configpolicy/roles/gitea/tasks/main.yml

- name: load gitea secrets
  include_vars: vault/gitea

- name: ensure gitea system group exists
  group:
    name: gitea
    system: yes
  tags:
  - user
  - group
- name: ensure gitea system user exists
  user:
    name: gitea
    group: gitea
    system: yes
    home: /var/lib/gitea
    createhome: no
  tags:
  - user

- name: ensure gitea data directory exists
  file:
    path: /var/lib/gitea
    mode: '0700'
    owner: gitea
    group: gitea

- name: download gitea binary
  become: false
  delegate_to: localhost
  get_url:
    url: '{{ gitea_download_url }}'
    dest: 'roles/gitea/files/{{ gitea_bin }}'
    checksum: '{{ gitea_bin_sha256 }}'
  tags:
  - download
- name: ensure gitea is installed
  copy:
    src: '{{ gitea_bin }}'
    dest: /usr/local/bin/gitea
    mode: '0755'
  diff: false
  notify:
  - restart gitea
  tags:
  - install

- name: ensure gitea systemd unit is installed
  copy:
    src: gitea.service
    dest: /etc/systemd/system/gitea.service
    mode: '0644'
  notify:
  - reload systemd
  - restart gitea

- name: ensure gitea is configured
  template:
    src=app.ini.j2
    dest=/etc/gitea/app.ini
    mode=0640
    owner=root
    group=gitea
  notify: restart gitea

- meta: flush_handlers
- name: ensure gitea is running
  service:
    name=gitea
    state=started
- name: ensure gitea starts at boot
  service:
    name=gitea
    enabled=yes

- name: ensure apache is configured to proxy for gitea
  template:
    src: gitea.httpd.conf.j2
    dest: /etc/httpd/conf.d/gitea.conf
    mode: u=rw,go=r
  notify: reload httpd
  tags:
  - apache
- name: ensure selinux allows apache to proxy for gitea
  seboolean:
    name=httpd_can_network_connect
    persistent=yes
    state=yes

- name: ensure sshd is configured for gitea
  copy:
    src: gitea.sshd_config
    dest: /etc/ssh/sshd_config.d/80-gitea.conf
    mode: u=rw,go=r
    owner: root
    group: root
  notify:
  - reload sshd
  tags:
  - sshd-config