtadminpassword/g" env
backup: yes
validate: /bin/bash -n %s
notify: run genpw.sh
- name: /home/docker/gitea.{{inventory_hostname}}/genpw.sh shebang
lineinfile:
path: /home/docker/gitea.{{inventory_hostname}}/genpw.sh
insertbefore: BOF
line: "#!/bin/bash -e"
- name: Gen initial passwords if not exists
ansible.builtin.shell: ./genpw.sh
args:
chdir: /home/docker/gitea.{{inventory_hostname}}
creates: /home/docker/gitea.{{inventory_hostname}}/env
- name: /home/docker/gitea.{{inventory_hostname}}/docker-compose.yml Container Configuration
blockinfile:
path: /home/docker/gitea.{{inventory_hostname}}/docker-compose.yml
create: yes
mode: 0440
owner: root
group: docker
marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: |
version: '3.6'
services:
gitea.{{inventory_hostname}}:
image: gitea/gitea:latest
restart: unless-stopped
env_file: env
environment:
- USER_UID=1000
- USER_GID=1000
- APP_NAME=gitea.{{ ansible_facts['nodename'] }}
- RUN_MODE=prod
- RUN_USER=git
- GITEA__server__DOMAIN=gitea.{{ ansible_facts['nodename'] }}
- GITEA__server__SSH_DOMAIN=gitea.{{ ansible_facts['nodename'] }}
- GITEA__server__ROOT_URL=https://gitea.ds9.dedyn.io
- GITEA__mailer__ENABLED=true
- GITEA__mailer__HOST=mail.{{ ansible_facts['nodename'] }}
- GITEA__mailer__FROM=gitea@{{ ansible_facts['nodename'] }}
- GITEA__mailer__USER=
- GITEA__mailer__PASSWD=
- GITEA__service__DISABLE_REGISTRATION=true
- GITEA__service__REQUIRE_SIGNIN_VIEW=false
- GITEA__service__REGISTER_EMAIL_CONFIRM=true
- GITEA__service__ENABLE_NOTIFY_MAIL=true
- GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=false
- GITEA__service__ENABLE_CAPTCHA=false
- GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE=true
- GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION=true
- GITEA__service__DEFAULT_ENABLE_TIMETRACKING=true
- GITEA__service__NO_REPLY_ADDRESS=ds9.dedyn.io
- GITEA__security__INSTALL_LOCK=true
- GITEA__database__DB_TYPE=mysql
- GITEA__database__HOST=gitea.{{inventory_hostname}}--db:3306
- GITEA__database__NAME=gitea-db
networks:
- traefik
- gitea.{{inventory_hostname}}--network
volumes:
- ./data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
labels:
- traefik.enable=true
# HTTPS
- traefik.http.routers.gitea-{{ ansible_facts['hostname'] }}.rule=Host(`gitea.{{ ansible_facts['nodename'] }}`)
- traefik.http.routers.gitea-{{ ansible_facts['hostname'] }}.entrypoints=https
- traefik.http.routers.gitea-{{ ansible_facts['hostname'] }}.tls=true
- traefik.http.routers.gitea-{{ ansible_facts['hostname'] }}.middlewares=secHeaders@file
# Proxy to service-port
- traefik.http.services.gitea-{{ ansible_facts['hostname'] }}.loadbalancer.server.port=3000
- traefik.http.routers.gitea-{{ ansible_facts['hostname'] }}.service=gitea-{{ ansible_facts['hostname'] }}
# cert via letsencrypt
- traefik.http.routers.gitea-{{ ansible_facts['hostname'] }}.tls.certresolver=letsencrypt
# Traefik network
- traefik.docker.network=traefik
ports:
- 333:22
gitea.{{inventory_hostname}}--db:
image: mariadb:latest
cap_add:
- SYS_NICE
restart: unless-stopped
volumes:
- ./giteadb-data:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
env_file: env.db
environment:
- MARIADB_RANDOM_ROOT_PASSWORD=1
- MARIADB_DATABASE=gitea-db
- MARIADB_AUTO_UPGRADE=1
- MARIADB_INITDB_SKIP_TZINFO=1
networks:
- gitea.{{inventory_hostname}}--network
gitea.{{inventory_hostname}}--phpmyadmin:
image: phpmyadmin:latest
restart: unless-stopped
env_file: env.phpmyadmin
environment:
- PMA_ARBITRARY=0
- PMA_HOST=gitea.{{inventory_hostname}}--db
volumes:
- /etc/localtime:/etc/localtime:ro
networks:
- gitea.{{inventory_hostname}}--network
- traefik
labels:
- traefik.enable=true
# HTTPS
- traefik.http.routers.gitea-{{ ansible_facts['hostname'] }}--phpmyadmin.rule=Host(`gitea-phpmyadmin.{{ ansible_facts['nodename'] }}`)
- traefik.http.routers.gitea-{{ ansible_facts['hostname'] }}--phpmyadmin.entrypoints=https
- traefik.http.routers.gitea-{{ ansible_facts['hostname'] }}--phpmyadmin.tls=true
# Proxy to service-port
- traefik.http.services.gitea-{{ ansible_facts['hostname'] }}--phpmyadmin.loadbalancer.server.port=80
- traefik.http.routers.gitea-{{ ansible_facts['hostname'] }}--phpmyadmin.service=gitea-{{ ansible_facts['hostname'] }}--phpmyadmin
# cert via letsencrypt
- traefik.http.routers.gitea-{{ ansible_facts['hostname'] }}--phpmyadmin.tls.certresolver=letsencrypt
# Auth
- traefik.http.routers.gitea-{{ ansible_facts['hostname'] }}--phpmyadmin.middlewares=secHeaders@file,gitea-{{ ansible_facts['hostname'] }}--phpmyadmin-auth
- traefik.http.middlewares.gitea-{{ ansible_facts['hostname'] }}--phpmyadmin-auth.basicauth.users=admin:$$apr1$$XLxGs/Ba$$3phZ1a2RtfExOp8x6NFjZ.
# Traefik network
- traefik.docker.network=traefik
networks:
gitea.{{inventory_hostname}}--network:
driver: bridge
driver_opts:
com.docker.network.bridge.name: br-gitea
traefik:
external: true
backup: yes
notify: Restart gitea
- name: Start gitea
ansible.builtin.shell: docker-compose up -d
args:
chdir: /home/docker/gitea.{{inventory_hostname}}
creates: /home/docker/gitea.{{inventory_hostname}}/data/gitea/conf/app.ini
- name: Wait until gitea install is finished
wait_for:
path: /home/docker/gitea.{{inventory_hostname}}/data/gitea/conf/app.ini
- name: /home/docker/gitea.{{inventory_hostname}}/gitea.init.sh
blockinfile:
path: /home/docker/gitea.{{inventory_hostname}}/gitea.init.sh
mode: "0500"
owner: root
group: root
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: |
# create admin-User
cd /home/docker/gitea.{{inventory_hostname}}
until wget -t1 --timeout=15 https://gitea.{{inventory_hostname}} >/dev/null 2>&1
do
sleep 5
done
if ! docker-compose exec -u git gitea.{{inventory_hostname}} gitea admin user list | grep -q " gtadmin "
then
cat env | egrep "^GTADMINPASSWD=" >env.tmp
. env.tmp
rm -f env.tmp
docker-compose exec -u git gitea.{{inventory_hostname}} gitea admin user create --username gtadmin --email admin@{{inventory_hostname}} --admin --password $GTADMINPASSWD
fi
backup: yes
validate: /bin/bash -n %s
notify: run gitea.init
- name: Run gitea.init after install
ansible.builtin.shell: bash /home/docker/gitea.{{inventory_hostname}}/gitea.init.sh
args:
chdir: /home/docker/gitea.{{inventory_hostname}}
creates: /home/docker/gitea.{{inventory_hostname}}/gitea.init.log
- name: Allow ssh on port 333
community.general.ufw:
rule: allow
port: '333'
proto: tcp
handlers:
- name: run genpw.sh
ansible.builtin.shell: ./genpw.sh
args:
chdir: /home/docker/gitea.{{inventory_hostname}}
notify: Restart gitea
- name: run gitea.init
ansible.builtin.shell: bash /home/docker/gitea.{{inventory_hostname}}/gitea.init.sh
- name: Restart gitea
ansible.builtin.shell: docker-compose up -d
args:
chdir: /home/docker/gitea.{{inventory_hostname}}