ovh_instance_playbooks/roles/role_deploy_gitea/tasks/main.yml
2024-10-27 23:08:46 +01:00

143 lines
4.2 KiB
YAML

---
- name: Stop container service
ansible.builtin.systemd:
name: container-gitea
state: stopped
become: true
register: result_gitea_systemd_stop
failed_when: "result_gitea_systemd_stop is failed and 'Could not find the requested service' not in result_gitea_systemd_stop.msg"
- name: Check if gitea container is running
command: 'podman ps -q --filter "name=gitea"'
changed_when: false
register: podman_ps
become: true
- name: Assert that no gitea container is running
ansible.builtin.assert:
that:
- podman_ps.stdout_lines | length == 0
- name: Check if restore from backup is already done
stat:
path: /mnt/volumes/restore_states/gitea_restored
register: gitea_restored_flag
when: not gitea_first_install | default(False) | bool
- name: Setup volume
ansible.builtin.include_role:
name: role_setup_volume
vars:
volume: "{{ item }}"
with_items:
- name: gitea_data
size: 1
vol_type: classic
when:
- not gitea_first_install | default(False) | bool
- not gitea_restored_flag.stat.exists
- name: change ownership of duplicity working directories
ansible.builtin.file:
path: "{{ item }}"
owner: "{{ LINUX_USERNAME }}"
group: "{{ LINUX_USERNAME }}"
become: true
with_items:
- "{{ DUPLICITY_WORKDIR }}"
- "{{ DUPLICITY_ARCHIVE_DIR }}"
when:
- not gitea_first_install | default(False) | bool
- not gitea_restored_flag.stat.exists
- name: restore volume backup
ansible.builtin.command:
cmd: "duplicity restore --archive-dir {{ DUPLICITY_ARCHIVE_DIR }} --name {{ item }} swift://{{ item }} /mnt/volumes/{{ item }}/data"
environment:
SWIFT_USERNAME: "{{ OS_USERNAME }}"
SWIFT_PASSWORD: "{{ OS_PASSWORD }}"
SWIFT_AUTHURL: "{{ OS_AUTH_URL }}"
SWIFT_REGIONNAME: "{{ SWIFT_REGIONNAME }}"
SWIFT_TENANTNAME: "{{ OS_TENANT_NAME }}"
SWIFT_AUTHVERSION: "{{ OS_IDENTITY_API_VERSION }}"
PASSPHRASE: "{{ duplicity_passphrase }}"
# /usr/bin/duplicity uses "-s" python argument to prevent loading modules from user's python directory,
# this variable will override that.
PYTHONPATH: ".local/lib/python3.9/site-packages"
register: duplicity_result
with_items:
- gitea_data
failed_when: duplicity_result is failed and (duplicity_result.rc is not defined or duplicity_result.rc != 11)
changed_when: duplicity_result.rc is defined and duplicity_result.rc == 0
become: true
when:
- not gitea_first_install | default(False) | bool
- not gitea_restored_flag.stat.exists
- debug: var=gitea_db_password
- name: Create gitea container
containers.podman.podman_container:
name: gitea
image: docker.io/gitea/gitea:1.22.3
state: present
network:
- reverse-proxy
- mysqlnet
ports:
- 2223:22/tcp
volume:
- /mnt/volumes/gitea_data/data:/data:Z
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=mysql
- GITEA__database__HOST=mysql-server:3306
- GITEA__database__NAME=gitea
- GITEA__database__USER=gitea
- GITEA__database__PASSWD={{ gitea_db_password }}
dns_search: "{{ SHORTNAME }}-sub.{{ DOMAIN }}"
generate_systemd:
path: /etc/systemd/system
become: true
- name: start/enable container service
ansible.builtin.systemd:
daemon-reload: true
name: container-gitea
state: started
enabled: true
become: true
- name: Add git.{{ DOMAIN }} to /etc/hosts
ansible.builtin.lineinfile:
path: "/etc/hosts"
line: "127.0.0.1 git2.{{ DOMAIN }} git2"
become: true
- name: Allow git SSH port
ansible.posix.firewalld:
zone: public
port: 2223/tcp
permanent: true
immediate: true
state: enabled
become: true
# A local volume is needed to store restore states
- name: Create /mnt/volumes/restore_states directory if it does not exist
ansible.builtin.file:
path: "/mnt/volumes/restore_states"
state: directory
mode: '0755'
become: true
when: not gitea_restored_flag.stat.exists or gitea_first_install | default(False) | bool
- name: Create gitea_restored state file
ansible.builtin.file:
path: "/mnt/volumes/restore_states/gitea_restored"
state: touch
mode: '0755'
become: true
when: not gitea_restored_flag.stat.exists or gitea_first_install | default(False) | bool