ansible-playbooks/gitea.yaml

---
- name: Gitea setup
  hosts: gitea

  vars:
    username: matt
    nas_host: nas.localdomain

    mounts:
      gitea_data:
        local: "/mnt/gitea_data"
        remote: "/var/nfs/shared/gitea_data"
      gitea_repos:
        local: "/mnt/gitea_repos"
        remote: "/var/nfs/shared/gitea_repos"
      gitea_backups:
        local: "/mnt/gitea_backups"
        remote: "/var/nfs/shared/gitea_backups"

  tasks:
    - name: Install Podman
      become: true
      ansible.builtin.package:
        name: podman
        state: present

    - name: Allow containers to access NFS mounts
      become: true
      ansible.posix.seboolean:
        name: virt_use_nfs
        state: true
        persistent: true

    - name: Unmount NFS volumes before creating mountpoint directories
      become: true
      ansible.posix.mount:
        path: "{{ item.value.local }}"
        state: unmounted
      loop: "{{ mounts | dict2items }}"

    - name: Create mountpoint directories for gitea
      become: true
      ansible.builtin.file:
        path: "{{ item.value.local }}"
        state: directory
        mode: "0755"
      loop: "{{ mounts | dict2items }}"

    - name: Mount NFS volumes for gitea
      become: true
      ansible.posix.mount:
        src: "192.168.1.160:{{ item.value.remote }}"
        path: "{{ item.value.local }}"
        opts: nfsvers=3,proto=tcp,rw
        state: mounted
        fstype: nfs
      loop: "{{ mounts | dict2items }}"

    - name: Open firewall ports for gitea
      become: true
      ansible.posix.firewalld:
        port: "{{ item }}/tcp"
        permanent: true
        state: enabled
        immediate: true
      loop:
        - 3002
        - 2222

    - name: Create shared container network
      containers.podman.podman_network:
        name: webservices
        state: present

    - name: Start gitea
      containers.podman.podman_container:
        name: gitea
        image: docker.io/gitea/gitea:latest
        restart_policy: always
        network: webservices
        label:
          io.containers.autoupdate: registry
        env:
          USER_UID: "977"
          USER_GID: "988"
          TZ: Europe/London
        volumes:
          - /mnt/gitea_data:/data:z
          - /mnt/gitea_repos:/data/git/repositories:z
        ports:
          - "3002:3000"
          - "2222:22"
        state: started

    - name: Enable podman auto-update timer
      become: true
      ansible.builtin.systemd:
        name: podman-auto-update.timer
        enabled: true
        state: started