feat(gitea): add ansible role for deployment in docker containers
This commit is contained in:
parent
41aa9f0365
commit
4aa0d6efbd
9
roles/gitea/README.md
Normal file
9
roles/gitea/README.md
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# `finallycoffee.services.gitea` ansible role
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
This role deploys [gitea](https://gitea.com/)
|
||||||
|
using its official available docker image, and is able to setup SSH
|
||||||
|
forwarding from the host to the container (enabling git-over-SSH without
|
||||||
|
the need for a non-standard SSH port while running an SSH server on the
|
||||||
|
host aswell).
|
37
roles/gitea/defaults/main.yml
Normal file
37
roles/gitea/defaults/main.yml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
gitea_version: "1.15.6"
|
||||||
|
gitea_user: git
|
||||||
|
gitea_base_path: "/opt/gitea"
|
||||||
|
gitea_data_path: "{{ gitea_base_path }}/data"
|
||||||
|
|
||||||
|
# container config
|
||||||
|
gitea_container_name: "git"
|
||||||
|
gitea_container_image_name: "docker.io/gitea/gitea"
|
||||||
|
gitea_container_image_tag: "{{ gitea_version }}"
|
||||||
|
gitea_container_image: "{{ gitea_container_image_name }}:{{ gitea_container_image_tag }}"
|
||||||
|
gitea_container_networks: []
|
||||||
|
gitea_container_purge_networks: ~
|
||||||
|
gitea_container_restart_policy: "unless-stopped"
|
||||||
|
gitea_container_extra_env: {}
|
||||||
|
gitea_contianer_extra_labels: {}
|
||||||
|
gitea_container_extra_ports: []
|
||||||
|
gitea_container_extra_volumes: []
|
||||||
|
|
||||||
|
# container defaults
|
||||||
|
gitea_container_base_volumes:
|
||||||
|
- "{{ gitea_data_path }}:/data:z"
|
||||||
|
- "/home/{{ gitea_user }}/.ssh/:/data/git/.ssh:z"
|
||||||
|
|
||||||
|
gitea_container_base_ports:
|
||||||
|
- "127.0.0.1:{{ git_container_port_webui }}:{{ git_container_port_webui }}"
|
||||||
|
- "127.0.0.1:{{ git_container_port_ssh }}:{{ git_container_port_ssh }}"
|
||||||
|
|
||||||
|
gitea_container_base_env:
|
||||||
|
USER_UID: "{{ gitea_user_res.uid | default(gitea_user) }}"
|
||||||
|
USER_GID: "{{ gitea_user_res.group | default(gitea_user) }}"
|
||||||
|
|
||||||
|
gitea_container_base_labels:
|
||||||
|
version: "{{ gitea_version }}"
|
||||||
|
|
||||||
|
gitea_config: {}
|
99
roles/gitea/tasks/main.yml
Normal file
99
roles/gitea/tasks/main.yml
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Create gitea user
|
||||||
|
user:
|
||||||
|
name: "{{ gitea_user }}"
|
||||||
|
state: present
|
||||||
|
system: no
|
||||||
|
register: gitea_user_res
|
||||||
|
|
||||||
|
- name: Ensure host directories exist
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
owner: "{{ gitea_user_res.uid }}"
|
||||||
|
group: "{{ gitea_user_res.group }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "{{ gitea_base_path }}"
|
||||||
|
- "{{ gitea_data_path }}"
|
||||||
|
|
||||||
|
- name: Ensure .ssh folder for gitea user exists
|
||||||
|
file:
|
||||||
|
path: "/home/{{ gitea_user }}/.ssh"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ gitea_user_res.uid }}"
|
||||||
|
group: "{{ gitea_user_res.group }}"
|
||||||
|
mode: 0700
|
||||||
|
|
||||||
|
- name: Generate SSH keypair for host<>container
|
||||||
|
community.crypto.openssh_keypair:
|
||||||
|
path: "/home/{{ gitea_user }}/.ssh/id_ssh_ed25519"
|
||||||
|
type: ed25519
|
||||||
|
state: present
|
||||||
|
comment: "Gitea:Host2Container"
|
||||||
|
owner: "{{ gitea_user_res.uid }}"
|
||||||
|
group: "{{ gitea_user_res.group }}"
|
||||||
|
mode: 0600
|
||||||
|
register: gitea_user_ssh_key
|
||||||
|
|
||||||
|
- name: Create directory to place forwarding script into
|
||||||
|
file:
|
||||||
|
path: "/app/gitea"
|
||||||
|
state: directory
|
||||||
|
mode: 0770
|
||||||
|
owner: "{{ gitea_user_res.uid }}"
|
||||||
|
group: "{{ gitea_user_res.group }}"
|
||||||
|
|
||||||
|
- name: Create forwarding script
|
||||||
|
copy:
|
||||||
|
dest: "/app/gitea/gitea"
|
||||||
|
owner: "{{ gitea_user_res.uid }}"
|
||||||
|
group: "{{ gitea_user_res.group }}"
|
||||||
|
mode: 0700
|
||||||
|
content: |
|
||||||
|
ssh -p {{ gitea_public_ssh_server_port }} -o StrictHostKeyChecking=no {{ gitea_user }}@127.0.0.1 -i /home/{{ gitea_user }}/.ssh/id_ssh_ed25519 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
|
||||||
|
|
||||||
|
- name: Add host pubkey to git users authorized_keys file
|
||||||
|
lineinfile:
|
||||||
|
path: "/home/{{ gitea_user }}/.ssh/authorized_keys"
|
||||||
|
line: "{{ gitea_user_ssh_key.public_key }} Gitea:Host2Container"
|
||||||
|
state: present
|
||||||
|
create: yes
|
||||||
|
owner: "{{ gitea_user_res.uid }}"
|
||||||
|
group: "{{ gitea_user_res.group }}"
|
||||||
|
mode: 0600
|
||||||
|
|
||||||
|
- name: Ensure gitea container image is present
|
||||||
|
docker_image:
|
||||||
|
name: "{{ gitea_container_image }}"
|
||||||
|
state: present
|
||||||
|
source: pull
|
||||||
|
force_source: "{{ gitea_container_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
- name: Ensure container '{{ gitea_container_name }}' with gitea is running
|
||||||
|
docker_container:
|
||||||
|
name: "{{ gitea_container_name }}"
|
||||||
|
image: "{{ gitea_container_image }}"
|
||||||
|
env: "{{ gitea_container_env }}"
|
||||||
|
volumes: "{{ gitea_container_volumes }}"
|
||||||
|
networks: "{{ gitea_container_networks | default(omit, True) }}"
|
||||||
|
purge_networks: "{{ gitea_container_purge_networks | default(omit, True) }}"
|
||||||
|
published_ports: "{{ gitea_container_ports }}"
|
||||||
|
restart_policy: "{{ gitea_container_restart_policy }}"
|
||||||
|
state: started
|
||||||
|
|
||||||
|
- name: Ensure given configuration is set in the config file
|
||||||
|
ini_file:
|
||||||
|
path: "{{ gitea_data_path }}/gitea/conf/app.ini"
|
||||||
|
section: "{{ section }}"
|
||||||
|
option: "{{ option }}"
|
||||||
|
value: "{{ entry.value }}"
|
||||||
|
state: "{{ 'present' if (entry.value is string or entry.value is sequence or entry.value is boolean or entry.value is number) else 'absent' }}"
|
||||||
|
loop: "{{ lookup('ansible.utils.to_paths', gitea_config) | dict2items }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: entry
|
||||||
|
label: "{{ section | default('/', True) }}->{{ option }}"
|
||||||
|
vars:
|
||||||
|
key_split: "{{ entry.key | split('.') }}"
|
||||||
|
section: "{{ '' if key_split|length == 1 else (key_split | first) }}"
|
||||||
|
option: "{{ key_split | first if key_split|length == 1 else key_split[1:] | join('.') }}"
|
13
roles/gitea/vars/main.yml
Normal file
13
roles/gitea/vars/main.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
gitea_container_volumes: "{{ gitea_container_base_volumes + gitea_container_extra_volumes }}"
|
||||||
|
|
||||||
|
gitea_container_labels: "{{ gitea_container_base_labels | combine(gitea_container_extra_labels) }}"
|
||||||
|
|
||||||
|
gitea_container_env: "{{ gitea_container_base_env | combine(gitea_container_extra_env) }}"
|
||||||
|
|
||||||
|
gitea_container_ports: "{{ gitea_container_base_ports + gitea_container_extra_ports }}"
|
||||||
|
|
||||||
|
|
||||||
|
gitea_container_port_webui: 3000
|
||||||
|
gitea_container_port_ssh: 22
|
Loading…
Reference in New Issue
Block a user