engineering/ansible_role_scm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
18b9a859b6cf38928d42992a149595d7e1156b6e
ansible_role_scm/tasks/main.yml
Luciano Giacchetta 18b9a859b6
All checks were successful
Update Gitea Version / update-version (push) Successful in 3s
Details
Fix Molecule and Trigger (#1) 
Reviewed-on: #1
2026-04-08 23:01:42 +00:00

221 lines
6.2 KiB
YAML
Raw Blame History

#SPDX-License-Identifier: GPL-3.0-only
---
- name: "Create Gitea System Group"
when: gitea_user_create
ansible.builtin.group:
name: '{{ gitea_group }}'
gid: '{{ gitea_gid | default(omit, true) }}'
system: true
- name: "Create Gitea System User"
when: gitea_user_create
ansible.builtin.user:
name: '{{ gitea_user }}'
group: '{{ gitea_group }}'
uid: '{{ gitea_uid | default(omit, true) }}'
home: '{{ gitea_user_home }}'
shell: '{{ gitea_user_shell }}'
system: true
create_home: true
- name: "Create Install Folder"
ansible.builtin.file:
path: '{{ gitea_opt }}'
state: directory
owner: '{{ gitea_user }}'
group: '{{ gitea_group }}'
mode: '0755'
- name: "Create Config Folder"
ansible.builtin.file:
path: '{{ gitea_etc }}'
state: directory
owner: '{{ gitea_user }}'
group: '{{ gitea_group }}'
mode: '0750'
- name: "Create Data Folders"
ansible.builtin.file:
path: '{{ item }}'
state: directory
owner: '{{ gitea_user }}'
group: '{{ gitea_group }}'
mode: '0750'
loop:
- '{{ gitea_home }}'
- '{{ gitea_home }}/custom'
- '{{ gitea_home }}/data'
- '{{ gitea_home }}/log'
- name: "Download Versioned Binary"
register: download_version
ansible.builtin.get_url:
url: '{{ gitea_url }}'
dest: '{{ gitea_opt }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}'
checksum: 'sha256:{{ gitea_url }}.sha256'
owner: '{{ gitea_user }}'
group: '{{ gitea_group }}'
mode: '0755'
- name: "Symlink Active Binary"
register: gitea_symlink
notify: gitea_restart
ansible.builtin.file:
src: '{{ gitea_opt }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}'
dest: '{{ gitea_opt }}/{{ gitea_name }}'
state: link
owner: '{{ gitea_user }}'
group: '{{ gitea_group }}'
follow: false
- name: "List Installed Versioned Binaries"
ansible.builtin.find:
paths: '{{ gitea_opt }}'
patterns: 'gitea-*-linux-{{ gitea_arch }}'
file_type: file
recurse: false
register: gitea_installed_binaries
- name: "Compute Versioned Binaries To Prune"
ansible.builtin.set_fact:
gitea_binaries_to_prune: >-
{{
(
gitea_installed_binaries.files
| sort(attribute='mtime', reverse=true)
| rejectattr('path', 'equalto', gitea_opt ~ '/gitea-' ~ gitea_version ~ '-linux-' ~ gitea_arch)
| list
)[gitea_keep_versions:]
}}
- name: "Prune Old Versioned Binaries"
ansible.builtin.file:
path: '{{ item.path }}'
state: absent
loop: '{{ gitea_binaries_to_prune }}'
loop_control:
label: '{{ item.path }}'
- name: "Slurp existing App Config"
ansible.builtin.slurp:
src: '{{ gitea_etc }}/app.ini'
register: _gitea_existing_ini
failed_when: false
no_log: true
- name: "Extract existing secrets from App Config"
vars:
_ini: '{{ _gitea_existing_ini.content | default("") | b64decode }}'
ansible.builtin.set_fact:
_gitea_secret_key: >-
{{ (_ini | regex_search('SECRET_KEY\s*=\s*(\S+)', '\1') or ['']) | first }}
_gitea_internal_token: >-
{{ (_ini | regex_search('INTERNAL_TOKEN\s*=\s*(\S+)', '\1') or ['']) | first }}
_gitea_jwt_secret: >-
{{ (_ini | regex_search('(?m)^JWT_SECRET\s*=\s*(\S+)', '\1') or ['']) | first }}
no_log: true
- name: "Generate SECRET_KEY"
when:
- "'SECRET_KEY' not in (gitea_app_ini.security | default({}))"
- _gitea_secret_key == ''
ansible.builtin.command:
argv:
- '{{ gitea_opt }}/{{ gitea_name }}'
- generate
- secret
- SECRET_KEY
register: _gitea_gen_secret_key
changed_when: false
no_log: true
- name: "Generate INTERNAL_TOKEN"
when:
- "'INTERNAL_TOKEN' not in (gitea_app_ini.security | default({}))"
- _gitea_internal_token == ''
ansible.builtin.command:
argv:
- '{{ gitea_opt }}/{{ gitea_name }}'
- generate
- secret
- INTERNAL_TOKEN
register: _gitea_gen_internal_token
changed_when: false
no_log: true
- name: "Generate JWT_SECRET"
when:
- "'JWT_SECRET' not in (gitea_app_ini.oauth2 | default({}))"
- _gitea_jwt_secret == ''
ansible.builtin.command:
argv:
- '{{ gitea_opt }}/{{ gitea_name }}'
- generate
- secret
- JWT_SECRET
register: _gitea_gen_jwt_secret
changed_when: false
no_log: true
- name: "Merge generated secrets into App Config"
vars:
_secret_key: >-
{{ gitea_app_ini.security.SECRET_KEY | default(
_gitea_secret_key if _gitea_secret_key != ''
else ((_gitea_gen_secret_key | default({})).stdout | default('') | trim)
) }}
_internal_token: >-
{{ gitea_app_ini.security.INTERNAL_TOKEN | default(
_gitea_internal_token if _gitea_internal_token != ''
else ((_gitea_gen_internal_token | default({})).stdout | default('') | trim)
) }}
_jwt_secret: >-
{{ gitea_app_ini.oauth2.JWT_SECRET | default(
_gitea_jwt_secret if _gitea_jwt_secret != ''
else ((_gitea_gen_jwt_secret | default({})).stdout | default('') | trim)
) }}
ansible.builtin.set_fact:
gitea_app_ini: >-
{{ gitea_app_ini | combine({
'security': (gitea_app_ini.security | default({})) | combine({
'SECRET_KEY': _secret_key,
'INTERNAL_TOKEN': _internal_token
}),
'oauth2': (gitea_app_ini.oauth2 | default({})) | combine({
'JWT_SECRET': _jwt_secret
})
}) }}
no_log: true
- name: "Template App Config"
notify: gitea_restart
ansible.builtin.template:
src: '../templates/app.ini.j2'
dest: '{{ gitea_etc }}/app.ini'
owner: '{{ gitea_user }}'
group: '{{ gitea_group }}'
mode: '0640'
backup: false
- name: "Template Gitea Service"
register: template_gitea_service
ansible.builtin.template:
src: '../templates/gitea-service.j2'
dest: '{{ systemd_conf }}/{{ gitea_name }}.service'
owner: 'root'
group: 'root'
mode: '0644'
backup: false
- name: "Enable Gitea Service"
when: template_gitea_service.changed
ansible.builtin.systemd:
name: '{{ gitea_name }}.service'
daemon_reload: true
enabled: true
- name: "Start Gitea Service"
ansible.builtin.systemd:
name: '{{ gitea_name }}.service'
state: started
Reference in New Issue View Git Blame Copy Permalink