From 2b665bdb1d12a21b4734716ebfcf35a6383c615a Mon Sep 17 00:00:00 2001 From: Leo Maroni Date: Wed, 20 May 2020 14:13:11 +0200 Subject: [PATCH] Add variable to enable adding CAP_NET_BIND_SERVICE to systemd service --- README.md | 1 + defaults/main.yml | 1 + templates/gitea.service.j2 | 2 ++ 3 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 36ede6e..1116f1c 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we * `gitea_user`: UNIX user used by Gitea * `gitea_home`: Base directory to work * `gitea_dl_url`: The URL, the compiled gitea-binary will be downloaded from +* `gitea_systemd_cap_net_bind_service`: Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file ### Look and feel diff --git a/defaults/main.yml b/defaults/main.yml index bbf28e1..dfa2884 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -7,6 +7,7 @@ gitea_app_name: "Gitea" gitea_user: "gitea" gitea_home: "/var/lib/gitea" gitea_shell: "/bin/false" +gitea_systemd_cap_net_bind_service: false gitea_repository_root: "{{ gitea_home }}" gitea_user_repo_limit: -1 diff --git a/templates/gitea.service.j2 b/templates/gitea.service.j2 index 7b59386..f7c004d 100644 --- a/templates/gitea.service.j2 +++ b/templates/gitea.service.j2 @@ -7,7 +7,9 @@ User={{ gitea_user }} ExecStart=/usr/local/bin/gitea web -c /etc/gitea/gitea.ini Restart=on-failure WorkingDirectory={{ gitea_home }} +{% if gitea_systemd_cap_net_bind_service %} AmbientCapabilities=CAP_NET_BIND_SERVICE +{% endif %} [Install] WantedBy=multi-user.target