iiab/roles/gitea/tasks/install.yml

# 1. Prepare to install Gitea: create user and directory structure

- name: Shut down existing Gitea instance (if we're reinstalling)
  systemd:
    name: gitea
    state: stopped
  ignore_errors: yes

- name: Ensure group 'gitea' exists
  group:
    name: gitea
    state: present

- name: Create user 'gitea'
  user:
    name: gitea
    comment: Gitea daemon account
    groups: gitea
    home: "{{ gitea_home }}"    # /home/gitea

- name: Create {{ gitea_root_directory }} directory structures
  file:
    path: "{{ gitea_root_directory }}/{{ item }}"    # /library/gitea
    state: directory
    owner: gitea
    group: gitea
  with_items: "{{ gitea_subdirectories }}"

- name: Make directories data, indexers, and log writable (0750)
  file:
    path: "{{ gitea_root_directory }}/{{ item }}"    # /library/gitea
    mode: '0750'
  with_items:
    - data
    - indexers
    - log


# 2. Download, verify, and link Gitea binary

- name: Fail if we detect unknown architecture
  fail:
    msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\""
  when: gitea_iset_suffix == "unknown"

- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~102 MB)
  get_url:
    url: "{{ gitea_download_url }}"
    dest: "{{ gitea_install_path }}"    # e.g. /library/gitea/bin/gitea-1.15
    mode: 0775
    timeout: "{{ download_timeout }}"

- name: Download Gitea GPG signature {{ gitea_integrity_url }} to {{ gitea_checksum_path }}
  get_url:
    url: "{{ gitea_integrity_url }}"
    dest: "{{ gitea_checksum_path }}"
    timeout: "{{ download_timeout }}"

- name: Verify Gitea binary with GPG signature
  shell: |
    gpg --keyserver pgp.mit.edu --recv {{ gitea_gpg_key }}
    gpg --verify {{ gitea_checksum_path }} {{ gitea_install_path }}
  ignore_errors: yes

- name: Symlink {{ gitea_link_path }} -> {{ gitea_install_path }}
  file:
    src: "{{ gitea_install_path }}"
    path: "{{ gitea_link_path }}"
    owner: gitea
    group: gitea
    state: link


# 3. Configure Gitea

# For security reasons, the Gitea developers recommend removing group write
# permissions from /etc/gitea/ and /etc/gitea/app.ini after the first run of 
# Gitea. User gitea needs write permissions during the first run but not 
# subsequent runs.

- name: mkdir /etc/gitea (0770)
  file:
    state: directory
    path: /etc/gitea
    owner: root
    group: gitea
    mode: 0770

- name: Install /etc/gitea/app.ini from template (0664)
  template:
    src: app.ini.j2
    dest: /etc/gitea/app.ini
    owner: root
    group: gitea
    mode: 0664


# 4. Create systemd service & prepare NGINX for http://box/gitea

- name: "Install from template: /etc/systemd/system/gitea.service (by default 0644)"
  template:
    src: gitea.service.j2
    dest: /etc/systemd/system/gitea.service


# 5. RECORD Gitea AS INSTALLED

- name: "Set 'gitea_installed: True'"
  set_fact:
    gitea_installed: True

- name: "Add 'gitea_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^gitea_installed'
    line: 'gitea_installed: True'
Cleaner Gitea playbook + 2 tasks/main.yml's 2020-02-01 23:20:22 +00:00			`# 1. Prepare to install Gitea: create user and directory structure`
Add app.ini template and configuration plays 2018-10-18 17:23:18 +00:00
Shut down Gitea before reinstalling 2019-03-07 02:51:05 +00:00			`- name: Shut down existing Gitea instance (if we're reinstalling)`
			`systemd:`
			`name: gitea`
			`state: stopped`
ignore errors on pre-install step 2019-03-07 04:07:22 +00:00			`ignore_errors: yes`
Shut down Gitea before reinstalling 2019-03-07 02:51:05 +00:00
gitea/tasks/install.yml: Clean comments 2021-07-27 17:47:26 +00:00			`- name: Ensure group 'gitea' exists`
Create gitea group 2019-03-02 08:07:19 +00:00			`group:`
			`name: gitea`
			`state: present`

gitea/tasks/install.yml: Clean comments 2021-07-27 17:47:26 +00:00			`- name: Create user 'gitea'`
Create Gitea user 2018-10-18 16:41:16 +00:00			`user:`
			`name: gitea`
			`comment: Gitea daemon account`
			`groups: gitea`
Cleaner Gitea playbook + 2 tasks/main.yml's 2020-02-01 23:20:22 +00:00			`home: "{{ gitea_home }}" # /home/gitea`
Create Gitea user 2018-10-18 16:41:16 +00:00
AWStats + Calibre-Web + Gitea + Kiwix + Munix W/O Apache 2021-07-06 21:59:07 +00:00			`- name: Create {{ gitea_root_directory }} directory structures`
Move everything to /library/gitea, create more variables 2018-10-18 16:35:16 +00:00			`file:`
Cleaner Gitea playbook + 2 tasks/main.yml's 2020-02-01 23:20:22 +00:00			`path: "{{ gitea_root_directory }}/{{ item }}" # /library/gitea`
Move everything to /library/gitea, create more variables 2018-10-18 16:35:16 +00:00			`state: directory`
Create Gitea subdirectories with owner and group 2018-10-18 16:50:17 +00:00			`owner: gitea`
			`group: gitea`
			`with_items: "{{ gitea_subdirectories }}"`
Move everything to /library/gitea, create more variables 2018-10-18 16:35:16 +00:00
gitea/tasks/install.yml: Clean comments 2021-07-27 17:47:26 +00:00			`- name: Make directories data, indexers, and log writable (0750)`
Set permissions, create /etc/gitea 2018-10-18 16:57:54 +00:00			`file:`
Cleaner Gitea playbook + 2 tasks/main.yml's 2020-02-01 23:20:22 +00:00			`path: "{{ gitea_root_directory }}/{{ item }}" # /library/gitea`
Experiment: comment out Ansible tags in 25 files 2020-01-14 01:41:03 +00:00			`mode: '0750'`
Set permissions, create /etc/gitea 2018-10-18 16:57:54 +00:00			`with_items:`
			`- data`
			`- indexers`
			`- log`

Cleaner Gitea playbook + 2 tasks/main.yml's 2020-02-01 23:20:22 +00:00
			`# 2. Download, verify, and link Gitea binary`
Set permissions, create /etc/gitea 2018-10-18 16:57:54 +00:00
Fail if we detect unknown architecture 2018-10-18 21:10:41 +00:00			`- name: Fail if we detect unknown architecture`
			`fail:`
			`msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\""`
			`when: gitea_iset_suffix == "unknown"`

gitea/tasks/install.yml: Note /library/gitea/bin/gitea-1.15 is ~102MB 2022-01-01 03:11:38 +00:00			`- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~102 MB)`
Add play for downloading Gitea binary - Convert ansible_architecture variable to filename suffix 2018-10-18 07:26:39 +00:00			`get_url:`
			`url: "{{ gitea_download_url }}"`
gitea/tasks/install.yml: Note /library/gitea/bin/gitea-1.15 is ~102MB 2022-01-01 03:11:38 +00:00			`dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.15`
AWStats + Calibre-Web + Gitea + Kiwix + Munix W/O Apache 2021-07-06 21:59:07 +00:00			`mode: 0775`
gitea/tasks/install.yml: timeout: 10 -> 200 (for get_url from dl.gitea.io) 2020-11-27 14:06:20 +00:00			`timeout: "{{ download_timeout }}"`
Add play for downloading Gitea binary - Convert ansible_architecture variable to filename suffix 2018-10-18 07:26:39 +00:00
AWStats + Calibre-Web + Gitea + Kiwix + Munix W/O Apache 2021-07-06 21:59:07 +00:00			`- name: Download Gitea GPG signature {{ gitea_integrity_url }} to {{ gitea_checksum_path }}`
Add plays to verify Gitea binary 2018-10-18 07:36:00 +00:00			`get_url:`
			`url: "{{ gitea_integrity_url }}"`
Move everything to /library/gitea, create more variables 2018-10-18 16:35:16 +00:00			`dest: "{{ gitea_checksum_path }}"`
get_url 'timeout: "{{ download_timeout }}"' in 10 roles 2021-12-26 15:24:31 +00:00			`timeout: "{{ download_timeout }}"`
Add plays to verify Gitea binary 2018-10-18 07:36:00 +00:00
			`- name: Verify Gitea binary with GPG signature`
			`shell: \|`
Move GPG key to main.yml 2019-02-27 22:02:55 +00:00			`gpg --keyserver pgp.mit.edu --recv {{ gitea_gpg_key }}`
Move everything to /library/gitea, create more variables 2018-10-18 16:35:16 +00:00			`gpg --verify {{ gitea_checksum_path }} {{ gitea_install_path }}`
Don't abort if GPG verification fails 2019-03-05 00:39:35 +00:00			`ignore_errors: yes`
Add plays to verify Gitea binary 2018-10-18 07:36:00 +00:00
Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00			`- name: Symlink {{ gitea_link_path }} -> {{ gitea_install_path }}`
Create symlink 2018-10-18 16:52:51 +00:00			`file:`
			`src: "{{ gitea_install_path }}"`
Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00			`path: "{{ gitea_link_path }}"`
Create symlink 2018-10-18 16:52:51 +00:00			`owner: gitea`
			`group: gitea`
			`state: link`

Cleaner Gitea playbook + 2 tasks/main.yml's 2020-02-01 23:20:22 +00:00
			`# 3. Configure Gitea`
Add app.ini template and configuration plays 2018-10-18 17:23:18 +00:00
Add clarifying comment about /etc/gitea write permissions 2019-03-06 20:46:06 +00:00			`# For security reasons, the Gitea developers recommend removing group write`
			`# permissions from /etc/gitea/ and /etc/gitea/app.ini after the first run of`
			`# Gitea. User gitea needs write permissions during the first run but not`
			`# subsequent runs.`

AWStats + Calibre-Web + Gitea + Kiwix + Munix W/O Apache 2021-07-06 21:59:07 +00:00			`- name: mkdir /etc/gitea (0770)`
Add app.ini template and configuration plays 2018-10-18 17:23:18 +00:00			`file:`
			`state: directory`
Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00			`path: /etc/gitea`
Add app.ini template and configuration plays 2018-10-18 17:23:18 +00:00			`owner: root`
			`group: gitea`
AWStats + Calibre-Web + Gitea + Kiwix + Munix W/O Apache 2021-07-06 21:59:07 +00:00			`mode: 0770`
Add app.ini template and configuration plays 2018-10-18 17:23:18 +00:00
AWStats + Calibre-Web + Gitea + Kiwix + Munix W/O Apache 2021-07-06 21:59:07 +00:00			`- name: Install /etc/gitea/app.ini from template (0664)`
Add app.ini template and configuration plays 2018-10-18 17:23:18 +00:00			`template:`
			`src: app.ini.j2`
			`dest: /etc/gitea/app.ini`
			`owner: root`
			`group: gitea`
AWStats + Calibre-Web + Gitea + Kiwix + Munix W/O Apache 2021-07-06 21:59:07 +00:00			`mode: 0664`
Add app.ini template and configuration plays 2018-10-18 17:23:18 +00:00
Cleaner Gitea playbook + 2 tasks/main.yml's 2020-02-01 23:20:22 +00:00
AWStats + Calibre-Web + Gitea + Kiwix + Munix W/O Apache 2021-07-06 21:59:07 +00:00			`# 4. Create systemd service & prepare NGINX for http://box/gitea`
Add app.ini template and configuration plays 2018-10-18 17:23:18 +00:00
gitea/tasks/install.yml: Clean comments 2021-07-27 17:47:26 +00:00			`- name: "Install from template: /etc/systemd/system/gitea.service (by default 0644)"`
Add play for downloading Gitea binary - Convert ansible_architecture variable to filename suffix 2018-10-18 07:26:39 +00:00			`template:`
Reduce dependency on Apache in gitea/kolibri/mediawiki/munin etc 2020-05-17 03:50:22 +00:00			`src: gitea.service.j2`
			`dest: /etc/systemd/system/gitea.service`

Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00
Cleaner Gitea playbook + 2 tasks/main.yml's 2020-02-01 23:20:22 +00:00			`# 5. RECORD Gitea AS INSTALLED`
Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00
			`- name: "Set 'gitea_installed: True'"`
			`set_fact:`
			`gitea_installed: True`
Add play for downloading Gitea binary - Convert ansible_architecture variable to filename suffix 2018-10-18 07:26:39 +00:00
Cleaner ver: 35+1 files may write to iiab_state.yml 2020-01-12 23:15:33 +00:00			`- name: "Add 'gitea_installed: True' to {{ iiab_state_file }}"`
gitea - iiab_installed 2019-09-14 22:47:41 +00:00			`lineinfile:`
Convert dest: to path: per Ansible lineinfile norms 2020-02-04 00:54:04 +00:00			`path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml`
gitea - iiab_installed 2019-09-14 22:47:41 +00:00			`regexp: '^gitea_installed'`
needs True 2019-10-07 17:11:21 +00:00			`line: 'gitea_installed: True'`