142 lines
3.7 KiB
YAML
Executable File
142 lines
3.7 KiB
YAML
Executable File
#################################################
|
|
# DO Community Playbooks: Docker
|
|
#################################################
|
|
---
|
|
- hosts: all
|
|
become: true
|
|
vars_files:
|
|
- vars/default.yml
|
|
|
|
tasks:
|
|
- name: Add the user 'git'
|
|
user:
|
|
name: "{{ user }}"
|
|
comment: Git user
|
|
create_home: yes
|
|
|
|
- name: Check if ssh passthrough file exists
|
|
stat:
|
|
path: /usr/local/bin/gitea
|
|
register: pass_status
|
|
|
|
- name: No need to upload ssh passthrough file
|
|
when: pass_status.stat.exists == true
|
|
debug:
|
|
msg: No need to upload ssh passthrough file as it already exists.
|
|
|
|
- name: Upload ssh passthrough file
|
|
when: pass_status.stat.exists == false
|
|
template:
|
|
src: "files/gitea"
|
|
dest: "/usr/local/bin/gitea"
|
|
owner: "{{ user }}"
|
|
group: "{{ user }}"
|
|
mode: 0755
|
|
|
|
- name: Ensure SSH Directory exists
|
|
file:
|
|
path: /home/git/.ssh
|
|
state: directory
|
|
group: git
|
|
owner: git
|
|
mode: 0700
|
|
|
|
- name: Check if rsa key exists
|
|
stat:
|
|
path: /home/git/.ssh/id_rsa
|
|
register: key_status
|
|
|
|
- name: No need to generate new rsa key
|
|
when: key_status.stat.exists == true
|
|
debug:
|
|
msg: No need to generate new rsa key as it already exists.
|
|
|
|
- name: Generate new rsa key
|
|
when: key_status.stat.exists == false
|
|
shell: ssh-keygen -t rsa -b 4096 -q -f /home/git/.ssh/id_rsa -C "Gitea Host Key" -N ""
|
|
|
|
- name: Ensure rsa key permissions
|
|
file:
|
|
path: /home/git/.ssh/id_rsa
|
|
group: git
|
|
owner: git
|
|
mode: 0600
|
|
|
|
- name: Ensure rsa public key permissions
|
|
file:
|
|
path: /home/git/.ssh/id_rsa.pub
|
|
group: git
|
|
owner: git
|
|
mode: 0644
|
|
|
|
- name: Add key to authorized_files
|
|
when: key_status.stat.exists == false
|
|
copy:
|
|
remote_src: yes
|
|
src: /home/git/.ssh/id_rsa.pub
|
|
dest: /home/git/.ssh/authorized_keys
|
|
owner: git
|
|
group: git
|
|
mode: 0644
|
|
|
|
- name: Pull Gitea image
|
|
docker_image:
|
|
name: "{{ container_image }}"
|
|
source: pull
|
|
state: present
|
|
force_source: yes
|
|
|
|
- getent:
|
|
database: passwd
|
|
key: "{{ user }}"
|
|
split: ":"
|
|
|
|
- name: Create gitea container
|
|
docker_container:
|
|
name: "{{ container_name }}"
|
|
image: "{{ container_image }}"
|
|
state: started
|
|
restart_policy: "unless-stopped"
|
|
cpus: .10
|
|
memory: "512M"
|
|
memory_swap: "512M"
|
|
env:
|
|
USER_UID: "{{ getent_passwd[user][1] }}"
|
|
USER_GID: "{{ getent_passwd[user][2] }}"
|
|
published_ports:
|
|
- "127.0.0.1:3000:3000"
|
|
- "127.0.0.1:2222:22"
|
|
volumes:
|
|
- /var/lib/gitea:/data
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- "/home/{{ user }}/.ssh/:/data/git/.ssh"
|
|
|
|
- name: Check if Nginx conf file exists
|
|
stat: path="/etc/nginx/sites-available/{{ http_conf }}"
|
|
register: status
|
|
|
|
- name: No need to reload Nginx
|
|
debug: msg= {{ "No need to reload Nginx as sites-available entries have already been created" }}
|
|
|
|
- name: Set Nginx conf file
|
|
when: status.stat.exists == false
|
|
template:
|
|
src: "files/nginx.conf.j2"
|
|
dest: "/etc/nginx/sites-available/{{ http_conf }}"
|
|
|
|
- name: Enable new site
|
|
when: status.stat.exists == false
|
|
file:
|
|
src: "/etc/nginx/sites-available/{{ http_conf }}"
|
|
dest: "/etc/nginx/sites-enabled/{{ http_conf }}"
|
|
state: link
|
|
notify: Reload Nginx
|
|
|
|
handlers:
|
|
- name: Reload Nginx
|
|
service:
|
|
name: nginx
|
|
state: reloaded
|
|
|