roles/gitea: support giteaUninstall variable

roles/essential/tasks/main.yml

@@ -18,6 +18,10 @@
       - zsh # :D
       - python3-certbot-nginx
 
+- name: Grab package facts
+  package_facts:
+    manager: auto
+
 - name: Setup zsh
   user:
     name: "{{ ansible_user }}"

roles/git/tasks/main.yml

@@ -24,7 +24,7 @@
     mode: u=rw,g=,o=
 
 # this keypair is trusted under my github account, so it allows my vps to make pushes
-# to the main branch of my openpunk repository. (see roles/deadswitchfiles/imdead.sh)
+# to the main branch of my openpunk repository. (see roles/deadswitch/files/imdead.sh)
 
 - name: Install ssh priv key
   copy:

roles/gitea/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+giteaPort: 3000
+giteaUninstall: false

roles/gitea/tasks/main.yml

@@ -1,40 +1,63 @@
 ---
-- name: Check if Gitea is installed
+- name: Check for Gitea gpg key
-  shell: gitea --version
+  stat:
-  register: validate_gitea
+    path: /etc/apt/trusted.gpg.d/morph027-gitea.gpg
-  changed_when: no
+  register: gitea_key
 
-- name: Add Gitea key && repository
+- name: Install Gitea
   block:
-    - name: Check for Gitea gpg key
+    - name: Add Gitea key, repository && install
-      stat:
+      block:
-        path: /etc/apt/trusted.gpg.d/morph027-gitea.gpg
+        - name: Import Gitea key
-      register: gitea_key
+          shell: curl -s https://packaging.gitlab.io/gitea/gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/morph027-gitea.gpg --import && sudo chmod 644 /etc/apt/trusted.gpg.d/morph027-gitea.gpg
+          when: gitea_key.stat.exists == false or gitea_key.stat.mode != "0644"
 
-    - name: Import Gitea key
+        - name: Add Gitea repository
-      shell: curl -s https://packaging.gitlab.io/gitea/gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/morph027-gitea.gpg --import && sudo chmod 644 /etc/apt/trusted.gpg.d/morph027-gitea.gpg
+          apt_repository:
-      when: gitea_key.stat.exists == false or gitea_key.stat.mode != "0644"
+            filename: morph027-gitea
+            repo: deb https://packaging.gitlab.io/gitea gitea main
 
-    - name: Add Gitea repository
+        - name: Add Gitea package
+          package:
+            name: gitea
+      when: "'gitea' not in ansible_facts.packages"
+
+    - name: Configure Gitea
+      template:
+        src: templates/app.ini
+        dest: /etc/gitea/app.ini
+        owner: gitea
+        force: no # we don't want to kill our existing config D:
+
+    - name: Reload Gitea
+      systemd:
+        name: gitea
+        enabled: yes
+        state: started
+  when: giteaUninstall == false
+
+- name: Uninstall Gitea
+  block:
+    - name: Stop Gitea
+      systemd:
+        name: gitea
+        enabled: no
+        state: stopped
+
+    - name: Remove Gitea package
+      package:
+        name: gitea
+        state: absent
+
+    - name: Remove Gitea repository
       apt_repository:
         filename: morph027-gitea
         repo: deb https://packaging.gitlab.io/gitea gitea main
-  when: '"not found" in validate_gitea.stdout'
+        state: absent
 
-- name: Install Gitea
+    - name: Remove Gitea key
-  package:
+      file:
-    name:
+        path: /etc/apt/trusted.gpg.d/morph027-gitea.gpg
-      - gitea
+        state: absent
-
+      when: gitea_key.stat.exists == false or gitea_key.stat.mode != "0644"
-- name: Configure Gitea
+  when: giteaUninstall == true and ('gitea' in ansible_facts.packages)
-  template:
-    src: templates/app.ini
-    dest: /etc/gitea/app.ini
-    owner: gitea
-    force: no # we don't want to kill our existing config D:
-
-- name: Reload Gitea
-  systemd:
-    name: gitea
-    enabled: yes
-    state: started

roles/gitea/templates/app.ini

@@ -18,7 +18,7 @@ ROOT = /var/lib/gitea/gitea-repositories
 [server]
 SSH_DOMAIN       = git.{{ domain }}
 DOMAIN           = git.{{ domain }}
-HTTP_PORT        = 3000
+HTTP_PORT        = {{ giteaPort }}
 ROOT_URL         = https://git.{{ domain }}/
 DISABLE_SSH      = false
 SSH_PORT         = 22

roles/nginx/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+giteaPort: 3000
+giteaUninstall: false

roles/nginx/tasks/main.yml

@@ -22,6 +22,14 @@
     dest: /etc/nginx/conf.d/git.{{ domain }}.conf
     force: no
   notify: setup nginx
+  when: giteaPort is defined and giteaUninstall == false
+
+- name: Uninstall nginx config for git.{{ domain }}
+  file:
+    path: /etc/nginx/conf.d/git.{{ domain }}.conf
+    state: absent
+  notify: setup nginx
+  when: giteaPort is not defined or (giteaUninstall is defined and giteaUninstall)
 
 - name: Install nginx config for our Hidden Service
   template:

roles/nginx/tasks/setup.yml

@@ -1,6 +1,10 @@
 ---
-- name: Setup certbot
+- name: Setup certbot for {{ domain }}
-  shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"
+  shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }}"
+
+- name: Setup certbot for git.{{ domain }}
+  shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d git.{{ domain }}"
+  when: giteaPort is defined and giteaUninstall == false
 
 - name: Reload Nginx
   systemd:

roles/nginx/templates/gitea.conf

@@ -4,7 +4,7 @@ server {
 
     location / {
         add_header Permissions-Policy interest-cohort=();
-        proxy_pass http://localhost:3000;
+        proxy_pass http://localhost:{{ giteaPort }};
     }
 
     client_max_body_size 100M;

run.yml

@@ -1,6 +1,10 @@
 ---
 - hosts: all
   become: yes
+  vars:
+    - giteaPort: 3000
+    - giteaUninstall: false
+
   vars_files:
     - group_vars/all.yml
 
@@ -10,12 +14,12 @@
       private: no
 
   roles:
-    - essential
+    - role: essential
-    - git
+    - role: firewall
-    - deadswitch
+    - role: git
-    - firewall
+    - role: deadswitch
-    - blog
+    - role: blog
-    - gitea
+    - role: gitea
-    - nginx
+    - role: nginx
-    - goaccess
+    - role: goaccess
-    - tor
+    - role: tor