init

2020-09-15 16:43:53 +02:00 · 2020-09-15 16:43:53 +02:00 · 8845621862
commit 8845621862
11 changed files with 478 additions and 0 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,173 @@
+---
+# vim: set expandtab tabstop=2 shiftwidth=2:
+- name: install dependencies
+  when: '"apk" == ansible_pkg_mgr|lower'
+  apk:
+    name:
+    - postgresql
+    - postgresql-client
+    - py3-psycopg2
+    - nginx
+    - gnutls-utils
+    - py3-openssl
+    - gitea
+
+- name: apt-based
+  when: '"apt" == ansible_pkg_mgr|lower'
+  block:
+    - name: install dependencies
+      apt:
+        name:
+        - postgresql
+        - postgresql-client
+        - python-psycopg2
+        - nginx
+        - gnutls-bin
+        - python-openssl
+    - name: create git-group
+      when: '"apt" == ansible_pkg_mgr|lower'
+      group:
+        name: git
+    - name: create git-user
+      when: '"apt" == ansible_pkg_mgr|lower'
+      user:
+        name: git
+        comment: git & gitea
+        group: git
+        shell: /bin/bash
+        createhome: yes
+        home: /home/git
+        move_home: no
+        skeleton: no
+    - name: create gitea-dirs
+      when: '"apt" == ansible_pkg_mgr|lower'
+      file:
+        dest: '{{item}}'
+        state: directory
+        force: yes
+        owner: git
+        mode: 0755
+      with_items:
+      - /var/lib/gitea
+      - /var/log/gitea
+      - /srv/gitea
+      - /srv/gitea/custom
+      - /etc/gitea
+    - name: create links
+      when: '"apt" == ansible_pkg_mgr|lower'
+      file:
+        dest: '{{item.key}}'
+        src: '{{item.value}}'
+        state: link
+        force: yes
+      with_dict:
+        /srv/gitea/data: /var/lib/gitea
+        /srv/gitea/custom/conf: /etc/gitea
+
+    - name: "download gitea-{{ gitea_version }}-{{ ansible_architecture }}"
+      when: '"apt" == ansible_pkg_mgr|lower'
+      get_url:
+        url: "{{ gitea_download_uri }}"
+        dest: "/srv/gitea/gitea-{{ gitea_version }}-{{ ansible_architecture }}"
+        mode: 0600
+    - name: "link gitea to gitea-{{ gitea_version }}-{{ ansible_architecture }}"
+      when: '"apt" == ansible_pkg_mgr|lower'
+      copy:
+        src: "/srv/gitea/gitea-{{ gitea_version }}-{{ ansible_architecture }}"
+        dest: /srv/gitea/gitea
+        remote_src: yes
+        mode: 0755
+
+- name: install gitea-service for systemd
+  when: ansible_service_mgr == "systemd"
+  copy:
+    src: gitea.service
+    dest: /etc/systemd/system/
+    owner: root
+    group: root
+    mode: 0644
+- name: systemctl daemon-reload
+  when: ansible_service_mgr == "systemd"
+  systemd:
+    daemon-reload: yes
+
+- name: started postgresql
+  service:
+    state: started
+    name: postgresql
+
+- name: create db gitea
+  become_user: postgres
+  become: true
+  postgresql_db:
+    name: gitea
+    encoding: UTF-8
+    template: template0
+- name: create db-user git
+  become_user: postgres
+  become: true
+  no_log: true
+  postgresql_user:
+    db: gitea
+    name: git
+    password: NULL
+#- name: create ldap-auth
+#  become: yes
+#  become_user: git
+#  shell: psql gitea
+#  args:
+#    stdin: |
+#      PREPARE upsert_login_source (varchar, int, bool, text) AS -- name, type, is_actived, cfg
+#        INSERT INTO login_source (name, type, is_actived, cfg) VALUES ($1, $2, $3, $4)
+#          ON CONFLICT (name) DO UPDATE SET type = $2, is_actived = $3, cfg = $4
+#            WHERE login_source.type <> $2 OR login_source.is_actived <> $3 OR login_source.cfg <> $4;
+
+#      EXECUTE upsert_login_source ('ldap', 5, 'true', '{"Name":"ldap","Host":"ldap.technikum-wien.at","Port":389,"SecurityProtocol":2,"SkipVerify":false,"BindDN":"ou=People,dc=technikum-wien,dc=at","BindPassword":"","UserBase":"","UserDN":"uid=%s,ou=People,dc=technikum-wien,dc=at","AttributeUsername":"uid","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","AttributesInBind":false,"Filter":"(\u0026(objectClass=posixAccount)(uid=%s))","AdminFilter":"","GroupEnabled":false,"GroupDN":"","GroupFilter":"","GroupMemberUID":"","UserUID":"","Enabled":true}');
+#  failed_when: "'ERROR:' in ldap_auth_sql.stderr"
+#  changed_when: "'INSERT 0 0' not in ldap_auth_sql.stdout"
+#  register: ldap_auth_sql
+
+- name: create gitea-config
+  template:
+    src: gitea.ini.j2
+    dest: /etc/gitea/app.ini
+    owner: git
+
+#- name: create tls-dir
+#  file:
+#    dest: '{{item}}'
+#    state: directory
+#    force: yes
+#    owner: root
+#    mode: 0700
+#  with_items:
+#  - /etc/nginx/tls
+- name: copy nginx-sites
+  when: '"apt" == ansible_pkg_mgr|lower'
+  template:
+    src: "nginx.j2"
+    dest: "/etc/nginx/sites-available/gitea"
+- name: enable nginx-sites
+  when: '"apt" == ansible_pkg_mgr|lower'
+  file:
+    state: link
+    src: "../sites-available/gitea"
+    dest: "/etc/nginx/sites-enabled/gitea"
+- name: copy nginx-sites
+  when: '"apk" == ansible_pkg_mgr|lower'
+  template:
+    src: "nginx.j2"
+    dest: "/etc/nginx/conf.d/gitea.conf"
+
+- name: systemctl daemon-reload
+  when: ansible_service_mgr == "systemd"
+  systemd: 
+    daemon-reload: yes
+- name: enable services
+  service:
+    name: '{{item}}'
+    enabled: true
+    state: restarted
+  with_items:
+  - nginx
+  - gitea