initial commit
This commit is contained in:
hiperman
@@ -0,0 +1,24 @@
|
||||
---
|
||||
|
||||
- name: Get host IP
|
||||
ansible.builtin.set_fact:
|
||||
gitea_host_ip: "{{ ansible_default_ipv4.address }}"
|
||||
|
||||
- name: Create data directories for runners
|
||||
ansible.builtin.file:
|
||||
path: "{{ app_dir }}/{{ item.data_mount }}"
|
||||
state: directory
|
||||
mode: "{{ app_permission_mode }}"
|
||||
owner: "{{ app_uid }}"
|
||||
group: "{{ app_gid }}"
|
||||
loop: "{{ gitea_runners }}"
|
||||
|
||||
- name: Create configuration files for each runner
|
||||
ansible.builtin.template:
|
||||
src: actions/config.yaml.j2
|
||||
dest: "{{ app_dir }}/{{ item.config_file_mount }}"
|
||||
mode: "{{ app_permission_mode }}"
|
||||
owner: "{{ app_uid }}"
|
||||
group: "{{ app_gid }}"
|
||||
loop: "{{ gitea_runners }}"
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
---
|
||||
- name: Deploy optional fail2ban rules
|
||||
ansible.builtin.include_tasks: setup-fail2ban.yaml
|
||||
when: gitea_fail2ban_enabled | bool
|
||||
|
||||
- name: Generate Gitea configuration files
|
||||
ansible.builtin.include_tasks: generate-config.yaml
|
||||
|
||||
- name: Create or remove Gitea users
|
||||
ansible.builtin.include_tasks: manage_users.yaml
|
||||
when: gitea_users | length > 0
|
||||
|
||||
- name: Start Docker Compose stack after configuration
|
||||
ansible.builtin.include_tasks: "{{ app_roles_path }}/docker_compose_app/tasks/manage_compose.yaml"
|
||||
vars:
|
||||
app_compose_start: true
|
||||
|
||||
@@ -0,0 +1,58 @@
|
||||
---
|
||||
- name: Get list of users
|
||||
community.docker.docker_container_exec:
|
||||
container: "{{ gitea_container_name }}"
|
||||
command: /bin/bash -c "gitea admin user list"
|
||||
register: user_list
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
when: gitea_users | length > 0
|
||||
|
||||
- name: Extract existing usernames
|
||||
ansible.builtin.set_fact:
|
||||
gitea_existing_users: "{{ user_list.stdout_lines[1:] | map('regex_replace', '^\\d+\\s+(\\S+)\\s+.*$', '\\1') | list | default([]) }}"
|
||||
when:
|
||||
- gitea_users | length > 0
|
||||
- user_list.stdout_lines | default([]) | length > 1
|
||||
|
||||
- name: Create Gitea users
|
||||
community.docker.docker_container_exec:
|
||||
container: "{{ gitea_container_name }}"
|
||||
command: >
|
||||
/bin/bash -c "gitea admin user create
|
||||
--username {{ user.username }}
|
||||
--email {{ user.email }}
|
||||
--password {{ user.password }}
|
||||
--must-change-password={{ user.must_change_password | default(false) }}
|
||||
--admin={{ user.admin | default(false) }}"
|
||||
register: _gitea_user_result
|
||||
failed_when:
|
||||
- '"successfully created" not in _gitea_user_result.stdout'
|
||||
changed_when:
|
||||
- '"successfully created!" in _gitea_user_result.stdout'
|
||||
when:
|
||||
- user.username not in gitea_existing_users | default([]) and user.state | default('present') == 'present'
|
||||
loop: "{{ gitea_users }}"
|
||||
loop_control:
|
||||
label: "user={{ user.username }}"
|
||||
loop_var: user
|
||||
# no_log: true # Avoid logging passwords
|
||||
|
||||
|
||||
- name: Remove gitea users
|
||||
community.docker.docker_container_exec:
|
||||
container: "{{ gitea_container_name }}"
|
||||
command: >
|
||||
/bin/bash -c "gitea admin user delete
|
||||
--username {{ user.username }}
|
||||
--email {{ user.email }}"
|
||||
register: _gitea_user_del_result
|
||||
failed_when:
|
||||
- '"error" in _gitea_user_del_result.stdout'
|
||||
changed_when: "user.username in gitea_existing_users"
|
||||
when: "user.username in gitea_existing_users | default([]) and user.state | default('present') == 'absent'"
|
||||
loop: "{{ gitea_users }}"
|
||||
loop_control:
|
||||
label: "user={{ user.username }}"
|
||||
loop_var: user
|
||||
|
||||
@@ -0,0 +1,39 @@
|
||||
---
|
||||
|
||||
- name: Gather installed packages for checks later on
|
||||
ansible.builtin.package_facts:
|
||||
manager: "auto"
|
||||
|
||||
- name: Warn if fail2ban is not installed
|
||||
ansible.builtin.fail:
|
||||
msg: "the package fail2ban is not installed. no fail2ban filters deployed."
|
||||
when: "'fail2ban' not in ansible_facts.packages"
|
||||
failed_when: false
|
||||
|
||||
- name: Install fail2ban filter
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: fail2ban/filter.conf.j2
|
||||
dest: /etc/fail2ban/filter.d/gitea.local
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0444"
|
||||
notify: "Restart fail2ban"
|
||||
when: "'fail2ban' in ansible_facts.packages"
|
||||
|
||||
- name: Install fail2ban jail for logins over HTTP(S)
|
||||
become: true
|
||||
vars:
|
||||
gitea_fail2ban_filter: gitea
|
||||
gitea_fail2ban_port: "http,https,{{ gitea_ssh_port }}"
|
||||
gitea_fail2ban_jail_name: gitea-docker
|
||||
ansible.builtin.template:
|
||||
src: fail2ban/jail.conf.j2
|
||||
dest: /etc/fail2ban/jail.d/gitea.local
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0444"
|
||||
notify: "Restart fail2ban"
|
||||
when: "'fail2ban' in ansible_facts.packages"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user