# Gitea Git Service Role

Self-contained Gitea Git service for rick-infra following the established architectural patterns.

## Features

- ✅ **Self-contained**: Manages its own database and configuration
- ✅ **Native Arch installation**: Uses pacman packages
- ✅ **PostgreSQL integration**: Uses shared PostgreSQL infrastructure
- ✅ **Caddy integration**: Deploys reverse proxy configuration
- ✅ **Security hardened**: SystemD restrictions and secure defaults
- ✅ **Production ready**: HTTPS, SSH access, LFS support

## Architecture

- **Dependencies**: PostgreSQL infrastructure role
- **Database**: Self-managed gitea database and user
- **Network**: HTTP on :3000, SSH on :2222 (localhost)
- **Web access**: https://git.domain.com (via Caddy)
- **SSH access**: ssh://git@git.domain.com:2222

## Configuration

Key variables (defaults in `defaults/main.yml`):

```yaml
# Service
gitea_service_enabled: true
gitea_http_port: 3000
gitea_ssh_port: 2222

# Domain 
gitea_subdomain: "git"
gitea_domain: "{{ caddy_domain }}"

# Database (self-managed)
gitea_db_name: "gitea"
gitea_db_user: "gitea" 
gitea_db_password: "{{ vault_gitea_db_password }}"

# Application
gitea_app_name: "Gitea: Git with a cup of tea"
gitea_disable_registration: false
gitea_enable_lfs: true
```

## Usage

1. **Add vault password**: Set `vault_gitea_db_password` in host_vars vault
2. **Deploy**: `ansible-playbook site.yml --tags gitea`
3. **Access**: Visit https://git.yourdomain.com to set up admin account

## Dependencies

- PostgreSQL infrastructure role (auto-included)
- Caddy web server (for HTTPS access)
- Vault password: `vault_gitea_db_password`

## Self-Contained Design

This role follows rick-infra's self-contained service pattern:
- Creates its own database and user via PostgreSQL infrastructure
- Manages its own configuration and data
- Deploys its own Caddy reverse proxy config
- Independent lifecycle from other services

---

**Rick-Infra Gitea Service**  
Git repository management with integrated CI/CD capabilities.