# code: language=ansible --- - hosts: all name: Gitea web server tasks: - name: Stop running containers become_user: containers become: true ansible.builtin.systemd: scope: user name: container-{{ item }}.service state: stopped loop: - gitea - db_gitea failed_when: false - name: Permit traffic from any IP to ssh port become: true community.general.ufw: direction: in from_ip: any proto: tcp to_port: 22 rule: allow - name: Create podman volumes containers.podman.podman_volume: state: present name: "{{ item }}" become_user: containers become: true loop: - gitea - gitea-db - name: Create podman networks containers.podman.podman_network: name: "{{ item }}" recreate: false state: "present" become_user: containers become: true loop: - traefik-gitea - mariadb-gitea - gitea-drone - name: Pull container images become_user: containers become: true containers.podman.podman_image: name: docker.io/{{ item }} loop: - gitea/gitea:latest - mariadb:latest - name: Copy mariadb config directory become: true ansible.builtin.copy: src: files/mariadb/ dest: /etc/gitea/mariadb/ owner: containers group: containers mode: "0600" - name: Create mariadb instance become_user: containers become: true containers.podman.podman_container: name: db_gitea image: docker.io/mariadb:latest state: present command: - "--transaction-isolation=READ-COMMITTED" - "--binlog-format=ROW" volume: - gitea-db:/var/lib/mysql:Z - /etc/gitea/mariadb/:/etc/mysql/conf.d:Z network: - mariadb-gitea env: MARIADB_ROOT_PASSWORD: "{{ vault_gitea_mariadb_root_password }}" MARIADB_DATABASE: "{{ vault_gitea_mariadb_database }}" MARIADB_USER: "{{ vault_gitea_mariadb_user }}" MARIADB_PASSWORD: "{{ vault_gitea_mariadb_password }}" MARIADB_AUTO_UPGRADE: "true" generate_systemd: path: /home/containers/.config/systemd/user/ restart_policy: on-failure names: true new: true - name: Add a gitea container become_user: containers become: true containers.podman.podman_container: name: gitea image: docker.io/gitea/gitea:latest state: present publish: - "22:22" network: - traefik-gitea - mariadb-gitea - gitea-drone volume: - gitea:/data:Z - /etc/localtime:/etc/localtime:ro label: io.containers.autoupdate: "registry" traefik.enable: "true" traefik.http.routers.gitea.entrypoints: "https" traefik.http.routers.gitea.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/git/`) || Path(`/git`))" traefik.http.routers.gitea.tls: "true" traefik.http.routers.gitea.tls.certresolver: "wildcard" traefik.http.routers.gitea.service: "gitea" traefik.http.routers.gitea.middlewares: "force-trailing-slash@file,gitea-prefixstrip@docker" traefik.http.middlewares.gitea-prefixstrip.stripprefix.prefixes: "/git" traefik.http.services.gitea.loadbalancer.server.port: "3000" traefik.docker.network: "traefik-gitea" env: APP_NAME: "Git server" RUN_MODE: "prod" RUN_USER: "git" DOMAIN: "{{ inventory_hostname }}" SSH_DOMAIN: "{{ inventory_hostname }}" ROOT_URL: "https://{{ inventory_hostname }}/git" SSH_PORT: 22 DISABLE_REGISTRATION: true # REQUIRE_SIGNIN_VIEW: true REGISTER_EMAIL_CONFIRM: true ENABLE_CAPTCHA: true DEFAULT_KEEP_EMAIL_PRIVATE: true DEFAULT_BRANCH: "main" ALLOWED_HOST_LIST: "{{ inventory_hostname }}/drone" GITEA__database__DB_TYPE: mysql GITEA__database__HOST: db_gitea:3306 GITEA__database__NAME: "{{ vault_gitea_mariadb_database }}" GITEA__database__USER: "{{ vault_gitea_mariadb_user }}" GITEA__database__PASSWD: "{{ vault_gitea_mariadb_password }}" GITEA__mailer__ENABLED: true GITEA__mailer__PROTOCOL: "smtp" GITEA__mailer__FROM: "{{ vault_smtp_user }}" GITEA__mailer__SMTP_ADDR: "{{ vault_smtp_host }}" GITEA__mailer__SMTP_PORT: "{{ vault_smtp_port }}" GITEA__mailer__USER: "" GITEA__mailer__PASSWD: "" GITEA__openid__ENABLE_OPENID_SIGNIN: false GITEA__openid__ENABLE_OPENID_SIGNUP: false GITEA__log__MODE: "console" GITEA__log__LEVEL: "info" GITEA__service__DISABLE_REGISTRATION: true GITEA__service__SIGNIN_VIEW: false GITEA__service__REGISTER_EMAIL_CONFIRM: true GITEA__service__ENABLE_CAPTCHA: true GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE: false GITEA__ui__THEMES: "auto,gitea,arc-green,gitea-modern" generate_systemd: path: /home/containers/.config/systemd/user/ restart_policy: on-failure requires: [container-db_gitea.service, container-traefik.service] names: true new: true - name: Change start and stop timeout limits become_user: containers become: true community.general.ini_file: path: /home/containers/.config/systemd/user/container-gitea.service section: Service option: "{{ item }}" value: 3600 mode: "0664" state: "present" no_extra_spaces: true loop: - TimeoutStartSec - TimeoutStopSec - name: Change start and stop timeout limits become_user: containers become: true community.general.ini_file: path: /home/containers/.config/systemd/user/container-db_gitea.service section: Service option: "{{ item }}" value: 3600 mode: "0664" state: "present" no_extra_spaces: true loop: - TimeoutStartSec - TimeoutStopSec - name: Start containers at boot become_user: containers become: true ansible.builtin.systemd: scope: user name: container-{{ item }}.service enabled: true state: started daemon_reload: true loop: - gitea - db_gitea