iiab/roles/gitea/tasks/install.yml

# 1. Prepare to install Gitea: create user and directory structure

- name: Shut down existing Gitea instance (if we're reinstalling)
  systemd:
    name: gitea
    state: stopped
  ignore_errors: yes

- name: Ensure group gitea exists
  group:
    name: gitea
    state: present

- name: Create user gitea
  user:
    name: gitea
    comment: Gitea daemon account
    groups: gitea
    home: "{{ gitea_home }}"    # /home/gitea

- name: Create Gitea directory structure
  file:
    path: "{{ gitea_root_directory }}/{{ item }}"    # /library/gitea
    state: directory
    owner: gitea
    group: gitea
  with_items: "{{ gitea_subdirectories }}"

- name: Make directories data, indexers, and log writable
  file:
    path: "{{ gitea_root_directory }}/{{ item }}"    # /library/gitea
    mode: '0750'
  with_items:
    - data
    - indexers
    - log


# 2. Download, verify, and link Gitea binary

- name: Fail if we detect unknown architecture
  fail:
    msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\""
  when: gitea_iset_suffix == "unknown"

- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }}
  get_url:
    url: "{{ gitea_download_url }}"
    dest: "{{ gitea_install_path }}"
    mode: '0775'
  when: internet_available

- name: Download Gitea GPG signature
  get_url:
    url: "{{ gitea_integrity_url }}"
    dest: "{{ gitea_checksum_path }}"
  when: internet_available

- name: Verify Gitea binary with GPG signature
  shell: |
    gpg --keyserver pgp.mit.edu --recv {{ gitea_gpg_key }}
    gpg --verify {{ gitea_checksum_path }} {{ gitea_install_path }}
  ignore_errors: yes

- name: Symlink {{ gitea_link_path }} -> {{ gitea_install_path }}
  file:
    src: "{{ gitea_install_path }}"
    path: "{{ gitea_link_path }}"
    owner: gitea
    group: gitea
    state: link


# 3. Configure Gitea

# For security reasons, the Gitea developers recommend removing group write
# permissions from /etc/gitea/ and /etc/gitea/app.ini after the first run of 
# Gitea. User gitea needs write permissions during the first run but not 
# subsequent runs.

- name: mkdir /etc/gitea
  file:
    state: directory
    path: /etc/gitea
    owner: root
    group: gitea
    mode: '0770'

- name: Install /etc/gitea/app.ini from template
  template:
    src: app.ini.j2
    dest: /etc/gitea/app.ini
    owner: root
    group: gitea
    mode: '0664'


# 4. Create systemd service & prepare Apache for http://box/gitea

- name: "Install from template: /etc/systemd/system/gitea.service"
  template:
    src: gitea.service.j2
    dest: /etc/systemd/system/gitea.service

- name: "Install from template: /etc/{{ apache_conf_dir }}/gitea.conf"
  template:
    src: gitea.conf.j2
    dest: "/etc/{{ apache_conf_dir }}/gitea.conf"    # apache2/sites-available
  when: apache_installed is defined


# 5. RECORD Gitea AS INSTALLED

- name: "Set 'gitea_installed: True'"
  set_fact:
    gitea_installed: True

- name: "Add 'gitea_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^gitea_installed'
    line: 'gitea_installed: True'