Cleaner Gitea playbook + 2 tasks/main.yml's

roles/gitea/tasks/apache.yml

@@ -0,0 +1,12 @@
+- name: Enable http://box{{ gitea_url }} via Apache    # http://box/gitea
+  command: a2ensite gitea.conf
+  when: gitea_enabled | bool
+
+- name: Disable http://box{{ gitea_url }} via Apache    # http://box/gitea
+  command: a2dissite gitea.conf
+  when: not gitea_enabled
+
+- name: Restart '{{ apache_service }}' systemd service
+  systemd:
+    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
+    state: restarted

roles/gitea/tasks/enable.yml

@@ -1,69 +0,0 @@
-- name: Enable & Restart 'gitea' systemd service
-  systemd:
-    name: gitea
-    daemon_reload: yes
-    enabled: yes
-    state: restarted
-  when: gitea_enabled | bool
-
-- name: Disable & Restart 'gitea' systemd service
-  systemd:
-    name: gitea
-    enabled: no
-    state: stopped
-  when: not gitea_enabled
-
-# Apache
-
-- name: Enable http://box{{ gitea_url }} via Apache    # i.e. http://box/gitea
-  command: a2ensite gitea.conf
-  when: apache_install and gitea_enabled
-
-- name: Disable http://box{{ gitea_url }} via Apache
-  command: a2dissite gitea.conf
-  when: apache_install and not gitea_enabled
-
-- name: Restart Apache systemd service ({{ apache_service }})
-  systemd:
-    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
-    state: restarted
-  when: apache_enabled | bool
-
-# NGINX
-
-- name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template
-  template:
-    src: gitea-nginx.conf.j2
-    dest: "{{ nginx_conf_dir }}/gitea-nginx.conf"
-  when: nginx_install and gitea_enabled
-
-- name: Disable http://box{{ gitea_url }} via NGINX, by removing {{ nginx_conf_dir }}/gitea-nginx.conf
-  file:
-    path: "{{ nginx_conf_dir }}/gitea-nginx.conf"
-    state: absent
-  when: nginx_install and not gitea_enabled
-
-- name: Restart 'nginx' systemd service
-  systemd:
-    name: nginx
-    state: restarted
-  when: nginx_enabled | bool
-
-
-- name: Add 'gitea' to list of services at {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"
-    section: gitea
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: name
-      value: Gitea
-    - option: description
-      value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"'
-    - option: gitea_run_directory
-      value: "{{ gitea_run_directory }}"
-    - option: gitea_url
-      value: "{{ gitea_url }}"
-    - option: gitea_enabled
-      value: "{{ gitea_enabled }}"

roles/gitea/tasks/install.yml

@@ -1,4 +1,4 @@
-# Prepare to install Gitea: create user and directory structure
+# 1. Prepare to install Gitea: create user and directory structure
 
 - name: Shut down existing Gitea instance (if we're reinstalling)
   systemd:
@@ -16,11 +16,11 @@
     name: gitea
     comment: Gitea daemon account
     groups: gitea
-    home: "{{ gitea_home }}"
+    home: "{{ gitea_home }}"    # /home/gitea
 
 - name: Create Gitea directory structure
   file:
-    path: "{{ gitea_root_directory }}/{{ item }}"
+    path: "{{ gitea_root_directory }}/{{ item }}"    # /library/gitea
     state: directory
     owner: gitea
     group: gitea
@@ -28,14 +28,15 @@
 
 - name: Make directories data, indexers, and log writable
   file:
-    path: "{{ gitea_root_directory }}/{{ item }}"
+    path: "{{ gitea_root_directory }}/{{ item }}"    # /library/gitea
     mode: '0750'
   with_items:
     - data
     - indexers
     - log
 
-# Download, verify, and link Gitea binary
+
+# 2. Download, verify, and link Gitea binary
 
 - name: Fail if we detect unknown architecture
   fail:
@@ -69,7 +70,8 @@
     group: gitea
     state: link
 
-# Configure Gitea
+
+# 3. Configure Gitea
 
 # For security reasons, the Gitea developers recommend removing group write
 # permissions from /etc/gitea/ and /etc/gitea/app.ini after the first run of 
@@ -92,7 +94,8 @@
     group: gitea
     mode: '0664'
 
-# Create systemd service & prepare Apache for http://box/gitea
+
+# 4. Create systemd service & prepare Apache for http://box/gitea
 
 - name: "Install from templates: /etc/systemd/system/gitea.service, /etc/apache2/sites-available/gitea.conf"
   template:
@@ -103,7 +106,7 @@
     - { src: 'gitea.conf.j2', dest: "/etc/{{ apache_conf_dir }}/gitea.conf" }
 
 
-# RECORD Gitea AS INSTALLED
+# 5. RECORD Gitea AS INSTALLED
 
 - name: "Set 'gitea_installed: True'"
   set_fact:

roles/gitea/tasks/main.yml

@@ -1,7 +1,67 @@
-- name: Install Gitea {{ gitea_version }} if gitea_install
-  include_tasks: install.yml
-  when: gitea_install and not (gitea_installed is defined)
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 
-- name: Enable Gitea {{ gitea_version }} if gitea_install
-  include_tasks: enable.yml
-  when: gitea_install or gitea_installed is defined
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
+
+- name: Assert that "gitea_install is sameas true" (boolean not string etc)
+  assert:
+    that: gitea_install is sameas true
+    fail_msg: "PLEASE SET 'gitea_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- name: Assert that "gitea_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: gitea_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'gitea_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+
+- name: Install Gitea {{ gitea_version }} if 'gitea_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: gitea_installed is undefined
+
+
+- name: Enable & Restart 'gitea' systemd service, if gitea_enabled
+  systemd:
+    name: gitea
+    daemon_reload: yes
+    enabled: yes
+    state: restarted
+  when: gitea_enabled | bool
+
+- name: Disable & Stop 'gitea' systemd service, if not gitea_enabled
+  systemd:
+    name: gitea
+    enabled: no
+    state: stopped
+  when: not gitea_enabled
+
+- name: Enable/Disable/Restart Apache if primary
+  include_tasks: apache.yml
+  when: not nginx_enabled
+
+- name: Enable/Disable/Restart NGINX if primary
+  include_tasks: nginx.yml
+  when: nginx_enabled | bool
+
+
+- name: Add 'gitea' to list of services at {{ iiab_ini_file }}
+  ini_file:
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab_state.yml
+    section: gitea
+    option: "{{ item.option }}"
+    value: "{{ item.value | string }}"
+  with_items:
+    - option: name
+      value: Gitea
+    - option: description
+      value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"'
+    - option: gitea_run_directory
+      value: "{{ gitea_run_directory }}"
+    - option: gitea_url
+      value: "{{ gitea_url }}"
+    - option: gitea_enabled
+      value: "{{ gitea_enabled }}"

roles/gitea/tasks/nginx.yml

@@ -0,0 +1,16 @@
+- name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template
+  template:
+    src: gitea-nginx.conf.j2
+    dest: "{{ nginx_conf_dir }}/gitea-nginx.conf"    # /etc/nginx/conf.d
+  when: gitea_enabled | bool
+
+- name: Disable http://box{{ gitea_url }} via NGINX, by removing {{ nginx_conf_dir }}/gitea-nginx.conf
+  file:
+    path: "{{ nginx_conf_dir }}/gitea-nginx.conf"    # /etc/nginx/conf.d
+    state: absent
+  when: not gitea_enabled
+
+- name: Restart 'nginx' systemd service
+  systemd:
+    name: nginx
+    state: restarted