Gitea [lightweight self-hosted Git service]

roles/6-generic-apps/tasks/main.yml

@@ -27,6 +27,12 @@
   when: ejabberd_install
   tags: ejabberd
 
+- name: GITEA
+  include_role:
+    name: gitea
+  when: gitea_install
+  tags: gitea
+
 - name: LOKOLE
   include_role:
     name: lokole

roles/gitea/README.rst

@@ -0,0 +1,24 @@
+=============
+Gitea README
+=============
+
+This Ansible role installs Gitea - a self-hosted Git service written in Go.
+
+Using It
+--------
+
+Gitea should be accessible at http://box/gitea
+
+Configuration
+-------------
+
+Gitea has been configured to work with MySQL; it can also be used with SQLite or
+Postgres. If you want to use it with a different database, change the 
+``DB_TYPE`` property in ``app.ini`` and change the line ``After=mysqld.service``
+in ``gitea.service`` to one of the following:
+
+* SQLite: comment it out.
+* Postgres: ``After=postgresql.service``
+
+Further information about configuring Gitea can be found at the
+`documentation <https://docs.gitea.io/en-us/>`.

roles/gitea/defaults/main.yml

@@ -0,0 +1,60 @@
+---
+#gitea_install: True
+#gitea_enabled: True
+
+# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
+# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
+
+# Using @coolaj86's script as a template
+# https://git.coolaj86.com/coolaj86/gitea-installer.sh
+
+# Information needed to install Gitea
+gitea_version: "1.7.3"
+iset_suffixes:
+  i386: "386"
+  x86_64: "amd64"
+  armv6l: "arm-6"
+  armv7l: "arm-7"
+
+gitea_iset_suffix: "{{ iset_suffixes[ansible_architecture] | default('unknown') }}"
+
+gitea_download_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_iset_suffix }}"
+gitea_integrity_url: "{{ gitea_download_url }}.asc"
+
+gitea_root_directory: "/library/gitea"
+gitea_subdirectories:
+  - bin
+  - custom
+  - data
+  - indexers
+  - public
+  - log
+gitea_install_path: "{{ gitea_root_directory }}/bin/gitea-{{ gitea_version }}"
+gitea_checksum_path: "{{ gitea_root_directory }}/bin/gitea-{{ gitea_version }}.asc"
+
+gitea_link_path: "{{ gitea_root_directory }}/gitea"
+
+# Information needed to verify Gitea
+gitea_gpg_key: 7C9E68152594688862D62AF62D9AE806EC1592E2
+
+# Information needed to run Gitea
+gitea_user: gitea
+gitea_home: "/home/{{ gitea_user }}" # SSH credentials stored here
+gitea_run_directory: "{{ gitea_root_directory }}"
+
+gitea_url: /gitea
+gitea_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ gitea_url }}"
+
+gitea_port: 61734 # leet for GITEA
+
+# Data locations
+gitea_db_path: "{{ gitea_root_directory }}/data/gitea.db"
+gitea_repo_root: "{{ gitea_root_directory }}/data/repositories"
+gitea_lfs_root: "{{ gitea_root_directory }}/data/lfs"
+
+# Log file location
+gitea_log_root: "{{ gitea_root_directory }}/log"
+
+# Extra configuration
+gitea_display_name: Internet-in-a-Box Gitea
+skip_install_screen: true

roles/gitea/tasks/install.yml

@@ -0,0 +1,190 @@
+# Prepare to install Gitea: create user and directory structure
+
+- name: Shut down existing Gitea instance (if we're reinstalling)
+  systemd:
+    name: gitea
+    state: stopped
+  tags:
+    - pre-install
+  ignore_errors: yes
+
+- name: Ensure group gitea exists
+  group:
+    name: gitea
+    state: present
+  tags:
+    - pre-install
+
+- name: Create user gitea
+  user:
+    name: gitea
+    comment: Gitea daemon account
+    groups: gitea
+    home: "{{ gitea_home }}"
+  tags:
+    - pre-install
+
+- name: Create Gitea directory structure
+  file:
+    path: "{{ gitea_root_directory }}/{{ item }}"
+    state: directory
+    owner: gitea
+    group: gitea
+  with_items: "{{ gitea_subdirectories }}"
+  tags:
+    - pre-install
+
+- name: Make directories data, indexers, and log writable
+  file:
+    path: "{{ gitea_root_directory }}/{{ item }}"
+    mode: 0750
+  with_items:
+    - data
+    - indexers
+    - log
+  tags:
+    - pre-install
+
+# Download, verify, and link Gitea binary
+
+- name: Fail if we detect unknown architecture
+  fail:
+    msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\""
+  when: gitea_iset_suffix == "unknown"
+
+- name: Download Gitea binary
+  get_url:
+    url: "{{ gitea_download_url }}"
+    dest: "{{ gitea_install_path }}"
+    mode: 0775
+  tags:
+    - install
+  when: internet_available
+
+- name: Download Gitea GPG signature
+  get_url:
+    url: "{{ gitea_integrity_url }}"
+    dest: "{{ gitea_checksum_path }}"
+  tags:
+    - never
+    - verify
+  when: internet_available
+
+- name: Verify Gitea binary with GPG signature
+  shell: |
+    gpg --keyserver pgp.mit.edu --recv {{ gitea_gpg_key }}
+    gpg --verify {{ gitea_checksum_path }} {{ gitea_install_path }}
+  tags:
+    - never
+    - verify
+  ignore_errors: yes
+
+- name: Link Gitea
+  file:
+    src: "{{ gitea_install_path }}"
+    dest: "{{ gitea_link_path }}"
+    owner: gitea
+    group: gitea
+    state: link
+  tags:
+    - install
+
+# Configure Gitea
+
+# For security reasons, the Gitea developers recommend removing group write
+# permissions from /etc/gitea/ and /etc/gitea/app.ini after the first run of 
+# Gitea. User gitea needs write permissions during the first run but not 
+# subsequent runs.
+
+- name: Create Gitea config directory
+  file:
+    path: /etc/gitea
+    state: directory
+    owner: root
+    group: gitea
+    mode: 0770
+  tags:
+    - config
+
+- name: Create app.ini
+  template:
+    src: app.ini.j2
+    dest: /etc/gitea/app.ini
+    owner: root
+    group: gitea
+    mode: 0664
+  tags:
+    - config
+
+# Create systemd service
+
+- name: Create 'gitea' service
+  template:
+    src: gitea.service.j2
+    dest: "/etc/systemd/system/gitea.service"
+  tags:
+    - systemd
+
+- name: Enable 'gitea' service
+  systemd:
+    daemon_reload: yes
+    name: gitea
+    enabled: yes
+    state: restarted
+  when: gitea_enabled
+
+- name: Disable 'gitea' service
+  systemd:
+    name: gitea
+    enabled: no
+    state: stopped
+  when: not gitea_enabled
+
+# Configure HTTPD
+
+- name: Copy gitea httpd conf file
+  template:
+    src: gitea.conf.j2
+    dest: "/etc/{{ apache_config_dir }}/gitea.conf"
+
+- name: Enable httpd conf file (debuntu)
+  file:
+    src: /etc/{{ apache_config_dir }}/gitea.conf
+    dest: /etc/apache2/sites-enabled/gitea.conf
+    state: link
+  when: gitea_enabled and is_debuntu
+
+- name: Remove httpd conf file (OS's other than debuntu)
+  file:
+    path: /etc/apache2/sites-enabled/gitea.conf
+    state: absent
+  when: not gitea_enabled and is_debuntu
+
+- name: >-
+    Restart Apache ({{ apache_service }}) to {% if gitea_enabled %}enable{% 
+    else %}disable{% endif %} http://box/gitea
+  service:
+    name: "{{ apache_service }}"
+    state: restarted
+
+# Add Gitea to registry
+
+- name: Add 'gitea' to list of services at {{ iiab_ini_file }}
+  ini_file:
+    dest: "{{ iiab_ini_file }}"
+    section: gitea
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+  with_items:
+    - option: name
+      value: gitea
+    - option: description
+      value: '"Gitea: Git with a cup of tea"'
+    - option: gitea_run_directory
+      value: "{{ gitea_run_directory }}"
+    - option: gitea_url
+      value: "{{ gitea_url }}"
+    - option: gitea_full_url
+      value: "{{ gitea_full_url }}"
+    - option: gitea_enabled
+      value: "{{ gitea_enabled }}"

roles/gitea/tasks/main.yml

@@ -0,0 +1,3 @@
+- name: Install Gitea {{ gitea_version }} if gitea_install
+  include_tasks: install.yml
+  when: gitea_install