feat: full untested ansible setup

roles/gitea/tasks/main.yml

@@ -0,0 +1,65 @@
+---
+- name: Ensure Gitea service user exists
+  ansible.builtin.user:
+    name: "{{ gitea.service_user }}"
+    groups:
+      - "{{ gitea.service_group }}"
+    append: true
+    system: true
+    shell: /usr/sbin/nologin
+    create_home: false
+
+- name: Look up Gitea service user account details
+  ansible.builtin.getent:
+    database: passwd
+    key: "{{ gitea.service_user }}"
+
+- name: Look up Gitea service group details
+  ansible.builtin.getent:
+    database: group
+    key: "{{ gitea.service_group }}"
+
+- name: Set Gitea runtime UID and GID from host account
+  ansible.builtin.set_fact:
+    gitea_runtime_uid: "{{ getent_passwd[gitea.service_user][1] }}"
+    gitea_runtime_gid: "{{ getent_group[gitea.service_group][1] }}"
+
+- name: Ensure Gitea directories exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ gitea.service_user }}"
+    group: "{{ gitea.service_group }}"
+    mode: "0755"
+  loop:
+    - "{{ gitea.path }}"
+    - "{{ gitea.data_dir }}"
+
+- name: Render Gitea compose file
+  ansible.builtin.template:
+    src: compose.yaml.j2
+    dest: "{{ gitea.path }}/compose.yaml"
+    owner: "{{ gitea.service_user }}"
+    group: "{{ gitea.service_group }}"
+    mode: "0640"
+  register: gitea_compose
+
+- name: Install Gitea compose systemd unit
+  ansible.builtin.template:
+    src: gitea-compose.service.j2
+    dest: /etc/systemd/system/gitea-compose.service
+    owner: root
+    group: root
+    mode: "0644"
+  register: gitea_unit
+
+- name: Reload systemd for Gitea unit changes
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+  when: gitea_unit.changed
+
+- name: Enable Gitea compose stack
+  ansible.builtin.service:
+    name: gitea-compose
+    state: "{{ 'restarted' if (gitea_compose.changed or gitea_unit.changed) else 'started' }}"
+    enabled: true

roles/gitea/templates/compose.yaml.j2

@@ -0,0 +1,28 @@
+services:
+  server:
+    image: {{ gitea.image }}
+    container_name: gitea
+    restart: unless-stopped
+    environment:
+      USER_UID: "{{ gitea_runtime_uid }}"
+      USER_GID: "{{ gitea_runtime_gid }}"
+      GITEA__security__SECRET_KEY: "{{ vault_gitea_secret_key | default('change-me') }}"
+      GITEA__security__INTERNAL_TOKEN: "{{ vault_gitea_internal_token | default('change-me') }}"
+      GITEA__security__LFS_JWT_SECRET: "{{ vault_gitea_lfs_jwt_secret | default('change-me') }}"
+      GITEA__server__DOMAIN: "{{ gitea.domain }}"
+      GITEA__server__ROOT_URL: "https://{{ gitea.domain }}/"
+      GITEA__server__PROTOCOL: "http"
+      GITEA__server__SSH_DOMAIN: "{{ gitea.domain }}"
+      GITEA__server__SSH_PORT: "{{ gitea.ssh_port }}"
+      GITEA__server__HTTP_PORT: "{{ gitea.http_port }}"
+    ports:
+      - "{{ gitea.http_bind_address }}:{{ gitea.http_port }}:3000"
+      - "{{ gitea.ssh_port }}:22"
+    volumes:
+      - "{{ gitea.data_dir }}:/data"
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+
+networks:
+  default:
+    name: {{ gitea.compose_project_name }}

roles/gitea/templates/gitea-compose.service.j2

@@ -0,0 +1,16 @@
+[Unit]
+Description=Gitea Docker Compose stack
+Requires=docker.service
+After=docker.service network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+WorkingDirectory={{ gitea.path }}
+ExecStart=/usr/bin/docker compose -f {{ gitea.path }}/compose.yaml up -d
+ExecStop=/usr/bin/docker compose -f {{ gitea.path }}/compose.yaml down
+TimeoutStartSec=0
+
+[Install]
+WantedBy=multi-user.target