--- # tasks file for gitea install - name: Install main system dependencies apt: name: "{{ system_dep }}" - name: Download gitea binary get_url: url: "{{ gitea_url }}" dest: /usr/local/bin checksum: "{{ gitea_checksum }}" mode: '0755' - name: Create symbolic link file: src: "/usr/local/bin/gitea-{{ git_version }}-linux-amd64" dest: "/usr/local/bin/gitea" state: link - name: Add UNIX account user: name: "{{ service }}" shell: /bin/bash - name: Add www-data (nginx) to service's group user: name: www-data #group: www-data groups: "{{ service }}" append: true - name: Add database mysql_db: name: "{{ db_name }}" - name: Add database user mysql_user: name: "{{ db_user }}" password: "{{ db_password }}" priv: "{{ db_name }}.*:{{privileges |default('SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER,CREATE TEMPORARY TABLES')}}" update_password: on_create - name: Create the gitea conf dir if needed file: path: /etc/gitea state: directory mode: '0755' - name: Skip if gitea.ini is already present stat: path: "/etc/gitea/{{ service }}.ini" register: gitea_ini - name: Template gitea ini file template: src: "gitea.ini.j2" dest: "/etc/gitea/{{ service }}.ini" owner: 'root' group: "{{ service }}" mode: '0660' when: gitea_ini.stat.exists == false - name: Template gitea systemd unit template: src: "gitea.service.j2" dest: "/etc/systemd/system/gitea@.service" - name: Start gitea systemd unit service: name: "gitea@{{ service }}" state: started - name: Create the redis dir if needed file: path: /home/{{ service }}/redis state: directory owner: "{{ service }}" group: "{{ service }}" mode: '0750' - name: Create the log dir if needed file: path: /home/{{ service }}/log state: directory owner: "{{ service }}" group: "{{ service }}" mode: '0750' - name: Template redis conf template: src: "redis.conf.j2" dest: "/home/{{ service }}/redis/redis.conf" owner: "{{ service }}" group: "{{ service }}" mode: '0640' - name: Template redis systemd unit template: src: "redis.service.j2" dest: "/etc/systemd/system/redis@.service" - name: Start redis systemd unit service: name: "redis@{{ service }}" state: started #~ - name: Check if SSL certificate is present and register result #~ stat: #~ path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem" #~ register: ssl #~ - name: Generate certificate only if required (first time) #~ block: #~ - name: Template vhost without SSL for successfull LE challengce #~ template: #~ src: "vhost.conf.j2" #~ dest: "/etc/nginx/sites-available/{{ service }}.conf" #~ - name: Enable temporary nginx vhost for gitea #~ file: #~ src: "/etc/nginx/sites-available/{{ service }}.conf" #~ dest: "/etc/nginx/sites-enabled/{{ service }}.conf" #~ state: link #~ - name: Reload nginx conf #~ service: #~ name: nginx #~ state: reloaded #~ - name: Make sure /var/lib/letsencrypt exists and has correct permissions #~ file: #~ path: /var/lib/letsencrypt #~ state: directory #~ mode: '0755' #~ - name: Generate certificate with certbot #~ shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt -d {{ domains |first }} #~ when: ssl.stat.exists == true #~ - name: (Re)check if SSL certificate is present and register result #~ stat: #~ path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem" #~ register: ssl - name: (Re)template conf file for nginx vhost with SSL template: src: "vhost.conf.j2" dest: "/etc/nginx/sites-available/{{ service }}.conf" - name: Enable nginx vhost for gitea file: src: "/etc/nginx/sites-available/{{ service }}.conf" dest: "/etc/nginx/sites-enabled/{{ service }}.conf" state: link - name: Reload nginx conf service: name: nginx state: reloaded