95 lines
3.4 KiB
YAML
95 lines
3.4 KiB
YAML
---
|
|
- name: Ensure gitea user '{{ gitea_user }}' is present
|
|
ansible.builtin.user:
|
|
name: "{{ gitea_user }}"
|
|
state: "present"
|
|
system: false
|
|
create_home: true
|
|
register: gitea_user_res
|
|
|
|
- name: Ensure host directories exist
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: "{{ gitea_user_res.uid }}"
|
|
group: "{{ gitea_user_res.group }}"
|
|
state: directory
|
|
loop:
|
|
- "{{ gitea_base_path }}"
|
|
- "{{ gitea_data_path }}"
|
|
|
|
- name: Ensure .ssh folder for gitea user exists
|
|
ansible.builtin.file:
|
|
path: "/home/{{ gitea_user }}/.ssh"
|
|
state: directory
|
|
owner: "{{ gitea_user_res.uid }}"
|
|
group: "{{ gitea_user_res.group }}"
|
|
mode: 0700
|
|
|
|
- name: Generate SSH keypair for host<>container
|
|
community.crypto.openssh_keypair:
|
|
path: "/home/{{ gitea_user }}/.ssh/id_ssh_ed25519"
|
|
type: ed25519
|
|
state: present
|
|
comment: "Gitea:Host2Container"
|
|
owner: "{{ gitea_user_res.uid }}"
|
|
group: "{{ gitea_user_res.group }}"
|
|
mode: 0600
|
|
register: gitea_user_ssh_key
|
|
|
|
- name: Create forwarding script
|
|
ansible.builtin.copy:
|
|
dest: "/usr/local/bin/gitea"
|
|
owner: "{{ gitea_user_res.uid }}"
|
|
group: "{{ gitea_user_res.group }}"
|
|
mode: 0700
|
|
content: |
|
|
ssh -p {{ gitea_public_ssh_server_port }} -o StrictHostKeyChecking=no {{ gitea_run_user }}@127.0.0.1 -i /home/{{ gitea_user }}/.ssh/id_ssh_ed25519 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
|
|
|
|
- name: Add host pubkey to git users authorized_keys file
|
|
ansible.builtin.lineinfile:
|
|
path: "/home/{{ gitea_user }}/.ssh/authorized_keys"
|
|
line: "{{ gitea_user_ssh_key.public_key }} Gitea:Host2Container"
|
|
state: present
|
|
create: yes
|
|
owner: "{{ gitea_user_res.uid }}"
|
|
group: "{{ gitea_user_res.group }}"
|
|
mode: 0600
|
|
|
|
- name: Ensure gitea container image is present
|
|
community.docker.docker_image:
|
|
name: "{{ gitea_container_image }}"
|
|
state: present
|
|
source: pull
|
|
force_source: "{{ gitea_container_image.endswith(':latest') }}"
|
|
|
|
- name: Ensure container '{{ gitea_container_name }}' with gitea is {{ gitea_container_state }}
|
|
community.docker.docker_container:
|
|
name: "{{ gitea_container_name }}"
|
|
image: "{{ gitea_container_image }}"
|
|
env: "{{ gitea_container_env }}"
|
|
labels: "{{ gitea_container_labels }}"
|
|
volumes: "{{ gitea_container_volumes }}"
|
|
networks: "{{ gitea_container_networks | default(omit, True) }}"
|
|
purge_networks: "{{ gitea_container_purge_networks | default(omit, True) }}"
|
|
published_ports: "{{ gitea_container_ports }}"
|
|
restart_policy: "{{ gitea_container_restart_policy }}"
|
|
state: "{{ gitea_container_state }}"
|
|
user: "{{ gitea_container_user | default(omit, true) }}"
|
|
|
|
- name: Ensure given configuration is set in the config file
|
|
ansible.builtin.ini_file:
|
|
path: "{{ gitea_data_path }}/gitea/conf/app.ini"
|
|
section: "{{ section }}"
|
|
option: "{{ option }}"
|
|
value: "{{ entry.value }}"
|
|
state: "{{ 'present' if (entry.value is not none) else 'absent' }}"
|
|
loop: "{{ lookup('ansible.utils.to_paths', gitea_config) | dict2items }}"
|
|
loop_control:
|
|
loop_var: entry
|
|
label: "{{ section | default('/', True) }}->{{ option }}"
|
|
vars:
|
|
key_split: "{{ entry.key | split('.') }}"
|
|
# sections can be named `section_name`.`sub_section`, f.ex.: `repository.upload`
|
|
section: "{{ '' if key_split|length == 1 else (key_split[:-1] | join('.')) }}"
|
|
option: "{{ key_split | first if key_split|length == 1 else key_split | last }}"
|