--- # Setup Gitea Initial Configuration - name: Verify Gitea container exists ansible.builtin.shell: | docker compose -f {{ gitea_stack_path }}/docker-compose.yml ps {{ gitea_container_name }} | grep -q "{{ gitea_container_name }}" register: gitea_exists changed_when: false failed_when: false - name: Fail if Gitea container does not exist ansible.builtin.fail: msg: "Gitea container does not exist. Please deploy Gitea stack first using: ansible-playbook -i inventory/production.yml playbooks/setup-infrastructure.yml --tags gitea" when: gitea_exists.rc != 0 - name: Wait for Gitea to be ready ansible.builtin.uri: url: "{{ gitea_url }}/api/healthz" method: GET status_code: [200, 404] validate_certs: false timeout: "{{ gitea_health_check_timeout | default(10) }}" register: gitea_health until: gitea_health.status == 200 retries: "{{ gitea_setup_health_retries | default(30) }}" delay: "{{ gitea_setup_health_delay | default(5) }}" ignore_errors: yes changed_when: false when: not (gitea_force_update_app_ini | default(false) | bool) - name: Check if Gitea is already configured ansible.builtin.uri: url: "{{ gitea_url }}" method: GET status_code: [200, 302, 502] validate_certs: false timeout: "{{ gitea_health_check_timeout | default(10) }}" follow_redirects: none return_content: yes register: gitea_main_check changed_when: false failed_when: false - name: Check if app.ini exists in container ansible.builtin.shell: | docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} test -f {{ gitea_app_ini_container_path }} register: gitea_app_ini_exists changed_when: false failed_when: false - name: Check if INSTALL_LOCK is set ansible.builtin.shell: | docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} grep -q "INSTALL_LOCK = true" {{ gitea_app_ini_container_path }} 2>/dev/null || echo "not_set" register: gitea_install_lock_check changed_when: false failed_when: false when: gitea_app_ini_exists.rc == 0 - name: Determine if Gitea needs setup ansible.builtin.set_fact: gitea_needs_setup: "{{ (gitea_force_update_app_ini | default(false) | bool) or ('installation' in (gitea_main_check.content | default('') | lower) or 'initial configuration' in (gitea_main_check.content | default('') | lower)) or (gitea_app_ini_exists.rc != 0) or (gitea_install_lock_check.stdout | default('') | trim == 'not_set') }}" gitea_already_configured: "{{ not (gitea_force_update_app_ini | default(false) | bool) and 'installation' not in (gitea_main_check.content | default('') | lower) and 'initial configuration' not in (gitea_main_check.content | default('') | lower) and gitea_app_ini_exists.rc == 0 and gitea_install_lock_check.stdout | default('') | trim != 'not_set' }}" - name: Display setup status ansible.builtin.debug: msg: | Gitea Setup Status: - Main page status: {{ gitea_main_check.status }} - app.ini exists: {{ gitea_app_ini_exists.rc == 0 }} - INSTALL_LOCK set: {{ gitea_install_lock_check.stdout | default('unknown') }} - Force update: {{ gitea_force_update_app_ini | default(false) }} - Already configured: {{ gitea_already_configured }} - Needs setup: {{ gitea_needs_setup }} when: gitea_show_status | default(true) | bool - name: Fail if admin password is not set ansible.builtin.fail: msg: | Gitea admin password is not set in vault. Please set vault_gitea_admin_password in: - deployment/ansible/secrets/production.vault.yml To set it, run: ansible-vault edit secrets/production.vault.yml --vault-password-file secrets/.vault_pass Then add: vault_gitea_admin_password: "your-secure-password" when: - gitea_needs_setup | bool - gitea_admin_password | default('') | trim == '' - name: Get Gitea database configuration from environment ansible.builtin.shell: | docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} env | grep -E "^GITEA__database__" || true register: gitea_db_env changed_when: false failed_when: false when: gitea_needs_setup | bool - name: Parse database configuration ansible.builtin.set_fact: gitea_db_type: "{{ (gitea_db_env.stdout | default('') | regex_search('GITEA__database__DB_TYPE=([^\n]+)', '\\1') or ['postgres']) | first }}" gitea_db_host: "{{ (gitea_db_env.stdout | default('') | regex_search('GITEA__database__HOST=([^\n]+)', '\\1') or ['postgres:5432']) | first }}" gitea_db_name: "{{ (gitea_db_env.stdout | default('') | regex_search('GITEA__database__NAME=([^\n]+)', '\\1') or ['gitea']) | first }}" gitea_db_user: "{{ (gitea_db_env.stdout | default('') | regex_search('GITEA__database__USER=([^\n]+)', '\\1') or ['gitea']) | first }}" gitea_db_passwd: "{{ (gitea_db_env.stdout | default('') | regex_search('GITEA__database__PASSWD=([^\n]+)', '\\1') or ['gitea_password']) | first }}" when: gitea_needs_setup | bool - name: Extract database host and port ansible.builtin.set_fact: gitea_db_hostname: "{{ gitea_db_host.split(':')[0] }}" gitea_db_port: "{{ (gitea_db_host.split(':')[1]) | default('5432') }}" when: gitea_needs_setup | bool - name: Get Gitea server configuration from environment ansible.builtin.shell: | docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} env | grep -E "^GITEA__server__" || true register: gitea_server_env changed_when: false failed_when: false when: gitea_needs_setup | bool - name: Parse server configuration ansible.builtin.set_fact: gitea_domain_config: "{{ (gitea_server_env.stdout | default('') | regex_search('GITEA__server__DOMAIN=([^\n]+)', '\\1') or [gitea_domain]) | first }}" gitea_root_url: "{{ (gitea_server_env.stdout | default('') | regex_search('GITEA__server__ROOT_URL=([^\n]+)', '\\1') or ['https://' + gitea_domain + '/']) | first }}" gitea_ssh_domain: "{{ (gitea_server_env.stdout | default('') | regex_search('GITEA__server__SSH_DOMAIN=([^\n]+)', '\\1') or [gitea_domain]) | first }}" gitea_ssh_port: "{{ (gitea_server_env.stdout | default('') | regex_search('GITEA__server__SSH_PORT=([^\n]+)', '\\1') or ['2222']) | first }}" when: gitea_needs_setup | bool - name: Get Gitea service configuration from environment ansible.builtin.shell: | docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} env | grep -E "^GITEA__service__" || true register: gitea_service_env changed_when: false failed_when: false when: gitea_needs_setup | bool - name: Parse service configuration ansible.builtin.set_fact: gitea_disable_registration: "{{ (gitea_service_env.stdout | default('') | regex_search('GITEA__service__DISABLE_REGISTRATION=([^\n]+)', '\\1') or ['true']) | first | lower }}" when: gitea_needs_setup | bool - name: Generate app.ini file ansible.builtin.template: src: "{{ gitea_app_ini_template | default('../../templates/gitea-app.ini.j2') }}" dest: "{{ gitea_app_ini_path }}" mode: '0644' vars: gitea_domain: "{{ gitea_domain_config }}" postgres_db: "{{ gitea_db_name }}" postgres_user: "{{ gitea_db_user }}" postgres_password: "{{ gitea_db_passwd }}" disable_registration: "{{ gitea_disable_registration == 'true' }}" ssh_port: "{{ gitea_ssh_port | int }}" ssh_listen_port: 22 when: gitea_needs_setup | bool - name: Copy app.ini to Gitea container ansible.builtin.shell: | docker compose -f {{ gitea_stack_path }}/docker-compose.yml cp {{ gitea_app_ini_path }} {{ gitea_container_name }}:{{ gitea_app_ini_container_path }} when: gitea_needs_setup | bool ignore_errors: yes - name: Wait for container to be ready for exec ansible.builtin.shell: | docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} true register: container_ready until: container_ready.rc == 0 retries: "{{ gitea_config_retries | default(30) }}" delay: "{{ gitea_config_delay | default(2) }}" when: - gitea_needs_setup | bool - not (gitea_force_update_app_ini | default(false) | bool) changed_when: false ignore_errors: yes - name: Set correct permissions on app.ini in container ansible.builtin.shell: | docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} chown 1000:1000 {{ gitea_app_ini_container_path }} && \ docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} chmod 644 {{ gitea_app_ini_container_path }} when: gitea_needs_setup | bool ignore_errors: yes - name: Restart Gitea container ansible.builtin.shell: | docker compose -f {{ gitea_stack_path }}/docker-compose.yml restart {{ gitea_container_name }} when: gitea_needs_setup | bool register: gitea_restart changed_when: gitea_restart.rc == 0 notify: wait for gitea - name: Wait for Gitea to be ready after restart ansible.builtin.uri: url: "{{ gitea_url }}/api/healthz" method: GET status_code: [200] validate_certs: false timeout: "{{ gitea_health_check_timeout | default(10) }}" register: gitea_health_after_restart until: gitea_health_after_restart.status == 200 retries: "{{ gitea_restart_retries | default(30) }}" delay: "{{ gitea_restart_delay | default(5) }}" when: - not (gitea_force_update_app_ini | default(false) | bool) - gitea_restart.changed | default(false) changed_when: false ignore_errors: yes - name: Wait for database to be initialized ansible.builtin.pause: seconds: "{{ gitea_setup_db_wait | default(10) }}" when: gitea_needs_setup | bool - name: Check if admin user already exists ansible.builtin.shell: | docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} \ gitea admin user list --admin | grep -q "{{ gitea_admin_username }}" || echo "not_found" register: gitea_admin_exists changed_when: false failed_when: false when: gitea_needs_setup | bool - name: Create admin user ansible.builtin.shell: | docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T --user git {{ gitea_container_name }} \ gitea admin user create \ --username "{{ gitea_admin_username }}" \ --password "{{ gitea_admin_password }}" \ --email "{{ gitea_admin_email }}" \ --admin \ --must-change-password=false register: gitea_admin_create_result when: - gitea_needs_setup | bool - gitea_admin_exists.stdout | default('') | trim == 'not_found' failed_when: gitea_admin_create_result.rc != 0 and 'already exists' not in (gitea_admin_create_result.stderr | default('')) no_log: true - name: Verify Gitea is accessible ansible.builtin.uri: url: "{{ gitea_url }}" method: GET status_code: [200, 302] validate_certs: false timeout: "{{ gitea_health_check_timeout | default(10) }}" follow_redirects: none register: gitea_access_check when: gitea_needs_setup | bool - name: Display success message ansible.builtin.debug: msg: | ======================================== ✅ Gitea Initial Setup Complete! ======================================== Configuration: - app.ini created with INSTALL_LOCK = true - Admin user created: {{ gitea_admin_username }} - Email: {{ gitea_admin_email }} Next steps: 1. Access Gitea: {{ gitea_url }} 2. Login with: - Username: {{ gitea_admin_username }} - Password: (from vault: vault_gitea_admin_password) 3. Configure Gitea Actions Runner (if needed): - Go to: {{ gitea_url }}/admin/actions/runners - Get registration token - Register runner using: deployment/gitea-runner/register.sh ======================================== when: - gitea_needs_setup | bool - gitea_show_status | default(true) | bool - name: Display already configured message ansible.builtin.debug: msg: | ======================================== ℹ️ Gitea is already configured. ======================================== No setup needed. Access Gitea at: {{ gitea_url }} ======================================== when: - gitea_already_configured | bool - gitea_show_status | default(true) | bool