joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9e570ac2a3b62c0b6870a786fa9a567683cb140e
rick-infra/roles/gitea
History
Joakim bf53700b7e Fix Gitea PostgreSQL socket permission issue 
- Add git user to postgres group for Unix socket access
- Ensure PostgreSQL socket directory has proper permissions
- Add socket connectivity test before database operations
- Update database tasks to use explicit socket parameters
- Add missing database privileges grant task

Resolves timeout issue in 'waiting for gitea to be ready' task
caused by permission denied errors when accessing PostgreSQL
Unix socket. Follows same pattern as working Authentik role.
2025-12-11 19:33:49 +01:00
..
defaults
Switching over to using unix sockets for ICP
2025-11-26 16:07:48 +01:00
handlers
Add self-contained Gitea Git service with PostgreSQL integration
2025-11-18 22:33:56 +01:00
meta
Add self-contained Gitea Git service with PostgreSQL integration
2025-11-18 22:33:56 +01:00
tasks
Fix Gitea PostgreSQL socket permission issue
2025-12-11 19:33:49 +01:00
templates
Switching over to using unix sockets for ICP
2025-11-26 16:07:48 +01:00
README.md
Add self-contained Gitea Git service with PostgreSQL integration
2025-11-18 22:33:56 +01:00

README.md

Gitea Git Service Role

Self-contained Gitea Git service for rick-infra following the established architectural patterns.

Features

  • Self-contained: Manages its own database and configuration
  • Native Arch installation: Uses pacman packages
  • PostgreSQL integration: Uses shared PostgreSQL infrastructure
  • Caddy integration: Deploys reverse proxy configuration
  • Security hardened: SystemD restrictions and secure defaults
  • Production ready: HTTPS, SSH access, LFS support

Architecture

  • Dependencies: PostgreSQL infrastructure role
  • Database: Self-managed gitea database and user
  • Network: HTTP on :3000, SSH on :2222 (localhost)
  • Web access: https://git.domain.com (via Caddy)
  • SSH access: ssh://git@git.domain.com:2222

Configuration

Key variables (defaults in defaults/main.yml):

# Service
gitea_service_enabled: true
gitea_http_port: 3000
gitea_ssh_port: 2222

# Domain 
gitea_subdomain: "git"
gitea_domain: "{{ caddy_domain }}"

# Database (self-managed)
gitea_db_name: "gitea"
gitea_db_user: "gitea" 
gitea_db_password: "{{ vault_gitea_db_password }}"

# Application
gitea_app_name: "Gitea: Git with a cup of tea"
gitea_disable_registration: false
gitea_enable_lfs: true

Usage

  1. Add vault password: Set vault_gitea_db_password in host_vars vault
  2. Deploy: ansible-playbook site.yml --tags gitea
  3. Access: Visit https://git.yourdomain.com to set up admin account

Dependencies

  • PostgreSQL infrastructure role (auto-included)
  • Caddy web server (for HTTPS access)
  • Vault password: vault_gitea_db_password

Self-Contained Design

This role follows rick-infra's self-contained service pattern:

  • Creates its own database and user via PostgreSQL infrastructure
  • Manages its own configuration and data
  • Deploys its own Caddy reverse proxy config
  • Independent lifecycle from other services

Rick-Infra Gitea Service
Git repository management with integrated CI/CD capabilities.

Reference in New Issue View Git Blame Copy Permalink