--- - name: Include vault variables include_vars: vault.yml - name: Install needed packages become: true apt: name: - git - unzip - gpg # to verify binary - acl # for become_user: git state: present - name: Create git group become: true group: name: git system: true - name: Create git user become: true user: name: git group: git append: true groups: - sudo - mail create_home: true home: /home/git shell: /bin/bash system: true - name: Set sudoer permissions to git user become: true copy: content: 'git ALL=(root) NOPASSWD:/usr/bin/systemctl' dest: /etc/sudoers.d/git owner: root group: root mode: 0440 validate: /usr/sbin/visudo -csf %s - name: Create /var/lib/gitea directory become: true file: path: /var/lib/gitea state: directory owner: git group: git mode: 0750 recurse: true - name: Create /var/lib/gitea subdirectories become: true file: path: "/var/lib/gitea/{{ item }}" state: directory owner: git group: git mode: 0750 recurse: true with_items: - custom - data - log - name: Create /etc/gitea directory become: true file: path: /etc/gitea state: directory owner: git group: git mode: 0750 recurse: false - name: Find latest gitea version uri: url: https://dl.gitea.io/gitea/version.json register: gitea_binary - name: Find if latest gitea version is installed stat: path: "/home/git/gitea-{{ gitea_binary.json.latest.version }}" register: latest_gitea_binary - name: Set gitea binary architecture to amd64 set_fact: gitea_binary_arch: amd64 when: ansible_facts['architecture'] == 'x86_64' - name: Set gitea binary architecture to arm-6 set_fact: gitea_binary_arch: arm-6 when: ansible_facts['architecture'] != 'x86_64' - name: Get latest gitea binary become: true get_url: url: "https://dl.gitea.io/gitea/{{ gitea_binary.json.latest.version }}/gitea-{{ gitea_binary.json.latest.version }}-linux-{{ gitea_binary_arch }}" dest: "/home/git/gitea-{{ gitea_binary.json.latest.version }}" owner: git group: git mode: 0664 when: not latest_gitea_binary.stat.exists notify: - Receive gitea pgp key - Download gitea asc file - Verify gitea binary with gpg - name: Verify downloaded binary meta: flush_handlers - name: Copy gitea binary to global location become: true copy: src: "/home/git/gitea-{{ gitea_binary.json.latest.version }}" dest: /usr/local/bin/gitea remote_src: true owner: root group: root mode: 0755 - name: Copy /etc/systemd/system/gitea.service become: true copy: src: gitea.service dest: /etc/systemd/system/gitea.service owner: root group: root mode: 0644 notify: - Reload systemd daemon - Start gitea service - name: Copy /etc/gitea/app.ini become: true template: src: app.ini.j2 dest: /etc/gitea/app.ini owner: git group: git mode: 0640 notify: - Reload gitea service - name: Make sure systemd daemon is reloaded meta: flush_handlers - name: Make sure gitea is running become: true systemd: name: gitea state: started enabled: true - name: Copy gitea_backup.sh script become: true template: src: gitea_backup.sh.j2 dest: /home/git/gitea_backup.sh owner: git group: git mode: 0775 - name: Create gitea-dumps directory become: true file: path: /home/git/gitea-dumps state: directory owner: git group: git mode: 0755 - name: Set today's string for zipfile name set_fact: today: "{{ ansible_date_time.year }}{{ ansible_date_time.month }}{{ ansible_date_time.day }}" - name: Ask if we push latest gitea_dump zipfile pause: # today's gitea dump zipfile must be in the manager's /tmp prompt: Push latest gitea dump? [yes/no] echo: true register: push_latest_gitea_dump - name: Push latest gitea_dump zipfile become: true copy: src: "/tmp/gitea-dump-{{ today }}.zip" dest: "/home/git/gitea-dumps/gitea-dump-{{ today }}.zip" owner: git group: git mode: 0640 when: push_latest_gitea_dump == 'yes' - name: Deploy repos become: true become_user: git command: cmd: "/home/git/gitea_backup.sh restore /home/git/gitea-dumps/gitea-dump-{{ today }}.zip" creates: /home/git/gitea-repositories # when this dir exists, the command won't run, so we don't overwrite existing repos