First

defaults/README.md

@@ -0,0 +1,5 @@
+# Ansible rôle: Gitea
+
+Gitea front (no reverse proxy) with embeded let's Encrypt acme use.
+
+In our case, we uses Gitea with a mariadb database witch isn't on the same server. This role doesnot install mariadb.

defaults/main.yml

@@ -0,0 +1,45 @@
+---
+#mac 02:00:00:19:bb:b5
+
+gitea_dl_url: https://dl.gitea.io/gitea
+gitea_version: "1.9"
+gitea_arch: amd64
+gitea_home: /home/git
+
+#Over All
+gitea_APP_NAME: "Gitea"
+gitea_RUN_USER: "git"
+
+#Database
+
+database_DB_TYPE: mysql
+database_HOST: 192.168.x.x:3306
+database_NAME: gitea
+database_USER: gitea
+database_PASSWD: xxxxxxxx
+database_SSL_MODE: disable
+database_CHARSET: utf8
+database_PATH: /usr/local/bin/data/gitea.db
+
+#server
+
+server_SSH_DOMAIN: mygitserver.com
+server_DOMAIN: mygitserver.com
+server_HTTP_PORT: 443
+server_ROOT_URL: https://mygitserver.com/
+server_DISABLE_SSH: false
+server_SSH_PORT: 2222
+server_START_SSH_SERVER: true
+server_LFS_START_SERVER: false
+server_OFFLINE_MODE: false
+server_LETSENCRYPT_EMAIL: mymail@mail.fr
+
+#mailer
+mailer_ENABLED: true
+mailer_HOST: smtp.server.com:587
+mailer_USER: mymail
+mailer_PASSWD: xxxxxxxxxx
+mailer_FROM:  mymail@mail.fr
+
+#service
+service_NO_REPLY_ADDRESS: noreply@mail.fr

handlers/main.yml

@@ -0,0 +1,11 @@
+---
+- name: "Restart gitea"
+  service:
+    name: gitea
+    state: restarted
+  when: ansible_service_mgr == "systemd"
+
+- name: "Reload systemd"
+  systemd:
+    daemon_reload: true
+  when: ansible_service_mgr == "systemd"

tasks/main.yml

@@ -0,0 +1,72 @@
+---
+
+- name: install git package
+  apt:
+    name: ['git']
+    state: latest
+
+- name: "Create Gitea user"
+  user:
+    name: git
+    comment: "Gitea user"
+    home: "/home/git"
+    shell: "/bin/false"
+
+- name: "Create config and data directory"
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: git
+  with_items:
+    - "/home/git"
+    - "/home/git/data"
+    - "/var/log/gitea"
+    - "/home/git/custom"
+    - "/home/git/custom/conf"
+    - "/home/git/custom/https"
+    - "/home/git/custom/mailer"
+    - "/home/git/indexers"
+
+- name: "Check gitea version"
+  shell: "set -eo pipefail; /home/git/gitea -v | cut -d' ' -f 3"
+  register: gitea_active_version
+  changed_when: false
+  failed_when: false
+
+- name: "Download the binary"
+  get_url:
+    url: "{{ gitea_dl_url }}/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}"
+    dest: /home/git/gitea
+    owner: root
+    group: root
+    mode: 0755
+    force: true
+  #notify: "Restart gitea"
+  when:  gitea_active_version.stdout != gitea_version
+
+- name: "Give gitea binary capability to bind all ports"
+  capabilities:
+    path: /home/git/gitea
+    capability: cap_net_bind_service=+ep
+    state: present
+
+- name: "Configure gitea"
+  template:
+    src: gitea.ini
+    dest: /home/git/custom/conf/app.ini
+    owner: git
+    mode: 0600
+  notify: "Restart gitea"
+
+- name: "Setup systemd service"
+  template:
+    src: gitea.service
+    dest: /lib/systemd/system/gitea.service
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - "Reload systemd"
+    - "Restart gitea"
+
+

templates/gitea.ini

@@ -0,0 +1,79 @@
+APP_NAME: {{ gitea_APP_NAME }}
+RUN_USER: {{ gitea_RUN_USER }}
+RUN_MODE: prod
+
+
+[database]
+DB_TYPE  = {{ database_DB_TYPE }}
+HOST     = {{ database_HOST }}
+NAME     = {{ database_NAME }}
+USER     = {{ database_USER }}
+PASSWD   = {{ database_PASSWD }}
+SSL_MODE = {{ database_SSL_MODE }}
+CHARSET  = {{ database_CHARSET }}
+PATH     = {{ database_PATH }}
+
+[repository]
+ROOT = {{ gitea_home }}/data
+
+[server]
+SSH_DOMAIN       = {{ server_SSH_DOMAIN }}
+DOMAIN           = {{ server_DOMAIN }}
+HTTP_PORT        = {{ server_HTTP_PORT }}
+PROTOCOL=https
+DOMAIN={{ server_DOMAIN }}
+ENABLE_LETSENCRYPT=true
+LETSENCRYPT_ACCEPTTOS=true
+LETSENCRYPT_DIRECTORY=https
+LETSENCRYPT_EMAIL={{server_LETSENCRYPT_EMAIL}}
+
+
+ROOT_URL         = {{ server_ROOT_URL }}
+DISABLE_SSH      = {{ server_DISABLE_SSH }}
+START_SSH_SERVER = {{ server_START_SSH_SERVER }}
+SSH_PORT         = {{ server_SSH_PORT }}
+LFS_START_SERVER = {{ server_LFS_START_SERVER }}
+OFFLINE_MODE     = {{ server_OFFLINE_MODE }}
+
+[mailer]
+ENABLED = {{ mailer_ENABLED }}
+HOST    = {{ mailer_HOST }}
+USER    = {{ mailer_USER }}
+PASSWD  = {{ mailer_PASSWD }}
+FROM    = {{ mailer_FROM }}
+
+[service]
+REGISTER_EMAIL_CONFIRM            = false
+ENABLE_NOTIFY_MAIL                = false
+DISABLE_REGISTRATION              = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+ENABLE_CAPTCHA                    = false
+REQUIRE_SIGNIN_VIEW               = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING       = true
+NO_REPLY_ADDRESS                  = {{ service_NO_REPLY_ADDRESS }}
+
+[picture]
+DISABLE_GRAVATAR        = false
+ENABLE_FEDERATED_AVATAR = true
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+
+[session]
+PROVIDER = file
+
+[log]
+MODE      = file
+LEVEL     = info
+ROOT_PATH = /var/log/gitea
+
+[oauth2]
+JWT_SECRET = 1bBwvwFreUqcVSvPPO7UZ_4ovAGtQI_kIq070ua4Mms
+
+[security]
+INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NjQ0ODU2NTZ9.D5YYxvLXAerBlfq5JKXHLBhhnI4N5KBKW2Mae2EJJb0
+INSTALL_LOCK   = true
+SECRET_KEY     = xdD1yrkDWNq6LNqTx3bfa3kWOLv8Ew0HOCDzb2QfsJLVpsrcOoPjCA7G9bhTUsVv

templates/gitea.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Gitea git server
+After=network.target
+
+[Service]
+User=git
+ExecStart=/home/git/gitea web
+Restart=on-failure
+WorkingDirectory=/home/git
+
+[Install]
+WantedBy=multi-user.target