--- - hosts: bulletinboard become: true become_method: sudo become_user: root vars: gitea_device: "/dev/vdc" gitea_vg_name: "vg_gitea" gitea_lv_name: "lv_gitea" gitea_data_directory: "/gitea" vars_prompt: - name: gitea_password prompt: "Enter gitea Password: " private: true encrypt: sha512_crypt confirm: true salt_size: 7 - name: gitea_db_password prompt: "Enter Gitea DB Password: " private: true tasks: - name: Create gitea user ansible.builtin.user: name: gitea password: "{{ gitea_password }}" comment: "Podman user for Gitea application" uid: 2001 - name: Make .bashrc.d directory for gitea user ansible.builtin.file: path: /home/gitea/.bashrc.d owner: gitea group: gitea mode: "0750" state: directory - name: Set XDG_RUNTIME_DIR var for gitea user ansible.builtin.lineinfile: path: /home/gitea/.bashrc.d/systemd owner: gitea group: gitea mode: "0750" line: "export XDG_RUNTIME_DIR=/run/user/2001" create: true - name: Allow gitea user to linger ansible.builtin.shell: cmd: "loginctl enable-linger 2001" - name: Build /gitea mount ansible.builtin.import_role: name: make_lvm_mount vars: device_name: "{{ gitea_device }}" vg_name: "{{ gitea_vg_name }}" lvs: - lv_name: "{{ gitea_lv_name }}" lv_size: "100%FREE" directories: - name: "{{ gitea_data_directory }}" owner: gitea group: gitea mode: "0755" lv: "{{ gitea_lv_name }}" - name: Make /gitea subdirectories ansible.builtin.file: path: "{{ gitea_data_directory }}/{{ item }}" owner: gitea group: gitea mode: "0750" state: directory loop: - "data" - "config" - name: Place container environment file for gitea user ansible.builtin.lineinfile: path: /home/gitea/.containerenv owner: gitea group: gitea mode: "0750" line: "{{ item }}" insertafter: EOF create: true no_log: true loop: - "USER_UID=2001" - "USER_GID=2001" - "GITEA__database_DB_TYPE=mysql" - "GITEA__database__HOST=10.12.34.3:3306" - "GITEA__database__NAME=gitea" - "GITEA__database__USER=gitea" - "GITEA__database__PASSWD={{ gitea_db_password }}" - name: Run systemctl daemon-reload ansible.builtin.systemd_service: daemon_reload: true - name: Write subuid user entry for gitea ansible.builtin.lineinfile: path: /etc/subuid line: "gitea:102000:2000" insertafter: EOF create: true state: present - name: Write subgid user entry for gitea ansible.builtin.lineinfile: path: /etc/subgid line: "gitea:102000:2000" insertafter: EOF create: true state: present - name: Configure firewalld for gitea ansible.posix.firewalld: port: "8081/tcp" state: enabled permanent: true immediate: true # TODO Unit spec should get *.mount After directive from variables - name: Build gitea quadlet containers.podman.podman_container: name: gitea image: "docker.io/gitea/gitea:latest-rootless" state: quadlet quadlet_filename: "gitea-quadlet" quadlet_file_mode: "0640" rm: false ports: - "8081:3000" volumes: - "{{ gitea_data_directory }}/data:/var/lib/gitea:Z" - "{{ gitea_data_directory }}/config:/etc/gitea:Z" - "/etc/localtime:/etc/timezone:ro" - "/etc/localtime:/etc/localtime:ro" quadlet_options: - "AutoUpdate=registry" - "Pull=newer" - | [Install] WantedBy=default.target - | [Unit] Description=Gitea Quadlet After=gitea.mount - | [Service] ExecStartPre=/home/gitea/service_up.sh 3306 env_file: "/home/gitea/.containerenv" become_user: "gitea" - name: Run systemctl --user daemon-reload ansible.builtin.systemd_service: daemon_reload: true scope: user become_user: "gitea"