playbooks/gitea/playbook.yml

#################################################
# DO Community Playbooks: Docker
#################################################
---
- hosts: all
  become: true
  vars_files:
    - vars/default.yml

  tasks:
    - name: Add the user 'git'
      user:
        name: "{{ user }}"
        comment: Git user
        create_home: yes

    - name: Ensure SSH Passthrough file Directory exists
      file:
          path: /app/gitea
          state: directory
          group: git
          owner: git
          mode: 0755

    - name: Check if ssh passthrough file exists
      stat:
        path: /app/gitea/gitea
      register: pass_status

    - name: No need to upload ssh passthrough file
      when: pass_status.stat.exists == true
      debug:
        msg: No need to upload ssh passthrough file as it already exists.

    - name: Upload ssh passthrough file
      when: pass_status.stat.exists == false
      template:
        src: "files/gitea"
        dest: "/app/gitea/gitea"
        owner: "{{ user }}"
        group: "{{ user }}"
        mode: 0755

    - name: Ensure SSH Directory exists
      file:
          path: /home/git/.ssh
          state: directory
          group: git
          owner: git
          mode: 0700

    - name: Check if rsa key exists
      stat:
        path: /home/git/.ssh/id_rsa
      register: key_status

    - name: No need to generate new rsa key
      when: key_status.stat.exists == true
      debug:
        msg: No need to generate new rsa key as it already exists.

    - name: Generate new rsa key
      when: key_status.stat.exists == false
      shell: ssh-keygen -t rsa -b 4096 -q -f /home/git/.ssh/id_rsa -C "Gitea Host Key" -N ""

    - name: Ensure rsa key permissions
      file:
          path: /home/git/.ssh/id_rsa
          group: git
          owner: git
          mode: 0600

    - name: Ensure rsa public key permissions
      file:
          path: /home/git/.ssh/id_rsa.pub
          group: git
          owner: git
          mode: 0644

    - name: Add key to authorized_files
      when: key_status.stat.exists == false
      copy:
        src: /home/git/.ssh/id_rsa.pub
        dest: /home/git/.ssh/authorized_keys
        owner: git
        group: git
        mode: 0644

    - name: Pull Gitea image
      docker_image:
        name: "{{ container_image }}"
        source: pull
        state: present
        force_source: yes

    - getent:
        database: passwd
        key: "{{ user }}"
        split: ":"

    - name: Create gitea container
      docker_container:
        name: "{{ container_name }}"
        image: "{{ container_image }}"
        state: started
        restart_policy: "unless-stopped"
        env:
          USER_UID: "{{ getent_passwd[user][1] }}"
          USER_GID: "{{ getent_passwd[user][2] }}"
        published_ports:
          - "127.0.0.1:3000:3000"
          - "127.0.0.1:2222:22"
        volumes:
          - /var/lib/gitea:/data
          - /etc/timezone:/etc/timezone:ro
          - /etc/localtime:/etc/localtime:ro
          - "/home/{{ user }}/.ssh/:/data/git/.ssh"

    - name: Check if Nginx conf file exists
      stat: path="/etc/nginx/sites-available/{{ http_conf }}"
      register: status

    - name: No need to reload Nginx
      debug: msg= {{ "No need to reload Nginx as sites-available entries have already been created" }}

    - name: Set Nginx conf file
      when: status.stat.exists == false
      template:
        src: "files/nginx.conf.j2"
        dest: "/etc/nginx/sites-available/{{ http_conf }}"

    - name: Enable new site
      when: status.stat.exists == false
      file:
        src: "/etc/nginx/sites-available/{{ http_conf }}"
        dest: "/etc/nginx/sites-enabled/{{ http_conf }}"
        state: link
      notify: Reload Nginx

  handlers:
    - name: Reload Nginx
      service:
        name: nginx
        state: reloaded