Add self-contained Gitea Git service with PostgreSQL integration

- Implements complete Gitea Git service following rick-infra self-contained architecture - Uses PostgreSQL infrastructure role as dependency and manages own database/user - Native Arch Linux installation via pacman packages - Automatic database setup (gitea database and user creation) - SystemD service with security hardening and proper dependency management - Caddy reverse proxy integration deployed to sites-enabled directory - SSH server on port 2222 with automatic host key generation - Production-ready with LFS support, security headers, and HTTPS via Caddy - Follows simplified configuration approach with essential variables only - Self-contained pattern: service manages complete setup independently
2025-11-18 22:32:31 +01:00
parent 762d00eebf
commit ddbdefd27f
9 changed files with 442 additions and 34 deletions
--- a/roles/gitea/templates/gitea.service.j2
+++ b/roles/gitea/templates/gitea.service.j2
@@ -0,0 +1,33 @@
+# Gitea SystemD Service - Rick-Infra
+# Generated by Ansible Gitea role
+
+[Unit]
+Description=Gitea Git with a cup of tea
+After=network.target postgresql.service
+Wants=postgresql.service
+
+[Service]
+Type=simple
+User={{ gitea_user }}
+Group={{ gitea_group }}
+WorkingDirectory={{ gitea_home }}
+ExecStart=/usr/bin/gitea web --config /etc/gitea/app.ini
+Restart=always
+RestartSec=10
+
+# Security hardening
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectHome=true
+ProtectSystem=strict
+ReadWritePaths={{ gitea_home }}
+ReadWritePaths=/etc/gitea
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+
+# Process limits
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
+
+# Rick-Infra: Self-contained Gitea service with security hardening