2020-03-19 00:57:09 +00:00
|
|
|
---
|
2020-03-19 00:46:09 +00:00
|
|
|
- hosts: all
|
2020-03-22 11:26:48 +00:00
|
|
|
gather_facts: false
|
2020-03-19 00:46:09 +00:00
|
|
|
tasks:
|
2020-03-22 10:53:49 +00:00
|
|
|
- name: Load variables
|
|
|
|
include_vars:
|
|
|
|
dir: "{{ dokku_lib_root }}/data/ansible/gitea/vars/"
|
|
|
|
extensions:
|
2020-03-22 10:54:58 +00:00
|
|
|
- yml
|
2020-03-22 10:53:49 +00:00
|
|
|
|
|
|
|
- name: Set HTTP 80 port proxy
|
|
|
|
dokku_ports:
|
|
|
|
app: gitea
|
|
|
|
mappings:
|
2020-03-25 10:41:44 +00:00
|
|
|
- "http:80:{{ http_port }}"
|
2020-03-22 10:53:49 +00:00
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: Setup LE certificates
|
|
|
|
shell: dokku letsencrypt gitea
|
|
|
|
args:
|
|
|
|
creates: /home/dokku/gitea/letsencrypt/certs
|
|
|
|
|
2020-03-22 11:39:40 +00:00
|
|
|
- name: Setup LE certificates renew cron job
|
|
|
|
shell: dokku letsencrypt:cron-job --add
|
|
|
|
args:
|
|
|
|
creates: /home/dokku/gitea/letsencrypt/cron-job
|
|
|
|
|
2020-03-22 10:53:49 +00:00
|
|
|
- name: Remove automatically configured ports
|
|
|
|
dokku_ports:
|
|
|
|
app: gitea
|
|
|
|
mappings:
|
|
|
|
- "http:3000:3000"
|
2020-03-23 14:14:51 +00:00
|
|
|
- "http:2222:2222"
|
2020-03-22 10:53:49 +00:00
|
|
|
state: absent
|
2020-03-22 11:31:09 +00:00
|
|
|
|
|
|
|
- name: Set HTTP 443 port
|
|
|
|
dokku_ports:
|
|
|
|
app: gitea
|
|
|
|
mappings:
|
2020-03-25 10:41:44 +00:00
|
|
|
- "https:443:{{ http_port }}"
|
2020-03-22 11:31:09 +00:00
|
|
|
state: present
|
2020-03-23 15:21:12 +00:00
|
|
|
|
2020-03-23 17:07:49 +00:00
|
|
|
- name: Ensure jq package is installed
|
|
|
|
apt:
|
|
|
|
name: jq
|
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: Retrieve application container IP address
|
2020-03-23 17:20:19 +00:00
|
|
|
shell: "dokku ps:inspect gitea | jq -r .[0].NetworkSettings.IPAddress"
|
2020-03-23 17:17:29 +00:00
|
|
|
register: dokku_ps_inspect
|
2020-03-23 17:07:49 +00:00
|
|
|
|
2020-03-23 17:11:02 +00:00
|
|
|
- name: Setup the SSH passthrough script
|
2020-03-23 17:07:49 +00:00
|
|
|
vars:
|
|
|
|
ssh_listen_port: "{{ ssh_listen_port }}"
|
2020-03-23 17:17:29 +00:00
|
|
|
dokku_container_ip: "{{ dokku_ps_inspect.stdout }}"
|
2020-03-23 17:11:02 +00:00
|
|
|
template:
|
|
|
|
src: gitea.j2
|
|
|
|
dest: /app/gitea/gitea
|
|
|
|
owner: git
|
|
|
|
group: git
|
|
|
|
mode: "+x"
|
2020-03-23 17:20:19 +00:00
|
|
|
force: true
|
2020-03-23 17:11:02 +00:00
|
|
|
become: true
|
|
|
|
|
2020-03-24 08:46:26 +00:00
|
|
|
- name: Store the git user public key
|
|
|
|
shell: cat /home/git/.ssh/id_rsa.pub
|
|
|
|
register: git_id_rsa_pub
|
|
|
|
become: true
|
|
|
|
|
|
|
|
- name: Store the gitea authorized_keys file
|
|
|
|
shell: cat /var/lib/gitea/git/.ssh/authorized_keys
|
|
|
|
register: git_auth_keys
|
|
|
|
become: true
|
|
|
|
|
2020-03-24 09:00:08 +00:00
|
|
|
- name: Check if the public key is already in place
|
2020-03-24 09:03:35 +00:00
|
|
|
command: 'grep -Fxq "{{ git_id_rsa_pub.stdout}}" /var/lib/gitea/git/.ssh/authorized_keys'
|
|
|
|
check_mode: false
|
|
|
|
ignore_errors: true
|
2020-03-24 09:00:08 +00:00
|
|
|
changed_when: false
|
|
|
|
register: git_id_rsa_pub_check
|
2020-03-24 09:07:09 +00:00
|
|
|
become: true
|
2020-03-24 09:00:08 +00:00
|
|
|
|
2020-03-24 08:46:26 +00:00
|
|
|
- name: Ensure git public key is in gitea loaded authorized_keys
|
|
|
|
blockinfile:
|
|
|
|
path: /var/lib/gitea/git/.ssh/authorized_keys
|
2020-03-24 08:49:28 +00:00
|
|
|
block: "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty {{ git_id_rsa_pub.stdout }}"
|
2020-03-24 08:46:26 +00:00
|
|
|
state: present
|
|
|
|
owner: git
|
|
|
|
group: git
|
|
|
|
create: true
|
|
|
|
insertbefore: BOF
|
|
|
|
backup: true
|
|
|
|
marker: "# ansible inserted git <-> gitea public key"
|
|
|
|
become: true
|
2020-03-24 09:03:35 +00:00
|
|
|
when: git_id_rsa_pub_check.rc == 0
|
2020-03-23 19:03:54 +00:00
|
|
|
|
2020-03-24 08:46:26 +00:00
|
|
|
- name: Symlink the gitea authorized keys configuration to the host git user
|
2020-03-23 15:21:12 +00:00
|
|
|
file:
|
|
|
|
src: /var/lib/gitea/git/.ssh/authorized_keys
|
|
|
|
dest: /home/git/.ssh/authorized_keys
|
|
|
|
state: link
|
|
|
|
force: true
|
|
|
|
owner: git
|
2020-03-23 15:23:09 +00:00
|
|
|
become: true
|
2020-03-29 21:54:29 +00:00
|
|
|
|
|
|
|
- name: Add git user to AllowUsers SSH configuration
|
|
|
|
replace:
|
|
|
|
backup: true
|
|
|
|
dest: /etc/ssh/sshd_config
|
|
|
|
regexp: '^(AllowUsers(?!.*\bgit\b).*)$'
|
|
|
|
replace: '\1 git'
|