feat: initial commit

roles/gitea/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+gitea_state: present
+gitea_version: 1.13.1
+gitea_docker_compose_directory: /opt/gitea
+gitea_url:  git.localhost

roles/gitea/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+- name: restart gitea
+  service:
+    name: gitea
+    state: restarted
+    daemon_reload: True
+    enabled: True

roles/gitea/tasks/configure.yml

@@ -0,0 +1,14 @@
+---
+- name: configure | deploy systemd configuration
+  template:
+    src: etc/systemd/system/gitea.service.j2
+    dest: /etc/systemd/system/gitea.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: "restart gitea"
+
+- name: ensure that service is started
+  service:
+    name: "gitea"
+    state: started

roles/gitea/tasks/install.yml

@@ -0,0 +1,12 @@
+---
+- name: install | create directory {{ gitea_docker_compose_directory }}
+  file:
+    path: "{{ gitea_docker_compose_directory }}"
+    state: directory
+    mode: 0755
+
+- name: install | set compose file
+  template:
+    src: opt/gitea/docker-compose.yml.j2
+    dest: "{{ gitea_docker_compose_directory }}/docker-compose.yml"
+  notify: 'restart gitea'

roles/gitea/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- include_tasks: "{{ gitea_state }}.yml"

roles/gitea/tasks/present.yml

@@ -0,0 +1,4 @@
+---
+- include_tasks: "install.yml"
+- include_tasks: "configure.yml"
+- include_tasks: "start.yml"

roles/gitea/tasks/start.yml

@@ -0,0 +1,14 @@
+---
+- name: start | ensure gitea is up and running
+  service:
+    name: gitea
+    state: started
+
+- name: start | wait for gitea up and running
+  command: "docker ps"
+  register: result
+  retries: 60
+  changed_when: no
+  until: "'gitea/gitea:{{ gitea_version}}' in result.stdout"
+  tags:
+    - skip_ansible_lint

roles/gitea/tasks/stop.yml

@@ -0,0 +1,5 @@
+---
+- name: stop | ensure gitea is up and running
+  service:
+    name: gitea
+    state: stopped

roles/gitea/templates/etc/systemd/system/gitea.service.j2

@@ -0,0 +1,11 @@
+# {{ ansible_managed }}
+[Unit]
+Description=gitea
+
+[Service]
+Restart=always
+ExecStart=/usr/local/bin/docker-compose -f "{{ gitea_docker_compose_directory }}/docker-compose.yml" up
+ExecStop=/usr/local/bin/docker-compose -f "{{ gitea_docker_compose_directory }}/docker-compose.yml" stop
+
+[Install]
+WantedBy=local.target

roles/gitea/templates/opt/gitea/docker-compose.yml.j2

@@ -0,0 +1,29 @@
+# {{ ansible_managed }}
+
+version: '3.2'
+services:
+    gitea:
+        image: gitea/gitea:{{ gitea_version }}
+        environment:
+          - ROOT_URL="http://{{ gitea_url }}"
+          - DISABLE_SSH=true
+          - DISABLE_REGISTRATION=true
+          - REQUIRE_SIGNIN_VIEW=true
+        restart: always
+        labels:
+          - traefik.enable=true
+          - traefik.docker.network=traefik_network
+          - traefik.backend=gitea
+          - traefik.port=3000
+          - traefik.frontend.rule=Host:{{ gitea_url }}
+        networks:
+          - traefik_network
+        volumes:
+          - gitea:/data
+volumes:
+  gitea:
+    driver: local
+
+networks:
+    traefik_network:
+        external: true

roles/traefik/defaults/main.yml

@@ -0,0 +1,9 @@
+---
+traefik_state: present
+traefik_version: v1.7.28
+traefik_docker_compose_directory: /opt/traefik
+traefik_use_configuration_file: false
+traefik_docker_domain: docker.localhost
+traefik_docker_log_level: ERROR
+traefik_acme_enabled: true
+traefik_dashboard_enabled: false

roles/traefik/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+- name: restart traefik
+  service:
+    name: traefik
+    state: restarted
+    daemon_reload: True
+    enabled: True

roles/traefik/tasks/configure.yml

@@ -0,0 +1,35 @@
+---
+- name: configure | deploy systemd configuration
+  template:
+    src: etc/systemd/system/traefik.service.j2
+    dest: /etc/systemd/system/traefik.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: "restart traefik"
+
+- name: configure | deploy traefik configuration
+  template:
+    src: opt/traefik/traefik.toml.j2
+    dest: "{{ traefik_docker_compose_directory }}/traefik.toml"
+    owner: root
+    group: root
+    mode: 0644
+  notify: "restart traefik"
+
+- name: configure | create acme.json
+  file:
+    path: "{{ traefik_docker_compose_directory }}/acme.json"
+    owner: root
+    group: root
+    state: touch
+    mode: 0600
+  changed_when: no
+
+- name: configure | create network traefik_network
+  command: docker network create traefik_network
+  ignore_errors: yes
+  changed_when: no
+
+- name: configure | flush handlers
+  meta: flush_handlers

roles/traefik/tasks/install.yml

@@ -0,0 +1,12 @@
+---
+- name: install | create directory {{ traefik_docker_compose_directory }}
+  file:
+    path: "{{ traefik_docker_compose_directory }}"
+    state: directory
+    mode: 0755
+
+- name: install | set compose file
+  template:
+    src: opt/traefik/docker-compose.yml.j2
+    dest: "{{ traefik_docker_compose_directory }}/docker-compose.yml"
+  notify: 'restart traefik'

roles/traefik/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- include_tasks: "{{ traefik_state }}.yml"

roles/traefik/tasks/present.yml

@@ -0,0 +1,4 @@
+---
+- include_tasks: "install.yml"
+- include_tasks: "configure.yml"
+- include_tasks: "start.yml"

roles/traefik/tasks/start.yml

@@ -0,0 +1,10 @@
+---
+- name: start | ensure traefik is up and running
+  service:
+    name: traefik
+    state: started
+
+- name: start | wait for traefik up and running
+  wait_for:
+    port: 443
+    delay: 10

roles/traefik/tasks/stop.yml

@@ -0,0 +1,5 @@
+---
+- name: stop | ensure traefik is up and running
+  service:
+    name: traefik
+    state: stopped

roles/traefik/templates/etc/systemd/system/traefik.service.j2

@@ -0,0 +1,13 @@
+# {{ ansible_managed }}
+[Unit]
+Description=Traefik
+Wants=docker.service
+After=docker.service
+ 
+[Service]
+Restart=always
+ExecStart=/usr/local/bin/docker-compose -f "{{ traefik_docker_compose_directory }}/docker-compose.yml" up
+ExecStop=/usr/local/bin/docker-compose -f "{{ traefik_docker_compose_directory }}/docker-compose.yml" down
+
+[Install]
+WantedBy=multi-user.target

roles/traefik/templates/opt/traefik/docker-compose.yml.j2

@@ -0,0 +1,27 @@
+---
+# {{ ansible_managed }}
+version: '3.2'
+services:
+    traefik:
+        image: traefik:{{ traefik_version }}
+        restart: always
+        command: --api --docker # Enables the web UI and tells Traefik to listen to docker
+        ports:
+          - "80:80"     # The HTTP port
+          - "443:443"   # The HTTPS ports
+{% if traefik_dashboard_enabled %}
+          - "8080:8080" # Dashboard port
+{% endif %}
+        volumes:
+          - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
+          - {{ traefik_docker_compose_directory }}/traefik.toml:/traefik.toml
+          - {{ traefik_docker_compose_directory }}/acme.json:/acme.json
+        labels:
+          - traefik.enable=true
+          - traefik.docker.network=traefik_network
+        networks:
+          - traefik_network
+
+networks:
+    traefik_network:
+        external: true

roles/traefik/templates/opt/traefik/traefik.toml.j2

@@ -0,0 +1,43 @@
+# {{ ansible_managed }}
+###Traefik.toml###
+
+logLevel = "{{ traefik_docker_log_level }}"
+defaultEntryPoints = ["http","https"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+{% if not traefik_acme_enabled %}
+    [[entryPoints.https.tls.certificate]]
+    certFile = "/certs/local-cert.pem"
+    keyFile = "/certs/local-key.pem"
+{% endif %}
+
+{% if traefik_dashboard_enabled %}
+[api]
+  # With this you enable the web UI
+  insecure = true
+  dashboard = true
+{% endif %}
+
+{% if traefik_acme_enabled %}
+[acme]
+email = "etienne.besson@gmail.com"
+storage = "acme.json"
+onHostRule = true
+entryPoint = "https" 
+  [acme.tlsChallenge]
+{% endif %}
+
+# Enable Docker configuration backend
+[docker]
+  endpoint = "unix:///var/run/docker.sock"
+  domain = "{{ traefik_docker_domain }}"
+  watch = true
+  exposedByDefault = false 
+