Prefix variables with gitea_

webapps/gitea/defaults/main.yml

@@ -1,14 +1,14 @@
 ---
 # defaults file for vars
-system_dep: "['apt-transport-https', 'git', 'nginx', 'mariadb-server', 'mariadb-client', 'python3-mysqldb', 'redis-server', 'certbot']"
-git_version: '1.21.3'
-gitea_url: "https://dl.gitea.io/gitea/{{ git_version }}/gitea-{{ git_version }}-linux-amd64"
+gitea_system_dep: "['apt-transport-https', 'git', 'nginx', 'mariadb-server', 'mariadb-client', 'python3-mysqldb', 'redis-server', 'certbot']"
+gitea_git_version: '1.21.3'
+gitea_url: "https://dl.gitea.io/gitea/{{ gitea_git_version }}/gitea-{{ gitea_git_version }}-linux-amd64"
 gitea_checksum: "sha256:ccf6cc2077401e382bca0d000553a781a42c9103656bd33ef32bf093cca570eb"
-domains: ['example.domain.org']
-certbot_admin_email: 'security@example.domain.org'
-db_host: '127.0.0.1:3306'
-db_name: "{{ service }}"
-db_user: "{{ service }}"
-db_password: 'UQ6_CHANGE_ME_Gzb'
-redis_maxclients: '128'
-redis_maxmemory: '300M'
+gitea_domains: ['example.domain.org']
+gitea_certbot_admin_email: 'security@example.domain.org'
+gitea_db_host: '127.0.0.1:3306'
+gitea_db_name: "{{ gitea_service }}"
+gitea_db_user: "{{ gitea_service }}"
+gitea_db_password: 'UQ6_CHANGE_ME_Gzb'
+gitea_redis_maxclients: '128'
+gitea_redis_maxmemory: '300M'

webapps/gitea/tasks/main.yml

@@ -3,7 +3,7 @@
 
 - name: Install main system dependencies
   apt:
-    name: "{{ system_dep }}"
+    name: "{{ gitea_system_dep }}"
     update_cache: yes
 
 - name: Download gitea binary
@@ -15,31 +15,31 @@
 
 - name: Create symbolic link
   file:
-    src: "/usr/local/bin/gitea-{{ git_version }}-linux-amd64"
+    src: "/usr/local/bin/gitea-{{ gitea_git_version }}-linux-amd64"
     dest: "/usr/local/bin/gitea"
     state: link
 
 - name: Add UNIX account
   user:
-    name: "{{ service }}"
+    name: "{{ gitea_service }}"
     shell: /bin/bash
 
 - name: Add www-data (nginx) to service's group
   user:
     name: www-data
     #group: www-data
-    groups: "{{ service }}"
+    groups: "{{ gitea_service }}"
     append: true
 
 - name: Add database
   mysql_db:
-    name: "{{ db_name }}"
+    name: "{{ gitea_db_name }}"
 
 - name: Add database user
   mysql_user:
-    name: "{{ db_user }}"
-    password: "{{ db_password }}"
-    priv: "{{ db_name }}.*:{{privileges |default('SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER,CREATE TEMPORARY TABLES')}}"
+    name: "{{ gitea_db_user }}"
+    password: "{{ gitea_db_password }}"
+    priv: "{{ gitea_db_name }}.*:{{privileges |default('SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER,CREATE TEMPORARY TABLES')}}"
     update_password: on_create
 
 - name: Create the gitea conf dir if needed
@@ -51,9 +51,9 @@
 - name: Template gitea ini file
   template: 
     src: "gitea.ini.j2"
-    dest: "/etc/gitea/{{ service }}.ini"
+    dest: "/etc/gitea/{{ gitea_service }}.ini"
     owner: 'root'
-    group: "{{ service }}"
+    group: "{{ gitea_service }}"
     mode: '0660'
 
 - name: Template gitea systemd unit
@@ -63,31 +63,31 @@
 
 - name: Start gitea systemd unit
   service:
-    name: "gitea@{{ service }}"
+    name: "gitea@{{ gitea_service }}"
     state: restarted
 
 - name: Create the redis dir if needed
   file:
-    path: /home/{{ service }}/redis
+    path: /home/{{ gitea_service }}/redis
     state: directory
-    owner: "{{ service }}"
-    group: "{{ service }}"
+    owner: "{{ gitea_service }}"
+    group: "{{ gitea_service }}"
     mode: '0750'
 
 - name: Create the log dir if needed
   file:
-    path: /home/{{ service }}/log
+    path: /home/{{ gitea_service }}/log
     state: directory
-    owner: "{{ service }}"
-    group: "{{ service }}"
+    owner: "{{ gitea_service }}"
+    group: "{{ gitea_service }}"
     mode: '0750'
 
 - name: Template redis conf
   template: 
     src: "redis.conf.j2"
-    dest: "/home/{{ service }}/redis/redis.conf"
-    owner: "{{ service }}"
-    group: "{{ service }}"
+    dest: "/home/{{ gitea_service }}/redis/redis.conf"
+    owner: "{{ gitea_service }}"
+    group: "{{ gitea_service }}"
     mode: '0640'
 
 - name: Template redis systemd unit
@@ -97,7 +97,7 @@
 
 - name: Start redis systemd unit
   service:
-    name: "redis@{{ service }}"
+    name: "redis@{{ gitea_service }}"
     state: started
 
 - name: Template nginx snippet for Let's Encrypt/Certbot
@@ -107,7 +107,7 @@
 
 - name: Check if SSL certificate is present and register result
   stat:
-    path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
+    path: "/etc/letsencrypt/live/{{ gitea_domains |first }}/fullchain.pem"
   register: ssl
 
 - name: Generate certificate only if required (first time)
@@ -115,11 +115,11 @@
   - name: Template vhost without SSL for successfull LE challengce
     template: 
       src: "vhost.conf.j2"
-      dest: "/etc/nginx/sites-available/{{ service }}.conf"
+      dest: "/etc/nginx/sites-available/{{ gitea_service }}.conf"
   - name: Enable temporary nginx vhost for gitea
     file:
-      src: "/etc/nginx/sites-available/{{ service }}.conf"
-      dest: "/etc/nginx/sites-enabled/{{ service }}.conf"
+      src: "/etc/nginx/sites-available/{{ gitea_service }}.conf"
+      dest: "/etc/nginx/sites-enabled/{{ gitea_service }}.conf"
       state: link
   - name: Reload nginx conf
     service:
@@ -131,7 +131,7 @@
       state: directory
       mode: '0755'
   - name: Generate certificate with certbot
-    shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
+    shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ gitea_certbot_admin_email }} -d {{ gitea_domains |first }}
   - name: Create the ssl dir if needed
     file:
       path: /etc/nginx/ssl
@@ -140,23 +140,23 @@
   - name: Template ssl bloc for nginx vhost
     template: 
       src: "ssl.conf.j2"
-      dest: "/etc/nginx/ssl/{{ domains |first }}.conf"
+      dest: "/etc/nginx/ssl/{{ gitea_domains |first }}.conf"
   when: ssl.stat.exists != true
 
 - name: (Re)check if SSL certificate is present and register result
   stat:
-    path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
+    path: "/etc/letsencrypt/live/{{ gitea_domains |first }}/fullchain.pem"
   register: ssl
 
 - name: (Re)template conf file for nginx vhost with SSL
   template:
     src: "vhost.conf.j2"
-    dest: "/etc/nginx/sites-available/{{ service }}.conf"
+    dest: "/etc/nginx/sites-available/{{ gitea_service }}.conf"
 
 - name: Enable nginx vhost for gitea
   file:
-    src: "/etc/nginx/sites-available/{{ service }}.conf"
-    dest: "/etc/nginx/sites-enabled/{{ service }}.conf"
+    src: "/etc/nginx/sites-available/{{ gitea_service }}.conf"
+    dest: "/etc/nginx/sites-enabled/{{ gitea_service }}.conf"
     state: link
 
 - name: Reload nginx conf

webapps/gitea/tasks/upgrade.yml

@@ -10,13 +10,13 @@
 
 - name: Create symbolic link
   file:
-    src: "/usr/local/bin/gitea-{{ git_version }}-linux-amd64"
+    src: "/usr/local/bin/gitea-{{ gitea_git_version }}-linux-amd64"
     dest: "/usr/local/bin/gitea"
     state: link
 
 - name: Start gitea systemd unit
   service:
-    name: "gitea@{{ service }}"
+    name: "gitea@{{ gitea_service }}"
     state: restarted
 
 - name: Reload nginx conf

webapps/gitea/templates/gitea.ini.j2

@@ -1,21 +1,21 @@
 APP_NAME = Gitea
-RUN_USER = {{ service }}
+RUN_USER = {{ gitea_service }}
 RUN_MODE = prod
 
 [server]
 PROTOCOL               = unix
-DOMAIN                 = {{ domains | first }}
-HTTP_ADDR              = /home/{{ service }}/gitea.sock
+DOMAIN                 = {{ gitea_domains | first }}
+HTTP_ADDR              = /home/{{ gitea_service }}/gitea.sock
 UNIX_SOCKET_PERMISSION = 660
 OFFLINE_MODE           = true
-SSH_DOMAIN             = {{ domains | first }}
-ROOT_URL               = https://{{ domains | first }}/
+SSH_DOMAIN             = {{ gitea_domains | first }}
+ROOT_URL               = https://{{ gitea_domains | first }}/
 
 [repository]
-ROOT = /home/{{ service }}/repositories
+ROOT = /home/{{ gitea_service }}/repositories
 
 [log]
-ROOT_PATH = /home/{{ service }}/log/
+ROOT_PATH = /home/{{ gitea_service }}/log/
 MODE      = console
 LEVEL     = info
 
@@ -25,15 +25,15 @@ NAMES = Français,English
 
 [database]
 DB_TYPE  = mysql
-HOST     = {{ db_host }}
-NAME     = {{ db_name }}
-USER     = {{ db_user }}
-PASSWD   = {{ db_password }}
+HOST     = {{ gitea_db_host }}
+NAME     = {{ gitea_db_name }}
+USER     = {{ gitea_db_user }}
+PASSWD   = {{ gitea_db_password }}
 
 [session]
 PROVIDER         = redis
-PROVIDER_CONFIG  = network=unix,addr=/home/{{ service }}/redis/redis.sock,db=0,pool_size=100,idle_timeout=180
+PROVIDER_CONFIG  = network=unix,addr=/home/{{ gitea_service }}/redis/redis.sock,db=0,pool_size=100,idle_timeout=180
 
 [cache]
 ADAPTER = redis
-HOST    = network=unix,addr=/home/{{ service }}/redis/redis.sock,db=1,pool_size=100,idle_timeout=180
+HOST    = network=unix,addr=/home/{{ gitea_service }}/redis/redis.sock,db=1,pool_size=100,idle_timeout=180

webapps/gitea/templates/redis.conf.j2

@@ -2,13 +2,13 @@ bind 127.0.0.1 ::1
 protected-mode yes
 
 port 0
-unixsocket /home/{{ service }}/redis/redis.sock
+unixsocket /home/{{ gitea_service }}/redis/redis.sock
 unixsocketperm 770
 timeout 0
 tcp-keepalive 300
 
 loglevel notice
-logfile /home/{{ service }}/log/redis-server.log
+logfile /home/{{ gitea_service }}/log/redis-server.log
 
 databases 16
 save 900 1
@@ -16,7 +16,7 @@ save 300 10
 save 60 10000
 
 dbfilename dump.rdb
-dir /home/{{ service }}/redis
+dir /home/{{ gitea_service }}/redis
 
-maxclients {{ redis_maxclients }}
-maxmemory {{ redis_maxmemory }}
+maxclients {{ gitea_redis_maxclients }}
+maxmemory {{ gitea_redis_maxmemory }}

webapps/gitea/templates/ssl.conf.j2

@@ -2,8 +2,8 @@
 # Certificates
 # you need a certificate to run in production. see https://letsencrypt.org/
 ##
-ssl_certificate     /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem;
-ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem;
+ssl_certificate     /etc/letsencrypt/live/{{ gitea_domains | first }}/fullchain.pem;
+ssl_certificate_key /etc/letsencrypt/live/{{ gitea_domains | first }}/privkey.pem;
 
 ##
 # Security hardening (as of Nov 15, 2020)

webapps/gitea/templates/vhost.conf.j2

@@ -1,11 +1,11 @@
-upstream gitea_{{ service }} {
-    server unix:/home/{{ service }}/gitea.sock;
+upstream gitea_{{ gitea_service }} {
+    server unix:/home/{{ gitea_service }}/gitea.sock;
 }
 
 server {
   listen 80;
   listen [::]:80;
-  server_name {{ domains | first }};
+  server_name {{ gitea_domains | first }};
   
   # For certbot
   include /etc/nginx/snippets/letsencrypt.conf;
@@ -20,16 +20,16 @@ server {
     listen 0.0.0.0:443 ssl http2;
     listen [::]:443 ssl http2;
 
-    server_name {{ domains | first }};
+    server_name {{ gitea_domains | first }};
     
-    access_log /var/log/nginx/{{ service }}.access.log;
-    error_log  /var/log/nginx/{{ service }}.error.log;
+    access_log /var/log/nginx/{{ gitea_service }}.access.log;
+    error_log  /var/log/nginx/{{ gitea_service }}.error.log;
 
     include /etc/nginx/snippets/letsencrypt.conf;
-    include /etc/nginx/ssl/{{ domains | first }}.conf;
+    include /etc/nginx/ssl/{{ gitea_domains | first }}.conf;
 
     location / {
-        proxy_pass http://gitea_{{ service }};
+        proxy_pass http://gitea_{{ gitea_service }};
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Forwarded-For $remote_addr;
         proxy_read_timeout 10;