Allow gitea role to use UNIX socket

roles/gitea/defaults/main.yaml

@@ -11,6 +11,7 @@ gitea_bin_path: /usr/local/bin
 gitea_var_path: /var/lib/gitea
 gitea_log_path: /var/log/gitea
 gitea_etc_path: /etc/gitea
+gitea_run_path: /run/gitea
 gitea_path: "{{ gitea_bin_path }}/gitea"
 gitea_config_path: "{{ gitea_etc_path }}/app.ini"
 gitea_systemd_unit_path: /etc/systemd/system/gitea.service
@@ -20,12 +21,14 @@ gitea_shell: /bin/bash
 gitea_gecos: Git Version Control
 gitea_password: !
 gitea_home_path: /home/git
-gitea_port: 3000
+gitea_port: 3001
 
 gitea_config:
   DEFAULT:
     run_mode: prod
   server:
+    http_port: "{{ gitea_port }}"
+    http_addr: localhost
     domain: "{{ gitea_domain }}"
     root_url: "{{ gitea_ssl_enabled | ternary('https', 'http') }}://{{ gitea_domain }}/"
   oauth2:

roles/gitea/tasks/main.yaml

@@ -58,6 +58,14 @@
     state: directory
   with_items: "{{ gitea_var_tree }}"
 
+- name: "create {{ gitea_run_path }} path"
+  file:
+    path: "{{ gitea_run_path }}"
+    owner: "{{ gitea_user }}"
+    group: "{{ gitea_group }}"
+    mode: 0755
+    state: directory
+
 - name: "create {{ gitea_log_path }} path"
   file:
     path: "{{ gitea_log_path }}"

roles/gitea/templates/nginx.conf.j2

@@ -10,14 +10,16 @@ server {
         try_files $uri =404;
     }
 
-{% if gitea_ssl_enabled %}
+{% if gitea_ssl_enabled is defined and
+      gitea_ssl_enabled %}
     location / {
         return 301 https://$server_name$request_uri;
     }
 {% endif %}
 }
 
-{% if gitea_ssl_enabled %}
+{% if gitea_ssl_enabled is defined and
+      gitea_ssl_enabled %}
 server {
     listen 443 ssl;
 {% if ansible_all_ipv6_addresses | length %}
@@ -36,7 +38,12 @@ server {
 {% endif %}
 
     location / {
+{% if gitea_config.server.protocol is defined and
+      gitea_config.server.protocol == 'unix' %}
+        proxy_pass http://unix:{{ gitea_config.server.http_addr }};
+{% else %}
         proxy_pass http://localhost:{{ gitea_port }};
+{% endif %}
     }
 }
 {% endif %}