use https

2021-01-27 00:26:01 +01:00 · 2021-01-27 00:26:01 +01:00 · 05ad85b946
commit 05ad85b946
parent 2f6663b164
4 changed files with 52 additions and 6 deletions
--- a/gitea.yml
+++ b/gitea.yml
@ -4,5 +4,4 @@
 - hosts: gitea_host
  roles:
    - install_docker
-    - generate_self_signed_certificate
    - install_gitea
--- a/roles/install_gitea/handlers/main.yml
+++ b/roles/install_gitea/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: restart gitea
+  docker_compose:
+    project_src: /var/local/gitea
+    restarted: yes
--- a/roles/install_gitea/tasks/main.yml
+++ b/roles/install_gitea/tasks/main.yml
@ -4,6 +4,17 @@
     path: /var/local/gitea
     state: directory

+- name: Ensure the user gitea exist
+  user:
+    name: gitea
+    create_home: no
+    password_lock: yes
+  register: gitea_user
+
+- name: Retrieve info about users
+  getent:
+    database: passwd
+
 - name: Warning
  debug:
    msg: This is a test server, do not use in production
@ -23,11 +34,42 @@
 - name: Copy key
  copy:
    src: /var/certificates/{{ server_hostname }}_privkey.pem
-    dest: /var/local/keycloak/certificates/tls.key
+    dest: /var/local/gitea/gitea/key.pem
+    owner: gitea
+    group: gitea
+    mode: 0600
    remote_src: yes
+  notify: restart gitea

 - name: Copy certificate
  copy:
    src: /var/certificates/{{ server_hostname }}_cert.pem
-    dest: /var/local/keycloak/certificates/tls.crt
+    dest: /var/local/gitea/gitea/cert.pem
+    owner: gitea
+    group: gitea
    remote_src: yes
+  notify: restart gitea
+
+- name: Specify the link the private key
+  lineinfile:
+    path: /var/local/gitea/gitea/gitea/conf/app.ini
+    insertafter: '^\[server\]'
+    regexp: '^KEY_FILE'
+    line: KEY_FILE         = /data/key.pem
+  notify: restart gitea
+
+- name: Specify the link the private key
+  lineinfile:
+    path: /var/local/gitea/gitea/gitea/conf/app.ini
+    insertafter: '^\[server\]'
+    regexp: '^CERT_FILE'
+    line: CERT_FILE        = /data/cert.pem
+  notify: restart gitea
+
+- name: Use https
+  lineinfile:
+    path: /var/local/gitea/gitea/gitea/conf/app.ini
+    insertafter: '^\[server\]'
+    regexp: '^PROTOCOL'
+    line: PROTOCOL         = https
+  notify: restart gitea
--- a/roles/install_gitea/templates/docker-compose.yml.j2
+++ b/roles/install_gitea/templates/docker-compose.yml.j2
@ -10,8 +10,8 @@ services:
    image: gitea/gitea:1.13.1
    container_name: gitea
    environment:
-      - USER_UID=1000
-      - USER_GID=1000
+      - USER_UID={{ getent_passwd["gitea"].1 }}
+      - USER_GID={{ getent_passwd["gitea"].2 }}
      - DB_TYPE=postgres
      - DB_HOST=db:5432
      - DB_NAME=gitea
@ -25,7 +25,7 @@ services:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
-      - "80:3000"
+      - "443:3000"
      - "222:22"
    depends_on:
      - db