From adaf3c6789672d13fd3b782c25ec064db73583df Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Mon, 28 May 2018 12:32:01 -0500
Subject: [PATCH] roles/gitea: Deploy Gitea server

The *gitea* role installs Gitea using the system package manager and
configures Apache as a reverse proxy for it.

The configuration file requires a number of "secret" values that need to
be unique. These must be specified as Ansible variables:

* `gitea_internal_token`
* `gitea_secret_key`
* `gitea_lfs_jwt_secret`

The `gitea generate` command can be used to create these values.

Normally, Gitea expects to run its own setup tool to generate the
configuration file and create the administrative user. Since the
configuration file is generated from the template instead, no
administrative user is created automatically. Luckily, the `gitea`
command includes a tool to create users, so the administrator can be
created manually, e.g.:

    sudo -u gitea gitea admin create-user -c /etc/gitea/app.ini \
        --admin
        --name giteadmin \
        --password giteadmin \
        --email giteadmin@example.org
---
 roles/gitea/files/gitea.httpd.conf |  4 ++
 roles/gitea/handlers/main.yml      |  8 ++++
 roles/gitea/tasks/main.yml         | 35 +++++++++++++++++
 roles/gitea/templates/app.ini.j2   | 63 ++++++++++++++++++++++++++++++
 4 files changed, 110 insertions(+)
 create mode 100644 roles/gitea/files/gitea.httpd.conf
 create mode 100644 roles/gitea/handlers/main.yml
 create mode 100644 roles/gitea/tasks/main.yml
 create mode 100644 roles/gitea/templates/app.ini.j2

diff --git a/roles/gitea/files/gitea.httpd.conf b/roles/gitea/files/gitea.httpd.conf
new file mode 100644
index 0000000..f4d6b83
--- /dev/null
+++ b/roles/gitea/files/gitea.httpd.conf
@@ -0,0 +1,4 @@
+ProxyPreserveHost On
+ProxyRequests Off
+ProxyPass / http://localhost:3000/
+ProxyPassReverse / http://localhost:3000/
diff --git a/roles/gitea/handlers/main.yml b/roles/gitea/handlers/main.yml
new file mode 100644
index 0000000..f2a7e62
--- /dev/null
+++ b/roles/gitea/handlers/main.yml
@@ -0,0 +1,8 @@
+- name: reload httpd
+  service:
+    name=httpd
+    state=reloaded
+- name: restart gitea
+  service:
+    name=gitea
+    state=restarted
diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
new file mode 100644
index 0000000..2be10df
--- /dev/null
+++ b/roles/gitea/tasks/main.yml
@@ -0,0 +1,35 @@
+- name: load gitea secrets
+  include_vars: vault/gitea
+
+- name: ensure gitea is installed
+  package:
+    name=gitea
+    state=present
+  tags:
+  - install
+
+- name: ensure gitea is configured
+  template:
+    src=app.ini.j2
+    dest=/etc/gitea/app.ini
+    mode=0640
+    owner=root
+    group=gitea
+  notify: restart gitea
+
+- meta: flush_handlers
+- name: ensure gitea is running
+  service:
+    name=gitea
+    state=started
+- name: ensure gitea starts at boot
+  service:
+    name=gitea
+    enabled=yes
+
+- name: ensure apache is configured to proxy for gitea
+  copy:
+    src=gitea.httpd.conf
+    dest=/etc/httpd/conf.d/gitea.conf
+    mode=0644
+  notify: reload httpd
diff --git a/roles/gitea/templates/app.ini.j2 b/roles/gitea/templates/app.ini.j2
new file mode 100644
index 0000000..f2c7428
--- /dev/null
+++ b/roles/gitea/templates/app.ini.j2
@@ -0,0 +1,63 @@
+APP_NAME = Gitea: Git with a cup of tea
+RUN_USER = gitea
+RUN_MODE = prod
+
+[security]
+INTERNAL_TOKEN = {{ gitea_internal_token }}
+INSTALL_LOCK   = true
+SECRET_KEY     = {{ gitea_secret_key }}
+
+[database]
+DB_TYPE  = sqlite3
+HOST     = 127.0.0.1:3306
+NAME     = gitea
+USER     = gitea
+PASSWD   = 
+SSL_MODE = disable
+PATH     = /var/lib/gitea/data/gitea.db
+
+[repository]
+ROOT = /var/lib/gitea/gitea-repositories
+
+[server]
+APP_DATA_PATH    = /var/lib/gitea
+SSH_DOMAIN       = localhost
+DOMAIN           = localhost
+HTTP_PORT        = 3000
+ROOT_URL         = http://localhost:3000/
+DISABLE_SSH      = false
+SSH_PORT         = 22
+LFS_START_SERVER = true
+LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
+LFS_JWT_SECRET   = {{ gitea_lfs_jwt_secret }}
+OFFLINE_MODE     = false
+
+[mailer]
+ENABLED = false
+
+[service]
+REGISTER_EMAIL_CONFIRM            = false
+ENABLE_NOTIFY_MAIL                = false
+DISABLE_REGISTRATION              = true
+ENABLE_CAPTCHA                    = false
+REQUIRE_SIGNIN_VIEW               = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = true
+DEFAULT_ALLOW_CREATE_ORGANIZATION = false
+DEFAULT_ENABLE_TIMETRACKING       = false
+NO_REPLY_ADDRESS                  = noreply.example.org
+
+[picture]
+DISABLE_GRAVATAR        = false
+ENABLE_FEDERATED_AVATAR = true
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[session]
+PROVIDER = file
+
+[log]
+MODE      = file
+LEVEL     = Info
+ROOT_PATH = /var/log/gitea