From 20e33f8d906de3ce5743ad9a67786d2a068d6e2c Mon Sep 17 00:00:00 2001
From: yohan <783b8c87@scimetis.net>
Date: Thu, 31 Oct 2024 16:57:59 +0100
Subject: [PATCH] Add gitea reverse-proxy configuration.

---
 roles/role_deploy_gitea/tasks/main.yml        | 27 +++++++++++++++++++
 .../templates/reverse-proxy-gitea.conf.j2     |  8 ++++++
 2 files changed, 35 insertions(+)
 create mode 100644 roles/role_deploy_gitea/templates/reverse-proxy-gitea.conf.j2

diff --git a/roles/role_deploy_gitea/tasks/main.yml b/roles/role_deploy_gitea/tasks/main.yml
index 3df589f..a058593 100644
--- a/roles/role_deploy_gitea/tasks/main.yml
+++ b/roles/role_deploy_gitea/tasks/main.yml
@@ -113,6 +113,33 @@
     line: "127.0.0.1       git2.{{ DOMAIN }}       git2"
   become: true
 
+- name: Template reverse-proxy configuration
+  ansible.builtin.template:
+    src: "{{ item }}.j2"
+    dest: "/mnt/volumes/reverse-proxy_conf/data/{{ item }}"
+  become: true
+  with_items:
+    - reverse-proxy-gitea.conf
+
+- name: Enable reverse-proxy configuration
+  containers.podman.podman_container_exec:
+    name: reverse-proxy
+    command: 'sh -c ''a2ensite reverse-proxy-gitea && service apache2 reload'''
+  become: true
+
+- name: Check if lets encrypt certificate installation is already done
+  stat:
+    path: /mnt/volumes/reverse-proxy_conf/data/reverse-proxy-gitea-le-ssl.conf
+  register: gitea_certificate_flag
+  become: true
+
+- name: Install lets encrypt certificate
+  containers.podman.podman_container_exec:
+    name: reverse-proxy
+    command: 'sh -c ''certbot --apache -vvv --domains gitea.{{ DOMAIN }} -m {{ recipient_email }} --agree-tos --reinstall --redirect --hsts --non-interactive'''
+  become: true
+  when: not gitea_certificate_flag.stat.exists
+
 - name: Allow git SSH port
   ansible.posix.firewalld:
     zone: public
diff --git a/roles/role_deploy_gitea/templates/reverse-proxy-gitea.conf.j2 b/roles/role_deploy_gitea/templates/reverse-proxy-gitea.conf.j2
new file mode 100644
index 0000000..35d6618
--- /dev/null
+++ b/roles/role_deploy_gitea/templates/reverse-proxy-gitea.conf.j2
@@ -0,0 +1,8 @@
+<VirtualHost *:80>
+    ServerName gitea.{{ DOMAIN }}
+    ServerAdmin postmaster@{{ DOMAIN }}
+    ProxyPreserveHost on
+    ProxyPass / http://gitea:3000/
+    ProxyPassReverse / http://gitea:3000/
+    ProxyRequests Off
+</VirtualHost>