maabara/playbooks/setup_database_gitea.yml

143 lines
4.0 KiB
YAML

---
- name: This playbook installs and setups gitea along with postgresql
hosts: aws
become: true
vars_files:
- ../vars/secrets.yml
vars:
postgresql_user: gitea
postgresql_db: giteadb
container_network: host
gitea_directory: /home/ubuntu/hifadhi_kuu/gitea
tasks:
- name: install postgresql
apt:
name: "{{item}}"
loop:
- postgresql
- postgresql-contrib
- libpq-dev
- python3-dev
- python3-pip
- acl
- name: install pyscopg python module
ansible.builtin.pip:
name: psycopg2
- name: enable the postgresql service
service:
name: postgresql
enabled: true
- name: start the postgresql service
service:
name: postgresql
state: started
- name: create giteadb database
become_user: postgres
community.postgresql.postgresql_db:
name: "{{postgresql_db}}"
encoding: UTF-8
lc_collate: en_US.UTF-8
lc_ctype: en_US.UTF-8
template: template0
- name: create user gitea
become_user: postgres
community.postgresql.postgresql_user:
name: "{{postgresql_user}}"
password: "{{postgresql_password}}"
environment:
PGOPTIONS: "-c password_encryption=scram-sha-256"
- name: grant priviledges to giteadb to user gitea
become_user: postgres
community.postgresql.postgresql_privs:
db: giteadb
privs: ALL
type: database
role: gitea
- name: let gitea authenticate as a peer
ansible.builtin.lineinfile:
path: /etc/postgresql/14/main/pg_hba.conf
regexp: "^local.*all.*all.*peer"
line: "local all all scram-sha-256"
- name: create the gitea directory for the service
ansible.builtin.file:
path: "{{gitea_directory}}"
state: directory
mode: '0755'
- name: download the gitea binary if it doesn't exist
ansible.builtin.get_url:
url: https://dl.gitea.com/gitea/1.22.2/gitea-1.22.2-linux-amd64.asc
dest: /home/ubuntu/hifadhi_kuu/gitea
- name: download the gitea binary if it doesn't exist
ansible.builtin.get_url:
url: https://dl.gitea.com/gitea/1.22.2/gitea-1.22.2-linux-amd64
dest: /home/ubuntu/hifadhi_kuu/gitea
checksum: sha256:https://dl.gitea.com/gitea/1.22.2/gitea-1.22.2-linux-amd64.sha256
- name: use shell command to execute a bunch of gpg commands to verify binary
ansible.builtin.shell: |
gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
gpg --verify gitea-1.22.2-linux-amd64.asc gitea-1.22.2-linux-amd64
args:
chdir: /home/ubuntu/hifadhi_kuu/gitea
ignore_errors: true
register: gpg_result
- name: display results of gpg verification for go binary
ansible.builtin.debug:
var: gpg_result
ignore_errors: true
- name: creates user to run gitea
ansible.builtin.user:
name: git
shell: /bin/bash
system: true
comment: "Gitea repo manager"
state: present
- name: create gitea core directories
ansible.builtin.file:
path: /var/lib/gitea/{{item}}
state: directory
recurse: yes
owner: git
group: git
mode: '0750'
loop:
- ""
- custom
- data
- log
- name: create gitea config directory
ansible.builtin.file:
path: /etc/gitea
state: directory
owner: root
group: git
mode: '770'
- name: download gitea systemd service
ansible.builtin.get_url:
url: https://raw.githubusercontent.com/go-gitea/gitea/refs/heads/release/v1.22/contrib/systemd/gitea.service
dest: /etc/systemd/system/gitea.service
- name: copy the gitea binary to /usr/local/bin directory
copy:
src: /home/ubuntu/hifadhi_kuu/gitea/gitea-1.22.2-linux-amd64
remote_src: yes
dest: /usr/local/bin/gitea
owner: git