ansible-playbooks/gitea.yaml

---
- name: Gitea setup
  hosts: gitea

  vars:
    username: matt
    gitea_uid: "977"
    gitea_gid: "988"

    nfs_mounts:
      gitea_repos:
        local: "/mnt/gitea_repos"
        remote: "/var/nfs/shared/gitea_repos"
      gitea_backups:
        local: "/mnt/gitea_backups"
        remote: "/var/nfs/shared/gitea_backups"

  tasks:
    - name: Install Podman
      become: true
      ansible.builtin.package:
        name: podman
        state: present

    - name: Create local data directory for gitea
      become: true
      ansible.builtin.file:
        path: /srv/gitea/data
        state: directory
        owner: "{{ username }}"
        group: "{{ username }}"
        mode: "0755"

    - name: Allow containers to access NFS mounts
      become: true
      ansible.posix.seboolean:
        name: virt_use_nfs
        state: true
        persistent: true

    - name: Unmount NFS volumes before creating mountpoint directories
      become: true
      ansible.posix.mount:
        path: "{{ item.value.local }}"
        state: unmounted
      loop: "{{ nfs_mounts | dict2items }}"

    - name: Create mountpoint directories for NFS volumes
      become: true
      ansible.builtin.file:
        path: "{{ item.value.local }}"
        state: directory
        mode: "0755"
      loop: "{{ nfs_mounts | dict2items }}"

    - name: Mount NFS volumes for gitea
      become: true
      ansible.posix.mount:
        src: "192.168.1.161:{{ item.value.remote }}"
        path: "{{ item.value.local }}"
        opts: nfsvers=3,proto=tcp,rw
        state: mounted
        fstype: nfs
      loop: "{{ nfs_mounts | dict2items }}"

    - name: Open firewall ports for gitea
      become: true
      ansible.posix.firewalld:
        port: "{{ item }}/tcp"
        permanent: true
        state: enabled
        immediate: true
      loop:
        - 3002
        - 2222

    - name: Create shared container network
      containers.podman.podman_network:
        name: webservices
        state: present

    - name: Start gitea
      containers.podman.podman_container:
        name: gitea
        image: docker.io/gitea/gitea:latest
        restart_policy: always
        network: webservices
        label:
          io.containers.autoupdate: registry
        env:
          USER_UID: "{{ gitea_uid }}"
          USER_GID: "{{ gitea_gid }}"
          TZ: Europe/London
        volumes:
          - /srv/gitea/data:/data:z
          - /mnt/gitea_repos:/data/git/repositories:z
        ports:
          - "3002:3000"
          - "2222:22"
        state: started

    - name: Enable lingering for {{ username }}
      become: true
      ansible.builtin.command:
        cmd: loginctl enable-linger {{ username }}
      changed_when: false

    - name: Enable user-level podman auto-update timer
      ansible.builtin.systemd:
        name: podman-auto-update.timer
        enabled: true
        state: started
        scope: user