feat(gitea): add ansible role for deployment in docker containers

This commit is contained in:
transcaffeine 2022-01-30 15:52:31 +01:00
parent 41aa9f0365
commit 4aa0d6efbd
Signed by: transcaffeine
GPG Key ID: 03624C433676E465
4 changed files with 158 additions and 0 deletions

9
roles/gitea/README.md Normal file
View File

@ -0,0 +1,9 @@
# `finallycoffee.services.gitea` ansible role
## Overview
This role deploys [gitea](https://gitea.com/)
using its official available docker image, and is able to setup SSH
forwarding from the host to the container (enabling git-over-SSH without
the need for a non-standard SSH port while running an SSH server on the
host aswell).

View File

@ -0,0 +1,37 @@
---
gitea_version: "1.15.6"
gitea_user: git
gitea_base_path: "/opt/gitea"
gitea_data_path: "{{ gitea_base_path }}/data"
# container config
gitea_container_name: "git"
gitea_container_image_name: "docker.io/gitea/gitea"
gitea_container_image_tag: "{{ gitea_version }}"
gitea_container_image: "{{ gitea_container_image_name }}:{{ gitea_container_image_tag }}"
gitea_container_networks: []
gitea_container_purge_networks: ~
gitea_container_restart_policy: "unless-stopped"
gitea_container_extra_env: {}
gitea_contianer_extra_labels: {}
gitea_container_extra_ports: []
gitea_container_extra_volumes: []
# container defaults
gitea_container_base_volumes:
- "{{ gitea_data_path }}:/data:z"
- "/home/{{ gitea_user }}/.ssh/:/data/git/.ssh:z"
gitea_container_base_ports:
- "127.0.0.1:{{ git_container_port_webui }}:{{ git_container_port_webui }}"
- "127.0.0.1:{{ git_container_port_ssh }}:{{ git_container_port_ssh }}"
gitea_container_base_env:
USER_UID: "{{ gitea_user_res.uid | default(gitea_user) }}"
USER_GID: "{{ gitea_user_res.group | default(gitea_user) }}"
gitea_container_base_labels:
version: "{{ gitea_version }}"
gitea_config: {}

View File

@ -0,0 +1,99 @@
---
- name: Create gitea user
user:
name: "{{ gitea_user }}"
state: present
system: no
register: gitea_user_res
- name: Ensure host directories exist
file:
path: "{{ item }}"
owner: "{{ gitea_user_res.uid }}"
group: "{{ gitea_user_res.group }}"
state: directory
loop:
- "{{ gitea_base_path }}"
- "{{ gitea_data_path }}"
- name: Ensure .ssh folder for gitea user exists
file:
path: "/home/{{ gitea_user }}/.ssh"
state: directory
owner: "{{ gitea_user_res.uid }}"
group: "{{ gitea_user_res.group }}"
mode: 0700
- name: Generate SSH keypair for host<>container
community.crypto.openssh_keypair:
path: "/home/{{ gitea_user }}/.ssh/id_ssh_ed25519"
type: ed25519
state: present
comment: "Gitea:Host2Container"
owner: "{{ gitea_user_res.uid }}"
group: "{{ gitea_user_res.group }}"
mode: 0600
register: gitea_user_ssh_key
- name: Create directory to place forwarding script into
file:
path: "/app/gitea"
state: directory
mode: 0770
owner: "{{ gitea_user_res.uid }}"
group: "{{ gitea_user_res.group }}"
- name: Create forwarding script
copy:
dest: "/app/gitea/gitea"
owner: "{{ gitea_user_res.uid }}"
group: "{{ gitea_user_res.group }}"
mode: 0700
content: |
ssh -p {{ gitea_public_ssh_server_port }} -o StrictHostKeyChecking=no {{ gitea_user }}@127.0.0.1 -i /home/{{ gitea_user }}/.ssh/id_ssh_ed25519 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
- name: Add host pubkey to git users authorized_keys file
lineinfile:
path: "/home/{{ gitea_user }}/.ssh/authorized_keys"
line: "{{ gitea_user_ssh_key.public_key }} Gitea:Host2Container"
state: present
create: yes
owner: "{{ gitea_user_res.uid }}"
group: "{{ gitea_user_res.group }}"
mode: 0600
- name: Ensure gitea container image is present
docker_image:
name: "{{ gitea_container_image }}"
state: present
source: pull
force_source: "{{ gitea_container_image.endswith(':latest') }}"
- name: Ensure container '{{ gitea_container_name }}' with gitea is running
docker_container:
name: "{{ gitea_container_name }}"
image: "{{ gitea_container_image }}"
env: "{{ gitea_container_env }}"
volumes: "{{ gitea_container_volumes }}"
networks: "{{ gitea_container_networks | default(omit, True) }}"
purge_networks: "{{ gitea_container_purge_networks | default(omit, True) }}"
published_ports: "{{ gitea_container_ports }}"
restart_policy: "{{ gitea_container_restart_policy }}"
state: started
- name: Ensure given configuration is set in the config file
ini_file:
path: "{{ gitea_data_path }}/gitea/conf/app.ini"
section: "{{ section }}"
option: "{{ option }}"
value: "{{ entry.value }}"
state: "{{ 'present' if (entry.value is string or entry.value is sequence or entry.value is boolean or entry.value is number) else 'absent' }}"
loop: "{{ lookup('ansible.utils.to_paths', gitea_config) | dict2items }}"
loop_control:
loop_var: entry
label: "{{ section | default('/', True) }}->{{ option }}"
vars:
key_split: "{{ entry.key | split('.') }}"
section: "{{ '' if key_split|length == 1 else (key_split | first) }}"
option: "{{ key_split | first if key_split|length == 1 else key_split[1:] | join('.') }}"

13
roles/gitea/vars/main.yml Normal file
View File

@ -0,0 +1,13 @@
---
gitea_container_volumes: "{{ gitea_container_base_volumes + gitea_container_extra_volumes }}"
gitea_container_labels: "{{ gitea_container_base_labels | combine(gitea_container_extra_labels) }}"
gitea_container_env: "{{ gitea_container_base_env | combine(gitea_container_extra_env) }}"
gitea_container_ports: "{{ gitea_container_base_ports + gitea_container_extra_ports }}"
gitea_container_port_webui: 3000
gitea_container_port_ssh: 22