Add gitea role

roles/gitea/defaults/main.yml

@@ -0,0 +1,21 @@
+---
+gitea_version: 1.12.5
+
+gitea_tarball_armv6: gitea-1.12.5-linux-arm-6
+gitea_tarball_armv6_sha256: 706f53ed833d07cac4fc797df7d5fe8ba617f4799df0664ed96a9ee10eac7466
+
+
+gitea_tarball_x86_64: gitea-1.12.5-linux-amd64
+gitea_tarball_x86_64_sha256: 8ed8bff1f34d8012cab92943214701c10764ffaca102e311a3297edbb8fce940
+
+gitea_architecture: "{{ 'armv6' if ansible_architecture|lower == 'armv7l' else  ansible_architecture|lower}}"
+gitea_tarball: "{{ lookup('vars', 'gitea_tarball_'+gitea_architecture, default=gitea_tarball_x86_64) }}"
+gitea_tarball_sha256: "{{ lookup('vars', 'gitea_tarball_'+gitea_architecture+'_sha256', default=gitea_tarball_x86_64_sha256) }}"
+
+
+gitea_download_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/{{ gitea_tarball }}"
+
+gitea_binary_dir: /usr/local/bin
+gitea_config_dir: /etc/gitea
+gitea_dir: /var/lib/gitea
+gitea_git_home: /srv/git

roles/gitea/handlers/main.yml

@@ -0,0 +1,9 @@
+---
+- name: systemctl daemon-reload
+  systemd:
+    daemon_reload: true
+
+- name: systemctl restart gitea
+  systemd:
+    name: gitea.service
+    state: restarted

roles/gitea/tasks/main.yml

@@ -0,0 +1,79 @@
+---
+- name: install git
+  apt:
+    name: git
+    state: present
+    update_cache: true
+    cache_valid_time: 3600
+
+- name: ensure git group exits
+  group:
+    name: git
+    system: true
+
+- name: ensure git user exists and has restrictive settings
+  user:
+    name: git
+    groups: git
+    password: "*"
+    home: "{{ gitea_git_home }}"
+    system: true
+    shell: /bin/bash
+
+- name: download locally gitea in /tmp
+  get_url:
+    url: "{{ gitea_download_url }}"
+    dest: /tmp
+    checksum: "sha256:{{ gitea_tarball_sha256 }}"
+  delegate_to: localhost
+  become: false
+
+- name: copy gitea binary
+  copy:
+    src: "/tmp/{{ gitea_tarball }}"
+    dest: "{{ gitea_binary_dir }}/gitea"
+    owner: git
+    group: git
+    mode: "0750"
+
+- name: ensure that {{ gitea_dir }}/{custom,data,log} exists
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: git
+    group: git
+    mode: "0750"
+  with_items:
+    - "{{ gitea_dir }}/custom"
+    - "{{ gitea_dir }}/data"
+    - "{{ gitea_dir }}/log"
+
+- name: ensure that {{ gitea_config_dir }} exists
+  file:
+    path: "{{ gitea_config_dir }}"
+    state: directory
+    owner: root
+    group: git
+    mode: "0770"
+
+- name: set cap_net_bind_service=+ep on gitea binary
+  capabilities:
+    path: "{{ gitea_binary_dir }}/gitea"
+    capability: cap_net_bind_service=+ep
+
+- name: install gitea systemd unit file
+  template:
+    src: etc/systemd/system/gitea.service.j2
+    dest: /etc/systemd/system/gitea.service
+  notify:
+    - systemctl daemon-reload
+
+- name: systemctl enable gitea
+  systemd:
+    name: gitea
+    enabled: true
+
+- name: ensure gitea is running
+  systemd:
+    name: gitea
+    state: started

roles/gitea/templates/etc/systemd/system/gitea.service.j2

@@ -0,0 +1,14 @@
+[Unit]
+Description=Gitea (Git with a cup of tea)
+After=syslog.target
+After=network.target
+
+[Service]
+RestartSec=2s
+Type=simple
+User=git
+Group=git
+WorkingDirectory={{ gitea_dir }}
+ExecStart={{ gitea_binary_dir }}/gitea web --config /etc/gitea/app.ini
+Restart=always
+Environment=USER=git HOME={{ gitea_git_home }} GITEA_WORK_DIR={{ gitea_dir }}

tests/test.yml

@@ -31,3 +31,4 @@
     # - {role: ../roles/mosquitto, become: true}
     # - {role: ../roles/generate_ca, become: true}
     # - {role: ../roles/generate_certificate, become: true}
+    # - {role: ../roles/gitea, become: true}