README.md

@@ -21,17 +21,18 @@ Damit die Rolle funktioniert muss eine Reihe an Variablen für alle Hosts bereit
 
 | Variable | Beschreibung | Werte |
 |----------|--------------|-------|
-| `gitea['hostname']` | Gitea Hostname | (String) |
-| `gitea['domain']` | Gitea Domain | (String) |
+| `system['hostname']` | Hostname des Systems | (String) |
+| `system['domain']` | Domain des Systems | (String) |
 | `gitea['app_name']` | Titel für die Startseite | (String) |
 
 Im Inventory sieht das dann in etwa so aus:
 
 ```yaml
-gitea:
-  app_name: Beispiel Gitea Server
+system:
   hostname: gitea
   domain: int.example.com
+gitea:
+  app_name: Beispiel Gitea Server
 ```
 
 #### Optionale Variablen

tasks/main.yaml

@@ -35,6 +35,14 @@
     group: "{{ git_user.group }}"
     mode: 0700
 
+- name: Create Logging Directory
+  file:
+    path: "/opt/gitea/log"
+    state: directory
+    owner: "{{ git_user.uid }}"
+    group: "{{ git_user.group }}"
+    mode: 0700
+
 - name: Start Docker Daemon
   systemd:
     name: docker
@@ -47,7 +55,6 @@
     dest: "/opt/gitea/environment.env"
     owner: root
     mode: 0600
-  register: gitea_env
 
 - name: Upload docker-compose.yaml
   ansible.builtin.template:
@@ -55,12 +62,9 @@
     dest: /opt/gitea/docker-compose.yaml
     owner: root
     mode: 0600
-  register: gitea_container
 
-- name: Create / Recreate Gitea container
+- name: Create Gitea container
   community.docker.docker_compose:
     project_src: /opt/gitea
     state: present
-    restarted: true
-  when: gitea_env.changed or gitea_container.changed
-
+    recreate: smart

templates/docker-compose.yaml.j2

@@ -24,6 +24,12 @@ services:
       - "22:2222"
     user: "{{ git_user.uid }}:{{ git_user.group }}"
     env_file: ./environment.env
+    environment:
+      - GITEA__database__DB_TYPE=mysql
+      - GITEA__database__HOST=db:3306
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=gitea
+      - "GITEA__database__PASSWD={{ vault[inventory_hostname]['gitea']['db_secret'] }}"
     networks:
       - gitea
     depends_on:
@@ -33,10 +39,10 @@ services:
     image: mysql:8
     restart: always
     environment:
-      - "MYSQL_DATABASE={{ gitea_vars.database.name }}"
-      - "MYSQL_USER={{ gitea_vars.database.user }}"
-      - "MYSQL_PASSWORD={{ vault[inventory_hostname]['gitea']['database']['passwd'] }}"
-      - "MYSQL_ROOT_PASSWORD={{ vault[inventory_hostname]['gitea']['database']['root_passwd'] }}"
+      - MYSQL_DATABASE=gitea
+      - MYSQL_USER=gitea
+      - "MYSQL_PASSWORD={{ vault[inventory_hostname]['gitea']['db_secret'] }}"
+      - "MYSQL_ROOT_PASSWORD={{ vault[inventory_hostname]['gitea']['db_root_secret'] }}"
     networks:
       - gitea
     volumes:

templates/environment.env.j2

@@ -6,76 +6,13 @@
 
 USER_UID={{ git_user.uid }}
 USER_GID={{ git_user.group }}
-USER={{ git_user.name }}
 GITEA__APP_NAME={{ gitea_vars.app_name }}
 GITEA__RUN_USER={{ git_user.name }}
-GITEA__server__ROOT_URL=https://{{ gitea.hostname }}.{{ gitea.domain }}/
-GITEA__server__Domain={{ gitea.hostname }}.{{ gitea.domain }}
+GITEA__server__ROOT_URL=https://{{ system.hostname }}.{{ system.domain }}/
+GITEA__server__Domain={{ system.hostname }}.{{ system.domain }}
 
 GITEA__server__SSH_PORT=22
 
-{% if 'database' in gitea_vars %}
-{% if 'db_type' in gitea_vars['database'] %}
-GITEA__database__DB_TYPE={{ gitea_vars.database.db_type }}
-{% endif %}
-{% if 'host' in gitea_vars['database'] %}
-GITEA__database__HOST={{ gitea_vars.database.host }}
-{% endif %}
-{% if 'name' in gitea_vars['database'] %}
-GITEA__database__NAME={{ gitea_vars.database.name }}
-{% endif %}
-{% if 'user' in gitea_vars['database'] %}
-GITEA__database__USER={{ gitea_vars.database.user }}
-{% endif %}
-{% if 'database' in vault[inventory_hostname]['gitea'] %}
-{% if 'passwd' in vault[inventory_hostname]['gitea']['database'] %}
-GITEA__database__PASSWD={{ vault[inventory_hostname]['gitea']['database']['passwd'] }}
-{% endif %}
-{% endif %}
-{% if 'schema' in gitea_vars['database'] %}
-GITEA__database__SCHEMA={{ gitea_vars.database.schema }}
-{% endif %}
-{% if 'ssl_mode' in gitea_vars['database'] %}
-GITEA__database__SSL_MODE={{ gitea_vars.database.ssl_mode }}
-{% endif %}
-{% if 'sqlite_timeout' in gitea_vars['database'] %}
-GITEA__database__SQLITE_TIMEOUT={{ gitea_vars.database.sqlite_timeout }}
-{% endif %}
-{% if 'sqlite_journal_mode' in gitea_vars['database'] %}
-GITEA__database__SQLITE_JOURNAL_MODE={{ gitea_vars.database.sqlite_journal_mode }}
-{% endif %}
-{% if 'iterate_buffer_size' in gitea_vars['database'] %}
-GITEA__database__ITERATE_BUFFER_SIZE={{ gitea_vars.database.iterate_buffer_size }}
-{% endif %}
-{% if 'charset' in gitea_vars['database'] %}
-GITEA__database__CHARSET={{ gitea_vars.database.charset }}
-{% endif %}
-{% if 'path' in gitea_vars['database'] %}
-GITEA__database__PATH={{ gitea_vars.database.path }}
-{% endif %}
-{% if 'log_sql' in gitea_vars['database'] %}
-GITEA__database__ABC={{ gitea_vars.database.abc }}
-{% endif %}
-{% if 'db_retries' in gitea_vars['database'] %}
-GITEA__database__DB_RETRIES={{ gitea_vars.database.db_retries }}
-{% endif %}
-{% if 'db_retry_backoff' in gitea_vars['database'] %}
-GITEA__database__DB_RETRY_BACKOFF={{ gitea_vars.database.db_retry_backoff }}
-{% endif %}
-{% if 'max_open_conns' in gitea_vars['database'] %}
-GITEA__database__MAX_OPEN_CONNS={{ gitea_vars.database.max_open_conns }}
-{% endif %}
-{% if 'max_idle_conns' in gitea_vars['database'] %}
-GITEA__database__MAX_IDLE_CONNS={{ gitea_vars.database.max_idle_conns }}
-{% endif %}
-{% if 'conn_max_lifetime' in gitea_vars['database'] %}
-GITEA__database__CONN_MAX_LIFETIME={{ gitea_vars.database.conn_max_lifetime }}
-{% endif %}
-{% if 'auto_migration' in gitea_vars['database'] %}
-GITEA__database__AUTO_MIGRATION={{ gitea_vars.database.auto_migration }}
-{% endif %}
-{% endif %} {# /database #}
-
 {% if 'service' in gitea_vars %}
 {% if 'disable_registration' in gitea_vars['service'] %}
 GITEA__service__DISABLE_REGISTRATION={{ gitea_vars.service.disable_registration }}
@@ -122,10 +59,8 @@ GITEA__mailer__ENABLE_HELO={{ gitea_vars.mailer.enable_helo }}
 {% if 'user' in gitea_vars['mailer'] %}
 GITEA__mailer__USER={{ gitea_vars.mailer.user }}
 {% endif %}
-{% if 'mailer' in vault[inventory_hostname]['gitea'] %}
-{% if 'passwd' in vault[inventory_hostname]['gitea']['mailer'] %}
-GITEA__mailer__PASSWD={{ vault[inventory_hostname]['gitea']['mailer']['passwd'] }}
-{% endif %}
+{% if 'passwd' in gitea_vars['mailer'] %}
+GITEA__mailer__PASSWD={{ gitea_vars.mailer.passwd }}
 {% endif %}
 {% endif %} {# /mailer #}
 
@@ -169,10 +104,8 @@ GITEA__attachment__MINIO_ENDPOINT={{ gitea_vars.attachment.minio_endpoint }}
 {% if 'minio_access_key_id' in gitea_vars['attachment'] %}
 GITEA__attachment__MINIO_ACCESS_KEY_ID={{ gitea_vars.attachment.minio_access_key_id }}
 {% endif %}
-{% if 'attachment' in vault[inventory_hostname]['gitea'] %}
-{% if 'minio_secret_access_key' in vault[inventory_hostname]['gitea']['attachment'] %}
-GITEA__attachment__MINIO_SECRET_ACCESS_KEY={{ vault[inventory_hostname]['gitea']['attachment']['minio_secret_access_key'] }}
-{% endif %}
+{% if 'minio_secret_access_key' in gitea_vars['attachment'] %}
+GITEA__attachment__MINIO_SECRET_ACCESS_KEY={{ gitea_vars.attachment.minio_secret_access_key }}
 {% endif %}
 {% if 'minio_bucket' in gitea_vars['attachment'] %}
 GITEA__attachment__MINIO_BUCKET={{ gitea_vars.attachment.minio_bucket }}
@@ -224,84 +157,4 @@ GITEA__ssh.minimum_key_sizes__RSA={{ gitea_vars.ssh.minimum_key_sizes.rsa }}
 GITEA__ssh.minimum_key_sizes__DSA={{ gitea_vars.ssh.minimum_key_sizes.dsa }}
 {% endif %}
 {% endif %}
-{% endif %} {# /ssh #}
-
-{% if 'security' in gitea_vars %}
-{% if 'install_lock' in gitea_vars['security'] %}
-GITEA__security__INSTALL_LOCK={{ gitea_vars.security.install_lock }}
-{% endif %}
-{% if 'security' in vault[inventory_hostname]['gitea'] %}
-{% if 'secret_key' in vault[inventory_hostname]['gitea']['security'] %}
-GITEA__security__SECRET_KEY={{ vault[inventory_hostname]['gitea']['security']['secret_key'] }}
-{% endif %}
-{% endif %}
-{% if 'secret_key_uri' in gitea_vars['security'] %}
-GITEA__security__SECRET_KEY_URI={{ gitea_vars.security.secret_key_uri }}
-{% endif %}
-{% if 'login_remember_days' in gitea_vars['security'] %}
-GITEA__security__SECURITYIN_REMEMBER_DAYS={{ gitea_vars.security.login_remember_days }}
-{% endif %}
-{% if 'cookie_username' in gitea_vars['security'] %}
-GITEA__security__COOKIE_USERNAME={{ gitea_vars.security.cookie_username }}
-{% endif %}
-{% if 'reverse_proxy_authentication_user' in gitea_vars['security'] %}
-GITEA__security__REVERSE_PROXY_AUTHENTICATION_USER={{ gitea_vars.security.reverse_proxy_authentication_user }}
-{% endif %}
-{% if 'reverse_proxy_authentication_email' in gitea_vars['security'] %}
-GITEA__security__REVERSE_PROXY_AUTHENTICATION_EMAIL={{ gitea_vars.security.reverse_proxy_authentication_email }}
-{% endif %}
-{% if 'reverse_proxy_authentication_full_name' in gitea_vars['security'] %}
-GITEA__security__REVERSE_PROXY_AUTHENTICATION_FULL_NAME={{ gitea_vars.security.reverse_proxy_authentication_full_name }}
-{% endif %}
-{% if 'reverse_proxy_limit' in gitea_vars['security'] %}
-GITEA__security__REVERSE_PROXY_LIMIT={{ gitea_vars.security.reverse_proxy_limit }}
-{% endif %}
-{% if 'reverse_proxy_trusted_proxies' in gitea_vars['security'] %}
-GITEA__security__REVERSE_PROXY_TRUSTED_PROXIES={{ gitea_vars.security.reverse_proxy_trusted_proxies }}
-{% endif %}
-{% if 'disable_git_hooks' in gitea_vars['security'] %}
-GITEA__security__DISABLE_GIT_HOOKS={{ gitea_vars.security.disable_git_hooks }}
-{% endif %}
-{% if 'disable_webhooks' in gitea_vars['security'] %}
-GITEA__security__DISABLE_WEBHOOKS={{ gitea_vars.security.disable_webhooks }}
-{% endif %}
-{% if 'only_allow_push_if_gitea_environment_set' in gitea_vars['security'] %}
-GITEA__security__ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET={{ gitea_vars.security.only_allow_push_if_gitea_environment_set }}
-{% endif %}
-{% if 'import_local_paths' in gitea_vars['security'] %}
-GITEA__security__IMPORT_LOCAL_PATHS={{ gitea_vars.security.import_local_paths }}
-{% endif %}
-{% if 'internal_token' in gitea_vars['security'] %}
-GITEA__security__INTERNAL_TOKEN={{ gitea_vars.security.internal_token }}
-{% endif %}
-{% if 'internal_token_uri' in gitea_vars['security'] %}
-GITEA__security__INTERNAL_TOKEN_URI={{ gitea_vars.security.internal_token_uri }}
-{% endif %}
-{% if 'password_hash_algo' in gitea_vars['security'] %}
-GITEA__security__PASSWORD_HASH_ALGO={{ gitea_vars.security.password_hash_algo }}
-{% endif %}
-{% if 'csrf_cookie_http_only' in gitea_vars['security'] %}
-GITEA__security__CSRF_COOKIE_HTTP_ONLY={{ gitea_vars.security.csrf_cookie_http_only }}
-{% endif %}
-{% if 'min_password_length' in gitea_vars['security'] %}
-GITEA__security__MIN_PASSWORD_LENGTH={{ gitea_vars.security.min_password_length }}
-{% endif %}
-{% if 'password_complexity' in gitea_vars['security'] %}
-GITEA__security__ABC={{ gitea_vars.security.abc }}
-{% endif %}
-{% if 'password_check_pwn' in gitea_vars['security'] %}
-GITEA__security__PASSWORD_CHECK_PWN={{ gitea_vars.security.password_check_pwn }}
-{% endif %}
-{% if 'successful_tokens_cache_size' in gitea_vars['security'] %}
-GITEA__security__successful_TOKENS_CACHE_SIZE={{ gitea_vars.security.successful_tokens_cache_size }}
-{% endif %}
-{% endif %} {# /security #}
-
-{% if 'actions' in gitea_vars %}
-{% if 'enabled' in gitea_vars['actions'] %}
-GITEA__actions__ENABLED={{ gitea_vars.actions.enabled }}
-{% endif %}
-{% if 'default_actions_url' in gitea_vars['actions'] %}
-GITEA__actions__DEFAULT_ACTIONS_URL={{ gitea_vars.actions.default_actions_url }}
-{% endif %}
-{% endif %} {# /actions #}
+{% endif %} {# /ssh #}