gitea/awesome-gitea
56
137
Fork 88
Code Issues 2 Pull Requests Actions Releases Activity

add nodiscc.xsrv.gitea ansible role #97

Merged
lunny merged 1 commits from :nodiscc.xsrv.gitea into main 2022-12-01 11:49:19 +00:00
Conversation 4 Commits 1 Files Changed 1 +1
nodiscc commented 2022-11-30 16:18:47 +00:00
Contributor
Copy Link

Hi,

this PR adds the xsrv.gitea ansible role, which can be used to deploy Gitea on any Debian-based Linux machine.

The role can be used from the xsrv command-line tool/ansible wrapper, or with ansible command-line tools. Optionally it integrates with netdata for instance health monitoring, apache for reverse proxy and SSL/TLS certificate management, rsnapshot for automatic backups, and postgresql as a RDBMS.

Detailed installation/configuration documentation can be found at https://xsrv.readthedocs.io/en/latest/installation.html, but here is the short version using ansible command-line tools and self-signed certificates:

# create a project directory
$ mkdir -p ~/playbooks/myproject && cd ~/playbooks/myproject
# install ansible in a python virtualenv
$ python3 -m venv .venv
$ source .venv/bin/activate
$ pip3 install ansible

Create required files and directories (replace my.CHANGEME.org with the address of the server where gitea will be deployed, and other CHANGEME values with values of your choice)

# requirements.yml
collections:
  - name: https://gitlab.com/nodiscc/xsrv.git
    type: git
    version: release # or master to get the latest, development version

# inventory.yml
all:
  hosts:
    my.CHANGEME.org:

# playbook.yml
- hosts: my.CHANGEME.org
  roles:
    - nodiscc.xsrv.common # (optional) base server setup/hardening/firewall/bruteforce prevention
    - nodiscc.xsrv.monitoring # (optional) server monitoring, log aggregation
    - nodiscc.xsrv.backup # (optional) automatic backups
    - nodiscc.xsrv.apache
    - nodiscc.xsrv.postgresql
    - nodiscc.xsrv.gitea

# $ mkdir host_vars/my.CHANGEME.org
# host_vars/my.CHANGEME.org/my.CHANGEME.org.yml
#ansible_ssh_port: 2234 # SSH port, if different from 22
#ansible_host: 1.2.3.4 # SSH server address, if my.CHANGEME.org cannot be resolved from DNS
gitea_fqdn: "git.CHANGEME.org" # domain name of the gitea instance

# $ ansible-vault edit host_vars/my.CHANGEME.org/my.CHANGEME.org.vault.yml
ansible_become_pass: "CHANGEME" # sudo password
gitea_admin_username: "CHANGEME"
gitea_admin_password: "CHANGEME"
gitea_admin_email: "CHANGEME@CHANGEME.org"
gitea_secret_key: "CHANGEME64"
gitea_internal_token: "CHANGEME160"
gitea_oauth2_jwt_secret: "CHANGEME43"
gitea_lfs_jwt_secret: "CHANGEME43"

# make the role/collection available to the ansible project
$ ansible-galaxy collection install --force -r requirements.yml
# deploy the role
$ ansible-playbook -i inventory.yml playbook.yml

See defaults/main.yml for all available configuration variables.

I use the role to manage multiple environments/instances for a few years without problems and will keep maintaining it in the foreseeable future.

Let me know if you need additional information.

Hi, this PR adds the [xsrv.gitea](https://github.com/nodiscc/xsrv/tree/master/roles/gitea) ansible role, which can be used to deploy Gitea on any Debian-based Linux machine. The role can be used from the [xsrv](https://xsrv.readthedocs.io/en/latest/) command-line tool/ansible wrapper, or with ansible [command-line](https://docs.ansible.com/ansible/latest/user_guide/command_line_tools.html) tools. Optionally it integrates with [netdata](https://github.com/nodiscc/xsrv/tree/master/roles/monitoring_netdata) for instance health monitoring, [apache](https://github.com/nodiscc/xsrv/tree/master/roles/apache) for reverse proxy and SSL/TLS certificate management, [rsnapshot](https://github.com/nodiscc/xsrv/tree/master/roles/backup) for automatic backups, and [postgresql](https://github.com/nodiscc/xsrv/tree/master/roles/postgresql) as a RDBMS. Detailed installation/configuration documentation can be found at https://xsrv.readthedocs.io/en/latest/installation.html, but here is the short version using ansible command-line tools and self-signed certificates: ```bash # create a project directory $ mkdir -p ~/playbooks/myproject && cd ~/playbooks/myproject # install ansible in a python virtualenv $ python3 -m venv .venv $ source .venv/bin/activate $ pip3 install ansible ``` Create required files and directories (replace my.CHANGEME.org with the address of the server where gitea will be deployed, and other CHANGEME values with values of your choice) ```yaml # requirements.yml collections: - name: https://gitlab.com/nodiscc/xsrv.git type: git version: release # or master to get the latest, development version ``` ```yaml # inventory.yml all: hosts: my.CHANGEME.org: ``` ```yaml # playbook.yml - hosts: my.CHANGEME.org roles: - nodiscc.xsrv.common # (optional) base server setup/hardening/firewall/bruteforce prevention - nodiscc.xsrv.monitoring # (optional) server monitoring, log aggregation - nodiscc.xsrv.backup # (optional) automatic backups - nodiscc.xsrv.apache - nodiscc.xsrv.postgresql - nodiscc.xsrv.gitea ``` ```yaml # $ mkdir host_vars/my.CHANGEME.org # host_vars/my.CHANGEME.org/my.CHANGEME.org.yml #ansible_ssh_port: 2234 # SSH port, if different from 22 #ansible_host: 1.2.3.4 # SSH server address, if my.CHANGEME.org cannot be resolved from DNS gitea_fqdn: "git.CHANGEME.org" # domain name of the gitea instance ``` ```yaml # $ ansible-vault edit host_vars/my.CHANGEME.org/my.CHANGEME.org.vault.yml ansible_become_pass: "CHANGEME" # sudo password gitea_admin_username: "CHANGEME" gitea_admin_password: "CHANGEME" gitea_admin_email: "CHANGEME@CHANGEME.org" gitea_secret_key: "CHANGEME64" gitea_internal_token: "CHANGEME160" gitea_oauth2_jwt_secret: "CHANGEME43" gitea_lfs_jwt_secret: "CHANGEME43" ``` ```bash # make the role/collection available to the ansible project $ ansible-galaxy collection install --force -r requirements.yml # deploy the role $ ansible-playbook -i inventory.yml playbook.yml ``` See [defaults/main.yml](https://github.com/nodiscc/xsrv/blob/master/roles/gitea/defaults/main.yml) for all available configuration variables. I use the role to manage multiple environments/instances for a few years without problems and will keep maintaining it in the foreseeable future. Let me know if you need additional information.
nodiscc added 1 commit 2022-11-30 16:18:48 +00:00
lunny approved these changes 2022-12-01 01:21:17 +00:00
pat-s approved these changes 2022-12-01 10:31:34 +00:00
pat-s left a comment
Member
Copy Link

Cool! Do you also plan to add it to ansible-galaxy?

Cool! Do you also plan to add it to ansible-galaxy?
lunny merged commit cbee11c833 into main 2022-12-01 11:49:19 +00:00
nodiscc commented 2022-12-01 13:58:45 +00:00
Author
Contributor
Copy Link

Do you also plan to add it to ansible-galaxy?

It's there: https://galaxy.ansible.com/nodiscc/xsrv

> Do you also plan to add it to ansible-galaxy? It's there: https://galaxy.ansible.com/nodiscc/xsrv
nodiscc deleted branch nodiscc.xsrv.gitea 2022-12-01 13:58:52 +00:00
pat-s commented 2022-12-01 14:35:13 +00:00
Member
Copy Link

Ah great, must have overlooked it! To me an ansible role that is well maintained could even be linked in https://docs.gitea.io/ as a standalone "Installation" method.

I haven't taken a closer look at it but the first look I had at it looked quite professional.

@lunny What do you think?

Ah great, must have overlooked it! To me an ansible role that is well maintained could even be linked in https://docs.gitea.io/ as a standalone "Installation" method. I haven't taken a closer look at it but the first look I had at it looked quite professional. @lunny What do you think?
nodiscc commented 2022-12-03 10:00:49 +00:00
Author
Contributor
Copy Link

Thank you, I try to keep it clean and well tested. Keep in mind that it has limitations:

  • Not all settings are configurable through the role. This is on purpose, I want to keep the configuration simple and stick to a baseline as much as possible. As the number of configurable settings increase, so does the number of non-working configurations.
  • It's only tested on Debian because that's what I use, and adding support for more distributions would increase the maintenance/testing burden.
  • In theory it's very loosely coupled with the apache role, so you should be able to make it work with any other reverse proxy, in practice it was only tested alongside this specific apache configuration, so your mileage may vary. I will accept patches if there are obvious bugs/unwanted dependency on apache though.

The other two ansible roles listed (https://github.com/melvin-suter/ansible.gitea and https://github.com/thomas-maurice/ansible-role-gitea) do not look maintained for > a year and they install old gitea versions, so I would start with pinging the maintainers or removing them.

Thank you, I try to keep it clean and well tested. Keep in mind that it has limitations: - Not all settings are configurable through the role. This is on purpose, I want to keep the configuration simple and stick to a baseline as much as possible. As the number of configurable settings increase, so does the number of non-working configurations. - It's only tested on Debian because that's what I use, and adding support for more distributions would increase the maintenance/testing burden. - In theory it's very loosely coupled with the apache role, so you should be able to make it work with any other reverse proxy, in practice it was only tested alongside this specific apache configuration, so your mileage may vary. I will accept patches if there are obvious bugs/unwanted dependency on apache though. The other two ansible roles listed (https://github.com/melvin-suter/ansible.gitea and https://github.com/thomas-maurice/ansible-role-gitea) do not look maintained for > a year and they install old gitea versions, so I would start with pinging the maintainers or removing them.
lunny commented 2022-12-19 01:23:24 +00:00
Owner
Copy Link

Ah great, must have overlooked it! To me an ansible role that is well maintained could even be linked in https://docs.gitea.io/ as a standalone "Installation" method.

I haven't taken a closer look at it but the first look I had at it looked quite professional.

@lunny What do you think?

Sorry just noticed this. Looks like Gitea needs a mentioned notification filter. Maybe @nodiscc could send a PR to docs?

> Ah great, must have overlooked it! To me an ansible role that is well maintained could even be linked in https://docs.gitea.io/ as a standalone "Installation" method. > > I haven't taken a closer look at it but the first look I had at it looked quite professional. > > @lunny What do you think? > > Sorry just noticed this. Looks like Gitea needs a mentioned notification filter. Maybe @nodiscc could send a PR to docs?
Sign in to join this conversation.
Reviewers
No reviewers
lunny
pat-s
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: gitea/awesome-gitea#97
No description provided.
Delete Branch ":nodiscc.xsrv.gitea"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?