flyingscorpio/self-hosting
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Use variables for gitea directories

Browse source
This commit is contained in:
flyingscorpio@clevo 2023-01-16 14:08:38 +01:00
parent 97aa822ee6
commit 292fc3adba
13 changed files with 44 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/gitea/handlers/main.yml
View file

@ -11,7 +11,7 @@
mode: 0644
- name: Verify gitea binary with gpg
ansible.builtin.command: "gpg --verify /tmp/gitea-{{ gitea_binary.json.latest.version }}.asc /var/lib/gitea/gitea-{{ gitea_binary.json.latest.version }}"
ansible.builtin.command: "gpg --verify /tmp/gitea-{{ gitea_binary.json.latest.version }}.asc {{ gitea_run_dir }}/gitea-{{ gitea_binary.json.latest.version }}"
register: result
failed_when: '"Good signature from" not in result.stderr'

2
roles/gitea/tasks/backup.yml
View file

@ -11,7 +11,7 @@
- name: Create gitea-dumps directory
become: true
ansible.builtin.file:
path: /var/lib/gitea/gitea-dumps
path: "{{ gitea_run_dir }}/gitea-dumps"
state: directory
owner: git
group: git

6
roles/gitea/tasks/binary.yml
View file

@ -7,7 +7,7 @@
- name: Find if latest gitea version is installed
become: true
ansible.builtin.stat:
path: "/var/lib/gitea/gitea-{{ gitea_binary.json.latest.version }}"
path: "{{ gitea_run_dir }}/gitea-{{ gitea_binary.json.latest.version }}"
register: latest_gitea_binary
- name: Set gitea binary architecture to amd64
@ -24,7 +24,7 @@
become: true
ansible.builtin.get_url:
url: "https://dl.gitea.io/gitea/{{ gitea_binary.json.latest.version }}/gitea-{{ gitea_binary.json.latest.version }}-linux-{{ gitea_binary_arch }}"
dest: "/var/lib/gitea/gitea-{{ gitea_binary.json.latest.version }}"
dest: "{{ gitea_run_dir }}/gitea-{{ gitea_binary.json.latest.version }}"
owner: git
group: git
mode: 0664
@ -40,7 +40,7 @@
- name: Copy gitea binary to global location
become: true
ansible.builtin.copy:
src: "/var/lib/gitea/gitea-{{ gitea_binary.json.latest.version }}"
src: "{{ gitea_run_dir }}/gitea-{{ gitea_binary.json.latest.version }}"
dest: /usr/local/bin/gitea
remote_src: true
owner: root

4
roles/gitea/tasks/fail2ban.yml
View file

@ -11,8 +11,8 @@
- name: Copy fail2ban jail
become: true
ansible.builtin.copy:
src: fail2ban/gitea-jail.conf
ansible.builtin.template:
src: fail2ban/gitea-jail.conf.j2
dest: /etc/fail2ban/jail.d/gitea.conf
owner: root
group: root

12
roles/gitea/tasks/main.yml
View file

@ -19,8 +19,8 @@
- name: Copy /etc/systemd/system/gitea.service
become: true
ansible.builtin.copy:
src: gitea.service
ansible.builtin.template:
src: gitea.service.j2
dest: /etc/systemd/system/gitea.service
owner: root
group: root
@ -29,11 +29,11 @@
- Reload systemd daemon
- Start gitea service
- name: Copy /etc/gitea/app.ini
- name: Copy config file
become: true
ansible.builtin.template:
src: app.ini.j2
dest: /etc/gitea/app.ini
dest: "{{ gitea_conf_dir }}/app.ini"
owner: git
group: git
mode: 0640
@ -59,8 +59,8 @@
- name: Setup logrotate for gitea logs
become: true
ansible.builtin.copy:
src: gitea.logrotate
ansible.builtin.template:
src: gitea.logrotate.j2
dest: /etc/logrotate.d/gitea
owner: root
group: root

7
roles/gitea/tasks/repos.yml
View file

@ -9,7 +9,7 @@
become: true
ansible.builtin.copy:
src: "{{ user_gitea_dump_path.user_input }}"
dest: "/var/lib/gitea/gitea-dumps/{{ user_gitea_dump_path.user_input | basename }}"
dest: "{{ gitea_run_dir }}/gitea-dumps/{{ user_gitea_dump_path.user_input | basename }}"
owner: git
group: git
mode: 0640
@ -18,7 +18,7 @@
- name: Find all gitea dumps on the server
become: true
ansible.builtin.find:
paths: "/var/lib/gitea/gitea-dumps/"
paths: "{{ gitea_run_dir }}/gitea-dumps/"
register: all_gitea_dumps
- name: Find latest gitea dump on the server
@ -30,4 +30,5 @@
become_user: git
ansible.builtin.command:
cmd: "/usr/local/bin/gitea_backup.sh restore {{ latest_gitea_dump.path }}"
creates: /var/lib/gitea/gitea-repositories # when this dir exists, the command won't run, so we don't overwrite existing repos
# when this dir exists, the command won't run, so we don't overwrite existing repos
creates: "{{ gitea_run_dir }}/gitea-repositories"

12
roles/gitea/tasks/unix.yml
View file

@ -25,7 +25,7 @@
- sudo
- mail
create_home: false
home: /var/lib/gitea
home: "{{ gitea_run_dir }}"
shell: /bin/bash
system: true
@ -38,11 +38,11 @@
group: git
mode: 0750
with_items:
- /etc/gitea
- /var/lib/gitea
- /var/lib/gitea/custom
- /var/lib/gitea/data
- /var/log/gitea
- "{{ gitea_conf_dir }}"
- "{{ gitea_run_dir }}"
- "{{ gitea_custom_dir }}"
- "{{ gitea_data_dir }}"
- "{{ gitea_log_dir }}"
- name: Set sudoer permissions to git user
become: true

4
roles/gitea/templates/app.ini.j2
View file

@ -21,7 +21,7 @@ SSL_MODE = disable
CHARSET = utf8mb4
[repository]
ROOT = /var/lib/gitea/gitea-repositories
ROOT = {{ gitea_run_dir }}/gitea-repositories
DISABLE_HTTP_GIT = false
DEFAULT_BRANCH = main
DEFAULT_PUSH_CREATE_PRIVATE = true
@ -75,7 +75,7 @@ PROVIDER = file
[log]
MODE = file
LEVEL = info
ROOT_PATH = /var/log/gitea
ROOT_PATH = {{ gitea_log_dir }}
[other]
SHOW_FOOTER_BRANDING = false

2
roles/gitea/files/fail2ban/gitea-jail.conf → roles/gitea/templates/fail2ban/gitea-jail.conf.j2
View file

@ -1,7 +1,7 @@
[gitea]
enabled = true
filter = gitea
logpath = /var/log/gitea/gitea.log
logpath = {{ gitea_log_dir }}/gitea.log
maxretry = 10
findtime = 3600
bantime = 900

2
roles/gitea/files/gitea.logrotate → roles/gitea/templates/gitea.logrotate.j2
View file

@ -1,4 +1,4 @@
/var/log/gitea/*.log
{{ gitea_log_dir }}/*.log
{
rotate 7
daily

6
roles/gitea/files/gitea.service → roles/gitea/templates/gitea.service.j2
View file

@ -14,10 +14,10 @@ RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
WorkingDirectory={{ gitea_run_dir }}
ExecStart=/usr/local/bin/gitea web --config {{ gitea_conf_dir }}/app.ini
Restart=always
Environment=USER=git HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea
Environment=USER=git HOME={{ gitea_run_dir }} GITEA_WORK_DIR={{ gitea_run_dir }}
[Install]
WantedBy=multi-user.target

18
roles/gitea/templates/gitea_backup.sh.j2
View file

@ -9,17 +9,17 @@ IFS="$(printf '\n\t')"
PROGRAM="${0##*/}"
INSTALL_DIR=/usr/local/bin
TMP_DIR=/var/lib/gitea/tmp
WORK_DIR=/var/lib/gitea/
DATA_DIR=/var/lib/gitea/data/
LOG_DIR=/var/log/gitea/
REPO_DIR=/var/lib/gitea/gitea-repositories/
CONFIG_FILE=/etc/gitea/app.ini
DUMP_DIR=/var/lib/gitea/gitea-dumps
TMP_DIR={{ gitea_run_dir }}/tmp
WORK_DIR={{ gitea_run_dir }}
DATA_DIR={{ gitea_data_dir }}
LOG_DIR={{ gitea_log_dir }}
REPO_DIR={{ gitea_run_dir }}/gitea-repositories/
CONFIG_FILE={{ gitea_conf_dir }}/app.ini
DUMP_DIR={{ gitea_run_dir }}/gitea-dumps
MYSQL_USER={{ db_user }}
MYSQL_DB={{ db_name }}
MYSQL_PW={{ db_pass }}
SCRIPT_LOGFILE=/var/log/gitea/gitea_backup.log
SCRIPT_LOGFILE={{ gitea_log_dir }}/gitea_backup.log
{% raw %}
if [ "$USER" != git ]; then
@ -67,7 +67,7 @@ do_restore() {
echo -n "Restoring $DATA_DIR..." && rsync -avz --delete data/ "$DATA_DIR" && rm -rf data && echo " OK."
echo -n "Restoring $LOG_DIR..." && rsync -avz log/ "$LOG_DIR" && rm -rf log && echo " OK."
echo -n "Restoring $REPO_DIR..." && mkdir -p "$REPO_DIR" && rsync -avz --delete repos/ "$REPO_DIR" && rm -rf repos && echo " OK."
echo -n "Changing ownership..." && chown -R git:git "$CONFIG_FILE" /var/lib/gitea && echo " OK."
echo -n "Changing ownership..." && chown -R git:git "$CONFIG_FILE" "$WORK_DIR" && echo " OK."
echo -n "Restoring MySQL database..." && mysql --default-character-set=utf8mb4 -u"$MYSQL_USER" -p"$MYSQL_PW" "$MYSQL_DB" < gitea-db.sql && rm gitea-db.sql && echo " OK."
rmdir "$zip_dir"
restart_service

5
roles/gitea/vars/main.yml
View file

@ -13,3 +13,8 @@ gitea_pass: "{{ vault_gitea_pass }}"
db_name: giteadb
db_user: gitea
db_pass: "{{ vault_db_pass }}"
gitea_conf_dir: /etc/gitea
gitea_run_dir: /var/lib/gitea
gitea_custom_dir: "{{ gitea_run_dir }}/custom"
gitea_data_dir: "{{ gitea_run_dir }}/data"
gitea_log_dir: /var/log/gitea