Added role to install gogs the git server

roles/service-gogs/defaults/main.yml

@@ -0,0 +1,26 @@
+gogs_group: gogs
+gogs_user: gogs
+gogs_home: /opt/gogs
+
+gogs_version: 0.9.97
+gogs_os: linux
+gogs_arch: amd64
+gogs_archive_format: tar.gz
+gogs_package_name: "gogs_v{{ gogs_version }}_{{ gogs_os }}_{{gogs_arch}}.{{ gogs_archive_format }}"
+gogs_package_url: "https://dl.gogs.io/{{ gogs_package_name }}"
+gogs_archive: "{{ ansible_env.HOME }}/{{ gogs_package_name }}"
+
+gogs_repo_dir: "{{ gogs_home }}/repo"
+gogs_config_file: "{{ gogs_home }}/gogs/custom/conf/app.ini"
+gogs_sqlite_path: "{{ gogs_home }}/db"
+
+gogs_cfg_app_name: FFDO git service
+gogs_cfg_mode: prod # Either "dev", "prod" or "test"
+gogs_cfg_offline_mode: true
+gogs_markdown_hard_line_break: false
+gogs_cfg_secret_key: "please_change_this"
+
+# server
+gogs_protocol: http
+gogs_domain: git.ffdo.de
+gogs_port: 3000

roles/service-gogs/handlers/main.yml

@@ -0,0 +1,9 @@
+- name: Restart gogs
+  service:
+    name: gogs
+    state: restarted
+
+- name: Reload nginx
+  service:
+    name: nginx
+    state: reloaded

roles/service-gogs/tasks/gogs.yml

@@ -0,0 +1,96 @@
+
+- name: create group
+  become: yes
+  group:
+    name: "{{ gogs_group }}"
+    system: yes
+    state: present
+
+- name: create user
+  become: yes
+  user:
+    name: "{{ gogs_user }}"
+    home: "{{ gogs_home }}"
+    group: "{{ gogs_group }}"
+    system: yes
+    createhome: yes
+    state: present
+
+- name: gogs prereqs
+  become: yes
+  apt: name={{item}} state=present update_cache=yes
+  with_items:
+    - openssh-server
+    - git
+
+- name: download gogs binary package
+  get_url:
+    url: "{{ gogs_package_url }}"
+    dest: "{{ gogs_archive }}"
+    mode: 0644
+
+- name: create gogs repo dir if necessary
+  become: yes
+  file:
+    dest: "{{ gogs_repo_dir }}"
+    owner: "{{ gogs_user }}"
+    group: "{{ gogs_group }}"
+    mode: 0755
+    state: directory
+
+- name: create gogs db dir if necessary
+  become: yes
+  file:
+    dest: "{{ gogs_sqlite_path }}"
+    owner: "{{ gogs_user }}"
+    group: "{{ gogs_group }}"
+    mode: 0755
+    state: directory
+
+- name: unarchive install package
+  become: yes
+  unarchive:
+    src: "{{ gogs_archive }}"
+    dest: "{{ gogs_home }}"
+    owner: "{{ gogs_user }}"
+    group: "{{ gogs_group }}"
+    copy: no
+
+- name: create gogs custom conf dir
+  become: yes
+  file:
+    dest: "{{ gogs_home }}/gogs/custom/conf"
+    owner: "{{ gogs_user }}"
+    group: "{{ gogs_group }}"
+    mode: 0755
+    state: directory
+
+- name: Ensure gogs config is up to date
+  become: yes
+  template:
+    src: app.ini.j2
+    dest: "{{ gogs_config_file }}"
+    owner: '{{ gogs_user }}'
+    group: '{{ gogs_group }}'
+    mode: 0640
+  notify:
+    - Restart gogs
+
+- name: Ensure gogs systemd unit is up to date
+  register: gogssystend
+  become: yes
+  template:
+    src: gogs.service.j2
+    dest: /etc/systemd/system/service.gogs
+
+- name: Reload systemd
+  when: gogssystend|changed
+  shell: systemctl daemon-reload
+  notify:
+    - Restart gogs
+
+- name: Ensure gogs service is started and enabled
+  service:
+    name: gogs
+    state: started
+    enabled: yes

roles/service-gogs/tasks/main.yml

@@ -0,0 +1,2 @@
+- include: gogs.yml
+- include: nginx.yml

roles/service-gogs/tasks/nginx.yml

@@ -0,0 +1,11 @@
+- name: Ensure nginx configuration is up to date
+  template:
+    src: gogs_nginx.conf.j2
+    dest: /etc/nginx/sites-available/gogs.conf 
+
+- name: Ensure gogs configuration for nginx is enabled
+  file: 
+    state: link
+    dest: /etc/nginx/sites-enabled/gogs.conf
+    src: /etc/nginx/sites-available/gogs.conf 
+  notify: Reload nginx

roles/service-gogs/templates/app.ini.j2

@@ -0,0 +1,304 @@
+; App name that shows on every page title
+APP_NAME = {{ gogs_cfg_app_name }}
+
+; Change it if you run locally
+RUN_USER = {{ gogs_user }}
+
+; Either "dev", "prod" or "test", default is "dev"
+RUN_MODE = {{ gogs_cfg_mode }}
+
+[repository]
+ROOT = {{ gogs_repo_dir }}
+
+; Force every new repository to be private
+FORCE_PRIVATE = false
+
+; Global maximum creation limit of repositories per user, -1 means no limit.
+MAX_CREATION_LIMIT = -1
+
+
+[ui]
+; Number of repositories that are showed in one explore page
+EXPLORE_PAGING_NUM = 50
+
+; Number of issues that are showed in one page
+ISSUE_PAGING_NUM = 25
+
+[markdown]
+; Enable hard line break extension
+ENABLE_HARD_LINE_BREAK = {{ gogs_markdown_hard_line_break }}
+
+[server]
+PROTOCOL = {{ gogs_protocol }}
+DOMAIN = {{ gogs_domain }}
+ROOT_URL = https://{{ gogs_domain }}
+HTTP_ADDR = 127.0.0.1
+HTTP_PORT = {{ gogs_port }}
+; Local (DMZ) URL for Gogs workers (such as SSH update) accessing web service.
+; In most cases you do not need to change the default value.
+; Alter it only if your SSH server node is not the same as HTTP node.
+LOCAL_ROOT_URL = http://localhost:%(HTTP_PORT)s/
+
+; Disables use of CDN for static files and Gravatar for profile pictures.
+OFFLINE_MODE = {{ gogs_cfg_offline_mode }}
+
+; Disable SSH feature when not available
+DISABLE_SSH = false
+; Whether use builtin SSH server or not.
+START_SSH_SERVER = false
+; Domain name to be exposed in clone URL
+SSH_DOMAIN = %(DOMAIN)s
+; Port number to be exposed in clone URL
+SSH_PORT = 22
+; Port number builtin SSH server listens on
+SSH_LISTEN_PORT = %(SSH_PORT)s
+; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
+SSH_ROOT_PATH =
+; Directory to create temporary files when test publick key using ssh-keygen,
+; default is system temporary directory.
+SSH_KEY_TEST_PATH =
+; Path to ssh-keygen, default is 'ssh-keygen' and let shell find out which one to call.
+SSH_KEYGEN_PATH = ssh-keygen
+; Indicate whether to check minimum key size with corresponding type
+MINIMUM_KEY_SIZE_CHECK = false
+DISABLE_ROUTER_LOG = false
+; Generate steps:
+; $ ./gogs cert -ca=true -duration=8760h0m0s -host=myhost.example.com
+;
+; Or from a .pfx file exported from the Windows certificate store (do
+; not forget to export the private key):
+; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
+; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
+; CERT_FILE = {{ gogs_ssl_cert }}
+; KEY_FILE = {{ gogs_ssl_key }}
+; Upper level of template and static file path
+; default is the path where Gogs is executed
+STATIC_ROOT_PATH =
+; Default path for App data
+APP_DATA_PATH = data
+; Application level GZIP support
+ENABLE_GZIP = false
+; Landing page for non-logged users, can be "home" or "explore"
+LANDING_PAGE = home
+
+[database]
+; Either "mysql", "postgres" or "sqlite3", it's your choice
+DB_TYPE = sqlite3
+; HOST = 127.0.0.1:5432
+; NAME = {{ pg_dbname }}
+; USER = {{ pg_user }}
+; PASSWD = `{{ pg_password }}`
+; For "postgres" only, either "disable", "require" or "verify-full"
+; SSL_MODE = disable
+PATH = 
+
+[admin]
+
+[security]
+INSTALL_LOCK = true
+; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
+SECRET_KEY = {{ gogs_cfg_secret_key }}
+; Auto-login remember days
+LOGIN_REMEMBER_DAYS = 7
+COOKIE_USERNAME = gogs_awesome
+COOKIE_REMEMBER_NAME = gogs_incredible
+; Reverse proxy authentication header name of user name
+REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
+
+[service]
+ACTIVE_CODE_LIVE_MINUTES = 180
+RESET_PASSWD_CODE_LIVE_MINUTES = 180
+; User need to confirm e-mail for registration
+REGISTER_EMAIL_CONFIRM = false
+; Does not allow register and admin create account only
+DISABLE_REGISTRATION = true
+; User must sign in to view anything.
+REQUIRE_SIGNIN_VIEW = false
+; Mail notification
+ENABLE_NOTIFY_MAIL = false
+; More detail: https://github.com/gogits/gogs/issues/165
+ENABLE_REVERSE_PROXY_AUTHENTICATION = false
+ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
+; Enable captcha validation for registration
+ENABLE_CAPTCHA = true
+
+[webhook]
+; Hook task queue length
+QUEUE_LENGTH = 1000
+; Deliver timeout in seconds
+DELIVER_TIMEOUT = 5
+; Allow insecure certification
+SKIP_TLS_VERIFY = false
+; Number of history information in each page
+PAGING_NUM = 10
+
+[mailer]
+ENABLED = false
+; Buffer length of channel, keep it as it is if you don't know what it is.
+SEND_BUFFER_LEN = 100
+; Name displayed in mail title
+SUBJECT = %(APP_NAME)s
+; Mail server
+; Gmail: smtp.gmail.com:587
+; QQ: smtp.qq.com:25
+; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used.
+HOST =
+; Disable HELO operation when hostname are different.
+DISABLE_HELO =
+; Custom hostname for HELO operation, default is from system.
+HELO_HOSTNAME =
+; Do not verify the certificate of the server. Only use this for self-signed certificates
+SKIP_VERIFY =
+; Use client certificate
+USE_CERTIFICATE = false
+CERT_FILE = custom/mailer/cert.pem
+KEY_FILE = custom/mailer/key.pem
+; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
+FROM =
+; Mailer user name and password
+USER =
+PASSWD =
+
+[cache]
+; Either "memory", "redis", or "memcache", default is "memory"
+ADAPTER = memory
+; For "memory" only, GC interval in seconds, default is 60
+INTERVAL = 60
+; For "redis" and "memcache", connection host address
+; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+; memcache: `127.0.0.1:11211`
+HOST =
+
+[session]
+; Either "memory", "file", "redis" or "mysql", default is "memory"
+PROVIDER = memory
+; Provider config options
+; memory: not have any config yet
+; file: session file path, e.g. `data/sessions`
+; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
+PROVIDER_CONFIG = data/sessions
+; Session cookie name
+COOKIE_NAME = i_like_gogits
+; If you use session in https only, default is false
+COOKIE_SECURE = false
+; Enable set cookie, default is true
+ENABLE_SET_COOKIE = true
+; Session GC time interval, default is 86400
+GC_INTERVAL_TIME = 86400
+; Session life time, default is 86400
+SESSION_LIFE_TIME = 86400
+
+[picture]
+AVATAR_UPLOAD_PATH = data/avatars
+; Chinese users can choose "duoshuo"
+; or a custom avatar source, like: http://cn.gravatar.com/avatar/
+GRAVATAR_SOURCE = gravatar
+DISABLE_GRAVATAR = false
+
+[attachment]
+; Whether attachments are enabled. Defaults to `true`
+ENABLE = true
+; Path for attachments. Defaults to `data/attachments`
+PATH = data/attachments
+; One or more allowed types, e.g. image/jpeg|image/png
+ALLOWED_TYPES = image/jpeg|image/png
+; Max size of each file. Defaults to 32MB
+MAX_SIZE = 4
+; Max number of files per upload. Defaults to 10
+MAX_FILES = 5
+
+[time]
+; Specifies the format for fully outputed dates. Defaults to RFC1123
+; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano
+; For more information about the format see http://golang.org/pkg/time/#pkg-constants
+FORMAT =
+
+[log]
+ROOT_PATH =
+; Either "console", "file", "conn", "smtp" or "database", default is "console"
+; Use comma to separate multiple modes, e.g. "console, file"
+MODE = console
+; Buffer length of channel, keep it as it is if you don't know what it is.
+BUFFER_LEN = 10000
+; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
+LEVEL = Trace
+
+; For "console" mode only
+[log.console]
+LEVEL =
+
+; For "file" mode only
+[log.file]
+LEVEL =
+; This enables automated log rotate(switch of following options), default is true
+LOG_ROTATE = true
+; Max line number of single file, default is 1000000
+MAX_LINES = 1000000
+; Max size shift of single file, default is 28 means 1 << 28, 256MB
+MAX_SIZE_SHIFT = 28
+; Segment log daily, default is true
+DAILY_ROTATE = true
+; Expired days of log file(delete after max days), default is 7
+MAX_DAYS = 7
+
+; For "conn" mode only
+[log.conn]
+LEVEL =
+; Reconnect host for every single message, default is false
+RECONNECT_ON_MSG = false
+; Try to reconnect when connection is lost, default is false
+RECONNECT = false
+; Either "tcp", "unix" or "udp", default is "tcp"
+PROTOCOL = tcp
+; Host address
+ADDR =
+
+; For "smtp" mode only
+[log.smtp]
+LEVEL =
+; Name displayed in mail title, default is "Diagnostic message from server"
+SUBJECT = Diagnostic message from server
+; Mail server
+HOST =
+; Mailer user name and password
+USER =
+PASSWD =
+; Receivers, can be one or more, e.g. ["1@example.com","2@example.com"]
+RECEIVERS =
+
+; For "database" mode only
+[log.database]
+LEVEL =
+; Either "mysql" or "postgres"
+DRIVER =
+; Based on xorm, e.g.: root:root@localhost/gogs?charset=utf8
+CONN =
+
+[cron]
+; Enable running cron tasks periodically.
+ENABLED = true
+; Run cron tasks when Gogs starts.
+RUN_AT_START = false
+
+; Update mirrors
+[cron.update_mirrors]
+SCHEDULE = @every 1h
+
+; Repository health check
+[cron.repo_health_check]
+SCHEDULE = @every 24h
+TIMEOUT = 60s
+; Arguments for command 'git fsck', e.g. "--unreachable --tags"
+; see more on http://git-scm.com/docs/git-fsck/1.7.5
+ARGS =
+
+; Check repository statistics
+[cron.check_repo_stats]
+RUN_AT_START = true
+SCHEDULE = @every 24h
+
+[other]
+SHOW_FOOTER_BRANDING = false
+; Show version information about gogs and go in the footer
+SHOW_FOOTER_VERSION = true

roles/service-gogs/templates/gogs.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Gogs (Go Git Service)
+After=syslog.target
+After=network.target
+
+[Service]
+# Modify these two values and uncomment them if you have
+# repos with lots of files and get an HTTP error 500 because
+# of that
+###
+#LimitMEMLOCK=infinity
+#LimitNOFILE=65535
+Type=simple
+User={{ gogs_user }}
+Group={{ gogs_group }}
+WorkingDirectory={{ gogs_home }}/gogs
+ExecStart={{ gogs_home }}/gogs/gogs web
+Restart=always
+Environment=USER={{ gogs_user }} HOME={{ gogs_home }}
+
+[Install]
+WantedBy=multi-user.target

roles/service-gogs/templates/gogs_nginx.conf.j2

@@ -0,0 +1,25 @@
+server {
+  listen          443 ssl;
+  server_name     {{ gogs_domain }};
+
+  include /etc/nginx/ssl.conf
+
+  # TODO set correct keys
+  ssl_certificate                 /etc/nginx/ssl/server.pem;
+  ssl_certificate_key             /etc/nginx/ssl/server.key;
+
+  access_log  /var/log/nginx/{{ gogs_domain }}.access.log;
+  error_log   /var/log/nginx/{{ gogs_domain }}.error.log;
+
+  location / {
+    proxy_http_version      1.1;
+    proxy_set_header        Host $host;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto $scheme;
+
+    proxy_pass              http://localhost:{{ gogs_port }};
+    proxy_redirect          off;
+  }
+  {% endif %}
+}