README.md

# Ansible Role: SCM


Software Code Management role. Currently installs and manages [Gitea](https://about.gitea.com/) on Debian and Ubuntu systems. The role downloads a versioned upstream binary, keeps a previous version for quick rollback via a symlink, creates a dedicated system user, writes `app.ini` fully from variables, and manages the systemd unit.

Requirements
------------

This role requires Ansible 2.12 or higher. The target system should be Debian or Ubuntu.

Role Variables
--------------

The following variables are defined in `defaults/main.yml`:

| Variable | Description | Default Value |
|----------|-------------|---------------|
| `gitea_name` | Service name (used for binary, unit, paths) | `gitea` |
| `gitea_version` | Gitea version to install (no leading `v`) | `1.25.5` |
| `gitea_arch` | Architecture suffix of the upstream release | `amd64` |
| `gitea_opt` | Install directory (holds versioned binaries + symlink) | `/opt/{{ gitea_name }}` |
| `gitea_etc` | Config directory (`app.ini` lives here) | `/etc/{{ gitea_name }}` |
| `gitea_home` | Data directory / `WorkingDirectory` | `/var/lib/{{ gitea_name }}` |
| `gitea_url` | Full download URL of the `linux-<arch>` binary | upstream GitHub release URL |
| `gitea_keep_versions` | Previous versioned binaries to keep for rollback | `1` |
| `gitea_user_create` | Whether this role should create the system user/group | `true` |
| `gitea_user` / `gitea_group` | Service user and group | `git` / `git` |
| `gitea_uid` / `gitea_gid` | Optional fixed uid/gid | unset (system-assigned) |
| `gitea_user_home` | Home directory for the service user | `/home/{{ gitea_user }}` |
| `gitea_user_shell` | Login shell for the service user | `/bin/bash` |
| `gitea_app_ini` | Dict rendered verbatim into `app.ini` | minimal sqlite3 defaults |

### About `gitea_app_ini`

`app.ini` is fully driven from this dictionary. Keys become INI sections; the reserved key `DEFAULT` is rendered at the top of the file **without** a section header (matching Gitea's convention). Section names with dots (e.g. `cron.update_checker`, `repository.signing`) are preserved verbatim. Override this dict in your playbook to inject any setting Gitea supports.

Dependencies
------------

None.

Example Playbook
----------------

```yaml
- hosts: gitea_servers
  roles:
    - role: ansible_role_scm
      vars:
        gitea_version: '1.25.5'
        gitea_user: 'git'
        gitea_app_ini:
          DEFAULT:
            APP_NAME: 'My Gitea'
            RUN_USER: 'git'
            WORK_PATH: '/var/lib/gitea'
            RUN_MODE: 'prod'
          server:
            DOMAIN: 'git.example.com'
            HTTP_PORT: 3000
            ROOT_URL: 'https://git.example.com/'
            DISABLE_SSH: true
          database:
            DB_TYPE: 'postgres'
            HOST: '127.0.0.1:5432'
            NAME: 'giteadb'
            USER: 'gitea'
            PASSWD: '{{ vault_gitea_db_password }}'
            SSL_MODE: 'disable'
          security:
            INSTALL_LOCK: true
            INTERNAL_TOKEN: '{{ vault_gitea_internal_token }}'
```

License
-------

GPL-3.0-only

Author Information
------------------

+ Luciano Giacchetta
+ Giacchetta Networks LLC
+ https://gianet.us/engineering/ansible_role_scm
minor: Add Gitea to SCM role 2026-04-08 18:05:00 -03:00			`# Ansible Role: SCM`


			Software Code Management role. Currently installs and manages [Gitea](https://about.gitea.com/) on Debian and Ubuntu systems. The role downloads a versioned upstream binary, keeps a previous version for quick rollback via a symlink, creates a dedicated system user, writes `app.ini` fully from variables, and manages the systemd unit.

			`Requirements`
			`------------`

			`This role requires Ansible 2.12 or higher. The target system should be Debian or Ubuntu.`

			`Role Variables`
			`--------------`

			The following variables are defined in `defaults/main.yml`:

			`\| Variable \| Description \| Default Value \|`
			`\|----------\|-------------\|---------------\|`
			\| `gitea_name` \| Service name (used for binary, unit, paths) \| `gitea` \|
			\| `gitea_version` \| Gitea version to install (no leading `v`) \| `1.25.5` \|
			\| `gitea_arch` \| Architecture suffix of the upstream release \| `amd64` \|
			\| `gitea_opt` \| Install directory (holds versioned binaries + symlink) \| `/opt/{{ gitea_name }}` \|
			\| `gitea_etc` \| Config directory (`app.ini` lives here) \| `/etc/{{ gitea_name }}` \|
			\| `gitea_home` \| Data directory / `WorkingDirectory` \| `/var/lib/{{ gitea_name }}` \|
			\| `gitea_url` \| Full download URL of the `linux-<arch>` binary \| upstream GitHub release URL \|
			\| `gitea_keep_versions` \| Previous versioned binaries to keep for rollback \| `1` \|
			\| `gitea_user_create` \| Whether this role should create the system user/group \| `true` \|
			\| `gitea_user` / `gitea_group` \| Service user and group \| `git` / `git` \|
			\| `gitea_uid` / `gitea_gid` \| Optional fixed uid/gid \| unset (system-assigned) \|
			\| `gitea_user_home` \| Home directory for the service user \| `/home/{{ gitea_user }}` \|
			\| `gitea_user_shell` \| Login shell for the service user \| `/bin/bash` \|
			\| `gitea_app_ini` \| Dict rendered verbatim into `app.ini` \| minimal sqlite3 defaults \|

			### About `gitea_app_ini`

			`app.ini` is fully driven from this dictionary. Keys become INI sections; the reserved key `DEFAULT` is rendered at the top of the file without a section header (matching Gitea's convention). Section names with dots (e.g. `cron.update_checker`, `repository.signing`) are preserved verbatim. Override this dict in your playbook to inject any setting Gitea supports.

			`Dependencies`
			`------------`

			`None.`

			`Example Playbook`
			`----------------`

			```yaml
			`- hosts: gitea_servers`
			`roles:`
			`- role: ansible_role_scm`
			`vars:`
			`gitea_version: '1.25.5'`
			`gitea_user: 'git'`
			`gitea_app_ini:`
			`DEFAULT:`
			`APP_NAME: 'My Gitea'`
			`RUN_USER: 'git'`
			`WORK_PATH: '/var/lib/gitea'`
			`RUN_MODE: 'prod'`
			`server:`
			`DOMAIN: 'git.example.com'`
			`HTTP_PORT: 3000`
			`ROOT_URL: 'https://git.example.com/'`
			`DISABLE_SSH: true`
			`database:`
			`DB_TYPE: 'postgres'`
			`HOST: '127.0.0.1:5432'`
			`NAME: 'giteadb'`
			`USER: 'gitea'`
			`PASSWD: '{{ vault_gitea_db_password }}'`
			`SSL_MODE: 'disable'`
			`security:`
			`INSTALL_LOCK: true`
			`INTERNAL_TOKEN: '{{ vault_gitea_internal_token }}'`
			```

			`License`
			`-------`

			`GPL-3.0-only`

			`Author Information`
			`------------------`

			`+ Luciano Giacchetta`
			`+ Giacchetta Networks LLC`
			`+ https://gianet.us/engineering/ansible_role_scm`