add nodiscc.xsrv.gitea ansible role #97

Merged
lunny merged 1 commits from nodiscc/awesome-gitea:nodiscc.xsrv.gitea into main 2 months ago

Hi,

this PR adds the xsrv.gitea ansible role, which can be used to deploy Gitea on any Debian-based Linux machine.

The role can be used from the xsrv command-line tool/ansible wrapper, or with ansible command-line tools. Optionally it integrates with netdata for instance health monitoring, apache for reverse proxy and SSL/TLS certificate management, rsnapshot for automatic backups, and postgresql as a RDBMS.

Detailed installation/configuration documentation can be found at https://xsrv.readthedocs.io/en/latest/installation.html, but here is the short version using ansible command-line tools and self-signed certificates:

# create a project directory
$ mkdir -p ~/playbooks/myproject && cd ~/playbooks/myproject
# install ansible in a python virtualenv
$ python3 -m venv .venv
$ source .venv/bin/activate
$ pip3 install ansible

Create required files and directories (replace my.CHANGEME.org with the address of the server where gitea will be deployed, and other CHANGEME values with values of your choice)

# requirements.yml
collections:
  - name: https://gitlab.com/nodiscc/xsrv.git
    type: git
    version: release # or master to get the latest, development version
# inventory.yml
all:
  hosts:
    my.CHANGEME.org:
# playbook.yml
- hosts: my.CHANGEME.org
  roles:
    - nodiscc.xsrv.common # (optional) base server setup/hardening/firewall/bruteforce prevention
    - nodiscc.xsrv.monitoring # (optional) server monitoring, log aggregation
    - nodiscc.xsrv.backup # (optional) automatic backups
    - nodiscc.xsrv.apache
    - nodiscc.xsrv.postgresql
    - nodiscc.xsrv.gitea
# $ mkdir host_vars/my.CHANGEME.org
# host_vars/my.CHANGEME.org/my.CHANGEME.org.yml
#ansible_ssh_port: 2234 # SSH port, if different from 22
#ansible_host: 1.2.3.4 # SSH server address, if my.CHANGEME.org cannot be resolved from DNS
gitea_fqdn: "git.CHANGEME.org" # domain name of the gitea instance
# $ ansible-vault edit host_vars/my.CHANGEME.org/my.CHANGEME.org.vault.yml
ansible_become_pass: "CHANGEME" # sudo password
gitea_admin_username: "CHANGEME"
gitea_admin_password: "CHANGEME"
gitea_admin_email: "CHANGEME@CHANGEME.org"
gitea_secret_key: "CHANGEME64"
gitea_internal_token: "CHANGEME160"
gitea_oauth2_jwt_secret: "CHANGEME43"
gitea_lfs_jwt_secret: "CHANGEME43"
# make the role/collection available to the ansible project
$ ansible-galaxy collection install --force -r requirements.yml
# deploy the role
$ ansible-playbook -i inventory.yml playbook.yml

See defaults/main.yml for all available configuration variables.

I use the role to manage multiple environments/instances for a few years without problems and will keep maintaining it in the foreseeable future.

Let me know if you need additional information.

Hi, this PR adds the [xsrv.gitea](https://github.com/nodiscc/xsrv/tree/master/roles/gitea) ansible role, which can be used to deploy Gitea on any Debian-based Linux machine. The role can be used from the [xsrv](https://xsrv.readthedocs.io/en/latest/) command-line tool/ansible wrapper, or with ansible [command-line](https://docs.ansible.com/ansible/latest/user_guide/command_line_tools.html) tools. Optionally it integrates with [netdata](https://github.com/nodiscc/xsrv/tree/master/roles/monitoring_netdata) for instance health monitoring, [apache](https://github.com/nodiscc/xsrv/tree/master/roles/apache) for reverse proxy and SSL/TLS certificate management, [rsnapshot](https://github.com/nodiscc/xsrv/tree/master/roles/backup) for automatic backups, and [postgresql](https://github.com/nodiscc/xsrv/tree/master/roles/postgresql) as a RDBMS. Detailed installation/configuration documentation can be found at https://xsrv.readthedocs.io/en/latest/installation.html, but here is the short version using ansible command-line tools and self-signed certificates: ```bash # create a project directory $ mkdir -p ~/playbooks/myproject && cd ~/playbooks/myproject # install ansible in a python virtualenv $ python3 -m venv .venv $ source .venv/bin/activate $ pip3 install ansible ``` Create required files and directories (replace my.CHANGEME.org with the address of the server where gitea will be deployed, and other CHANGEME values with values of your choice) ```yaml # requirements.yml collections: - name: https://gitlab.com/nodiscc/xsrv.git type: git version: release # or master to get the latest, development version ``` ```yaml # inventory.yml all: hosts: my.CHANGEME.org: ``` ```yaml # playbook.yml - hosts: my.CHANGEME.org roles: - nodiscc.xsrv.common # (optional) base server setup/hardening/firewall/bruteforce prevention - nodiscc.xsrv.monitoring # (optional) server monitoring, log aggregation - nodiscc.xsrv.backup # (optional) automatic backups - nodiscc.xsrv.apache - nodiscc.xsrv.postgresql - nodiscc.xsrv.gitea ``` ```yaml # $ mkdir host_vars/my.CHANGEME.org # host_vars/my.CHANGEME.org/my.CHANGEME.org.yml #ansible_ssh_port: 2234 # SSH port, if different from 22 #ansible_host: 1.2.3.4 # SSH server address, if my.CHANGEME.org cannot be resolved from DNS gitea_fqdn: "git.CHANGEME.org" # domain name of the gitea instance ``` ```yaml # $ ansible-vault edit host_vars/my.CHANGEME.org/my.CHANGEME.org.vault.yml ansible_become_pass: "CHANGEME" # sudo password gitea_admin_username: "CHANGEME" gitea_admin_password: "CHANGEME" gitea_admin_email: "CHANGEME@CHANGEME.org" gitea_secret_key: "CHANGEME64" gitea_internal_token: "CHANGEME160" gitea_oauth2_jwt_secret: "CHANGEME43" gitea_lfs_jwt_secret: "CHANGEME43" ``` ```bash # make the role/collection available to the ansible project $ ansible-galaxy collection install --force -r requirements.yml # deploy the role $ ansible-playbook -i inventory.yml playbook.yml ``` See [defaults/main.yml](https://github.com/nodiscc/xsrv/blob/master/roles/gitea/defaults/main.yml) for all available configuration variables. I use the role to manage multiple environments/instances for a few years without problems and will keep maintaining it in the foreseeable future. Let me know if you need additional information.
nodiscc added 1 commit 2 months ago
lunny approved these changes 2 months ago
pat-s approved these changes 2 months ago
pat-s left a comment

Cool! Do you also plan to add it to ansible-galaxy?

Cool! Do you also plan to add it to ansible-galaxy?
lunny merged commit cbee11c833 into main 2 months ago
lunny referenced this issue from a commit 2 months ago
Poster

Do you also plan to add it to ansible-galaxy?

It's there: https://galaxy.ansible.com/nodiscc/xsrv

> Do you also plan to add it to ansible-galaxy? It's there: https://galaxy.ansible.com/nodiscc/xsrv
nodiscc deleted branch nodiscc.xsrv.gitea 2 months ago
pat-s commented 2 months ago

Ah great, must have overlooked it! To me an ansible role that is well maintained could even be linked in https://docs.gitea.io/ as a standalone "Installation" method.

I haven't taken a closer look at it but the first look I had at it looked quite professional.

@lunny What do you think?

Ah great, must have overlooked it! To me an ansible role that is well maintained could even be linked in https://docs.gitea.io/ as a standalone "Installation" method. I haven't taken a closer look at it but the first look I had at it looked quite professional. @lunny What do you think?
Poster

Thank you, I try to keep it clean and well tested. Keep in mind that it has limitations:

  • Not all settings are configurable through the role. This is on purpose, I want to keep the configuration simple and stick to a baseline as much as possible. As the number of configurable settings increase, so does the number of non-working configurations.
  • It's only tested on Debian because that's what I use, and adding support for more distributions would increase the maintenance/testing burden.
  • In theory it's very loosely coupled with the apache role, so you should be able to make it work with any other reverse proxy, in practice it was only tested alongside this specific apache configuration, so your mileage may vary. I will accept patches if there are obvious bugs/unwanted dependency on apache though.

The other two ansible roles listed (https://github.com/melvin-suter/ansible.gitea and https://github.com/thomas-maurice/ansible-role-gitea) do not look maintained for > a year and they install old gitea versions, so I would start with pinging the maintainers or removing them.

Thank you, I try to keep it clean and well tested. Keep in mind that it has limitations: - Not all settings are configurable through the role. This is on purpose, I want to keep the configuration simple and stick to a baseline as much as possible. As the number of configurable settings increase, so does the number of non-working configurations. - It's only tested on Debian because that's what I use, and adding support for more distributions would increase the maintenance/testing burden. - In theory it's very loosely coupled with the apache role, so you should be able to make it work with any other reverse proxy, in practice it was only tested alongside this specific apache configuration, so your mileage may vary. I will accept patches if there are obvious bugs/unwanted dependency on apache though. The other two ansible roles listed (https://github.com/melvin-suter/ansible.gitea and https://github.com/thomas-maurice/ansible-role-gitea) do not look maintained for > a year and they install old gitea versions, so I would start with pinging the maintainers or removing them.
lunny commented 2 months ago
Owner

Ah great, must have overlooked it! To me an ansible role that is well maintained could even be linked in https://docs.gitea.io/ as a standalone "Installation" method.

I haven't taken a closer look at it but the first look I had at it looked quite professional.

@lunny What do you think?

Sorry just noticed this. Looks like Gitea needs a mentioned notification filter. Maybe @nodiscc could send a PR to docs?

> Ah great, must have overlooked it! To me an ansible role that is well maintained could even be linked in https://docs.gitea.io/ as a standalone "Installation" method. > > I haven't taken a closer look at it but the first look I had at it looked quite professional. > > @lunny What do you think? > > Sorry just noticed this. Looks like Gitea needs a mentioned notification filter. Maybe @nodiscc could send a PR to docs?

Reviewers

lunny approved these changes 2 months ago
pat-s approved these changes 2 months ago
The pull request has been merged as cbee11c833.
Sign in to join this conversation.
No reviewers
No Label
No Milestone
No Assignees
3 Participants
Notifications
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: gitea/awesome-gitea#97
Loading…
There is no content yet.