maabara/playbooks/gitea/setup_database_gitea.yml

---
- name: This playbook installs and setups gitea along with postgresql
  hosts: aws
  become: true
  vars_files:
    - ../../vars/secrets.yml
    - ../../vars/vars.yml
  vars:
    postgresql_user: gitea
    postgresql_db: giteadb
    container_network: host
    gitea_directory: /home/ubuntu/hifadhi_kuu/gitea
  tasks:
    - name: install postgresql
      apt:
        name: "{{item}}"
        state: present
      loop:
        - postgresql
        - postgresql-contrib
        - libpq-dev
        - python3-dev
        - python3-pip
        - acl

    - name: install pyscopg python module
      ansible.builtin.pip:
        name: psycopg2

    - name: enable the postgresql service
      service:
        name: postgresql
        enabled: true

    - name: start the postgresql service
      service:
        name: postgresql
        state: started

    - name: create giteadb database
      become_user: postgres
      community.postgresql.postgresql_db:
        name: "{{postgresql_db}}"
        encoding: UTF-8
        lc_collate: en_US.UTF-8
        lc_ctype: en_US.UTF-8
        template: template0

    - name: create user gitea
      become_user: postgres
      community.postgresql.postgresql_user:
        name: "{{postgresql_user}}"
        password: "{{postgresql_password}}"
      environment:
        PGOPTIONS: "-c password_encryption=scram-sha-256"

    - name: grant priviledges to giteadb to user gitea
      become_user: postgres
      community.postgresql.postgresql_privs:
        db: giteadb
        privs: ALL
        type: database
        role: gitea

    - name: let gitea authenticate as a peer
      ansible.builtin.lineinfile:
        path: /etc/postgresql/14/main/pg_hba.conf
        regexp: "^local.*all.*all.*peer"
        line: "local    all     all     scram-sha-256"

    - name: create the gitea directory for the service
      ansible.builtin.file:
        path: "{{gitea_directory}}"
        state: directory
        mode: '0755'

    - name: download the gitea binary if it doesn't exist
      ansible.builtin.get_url:
        url: https://dl.gitea.com/gitea/1.22.2/gitea-1.22.2-linux-amd64.asc
        dest: /home/ubuntu/hifadhi_kuu/gitea

    - name: download the gitea binary if it doesn't exist
      ansible.builtin.get_url:
        url: https://dl.gitea.com/gitea/1.22.2/gitea-1.22.2-linux-amd64
        dest: /home/ubuntu/hifadhi_kuu/gitea
        checksum: sha256:https://dl.gitea.com/gitea/1.22.2/gitea-1.22.2-linux-amd64.sha256

    - name: use shell command to execute a bunch of gpg commands to verify binary
      ansible.builtin.shell: |
        gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
        gpg --verify gitea-1.22.2-linux-amd64.asc gitea-1.22.2-linux-amd64        
      args:
        chdir: /home/ubuntu/hifadhi_kuu/gitea
      ignore_errors: true
      register: gpg_result

    - name: display results of gpg verification for go binary
      ansible.builtin.debug:
        var: gpg_result
      ignore_errors: true


    - name: creates user to run gitea
      ansible.builtin.user:
        name: git
        shell: /bin/bash
        system: true
        comment: "Gitea repo manager"
        state: present

    - name: create gitea core directories
      ansible.builtin.file:
        path: /var/lib/gitea/{{item}}
        state: directory
        recurse: yes
        owner: git
        group: git
        mode: '0750'
      loop:
        - ""
        - custom
        - data
        - log

    - name: create gitea config directory
      ansible.builtin.file:
        path: /etc/gitea
        state: directory
        owner: root
        group: git
        mode: '770'

    - name: download gitea systemd service
      ansible.builtin.get_url:
        url: https://raw.githubusercontent.com/go-gitea/gitea/refs/heads/release/v1.22/contrib/systemd/gitea.service
        dest: /etc/systemd/system/gitea.service

    - name: copy the gitea binary to /usr/local/bin directory
      copy:
        src: /home/ubuntu/hifadhi_kuu/gitea/gitea-1.22.2-linux-amd64
        remote_src: yes
        dest: /usr/local/bin/gitea
        owner: git
        mode: '0744'


    - name: start the gitea service
      service:
        name: gitea
        state: started
        enabled: yes

    - name: download the gitea action binary if it doesn't exist
      ansible.builtin.get_url:
        url: https://gitea.com/gitea/act_runner/releases/download/v0.2.11/act_runner-0.2.11-linux-amd64
        dest: /home/ubuntu/hifadhi_kuu/gitea

    - name: copy the gitea runner binary to /usr/local/bin directory
      copy:
        src: /home/ubuntu/hifadhi_kuu/gitea/act_runner-0.2.11-linux-amd64
        remote_src: true
        dest: /usr/local/bin/act_runner
        owner: git
        mode: '0755'

    - name: configure the gitea action runner non-interactively
      ansible.builtin.shell:
        cmd: |
          chmod +x /usr/local/bin/act_runner
          act_runner --version
          act_runner register --no-interactive --instance \
          https://gitea.kwerezigua.org --token "{{gitea_action_token}}" \
            --name mfanyakazi          
      args:
        chdir: /home/ubuntu/hifadhi_kuu/gitea

    - name: install the act_runner systemd service
      ansible.builtin.template:
        src: ../../templates/act_runner.service.j2
        dest: /etc/systemd/system/act_runner.service

    - name: start the gitea action service
      service:
        name: act_runner
        state: restarted
        enabled: true