Compare commits
51 Commits
ansible-li
...
main
Author | SHA1 | Date | |
---|---|---|---|
ab52152834 | |||
115ab7e840 | |||
|
14da8cd5a1 | ||
|
50e6c10349 | ||
|
c28214c517 | ||
306d2eebbe | |||
|
b0da3ff4a7 | ||
|
529749ed14 | ||
|
d03e1142f2 | ||
|
fbc2a17011 | ||
|
c39d29c03f | ||
d7fe8eb263 | |||
|
d2e25188cc | ||
|
16c3c592c0 | ||
|
fa915065f5 | ||
|
bbc480fec2 | ||
|
3da637c178 | ||
|
2bca413df1 | ||
|
1e33c1d339 | ||
|
d37cc02ecf | ||
|
d4b9261f24 | ||
|
e8545cd4e7 | ||
|
18c18c112b | ||
|
9451bdb478 | ||
|
b1789e15d6 | ||
|
a20c7b188d | ||
cf59550120 | |||
32ac3f842a | |||
a451843b85 | |||
283d63a37a | |||
b5986b9592 | |||
657b771790 | |||
4857f2d5b9 | |||
d32e4f3608 | |||
1025b8f076 | |||
4f1c51475c | |||
d8a29adb56 | |||
124456ae07 | |||
130a53ed58 | |||
0f9d5f53c4 | |||
f9d1e42513 | |||
e8e05f8391 | |||
6817fe0ff9 | |||
c391a07485 | |||
d0258a3fc2 | |||
f83e0044b7 | |||
e4d723ed30 | |||
b52f8767f6 | |||
d64c96576c | |||
6d90fe0510 | |||
b2424e95b4 |
6
.ansible-lint
Normal file
6
.ansible-lint
Normal file
@ -0,0 +1,6 @@
|
||||
offline: false
|
||||
|
||||
warn_list:
|
||||
- yaml[line-length]
|
||||
- yaml[empty-lines]
|
||||
- yaml[new-line-at-end-of-file]
|
@ -1,6 +0,0 @@
|
||||
|
||||
# In den hier aufgelisteten Dateien sollen die dahinter stehenden
|
||||
# Warnungen und Fehler von ansible-lint ignoriert werden.
|
||||
|
||||
tasks/main.yaml no-handler # Der Restart / Recreate Gitea Task ist gut dort, wo er ist
|
||||
tasks/main.yaml name[template] # Es braucht zwei Templates, um den FQDN zusammenzusetzen.
|
@ -1,5 +1,5 @@
|
||||
name: ansible-lint
|
||||
on: [push, pull_request]
|
||||
on: [push, pull_request] # yamllint disable-line rule:truthy
|
||||
|
||||
jobs:
|
||||
build:
|
||||
@ -14,7 +14,7 @@ jobs:
|
||||
|
||||
- name: Run ansible-lint
|
||||
# replace `main` with any valid ref, or tags like `v6`
|
||||
uses: https://github.com/ansible/ansible-lint-action@main
|
||||
uses: https://github.com/ansible/ansible-lint-action@v6
|
||||
# optional:
|
||||
# with:
|
||||
# path: "playbooks/" # <-- only one value is allowed
|
||||
# path: "playbooks/" # <-- only one value is allowed
|
||||
|
29
handlers/backup.yaml
Normal file
29
handlers/backup.yaml
Normal file
@ -0,0 +1,29 @@
|
||||
- name: Get stats of docker-compose.yaml
|
||||
ansible.builtin.stat:
|
||||
path: /opt/gitea/docker-compose.yaml
|
||||
register: docker_compose_stat
|
||||
listen:
|
||||
- Backup Gitea
|
||||
|
||||
- name: Stop Gitea for backup
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: /opt/gitea
|
||||
state: stopped
|
||||
register: docker_compose
|
||||
listen:
|
||||
- Backup Gitea
|
||||
notify:
|
||||
- Ensure Gitea is running
|
||||
when: docker_compose_stat.stat.exists is defined and docker_compose_stat.stat.exists
|
||||
|
||||
- name: Backup Gitea directory
|
||||
community.general.archive:
|
||||
path: "{{ gitea_vars.base_path }}/"
|
||||
dest: "/var/backups/gitea-{{ gitea.hostname }}.{{ gitea.domain }}@{{ lookup('pipe', 'date -u +%Y-%m-%dT%H:%M:%SZ') }}.tar.gz"
|
||||
force_archive: true
|
||||
format: gz
|
||||
owner: root
|
||||
mode: "400"
|
||||
listen:
|
||||
- Backup Gitea
|
||||
register: backup
|
37
handlers/main.yaml
Normal file
37
handlers/main.yaml
Normal file
@ -0,0 +1,37 @@
|
||||
- name: Import backup handler
|
||||
ansible.builtin.import_tasks:
|
||||
file: backup.yaml
|
||||
|
||||
- name: Ensure Docker images are up to date
|
||||
community.docker.docker_compose_v2_pull:
|
||||
project_src: /opt/gitea
|
||||
|
||||
- name: Ensure Gitea is restarted
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: /opt/gitea
|
||||
state: restarted
|
||||
recreate: always
|
||||
register: docker_compose
|
||||
|
||||
- name: Ensure Gitea is running
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: /opt/gitea
|
||||
register: docker_compose
|
||||
|
||||
- name: Get Gitea HTTP response
|
||||
ansible.builtin.uri:
|
||||
url: "https://{{ gitea.hostname }}.{{ gitea.domain }}"
|
||||
register: gitea_http_response
|
||||
failed_when: 400 <= gitea_http_response.status < 500
|
||||
|
||||
- name: Wait until Gitea is up
|
||||
ansible.builtin.uri:
|
||||
url: "https://{{ gitea.hostname }}.{{ gitea.domain }}"
|
||||
register: gitea_http_response
|
||||
until: gitea_http_response.status == 200
|
||||
retries: 30
|
||||
delay: 2
|
||||
|
||||
- name: Output docker compose state
|
||||
ansible.builtin.debug:
|
||||
var: docker_compose
|
8
requirements.yml
Normal file
8
requirements.yml
Normal file
@ -0,0 +1,8 @@
|
||||
# actions/run-ansible-lint forces me to name this file .yml instead of .yaml :(
|
||||
|
||||
collections:
|
||||
- name: community.docker
|
||||
source: https://galaxy.ansible.com
|
||||
|
||||
- name: community.general
|
||||
source: https://galaxy.ansible.com
|
144
tasks/main.yaml
144
tasks/main.yaml
@ -5,114 +5,86 @@
|
||||
# - docker.io
|
||||
# - python3-docker
|
||||
|
||||
- name: Create git USER
|
||||
- name: Ensure git user exists
|
||||
ansible.builtin.user:
|
||||
name: git
|
||||
register: git_user
|
||||
|
||||
- name: Create Gitea
|
||||
- name: Ensure Gitea directories exist
|
||||
ansible.builtin.file:
|
||||
path: "/opt/gitea"
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: root
|
||||
mode: "755"
|
||||
with_items: ["/opt/gitea", "{{ gitea_vars.base_path }}"]
|
||||
|
||||
- name: Create Data Directory
|
||||
- name: Ensure data and config directories exist
|
||||
ansible.builtin.file:
|
||||
path: "/opt/gitea/data"
|
||||
path: "{{ gitea_vars.base_path }}/{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ git_user.uid }}"
|
||||
group: "{{ git_user.group }}"
|
||||
mode: "700"
|
||||
with_items: ["data", "config"]
|
||||
|
||||
- name: Create Config Directory
|
||||
ansible.builtin.file:
|
||||
path: "/opt/gitea/config"
|
||||
state: directory
|
||||
owner: "{{ git_user.uid }}"
|
||||
group: "{{ git_user.group }}"
|
||||
mode: "700"
|
||||
|
||||
- name: Start Docker Daemon
|
||||
- name: Ensure docker daemon is started
|
||||
ansible.builtin.systemd:
|
||||
name: docker
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
- name: Backup Files
|
||||
block:
|
||||
- name: Stop Gitea for Backup
|
||||
community.docker.docker_compose:
|
||||
project_src: /opt/gitea
|
||||
state: present
|
||||
stopped: true
|
||||
- name: Ensure old backups will get deleted
|
||||
ansible.builtin.cron:
|
||||
name: gitea backup cleanup
|
||||
minute: "0"
|
||||
hour: "8"
|
||||
user: root
|
||||
job: find /var/backups -path '/var/backups/gitea-*' -mtime +7 -type f -exec rm {} +
|
||||
cron_file: gitea-backup-cleanup
|
||||
|
||||
- name: Backup Gitea Directory
|
||||
ansible.builtin.copy:
|
||||
src: /opt/gitea
|
||||
dest: "/opt/gitea.backup@{{ ansible_date_time.iso8601 }}"
|
||||
mode: "700"
|
||||
remote_src: true
|
||||
directory_mode: true
|
||||
register: backup
|
||||
- name: Check if environment.env will get changed
|
||||
ansible.builtin.template:
|
||||
src: environment.env.j2
|
||||
dest: "/opt/gitea/environment.env"
|
||||
owner: root
|
||||
mode: "600"
|
||||
register: env_diff
|
||||
check_mode: true
|
||||
notify:
|
||||
- Backup Gitea
|
||||
|
||||
- name: Apply Changes
|
||||
block:
|
||||
- name: Upload Environment File
|
||||
ansible.builtin.template:
|
||||
src: environment.env.j2
|
||||
dest: "/opt/gitea/environment.env"
|
||||
owner: root
|
||||
mode: "600"
|
||||
register: gitea_env
|
||||
- name: Check if docker-compose.yaml will get changed
|
||||
ansible.builtin.template:
|
||||
src: docker-compose.yaml.j2
|
||||
dest: /opt/gitea/docker-compose.yaml
|
||||
owner: root
|
||||
mode: "600"
|
||||
register: docker_compose_diff
|
||||
check_mode: true
|
||||
notify:
|
||||
- Backup Gitea
|
||||
|
||||
- name: Upload docker-compose.yaml
|
||||
ansible.builtin.template:
|
||||
src: docker-compose.yaml.j2
|
||||
dest: /opt/gitea/docker-compose.yaml
|
||||
owner: root
|
||||
mode: "600"
|
||||
register: gitea_container
|
||||
- name: Execute handlers before changing configfiles
|
||||
ansible.builtin.meta: flush_handlers
|
||||
|
||||
- name: Create / Recreate Gitea
|
||||
community.docker.docker_compose:
|
||||
project_src: /opt/gitea
|
||||
state: present
|
||||
restarted: true
|
||||
when: gitea_env.changed or gitea_container.changed
|
||||
- name: Upload environment.env
|
||||
ansible.builtin.template:
|
||||
src: environment.env.j2
|
||||
dest: "/opt/gitea/environment.env"
|
||||
owner: root
|
||||
mode: "600"
|
||||
notify:
|
||||
- Ensure Gitea is restarted
|
||||
- Wait until Gitea is up
|
||||
|
||||
- name: Check if {{ gitea.hostname }}.{{ gitea.domain }} is available and returning status 200
|
||||
ansible.builtin.uri:
|
||||
url: "https://{{ gitea.hostname }}.{{ gitea.domain }}"
|
||||
register: _result
|
||||
until: _result.status == 200
|
||||
retries: 30
|
||||
delay: 2
|
||||
|
||||
rescue:
|
||||
- name: Stop Gitea for Backup
|
||||
community.docker.docker_compose:
|
||||
project_src: /opt/gitea
|
||||
state: present
|
||||
stopped: true
|
||||
|
||||
- name: Restore Gitea Directory from Backup
|
||||
ansible.builtin.copy:
|
||||
src: "{{ backup.dest }}"
|
||||
dest: "{{ backup.src }}"
|
||||
remote_src: true
|
||||
mode: "700"
|
||||
|
||||
- name: Create / Recreate Gitea
|
||||
community.docker.docker_compose:
|
||||
project_src: /opt/gitea
|
||||
state: present
|
||||
restarted: true
|
||||
always:
|
||||
- name: Check if {{ gitea.hostname }}.{{ gitea.domain }} is available and returning status 200
|
||||
ansible.builtin.uri:
|
||||
url: "https://{{ gitea.hostname }}.{{ gitea.domain }}"
|
||||
register: _result
|
||||
until: _result.status == 200
|
||||
retries: 30
|
||||
delay: 2
|
||||
- name: Upload docker-compose.yaml
|
||||
ansible.builtin.template:
|
||||
src: docker-compose.yaml.j2
|
||||
dest: /opt/gitea/docker-compose.yaml
|
||||
owner: root
|
||||
mode: "600"
|
||||
notify:
|
||||
- Ensure Docker images are up to date
|
||||
- Output docker compose state
|
||||
- Ensure Gitea is restarted
|
||||
- Wait until Gitea is up
|
||||
|
@ -4,8 +4,6 @@
|
||||
# -- Diese Datei wird via Ansible verwaltet und automatisch überschrieben!
|
||||
# https://azubi-gitea.int.sernet.de/mmeyer/ansible-role-gitea/src/branch/main/templates/docker-compose.yaml.j2
|
||||
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
gitea:
|
||||
external: false
|
||||
@ -13,10 +11,10 @@ networks:
|
||||
services:
|
||||
gitea:
|
||||
image: gitea/gitea:{{ gitea_vars['version'] }}-rootless
|
||||
restart: always
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./data:/var/lib/gitea
|
||||
- ./config:/etc/gitea
|
||||
- {{ gitea_vars.base_path }}/data:/var/lib/gitea
|
||||
- {{ gitea_vars.base_path }}/config:/etc/gitea
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
@ -31,7 +29,7 @@ services:
|
||||
|
||||
db:
|
||||
image: "{{ gitea_vars['database']['db_type'] }}:{{ gitea_vars['database']['docker_image_tag'] }}"
|
||||
restart: always
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- "MYSQL_DATABASE={{ gitea_vars.database.name }}"
|
||||
- "MYSQL_USER={{ gitea_vars.database.user }}"
|
||||
@ -40,5 +38,6 @@ services:
|
||||
networks:
|
||||
- gitea
|
||||
volumes:
|
||||
- ./mysql:/var/lib/mysql
|
||||
|
||||
- {{ gitea_vars.base_path }}/mysql:/var/lib/mysql
|
||||
cap_add:
|
||||
- SYS_NICE
|
||||
|
@ -47,9 +47,6 @@ GITEA__database__SQLITE_JOURNAL_MODE={{ gitea_vars.database.sqlite_journal_mode
|
||||
{% if 'iterate_buffer_size' in gitea_vars['database'] %}
|
||||
GITEA__database__ITERATE_BUFFER_SIZE={{ gitea_vars.database.iterate_buffer_size }}
|
||||
{% endif %}
|
||||
{% if 'charset' in gitea_vars['database'] %}
|
||||
GITEA__database__CHARSET={{ gitea_vars.database.charset }}
|
||||
{% endif %}
|
||||
{% if 'path' in gitea_vars['database'] %}
|
||||
GITEA__database__PATH={{ gitea_vars.database.path }}
|
||||
{% endif %}
|
||||
@ -93,7 +90,7 @@ GITEA__service__ENABLE_NOTIFY_MAIL={{ gitea_vars.service.enable_notify_mail }}
|
||||
GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE={{ gitea_vars.service.default_keep_email_private }}
|
||||
{% endif %}
|
||||
{% if 'default_allow_create_organization' in gitea_vars['service'] %}
|
||||
GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION ={{ gitea_vars.service.default_allow_create_organization }}
|
||||
GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION={{ gitea_vars.service.default_allow_create_organization }}
|
||||
{% endif %}
|
||||
{% if 'default_enable_timetracking' in gitea_vars['service'] %}
|
||||
GITEA__service__DEFAULT_ENABLE_TIMETRACKING={{ gitea_vars.service.default_enable_timetracking }}
|
||||
@ -187,7 +184,7 @@ GITEA__attachment__MINIO_BASE_PATH={{ gitea_vars.attachment.minio_base_path }}
|
||||
GITEA__attachment__MINIO_USE_SSL={{ gitea_vars.attachment.minio_use_ssl }}
|
||||
{% endif %}
|
||||
{% endif %} {# /attachment #}
|
||||
|
||||
{# Disabled logging for now
|
||||
{% if 'log' in gitea_vars %}
|
||||
{% if 'root_path' in gitea_vars['log'] %}
|
||||
GITEA__log__ROOT_PATH={{ gitea_vars.log.root_path }}
|
||||
@ -208,7 +205,7 @@ GITEA__log__ENABLE_log_LOG={{ gitea_vars.log.enable_log_log }}
|
||||
GITEA__log__ENABLE_XORM_LOG={{ gitea_vars.log.enable_xorm_log }}
|
||||
{% endif %}
|
||||
{% endif %} {# /logging#}
|
||||
|
||||
#}
|
||||
{% if 'ssh' in gitea_vars %}
|
||||
{% if 'minimum_key_sizes' in gitea_vars['ssh'] %}
|
||||
{% if 'ed25519' in gitea_vars['ssh']['minimum_key_sizes'] %}
|
||||
@ -305,3 +302,18 @@ GITEA__actions__ENABLED={{ gitea_vars.actions.enabled }}
|
||||
GITEA__actions__DEFAULT_ACTIONS_URL={{ gitea_vars.actions.default_actions_url }}
|
||||
{% endif %}
|
||||
{% endif %} {# /actions #}
|
||||
|
||||
{% if 'metrics' in gitea_vars %}
|
||||
{% if 'enabled' in gitea_vars['metrics'] %}
|
||||
GITEA__metrics__ENABLED={{ gitea_vars.metrics.enabled }}
|
||||
{% endif %}
|
||||
{% if 'enabled_issue_by_label' in gitea_vars['metrics'] %}
|
||||
GITEA__metrics__ENABLED_ISSUE_BY_LABEL={{ gitea_vars.metrics.enabled_issue_by_label }}
|
||||
{% endif %}
|
||||
{% if 'enabled_issue_by_repository' in gitea_vars['metrics'] %}
|
||||
GITEA__metrics__ENABLED_ISSUE_BY_REPOSITORY={{ gitea_vars.metrics.enabled_issue_by_repository }}
|
||||
{% endif %}
|
||||
{% if 'token' in gitea_vars['metrics'] %}
|
||||
GITEA__metrics__TOKEN={{ gitea_vars.metrics.token }}
|
||||
{% endif %}
|
||||
{% endif %} {# /actions #}
|
||||
|
Loading…
Reference in New Issue
Block a user