From a5e046b4f53856fbcd946b3950bf010963c3eb14 Mon Sep 17 00:00:00 2001
From: Gabriel Augendre <gabriel@augendre.info>
Date: Fri, 11 Oct 2024 01:34:43 +0200
Subject: [PATCH] add gitea

---
 .../apps/files/gitea/docker-compose.yaml      |  13 +++
 playbooks/apps/files/gitea/gitea.env          |   8 ++
 playbooks/apps/gitea.yaml                     |  86 ++++++++++++++
 playbooks/apps/templates/gitea_app.ini.j2     | 110 ++++++++++++++++++
 4 files changed, 217 insertions(+)
 create mode 100644 playbooks/apps/files/gitea/docker-compose.yaml
 create mode 100644 playbooks/apps/files/gitea/gitea.env
 create mode 100644 playbooks/apps/gitea.yaml
 create mode 100644 playbooks/apps/templates/gitea_app.ini.j2

diff --git a/playbooks/apps/files/gitea/docker-compose.yaml b/playbooks/apps/files/gitea/docker-compose.yaml
new file mode 100644
index 0000000..12af912
--- /dev/null
+++ b/playbooks/apps/files/gitea/docker-compose.yaml
@@ -0,0 +1,13 @@
+services:
+  server:
+    image: codeberg.org/forgejo/forgejo:8
+    env_file: gitea.env
+    restart: always
+    volumes:
+      - ./gitea_data:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "23730:22"
+      - "8006:3000"
+    mem_limit: 512m
diff --git a/playbooks/apps/files/gitea/gitea.env b/playbooks/apps/files/gitea/gitea.env
new file mode 100644
index 0000000..34c3ce1
--- /dev/null
+++ b/playbooks/apps/files/gitea/gitea.env
@@ -0,0 +1,8 @@
+# Edit most values in gitea_data/gitea/conf/app.ini
+DOMAIN=git.augendre.info
+SSH_DOMAIN=git.augendre.info
+ROOT_URL=https://git.augendre.info/
+SSH_PORT=23730
+SSH_LISTEN_PORT=22
+INSTALL_LOCK=false
+DISABLE_REGISTRATION=true
diff --git a/playbooks/apps/gitea.yaml b/playbooks/apps/gitea.yaml
new file mode 100644
index 0000000..3e1b18b
--- /dev/null
+++ b/playbooks/apps/gitea.yaml
@@ -0,0 +1,86 @@
+---
+- name: Setup gitea
+  hosts: servers
+  gather_facts: false
+  tasks:
+    - name: Create dir
+      ansible.builtin.file:
+        path: "{{ dir }}"
+        state: directory
+        mode: "0775"
+    - name: Write env file
+      ansible.builtin.copy:
+        src: files/gitea/gitea.env
+        dest: "{{ dir }}/gitea.env"
+        mode: "0644"
+    - name: Write docker-compose.yaml
+      ansible.builtin.copy:
+        src: files/gitea/docker-compose.yaml
+        dest: "{{ dir }}/docker-compose.yaml"
+        mode: "0644"
+    - name: Write app.ini
+      ansible.builtin.template:
+        src: templates/gitea_app.ini.j2
+        dest: "{{ dir }}/gitea_data/gitea/conf/app.ini"
+        mode: "0600"
+      notify:
+        - Restart service
+    - name: Ensure service is started
+      community.docker.docker_compose_v2:
+        project_src: "{{ dir }}"
+        state: present
+
+  handlers:
+    - name: Restart service
+      community.docker.docker_compose_v2:
+        project_src: "{{ dir }}"
+        state: restarted
+
+  vars:
+    dir: /mnt/data/git
+    lfs_jwt_secret: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      34656631616165623233353835386162343837363230366136303764613334323262313233616462
+      6431363965646135343161373039333130666663613765660a343734656332323730633165376166
+      66323834326263336265303864653036343262336262376433373163666339666236363438363031
+      3632323362336433360a643537613336353434323631366262613839333931666435333563653737
+      62303161393435653735326338623162383432663964333436373539663434363737386161636535
+      3032313433633635636136656434626163393734306563333631
+    secret_key: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      35323938623166653161316430346664643063363366656461623333373764626439336335383538
+      6664346231326137313863623966343438333662383139360a373762346438636630363833653330
+      38323532663435643666306563353632653832366635626664373534383633346662353165363235
+      6263633436663661610a653335653730613832373836616231383135316262383438633938353133
+      34633231636331353864346637326535656538666662643965366232666265333332666362323034
+      65363435623366303937353337303131663138303935333562626461643332383434376364376537
+      66666436333261326336666130373934323138623233383038343563353132326231623264313565
+      32376463353631616234
+    internal_token: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      30666238373766633735626466393534646138616139326533363561373331653730663731626338
+      6139323230353139383638326639646534383463636266650a633737366632636262323938643531
+      33386236643234303365326430326436653830363561373334633461306161666439653833386432
+      6537343332313535340a643638346563663966383862646433636531316433343234356262653766
+      37356233323165633565636137653865373835663234343363313966346138636439303761646534
+      36393633636433376231353364386164336566386161376337366336396566333332623430646261
+      65663964383262633037663330646161663236613038626531636237376661633037313566366439
+      35643362653637663662666663393035653765306262376365386437393537623037633365333236
+      32303261313264363232643834313166656137316635356436343566343962663630
+    oauth_jwt_secret: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      66646361313538383161633932643062633336333436376564383836363762303738336638373865
+      6161326465386466326366383766633338623934396464610a643337363439663833363139366564
+      35316562643431616637623432363636623238303637366162393434346366393166313334653932
+      3637303230323733340a353038376631613238393363396363646339393961353430663561353831
+      32333435633565323064616463333863373132313164386462333934303434356334643938623334
+      3037366532373130393236666534653132343335366335633635
+    mailgun_key: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      65363934663231343630323139393839383161333562376630653363646630393265326134646463
+      3735363064643138333332623736326638396332323664630a663230363230333138373430316361
+      35326166663361666437346631626235393133633833336166393366383832363466336635646237
+      6432653738303864300a623266363661616434393964333464366264326266356466646664363531
+      63666633376563316336326231313533343065376537313437393830633962313964613336323566
+      61393561333264366332353838326265343039653165393964313036626563626439616666343436
+      666235313435363835333664376237336439
diff --git a/playbooks/apps/templates/gitea_app.ini.j2 b/playbooks/apps/templates/gitea_app.ini.j2
new file mode 100644
index 0000000..0935f23
--- /dev/null
+++ b/playbooks/apps/templates/gitea_app.ini.j2
@@ -0,0 +1,110 @@
+APP_NAME = Gitea: Git with a cup of tea
+RUN_MODE = prod
+RUN_USER = git
+WORK_PATH = /data/gitea
+
+[repository]
+ROOT = /data/git/repositories
+ENABLE_PUSH_CREATE_USER = true
+ENABLE_PUSH_CREATE_ORG = true
+MAX_CREATION_LIMIT = 0
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH = /data/gitea
+DOMAIN = git.augendre.info
+SSH_DOMAIN = git.augendre.info
+HTTP_PORT = 3000
+ROOT_URL = https://git.augendre.info/
+DISABLE_SSH = false
+SSH_PORT = 23730
+SSH_LISTEN_PORT = 22
+LFS_START_SERVER = true
+LFS_JWT_SECRET = {{ lfs_jwt_secret }}
+OFFLINE_MODE = true
+LANDING_PAGE = explore
+
+[lfs]
+PATH = /data/git/lfs
+
+[database]
+PATH = /data/gitea/gitea.db
+DB_TYPE = sqlite3
+HOST = localhost:3306
+NAME = gitea
+USER = root
+PASSWD =
+LOG_SQL = false
+SCHEMA =
+SSL_MODE = disable
+CHARSET = utf8
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+PROVIDER = file
+
+[picture]
+AVATAR_UPLOAD_PATH = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+DISABLE_GRAVATAR = true
+ENABLE_FEDERATED_AVATAR = false
+
+[attachment]
+PATH = /data/gitea/attachments
+MAX_SIZE = 10
+MAX_FILES = 50
+
+[log]
+ROOT_PATH = /data/gitea/log
+MODE = console
+LEVEL = Info
+
+[security]
+INSTALL_LOCK = true
+SECRET_KEY = {{ secret_key }}
+INTERNAL_TOKEN = {{ internal_token }}
+
+[service]
+DISABLE_REGISTRATION = true
+REQUIRE_SIGNIN_VIEW = false
+REGISTER_EMAIL_CONFIRM = true
+ENABLE_NOTIFY_MAIL = true
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+ENABLE_CAPTCHA = true
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = false
+DEFAULT_ENABLE_TIMETRACKING = false
+NO_REPLY_ADDRESS = noreply-git.augendre.info
+
+[oauth2]
+JWT_SECRET = {{ oauth_jwt_secret }}
+
+[mailer]
+ENABLED = true
+SMTP_ADDR = smtp.mailgun.org
+SMTP_PORT = 587
+FROM = Gitea <git@mg.augendre.info>
+USER = git@mg.augendre.info
+PASSWD = {{ mailgun_key }}
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[cron.delete_old_actions]
+ENABLED = true
+
+[cron.delete_old_system_notices]
+ENABLED = true
+
+[cron.delete_inactive_accounts]
+ENABLED = true
+SCHEDULE = @monthly