104 lines
2.6 KiB
YAML
104 lines
2.6 KiB
YAML
---
|
|
- name: Include vault variables
|
|
ansible.builtin.include_vars: vault.yml
|
|
|
|
- name: Include apache2 tasks
|
|
ansible.builtin.include_tasks: apache2.yml
|
|
|
|
- name: Include mariadb tasks
|
|
ansible.builtin.include_tasks: mariadb.yml
|
|
|
|
- name: Include unix tasks
|
|
ansible.builtin.include_tasks: unix.yml
|
|
|
|
- name: Include binary tasks
|
|
ansible.builtin.include_tasks: binary.yml
|
|
|
|
- name: Include backup tasks
|
|
ansible.builtin.include_tasks: backup.yml
|
|
|
|
- name: Copy /etc/systemd/system/gitea.service
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: gitea.service.j2
|
|
dest: /etc/systemd/system/gitea.service
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify:
|
|
- Reload systemd daemon
|
|
- Start gitea service
|
|
|
|
- name: Copy config file
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: app.ini.j2
|
|
dest: "{{ gitea_conf_dir }}/app.ini"
|
|
owner: git
|
|
group: git
|
|
mode: 0640
|
|
notify:
|
|
- Restart gitea service
|
|
|
|
- name: Make sure systemd daemon is reloaded
|
|
ansible.builtin.meta: flush_handlers
|
|
|
|
- name: Make sure gitea is running
|
|
become: true
|
|
ansible.builtin.systemd:
|
|
name: gitea
|
|
state: started
|
|
enabled: true
|
|
|
|
# fail2ban tasks need the gitea log file, which should be created when gitea runs
|
|
- name: Include fail2ban tasks
|
|
ansible.builtin.include_tasks: fail2ban.yml
|
|
|
|
- name: Include repos tasks
|
|
ansible.builtin.include_tasks: repos.yml
|
|
|
|
- name: Setup logrotate for gitea logs
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: gitea.logrotate.j2
|
|
dest: /etc/logrotate.d/gitea
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: Generate SSH keys for git
|
|
become: true
|
|
become_user: git
|
|
community.crypto.openssh_keypair:
|
|
path: ~/.ssh/id_rsa
|
|
type: rsa
|
|
comment: "git@{{ ansible_fqdn }}"
|
|
register: ssh_key
|
|
|
|
- name: Get previously added SSH keys
|
|
ansible.builtin.uri:
|
|
url: https://git.tunuifranken.info/api/v1/user/keys
|
|
method: GET
|
|
user: "{{ gitea_user }}"
|
|
password: "{{ gitea_pass }}"
|
|
force_basic_auth: true
|
|
register: present_ssh_keys
|
|
|
|
- name: List SSH fingerprints
|
|
ansible.builtin.set_fact:
|
|
present_ssh_fingerprints: "{{ present_ssh_keys.json | map(attribute='fingerprint') }}"
|
|
|
|
- name: Add SSH key using Gitea's API
|
|
ansible.builtin.uri:
|
|
url: https://git.tunuifranken.info/api/v1/user/keys
|
|
method: POST
|
|
user: "{{ gitea_user }}"
|
|
password: "{{ gitea_pass }}"
|
|
force_basic_auth: true
|
|
status_code: 201
|
|
body_format: json
|
|
body:
|
|
key: "{{ ssh_key.public_key | trim }}"
|
|
read_only: false
|
|
title: "{{ ssh_key.comment | trim }}"
|
|
when: ssh_key.fingerprint not in present_ssh_fingerprints
|