self-hosting/roles/gitea/tasks/main.yml

---
- include_vars: vault.yml

- name: Install needed packages
  become: true
  apt:
    name:
      - git
      - unzip
      - gpg  # to verify binary
      - acl  # for become_user: git
    state: present

- name: Create git group
  become: true
  group:
    name: git
    system: true

- name: Create git user
  become: true
  user:
    name: git
    group: git
    append: true
    groups:
      - sudo
      - mail
    create_home: true
    home: /home/git
    shell: /bin/bash
    system: true

- name: Set sudoer permissions to git user
  become: true
  copy:
    content: 'git ALL=(root) NOPASSWD:/usr/bin/systemctl'
    dest: /etc/sudoers.d/git
    owner: root
    group: root
    mode: 0440
    validate: /usr/sbin/visudo -csf %s

- name: Create /var/lib/gitea directory
  become: true
  file:
    path: /var/lib/gitea
    state: directory
    owner: git
    group: git
    mode: 0750
    recurse: true

- name: Create /var/lib/gitea subdirectories
  become: true
  file:
    path: "/var/lib/gitea/{{ item }}"
    state: directory
    owner: git
    group: git
    mode: 0750
    recurse: true
  with_items:
    - custom
    - data
    - log

- name: Create /etc/gitea directory
  become: true
  file:
    path: /etc/gitea
    state: directory
    owner: git
    group: git
    mode: 0750
    recurse: false

- name: Find latest gitea version
  uri:
    url: https://dl.gitea.io/gitea/version.json
  register: gitea_binary

- name: Find if latest gitea version is installed
  stat:
    path: "/home/git/gitea-{{ gitea_binary.json.latest.version }}"
  register: latest_gitea_binary

- name: Set gitea binary architecture to amd64
  set_fact:
    gitea_binary_arch: amd64
  when: ansible_facts['architecture'] == 'x86_64'

- name: Set gitea binary architecture to arm-6
  set_fact:
    gitea_binary_arch: arm-6
  when: ansible_facts['architecture'] != 'x86_64'

- name: Get latest gitea binary
  become: true
  get_url:
    url: "https://dl.gitea.io/gitea/{{ gitea_binary.json.latest.version }}/gitea-{{ gitea_binary.json.latest.version }}-linux-{{ gitea_binary_arch }}"
    dest: "/home/git/gitea-{{ gitea_binary.json.latest.version }}"
    owner: git
    group: git
    mode: 0664
  when: not latest_gitea_binary.stat.exists
  notify:
    - Receive gitea pgp key
    - Download gitea asc file
    - Verify gitea binary with gpg

- name: Verify downloaded binary
  meta: flush_handlers

- name: Copy gitea binary to global location
  become: true
  copy:
    src: "/home/git/gitea-{{ gitea_binary.json.latest.version }}"
    dest: /usr/local/bin/gitea
    remote_src: true
    owner: root
    group: root
    mode: 0755

- name: Copy /etc/systemd/system/gitea.service
  become: true
  copy:
    src: gitea.service
    dest: /etc/systemd/system/gitea.service
    owner: root
    group: root
    mode: 0644
  notify:
    - Reload systemd daemon
    - Start gitea service

- name: Copy /etc/gitea/app.ini
  become: true
  template:
    src: app.ini.j2
    dest: /etc/gitea/app.ini
    owner: git
    group: git
    mode: 0640
  notify:
    - Reload gitea service

- name: Make sure systemd daemon is reloaded
  meta: flush_handlers

- name: Make sure gitea is running
  become: true
  systemd:
    name: gitea
    state: started
    enabled: true

- name: Copy gitea_backup.sh script
  become: true
  template:
    src: gitea_backup.sh.j2
    dest: /home/git/gitea_backup.sh
    owner: git
    group: git
    mode: 0775

- name: Set today's string for zipfile name
  set_fact:
    today: "{{ ansible_date_time.year }}{{ ansible_date_time.month }}{{ ansible_date_time.day }}"

- name: Create gitea-dumps directory
  become: true
  file:
    path: /home/git/gitea-dumps
    state: directory
    owner: git
    group: git
    mode: 0755

- name: Push latest gitea_dump zipfile
  become: true
  copy:
    src: "/tmp/gitea-dump-{{ today }}.zip"
    dest: "/home/git/gitea-dumps/gitea-dump-{{ today }}.zip"
    owner: git
    group: git
    mode: 0640
  when: push_latest_gitea_dump == 'yes'

- name: Deploy repos
  become: true
  become_user: git
  command:
    cmd: "/home/git/gitea_backup.sh restore /home/git/gitea-dumps/gitea-dump-{{ today }}.zip"
    creates: /home/git/gitea-repositories  # when this dir exists, the command won't run, so we don't overwrite existing repos
Add git user and group 2022-04-07 21:00:33 +02:00			`---`
Add app.ini template for gitea with vars 2022-04-07 22:34:22 +02:00			`- include_vars: vault.yml`

Add gitea restore command to deploy repos 2022-04-10 13:33:00 +02:00			`- name: Install needed packages`
Add git user and group 2022-04-07 21:00:33 +02:00			`become: true`
			`apt:`
Verify gitea binary 2022-04-08 00:10:43 +02:00			`name:`
			`- git`
Add gitea restore command to deploy repos 2022-04-10 13:33:00 +02:00			`- unzip`
			`- gpg # to verify binary`
			`- acl # for become_user: git`
Add git user and group 2022-04-07 21:00:33 +02:00			`state: present`

			`- name: Create git group`
			`become: true`
			`group:`
			`name: git`
			`system: true`

			`- name: Create git user`
			`become: true`
			`user:`
			`name: git`
			`group: git`
			`append: true`
			`groups:`
			`- sudo`
			`- mail`
			`create_home: true`
			`home: /home/git`
			`shell: /bin/bash`
			`system: true`
Create gitea directories 2022-04-07 21:07:45 +02:00
Set sudoer permissions for git 2022-04-10 17:26:53 +02:00			`- name: Set sudoer permissions to git user`
			`become: true`
			`copy:`
Fix gitea_backup.sh script 2022-04-11 15:05:40 +02:00			`content: 'git ALL=(root) NOPASSWD:/usr/bin/systemctl'`
Set sudoer permissions for git 2022-04-10 17:26:53 +02:00			`dest: /etc/sudoers.d/git`
			`owner: root`
			`group: root`
			`mode: 0440`
			`validate: /usr/sbin/visudo -csf %s`

Create gitea directories 2022-04-07 21:07:45 +02:00			`- name: Create /var/lib/gitea directory`
			`become: true`
			`file:`
			`path: /var/lib/gitea`
			`state: directory`
			`owner: git`
			`group: git`
			`mode: 0750`
			`recurse: true`

			`- name: Create /var/lib/gitea subdirectories`
			`become: true`
			`file:`
			`path: "/var/lib/gitea/{{ item }}"`
			`state: directory`
			`owner: git`
			`group: git`
			`mode: 0750`
			`recurse: true`
			`with_items:`
			`- custom`
			`- data`
			`- log`

			`- name: Create /etc/gitea directory`
			`become: true`
			`file:`
			`path: /etc/gitea`
			`state: directory`
Remove useless keys in gitea app.ini, make sure app.ini's dir belongs to git 2022-04-13 23:27:58 +02:00			`owner: git`
Create gitea directories 2022-04-07 21:07:45 +02:00			`group: git`
Add app.ini template for gitea with vars 2022-04-07 22:34:22 +02:00			`mode: 0750`
Create gitea directories 2022-04-07 21:07:45 +02:00			`recurse: false`

Download gitea binary 2022-04-07 23:18:20 +02:00			`- name: Find latest gitea version`
			`uri:`
			`url: https://dl.gitea.io/gitea/version.json`
			`register: gitea_binary`

Don't download gitea binary if not needed 2022-04-09 13:52:53 +02:00			`- name: Find if latest gitea version is installed`
			`stat:`
			`path: "/home/git/gitea-{{ gitea_binary.json.latest.version }}"`
			`register: latest_gitea_binary`

Download gitea binary 2022-04-07 23:18:20 +02:00			`- name: Set gitea binary architecture to amd64`
			`set_fact:`
			`gitea_binary_arch: amd64`
			`when: ansible_facts['architecture'] == 'x86_64'`

			`- name: Set gitea binary architecture to arm-6`
			`set_fact:`
Fix arch for arm 2022-04-09 13:03:23 +02:00			`gitea_binary_arch: arm-6`
Download gitea binary 2022-04-07 23:18:20 +02:00			`when: ansible_facts['architecture'] != 'x86_64'`

			`- name: Get latest gitea binary`
			`become: true`
			`get_url:`
			`url: "https://dl.gitea.io/gitea/{{ gitea_binary.json.latest.version }}/gitea-{{ gitea_binary.json.latest.version }}-linux-{{ gitea_binary_arch }}"`
			`dest: "/home/git/gitea-{{ gitea_binary.json.latest.version }}"`
			`owner: git`
			`group: git`
			`mode: 0664`
Don't download gitea binary if not needed 2022-04-09 13:52:53 +02:00			`when: not latest_gitea_binary.stat.exists`
Move gpg verification to handlers 2022-04-09 11:04:23 +02:00			`notify:`
Rename handlers 2022-04-09 12:51:52 +02:00			`- Receive gitea pgp key`
			`- Download gitea asc file`
			`- Verify gitea binary with gpg`
Download gitea binary 2022-04-07 23:18:20 +02:00
Move gpg verification to handlers 2022-04-09 11:04:23 +02:00			`- name: Verify downloaded binary`
			`meta: flush_handlers`
Verify gitea binary 2022-04-08 00:10:43 +02:00
Download gitea binary 2022-04-07 23:18:20 +02:00			`- name: Copy gitea binary to global location`
			`become: true`
			`copy:`
			`src: "/home/git/gitea-{{ gitea_binary.json.latest.version }}"`
			`dest: /usr/local/bin/gitea`
			`remote_src: true`
			`owner: root`
			`group: root`
			`mode: 0755`

Fix task name 2022-06-08 22:14:29 +02:00			`- name: Copy /etc/systemd/system/gitea.service`
Download gitea binary 2022-04-07 23:18:20 +02:00			`become: true`
			`copy:`
			`src: gitea.service`
			`dest: /etc/systemd/system/gitea.service`
			`owner: root`
			`group: root`
			`mode: 0644`
			`notify:`
			`- Reload systemd daemon`
			`- Start gitea service`
Copy gitea_backup.sh script 2022-04-09 13:30:32 +02:00
Reload gitea.service if app.ini is updated 2022-06-08 22:18:12 +02:00			`- name: Copy /etc/gitea/app.ini`
			`become: true`
			`template:`
			`src: app.ini.j2`
			`dest: /etc/gitea/app.ini`
			`owner: git`
			`group: git`
			`mode: 0640`
			`notify:`
			`- Reload gitea service`

gitea service has to be running for deploying the repos 2022-04-10 12:44:11 +02:00			`- name: Make sure systemd daemon is reloaded`
Copy gitea_backup.sh script 2022-04-09 13:30:32 +02:00			`meta: flush_handlers`

gitea service has to be running for deploying the repos 2022-04-10 12:44:11 +02:00			`- name: Make sure gitea is running`
			`become: true`
			`systemd:`
			`name: gitea`
			`state: started`
			`enabled: true`

Copy gitea_backup.sh script 2022-04-09 13:30:32 +02:00			`- name: Copy gitea_backup.sh script`
			`become: true`
			`template:`
			`src: gitea_backup.sh.j2`
Escape backup script 2022-04-09 13:46:41 +02:00			`dest: /home/git/gitea_backup.sh`
Copy gitea_backup.sh script 2022-04-09 13:30:32 +02:00			`owner: git`
			`group: git`
			`mode: 0775`
Add gitea restore command to deploy repos 2022-04-10 13:33:00 +02:00
			`- name: Set today's string for zipfile name`
			`set_fact:`
			`today: "{{ ansible_date_time.year }}{{ ansible_date_time.month }}{{ ansible_date_time.day }}"`

			`- name: Create gitea-dumps directory`
			`become: true`
			`file:`
			`path: /home/git/gitea-dumps`
			`state: directory`
			`owner: git`
			`group: git`
			`mode: 0755`

Minor name change 2022-04-13 22:21:05 +02:00			`- name: Push latest gitea_dump zipfile`
Add gitea restore command to deploy repos 2022-04-10 13:33:00 +02:00			`become: true`
			`copy:`
			`src: "/tmp/gitea-dump-{{ today }}.zip"`
			`dest: "/home/git/gitea-dumps/gitea-dump-{{ today }}.zip"`
			`owner: git`
			`group: git`
			`mode: 0640`
			`when: push_latest_gitea_dump == 'yes'`

			`- name: Deploy repos`
			`become: true`
			`become_user: git`
			`command:`
			`cmd: "/home/git/gitea_backup.sh restore /home/git/gitea-dumps/gitea-dump-{{ today }}.zip"`
			`creates: /home/git/gitea-repositories # when this dir exists, the command won't run, so we don't overwrite existing repos`