From af53eb4637e3b20ad111cec8626240a3a8044eea Mon Sep 17 00:00:00 2001 From: CPunch Date: Sat, 21 Jan 2023 18:25:02 -0600 Subject: [PATCH] roles/gitea: support giteaUninstall variable --- roles/essential/tasks/main.yml | 4 ++ roles/git/tasks/main.yml | 2 +- roles/gitea/defaults/main.yml | 3 ++ roles/gitea/tasks/main.yml | 85 ++++++++++++++++++++------------ roles/gitea/templates/app.ini | 2 +- roles/nginx/defaults/main.yml | 3 ++ roles/nginx/tasks/main.yml | 8 +++ roles/nginx/tasks/setup.yml | 8 ++- roles/nginx/templates/gitea.conf | 2 +- run.yml | 22 +++++---- 10 files changed, 94 insertions(+), 45 deletions(-) create mode 100644 roles/gitea/defaults/main.yml create mode 100644 roles/nginx/defaults/main.yml diff --git a/roles/essential/tasks/main.yml b/roles/essential/tasks/main.yml index 6f682d3..c8b475a 100644 --- a/roles/essential/tasks/main.yml +++ b/roles/essential/tasks/main.yml @@ -18,6 +18,10 @@ - zsh # :D - python3-certbot-nginx +- name: Grab package facts + package_facts: + manager: auto + - name: Setup zsh user: name: "{{ ansible_user }}" diff --git a/roles/git/tasks/main.yml b/roles/git/tasks/main.yml index f30efb9..1b5a69f 100644 --- a/roles/git/tasks/main.yml +++ b/roles/git/tasks/main.yml @@ -24,7 +24,7 @@ mode: u=rw,g=,o= # this keypair is trusted under my github account, so it allows my vps to make pushes -# to the main branch of my openpunk repository. (see roles/deadswitchfiles/imdead.sh) +# to the main branch of my openpunk repository. (see roles/deadswitch/files/imdead.sh) - name: Install ssh priv key copy: diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml new file mode 100644 index 0000000..68d6df4 --- /dev/null +++ b/roles/gitea/defaults/main.yml @@ -0,0 +1,3 @@ +--- +giteaPort: 3000 +giteaUninstall: false \ No newline at end of file diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index ace00c1..a55caa7 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -1,40 +1,63 @@ --- -- name: Check if Gitea is installed - shell: gitea --version - register: validate_gitea - changed_when: no +- name: Check for Gitea gpg key + stat: + path: /etc/apt/trusted.gpg.d/morph027-gitea.gpg + register: gitea_key -- name: Add Gitea key && repository +- name: Install Gitea block: - - name: Check for Gitea gpg key - stat: - path: /etc/apt/trusted.gpg.d/morph027-gitea.gpg - register: gitea_key + - name: Add Gitea key, repository && install + block: + - name: Import Gitea key + shell: curl -s https://packaging.gitlab.io/gitea/gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/morph027-gitea.gpg --import && sudo chmod 644 /etc/apt/trusted.gpg.d/morph027-gitea.gpg + when: gitea_key.stat.exists == false or gitea_key.stat.mode != "0644" - - name: Import Gitea key - shell: curl -s https://packaging.gitlab.io/gitea/gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/morph027-gitea.gpg --import && sudo chmod 644 /etc/apt/trusted.gpg.d/morph027-gitea.gpg - when: gitea_key.stat.exists == false or gitea_key.stat.mode != "0644" + - name: Add Gitea repository + apt_repository: + filename: morph027-gitea + repo: deb https://packaging.gitlab.io/gitea gitea main - - name: Add Gitea repository + - name: Add Gitea package + package: + name: gitea + when: "'gitea' not in ansible_facts.packages" + + - name: Configure Gitea + template: + src: templates/app.ini + dest: /etc/gitea/app.ini + owner: gitea + force: no # we don't want to kill our existing config D: + + - name: Reload Gitea + systemd: + name: gitea + enabled: yes + state: started + when: giteaUninstall == false + +- name: Uninstall Gitea + block: + - name: Stop Gitea + systemd: + name: gitea + enabled: no + state: stopped + + - name: Remove Gitea package + package: + name: gitea + state: absent + + - name: Remove Gitea repository apt_repository: filename: morph027-gitea repo: deb https://packaging.gitlab.io/gitea gitea main - when: '"not found" in validate_gitea.stdout' + state: absent -- name: Install Gitea - package: - name: - - gitea - -- name: Configure Gitea - template: - src: templates/app.ini - dest: /etc/gitea/app.ini - owner: gitea - force: no # we don't want to kill our existing config D: - -- name: Reload Gitea - systemd: - name: gitea - enabled: yes - state: started \ No newline at end of file + - name: Remove Gitea key + file: + path: /etc/apt/trusted.gpg.d/morph027-gitea.gpg + state: absent + when: gitea_key.stat.exists == false or gitea_key.stat.mode != "0644" + when: giteaUninstall == true and ('gitea' in ansible_facts.packages) \ No newline at end of file diff --git a/roles/gitea/templates/app.ini b/roles/gitea/templates/app.ini index 235970c..58851b9 100644 --- a/roles/gitea/templates/app.ini +++ b/roles/gitea/templates/app.ini @@ -18,7 +18,7 @@ ROOT = /var/lib/gitea/gitea-repositories [server] SSH_DOMAIN = git.{{ domain }} DOMAIN = git.{{ domain }} -HTTP_PORT = 3000 +HTTP_PORT = {{ giteaPort }} ROOT_URL = https://git.{{ domain }}/ DISABLE_SSH = false SSH_PORT = 22 diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml new file mode 100644 index 0000000..68d6df4 --- /dev/null +++ b/roles/nginx/defaults/main.yml @@ -0,0 +1,3 @@ +--- +giteaPort: 3000 +giteaUninstall: false \ No newline at end of file diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index ac7a85e..5eb4745 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -22,6 +22,14 @@ dest: /etc/nginx/conf.d/git.{{ domain }}.conf force: no notify: setup nginx + when: giteaPort is defined and giteaUninstall == false + +- name: Uninstall nginx config for git.{{ domain }} + file: + path: /etc/nginx/conf.d/git.{{ domain }}.conf + state: absent + notify: setup nginx + when: giteaPort is not defined or (giteaUninstall is defined and giteaUninstall) - name: Install nginx config for our Hidden Service template: diff --git a/roles/nginx/tasks/setup.yml b/roles/nginx/tasks/setup.yml index fc146b6..7660238 100644 --- a/roles/nginx/tasks/setup.yml +++ b/roles/nginx/tasks/setup.yml @@ -1,6 +1,10 @@ --- -- name: Setup certbot - shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}" +- name: Setup certbot for {{ domain }} + shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }}" + +- name: Setup certbot for git.{{ domain }} + shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d git.{{ domain }}" + when: giteaPort is defined and giteaUninstall == false - name: Reload Nginx systemd: diff --git a/roles/nginx/templates/gitea.conf b/roles/nginx/templates/gitea.conf index 699aca6..15dedec 100644 --- a/roles/nginx/templates/gitea.conf +++ b/roles/nginx/templates/gitea.conf @@ -4,7 +4,7 @@ server { location / { add_header Permissions-Policy interest-cohort=(); - proxy_pass http://localhost:3000; + proxy_pass http://localhost:{{ giteaPort }}; } client_max_body_size 100M; diff --git a/run.yml b/run.yml index 7e7a361..9bacc9b 100644 --- a/run.yml +++ b/run.yml @@ -1,6 +1,10 @@ --- - hosts: all become: yes + vars: + - giteaPort: 3000 + - giteaUninstall: false + vars_files: - group_vars/all.yml @@ -10,12 +14,12 @@ private: no roles: - - essential - - git - - deadswitch - - firewall - - blog - - gitea - - nginx - - goaccess - - tor \ No newline at end of file + - role: essential + - role: firewall + - role: git + - role: deadswitch + - role: blog + - role: gitea + - role: nginx + - role: goaccess + - role: tor \ No newline at end of file