Compare commits
51 Commits
ansible-li
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| ab52152834 | |||
| 115ab7e840 | |||
|
14da8cd5a1 | ||
|
|
50e6c10349 | ||
|
|
c28214c517 | ||
| 306d2eebbe | |||
|
|
b0da3ff4a7 | ||
|
|
529749ed14 | ||
|
|
d03e1142f2 | ||
|
|
fbc2a17011 | ||
|
|
c39d29c03f | ||
| d7fe8eb263 | |||
|
|
d2e25188cc | ||
|
|
16c3c592c0 | ||
|
|
fa915065f5 | ||
|
|
bbc480fec2 | ||
|
|
3da637c178 | ||
|
|
2bca413df1 | ||
|
|
1e33c1d339 | ||
|
|
d37cc02ecf | ||
|
|
d4b9261f24 | ||
|
|
e8545cd4e7 | ||
|
|
18c18c112b | ||
|
|
9451bdb478 | ||
|
|
b1789e15d6 | ||
|
|
a20c7b188d | ||
| cf59550120 | |||
| 32ac3f842a | |||
| a451843b85 | |||
| 283d63a37a | |||
| b5986b9592 | |||
| 657b771790 | |||
| 4857f2d5b9 | |||
| d32e4f3608 | |||
| 1025b8f076 | |||
| 4f1c51475c | |||
| d8a29adb56 | |||
| 124456ae07 | |||
| 130a53ed58 | |||
| 0f9d5f53c4 | |||
| f9d1e42513 | |||
| e8e05f8391 | |||
| 6817fe0ff9 | |||
| c391a07485 | |||
| d0258a3fc2 | |||
| f83e0044b7 | |||
| e4d723ed30 | |||
| b52f8767f6 | |||
| d64c96576c | |||
| 6d90fe0510 | |||
| b2424e95b4 |
6
.ansible-lint
Normal file
6
.ansible-lint
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
offline: false
|
||||||
|
|
||||||
|
warn_list:
|
||||||
|
- yaml[line-length]
|
||||||
|
- yaml[empty-lines]
|
||||||
|
- yaml[new-line-at-end-of-file]
|
||||||
@ -1,6 +0,0 @@
|
|||||||
|
|
||||||
# In den hier aufgelisteten Dateien sollen die dahinter stehenden
|
|
||||||
# Warnungen und Fehler von ansible-lint ignoriert werden.
|
|
||||||
|
|
||||||
tasks/main.yaml no-handler # Der Restart / Recreate Gitea Task ist gut dort, wo er ist
|
|
||||||
tasks/main.yaml name[template] # Es braucht zwei Templates, um den FQDN zusammenzusetzen.
|
|
||||||
@ -1,5 +1,5 @@
|
|||||||
name: ansible-lint
|
name: ansible-lint
|
||||||
on: [push, pull_request]
|
on: [push, pull_request] # yamllint disable-line rule:truthy
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
@ -14,7 +14,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Run ansible-lint
|
- name: Run ansible-lint
|
||||||
# replace `main` with any valid ref, or tags like `v6`
|
# replace `main` with any valid ref, or tags like `v6`
|
||||||
uses: https://github.com/ansible/ansible-lint-action@main
|
uses: https://github.com/ansible/ansible-lint-action@v6
|
||||||
# optional:
|
# optional:
|
||||||
# with:
|
# with:
|
||||||
# path: "playbooks/" # <-- only one value is allowed
|
# path: "playbooks/" # <-- only one value is allowed
|
||||||
|
|||||||
29
handlers/backup.yaml
Normal file
29
handlers/backup.yaml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
- name: Get stats of docker-compose.yaml
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: /opt/gitea/docker-compose.yaml
|
||||||
|
register: docker_compose_stat
|
||||||
|
listen:
|
||||||
|
- Backup Gitea
|
||||||
|
|
||||||
|
- name: Stop Gitea for backup
|
||||||
|
community.docker.docker_compose_v2:
|
||||||
|
project_src: /opt/gitea
|
||||||
|
state: stopped
|
||||||
|
register: docker_compose
|
||||||
|
listen:
|
||||||
|
- Backup Gitea
|
||||||
|
notify:
|
||||||
|
- Ensure Gitea is running
|
||||||
|
when: docker_compose_stat.stat.exists is defined and docker_compose_stat.stat.exists
|
||||||
|
|
||||||
|
- name: Backup Gitea directory
|
||||||
|
community.general.archive:
|
||||||
|
path: "{{ gitea_vars.base_path }}/"
|
||||||
|
dest: "/var/backups/gitea-{{ gitea.hostname }}.{{ gitea.domain }}@{{ lookup('pipe', 'date -u +%Y-%m-%dT%H:%M:%SZ') }}.tar.gz"
|
||||||
|
force_archive: true
|
||||||
|
format: gz
|
||||||
|
owner: root
|
||||||
|
mode: "400"
|
||||||
|
listen:
|
||||||
|
- Backup Gitea
|
||||||
|
register: backup
|
||||||
37
handlers/main.yaml
Normal file
37
handlers/main.yaml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
- name: Import backup handler
|
||||||
|
ansible.builtin.import_tasks:
|
||||||
|
file: backup.yaml
|
||||||
|
|
||||||
|
- name: Ensure Docker images are up to date
|
||||||
|
community.docker.docker_compose_v2_pull:
|
||||||
|
project_src: /opt/gitea
|
||||||
|
|
||||||
|
- name: Ensure Gitea is restarted
|
||||||
|
community.docker.docker_compose_v2:
|
||||||
|
project_src: /opt/gitea
|
||||||
|
state: restarted
|
||||||
|
recreate: always
|
||||||
|
register: docker_compose
|
||||||
|
|
||||||
|
- name: Ensure Gitea is running
|
||||||
|
community.docker.docker_compose_v2:
|
||||||
|
project_src: /opt/gitea
|
||||||
|
register: docker_compose
|
||||||
|
|
||||||
|
- name: Get Gitea HTTP response
|
||||||
|
ansible.builtin.uri:
|
||||||
|
url: "https://{{ gitea.hostname }}.{{ gitea.domain }}"
|
||||||
|
register: gitea_http_response
|
||||||
|
failed_when: 400 <= gitea_http_response.status < 500
|
||||||
|
|
||||||
|
- name: Wait until Gitea is up
|
||||||
|
ansible.builtin.uri:
|
||||||
|
url: "https://{{ gitea.hostname }}.{{ gitea.domain }}"
|
||||||
|
register: gitea_http_response
|
||||||
|
until: gitea_http_response.status == 200
|
||||||
|
retries: 30
|
||||||
|
delay: 2
|
||||||
|
|
||||||
|
- name: Output docker compose state
|
||||||
|
ansible.builtin.debug:
|
||||||
|
var: docker_compose
|
||||||
8
requirements.yml
Normal file
8
requirements.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# actions/run-ansible-lint forces me to name this file .yml instead of .yaml :(
|
||||||
|
|
||||||
|
collections:
|
||||||
|
- name: community.docker
|
||||||
|
source: https://galaxy.ansible.com
|
||||||
|
|
||||||
|
- name: community.general
|
||||||
|
source: https://galaxy.ansible.com
|
||||||
144
tasks/main.yaml
144
tasks/main.yaml
@ -5,114 +5,86 @@
|
|||||||
# - docker.io
|
# - docker.io
|
||||||
# - python3-docker
|
# - python3-docker
|
||||||
|
|
||||||
- name: Create git USER
|
- name: Ensure git user exists
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: git
|
name: git
|
||||||
register: git_user
|
register: git_user
|
||||||
|
|
||||||
- name: Create Gitea
|
- name: Ensure Gitea directories exist
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "/opt/gitea"
|
path: "{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
mode: "755"
|
mode: "755"
|
||||||
|
with_items: ["/opt/gitea", "{{ gitea_vars.base_path }}"]
|
||||||
|
|
||||||
- name: Create Data Directory
|
- name: Ensure data and config directories exist
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "/opt/gitea/data"
|
path: "{{ gitea_vars.base_path }}/{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ git_user.uid }}"
|
owner: "{{ git_user.uid }}"
|
||||||
group: "{{ git_user.group }}"
|
group: "{{ git_user.group }}"
|
||||||
mode: "700"
|
mode: "700"
|
||||||
|
with_items: ["data", "config"]
|
||||||
|
|
||||||
- name: Create Config Directory
|
- name: Ensure docker daemon is started
|
||||||
ansible.builtin.file:
|
|
||||||
path: "/opt/gitea/config"
|
|
||||||
state: directory
|
|
||||||
owner: "{{ git_user.uid }}"
|
|
||||||
group: "{{ git_user.group }}"
|
|
||||||
mode: "700"
|
|
||||||
|
|
||||||
- name: Start Docker Daemon
|
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
name: docker
|
name: docker
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
|
|
||||||
- name: Backup Files
|
- name: Ensure old backups will get deleted
|
||||||
block:
|
ansible.builtin.cron:
|
||||||
- name: Stop Gitea for Backup
|
name: gitea backup cleanup
|
||||||
community.docker.docker_compose:
|
minute: "0"
|
||||||
project_src: /opt/gitea
|
hour: "8"
|
||||||
state: present
|
user: root
|
||||||
stopped: true
|
job: find /var/backups -path '/var/backups/gitea-*' -mtime +7 -type f -exec rm {} +
|
||||||
|
cron_file: gitea-backup-cleanup
|
||||||
|
|
||||||
- name: Backup Gitea Directory
|
- name: Check if environment.env will get changed
|
||||||
ansible.builtin.copy:
|
ansible.builtin.template:
|
||||||
src: /opt/gitea
|
src: environment.env.j2
|
||||||
dest: "/opt/gitea.backup@{{ ansible_date_time.iso8601 }}"
|
dest: "/opt/gitea/environment.env"
|
||||||
mode: "700"
|
owner: root
|
||||||
remote_src: true
|
mode: "600"
|
||||||
directory_mode: true
|
register: env_diff
|
||||||
register: backup
|
check_mode: true
|
||||||
|
notify:
|
||||||
|
- Backup Gitea
|
||||||
|
|
||||||
- name: Apply Changes
|
- name: Check if docker-compose.yaml will get changed
|
||||||
block:
|
ansible.builtin.template:
|
||||||
- name: Upload Environment File
|
src: docker-compose.yaml.j2
|
||||||
ansible.builtin.template:
|
dest: /opt/gitea/docker-compose.yaml
|
||||||
src: environment.env.j2
|
owner: root
|
||||||
dest: "/opt/gitea/environment.env"
|
mode: "600"
|
||||||
owner: root
|
register: docker_compose_diff
|
||||||
mode: "600"
|
check_mode: true
|
||||||
register: gitea_env
|
notify:
|
||||||
|
- Backup Gitea
|
||||||
|
|
||||||
- name: Upload docker-compose.yaml
|
- name: Execute handlers before changing configfiles
|
||||||
ansible.builtin.template:
|
ansible.builtin.meta: flush_handlers
|
||||||
src: docker-compose.yaml.j2
|
|
||||||
dest: /opt/gitea/docker-compose.yaml
|
|
||||||
owner: root
|
|
||||||
mode: "600"
|
|
||||||
register: gitea_container
|
|
||||||
|
|
||||||
- name: Create / Recreate Gitea
|
- name: Upload environment.env
|
||||||
community.docker.docker_compose:
|
ansible.builtin.template:
|
||||||
project_src: /opt/gitea
|
src: environment.env.j2
|
||||||
state: present
|
dest: "/opt/gitea/environment.env"
|
||||||
restarted: true
|
owner: root
|
||||||
when: gitea_env.changed or gitea_container.changed
|
mode: "600"
|
||||||
|
notify:
|
||||||
|
- Ensure Gitea is restarted
|
||||||
|
- Wait until Gitea is up
|
||||||
|
|
||||||
- name: Check if {{ gitea.hostname }}.{{ gitea.domain }} is available and returning status 200
|
- name: Upload docker-compose.yaml
|
||||||
ansible.builtin.uri:
|
ansible.builtin.template:
|
||||||
url: "https://{{ gitea.hostname }}.{{ gitea.domain }}"
|
src: docker-compose.yaml.j2
|
||||||
register: _result
|
dest: /opt/gitea/docker-compose.yaml
|
||||||
until: _result.status == 200
|
owner: root
|
||||||
retries: 30
|
mode: "600"
|
||||||
delay: 2
|
notify:
|
||||||
|
- Ensure Docker images are up to date
|
||||||
rescue:
|
- Output docker compose state
|
||||||
- name: Stop Gitea for Backup
|
- Ensure Gitea is restarted
|
||||||
community.docker.docker_compose:
|
- Wait until Gitea is up
|
||||||
project_src: /opt/gitea
|
|
||||||
state: present
|
|
||||||
stopped: true
|
|
||||||
|
|
||||||
- name: Restore Gitea Directory from Backup
|
|
||||||
ansible.builtin.copy:
|
|
||||||
src: "{{ backup.dest }}"
|
|
||||||
dest: "{{ backup.src }}"
|
|
||||||
remote_src: true
|
|
||||||
mode: "700"
|
|
||||||
|
|
||||||
- name: Create / Recreate Gitea
|
|
||||||
community.docker.docker_compose:
|
|
||||||
project_src: /opt/gitea
|
|
||||||
state: present
|
|
||||||
restarted: true
|
|
||||||
always:
|
|
||||||
- name: Check if {{ gitea.hostname }}.{{ gitea.domain }} is available and returning status 200
|
|
||||||
ansible.builtin.uri:
|
|
||||||
url: "https://{{ gitea.hostname }}.{{ gitea.domain }}"
|
|
||||||
register: _result
|
|
||||||
until: _result.status == 200
|
|
||||||
retries: 30
|
|
||||||
delay: 2
|
|
||||||
|
|||||||
@ -4,8 +4,6 @@
|
|||||||
# -- Diese Datei wird via Ansible verwaltet und automatisch überschrieben!
|
# -- Diese Datei wird via Ansible verwaltet und automatisch überschrieben!
|
||||||
# https://azubi-gitea.int.sernet.de/mmeyer/ansible-role-gitea/src/branch/main/templates/docker-compose.yaml.j2
|
# https://azubi-gitea.int.sernet.de/mmeyer/ansible-role-gitea/src/branch/main/templates/docker-compose.yaml.j2
|
||||||
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
gitea:
|
gitea:
|
||||||
external: false
|
external: false
|
||||||
@ -13,10 +11,10 @@ networks:
|
|||||||
services:
|
services:
|
||||||
gitea:
|
gitea:
|
||||||
image: gitea/gitea:{{ gitea_vars['version'] }}-rootless
|
image: gitea/gitea:{{ gitea_vars['version'] }}-rootless
|
||||||
restart: always
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./data:/var/lib/gitea
|
- {{ gitea_vars.base_path }}/data:/var/lib/gitea
|
||||||
- ./config:/etc/gitea
|
- {{ gitea_vars.base_path }}/config:/etc/gitea
|
||||||
- /etc/timezone:/etc/timezone:ro
|
- /etc/timezone:/etc/timezone:ro
|
||||||
- /etc/localtime:/etc/localtime:ro
|
- /etc/localtime:/etc/localtime:ro
|
||||||
ports:
|
ports:
|
||||||
@ -31,7 +29,7 @@ services:
|
|||||||
|
|
||||||
db:
|
db:
|
||||||
image: "{{ gitea_vars['database']['db_type'] }}:{{ gitea_vars['database']['docker_image_tag'] }}"
|
image: "{{ gitea_vars['database']['db_type'] }}:{{ gitea_vars['database']['docker_image_tag'] }}"
|
||||||
restart: always
|
restart: unless-stopped
|
||||||
environment:
|
environment:
|
||||||
- "MYSQL_DATABASE={{ gitea_vars.database.name }}"
|
- "MYSQL_DATABASE={{ gitea_vars.database.name }}"
|
||||||
- "MYSQL_USER={{ gitea_vars.database.user }}"
|
- "MYSQL_USER={{ gitea_vars.database.user }}"
|
||||||
@ -40,5 +38,6 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- gitea
|
- gitea
|
||||||
volumes:
|
volumes:
|
||||||
- ./mysql:/var/lib/mysql
|
- {{ gitea_vars.base_path }}/mysql:/var/lib/mysql
|
||||||
|
cap_add:
|
||||||
|
- SYS_NICE
|
||||||
|
|||||||
@ -47,9 +47,6 @@ GITEA__database__SQLITE_JOURNAL_MODE={{ gitea_vars.database.sqlite_journal_mode
|
|||||||
{% if 'iterate_buffer_size' in gitea_vars['database'] %}
|
{% if 'iterate_buffer_size' in gitea_vars['database'] %}
|
||||||
GITEA__database__ITERATE_BUFFER_SIZE={{ gitea_vars.database.iterate_buffer_size }}
|
GITEA__database__ITERATE_BUFFER_SIZE={{ gitea_vars.database.iterate_buffer_size }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if 'charset' in gitea_vars['database'] %}
|
|
||||||
GITEA__database__CHARSET={{ gitea_vars.database.charset }}
|
|
||||||
{% endif %}
|
|
||||||
{% if 'path' in gitea_vars['database'] %}
|
{% if 'path' in gitea_vars['database'] %}
|
||||||
GITEA__database__PATH={{ gitea_vars.database.path }}
|
GITEA__database__PATH={{ gitea_vars.database.path }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@ -93,7 +90,7 @@ GITEA__service__ENABLE_NOTIFY_MAIL={{ gitea_vars.service.enable_notify_mail }}
|
|||||||
GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE={{ gitea_vars.service.default_keep_email_private }}
|
GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE={{ gitea_vars.service.default_keep_email_private }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if 'default_allow_create_organization' in gitea_vars['service'] %}
|
{% if 'default_allow_create_organization' in gitea_vars['service'] %}
|
||||||
GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION ={{ gitea_vars.service.default_allow_create_organization }}
|
GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION={{ gitea_vars.service.default_allow_create_organization }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if 'default_enable_timetracking' in gitea_vars['service'] %}
|
{% if 'default_enable_timetracking' in gitea_vars['service'] %}
|
||||||
GITEA__service__DEFAULT_ENABLE_TIMETRACKING={{ gitea_vars.service.default_enable_timetracking }}
|
GITEA__service__DEFAULT_ENABLE_TIMETRACKING={{ gitea_vars.service.default_enable_timetracking }}
|
||||||
@ -187,7 +184,7 @@ GITEA__attachment__MINIO_BASE_PATH={{ gitea_vars.attachment.minio_base_path }}
|
|||||||
GITEA__attachment__MINIO_USE_SSL={{ gitea_vars.attachment.minio_use_ssl }}
|
GITEA__attachment__MINIO_USE_SSL={{ gitea_vars.attachment.minio_use_ssl }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %} {# /attachment #}
|
{% endif %} {# /attachment #}
|
||||||
|
{# Disabled logging for now
|
||||||
{% if 'log' in gitea_vars %}
|
{% if 'log' in gitea_vars %}
|
||||||
{% if 'root_path' in gitea_vars['log'] %}
|
{% if 'root_path' in gitea_vars['log'] %}
|
||||||
GITEA__log__ROOT_PATH={{ gitea_vars.log.root_path }}
|
GITEA__log__ROOT_PATH={{ gitea_vars.log.root_path }}
|
||||||
@ -208,7 +205,7 @@ GITEA__log__ENABLE_log_LOG={{ gitea_vars.log.enable_log_log }}
|
|||||||
GITEA__log__ENABLE_XORM_LOG={{ gitea_vars.log.enable_xorm_log }}
|
GITEA__log__ENABLE_XORM_LOG={{ gitea_vars.log.enable_xorm_log }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %} {# /logging#}
|
{% endif %} {# /logging#}
|
||||||
|
#}
|
||||||
{% if 'ssh' in gitea_vars %}
|
{% if 'ssh' in gitea_vars %}
|
||||||
{% if 'minimum_key_sizes' in gitea_vars['ssh'] %}
|
{% if 'minimum_key_sizes' in gitea_vars['ssh'] %}
|
||||||
{% if 'ed25519' in gitea_vars['ssh']['minimum_key_sizes'] %}
|
{% if 'ed25519' in gitea_vars['ssh']['minimum_key_sizes'] %}
|
||||||
@ -305,3 +302,18 @@ GITEA__actions__ENABLED={{ gitea_vars.actions.enabled }}
|
|||||||
GITEA__actions__DEFAULT_ACTIONS_URL={{ gitea_vars.actions.default_actions_url }}
|
GITEA__actions__DEFAULT_ACTIONS_URL={{ gitea_vars.actions.default_actions_url }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %} {# /actions #}
|
{% endif %} {# /actions #}
|
||||||
|
|
||||||
|
{% if 'metrics' in gitea_vars %}
|
||||||
|
{% if 'enabled' in gitea_vars['metrics'] %}
|
||||||
|
GITEA__metrics__ENABLED={{ gitea_vars.metrics.enabled }}
|
||||||
|
{% endif %}
|
||||||
|
{% if 'enabled_issue_by_label' in gitea_vars['metrics'] %}
|
||||||
|
GITEA__metrics__ENABLED_ISSUE_BY_LABEL={{ gitea_vars.metrics.enabled_issue_by_label }}
|
||||||
|
{% endif %}
|
||||||
|
{% if 'enabled_issue_by_repository' in gitea_vars['metrics'] %}
|
||||||
|
GITEA__metrics__ENABLED_ISSUE_BY_REPOSITORY={{ gitea_vars.metrics.enabled_issue_by_repository }}
|
||||||
|
{% endif %}
|
||||||
|
{% if 'token' in gitea_vars['metrics'] %}
|
||||||
|
GITEA__metrics__TOKEN={{ gitea_vars.metrics.token }}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %} {# /actions #}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user