--- # vim: set expandtab tabstop=2 shiftwidth=2: - name: install dependencies when: '"apk" == ansible_pkg_mgr|lower' apk: name: - postgresql - postgresql-client - py3-psycopg2 - nginx - gnutls-utils - py3-openssl - gitea - name: apt-based when: '"apt" == ansible_pkg_mgr|lower' block: - name: install dependencies apt: name: - postgresql - postgresql-client - python-psycopg2 - nginx - gnutls-bin - python-openssl - name: create git-group when: '"apt" == ansible_pkg_mgr|lower' group: name: git - name: create git-user when: '"apt" == ansible_pkg_mgr|lower' user: name: git comment: git & gitea group: git shell: /bin/bash createhome: yes home: /home/git move_home: no skeleton: no - name: create gitea-dirs when: '"apt" == ansible_pkg_mgr|lower' file: dest: '{{item}}' state: directory force: yes owner: git mode: 0755 with_items: - /var/lib/gitea - /var/log/gitea - /srv/gitea - /srv/gitea/custom - /etc/gitea - name: create links when: '"apt" == ansible_pkg_mgr|lower' file: dest: '{{item.key}}' src: '{{item.value}}' state: link force: yes with_dict: /srv/gitea/data: /var/lib/gitea /srv/gitea/custom/conf: /etc/gitea - name: "download gitea-{{ gitea_version }}-{{ ansible_architecture }}" when: '"apt" == ansible_pkg_mgr|lower' get_url: url: "{{ gitea_download_uri }}" dest: "/srv/gitea/gitea-{{ gitea_version }}-{{ ansible_architecture }}" mode: 0600 - name: "link gitea to gitea-{{ gitea_version }}-{{ ansible_architecture }}" when: '"apt" == ansible_pkg_mgr|lower' copy: src: "/srv/gitea/gitea-{{ gitea_version }}-{{ ansible_architecture }}" dest: /srv/gitea/gitea remote_src: yes mode: 0755 - name: install gitea-service for systemd when: ansible_service_mgr == "systemd" copy: src: gitea.service dest: /etc/systemd/system/ owner: root group: root mode: 0644 - name: systemctl daemon-reload when: ansible_service_mgr == "systemd" systemd: daemon-reload: yes - name: started postgresql service: state: started name: postgresql - name: create db gitea become_user: postgres become: true postgresql_db: name: gitea encoding: UTF-8 template: template0 - name: create db-user git become_user: postgres become: true no_log: true postgresql_user: db: gitea name: git password: NULL #- name: create ldap-auth # become: yes # become_user: git # shell: psql gitea # args: # stdin: | # PREPARE upsert_login_source (varchar, int, bool, text) AS -- name, type, is_actived, cfg # INSERT INTO login_source (name, type, is_actived, cfg) VALUES ($1, $2, $3, $4) # ON CONFLICT (name) DO UPDATE SET type = $2, is_actived = $3, cfg = $4 # WHERE login_source.type <> $2 OR login_source.is_actived <> $3 OR login_source.cfg <> $4; # EXECUTE upsert_login_source ('ldap', 5, 'true', '{"Name":"ldap","Host":"ldap.technikum-wien.at","Port":389,"SecurityProtocol":2,"SkipVerify":false,"BindDN":"ou=People,dc=technikum-wien,dc=at","BindPassword":"","UserBase":"","UserDN":"uid=%s,ou=People,dc=technikum-wien,dc=at","AttributeUsername":"uid","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","AttributesInBind":false,"Filter":"(\u0026(objectClass=posixAccount)(uid=%s))","AdminFilter":"","GroupEnabled":false,"GroupDN":"","GroupFilter":"","GroupMemberUID":"","UserUID":"","Enabled":true}'); # failed_when: "'ERROR:' in ldap_auth_sql.stderr" # changed_when: "'INSERT 0 0' not in ldap_auth_sql.stdout" # register: ldap_auth_sql - name: create gitea-config template: src: gitea.ini.j2 dest: /etc/gitea/app.ini owner: git #- name: create tls-dir # file: # dest: '{{item}}' # state: directory # force: yes # owner: root # mode: 0700 # with_items: # - /etc/nginx/tls - name: copy nginx-sites when: '"apt" == ansible_pkg_mgr|lower' template: src: "nginx.j2" dest: "/etc/nginx/sites-available/gitea" - name: enable nginx-sites when: '"apt" == ansible_pkg_mgr|lower' file: state: link src: "../sites-available/gitea" dest: "/etc/nginx/sites-enabled/gitea" - name: copy nginx-sites when: '"apk" == ansible_pkg_mgr|lower' template: src: "nginx.j2" dest: "/etc/nginx/conf.d/gitea.conf" - name: systemctl daemon-reload when: ansible_service_mgr == "systemd" systemd: daemon-reload: yes - name: enable services service: name: '{{item}}' enabled: true state: restarted with_items: - nginx - gitea