From 4aa0d6efbd53605665ed468eb38a227589e0e2b5 Mon Sep 17 00:00:00 2001
From: Johanna Dorothea Reichmann <transcaffeine@finallycoffee.eu>
Date: Sun, 30 Jan 2022 15:52:31 +0100
Subject: [PATCH] feat(gitea): add ansible role for deployment in docker
 containers

---
 roles/gitea/README.md         |  9 ++++
 roles/gitea/defaults/main.yml | 37 +++++++++++++
 roles/gitea/tasks/main.yml    | 99 +++++++++++++++++++++++++++++++++++
 roles/gitea/vars/main.yml     | 13 +++++
 4 files changed, 158 insertions(+)
 create mode 100644 roles/gitea/README.md
 create mode 100644 roles/gitea/defaults/main.yml
 create mode 100644 roles/gitea/tasks/main.yml
 create mode 100644 roles/gitea/vars/main.yml

diff --git a/roles/gitea/README.md b/roles/gitea/README.md
new file mode 100644
index 0000000..c8af50c
--- /dev/null
+++ b/roles/gitea/README.md
@@ -0,0 +1,9 @@
+# `finallycoffee.services.gitea` ansible role
+
+## Overview
+
+This role deploys [gitea](https://gitea.com/)
+using its official available docker image, and is able to setup SSH
+forwarding from the host to the container (enabling git-over-SSH without
+the need for a non-standard SSH port while running an SSH server on the
+host aswell).
diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml
new file mode 100644
index 0000000..b0a7251
--- /dev/null
+++ b/roles/gitea/defaults/main.yml
@@ -0,0 +1,37 @@
+---
+
+gitea_version: "1.15.6"
+gitea_user: git
+gitea_base_path: "/opt/gitea"
+gitea_data_path: "{{ gitea_base_path }}/data"
+
+# container config
+gitea_container_name: "git"
+gitea_container_image_name: "docker.io/gitea/gitea"
+gitea_container_image_tag: "{{ gitea_version }}"
+gitea_container_image: "{{ gitea_container_image_name }}:{{ gitea_container_image_tag }}"
+gitea_container_networks: []
+gitea_container_purge_networks: ~
+gitea_container_restart_policy: "unless-stopped"
+gitea_container_extra_env: {}
+gitea_contianer_extra_labels: {}
+gitea_container_extra_ports: []
+gitea_container_extra_volumes: []
+
+# container defaults
+gitea_container_base_volumes:
+  - "{{ gitea_data_path }}:/data:z"
+  - "/home/{{ gitea_user }}/.ssh/:/data/git/.ssh:z"
+
+gitea_container_base_ports:
+  - "127.0.0.1:{{ git_container_port_webui }}:{{ git_container_port_webui }}"
+  - "127.0.0.1:{{ git_container_port_ssh }}:{{ git_container_port_ssh }}"
+
+gitea_container_base_env:
+  USER_UID: "{{ gitea_user_res.uid | default(gitea_user) }}"
+  USER_GID: "{{ gitea_user_res.group | default(gitea_user) }}"
+
+gitea_container_base_labels:
+  version: "{{ gitea_version }}"
+
+gitea_config: {}
diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
new file mode 100644
index 0000000..cba84b1
--- /dev/null
+++ b/roles/gitea/tasks/main.yml
@@ -0,0 +1,99 @@
+---
+
+- name: Create gitea user
+  user:
+    name: "{{ gitea_user }}"
+    state: present
+    system: no
+  register: gitea_user_res
+
+- name: Ensure host directories exist
+  file:
+    path: "{{ item }}"
+    owner: "{{ gitea_user_res.uid }}"
+    group: "{{ gitea_user_res.group }}"
+    state: directory
+  loop:
+    - "{{ gitea_base_path }}"
+    - "{{ gitea_data_path }}"
+
+- name: Ensure .ssh folder for gitea user exists
+  file:
+    path: "/home/{{ gitea_user }}/.ssh"
+    state: directory
+    owner: "{{ gitea_user_res.uid }}"
+    group: "{{ gitea_user_res.group }}"
+    mode: 0700
+
+- name: Generate SSH keypair for host<>container
+  community.crypto.openssh_keypair:
+    path: "/home/{{ gitea_user }}/.ssh/id_ssh_ed25519"
+    type: ed25519
+    state: present
+    comment: "Gitea:Host2Container"
+    owner: "{{ gitea_user_res.uid }}"
+    group: "{{ gitea_user_res.group }}"
+    mode: 0600
+  register: gitea_user_ssh_key
+
+- name: Create directory to place forwarding script into
+  file:
+    path: "/app/gitea"
+    state: directory
+    mode: 0770
+    owner: "{{ gitea_user_res.uid }}"
+    group: "{{ gitea_user_res.group }}"
+
+- name: Create forwarding script
+  copy:
+    dest: "/app/gitea/gitea"
+    owner: "{{ gitea_user_res.uid }}"
+    group: "{{ gitea_user_res.group }}"
+    mode: 0700
+    content: |
+      ssh -p {{ gitea_public_ssh_server_port }} -o StrictHostKeyChecking=no {{ gitea_user }}@127.0.0.1 -i /home/{{ gitea_user }}/.ssh/id_ssh_ed25519 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
+
+- name: Add host pubkey to git users authorized_keys file
+  lineinfile:
+    path: "/home/{{ gitea_user }}/.ssh/authorized_keys"
+    line: "{{ gitea_user_ssh_key.public_key }} Gitea:Host2Container"
+    state: present
+    create: yes
+    owner: "{{ gitea_user_res.uid }}"
+    group: "{{ gitea_user_res.group }}"
+    mode: 0600
+
+- name: Ensure gitea container image is present
+  docker_image:
+    name: "{{ gitea_container_image }}"
+    state: present
+    source: pull
+    force_source: "{{ gitea_container_image.endswith(':latest') }}"
+
+- name: Ensure container '{{ gitea_container_name }}' with gitea is running
+  docker_container:
+    name: "{{ gitea_container_name }}"
+    image: "{{ gitea_container_image }}"
+    env: "{{ gitea_container_env }}"
+    volumes: "{{ gitea_container_volumes }}"
+    networks: "{{ gitea_container_networks | default(omit, True) }}"
+    purge_networks: "{{ gitea_container_purge_networks | default(omit, True) }}"
+    published_ports: "{{ gitea_container_ports }}"
+    restart_policy: "{{ gitea_container_restart_policy }}"
+    state: started
+
+- name: Ensure given configuration is set in the config file
+  ini_file:
+    path: "{{ gitea_data_path }}/gitea/conf/app.ini"
+    section: "{{ section }}"
+    option: "{{ option }}"
+    value: "{{ entry.value }}"
+    state: "{{ 'present' if (entry.value is string or entry.value is sequence or entry.value is boolean or entry.value is number) else 'absent' }}"
+  loop: "{{ lookup('ansible.utils.to_paths', gitea_config) | dict2items }}"
+  loop_control:
+    loop_var: entry
+    label: "{{ section | default('/', True) }}->{{ option }}"
+  vars:
+    key_split: "{{ entry.key | split('.') }}"
+    section: "{{ '' if key_split|length == 1 else (key_split | first) }}"
+    option: "{{ key_split | first if key_split|length == 1 else key_split[1:] | join('.') }}"
diff --git a/roles/gitea/vars/main.yml b/roles/gitea/vars/main.yml
new file mode 100644
index 0000000..30b96de
--- /dev/null
+++ b/roles/gitea/vars/main.yml
@@ -0,0 +1,13 @@
+---
+
+gitea_container_volumes: "{{ gitea_container_base_volumes + gitea_container_extra_volumes }}"
+
+gitea_container_labels: "{{ gitea_container_base_labels | combine(gitea_container_extra_labels) }}"
+
+gitea_container_env: "{{ gitea_container_base_env | combine(gitea_container_extra_env) }}"
+
+gitea_container_ports: "{{ gitea_container_base_ports + gitea_container_extra_ports }}"
+
+
+gitea_container_port_webui: 3000
+gitea_container_port_ssh: 22