From 0b60fba148c72a316a4781ceff0088c058a58848 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Thu, 29 Dec 2022 12:32:46 +0100
Subject: [PATCH] add gitea

---
 Makefile                             |  25 ++++++-
 README.md                            |   6 +-
 playbooks/all.yml                    |   5 +-
 playbooks/gitea.yml                  |   4 ++
 roles/gitea/files/app.ini            | 100 +++++++++++++++++++++++++++
 roles/gitea/files/docker-compose.yml |  24 +++++++
 roles/gitea/meta/main.yml            |   3 +
 roles/gitea/tasks/main.yml           |  31 +++++++++
 roles/gitea/vars/main.yml            |  23 ++++++
 roles/nsd/files/zones/pizzapim.nl    |   4 +-
 roles/nsd/tasks/main.yml             |   1 -
 11 files changed, 218 insertions(+), 8 deletions(-)
 create mode 100644 playbooks/gitea.yml
 create mode 100644 roles/gitea/files/app.ini
 create mode 100644 roles/gitea/files/docker-compose.yml
 create mode 100644 roles/gitea/meta/main.yml
 create mode 100644 roles/gitea/tasks/main.yml
 create mode 100644 roles/gitea/vars/main.yml

diff --git a/Makefile b/Makefile
index c190226..2bfda54 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,25 @@
-%:
-	ansible-playbook playbooks/$@.yml -i inventory/hosts.yml --ask-vault-pass
+all:
+	ansible-playbook playbooks/all.yml -i inventory/hosts.yml --ask-vault-pass
+
+mastodon:
+	ansible-playbook playbooks/mastodon.yml -i inventory/hosts.yml --ask-vault-pass
+
+syncthing:
+	ansible-playbook playbooks/syncthing.yml -i inventory/hosts.yml --ask-vault-pass
+
+nsd:
+	ansible-playbook playbooks/nsd.yml -i inventory/hosts.yml --ask-vault-pass
+
+gitea:
+	ansible-playbook playbooks/gitea.yml -i inventory/hosts.yml --ask-vault-pass
+
+radicale:
+	ansible-playbook playbooks/radicale.yml -i inventory/hosts.yml
+
+pizzeria:
+	ansible-playbook playbooks/pizzeria.yml -i inventory/hosts.yml
+
+ssh:
+	ansible-playbook playbooks/ssh.yml -i inventory/hosts.yml
 
 .PHONY: run
diff --git a/README.md b/README.md
index 1a2e35f..27051c3 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,8 @@ GitLab? Gitea?
 
 Seems to be a little annoying with all the docker stuff
 
-### Mastodon
+### Matrix
 
-Fix cache filling up so much space: cronjob to remove them?
+yes
+
+### Peertube?
diff --git a/playbooks/all.yml b/playbooks/all.yml
index 90d5952..10ca1f7 100644
--- a/playbooks/all.yml
+++ b/playbooks/all.yml
@@ -2,6 +2,7 @@
   hosts: nucs
   roles:
     - ssh
-    - pizzeria
-    - syncthing
     - nsd
+    - syncthing
+    - pizzeria
+    - gitea
diff --git a/playbooks/gitea.yml b/playbooks/gitea.yml
new file mode 100644
index 0000000..6a91e66
--- /dev/null
+++ b/playbooks/gitea.yml
@@ -0,0 +1,4 @@
+- name: Install gitea
+  hosts: nucs
+  roles:
+    - gitea
diff --git a/roles/gitea/files/app.ini b/roles/gitea/files/app.ini
new file mode 100644
index 0000000..1d6d748
--- /dev/null
+++ b/roles/gitea/files/app.ini
@@ -0,0 +1,100 @@
+APP_NAME = Gitea: Git with a cup of tea
+RUN_MODE = prod
+RUN_USER = git
+
+[repository]
+ROOT = /data/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH    = /data/gitea
+DOMAIN           = localhost
+SSH_DOMAIN       = localhost
+HTTP_PORT        = 3000
+ROOT_URL         = {{ gitea.root_url }}
+DISABLE_SSH      = false
+SSH_PORT         = 22
+SSH_LISTEN_PORT  = 22
+LFS_START_SERVER = true
+LFS_JWT_SECRET   = {{ gitea.lfs_jwt_secret }}
+OFFLINE_MODE     = false
+
+[database]
+PATH     = /data/gitea/gitea.db
+DB_TYPE  = sqlite3
+HOST     = localhost:3306
+NAME     = gitea
+USER     = root
+PASSWD   = 
+LOG_SQL  = false
+SCHEMA   = 
+SSL_MODE = disable
+CHARSET  = utf8
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+PROVIDER        = file
+
+[picture]
+AVATAR_UPLOAD_PATH            = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+DISABLE_GRAVATAR              = false
+ENABLE_FEDERATED_AVATAR       = true
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+MODE      = console
+LEVEL     = info
+ROUTER    = console
+ROOT_PATH = /data/gitea/log
+
+[security]
+INSTALL_LOCK                  = true
+SECRET_KEY                    = 
+REVERSE_PROXY_LIMIT           = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
+INTERNAL_TOKEN                = {{ gitea.internal_token }}
+PASSWORD_HASH_ALGO            = pbkdf2
+
+[service]
+DISABLE_REGISTRATION              = true
+REQUIRE_SIGNIN_VIEW               = false
+REGISTER_EMAIL_CONFIRM            = false
+ENABLE_NOTIFY_MAIL                = true
+ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+ENABLE_CAPTCHA                    = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING       = true
+NO_REPLY_ADDRESS                  = noreply.localhost
+
+[lfs]
+PATH = /data/git/lfs
+
+[mailer]
+ENABLED = true
+HOST    = {{ gitea.mailer_host }}
+FROM    = {{ gitea.mailer_from }}
+USER    = 
+PASSWD  = 
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+
+[repository.pull-request]
+DEFAULT_MERGE_STYLE = merge
+
+[repository.signing]
+DEFAULT_TRUST_MODEL = committer
+
diff --git a/roles/gitea/files/docker-compose.yml b/roles/gitea/files/docker-compose.yml
new file mode 100644
index 0000000..d210fe0
--- /dev/null
+++ b/roles/gitea/files/docker-compose.yml
@@ -0,0 +1,24 @@
+version: "3"
+
+networks:
+  gitea:
+    external: false
+
+services:
+  server:
+    image: gitea/gitea:1.17.4
+    container_name: gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+    restart: always
+    networks:
+      - gitea
+    volumes:
+      - /data/gitea:/data
+      - /apps/gitea/conf:/data/gitea/conf
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3003:3000"
+      # - "22:22" # Look into this some more later. Obviously needed for git.
diff --git a/roles/gitea/meta/main.yml b/roles/gitea/meta/main.yml
new file mode 100644
index 0000000..090690b
--- /dev/null
+++ b/roles/gitea/meta/main.yml
@@ -0,0 +1,3 @@
+dependencies:
+  - role: common
+  - role: docker
diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
new file mode 100644
index 0000000..24ee294
--- /dev/null
+++ b/roles/gitea/tasks/main.yml
@@ -0,0 +1,31 @@
+- name: Create app directory
+  file:
+    path: /apps/gitea
+    state: directory
+- name: Copy Docker Compose script
+  copy:
+    src: "{{ role_path }}/files/docker-compose.yml"
+    dest: /apps/gitea/docker-compose.yml
+- name: Create data directory
+  file:
+    path: /data/gitea
+    state: directory
+    owner: 1000
+    group: 1000
+- name: Copy conf directory
+  file:
+    path: /apps/gitea/conf
+    state: directory
+    owner: 1000
+    group: 1000
+- name: Copy app.ini
+  template:
+    src: "{{ role_path }}/files/app.ini"
+    dest: /apps/gitea/conf/app.ini
+  register: config
+- name: Start the Docker Compose
+  community.docker.docker_compose:
+    project_src: /apps/gitea
+    pull: true
+    remove_orphans: true
+    restarted: "{{ config.changed }}"
diff --git a/roles/gitea/vars/main.yml b/roles/gitea/vars/main.yml
new file mode 100644
index 0000000..fb2d26d
--- /dev/null
+++ b/roles/gitea/vars/main.yml
@@ -0,0 +1,23 @@
+gitea:
+  root_url: "https://git.pizzapim.nl"
+  mailer_host: "smtp.tweak.nl:587"
+  mailer_from: "gitea@kunis.nl"
+  lfs_jwt_secret: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          66613032363837346461326131303839646332646233633736623865346135623739343233396165
+          6530326162323466623939393133623336366466343837620a613532616365646137326138383235
+          32313264653262656564336531646662323039623865393366616536633531306430336137313862
+          3361373539373561390a653236306433393737616561306236343362396438366134313032656233
+          35626364373961613361366138383566353463626136393861383934326263383336393766623063
+          3434656437663165376635326139383065383861386133623765
+  internal_token: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          62633334656235613035343830326237633637626639363465313861323734393766636464303862
+          3936306561343863316630616164616537323537333262650a336337303232623832636666353038
+          64313134383330646537356432383332386238373835656663313431373939373630373566396339
+          6561643037383666340a643464326531623731303564646464376239613263643761643766623930
+          37623362326561346262306331376663313661633635323435333339396138383134303364306532
+          37353264363737643965643932356336633734316534303262336461313038626538396536333964
+          36353635323731353061393430656166363263366437313434336139616666326335633037663336
+          37353665613938613731316330396461343632643039643864343164303937613263343262623964
+          33366364636339623633653035313736653563363064646233383437373431373232
diff --git a/roles/nsd/files/zones/pizzapim.nl b/roles/nsd/files/zones/pizzapim.nl
index b1647f2..67fa9ce 100644
--- a/roles/nsd/files/zones/pizzapim.nl
+++ b/roles/nsd/files/zones/pizzapim.nl
@@ -1,7 +1,7 @@
 $ORIGIN pizzapim.nl.
 $TTL 60
 
-pizzapim.nl.	IN 	SOA	ns.pizzapim.nl. pim.kunis.nl. 2022121400 1800 3600 1209600 3600
+pizzapim.nl.	IN 	SOA	ns.pizzapim.nl. pim.kunis.nl. 2022122900 1800 3600 1209600 3600
 
 			NS	ns.pizzapim.nl.
 			NS	ns0.transip.net.
@@ -22,3 +22,5 @@ social		IN	A	82.197.212.198
 			AAAA	2a02:58:19a:f730:da5e:d3ff:fe47:336e
 dav		IN	A	82.197.212.198
 			AAAA	2a02:58:19a:f730:da5e:d3ff:fe47:336e
+git		IN	A	82.197.212.198
+			AAAA	2a02:58:19a:f730:da5e:d3ff:fe47:336e
diff --git a/roles/nsd/tasks/main.yml b/roles/nsd/tasks/main.yml
index b81ee47..32d67c2 100644
--- a/roles/nsd/tasks/main.yml
+++ b/roles/nsd/tasks/main.yml
@@ -84,4 +84,3 @@
   docker_compose:
     project_src: /apps/nsd
     restarted: true
-  when: create_zsk is not skipped