This repository has been archived on 2020-10-27. You can view files and clone it, but cannot push or open issues or pull requests.
git.autonomic.zone/ansible/post-deploy.yml

112 lines
3.1 KiB
YAML
Raw Normal View History

2020-03-19 00:57:09 +00:00
---
2020-03-19 00:46:09 +00:00
- hosts: all
2020-03-22 11:26:48 +00:00
gather_facts: false
2020-03-19 00:46:09 +00:00
tasks:
2020-03-22 10:53:49 +00:00
- name: Load variables
include_vars:
dir: "{{ dokku_lib_root }}/data/ansible/gitea/vars/"
extensions:
2020-03-22 10:54:58 +00:00
- yml
2020-03-22 10:53:49 +00:00
- name: Set HTTP 80 port proxy
dokku_ports:
app: gitea
mappings:
2020-03-25 10:41:44 +00:00
- "http:80:{{ http_port }}"
2020-03-22 10:53:49 +00:00
state: present
- name: Setup LE certificates
shell: dokku letsencrypt gitea
args:
creates: /home/dokku/gitea/letsencrypt/certs
2020-03-22 11:39:40 +00:00
- name: Setup LE certificates renew cron job
shell: dokku letsencrypt:cron-job --add
args:
creates: /home/dokku/gitea/letsencrypt/cron-job
2020-03-22 10:53:49 +00:00
- name: Remove automatically configured ports
dokku_ports:
app: gitea
mappings:
- "http:3000:3000"
2020-03-23 14:14:51 +00:00
- "http:2222:2222"
2020-03-22 10:53:49 +00:00
state: absent
2020-03-22 11:31:09 +00:00
- name: Set HTTP 443 port
dokku_ports:
app: gitea
mappings:
2020-03-25 10:41:44 +00:00
- "https:443:{{ http_port }}"
2020-03-22 11:31:09 +00:00
state: present
2020-03-23 15:21:12 +00:00
2020-03-23 17:07:49 +00:00
- name: Ensure jq package is installed
apt:
name: jq
state: present
- name: Retrieve application container IP address
2020-03-23 17:20:19 +00:00
shell: "dokku ps:inspect gitea | jq -r .[0].NetworkSettings.IPAddress"
2020-03-23 17:17:29 +00:00
register: dokku_ps_inspect
2020-03-23 17:07:49 +00:00
2020-03-23 17:11:02 +00:00
- name: Setup the SSH passthrough script
2020-03-23 17:07:49 +00:00
vars:
ssh_listen_port: "{{ ssh_listen_port }}"
2020-03-23 17:17:29 +00:00
dokku_container_ip: "{{ dokku_ps_inspect.stdout }}"
2020-03-23 17:11:02 +00:00
template:
src: gitea.j2
dest: /app/gitea/gitea
owner: git
group: git
mode: "+x"
2020-03-23 17:20:19 +00:00
force: true
2020-03-23 17:11:02 +00:00
become: true
- name: Store the git user public key
shell: cat /home/git/.ssh/id_rsa.pub
register: git_id_rsa_pub
become: true
- name: Store the gitea authorized_keys file
shell: cat /var/lib/gitea/git/.ssh/authorized_keys
register: git_auth_keys
become: true
2020-03-24 09:00:08 +00:00
- name: Check if the public key is already in place
2020-03-24 09:03:35 +00:00
command: 'grep -Fxq "{{ git_id_rsa_pub.stdout}}" /var/lib/gitea/git/.ssh/authorized_keys'
check_mode: false
ignore_errors: true
2020-03-24 09:00:08 +00:00
changed_when: false
register: git_id_rsa_pub_check
2020-03-24 09:07:09 +00:00
become: true
2020-03-24 09:00:08 +00:00
- name: Ensure git public key is in gitea loaded authorized_keys
blockinfile:
path: /var/lib/gitea/git/.ssh/authorized_keys
2020-03-24 08:49:28 +00:00
block: "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty {{ git_id_rsa_pub.stdout }}"
state: present
owner: git
group: git
create: true
insertbefore: BOF
backup: true
marker: "# ansible inserted git <-> gitea public key"
become: true
2020-03-24 09:03:35 +00:00
when: git_id_rsa_pub_check.rc == 0
2020-03-23 19:03:54 +00:00
- name: Symlink the gitea authorized keys configuration to the host git user
2020-03-23 15:21:12 +00:00
file:
src: /var/lib/gitea/git/.ssh/authorized_keys
dest: /home/git/.ssh/authorized_keys
state: link
force: true
owner: git
2020-03-23 15:23:09 +00:00
become: true
2020-03-29 21:54:29 +00:00
- name: Add git user to AllowUsers SSH configuration
replace:
backup: true
dest: /etc/ssh/sshd_config
regexp: '^(AllowUsers(?!.*\bgit\b).*)$'
replace: '\1 git'