homelab/roles/gitea/tasks/main.yml

79 lines
2.0 KiB
YAML
Raw Normal View History

- name: Install MySQL module for Ansible
ansible.builtin.apt:
name: python3-pymysql
state: present
2020-07-28 03:20:50 +00:00
- name: Create Gitea database
2023-05-04 03:42:55 +00:00
community.mysql.mysql_db:
name: "{{ gitea.DB_NAME }}"
2022-08-12 01:04:07 +00:00
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
2020-07-28 03:20:50 +00:00
- name: Create Gitea database user
2023-05-04 03:42:55 +00:00
community.mysql.mysql_user:
name: "{{ gitea.DB_USER }}"
password: "{{ gitea.DB_PASSWD }}"
2022-08-12 01:04:07 +00:00
host: '%'
state: present
priv: "{{ gitea.DB_NAME }}.*:ALL"
2022-08-12 01:04:07 +00:00
login_unix_socket: /var/run/mysqld/mysqld.sock
2022-05-27 06:28:51 +00:00
- name: Create git's .ssh directory
2023-05-04 03:42:55 +00:00
ansible.builtin.file:
2022-05-27 06:28:51 +00:00
path: /home/git/.ssh
2023-11-06 02:34:19 +00:00
mode: "700"
2022-05-27 06:28:51 +00:00
state: directory
- name: Generate git's SSH keys
2023-05-04 03:42:55 +00:00
community.crypto.openssh_keypair:
2022-05-27 06:28:51 +00:00
path: /home/git/.ssh/id_rsa
- name: Find git's public SSH key
2023-05-04 03:42:55 +00:00
ansible.builtin.slurp:
2022-05-27 06:28:51 +00:00
src: /home/git/.ssh/id_rsa.pub
register: git_rsapub
2022-05-28 03:14:06 +00:00
- name: Get stats on git's authorized_keys file
2023-05-04 03:42:55 +00:00
ansible.builtin.stat:
2022-05-28 03:14:06 +00:00
path: /home/git/.ssh/authorized_keys
register: git_authkeys
2022-05-27 06:28:51 +00:00
- name: Create git's authorized_keys file
2023-05-04 03:42:55 +00:00
ansible.builtin.file:
2022-05-27 06:28:51 +00:00
path: /home/git/.ssh/authorized_keys
2023-11-06 02:34:19 +00:00
mode: "600"
2022-05-27 06:28:51 +00:00
state: touch
2022-05-28 03:14:06 +00:00
when: not git_authkeys.stat.exists
2022-05-27 06:28:51 +00:00
- name: Add git's public SSH key to authorized_keys
2023-05-04 03:42:55 +00:00
ansible.builtin.lineinfile:
2022-05-27 06:28:51 +00:00
path: /home/git/.ssh/authorized_keys
2022-05-28 03:14:06 +00:00
regex: "^ssh-rsa"
2022-05-27 06:28:51 +00:00
line: "{{ git_rsapub['content'] | b64decode }}"
- name: Create Gitea host script for SSH
2023-05-04 03:42:55 +00:00
ansible.builtin.template:
2022-05-27 06:28:51 +00:00
src: gitea.sh.j2
dest: /usr/local/bin/gitea
2023-11-06 02:34:19 +00:00
mode: "755"
2022-05-27 06:28:51 +00:00
2022-06-07 04:25:47 +00:00
- name: Create Gitea's logging directory
2023-05-04 03:42:55 +00:00
ansible.builtin.file:
2022-06-07 04:25:47 +00:00
name: /var/log/gitea
state: directory
2023-11-06 02:34:19 +00:00
mode: "755"
2022-06-07 04:25:47 +00:00
2022-05-28 06:31:41 +00:00
- name: Install Gitea's Fail2ban filter
2023-05-04 03:42:55 +00:00
ansible.builtin.template:
2022-05-28 06:31:41 +00:00
src: fail2ban-filter.conf.j2
dest: /etc/fail2ban/filter.d/gitea.conf
2023-11-06 02:34:19 +00:00
mode: "644"
2022-05-28 06:31:41 +00:00
notify: restart_fail2ban
- name: Install Gitea's Fail2ban jail
2023-05-04 03:42:55 +00:00
ansible.builtin.template:
2022-05-28 06:31:41 +00:00
src: fail2ban-jail.conf.j2
dest: /etc/fail2ban/jail.d/gitea.conf
2023-11-06 02:34:19 +00:00
mode: "640"
2022-05-28 06:31:41 +00:00
notify: restart_fail2ban