mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
116 lines
3.1 KiB
YAML
116 lines
3.1 KiB
YAML
# 1. Prepare to install Gitea: create user and directory structure
|
|
|
|
- name: Shut down existing Gitea instance (if we're reinstalling)
|
|
systemd:
|
|
name: gitea
|
|
state: stopped
|
|
ignore_errors: yes
|
|
|
|
- name: Ensure group 'gitea' exists
|
|
group:
|
|
name: gitea
|
|
state: present
|
|
|
|
- name: Create user 'gitea'
|
|
user:
|
|
name: gitea
|
|
comment: Gitea daemon account
|
|
groups: gitea
|
|
home: "{{ gitea_home }}" # /home/gitea
|
|
|
|
- name: Create {{ gitea_root_directory }} directory structures
|
|
file:
|
|
path: "{{ gitea_root_directory }}/{{ item }}" # /library/gitea
|
|
state: directory
|
|
owner: gitea
|
|
group: gitea
|
|
with_items: "{{ gitea_subdirectories }}"
|
|
|
|
- name: Make directories data, indexers, and log writable (0750)
|
|
file:
|
|
path: "{{ gitea_root_directory }}/{{ item }}" # /library/gitea
|
|
mode: '0750'
|
|
with_items:
|
|
- data
|
|
- indexers
|
|
- log
|
|
|
|
|
|
# 2. Download, verify, and link Gitea binary
|
|
|
|
- name: Fail if we detect unknown architecture
|
|
fail:
|
|
msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\""
|
|
when: gitea_iset_suffix == "unknown"
|
|
|
|
- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~103 MB)
|
|
get_url:
|
|
url: "{{ gitea_download_url }}"
|
|
dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.16
|
|
mode: 0775
|
|
timeout: "{{ download_timeout }}"
|
|
|
|
- name: Download Gitea GPG signature {{ gitea_integrity_url }} to {{ gitea_checksum_path }}
|
|
get_url:
|
|
url: "{{ gitea_integrity_url }}"
|
|
dest: "{{ gitea_checksum_path }}"
|
|
timeout: "{{ download_timeout }}"
|
|
|
|
- name: Verify Gitea binary with GPG signature
|
|
shell: |
|
|
gpg --keyserver pgp.mit.edu --recv {{ gitea_gpg_key }}
|
|
gpg --verify {{ gitea_checksum_path }} {{ gitea_install_path }}
|
|
ignore_errors: yes
|
|
|
|
- name: Symlink {{ gitea_link_path }} -> {{ gitea_install_path }}
|
|
file:
|
|
src: "{{ gitea_install_path }}"
|
|
path: "{{ gitea_link_path }}" # /library/gitea/gitea
|
|
owner: gitea
|
|
group: gitea
|
|
state: link
|
|
|
|
|
|
# 3. Configure Gitea
|
|
|
|
# For security reasons, the Gitea developers recommend removing group write
|
|
# permissions from /etc/gitea/ and /etc/gitea/app.ini after the first run of
|
|
# Gitea. User gitea needs write permissions during the first run but not
|
|
# subsequent runs.
|
|
|
|
- name: mkdir /etc/gitea (0770)
|
|
file:
|
|
state: directory
|
|
path: /etc/gitea
|
|
owner: root
|
|
group: gitea
|
|
mode: 0770
|
|
|
|
- name: Install /etc/gitea/app.ini from template (0664)
|
|
template:
|
|
src: app.ini.j2
|
|
dest: /etc/gitea/app.ini
|
|
owner: root
|
|
group: gitea
|
|
mode: 0664
|
|
|
|
|
|
# 4. Create systemd service & prepare NGINX for http://box/gitea
|
|
|
|
- name: "Install from template: /etc/systemd/system/gitea.service (by default 0644)"
|
|
template:
|
|
src: gitea.service.j2
|
|
dest: /etc/systemd/system/gitea.service
|
|
|
|
|
|
# 5. RECORD Gitea AS INSTALLED
|
|
|
|
- name: "Set 'gitea_installed: True'"
|
|
set_fact:
|
|
gitea_installed: True
|
|
|
|
- name: "Add 'gitea_installed: True' to {{ iiab_state_file }}"
|
|
lineinfile:
|
|
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
|
|
regexp: '^gitea_installed'
|
|
line: 'gitea_installed: True'
|