diff --git a/README.md b/README.md index ac57d4d..ad6d2e3 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,18 @@ -[![Ansible Galaxy](https://ansible.l3d.space/svg/roles-ansible.gitea.svg)](https://galaxy.ansible.com/ui/standalone/roles/roles-ansible/gitea/) +[![Ansible Galaxy](https://ansible.l3d.space/svg/roles-ansible.gitea.svg)](https://galaxy.ansible.com/ui/standalone/roles/l3d/gitea/) [![BSD-3 Clause](https://ansible.l3d.space/svg/roles-ansible.gitea_license.svg)](LICENSE) [![Maintenance](https://ansible.l3d.space/svg/roles-ansible.gitea_maintainance.svg)](https://ansible.l3d.space/#roles-ansible.gitea) - ansible role gitea/forgejo -============================ + ansible role gitea +==================== -This role installs and manages [gitea](https://gitea.io) or [forgejo](https://forgejo.org). A painless self-hosted Git service. Gitea is a community managed lightweight code hosting solution written in Go. Forgejo is a fork of it. +This role installs and manages [gitea](https://gitea.io). A painless self-hosted Git service. Gitea is a community managed lightweight code hosting solution written in Go. Forgejo is a fork of it. [Source code & screenshots gitea](https://github.com/go-gitea/gitea). -[Source code forgejo](https://code.forgejo.org/forgejo/forgejo). This role is also Part of the Ansible-Collection [l3d.git](https://galaxy.ansible.com/l3d/git). [![l3d.git](https://ansible.l3d.space/svg/l3d.git_ansible-collection_collection.svg)](https://github.com/roles-ansible/ansible_collection_git.git). +## Do you look for a forgejo ansible role? + +Have a look at [l3d.git.forgejo](https://galaxy.ansible.com/ui/repo/published/l3d/git/content/role/forgejo/) Collection or the [l3d.forgejo](https://github.com/roles-ansible/ansible_role_forgejo.git) Ansible role. + ## Mirrors The role is mirrored to: + Github: [github.com/roles-ansible/ansible_role_gitea](https://github.com/roles-ansible/ansible_role_gitea.git) @@ -61,29 +64,16 @@ See [this issue](https://github.com/go-gitea/gitea/issues/28563) for more inform ----------- Here is a deeper insight into the variables of this gitea role. For the exact function of some variables and the possibility to add more options we recommend a look at this [config cheat sheet](https://docs.gitea.com/administration/config-cheat-sheet). -### Chose between gitea and forgejo -There is a fork of gitea called forgejo. Why? Read the [forgejo FAQ](https://forgejo.org/faq/). -You have the option to choose between [gitea](https://gitea.io) and [forgejo](https://forgejo.org) by modifying the ``gitea_fork`` variable. -| variable name | default value | description | -| ------------- | ------------- | ----------- | -| `gitea_fork` | `gitea` | optional choose to install forgejo instead of gitea by setting this value to `forgejo`. | - ### gitea update mechanism To determine which gitea version to install, you can choose between two variants. Either you define exactly which release you install. Or you use the option ``latest`` to always install the latest release from the [gitea releases](https://github.com/go-gitea/gitea/releases/latest). -### Forgejo update mechanism -It is advisable to define exactly which Forgejo release you want to install. See [Forgejo releases](https://forgejo.org/releases/) for the correct value to use in `gitea_version` eg `v1.21.5`. - -This is because the Forgejo project maintains both `stable` and `old stable` releases and the `latest` tag will refer to the *most recent release* regardless of whether it is `stable` or `old stable`. This can lead to a situation where `latest` refers to an *older release* than the version you have installed. - ### gitea update | variable name | default value | description | | ------------- | ------------- | ----------- | | `gitea_version` | `latest` | Define either the exact release to install *(eg. `1.16.0`)* or use ``latest`` *(default)* to install the latest release. | | `gitea_version_check` | `true` | Check if installed version != `gitea_version` before initiating binary download | | `gitea_gpg_key` | `7C9E68152594688862D62AF62D9AE806EC1592E2` | the gpg key the gitea binary is signed with | -| `gitea_forgejo_gpg_key` | `EB114F5E6C0DC2BCDD183550A4B61A2DC5923710` | the gpg key the forgejo binary is signed with | | `gitea_gpg_server` | `hkps://keys.openpgp.org` | A gpg key server where this role can download the gpg key | | `gitea_backup_on_upgrade` | `false` | Optionally a backup can be created with every update of gitea. | | `gitea_backup_location` | `{{ gitea_home }}/backups/` | Where to store the gitea backup if one is created with this role. | @@ -97,7 +87,6 @@ This is because the Forgejo project maintains both `stable` and `old stable` rel | `gitea_home` | `/var/lib/gitea` | Base directory to work | | `gitea_user_home` | `{{ gitea_home }}` | home of gitea user | | `gitea_executable_path` | `/usr/local/bin/gitea` | Path for gitea executable | -| `gitea_forgejo_executable_path` | `/usr/local/bin/forgejo` | Path for forgejo executable | | `gitea_configuration_path` | `/etc/gitea` | Where to put the gitea.ini config | | `gitea_shell` | `/bin/false` | UNIX shell used by gitea. Set it to `/bin/bash` if you don't use the gitea built-in ssh server. | | `gitea_systemd_cap_net_bind_service` | `false` | Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file | @@ -165,8 +154,8 @@ This is because the Forgejo project maintains both `stable` and `old stable` rel | variable name | default value | description | | ------------- | ------------- | ----------- | | `gitea_show_user_email` | `false` | Do you want to display email addresses ? (true/false) | -| `gitea_theme_default` | `gitea-auto` or `forgejo-auto` | Default theme | -| `gitea_themes` | (See `defaults/gitea.yml` or `defaults/forgejo.yml`)| List of enabled themes | +| `gitea_theme_default` | `gitea-auto` | Default theme | +| `gitea_themes` | (See `defaults/main.yml`)| List of enabled themes | | `gitea_ui_extra_config` | | you can use this variable to pass additional config parameters in the `[ui]` section of the config. | ### UI - Meta ([ui.meta](https://docs.gitea.com/administration/config-cheat-sheet#ui---metadata-uimeta)) @@ -381,8 +370,8 @@ As this will only deploy config files, fail2ban already has to be installed or o ### local gitea Users | variable | option | description | | -------- | ------ | ----------- | -| ``gitea_users`` | | dict to create local gitea or forgejo users | -| | ``name`` | name for local gitea/forgejo user | +| ``gitea_users`` | | dict to create local gitea users | +| | ``name`` | name for local gitea user | | | ``password`` | user for local git user | | | ``email`` | email for local git user | | | ``admin`` | give user admin permissions | @@ -428,7 +417,7 @@ To deploy multiple files we created the ``gitea_custom_search`` variable, that c - Set `gitea_themes` variable and include the names of the new themes. To keep the existing ones, you need to pass all themes names, e.g. `auto,gitea,arc-green,,,` ## Requirements -This role uses the ``ansible.builtin`` and ``community.general`` ansible Collections. To download the latest forgejo/gitea release we use json_query. This requires ``jmespath`` to be available. +This role uses the ``ansible.builtin`` and ``community.general`` ansible Collections. To download the latest gitea release we use json_query. This requires ``jmespath`` to be available. ### Python packages + jmespath diff --git a/defaults/forgejo.yml b/defaults/forgejo.yml deleted file mode 100644 index 17c3dda..0000000 --- a/defaults/forgejo.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -gitea_theme_default: "forgejo-auto" -# yamllint disable rule:line-length -gitea_themes: "forgejo-auto,forgejo-light,forgejo-dark,gitea-auto,gitea-light,gitea-dark,forgejo-auto-deuteranopia-protanopia,forgejo-light-deuteranopia-protanopia,forgejo-dark-deuteranopia-protanopia,forgejo-auto-tritanopia,forgejo-light-tritanopia,forgejo-dark-tritanopia" -# yamllint enable rule:line-length diff --git a/defaults/gitea.yml b/defaults/gitea.yml index d972a5e..ed97d53 100644 --- a/defaults/gitea.yml +++ b/defaults/gitea.yml @@ -1,3 +1 @@ --- -gitea_theme_default: "gitea-auto" -gitea_themes: "gitea-auto,gitea-light,gitea-dark" diff --git a/defaults/main.yml b/defaults/main.yml index 699b5cc..2c7e224 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,26 +1,27 @@ --- -# Choose between https://forgejo.org/ and https://gitea.io/ -gitea_fork: 'gitea' # 'gitea' and 'forgejo' are valid options +gitea_fork: 'gitea' # legacy option for forgejo/gitea # gitea version # Use 'latest' to auto-update; upgrading past role version may lead to errors. gitea_version: 'latest' gitea_version_check: true gitea_gpg_key: '7C9E68152594688862D62AF62D9AE806EC1592E2' -gitea_forgejo_gpg_key: 'EB114F5E6C0DC2BCDD183550A4B61A2DC5923710' gitea_gpg_server: 'hkps://keys.openpgp.org' gitea_gpg_keyserver_option: '' gitea_backup_on_upgrade: false gitea_backup_location: "{{ gitea_home }}/backups/" submodules_versioncheck: false +# gitea branding +gitea_theme_default: "gitea-auto" +gitea_themes: "gitea-auto,gitea-light,gitea-dark" + # gitea in the linux world gitea_group: 'gitea' # gitea_groups: [] # Optional a list of groups user gitea will be added to gitea_home: '/var/lib/gitea' gitea_user_home: '{{ gitea_home }}' gitea_executable_path: '/usr/local/bin/gitea' -gitea_forgejo_executable_path: '/usr/local/bin/forgejo' gitea_configuration_path: '/etc/gitea' gitea_shell: '/bin/false' gitea_systemd_cap_net_bind_service: false @@ -98,7 +99,7 @@ gitea_ui_extra_config: '' # -> https://docs.gitea.io/en-us/config-cheat-sheet/#ui---metadata-uimeta gitea_ui_author: 'Gitea - Git with a cup of tea' gitea_ui_description: 'Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go:' -gitea_ui_keywords: 'go,git,self-hosted,gitea,forgejo' +gitea_ui_keywords: 'go,git,self-hosted,gitea' gitea_ui_meta_extra_config: '' # Server (server) diff --git a/meta/main.yml b/meta/main.yml index 4414349..5b54d7b 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -2,7 +2,7 @@ galaxy_info: role_name: gitea author: roles-ansible - description: Ansible role to configure and deploy gitea and forgejo, a painless self-hosted Git service. + description: Ansible role to configure and deploy gitea, a painless self-hosted Git service. license: "BSD-3-Clause" min_ansible_version: "2.11" platforms: @@ -20,7 +20,6 @@ galaxy_info: - all galaxy_tags: - gitea - - forgejo - git - system - development diff --git a/tasks/install_forgejo.yml b/tasks/install_forgejo.yml deleted file mode 100644 index fff905d..0000000 --- a/tasks/install_forgejo.yml +++ /dev/null @@ -1,95 +0,0 @@ ---- -- name: Dependency block - block: - - name: Update apt cache - become: true - ansible.builtin.apt: - cache_valid_time: 3600 - update_cache: true - register: _pre_update_apt_cache - until: _pre_update_apt_cache is succeeded - when: - - ansible_pkg_mgr == "apt" - - - name: Install dependencies - become: true - ansible.builtin.package: - name: "{{ gitea_dependencies }}" - state: present - register: _install_dep_packages - until: _install_dep_packages is succeeded - retries: 5 - delay: 2 - -- name: Install forgejo block - when: (not gitea_version_check | bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version_target)) - block: - - name: Download forgejo archive - ansible.builtin.get_url: - url: "{{ gitea_forgejo_dl_url | first }}" - dest: "/tmp/{{ gitea_filename }}" - checksum: "sha256:{{ gitea_forgejo_checksum }}" - mode: 0640 - register: _download_archive - become: false - until: _download_archive is succeeded - retries: 5 - delay: 2 - - - name: Download forgejo asc file - ansible.builtin.get_url: - url: "{{ gitea_forgejo_signed_url | first }}" - dest: "/tmp/{{ gitea_filename }}.asc" - mode: 0640 - register: _download_asc - become: false - until: _download_asc is succeeded - retries: 5 - delay: 2 - - - name: Check forgejo gpg key - ansible.builtin.command: "gpg --list-keys 0x{{ gitea_forgejo_gpg_key }}" - register: _gitea_gpg_key_status - changed_when: false - become: false - failed_when: _gitea_gpg_key_status.rc not in (0, 2) - - - name: Print gpg key status on verbosity # noqa: H500 - ansible.builtin.debug: - msg: "{{ _gitea_gpg_key_status.stdout }}" - verbosity: 1 - - - name: Gpg key - block: - - name: Import forgejo gpg key - ansible.builtin.command: "gpg --keyserver {{ gitea_gpg_server }} --recv {{ gitea_forgejo_gpg_key }}" - register: _gitea_import_key - become: false - changed_when: '"imported: 1" in _gitea_import_key.stderr' - # when: '_gitea_gpg_key_status.rc != 0 or "expired" in _gitea_gpg_key_status.stdout' - rescue: - - name: Load local forgejo gpg key - ansible.builtin.copy: - src: dj3498u4hyyarh35rkjfnghbjxug6b19.asc - dest: /tmp/ - mode: '0400' - - name: Import local forgejo gpg key - ansible.builtin.command: "gpg --import /tmp/dj3498u4hyyarh35rkjfnghbjxug6b19.asc" - register: import0 - changed_when: "'imported: [1-9]+' in import0.stdout" - - - name: Check archive signature - become: false - ansible.builtin.command: "gpg --verify /tmp/{{ gitea_filename }}.asc /tmp/{{ gitea_filename }}" - changed_when: false - - - name: Propagate gitea binary - become: true - ansible.builtin.copy: - src: "/tmp/{{ gitea_filename }}" - remote_src: true - dest: "{{ gitea_full_executable_path }}" - mode: 0755 - owner: root - group: root - notify: "systemctl restart gitea" diff --git a/tasks/main.yml b/tasks/main.yml index 4efed83..d40a015 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,4 +1,9 @@ --- +- name: Announce ansible role changed + ansible.builtin.fail: + msg: 'This role changed and now only support gitea. Please use the l3d.git.forgejo role for forgejo.' + when: gitea_fork == 'forgejo' + - name: Perform optional versionscheck ansible.builtin.include_tasks: file: "versioncheck.yml" @@ -8,34 +13,13 @@ ansible.builtin.package_facts: manager: "auto" -- name: Prepare gitea/forgejo variable import - block: - - name: Gather vars for gitea or forgejo - ansible.builtin.include_vars: - file: "{{ lookup('ansible.builtin.first_found', - gitea_fork_variables) }}" - rescue: - - name: Gitea/Forgejo import info - ansible.builtin.fail: - msg: "Only {{ gitea_supported_forks }} are supported." - -- name: Gather Gitea/Forgejo UI Theme variables - ansible.builtin.include_vars: - file: "{{ lookup('ansible.builtin.first_found', params) }}" - vars: - params: - files: - - "{{ gitea_fork }}.yml" - paths: - - "defaults" - - name: Gather variables for each operating system ansible.builtin.include_vars: file: "{{ lookup('ansible.builtin.first_found', gitea_variables) }}" - name: Gather versioning information ansible.builtin.include_tasks: - file: "set_{{ gitea_fork | lower }}_version.yml" + file: "set_gitea_version.yml" - name: Backup gitea before update ansible.builtin.include_tasks: @@ -46,9 +30,9 @@ ansible.builtin.include_tasks: file: "create_user.yml" -- name: "Install or update {{ gitea_fork }}" +- name: "Install or update gitea" ansible.builtin.include_tasks: - file: "install_{{ gitea_fork | lower }}.yml" + file: "install_gitea.yml" - name: Create directories ansible.builtin.include_tasks: diff --git a/tasks/set_forgejo_version.yml b/tasks/set_forgejo_version.yml deleted file mode 100644 index 7184b48..0000000 --- a/tasks/set_forgejo_version.yml +++ /dev/null @@ -1,119 +0,0 @@ ---- -- name: "Check forgejo installed version" - ansible.builtin.shell: | - set -eo pipefail - {{ gitea_full_executable_path }} -v | cut -d' ' -f 3 - args: - executable: '/bin/bash' - register: gitea_active_version - changed_when: false - failed_when: false - -- name: "Determine 'latest' version release" - when: gitea_version == "latest" - block: - - name: "Get latest forgejo release metadata" - ansible.builtin.uri: - url: 'https://{{ gitea_forgejo_repo }}/api/v1/repos/forgejo/forgejo/releases?limit=1' - return_content: true - register: gitea_forgejo_remote_metadata - become: false - when: not ansible_check_mode - - - name: "Fail if running in check mode without versions set." - ansible.builtin.fail: - msg: | - "You are running this playbook in check mode: - Please set the Gitea version with the variable 'gitea_version', because the URI module cannot detect the latest version in this mode." - when: ansible_check_mode and (gitea_version == 'latest' or gitea_version == 'present') - - - name: "Set fact latest forgejo release" - ansible.builtin.set_fact: - gitea_remote_version: "{{ gitea_forgejo_remote_metadata.json.0.tag_name[1:] }}" - when: not ansible_check_mode - - - name: "Set forgejo version target (latest)" - ansible.builtin.set_fact: - gitea_version_target: "{{ gitea_remote_version }}" - when: not ansible_check_mode - -- name: "Set forgejo version target {{ gitea_version }}" - ansible.builtin.set_fact: - gitea_version_target: "{{ gitea_version }}" - when: gitea_version != "latest" - -- name: "Download forgejo version {{ gitea_version_target }}" - when: not ansible_check_mode - block: - - name: "Get specific forgejo release metadata" - ansible.builtin.uri: - url: 'https://{{ gitea_forgejo_repo }}/api/v1/repos/forgejo/forgejo/releases/tags/v{{ gitea_version_target }}' - return_content: true - register: gitea_forgejo_remote_tags_metadata - become: false - rescue: - - name: "Error Downloading v{{ gitea_version_target }}" - ansible.builtin.fail: - msg: | - We did not find the forgejo version you specified. - Are you sure that '{{ gitea_version_target }}' is a valid forgejo version? - Please verify 'https://{{ gitea_forgejo_repo }}/api/v1/repos/forgejo/forgejo/releases/tags/v{{ gitea_version_target }}' is a valid URL! - -- name: "Generate forgejo download url" - ansible.builtin.set_fact: - gitea_forgejo_dl_url: "{{ gitea_forgejo_remote_tags_metadata.json | community.general.json_query(gitea_forgejo_query_download) }}" - when: not ansible_check_mode - -- name: "Generate forgejo download checksum url" - ansible.builtin.set_fact: - gitea_forgejo_checksum_url: "{{ gitea_forgejo_remote_tags_metadata.json | community.general.json_query(gitea_forgejo_query_checksum) }}" - when: not ansible_check_mode - -- name: Get forgejo checksum - ansible.builtin.uri: - url: "{{ gitea_forgejo_checksum_url | first }}" - return_content: true - register: _gitea_forgejo_dl_checksum - become: false - when: not ansible_check_mode - -- name: Set forjeo checksum - ansible.builtin.set_fact: - gitea_forgejo_checksum: "{{ _gitea_forgejo_dl_checksum.content.split(' ')[0] }}" - when: not ansible_check_mode - -- name: "Generate forgejo download signed url" - ansible.builtin.set_fact: - gitea_forgejo_signed_url: "{{ gitea_forgejo_remote_tags_metadata.json | community.general.json_query(gitea_forgejo_query_signed) }}" - when: not ansible_check_mode - -- name: "Set a example forgejo download link if in check mode" - ansible.builtin.set_fact: - gitea_forgejo_dl_url: ['https://{{ gitea_forgejo_repo }}/attachments/a00333ad-250a-4d30-a764-9a37fb24f419'] - when: ansible_check_mode - -- name: "Set a example forgejo checksum link if in check mode" - ansible.builtin.set_fact: - gitea_forgejo_checksum: 'f8c71464d1b250bf022eaa3df270c810950904ceb71da5cefc7ec24a034a4c87' - when: ansible_check_mode - -- name: "Set a example forgejo checksum link if in check mode" - ansible.builtin.set_fact: - gitea_forgejo_signed_url: ['https://{{ gitea_forgejo_repo }}/attachments/ae5e50c6-e86e-4202-b95f-f142e8138e2f'] - when: ansible_check_mode - -- name: 'Assert that remote version is higher' - ansible.builtin.assert: - that: - - gitea_active_version is version(gitea_remote_version, 'lt') - fail_msg: ERROR - Remote version is lower then current version! - when: gitea_version == "latest" and gitea_active_version.stderr == "" | bool - -- name: Show Download URLs # noqa: H500 - ansible.builtin.debug: - msg: "{{ item }}" - verbosity: 1 - loop: - - "gitea_forgejo_dl_url: {{ gitea_forgejo_dl_url | first }}" - - "gitea_forgejo_checksum: {{ gitea_forgejo_checksum }}" - - "gitea_forgejo_signed_url: {{ gitea_forgejo_signed_url | first }}" diff --git a/vars/fork_forgejo.yml b/vars/fork_forgejo.yml deleted file mode 100644 index 65f5812..0000000 --- a/vars/fork_forgejo.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# set filenames for forgejo -gitea_full_executable_path: "{{ gitea_forgejo_executable_path }}" -gitea_filename: "forgejo-{{ gitea_version_target }}-linux-{{ gitea_arch }}" -gitea_forgejo_query_download: "assets[?name==`{{ gitea_filename }}`].browser_download_url" -gitea_forgejo_query_checksum: "assets[?name==`{{ gitea_filename }}.sha256`].browser_download_url" -gitea_forgejo_query_signed: "assets[?name==`{{ gitea_filename }}.asc`].browser_download_url" -gitea_forgejo_repo: 'code.forgejo.org' diff --git a/vars/fork_gitea.yml b/vars/fork_gitea.yml deleted file mode 100644 index 607bfd8..0000000 --- a/vars/fork_gitea.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# set filenames for gitea -gitea_full_executable_path: "{{ gitea_executable_path }}" -gitea_filename: "gitea-{{ gitea_version_target }}.linux-{{ gitea_arch }}" diff --git a/vars/main.yml b/vars/main.yml index d27ebb7..c33be2d 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -10,11 +10,8 @@ gitea_go_arch_map: gitea_arch: "{{ gitea_go_arch_map[ansible_architecture] | default(ansible_architecture) }}" gitea_supported_forks: 'gitea and forgejo' -gitea_fork_variables: - files: - - "fork_{{ gitea_fork | lower }}.yml" - paths: - - 'vars' +gitea_full_executable_path: "{{ gitea_executable_path }}" +gitea_filename: "gitea-{{ gitea_version_target }}.linux-{{ gitea_arch }}" gitea_variables: files: @@ -63,5 +60,5 @@ transfer_custom_footer: - 'files/gitea_footer/extra_links_footer.tmpl' - 'files/extra_links_footer.tmpl' -playbook_version_number: 65 +playbook_version_number: 66 playbook_version_path: 'do1jlr.gitea.version'