You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

6.4 KiB

Forksand Bootstrap Gitea

This Ansible playbook was written to set up a Gitea server on Debian systems.

Table of contents

  1. Requirements
  2. Quick Start
  3. Project Structure
  1. Ansible Logging
  2. Troubleshooting

Requirements

The following applications are required to utilize this playbook. Ansible can be installed using Python PIP.

  • Ansible 2.4.x+
  • Python 2.7.9+

Quick Start

The follow steps will help quickly set up and execute this playbook.

Project Configuration

The following files need to be edited and configured before executing this playbook.

File Description
roles/gitea/default/main.yml Variables for Gitea configuration - (default - standalone with sqlite)
roles/nginx/default/main.yml Variables for Nginx and Letsencrypt configuration
inventory.yml List of server IPs to connect to

Playbook Execution

After having configured the server credentials and added the server IP to the inventory, use the following command to execute the playbook.

ansible-playbook -i inventory.yml site.yml

Project Structure

The following tree depicts the high level structure of this Ansible project.

├── inventory.yml
├── LICENSE.AGPLv3
├── LICENSE.GPLv3
├── README.md
├── roles
│   ├── gitea
│   ├── nginx
├── playbook_execution.log
└── site.yml

File and Directory Descriptions

The following table consists of a description of what each file and directory stands for.

Name Description
site.yml Master playbook. Executes all roles in sequential order
inventory.yml Inventory file containing server IP addresses
ansible.cfg Ansible configuration file for various Ansible options.
roles/ Directory containing all roles needed by this project

Role descriptions

The following table consists of descriptions of each role and their purpose. The roles listed below are listed in the required order of execution to ensure successful completion of the playbook.

Role Name Role Description
gitea This roles performs installation and configuration of Gitea server
nginx This roles performs installation and configuration of Nginx server

Role parameters

Description of the role parameters for each role.

Gitea roles parameters

 # Application name
 gitea_app_name: "Gitea"
 # Application gitea_user_repo_limit
 gitea_user: "gitea"
 # Application home
 gitea_home: "/var/lib/gitea"
 # Repo Limit
 gitea_user_repo_limit: -1
 # Domain Name (FOR REVER PROXY LEAVE AS DEFAULT)
 gitea_http_domain: localhost
 # Gitea url (FOR REVER PROXY LEAVE AS DEFAULT)
 gitea_root_url: http://localhost:3000
 # Protocol (FOR REVER PROXY LEAVE AS DEFAULT)
 gitea_protocol: http
 # listen IP (FOR REVER PROXY LEAVE AS DEFAULT)
 gitea_http_listen: 127.0.0.1
 # Listen port (FOR REVER PROXY LEAVE AS DEFAULT)
 gitea_http_port: 3000
 # HTTP git Options
 gitea_disable_http_git: false
 # Offline mode options
 gitea_offline_mode: true

 ## DB details
 # DB Type 'mysql', 'postgres' or 'sqlite3'
 gitea_db_type: sqlite3
 # DB host
 gitea_db_host: 127.0.0.0:3306
 # DB name
 gitea_db_name: root
 # DB username
 gitea_db_user: gitea
 # DB password
 gitea_db_passord: lel
 # DB ssl options
 gitea_db_ssl: disable
 # DB path (Not needed for postgres and mysql hash it in template file )
 gitea_db_path: "{{ gitea_home }}/data/gitea.db"

 ## SSH Details
 # SSH Listen IP
 gitea_ssh_listen: 0.0.0.0
 # SSH domain
 gitea_ssh_domain: localhost
 # SSH options
 gitea_start_ssh: true
 # SSH post
 gitea_ssh_port: 2222

 # gitea key (GENERATE A NEW KEY)
 gitea_secret_key: T0pS3cr31

 ## General Settings
 # User email settings
 gitea_show_user_email: false
 # User avatar settings
 gitea_disable_gravatar: true
 # User register options
 gitea_disable_registration: false
 # User signup options
 gitea_require_signin: true
 # User captcha options
 gitea_enable_captcha: true

Nginx roles parameters

 # Domain name for the server
 nginx_domain_name: "test.hostnats.com"
 # Gitea listening port
 gitea_http_port: 3000
 # letsencrypt email address
 letsencrypt_email: "test@example.com"

Ansible Logging

Ansible playbook executions are automatically logged to a file called playbook-execution.log in the root directory of the project. The path to this log file can be changed by editing ansible.cfg in the project root directory and specifying a different path.

Troubleshooting

Ansible has a built in debug output. Simple run Ansible with a -v. There are 5 levels of debug output and they are denoted by the number of v's listed. Each level up provide more debug output than the level before it.

Level 1: -v

Level 2: -vv

Level 3: -vvv

Level 4: -vvvv

Level 5: -vvvvv

Example execution with level 3 debug output: ansible-playbook -i inventory.yml site.yml -vvv

MySQL

To use MariaDB Galera cluster, run on one SQL cluster node:

CREATE DATABASE gitea CHARACTER SET utf8 COLLATE utf8_general_ci;

CREATE USER 'gitea'@'10.42.1.163' IDENTIFIED BY 'password';

GRANT ALL PRIVILEGES ON gitea.* TO 'gitea'@'10.42.1.163';

FLUSH PRIVILEGES;

XXX FIX XXX

Disable IPv6 in nginx. Comment out this line in /etc/nginx/sites-enabled/default.conf : listen [::]:80 default_server;

XXX Letsencrypt kludge for SMTP SSL:

Copy over Letencrypt keys for Gitea to use, chown to gitea

XXX will not autorenew

cp -p /etc/letsencrypt/live/code.forksand.com/cert.pem /var/lib/gitea/custom/mailer/cert.pem

cp -p /etc/letsencrypt/live/code.forksand.com/privkey.pem /var/lib/gitea/custom/mailer/key.pem

chmod og-rwx /var/lib/gitea/custom/mailer/cert.pem /var/lib/gitea/custom/mailer/key.pem

chown gitea:root /var/lib/gitea/custom/mailer/cert.pem /var/lib/gitea/custom/mailer/key.pem

Set up tmp dirs

mkdir -p /var/lib/gitea/data/tmp/uploads /var/lib/gitea/data/attachments chown -R gitea:gitea /var/lib/gitea/data/tmp /var/lib/gitea/data/attachments

Mirror Github / OCA repos:

sudo chown jebba /var/lib/gitea/oca cd /var/lib/gitea/oca git clone --mirror https://github.com/OCA/maintainer-tools.git

sudo chown -R gitea:gitea /var/lib/gitea/oca/

Use latest git

apt install -t stretch-backports git