Add self-contained Gitea Git service with PostgreSQL integration

- Implements complete Gitea Git service following rick-infra self-contained architecture - Uses PostgreSQL infrastructure role as dependency and manages own database/user - Native Arch Linux installation via pacman packages - Automatic database setup (gitea database and user creation) - SystemD service with security hardening and proper dependency management - Caddy reverse proxy integration deployed to sites-enabled directory - SSH server on port 2222 with automatic host key generation - Production-ready with LFS support, security headers, and HTTPS via Caddy - Follows simplified configuration approach with essential variables only - Self-contained pattern: service manages complete setup independently
2025-11-18 22:32:31 +01:00
parent 762d00eebf
commit ddbdefd27f
9 changed files with 442 additions and 34 deletions
--- a/site.yml
+++ b/site.yml
@@ -1,6 +1,4 @@
 ---
-# Core infrastructure deployment with security hardening first
-
 # Security hardening establishes secure foundation before web services
 # - import_playbook: playbooks/security.yml

@@ -10,36 +8,14 @@
  gather_facts: yes
  
  roles:
-    # Infrastructure services
-    - role: postgresql
-      tags: ['postgresql', 'infrastructure', 'database']
-    # - role: caddy
-    #   tags: ['caddy', 'infrastructure', 'web']
-    
+    # # Infrastructure services
+    # - role: postgresql
+    #   tags: ['postgresql', 'infrastructure', 'database']
+    # # - role: caddy
+    # #   tags: ['caddy', 'infrastructure', 'web']
+    # 
    # Application services  
-    - role: sigvild-gallery
-      tags: ['sigvild', 'gallery', 'wedding']
-  
-  post_tasks:
-    - name: Verify Caddy API is accessible
-      uri:
-        url: "http://{{ caddy_admin_listen }}/config/"
-        method: GET
-        status_code: 200
-      retries: 5
-      delay: 2
-
-    - name: Display infrastructure status
-      debug:
-        msg: |
-          ✅ Core infrastructure deployment completed!
-          
-          🌐 Primary domain: {{ caddy_domain }}
-          🔒 HTTPS: {{ 'Enabled with DNS challenge (' + caddy_dns_provider + ')' if caddy_dns_provider else 'Enabled with HTTP challenge' }}
-          🚀 API registration: {{ 'Ready' if caddy_api_enabled else 'Disabled' }}
-          
-          📍 Admin API: http://{{ caddy_admin_listen }} (localhost only)
-          📁 Web root: {{ caddy_web_root }}
-          📝 Logs: {{ caddy_log_dir }}
-          
-           📖 Documentation: docs/caddy-api-registration.md
+    - role: gitea
+      tags: ['gitea', 'git', 'development']
+    # - role: sigvild-gallery
+    #   tags: ['sigvild', 'gallery', 'wedding']