--- - name: Validate required passwords are set ansible.builtin.assert: that: - gitea_postgres_password is defined - gitea_postgres_password | length >= 12 fail_msg: | gitea_postgres_password is required (min 12 chars). See roles/gitea/defaults/main.yml for configuration instructions. success_msg: "Password validation passed" - name: Create PostgreSQL user for Gitea community.postgresql.postgresql_user: name: "{{ gitea_postgres_user }}" password: "{{ gitea_postgres_password }}" state: present become: false become_user: "{{ postgres_admin_user }}" - name: Create PostgreSQL database for Gitea community.postgresql.postgresql_db: name: "{{ gitea_postgres_db_name }}" owner: "{{ gitea_postgres_user }}" state: present become: false become_user: "{{ postgres_admin_user }}" - name: Grant all privileges on database to Gitea user community.postgresql.postgresql_privs: login_db: "{{ gitea_postgres_db_name }}" roles: "{{ gitea_postgres_user }}" type: database privs: ALL state: present become: false become_user: "{{ postgres_admin_user }}" - name: Ensure Gitea user has no superuser privileges community.postgresql.postgresql_user: name: "{{ gitea_postgres_user }}" role_attr_flags: NOSUPERUSER,NOCREATEDB,NOCREATEROLE state: present become: false become_user: "{{ postgres_admin_user | default('postgres') }}" - name: Create PostgreSQL schema for Gitea community.postgresql.postgresql_schema: name: "{{ gitea_postgres_schema }}" database: "{{ gitea_postgres_db_name }}" owner: "{{ gitea_postgres_user }}" state: present become: false become_user: "{{ postgres_admin_user | default('postgres') }}" - name: Grant schema permissions to Gitea user community.postgresql.postgresql_privs: login_db: "{{ gitea_postgres_db_name }}" roles: "{{ gitea_postgres_user }}" type: schema objs: "{{ gitea_postgres_schema }}" privs: CREATE,USAGE state: present become: false become_user: "{{ postgres_admin_user | default('postgres') }}" - name: Create Gitea project directory ansible.builtin.file: path: "{{ podman_projects_dir | default('/opt/podman') }}/gitea" state: directory owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: "0755" - name: Create Gitea data directory ansible.builtin.file: path: "{{ gitea_data_dir }}" state: directory owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: "0755" - name: Deploy Kubernetes YAML for Gitea ansible.builtin.template: src: gitea.yaml.j2 dest: "{{ podman_projects_dir | default('/opt/podman') }}/gitea/gitea.yaml" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: "0644" notify: Restart gitea - name: Get home directory for {{ ansible_user }} ansible.builtin.getent: database: passwd key: "{{ ansible_user }}" - name: Set user home directory fact ansible.builtin.set_fact: user_home_dir: "{{ getent_passwd[ansible_user][4] }}" - name: Create systemd user directory for Gitea ansible.builtin.file: path: "{{ user_home_dir }}/.config/systemd/user" state: directory owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: "0755" - name: Create systemd service for Gitea (user scope) ansible.builtin.template: src: gitea.service.j2 dest: "{{ user_home_dir }}/.config/systemd/user/gitea.service" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: "0644" notify: Reload systemd user - name: Enable lingering for user {{ ansible_user }} ansible.builtin.command: "loginctl enable-linger {{ ansible_user }}" when: ansible_user != 'root' - name: Enable and start Gitea service (user scope) ansible.builtin.systemd: name: gitea.service enabled: true state: started scope: user become: false become_user: "{{ ansible_user }}" - name: Deploy nginx vhost configuration for Gitea ansible.builtin.template: src: nginx-vhost.conf.j2 dest: "{{ nginx_conf_dir | default('/etc/nginx/conf.d') }}/gitea.conf" owner: root group: root mode: "0644" when: gitea_nginx_enabled notify: Reload nginx - name: Remove nginx vhost configuration for Gitea ansible.builtin.file: path: "{{ nginx_conf_dir | default('/etc/nginx/conf.d') }}/gitea.conf" state: absent when: not gitea_nginx_enabled notify: Reload nginx