2019-03-16 06:51:32 -05:00
|
|
|
---
|
Improve ARM Support (#74)
* Gitea user should be a system user
* Improve installation system
* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading
* Improve ARM support
* Improve support for Vault Encrypted JWT tokens
* Fix spacing in gitea configuration template
When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.
* add proper redhat/debian deps for molecule testing
* Gitea group should be a system group
* fix linting for CI
* Update CI and meta information for up-to-date tests and distros
* molecule: fix typo for redhat packages
* fix typo
* bump gitea version to 1.13.1
* Use Ubuntu keyservers to play nicely with everyone
* Update minimum required ansible version to 2.9.8
This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8
* Replace yes by True to please the linting
* Truthy values needs to be lower-case
* bump gitea version to 1.13.2
* perform gitea dump as gitea user
* need to set become to yes
* autogenerate JWT_SECRETS (#77)
* autogenerate JWT_SECRETS
Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.
The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.
* drop ansible.builtin. syntax
* Update file permissions for "{{ gitea_home }}" (#75)
The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files.
This should be done better. And I have done here now.
By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me
```
find . -type f -exec chmod a-x {} \+;
find . -type f -exec chmod u=rwX {} \+;
```
* Bump cryptography from 3.2 to 3.3.2 (#79)
Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Gitea user should be a system user
* Improve installation system
* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading
* Improve ARM support
* Fix spacing in gitea configuration template
When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.
* add proper redhat/debian deps for molecule testing
* Gitea group should be a system group
* fix linting for CI
* Update CI and meta information for up-to-date tests and distros
* molecule: fix typo for redhat packages
* fix typo
* bump gitea version to 1.13.1
* Use Ubuntu keyservers to play nicely with everyone
* Update minimum required ansible version to 2.9.8
This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8
* Replace yes by True to please the linting
* Truthy values needs to be lower-case
* bump gitea version to 1.13.2
* perform gitea dump as gitea user
* need to set become to yes
* check-variables.yml doesn't exists anymore
Co-authored-by: L3D <l3d@c3woc.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-12 11:56:31 -06:00
|
|
|
- name: Gather variables for each operating system
|
|
|
|
include_vars: "{{ item }}"
|
|
|
|
with_first_found:
|
|
|
|
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
|
|
|
|
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
|
|
|
|
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
|
|
|
|
- "{{ ansible_distribution | lower }}.yml"
|
|
|
|
- "{{ ansible_os_family | lower }}.yml"
|
2020-04-04 07:06:25 -05:00
|
|
|
|
2021-04-12 12:06:19 -05:00
|
|
|
- name: Gather installed packages for checks in the role (fail2ban)
|
|
|
|
ansible.builtin.package_facts:
|
|
|
|
manager: auto
|
|
|
|
|
2019-04-27 19:00:35 -05:00
|
|
|
- name: "Check gitea version"
|
2021-04-10 12:07:02 -05:00
|
|
|
ansible.builtin.shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3"
|
2020-06-16 01:53:32 -05:00
|
|
|
args:
|
|
|
|
executable: /bin/bash
|
2019-04-27 19:00:35 -05:00
|
|
|
register: gitea_active_version
|
|
|
|
changed_when: false
|
|
|
|
failed_when: false
|
2019-05-22 02:30:09 -05:00
|
|
|
when: gitea_version_check|bool
|
2019-04-27 19:00:35 -05:00
|
|
|
|
2021-04-10 12:07:02 -05:00
|
|
|
- name: "Download the binary"
|
|
|
|
ansible.builtin.get_url:
|
|
|
|
url: "{{ gitea_dl_url }}"
|
|
|
|
dest: /usr/local/bin/gitea
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0755
|
|
|
|
force: true
|
|
|
|
notify: "Restart gitea"
|
|
|
|
when: (not gitea_version_check|bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version))
|
2017-01-10 15:09:34 -06:00
|
|
|
|
|
|
|
- include: create_user.yml
|
|
|
|
|
2021-04-10 12:07:02 -05:00
|
|
|
- name: "Create config and data directory"
|
|
|
|
ansible.builtin.file:
|
2017-01-10 15:09:34 -06:00
|
|
|
path: "{{ item }}"
|
|
|
|
state: directory
|
|
|
|
owner: "{{ gitea_user }}"
|
2021-01-27 08:13:02 -06:00
|
|
|
group: "{{ gitea_group }}"
|
2021-01-16 15:21:05 -06:00
|
|
|
mode: '0755'
|
2017-01-10 15:09:34 -06:00
|
|
|
with_items:
|
|
|
|
- "/etc/gitea"
|
2021-01-27 08:13:02 -06:00
|
|
|
|
|
|
|
- name: "Create data directory"
|
|
|
|
file:
|
|
|
|
path: "{{ item }}"
|
|
|
|
state: directory
|
|
|
|
owner: "{{ gitea_user }}"
|
|
|
|
group: "{{ gitea_group }}"
|
2021-02-10 13:05:04 -06:00
|
|
|
mode: 'u=rwX,g=rX,o='
|
2021-01-27 08:13:02 -06:00
|
|
|
recurse: true
|
|
|
|
with_items:
|
2017-01-10 15:09:34 -06:00
|
|
|
- "{{ gitea_home }}"
|
|
|
|
- "{{ gitea_home }}/data"
|
|
|
|
- "{{ gitea_home }}/custom"
|
|
|
|
- "{{ gitea_home }}/custom/https"
|
|
|
|
- "{{ gitea_home }}/custom/mailer"
|
2020-08-15 18:33:06 -05:00
|
|
|
- "{{ gitea_home }}/indexers"
|
2020-09-18 05:11:42 -05:00
|
|
|
- "{{ gitea_home }}/log"
|
Improve ARM Support (#74)
* Gitea user should be a system user
* Improve installation system
* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading
* Improve ARM support
* Improve support for Vault Encrypted JWT tokens
* Fix spacing in gitea configuration template
When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.
* add proper redhat/debian deps for molecule testing
* Gitea group should be a system group
* fix linting for CI
* Update CI and meta information for up-to-date tests and distros
* molecule: fix typo for redhat packages
* fix typo
* bump gitea version to 1.13.1
* Use Ubuntu keyservers to play nicely with everyone
* Update minimum required ansible version to 2.9.8
This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8
* Replace yes by True to please the linting
* Truthy values needs to be lower-case
* bump gitea version to 1.13.2
* perform gitea dump as gitea user
* need to set become to yes
* autogenerate JWT_SECRETS (#77)
* autogenerate JWT_SECRETS
Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.
The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.
* drop ansible.builtin. syntax
* Update file permissions for "{{ gitea_home }}" (#75)
The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files.
This should be done better. And I have done here now.
By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me
```
find . -type f -exec chmod a-x {} \+;
find . -type f -exec chmod u=rwX {} \+;
```
* Bump cryptography from 3.2 to 3.3.2 (#79)
Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Gitea user should be a system user
* Improve installation system
* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading
* Improve ARM support
* Fix spacing in gitea configuration template
When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.
* add proper redhat/debian deps for molecule testing
* Gitea group should be a system group
* fix linting for CI
* Update CI and meta information for up-to-date tests and distros
* molecule: fix typo for redhat packages
* fix typo
* bump gitea version to 1.13.1
* Use Ubuntu keyservers to play nicely with everyone
* Update minimum required ansible version to 2.9.8
This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8
* Replace yes by True to please the linting
* Truthy values needs to be lower-case
* bump gitea version to 1.13.2
* perform gitea dump as gitea user
* need to set become to yes
* check-variables.yml doesn't exists anymore
Co-authored-by: L3D <l3d@c3woc.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-12 11:56:31 -06:00
|
|
|
- "{{ gitea_repository_root }}"
|
2017-01-10 15:09:34 -06:00
|
|
|
|
|
|
|
- include: install_systemd.yml
|
|
|
|
when: ansible_service_mgr == "systemd"
|
|
|
|
|
2021-02-10 13:04:13 -06:00
|
|
|
- include_tasks: jwt_secrets.yml
|
2021-04-10 12:07:02 -05:00
|
|
|
- name: 'Install git'
|
|
|
|
ansible.builtin.package:
|
|
|
|
name: 'git'
|
|
|
|
state: 'present'
|
2021-02-10 13:04:13 -06:00
|
|
|
|
2017-01-10 15:09:34 -06:00
|
|
|
- name: "Configure gitea"
|
2021-04-10 12:07:02 -05:00
|
|
|
ansible.builtin.template:
|
2017-01-10 15:09:34 -06:00
|
|
|
src: gitea.ini.j2
|
|
|
|
dest: /etc/gitea/gitea.ini
|
|
|
|
owner: "{{ gitea_user }}"
|
2021-01-27 08:13:02 -06:00
|
|
|
group: "{{ gitea_group }}"
|
2017-01-10 15:09:34 -06:00
|
|
|
mode: 0600
|
|
|
|
notify: "Restart gitea"
|
|
|
|
|
|
|
|
- name: "Service gitea"
|
2021-04-10 12:07:02 -05:00
|
|
|
ansible.builtin.service:
|
2017-01-10 15:09:34 -06:00
|
|
|
name: gitea
|
|
|
|
state: started
|
|
|
|
enabled: true
|
2019-03-16 06:51:32 -05:00
|
|
|
when: ansible_service_mgr == "systemd"
|
2019-03-08 06:12:16 -06:00
|
|
|
|
|
|
|
- include: fail2ban.yml
|
2019-05-22 02:30:09 -05:00
|
|
|
when: gitea_fail2ban_enabled|bool
|