joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bf53700b7e23dc8079f4213713100af499fe19b6
rick-infra/roles/gitea/tasks/main.yml
Joakim bf53700b7e Fix Gitea PostgreSQL socket permission issue 
- Add git user to postgres group for Unix socket access
- Ensure PostgreSQL socket directory has proper permissions
- Add socket connectivity test before database operations
- Update database tasks to use explicit socket parameters
- Add missing database privileges grant task

Resolves timeout issue in 'waiting for gitea to be ready' task
caused by permission denied errors when accessing PostgreSQL
Unix socket. Follows same pattern as working Authentik role.
2025-12-11 19:33:49 +01:00

151 lines
3.6 KiB
YAML
Raw Blame History

---
# Gitea Service Role - Self-Contained Implementation
# Manages Gitea Git service with own database
- name: Install Gitea from Arch repository
pacman:
name: gitea
state: present
- name: Install Git
pacman:
name: git
state: present
- name: Create Gitea user and group
user:
name: "{{ gitea_user }}"
group: "{{ gitea_group }}"
system: yes
shell: /bin/bash
home: "{{ gitea_home }}"
create_home: yes
- name: Create Gitea directories
file:
path: "{{ item }}"
state: directory
owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
mode: '0755'
loop:
- "{{ gitea_home }}"
- "{{ gitea_home }}/data"
- "{{ gitea_home }}/repositories"
- "{{ gitea_home }}/log"
- /etc/gitea
- name: Create Gitea SSH directory with proper permissions
file:
path: "{{ gitea_home }}/.ssh"
state: directory
owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
mode: '0700'
# Socket access setup (following Authentik pattern)
- name: Add git user to postgres group for socket access
user:
name: "{{ gitea_user }}"
groups: postgres
append: true
- name: Ensure git can access PostgreSQL socket directory
file:
path: "/var/run/postgresql"
mode: '0770'
group: postgres
become: true
- name: Test PostgreSQL socket connectivity
postgresql_ping:
login_unix_socket: "/var/run/postgresql"
login_user: "{{ gitea_user }}"
become: true
become_user: "{{ gitea_user }}"
# Self-contained database management
- name: Create Gitea database user via socket
postgresql_user:
name: "{{ gitea_db_user }}"
password: "{{ gitea_db_password }}"
encrypted: yes
login_unix_socket: "/var/run/postgresql"
login_user: postgres
become: true
become_user: postgres
- name: Create Gitea database via socket
postgresql_db:
name: "{{ gitea_db_name }}"
owner: "{{ gitea_db_user }}"
encoding: UTF8
template: template0
login_unix_socket: "/var/run/postgresql"
login_user: postgres
become: true
become_user: postgres
- name: Grant Gitea database privileges
postgresql_privs:
db: "{{ gitea_db_name }}"
privs: ALL
type: database
role: "{{ gitea_db_user }}"
login_unix_socket: "/var/run/postgresql"
login_user: postgres
become: true
become_user: postgres
- name: Deploy Gitea configuration
template:
src: app.ini.j2
dest: /etc/gitea/app.ini
owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
mode: '0600'
notify: restart gitea
- name: Deploy Gitea systemd service file
template:
src: gitea.service.j2
dest: /etc/systemd/system/gitea.service
mode: '0644'
notify:
- reload systemd
- restart gitea
- name: Deploy Caddy configuration for Gitea
template:
src: gitea.caddy.j2
dest: "{{ caddy_sites_enabled_dir }}/gitea.caddy"
mode: '0644'
notify: reload caddy
when: caddy_sites_enabled_dir is defined
- name: Enable and start Gitea service
systemd:
name: gitea
enabled: "{{ gitea_service_enabled }}"
state: "{{ gitea_service_state }}"
daemon_reload: yes
- name: Wait for Gitea to be ready
wait_for:
port: "{{ gitea_http_port }}"
host: "127.0.0.1"
timeout: 30
when: gitea_service_state == "started"
- name: Display Gitea service status
debug:
msg: |
✅ Gitea Git service deployed successfully!
🌐 Web Interface: https://{{ gitea_full_domain }}
🔗 SSH Clone: ssh://git@{{ gitea_full_domain }}:{{ gitea_ssh_port }}
📦 Local HTTP: http://127.0.0.1:{{ gitea_http_port }}
🗄️ Database: {{ gitea_db_name }} (self-managed)
🏗️ Self-contained service ready for Git repositories!
Reference in New Issue View Git Blame Copy Permalink