self-hosting/roles/gitea/tasks/main.yml

---
- name: Include vault variables
  ansible.builtin.include_vars: vault.yml

- name: Include apache2 tasks
  ansible.builtin.include_tasks: apache2.yml

- name: Include mariadb tasks
  ansible.builtin.include_tasks: mariadb.yml

- name: Include unix tasks
  ansible.builtin.include_tasks: unix.yml

- name: Include binary tasks
  ansible.builtin.include_tasks: binary.yml

- name: Copy /etc/systemd/system/gitea.service
  become: true
  ansible.builtin.copy:
    src: gitea.service
    dest: /etc/systemd/system/gitea.service
    owner: root
    group: root
    mode: 0644
  notify:
    - Reload systemd daemon
    - Start gitea service

- name: Copy /etc/gitea/app.ini
  become: true
  ansible.builtin.template:
    src: app.ini.j2
    dest: /etc/gitea/app.ini
    owner: git
    group: git
    mode: 0640
  notify:
    - Restart gitea service

- name: Make sure systemd daemon is reloaded
  ansible.builtin.meta: flush_handlers

- name: Make sure gitea is running
  become: true
  ansible.builtin.systemd:
    name: gitea
    state: started
    enabled: true

# fail2ban tasks need the gitea log file, which should be created when gitea runs
- name: Include fail2ban tasks
  ansible.builtin.include_tasks: fail2ban.yml

- name: Copy gitea_backup.sh script
  become: true
  ansible.builtin.template:
    src: gitea_backup.sh.j2
    dest: /usr/local/bin/gitea_backup.sh
    owner: git
    group: git
    mode: 0775

- name: Create gitea-dumps directory
  become: true
  ansible.builtin.file:
    path: /var/lib/gitea/gitea-dumps
    state: directory
    owner: git
    group: git
    mode: 0755

- name: Set today's string for zipfile name
  ansible.builtin.set_fact:
    today: "{{ ansible_date_time.year }}{{ ansible_date_time.month }}{{ ansible_date_time.day }}"

- name: Ask to push latest gitea_dump zipfile
  ansible.builtin.pause:
    prompt: "Local path to latest gitea dump, so we can push it [leave empty to not push]"
    echo: true
  register: latest_gitea_dump_path

- name: Make sure the filename makes sense
  ansible.builtin.assert:
    that:
      - "{{ latest_gitea_dump_path.user_input | basename }} == gitea-dump-{{ today }}.zip"
  when: latest_gitea_dump_path.user_input != ''

- name: Push latest gitea_dump zipfile
  become: true
  ansible.builtin.copy:
    src: "{{ latest_gitea_dump_path.user_input }}"
    dest: "/var/lib/gitea/gitea-dumps/gitea-dump-{{ today }}.zip"
    owner: git
    group: git
    mode: 0640
  when: latest_gitea_dump_path.user_input != ''

- name: Deploy repos
  become: true
  become_user: git
  ansible.builtin.command:
    cmd: "/var/lib/gitea/gitea_backup.sh restore /var/lib/gitea/gitea-dumps/gitea-dump-{{ today }}.zip"
    creates: /var/lib/gitea/gitea-repositories  # when this dir exists, the command won't run, so we don't overwrite existing repos

- name: Setup gitea-backup crontab
  become: true
  ansible.builtin.copy:
    src: gitea-backup.cron
    dest: /etc/cron.d/gitea-backup
    mode: 0644

- name: Setup logrotate for gitea logs
  become: true
  ansible.builtin.copy:
    src: gitea.logrotate
    dest: /etc/logrotate.d/gitea
    owner: root
    group: root
    mode: 0644

- name: Generate SSH keys for git
  become: true
  become_user: git
  community.crypto.openssh_keypair:
    path: ~/.ssh/id_rsa
    type: rsa
    comment: "git@{{ ansible_fqdn }}"
  register: ssh_key

- name: Get previously added SSH keys
  ansible.builtin.uri:
    url: https://git.tunuifranken.info/api/v1/user/keys
    method: GET
    user: "{{ gitea_user }}"
    password: "{{ gitea_pass }}"
    force_basic_auth: true
  register: present_ssh_keys

- name: List SSH fingerprints
  ansible.builtin.set_fact:
    present_ssh_fingerprints: "{{ present_ssh_keys.json | map(attribute='fingerprint') }}"

- name: Add SSH key using Gitea's API
  ansible.builtin.uri:
    url: https://git.tunuifranken.info/api/v1/user/keys
    method: POST
    user: "{{ gitea_user }}"
    password: "{{ gitea_pass }}"
    force_basic_auth: true
    status_code: 201
    body_format: json
    body:
      key: "{{ ssh_key.public_key | trim }}"
      read_only: false
      title: "{{ ssh_key.comment | trim }}"
  when: ssh_key.fingerprint not in present_ssh_fingerprints
Add git user and group 2022-04-07 21:00:33 +02:00			`---`
Fix lint nagging 2022-06-25 14:48:38 +02:00			`- name: Include vault variables`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.include_vars: vault.yml`
Add app.ini template for gitea with vars 2022-04-07 22:34:22 +02:00
Merge gitea_apache2 into gitea role 2022-12-26 07:22:21 +01:00			`- name: Include apache2 tasks`
			`ansible.builtin.include_tasks: apache2.yml`

Merge gitea_mariadb into gitea role 2022-12-26 07:51:52 +01:00			`- name: Include mariadb tasks`
			`ansible.builtin.include_tasks: mariadb.yml`

Move some tasks from gitea main to gitea unix 2022-12-27 10:51:38 +01:00			`- name: Include unix tasks`
			`ansible.builtin.include_tasks: unix.yml`
Create gitea directories 2022-04-07 21:07:45 +02:00
Move some tasks from gitea main to gitea binary 2022-12-27 22:08:57 +01:00			`- name: Include binary tasks`
			`ansible.builtin.include_tasks: binary.yml`
Download gitea binary 2022-04-07 23:18:20 +02:00
Fix task name 2022-06-08 22:14:29 +02:00			`- name: Copy /etc/systemd/system/gitea.service`
Download gitea binary 2022-04-07 23:18:20 +02:00			`become: true`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.copy:`
Download gitea binary 2022-04-07 23:18:20 +02:00			`src: gitea.service`
			`dest: /etc/systemd/system/gitea.service`
			`owner: root`
			`group: root`
			`mode: 0644`
			`notify:`
			`- Reload systemd daemon`
			`- Start gitea service`
Copy gitea_backup.sh script 2022-04-09 13:30:32 +02:00
Reload gitea.service if app.ini is updated 2022-06-08 22:18:12 +02:00			`- name: Copy /etc/gitea/app.ini`
			`become: true`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.template:`
Reload gitea.service if app.ini is updated 2022-06-08 22:18:12 +02:00			`src: app.ini.j2`
			`dest: /etc/gitea/app.ini`
			`owner: git`
			`group: git`
			`mode: 0640`
			`notify:`
Gitea service is not reloadable 2022-10-01 00:41:21 +02:00			`- Restart gitea service`
Reload gitea.service if app.ini is updated 2022-06-08 22:18:12 +02:00
gitea service has to be running for deploying the repos 2022-04-10 12:44:11 +02:00			`- name: Make sure systemd daemon is reloaded`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.meta: flush_handlers`
Copy gitea_backup.sh script 2022-04-09 13:30:32 +02:00
gitea service has to be running for deploying the repos 2022-04-10 12:44:11 +02:00			`- name: Make sure gitea is running`
			`become: true`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.systemd:`
gitea service has to be running for deploying the repos 2022-04-10 12:44:11 +02:00			`name: gitea`
			`state: started`
			`enabled: true`

Merge gitea_fail2ban into gitea role 2022-12-26 07:14:02 +01:00			`# fail2ban tasks need the gitea log file, which should be created when gitea runs`
			`- name: Include fail2ban tasks`
			`ansible.builtin.include_tasks: fail2ban.yml`

Copy gitea_backup.sh script 2022-04-09 13:30:32 +02:00			`- name: Copy gitea_backup.sh script`
			`become: true`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.template:`
Copy gitea_backup.sh script 2022-04-09 13:30:32 +02:00			`src: gitea_backup.sh.j2`
Move gitea home to /var/lib/gitea 2022-12-27 11:33:45 +01:00			`dest: /usr/local/bin/gitea_backup.sh`
Copy gitea_backup.sh script 2022-04-09 13:30:32 +02:00			`owner: git`
			`group: git`
			`mode: 0775`
Add gitea restore command to deploy repos 2022-04-10 13:33:00 +02:00
			`- name: Create gitea-dumps directory`
			`become: true`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.file:`
Move gitea home to /var/lib/gitea 2022-12-27 11:33:45 +01:00			`path: /var/lib/gitea/gitea-dumps`
Add gitea restore command to deploy repos 2022-04-10 13:33:00 +02:00			`state: directory`
			`owner: git`
			`group: git`
			`mode: 0755`

Minor rearrangement and add comment to zipfile prompt 2022-06-08 22:31:46 +02:00			`- name: Set today's string for zipfile name`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.set_fact:`
Minor rearrangement and add comment to zipfile prompt 2022-06-08 22:31:46 +02:00			`today: "{{ ansible_date_time.year }}{{ ansible_date_time.month }}{{ ansible_date_time.day }}"`

Ask for path of gitea dump to push 2022-12-23 22:17:54 +01:00			`- name: Ask to push latest gitea_dump zipfile`
			`ansible.builtin.pause:`
			`prompt: "Local path to latest gitea dump, so we can push it [leave empty to not push]"`
Move gitea dump prompt to gitea role 2022-08-21 16:15:44 +02:00			`echo: true`
Ask for path of gitea dump to push 2022-12-23 22:17:54 +01:00			`register: latest_gitea_dump_path`

			`- name: Make sure the filename makes sense`
			`ansible.builtin.assert:`
			`that:`
			`- "{{ latest_gitea_dump_path.user_input \| basename }} == gitea-dump-{{ today }}.zip"`
			`when: latest_gitea_dump_path.user_input != ''`
Move gitea dump prompt to gitea role 2022-08-21 16:15:44 +02:00
Minor name change 2022-04-13 22:21:05 +02:00			`- name: Push latest gitea_dump zipfile`
Add gitea restore command to deploy repos 2022-04-10 13:33:00 +02:00			`become: true`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.copy:`
Ask for path of gitea dump to push 2022-12-23 22:17:54 +01:00			`src: "{{ latest_gitea_dump_path.user_input }}"`
Move gitea home to /var/lib/gitea 2022-12-27 11:33:45 +01:00			`dest: "/var/lib/gitea/gitea-dumps/gitea-dump-{{ today }}.zip"`
Add gitea restore command to deploy repos 2022-04-10 13:33:00 +02:00			`owner: git`
			`group: git`
			`mode: 0640`
Ask for path of gitea dump to push 2022-12-23 22:17:54 +01:00			`when: latest_gitea_dump_path.user_input != ''`
Add gitea restore command to deploy repos 2022-04-10 13:33:00 +02:00
			`- name: Deploy repos`
			`become: true`
			`become_user: git`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.command:`
Move gitea home to /var/lib/gitea 2022-12-27 11:33:45 +01:00			`cmd: "/var/lib/gitea/gitea_backup.sh restore /var/lib/gitea/gitea-dumps/gitea-dump-{{ today }}.zip"`
			`creates: /var/lib/gitea/gitea-repositories # when this dir exists, the command won't run, so we don't overwrite existing repos`
Add TODO note 2022-08-28 22:17:48 +02:00
Setup gitea-backup crontab 2022-09-28 22:03:57 +02:00			`- name: Setup gitea-backup crontab`
			`become: true`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.copy:`
Setup gitea-backup crontab 2022-09-28 22:03:57 +02:00			`src: gitea-backup.cron`
			`dest: /etc/cron.d/gitea-backup`
			`mode: 0644`
Generate SSH keys for git and use gitea's API to push the public key 2022-10-01 01:40:20 +02:00
Setup logrotate 2022-12-23 21:35:04 +01:00			`- name: Setup logrotate for gitea logs`
			`become: true`
			`ansible.builtin.copy:`
			`src: gitea.logrotate`
			`dest: /etc/logrotate.d/gitea`
			`owner: root`
			`group: root`
			`mode: 0644`

Generate SSH keys for git and use gitea's API to push the public key 2022-10-01 01:40:20 +02:00			`- name: Generate SSH keys for git`
			`become: true`
			`become_user: git`
Fix some linting 2022-12-16 20:12:49 +01:00			`community.crypto.openssh_keypair:`
Generate SSH keys for git and use gitea's API to push the public key 2022-10-01 01:40:20 +02:00			`path: ~/.ssh/id_rsa`
			`type: rsa`
			`comment: "git@{{ ansible_fqdn }}"`
			`register: ssh_key`

Get ssh fingerprints and add condition for uploading the SSH key 2022-10-01 11:47:15 +02:00			`- name: Get previously added SSH keys`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.uri:`
Get ssh fingerprints and add condition for uploading the SSH key 2022-10-01 11:47:15 +02:00			`url: https://git.tunuifranken.info/api/v1/user/keys`
			`method: GET`
			`user: "{{ gitea_user }}"`
			`password: "{{ gitea_pass }}"`
			`force_basic_auth: true`
			`register: present_ssh_keys`

			`- name: List SSH fingerprints`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.set_fact:`
Get ssh fingerprints and add condition for uploading the SSH key 2022-10-01 11:47:15 +02:00			`present_ssh_fingerprints: "{{ present_ssh_keys.json \| map(attribute='fingerprint') }}"`

Generate SSH keys for git and use gitea's API to push the public key 2022-10-01 01:40:20 +02:00			`- name: Add SSH key using Gitea's API`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.uri:`
Generate SSH keys for git and use gitea's API to push the public key 2022-10-01 01:40:20 +02:00			`url: https://git.tunuifranken.info/api/v1/user/keys`
			`method: POST`
			`user: "{{ gitea_user }}"`
			`password: "{{ gitea_pass }}"`
			`force_basic_auth: true`
			`status_code: 201`
			`body_format: json`
			`body:`
			`key: "{{ ssh_key.public_key \| trim }}"`
			`read_only: false`
			`title: "{{ ssh_key.comment \| trim }}"`
Get ssh fingerprints and add condition for uploading the SSH key 2022-10-01 11:47:15 +02:00			`when: ssh_key.fingerprint not in present_ssh_fingerprints`