michaelschiemer/deployment/ansible/roles/gitea/tasks/config.yml

---
# Update Gitea Configuration (app.ini)

- name: Verify Gitea container exists
  ansible.builtin.shell: |
    docker compose -f {{ gitea_stack_path }}/docker-compose.yml ps {{ gitea_container_name }} | grep -q "{{ gitea_container_name }}"
  register: gitea_exists
  changed_when: false
  failed_when: false

- name: Fail if Gitea container does not exist
  ansible.builtin.fail:
    msg: "Gitea container does not exist. Please deploy Gitea stack first."
  when: gitea_exists.rc != 0

- name: Get database configuration from environment
  ansible.builtin.shell: |
    docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} env | grep -E "^GITEA__database__" || true
  register: gitea_db_env
  changed_when: false
  failed_when: false

- name: Parse database configuration
  ansible.builtin.set_fact:
    gitea_db_type: "{{ (gitea_db_env.stdout | default('') | regex_search('GITEA__database__DB_TYPE=([^\n]+)', '\\1') or ['postgres']) | first }}"
    gitea_db_host: "{{ (gitea_db_env.stdout | default('') | regex_search('GITEA__database__HOST=([^\n]+)', '\\1') or ['postgres:5432']) | first }}"
    gitea_db_name: "{{ (gitea_db_env.stdout | default('') | regex_search('GITEA__database__NAME=([^\n]+)', '\\1') or ['gitea']) | first }}"
    gitea_db_user: "{{ (gitea_db_env.stdout | default('') | regex_search('GITEA__database__USER=([^\n]+)', '\\1') or ['gitea']) | first }}"
    gitea_db_passwd: "{{ (gitea_db_env.stdout | default('') | regex_search('GITEA__database__PASSWD=([^\n]+)', '\\1') or ['gitea_password']) | first }}"

- name: Get Gitea server configuration from environment
  ansible.builtin.shell: |
    docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} env | grep -E "^GITEA__server__" || true
  register: gitea_server_env
  changed_when: false
  failed_when: false

- name: Parse server configuration
  ansible.builtin.set_fact:
    gitea_domain_parsed: "{{ (gitea_server_env.stdout | default('') | regex_search('GITEA__server__DOMAIN=([^\n]+)', '\\1') or [gitea_domain | default('git.michaelschiemer.de')]) | first }}"
    ssh_port_parsed: "{{ (gitea_server_env.stdout | default('') | regex_search('GITEA__server__SSH_PORT=([^\n]+)', '\\1') or ['2222']) | first }}"

- name: Set final configuration variables
  ansible.builtin.set_fact:
    gitea_domain: "{{ gitea_domain_parsed }}"
    ssh_port: "{{ ssh_port_parsed }}"
    ssh_listen_port: "{{ ssh_port_parsed }}"

- name: Extract database host and port
  ansible.builtin.set_fact:
    gitea_db_hostname: "{{ gitea_db_host.split(':')[0] }}"
    gitea_db_port: "{{ (gitea_db_host.split(':')[1]) | default('5432') }}"

- name: Set Redis password
  ansible.builtin.set_fact:
    redis_password: "{{ vault_gitea_redis_password | default(vault_redis_password | default('gitea_redis_password')) }}"

- name: Generate app.ini from template
  ansible.builtin.template:
    src: "{{ gitea_app_ini_template | default('../../templates/gitea-app.ini.j2') }}"
    dest: "{{ gitea_app_ini_path }}"
    mode: '0644'
  vars:
    postgres_db: "{{ gitea_db_name }}"
    postgres_user: "{{ gitea_db_user }}"
    postgres_password: "{{ gitea_db_passwd }}"
    gitea_domain: "{{ gitea_domain }}"
    ssh_port: "{{ ssh_port }}"
    ssh_listen_port: "{{ ssh_listen_port }}"
    disable_registration: true
    redis_password: "{{ redis_password }}"

- name: Copy app.ini to Gitea container
  ansible.builtin.shell: |
    docker compose -f {{ gitea_stack_path }}/docker-compose.yml cp {{ gitea_app_ini_path }} {{ gitea_container_name }}:{{ gitea_app_ini_container_path }}
  ignore_errors: yes

- name: Wait for container to be ready for exec
  ansible.builtin.shell: |
    docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T {{ gitea_container_name }} true
  register: container_ready
  until: container_ready.rc == 0
  retries: "{{ gitea_config_retries | default(30) }}"
  delay: "{{ gitea_config_delay | default(2) }}"
  changed_when: false

- name: Set correct permissions on app.ini in container
  ansible.builtin.shell: |
    docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T --user git {{ gitea_container_name }} chown 1000:1000 {{ gitea_app_ini_container_path }} && \
    docker compose -f {{ gitea_stack_path }}/docker-compose.yml exec -T --user git {{ gitea_container_name }} chmod 644 {{ gitea_app_ini_container_path }}

- name: Restart Gitea container
  ansible.builtin.shell: |
    docker compose -f {{ gitea_stack_path }}/docker-compose.yml restart {{ gitea_container_name }}
  register: gitea_restart
  changed_when: gitea_restart.rc == 0
  notify: wait for gitea

- name: Wait for Gitea to be ready after restart
  ansible.builtin.uri:
    url: "{{ gitea_url }}/api/healthz"
    method: GET
    status_code: [200]
    validate_certs: false
    timeout: "{{ gitea_health_check_timeout | default(10) }}"
  register: gitea_health_after_restart
  until: gitea_health_after_restart.status == 200
  retries: "{{ gitea_restart_retries | default(30) }}"
  delay: "{{ gitea_restart_delay | default(5) }}"
  when: gitea_restart.changed | default(false)
  changed_when: false

- name: Display success message
  ansible.builtin.debug:
    msg: |
      ========================================
      Gitea Configuration Update Complete
      ========================================
      Gitea configuration has been updated successfully!
      
      Changes applied:
      - Redis cache enabled (persistent, survives container restarts)
      - Redis sessions enabled (better performance and scalability)
      - Redis queue enabled (persistent job processing)
      - Database connection pooling configured
      - Connection limits set to prevent "Connection reset by peer" errors
      
      Gitea should now be more stable and perform better with Redis.
      ========================================
  when: gitea_show_status | default(true) | bool