161 lines
4.5 KiB
YAML
161 lines
4.5 KiB
YAML
---
|
|
- hosts: bulletinboard
|
|
become: true
|
|
become_method: sudo
|
|
become_user: root
|
|
vars:
|
|
gitea_device: "/dev/vdc"
|
|
gitea_vg_name: "vg_gitea"
|
|
gitea_lv_name: "lv_gitea"
|
|
gitea_data_directory: "/gitea"
|
|
vars_prompt:
|
|
- name: gitea_password
|
|
prompt: "Enter gitea Password: "
|
|
private: true
|
|
encrypt: sha512_crypt
|
|
confirm: true
|
|
salt_size: 7
|
|
- name: gitea_db_password
|
|
prompt: "Enter Gitea DB Password: "
|
|
private: true
|
|
tasks:
|
|
- name: Create gitea user
|
|
ansible.builtin.user:
|
|
name: gitea
|
|
password: "{{ gitea_password }}"
|
|
comment: "Podman user for Gitea application"
|
|
uid: 2001
|
|
|
|
- name: Make .bashrc.d directory for gitea user
|
|
ansible.builtin.file:
|
|
path: /home/gitea/.bashrc.d
|
|
owner: gitea
|
|
group: gitea
|
|
mode: "0750"
|
|
state: directory
|
|
|
|
- name: Set XDG_RUNTIME_DIR var for gitea user
|
|
ansible.builtin.lineinfile:
|
|
path: /home/gitea/.bashrc.d/systemd
|
|
owner: gitea
|
|
group: gitea
|
|
mode: "0750"
|
|
line: "export XDG_RUNTIME_DIR=/run/user/2001"
|
|
create: true
|
|
|
|
- name: Allow gitea user to linger
|
|
ansible.builtin.shell:
|
|
cmd: "loginctl enable-linger 2001"
|
|
|
|
- name: Build /gitea mount
|
|
ansible.builtin.import_role:
|
|
name: make_lvm_mount
|
|
vars:
|
|
device_name: "{{ gitea_device }}"
|
|
vg_name: "{{ gitea_vg_name }}"
|
|
lvs:
|
|
- lv_name: "{{ gitea_lv_name }}"
|
|
lv_size: "100%FREE"
|
|
directories:
|
|
- name: "{{ gitea_data_directory }}"
|
|
owner: gitea
|
|
group: gitea
|
|
mode: "0755"
|
|
lv: "{{ gitea_lv_name }}"
|
|
|
|
- name: Make /gitea subdirectories
|
|
ansible.builtin.file:
|
|
path: "{{ gitea_data_directory }}/{{ item }}"
|
|
owner: gitea
|
|
group: gitea
|
|
mode: "0750"
|
|
state: directory
|
|
loop:
|
|
- "data"
|
|
- "config"
|
|
|
|
- name: Place container environment file for gitea user
|
|
ansible.builtin.lineinfile:
|
|
path: /home/gitea/.containerenv
|
|
owner: gitea
|
|
group: gitea
|
|
mode: "0750"
|
|
line: "{{ item }}"
|
|
insertafter: EOF
|
|
create: true
|
|
no_log: true
|
|
loop:
|
|
- "USER_UID=2001"
|
|
- "USER_GID=2001"
|
|
- "GITEA__database_DB_TYPE=mysql"
|
|
- "GITEA__database__HOST=10.12.34.3:3306"
|
|
- "GITEA__database__NAME=gitea"
|
|
- "GITEA__database__USER=gitea"
|
|
- "GITEA__database__PASSWD={{ gitea_db_password }}"
|
|
|
|
- name: Run systemctl daemon-reload
|
|
ansible.builtin.systemd_service:
|
|
daemon_reload: true
|
|
|
|
- name: Write subuid user entry for gitea
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/subuid
|
|
line: "gitea:102000:2000"
|
|
insertafter: EOF
|
|
create: true
|
|
state: present
|
|
|
|
- name: Write subgid user entry for gitea
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/subgid
|
|
line: "gitea:102000:2000"
|
|
insertafter: EOF
|
|
create: true
|
|
state: present
|
|
|
|
- name: Configure firewalld for gitea
|
|
ansible.posix.firewalld:
|
|
port: "8081/tcp"
|
|
state: enabled
|
|
permanent: true
|
|
immediate: true
|
|
|
|
# TODO Unit spec should get *.mount After directive from variables
|
|
- name: Build gitea quadlet
|
|
containers.podman.podman_container:
|
|
name: gitea
|
|
image: "docker.io/gitea/gitea:latest-rootless"
|
|
state: quadlet
|
|
quadlet_filename: "gitea-quadlet"
|
|
quadlet_file_mode: "0640"
|
|
rm: false
|
|
ports:
|
|
- "8081:3000"
|
|
volumes:
|
|
- "{{ gitea_data_directory }}/data:/var/lib/gitea:Z"
|
|
- "{{ gitea_data_directory }}/config:/etc/gitea:Z"
|
|
- "/etc/localtime:/etc/timezone:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
quadlet_options:
|
|
- "AutoUpdate=registry"
|
|
- "Pull=newer"
|
|
- |
|
|
[Install]
|
|
WantedBy=default.target
|
|
- |
|
|
[Unit]
|
|
Description=Gitea Quadlet
|
|
After=gitea.mount
|
|
- |
|
|
[Service]
|
|
ExecStartPre=/home/gitea/service_up.sh 3306
|
|
env_file: "/home/gitea/.containerenv"
|
|
become_user: "gitea"
|
|
|
|
- name: Run systemctl --user daemon-reload
|
|
ansible.builtin.systemd_service:
|
|
daemon_reload: true
|
|
scope: user
|
|
become_user: "gitea"
|
|
|