112 lines
2.6 KiB
YAML
112 lines
2.6 KiB
YAML
- name: Create Gitea directory
|
|
ansible.builtin.file:
|
|
path: "{{ gitea_root }}"
|
|
state: directory
|
|
|
|
- name: Create Gitea database
|
|
mysql_db:
|
|
name: "{{ gitea_dbname }}"
|
|
state: present
|
|
login_unix_socket: /var/run/mysqld/mysqld.sock
|
|
|
|
- name: Create Gitea database user
|
|
mysql_user:
|
|
name: "{{ gitea_dbuser }}"
|
|
password: "{{ gitea_dbpass }}"
|
|
host: '%'
|
|
state: present
|
|
priv: "{{ gitea_dbname }}.*:ALL"
|
|
login_unix_socket: /var/run/mysqld/mysqld.sock
|
|
|
|
- name: Create git user
|
|
ansible.builtin.user:
|
|
name: git
|
|
state: present
|
|
|
|
- name: Git user uid
|
|
getent:
|
|
database: passwd
|
|
key: git
|
|
|
|
- name: Git user gid
|
|
getent:
|
|
database: group
|
|
key: git
|
|
|
|
- name: Create git's .ssh directory
|
|
ansible.builtin.file:
|
|
path: /home/git/.ssh
|
|
state: directory
|
|
|
|
- name: Generate git's SSH keys
|
|
openssh_keypair:
|
|
path: /home/git/.ssh/id_rsa
|
|
|
|
- name: Find git's public SSH key
|
|
slurp:
|
|
src: /home/git/.ssh/id_rsa.pub
|
|
register: git_rsapub
|
|
|
|
- name: Get stats on git's authorized_keys file
|
|
stat:
|
|
path: /home/git/.ssh/authorized_keys
|
|
register: git_authkeys
|
|
|
|
- name: Create git's authorized_keys file
|
|
ansible.builtin.file:
|
|
path: /home/git/.ssh/authorized_keys
|
|
state: touch
|
|
when: not git_authkeys.stat.exists
|
|
|
|
- name: Add git's public SSH key to authorized_keys
|
|
lineinfile:
|
|
path: /home/git/.ssh/authorized_keys
|
|
regex: "^ssh-rsa"
|
|
line: "{{ git_rsapub['content'] | b64decode }}"
|
|
|
|
- name: Create Gitea host script for SSH
|
|
ansible.builtin.template:
|
|
src: gitea.sh.j2
|
|
dest: /usr/local/bin/gitea
|
|
mode: 0755
|
|
|
|
- name: Install Gitea's docker-compose file
|
|
ansible.builtin.template:
|
|
src: docker-compose.yml.j2
|
|
dest: "{{ gitea_root }}/docker-compose.yml"
|
|
notify: restart_gitea
|
|
|
|
- name: Install Gitea's docker-compose variables
|
|
ansible.builtin.template:
|
|
src: compose-env.j2
|
|
dest: "{{ gitea_root }}/.env"
|
|
notify: restart_gitea
|
|
|
|
- name: Create Gitea's logging directory
|
|
ansible.builtin.file:
|
|
name: /var/log/gitea
|
|
state: directory
|
|
|
|
- name: Create Gitea's initial log file
|
|
ansible.builtin.file:
|
|
name: /var/log/gitea/gitea.log
|
|
state: touch
|
|
|
|
- name: Install Gitea's Fail2ban filter
|
|
ansible.builtin.template:
|
|
src: fail2ban-filter.conf.j2
|
|
dest: /etc/fail2ban/filter.d/gitea.conf
|
|
notify: restart_fail2ban
|
|
|
|
- name: Install Gitea's Fail2ban jail
|
|
ansible.builtin.template:
|
|
src: fail2ban-jail.conf.j2
|
|
dest: /etc/fail2ban/jail.d/gitea.conf
|
|
notify: restart_fail2ban
|
|
|
|
- name: Start and enable Gitea service
|
|
ansible.builtin.service:
|
|
name: "{{ docker_compose_service }}@{{ gitea_name }}"
|
|
state: started
|
|
enabled: true
|