From 154a0ac752601d96cb57179f80455abf6d5dde10 Mon Sep 17 00:00:00 2001 From: L3D Date: Sun, 21 Mar 2021 02:02:15 +0100 Subject: [PATCH] Start reordering variables and gitea_auto_watch_new_repos variable --- README.md | 66 +++++++++++++++++++++++++++--------------- defaults/main.yml | 44 ++++++++++++++++------------ templates/gitea.ini.j2 | 2 +- 3 files changed, 70 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index 2129a04..8d2a6a0 100644 --- a/README.md +++ b/README.md @@ -50,37 +50,57 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we - gitea ``` -## More detailed options -### General + Variables +----------- +Here is a deeper insight into the variables of this gitea role. For the exact function of some variables and the possibility to add more options we recommend a look at the config cheat sheet. For the exact function of some variables and the possibility to add more options we recommend a look at this [config cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet/). -* `gitea_version_check`: Check if installed version != `gitea_version` before initiating binary download -* `gitea_user`: UNIX user used by Gitea -* `gitea_group`: UNIX group used by Gitea -* `gitea_home`: Base directory to work -* `gitea_dl_url`: The URL, the compiled gitea-binary will be downloaded from -* `gitea_systemd_cap_net_bind_service`: Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file -* `gitea_extra_config`: Additional configuration +### gitea version +| variable name | default value | description | +| ------------- | ------------- | ----------- | +| `gitea_version` | *(see [defaults/main.yml](defaults/main.yml#L3))* | The gitea version this role shoud install | +| `gitea_version_check` | `true` | Check if installed version != `gitea_version` before initiating binary download | +| `gitea_dl_url` | *(see [defaults/main.yml](defaults/main.yml#L5))* | The path from where this role downloads the gitea binary | +| `gitea_gpg_key` | `7C9E68152594688862D62AF62D9AE806EC1592E2` | the gpg key the gitea binary is signed with | +| `gitea_gpg_server` | `hkp://keyserver.ubuntu.com:80` | A gpg key server where this role can download the gpg key | + +### gitea in the linux world +| variable name | default value | description | +| ------------- | ------------- | ----------- | +| `gitea_user` | `gitea ` | UNIX user used by Gitea | +| `gitea_group` | `gitea` | UNIX group used by Gitea | +| `gitea_home` | `/var/lib/gitea` | Base directory to work | +| `gitea_shell` | `/bin/false` | UNIX shell used by gitea. Set it to `/bin/bash` if you don't use the gitea built-in ssh server. | ### Look and feel +| variable name | default value | description | +| ------------- | ------------- | ----------- | +| `gitea_app_name` | `Gitea` | Displayed application name | +| `gitea_repository_root` | `{{ gitea_home }}/repos` | The path where all gitea repositorys are stored | +| `gitea_show_user_email` | `false` | Do you want to display email addresses ? (true/false) | +| `gitea_disable_gravatar` | `true` | Do you want to disable Gravatar ? (privacy and so on) (true/false) | +| `gitea_disable_registration` | `false` | Do you want to disable user registration? (true/false) | +| `gitea_register_email_confirm` | `false` | Enable this to ask for mail confirmation of registration. Requires `gitea_mailer_enabled` to be enabled. | +| `gitea_offline_mode` | `true` | Disables use of CDN for static files and Gravatar for profile pictures. (true/false) | +| `gitea_only_allow_external_registration` | `false` | Set to true to force registration only using third-party services (true/false) | +| `gitea_show_registration_button` | `true` | Here you can hide the registration button. This will not disable registration! (true/false)| +| `gitea_require_signin` | `true` | Do you require a signin to see repo's (even public ones)? (true/false)| +| `gitea_enable_captcha` | `true` | Do you want to enable captcha's ? (true/false)| +| `gitea_enable_notify_mail` | `false` | Enable this to send e-mail to watchers of a repository when something happens, like creating issues (true/false) | +| `gitea_auto_watch_new_repos` | `true` | Enable this to let all organisation users watch new repos when they are created (true/false) | +| `gitea_themes` | `gitea,arc-green` | List of enabled themes | +| `gitea_theme_default` | `gitea` | Default theme | -* `gitea_app_name`: Displayed application name -* `gitea_show_user_email`: Do you want to display email addresses ? (true/false) -* `gitea_disable_gravatar`: Do you want to disable Gravatar ? (privacy and so on) (true/false) -* `gitea_offline_mode`: Same but for disabling CDNs for frontend assets (true/false) -* `gitea_disable_registration`: Do you want to disable user registration ? (true/false) -* `gitea_register_email_confirm`: Enable this to ask for mail confirmation of registration. Requires `gitea_mailer_enabled` to be enabled (Default: `false`) -* `gitea_only_allow_external_registration`: Do you want to force registration only using third-party services ? (true/false) -* `gitea_show_registration_button`: Do you want to show the registration button? (true/false) -* `gitea_require_signin`: Do you require a signin to see repo's (even public ones) ? (true/false) -* `gitea_enable_captcha`: Do you want to enable captcha's ? (true/false) -* `gitea_themes`: List of enabled themes -* `gitea_theme_default`: Default theme ### Security -* `gitea_secret_key`: Cookie secret key -* `gitea_internal_token`: Internal API token +| variable name | default value | description | +| ------------- | ------------- | ----------- | +| `gitea_secret_key` | **PLEASE CHANGE** | Global secret key. This should be changed. | +| `gitea_internal_token`: Internal API token * `gitea_disable_git_hooks`: Do you want to disable the interface to add git hooks? If enabled it could be a security bug as it can be used for RCE. Defaults to true (true/false) +* `gitea_systemd_cap_net_bind_service`: Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file +* `gitea_extra_config`: Additional configuration + ### Limits * `gitea_user_repo_limit`: Limit how many repos a user can have (-1 for unlimited) diff --git a/defaults/main.yml b/defaults/main.yml index 6b9a590..1d2d759 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,33 +1,55 @@ --- +# gitea version gitea_version: "1.13.4" gitea_version_check: true gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}" gitea_gpg_key: "7C9E68152594688862D62AF62D9AE806EC1592E2" gitea_gpg_server: "hkp://keyserver.ubuntu.com:80" -gitea_app_name: "Gitea" +# gitea in the linux world gitea_user: "gitea" gitea_group: "gitea" gitea_home: "/var/lib/gitea" gitea_shell: "/bin/false" -gitea_systemd_cap_net_bind_service: false +# look and feel +gitea_app_name: "Gitea" gitea_repository_root: "{{ gitea_home }}/repos" -gitea_user_repo_limit: -1 +gitea_show_user_email: false +gitea_disable_gravatar: true +gitea_disable_registration: false +gitea_register_email_confirm: false +gitea_offline_mode: true +gitea_only_allow_external_registration: false +gitea_show_registration_button: true +gitea_require_signin: true +gitea_enable_captcha: true +gitea_enable_notify_mail: false +gitea_auto_watch_new_repos: true +gitea_themes: gitea,arc-green +gitea_theme_default: gitea + +# security +gitea_secret_key: T0pS3cr31 +gitea_internal_token: SomethingVeryLong +gitea_disable_git_hooks: true gitea_http_domain: localhost + gitea_root_url: http://localhost:3000 gitea_protocol: http gitea_http_listen: 127.0.0.1 gitea_http_port: 3000 # gitea_http_letsencrypt_mail: - required gitea_disable_http_git: false -gitea_offline_mode: true + +gitea_user_repo_limit: -1 gitea_lfs_server_enabled: false gitea_lfs_content_path: "{{ gitea_home }}/data/lfs" gitea_lfs_jwt_secret: '' +gitea_systemd_cap_net_bind_service: false gitea_db_type: sqlite3 gitea_db_host: 127.0.0.0:3306 gitea_db_name: root @@ -41,19 +63,7 @@ gitea_ssh_domain: localhost gitea_start_ssh: true gitea_ssh_port: 2222 -gitea_secret_key: T0pS3cr31 -gitea_internal_token: SomethingVeryLong -gitea_disable_git_hooks: true -gitea_show_user_email: false -gitea_disable_gravatar: true -gitea_disable_registration: false -gitea_register_email_confirm: false -gitea_show_registration_button: true -gitea_require_signin: true -gitea_enable_captcha: true -gitea_only_allow_external_registration: false -gitea_enable_notify_mail: false gitea_force_private: false @@ -82,8 +92,6 @@ gitea_oauth2_jwt_secret: '' gitea_metrics_enabled: false gitea_metrics_token: ~ -gitea_themes: gitea,arc-green -gitea_theme_default: gitea gitea_repo_indexer_enabled: false gitea_repo_indexer_include: "" diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index 227a995..8d7e1ee 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -131,7 +131,7 @@ RECAPTCHA_SITEKEY = SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button | ternary('true', 'false') }} ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration | ternary('true', 'false') }} ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail | ternary('true', 'false') }} - +AUTO_WATCH_NEW_REPOS = {{ gitea_auto_watch_new_repos | ternary('true', 'false') }} [mailer] ENABLED = {{ gitea_mailer_enabled | ternary('true', 'false') }} ; Mail server