--- # ============================================================================= # Gitea PoC Deployment Playbook (Standalone) # ============================================================================= # Deploys standalone Gitea without external OAuth. # Used for hosting Terraform/Pulumi repos and CI/CD pipelines. # # Prerequisites: # 1. DNS record: gitea-poc.networkmonitor.cc -> VPS IP # # Usage: # ansible-playbook -i poc-inventory.yml playbook.yml # ============================================================================= - name: Deploy Gitea Code Hosting hosts: gitea_servers become: true vars_files: - group_vars/gitea_servers.yml pre_tasks: - name: Validate required variables ansible.builtin.assert: that: - gitea_domain is defined fail_msg: "gitea_domain must be defined in group_vars/gitea_servers.yml" tasks: # ========================================================================= # Prerequisites # ========================================================================= - name: Update apt cache ansible.builtin.apt: update_cache: true cache_valid_time: 3600 - name: Install prerequisites ansible.builtin.apt: name: - apt-transport-https - ca-certificates - curl - gnupg - lsb-release - jq state: present # ========================================================================= # Docker Installation # ========================================================================= - name: Create keyrings directory ansible.builtin.file: path: /etc/apt/keyrings state: directory mode: "0755" - name: Add Docker GPG key ansible.builtin.shell: | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg args: creates: /etc/apt/keyrings/docker.gpg - name: Add Docker repository ansible.builtin.apt_repository: repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" state: present filename: docker - name: Install Docker packages ansible.builtin.apt: name: - docker-ce - docker-ce-cli - containerd.io - docker-buildx-plugin - docker-compose-plugin state: present update_cache: true - name: Start and enable Docker ansible.builtin.systemd: name: docker state: started enabled: true # ========================================================================= # Gitea Directory Structure # ========================================================================= - name: Create Gitea directory ansible.builtin.file: path: "{{ gitea_base_dir }}" state: directory mode: "0755" - name: Create Gitea data directory ansible.builtin.file: path: "{{ gitea_data_dir }}" state: directory mode: "0755" # ========================================================================= # Deploy Configuration Files # ========================================================================= - name: Deploy docker-compose.yml ansible.builtin.template: src: templates/docker-compose.yml.j2 dest: "{{ gitea_base_dir }}/docker-compose.yml" mode: "0644" - name: Deploy Caddyfile ansible.builtin.template: src: templates/Caddyfile.j2 dest: "{{ gitea_base_dir }}/Caddyfile" mode: "0644" # ========================================================================= # Firewall (UFW) # ========================================================================= - name: Install UFW ansible.builtin.apt: name: ufw state: present - name: Allow SSH community.general.ufw: rule: allow port: "22" proto: tcp - name: Allow HTTP community.general.ufw: rule: allow port: "80" proto: tcp - name: Allow HTTPS community.general.ufw: rule: allow port: "443" proto: tcp - name: Allow Gitea SSH community.general.ufw: rule: allow port: "{{ gitea_ssh_port }}" proto: tcp - name: Enable UFW community.general.ufw: state: enabled policy: deny # ========================================================================= # Start Services # ========================================================================= - name: Pull Docker images ansible.builtin.command: cmd: docker compose pull chdir: "{{ gitea_base_dir }}" changed_when: true - name: Start Gitea services ansible.builtin.command: cmd: docker compose up -d chdir: "{{ gitea_base_dir }}" changed_when: true # ========================================================================= # Wait for Gitea to be ready # ========================================================================= - name: Wait for Gitea container to be healthy ansible.builtin.command: cmd: docker compose ps gitea --format json chdir: "{{ gitea_base_dir }}" register: gitea_container until: "'running' in gitea_container.stdout" retries: 12 delay: 5 changed_when: false # ========================================================================= # Deployment Summary # ========================================================================= - name: Display deployment status ansible.builtin.debug: msg: | ============================================ Gitea Container Deployed! ============================================ Container: gitea (port {{ gitea_http_port }} internal) SSH: port {{ gitea_ssh_port }} exposed ============================================ NEXT STEPS: ============================================ 1. Deploy shared Caddy: cd ../caddy && ansible-playbook -i poc-inventory.yml playbook.yml 2. Then access https://{{ gitea_domain }} ============================================ View logs: ssh root@{{ ansible_host }} "cd {{ gitea_base_dir }} && docker compose logs -f" ============================================