Add gitea role

Added base gitea docker setup role. Adds automatic unattended setup with default admin account and optional email notification setup.
2021-12-08 09:16:32 +01:00 · 2021-12-08 09:16:32 +01:00 · 3a5b5680cf
commit 3a5b5680cf
parent 12a3fa1e6f
10 changed files with 360 additions and 0 deletions
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@ -0,0 +1,95 @@
+---
+- name: Ensure git user exists with ssh key
+  ansible.builtin.user:
+    name: "{{ gitea_git_username }}"
+    generate_ssh_key: yes
+    ssh_key_type: rsa
+    ssh_key_bits: 4096
+    ssh_key_comment: "Gitea Host Key"
+  become: yes
+  register: git_user
+
+- name: Ensure git passthrough command directory exists
+  ansible.builtin.file:
+    path: "/app/gitea/"
+    state: directory
+    mode: '0770'
+    owner: "{{ git_user['uid'] }}"
+    group: "{{ git_user['group'] }}"
+  become: yes
+
+- name: Save git passthrough command in right location
+  ansible.builtin.copy:
+    src: gitea
+    dest: "/app/gitea/gitea"
+    owner: "{{ git_user['uid'] }}"
+    group: "{{ git_user['group'] }}"
+    mode: '0750'
+  become: yes
+
+- name: Fetch keyfile
+  fetch:
+    src: "{{ git_user['home'] }}/.ssh/id_rsa.pub"
+    dest: "buffer/{{ansible_hostname}}-id_rsa.pub"
+    flat: yes
+  become: yes
+
+- name: Ensure git user has its own key authorized for access
+  ansible.posix.authorized_key:
+    user: "{{ git_user['name'] }}"
+    state: present
+    key: "{{ lookup('file', 'buffer/{{ ansible_hostname }}-id_rsa.pub') }}"
+  become: yes
+
+- name: Clean up buffer dir
+  ansible.builtin.file:
+    path: buffer
+    state: absent
+  delegate_to: localhost
+
+## install gitea container
+- name: Check upstream status
+  community.docker.docker_container_exec:
+    container: "{{ caddy_container_id }}"
+    command: >
+      curl localhost:2019/id/{{ stack_name }}_upstream/
+  register: result
+  changed_when: (result.stdout | from_json) != (lookup('template', 'upstream.json.j2') | from_yaml)
+  become: yes
+  notify: "update gitea upstream"
+
+- name: Deploy gitea to swarm
+  community.general.docker_stack:
+    name: "{{ stack_name }}"
+    state: present
+    prune: yes
+    compose:
+      - "{{ stack_compose }}"
+  become: yes
+  tags:
+    - docker-swarm
+  notify: "update gitea upstream"
+
+- name: Get app container info
+  ansible.builtin.command:
+    cmd: docker ps -q -f name={{ stack_name }}_app
+  become: yes
+  until: gitea_app_container_name['rc'] == 0 and gitea_app_container_name['stdout'] | length >= 1
+  retries: 5
+  delay: 10
+  changed_when: False
+  register: gitea_app_container_name
+
+- name: Look for existing admin user
+  community.docker.docker_container_exec: 
+    container: "{{ gitea_app_container_name['stdout'] }}"
+    command: >
+      gitea admin user list --admin
+  become: yes
+  until: "'connection refused' not in gitea_admin_list and 'Failed to run app' not in gitea_admin_list"
+  retries: 5
+  delay: 10
+  changed_when: gitea_admin_list['stdout_lines'] | length <= 1
+  failed_when: gitea_admin_list['rc'] == 1 and gitea_admin_list['attempts'] >= 5
+  register: gitea_admin_list
+  notify: "no admin user"