--- # Deploy Gitea Skudak containers using Podman pod # NOTE: Directories are created in podman.yml (psql dir created by postgres container) # Ensure SELinux contexts are applied before pod creation - name: flush handlers before gitea-skudak pod creation ansible.builtin.meta: flush_handlers tags: gitea, gitea-skudak # Create pod for Skudak Gitea services - name: create gitea-skudak pod become: true become_user: "{{ git_user }}" containers.podman.podman_pod: name: gitea-skudak-pod state: started ports: - "3101:3000" - "{{ gitea_skudak_ssh_port }}:2222" tags: gitea, gitea-skudak # PostgreSQL container in pod - name: create gitea-skudak-postgres container become: true become_user: "{{ git_user }}" containers.podman.podman_container: name: gitea-skudak-postgres image: "{{ gitea_db_image }}" pod: gitea-skudak-pod restart_policy: on-failure:3 log_driver: journald env: POSTGRES_DB: gitea POSTGRES_USER: gitea POSTGRES_PASSWORD: "{{ gitea_skudak_db_pass }}" volumes: - "{{ git_home }}/volumes/gitea-skudak/psql:/var/lib/postgresql/data" tags: gitea, gitea-skudak # Gitea container in pod - name: create gitea-skudak container become: true become_user: "{{ git_user }}" containers.podman.podman_container: name: gitea-skudak image: "{{ gitea_image }}" pod: gitea-skudak-pod restart_policy: on-failure:3 log_driver: journald env: USER_UID: "1000" USER_GID: "1000" GITEA__database__DB_TYPE: postgres GITEA__database__HOST: "127.0.0.1:5432" GITEA__database__NAME: gitea GITEA__database__USER: gitea GITEA__database__PASSWD: "{{ gitea_skudak_db_pass }}" GITEA__server__DOMAIN: "{{ gitea_skudak_server_name }}" GITEA__server__ROOT_URL: "https://{{ gitea_skudak_server_name }}/" GITEA__server__SSH_DOMAIN: "{{ gitea_skudak_server_name }}" # Use Gitea's built-in SSH server (non-privileged port inside container) GITEA__server__START_SSH_SERVER: "true" GITEA__server__DISABLE_SSH: "false" GITEA__server__SSH_PORT: "{{ gitea_skudak_ssh_port }}" GITEA__server__SSH_LISTEN_PORT: "2222" GITEA__security__SECRET_KEY: "{{ gitea_skudak_secret_key }}" GITEA__security__INTERNAL_TOKEN: "{{ gitea_skudak_internal_token }}" GITEA__security__INSTALL_LOCK: "true" # Allow registration only for @skudak.com emails GITEA__service__DISABLE_REGISTRATION: "false" GITEA__service__EMAIL_DOMAIN_ALLOWLIST: "skudak.com" GITEA__service__REGISTER_EMAIL_CONFIRM: "true" GITEA__service__REQUIRE_SIGNIN_VIEW: "false" # Mailer configuration for email confirmation GITEA__mailer__ENABLED: "true" GITEA__mailer__PROTOCOL: "smtps" GITEA__mailer__SMTP_ADDR: "{{ skudaknoreply_mail_host }}" GITEA__mailer__SMTP_PORT: "465" GITEA__mailer__USER: "{{ skudaknoreply_mail_user }}" GITEA__mailer__PASSWD: "{{ skudaknoreply_mail_pass }}" GITEA__mailer__FROM: "Skudak Git <{{ skudaknoreply_mail_user }}>" # Logging configuration - output to journald for fluent-bit capture GITEA__log__MODE: console GITEA__log__LEVEL: Info GITEA__log__ENABLE_ACCESS_LOG: "true" volumes: - "{{ git_home }}/volumes/gitea-skudak/data:/data" - /etc/localtime:/etc/localtime:ro tags: gitea, gitea-skudak # Generate systemd service for the pod - name: create systemd job for gitea-skudak-pod become: true become_user: "{{ git_user }}" ansible.builtin.shell: | podman generate systemd --name gitea-skudak-pod --files --new mv pod-gitea-skudak-pod.service {{ git_home }}/.config/systemd/user/ mv container-gitea-skudak-postgres.service {{ git_home }}/.config/systemd/user/ mv container-gitea-skudak.service {{ git_home }}/.config/systemd/user/ args: chdir: "{{ git_home }}" changed_when: false tags: gitea, gitea-skudak - name: enable gitea-skudak-pod service become: true become_user: "{{ git_user }}" ansible.builtin.systemd: name: pod-gitea-skudak-pod.service daemon_reload: true enabled: true state: started scope: user tags: gitea, gitea-skudak