From 8994143831e2f1daa8c8a5e7561fe9160a4c25e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?c=C4=83t=C4=83lin?= <catalin@roboces.dev>
Date: Wed, 13 Mar 2024 13:11:36 +0100
Subject: [PATCH] feat: add gitea ansible install

---
 ansible/gitea/gitea-playbook.yml              |  6 ++
 ansible/gitea/roles/gitea/files/gitea.service | 19 +++++
 ansible/gitea/roles/gitea/tasks/main.yml      | 23 +++++
 .../gitea/roles/gitea/templates/app.ini.j2    | 85 +++++++++++++++++++
 ansible/gitea/roles/gitea/vars/main.yml       | 18 ++++
 ansible/gitea/sample.env                      | 15 ++++
 ansible/inventory                             |  6 ++
 7 files changed, 172 insertions(+)
 create mode 100644 ansible/gitea/gitea-playbook.yml
 create mode 100644 ansible/gitea/roles/gitea/files/gitea.service
 create mode 100644 ansible/gitea/roles/gitea/tasks/main.yml
 create mode 100644 ansible/gitea/roles/gitea/templates/app.ini.j2
 create mode 100644 ansible/gitea/roles/gitea/vars/main.yml
 create mode 100644 ansible/gitea/sample.env

diff --git a/ansible/gitea/gitea-playbook.yml b/ansible/gitea/gitea-playbook.yml
new file mode 100644
index 0000000..696ea05
--- /dev/null
+++ b/ansible/gitea/gitea-playbook.yml
@@ -0,0 +1,6 @@
+- name: Install gitea
+  hosts:
+    - giteas
+
+  roles:
+    - role: roles/gitea
\ No newline at end of file
diff --git a/ansible/gitea/roles/gitea/files/gitea.service b/ansible/gitea/roles/gitea/files/gitea.service
new file mode 100644
index 0000000..4eb4b13
--- /dev/null
+++ b/ansible/gitea/roles/gitea/files/gitea.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=Gitea
+After=syslog.target
+After=network.target
+
+[Service]
+LimitMEMLOCK=infinity
+LimitNOFILE=65535
+RestartSec=2s
+Type=simple
+User=git
+Group=git
+WorkingDirectory=/srv/git
+ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
+Restart=always
+Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/srv/git GITEA_CUSTOM=/srv/git/custom PATH=/usr/bin/git:/bin:/sbin:/usr/bin:/usr/sbin
+
+[Install]
+WantedBy=multi-user.target
diff --git a/ansible/gitea/roles/gitea/tasks/main.yml b/ansible/gitea/roles/gitea/tasks/main.yml
new file mode 100644
index 0000000..ca43c26
--- /dev/null
+++ b/ansible/gitea/roles/gitea/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+- name: Download gitea {{ gitea_version }}
+  get_url:
+    url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64"
+    dest: "/usr/local/bin/gitea"
+
+- name: Copy gitea config file app.ini
+  template:
+    src: app.ini.j2
+    dest: /etc/gitea/app.ini
+    mode: 0600
+
+- name: Copy gitea systemd unitfile gitea.service
+  copy:
+    src: gitea.service
+    dest: /etc/systemd/system/gitea.service
+    mode: 0600
+
+- name: Restart gitea systemd service
+  ansible.builtin.systemd_service:
+    state: restarted
+    daemon_reload: true
+    name: gitea
\ No newline at end of file
diff --git a/ansible/gitea/roles/gitea/templates/app.ini.j2 b/ansible/gitea/roles/gitea/templates/app.ini.j2
new file mode 100644
index 0000000..d0710bd
--- /dev/null
+++ b/ansible/gitea/roles/gitea/templates/app.ini.j2
@@ -0,0 +1,85 @@
+APP_NAME = Gitea
+RUN_USER = git
+RUN_MODE = prod
+WORK_PATH = /srv/git
+
+[oauth2]
+JWT_SECRET = {{ gitea_jwt_secret }}
+
+[security]
+INTERNAL_TOKEN = {{ gitea_internal_token }}
+INSTALL_LOCK = true
+SECRET_KEY = {{ gitea_secret_key }}
+DISABLE_GIT_HOOKS = false
+
+[database]
+DB_TYPE = postgres
+HOST = {{ gitea_database_host }}
+NAME = {{ gitea_database_name }}
+USER = {{ gitea_database_user }}
+PASSWD = {{ gitea_database_password}}
+SCHEMA =
+SSL_MODE = disable
+CHARSET = utf8
+PATH = /srv/git/data/gitea.db
+
+[repository]
+ROOT = /srv/git/gitea-repositories
+
+[server]
+SSH_DOMAIN = {{ gitea_domain }}
+DOMAIN = {{ gitea_domain }}
+HTTP_PORT = 3000
+ROOT_URL = {{ gitea_url }}
+DISABLE_SSH = false
+SSH_PORT = 22
+LFS_START_SERVER = true
+LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
+OFFLINE_MODE = false
+
+[lfs]
+LFS_CONTENT_PATH = /srv/git/data/lfs
+
+[mailer]
+ENABLED = true
+SUBJECT = %(APP_NAME)s
+HOST = {{ gitea_mailer_host }}
+FROM = {{ gitea_mailer_from }}
+USER = {{ gitea_mailer_user }}
+PASSWD = {{ gitea_mailer_password }}
+
+[service]
+REGISTER_EMAIL_CONFIRM = true
+ENABLE_NOTIFY_MAIL = true
+DISABLE_REGISTRATION = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION = true
+ENABLE_CAPTCHA = false
+REQUIRE_SIGNIN_VIEW = false
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS = {{ gitea_no_reply_address }}
+
+[picture]
+DISABLE_GRAVATAR = false
+ENABLE_FEDERATED_AVATAR = true
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[session]
+PROVIDER = file
+
+[log]
+MODE = file
+LEVEL = info
+ROOT_PATH = /srv/git/log
+
+[ui]
+THEMES = {{ gitea_themes }}
+DEFAULT_THEME = arc-green
+ENABLE_RENDER = true
+
+[actions]
+ENABLED = true
diff --git a/ansible/gitea/roles/gitea/vars/main.yml b/ansible/gitea/roles/gitea/vars/main.yml
new file mode 100644
index 0000000..8018ef0
--- /dev/null
+++ b/ansible/gitea/roles/gitea/vars/main.yml
@@ -0,0 +1,18 @@
+---
+gitea_version: 1.21.8
+gitea_jwt_secret: "{{ lookup('env', 'GITEA_JWT_SECRET') }}"
+gitea_internal_token: "{{ lookup('env', 'GITEA_INTERNAL_TOKEN') }}"
+gitea_secret_key: "{{ lookup('env', 'GITEA_SECRET_KEY') }}"
+gitea_database_host: "{{ lookup('env', 'GITEA_DATABASE_HOST') }}"
+gitea_database_name: "{{ lookup('env', 'GITEA_DATABASE_NAME') }}"
+gitea_database_user: "{{ lookup('env', 'GITEA_DATABASE_USER') }}"
+gitea_database_password: "{{ lookup('env', 'GITEA_DATABASE_PASSWORD') }}"
+gitea_domain: "{{ lookup('env', 'GITEA_DOMAIN', default='git.roboces.dev') }}"
+gitea_url: "{{ lookup('env', 'GITEA_URL', default='https://git.roboces.dev/') }}"
+gitea_lfs_jwt_secret: "{{ lookup('env', 'GITEA_LFS_JWT_SECRET') }}"
+gitea_mailer_host: "{{ lookup('env', 'GITEA_MAILER_HOST', default='mail.fukurokuju.dev:587') }}"
+gitea_mailer_from: "{{ lookup('env', 'GITEA_MAILER_FROM', default='git@fukurokuju.dev') }}"
+gitea_mailer_user: "{{ lookup('env', 'GITEA_MAILER_USER') }}"
+gitea_mailer_password: "{{ lookup('env', 'GITEA_MAILER_PASSWORD') }}"
+gitea_no_reply_address: "{{ lookup('env', 'GITEA_NO_REPLY_ADDRESS', default='git@fukurokuju.dev') }}"
+gitea_themes: gitea,arc-green,gitea-modern,catppuccin-latte-rosewater,catppuccin-latte-flamingo,catppuccin-latte-pink,catppuccin-latte-mauve,catppuccin-latte-red,catppuccin-latte-maroon,catppuccin-latte-peach,catppuccin-latte-yellow,catppuccin-latte-green,catppuccin-latte-teal,catppuccin-latte-sky,catppuccin-latte-sapphire,catppuccin-latte-blue,catppuccin-latte-lavender,catppuccin-frappe-rosewater,catppuccin-frappe-flamingo,catppuccin-frappe-pink,catppuccin-frappe-mauve,catppuccin-frappe-red,catppuccin-frappe-maroon,catppuccin-frappe-peach,catppuccin-frappe-yellow,catppuccin-frappe-green,catppuccin-frappe-teal,catppuccin-frappe-sky,catppuccin-frappe-sapphire,catppuccin-frappe-blue,catppuccin-frappe-lavender,catppuccin-macchiato-rosewater,catppuccin-macchiato-flamingo,catppuccin-macchiato-pink,catppuccin-macchiato-mauve,catppuccin-macchiato-red,catppuccin-macchiato-maroon,catppuccin-macchiato-peach,catppuccin-macchiato-yellow,catppuccin-macchiato-green,catppuccin-macchiato-teal,catppuccin-macchiato-sky,catppuccin-macchiato-sapphire,catppuccin-macchiato-blue,catppuccin-macchiato-lavender,catppuccin-mocha-rosewater,catppuccin-mocha-flamingo,catppuccin-mocha-pink,catppuccin-mocha-mauve,catppuccin-mocha-red,catppuccin-mocha-maroon,catppuccin-mocha-peach,catppuccin-mocha-yellow,catppuccin-mocha-green,catppuccin-mocha-teal,catppuccin-mocha-sky,catppuccin-mocha-sapphire,catppuccin-mocha-blue,catppuccin-mocha-lavender
diff --git a/ansible/gitea/sample.env b/ansible/gitea/sample.env
new file mode 100644
index 0000000..ed795f5
--- /dev/null
+++ b/ansible/gitea/sample.env
@@ -0,0 +1,15 @@
+GITEA_JWT_SECRET=
+GITEA_INTERNAL_TOKEN=
+GITEA_SECRET_KEY=
+GITEA_DATABASE_HOST=
+GITEA_DATABASE_NAME=
+GITEA_DATABASE_USER=
+GITEA_DATABASE_PASSWORD=
+GITEA_DOMAIN=git.roboces.dev
+GITEA_URL=https://git.roboces.dev/
+GITEA_LFS_JWT_SECRET=
+GITEA_MAILER_HOST=mail.fukurokuju.dev:587
+GITEA_MAILER_FROM=git@fukurokuju.dev
+GITEA_MAILER_USER=
+GITEA_MAILER_PASSWORD=
+GITEA_NO_REPLY_ADDRESS=git@fukurokuju.dev
\ No newline at end of file
diff --git a/ansible/inventory b/ansible/inventory
index 0db106d..9a98d0c 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -18,3 +18,9 @@ ansible_user=ci
 
 [k3s_agents:vars]
 ansible_user=ci
+
+[giteas]
+gitea.fuku
+
+[giteas:vars]
+ansible_user=root
\ No newline at end of file