Update to 2021-12-01 19:13

2025-07-26 15:55:56 +02:00 · 2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
--- a/roles/gitea/tasks/admin_user.yml
+++ b/roles/gitea/tasks/admin_user.yml
@@ -0,0 +1,30 @@
+---
+- name: Check if admin user exists
+  command: "mysql --host={{ gitea_db_server }} --user={{ gitea_db_user }} --password='{{ gitea_db_pass }}' {{ gitea_db_name }} -ss -e \"select count(*) from user where lower_name='gitadmin'\""
+  register: gitea_admin
+  changed_when: False
+  retries: 10 # first time gitea starts, it'll take some time to create the tables
+  delay: 10
+  until: gitea_admin.rc == 0
+  tags: gitea
+
+  # The user table is created before the email_address. So on first run, we might have an error when creating the
+  # admin account. Here, we just ensure the email_address table exists before we can continue
+- name: Check if the email_address table exists
+  command: "mysql --host={{ gitea_db_server }} --user={{ gitea_db_user }} --password='{{ gitea_db_pass }}' {{ gitea_db_name }} -ss -e \"select count(*) from email_address\""
+  register: gitea_email_table
+  changed_when: False
+  retries: 10
+  delay: 10
+  until: gitea_email_table.rc == 0
+  when: gitea_admin.stdout != "1"
+  tags: gitea
+
+- name: Create the admin account
+  command: "{{ gitea_root_dir }}/bin/gitea admin user create --name gitadmin --admin --password admin --email admin@example.net --config {{ gitea_root_dir }}/etc/app.ini"
+  args:
+    chdir: "{{ gitea_root_dir }}"
+  become_user: gitea
+  when: gitea_admin.stdout != "1"
+  tags: gitea
+
--- a/roles/gitea/tasks/archive_post.yml
+++ b/roles/gitea/tasks/archive_post.yml
@@ -0,0 +1,6 @@
+---
+- import_tasks: ../includes/webapps_compress_archive.yml
+  vars:
+    - root_dir: "{{ gitea_root_dir }}"
+    - version: "{{ gitea_current_version }}"
+  tags: gitea
--- a/roles/gitea/tasks/archive_pre.yml
+++ b/roles/gitea/tasks/archive_pre.yml
@@ -0,0 +1,23 @@
+---
+- name: Create archive directory
+  file: path={{ gitea_root_dir }}/archives/{{ gitea_current_version }} state=directory mode=700
+  tags: gitea
+
+- name: Archive previous version
+  copy: src={{ gitea_root_dir }}/bin/gitea dest={{ gitea_root_dir }}/archives/{{ gitea_current_version }} remote_src=True
+  tags: gitea
+
+- name: Archive the database
+  mysql_db:
+    state: dump
+    name: "{{ gitea_db_name }}"
+    target: "{{ gitea_root_dir }}/archives/{{ gitea_current_version }}/{{ gitea_db_name }}.sql.xz"
+    login_host: "{{ gitea_db_server | default(mysql_server) }}"
+    login_user: sqladmin
+    login_password: "{{ mysql_admin_pass }}"
+    quick: True
+    single_transaction: True
+  environment:
+    XZ_OPT: -T0
+  tags: gitea
+
--- a/roles/gitea/tasks/cleanup.yml
+++ b/roles/gitea/tasks/cleanup.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Remove tmp and obsolete files
+  file: path={{ item }} state=absent
+  loop:
+    - /etc/profile.d/git.sh
+    - "{{ gitea_root_dir }}/db_dumps"
+  tags: gitea
--- a/roles/gitea/tasks/conf.yml
+++ b/roles/gitea/tasks/conf.yml
@@ -0,0 +1,34 @@
+---
+
+- name: Create random tokens
+  shell: "{{ gitea_root_dir }}/bin/gitea generate secret {{ item }} > {{ gitea_root_dir }}/meta/ansible_{{ item }}"
+  args:
+    creates: "{{ gitea_root_dir }}/meta/ansible_{{ item }}"
+  with_items:
+    - INTERNAL_TOKEN
+    - LFS_JWT_SECRET
+    - SECRET_KEY
+    - JWT_SECRET
+  tags: gitea
+
+- name: Read random tokens
+  command: cat {{ gitea_root_dir }}/meta/ansible_{{ item }}
+  with_items:
+    - INTERNAL_TOKEN
+    - LFS_JWT_SECRET
+    - SECRET_KEY
+    - JWT_SECRET
+  changed_when: False
+  register: gitea_tokens
+  tags: gitea
+
+- name: Deploy gitea configuration
+  template: src=app.ini.j2 dest={{ gitea_root_dir }}/etc/app.ini owner=root group=gitea mode=0660
+  notify: restart gitea
+  tags: gitea
+
+- name: Set optimal permissions
+  command: "{{ gitea_root_dir }}/perms.sh"
+  changed_when: False
+  tags: gitea
+
--- a/roles/gitea/tasks/directories.yml
+++ b/roles/gitea/tasks/directories.yml
@@ -0,0 +1,28 @@
+---
+- name: Create directory structure
+  file:
+    path: "{{ gitea_root_dir }}/{{ item.dir }}"
+    state: directory
+    owner: "{{ item.owner | default('gitea') }}"
+    group: "{{ item.group | default('gitea') }}"
+    mode: "{{ item.mode | default('750') }}"
+  loop:
+    - dir: /
+      owner: gitea
+      group: gitea
+    - dir: data
+    - dir: data/repositories
+    - dir: custom
+    - dir: public
+    - dir: etc
+    - dir: tmp
+    - dir: bin
+    - dir: meta
+      owner: root
+      group: root
+      mode: 700
+    - dir: backup
+      owner: root
+      group: root
+      mode: 700
+  tags: gitea
--- a/roles/gitea/tasks/facts.yml
+++ b/roles/gitea/tasks/facts.yml
@@ -0,0 +1,36 @@
+---
+
+- include_vars: "{{ item }}"
+  with_first_found:
+    - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
+    - vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
+    - vars/{{ ansible_distribution }}.yml
+    - vars/{{ ansible_os_family }}.yml
+  tags: gitea
+
+- import_tasks: ../includes/webapps_set_install_mode.yml
+  vars:
+    - root_dir: "{{ gitea_root_dir }}"
+    - version: "{{ gitea_version }}"
+  tags: gitea
+- set_fact: gitea_install_mode={{ (install_mode == 'upgrade' and not gitea_manage_upgrade) | ternary('none',install_mode) }}
+  tags: gitea
+- set_fact: gitea_current_version={{ current_version | default('') }}
+  tags: gitea
+
+- import_tasks: ../includes/get_rand_pass.yml
+  vars:
+    - pass_file: "{{ gitea_root_dir }}/meta/ansible_key"
+  tags: gitea
+- set_fact: gitea_key={{ rand_pass }}
+  tags: gitea
+
+- import_tasks: ../includes/get_rand_pass.yml
+  vars:
+    - pass_file: "{{ gitea_root_dir }}/meta/ansible_dbpass"
+  when: gitea_db_pass is not defined
+  tags: gitea
+- set_fact: gitea_db_pass={{ rand_pass }}
+  when: gitea_db_pass is not defined
+  tags: gitea
+
--- a/roles/gitea/tasks/install.yml
+++ b/roles/gitea/tasks/install.yml
@@ -0,0 +1,61 @@
+---
+- name: Install packages
+  yum: name={{ gitea_packages }}
+  tags: gitea
+
+- name: Download gitea binary
+  get_url:
+    url: "{{ gitea_bin_url }}"
+    dest: "{{ gitea_root_dir }}/tmp/gitea"
+    checksum: "sha256:{{ gitea_bin_sha256 }}"
+  when: gitea_install_mode != 'none'
+  notify: restart gitea
+  tags: gitea
+
+- name: Move gitea binary
+  command: mv -f {{ gitea_root_dir }}/tmp/gitea {{ gitea_root_dir }}/bin/
+  when: gitea_install_mode != 'none'
+  tags: gitea
+
+- name: Make gitea executable
+  file: path={{ gitea_root_dir }}/bin/gitea mode=0755
+  tags: gitea
+
+- name: Deploy gitea service unit
+  template: src=gitea.service.j2 dest=/etc/systemd/system/gitea.service
+  register: gitea_unit
+  notify: restart gitea
+  tags: gitea
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: gitea_unit.changed
+  tags: gitea
+
+  # Create MySQL database
+- import_tasks: ../includes/webapps_create_mysql_db.yml
+  vars:
+    - db_name: "{{ gitea_db_name }}"
+    - db_user: "{{ gitea_db_user }}"
+    - db_server: "{{ gitea_db_server }}"
+    - db_pass: "{{ gitea_db_pass }}"
+  tags: gitea
+
+- name: Deploy pre/post backup scripts
+  template: src={{ item }}_backup.sh.j2 dest=/etc/backup/{{ item }}.d/gitea.sh mode=0750
+  with_items:
+    - pre
+    - post
+  tags: gitea
+
+- name: Deploy permission script
+  template: src=perms.sh.j2 dest={{ gitea_root_dir }}/perms.sh mode=755
+  tags: gitea
+
+- name: Set correct SELinux context
+  sefcontext:
+    target: "{{ gitea_root_dir }}/.ssh(/.*)?"
+    setype: ssh_home_t
+    state: present
+  when: ansible_selinux.status == 'enabled'
+  tags: gitea
--- a/roles/gitea/tasks/iptables.yml
+++ b/roles/gitea/tasks/iptables.yml
@@ -0,0 +1,14 @@
+---
+
+- name:  Handle gitea ports in the firewall
+  iptables_raw:
+    name: "{{ item.name }}"
+    state: "{{ (item.src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ item.port }} -s {{ item.src_ip | join(',') }} -j ACCEPT"
+  when: iptables_manage | default(True)
+  with_items:
+    - port: "{{ gitea_web_port }}"
+      name: gitea_web_port
+      src_ip: "{{ gitea_web_src_ip }}"
+  tags: firewall,gitea
+
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: gitea_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: iptables.yml
+- include: service.yml
+- include: admin_user.yml
+- include: archive_post.yml
+  when: gitea_install_mode == 'upgrade'
+- include: write_version.yml
+- include: cleanup.yml
--- a/roles/gitea/tasks/service.yml
+++ b/roles/gitea/tasks/service.yml
@@ -0,0 +1,4 @@
+---
+- name: Start and enable the service
+  service: name=gitea state=started enabled=True
+  tags: gitea
--- a/roles/gitea/tasks/user.yml
+++ b/roles/gitea/tasks/user.yml
@@ -0,0 +1,8 @@
+---
+- import_tasks: ../includes/create_system_user.yml
+  vars:
+    - user: gitea
+    - comment: GIT Repository account
+    - home: "{{ gitea_root_dir }}"
+    - shell: /bin/bash
+  tags: gitea
--- a/roles/gitea/tasks/write_version.yml
+++ b/roles/gitea/tasks/write_version.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Write version
+  copy: content={{ gitea_version }} dest={{ gitea_root_dir }}/meta/ansible_version
+  tags: gitea
+