152 lines
No EOL
3.6 KiB
YAML
152 lines
No EOL
3.6 KiB
YAML
---
|
|
- name: Update web servers
|
|
hosts: all
|
|
remote_user: root
|
|
vars:
|
|
forgejo: 1.20.2-0
|
|
domain: git.keks.cloud
|
|
sslmail: admin@keks.cloud
|
|
handlers:
|
|
- name: Restart forgejo
|
|
ansible.builtin.service:
|
|
name: "forgejo"
|
|
state: restarted
|
|
- name: Restart nginx
|
|
ansible.builtin.service:
|
|
name: "nginx"
|
|
state: restarted
|
|
tasks:
|
|
- name: Install a list of packages
|
|
ansible.builtin.apt:
|
|
pkg:
|
|
- mariadb-server
|
|
- python3-pymysql
|
|
- nginx
|
|
- certbot
|
|
- python3-certbot-nginx
|
|
- git
|
|
|
|
- name: Add the user 'git'
|
|
ansible.builtin.user:
|
|
name: git
|
|
comment: Git Username
|
|
home: /home/git
|
|
shell: /bin/bash
|
|
- name: Create /var/lib/forgejo
|
|
ansible.builtin.file:
|
|
path: /var/lib/forgejo
|
|
state: directory
|
|
owner: git
|
|
group: git
|
|
mode: '0750'
|
|
- name: Create /etc/forgejo
|
|
ansible.builtin.file:
|
|
path: /etc/forgejo
|
|
state: directory
|
|
owner: git
|
|
group: git
|
|
mode: '0500'
|
|
|
|
- name: Create /usr/local/bin/
|
|
ansible.builtin.file:
|
|
path: /usr/local/bin/
|
|
state: directory
|
|
owner: git
|
|
group: git
|
|
mode: '0500'
|
|
|
|
- name: Download Forgejo
|
|
get_url:
|
|
url: "https://codeberg.org/forgejo/forgejo/releases/download/v{{ forgejo }}/forgejo-{{ forgejo }}-linux-amd64"
|
|
dest: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64"
|
|
mode: '0755'
|
|
|
|
- name: Create a symbolic link
|
|
ansible.builtin.file:
|
|
src: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64"
|
|
dest: "/usr/local/bin/forgejo"
|
|
state: link
|
|
notify:
|
|
- Restart forgejo
|
|
|
|
#NGINX + Certbot
|
|
- name: NGINX Check that the forgejo.conf exists
|
|
stat:
|
|
path: /etc/nginx/sites-enabled/forgejo.conf
|
|
register: stat_result
|
|
|
|
- name: NGINX Template forgejo.service
|
|
ansible.builtin.template:
|
|
src: forgejo.conf
|
|
dest: /etc/nginx/sites-enabled/forgejo.conf
|
|
when: not stat_result.stat.exists
|
|
notify:
|
|
- Restart nginx
|
|
|
|
- name: Allow all access to tcp port 80
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: '80'
|
|
proto: tcp
|
|
|
|
- name: Allow all access to tcp port 443
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: '443'
|
|
proto: tcp
|
|
|
|
|
|
- name: NGINX Check that the forgejo.conf exists
|
|
stat:
|
|
path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
|
|
register: ssl_file_result
|
|
|
|
- name: Return motd to registered var
|
|
ansible.builtin.command: certbot -n --nginx --agree-tos -m {{ sslmail }} -d {{ domain }}
|
|
when: not ssl_file_result.stat.exists
|
|
notify:
|
|
- Restart nginx
|
|
|
|
|
|
|
|
#Database
|
|
- name: Create a new database with name 'forgejo'
|
|
community.mysql.mysql_db:
|
|
name: forgejo
|
|
state: present
|
|
login_unix_socket: /run/mysqld/mysqld.sock
|
|
|
|
- name: Removes anonymous user account for localhost
|
|
community.mysql.mysql_user:
|
|
name: ''
|
|
host: localhost
|
|
state: absent
|
|
login_unix_socket: /run/mysqld/mysqld.sock
|
|
|
|
- name: Removes all anonymous user accounts
|
|
community.mysql.mysql_user:
|
|
name: ''
|
|
host_all: true
|
|
state: absent
|
|
login_unix_socket: /run/mysqld/mysqld.sock
|
|
|
|
|
|
- name: Create database user forgejo
|
|
community.mysql.mysql_user:
|
|
name: forgejo
|
|
password: "{{ mariadbpassword }}"
|
|
priv: 'forgejo.*:ALL'
|
|
state: present
|
|
login_unix_socket: /run/mysqld/mysqld.sock
|
|
|
|
- name: Template forgejo.service
|
|
ansible.builtin.template:
|
|
src: forgejo.service
|
|
dest: /etc/systemd/system/forgejo.service
|
|
|
|
- name: Template forgejo.service
|
|
ansible.builtin.template:
|
|
src: app.ini
|
|
dest: /etc/forgejo/app.ini
|
|
notify:
|
|
- Restart forgejo |