From 1f88e7238a589f4e2743202d99528792abd96b8b Mon Sep 17 00:00:00 2001 From: Simeon Keske Date: Sat, 9 May 2020 23:01:51 +0200 Subject: [PATCH 01/10] Allow to specify default theme --- README.md | 2 ++ defaults/main.yml | 3 +++ templates/gitea.ini.j2 | 2 ++ 3 files changed, 7 insertions(+) diff --git a/README.md b/README.md index 41a970c..f0e79d7 100644 --- a/README.md +++ b/README.md @@ -69,6 +69,8 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we * `gitea_enable_captcha`: Do you want to enable captcha's ? (true/false) * `gitea_secret_key`: Cookie secret key * `gitea_internal_token`: Internal API token +* `gitea_themes`: List of enabled themes +* `gitea_theme_default`: Default theme ### Limits diff --git a/defaults/main.yml b/defaults/main.yml index b2eff47..919797b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -64,3 +64,6 @@ gitea_oauth2_jwt_secret: ChangeMe gitea_metrics_enabled: false gitea_metrics_token: ~ + +gitea_themes: gitea,arc-green +gitea_theme_default: gitea diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index a57d626..e8412d4 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -26,6 +26,8 @@ DISABLE_HTTP_GIT = {{ gitea_disable_http_git }} [ui] ; Whether the email of the user should be shown in the Explore Users page SHOW_USER_EMAIL = {{ gitea_show_user_email }} +TMEMES = {{ gitea_themes }} +DEFAULT_THEME = {{ gitea_theme_default }} [server] ; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'. From 259d761eb25a848b930a73734beac4555caa2fef Mon Sep 17 00:00:00 2001 From: Simeon Keske Date: Sun, 10 May 2020 04:18:59 +0200 Subject: [PATCH 02/10] add variable gitea_only_allow_external_registration --- README.md | 1 + defaults/main.yml | 1 + templates/gitea.ini.j2 | 1 + 3 files changed, 3 insertions(+) diff --git a/README.md b/README.md index f0e79d7..e600240 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we * `gitea_disable_gravatar`: Do you want to disable Gravatar ? (privacy and so on) (true/false) * `gitea_offline_mode`: Same but for disabling CDNs for frontend assets (true/false) * `gitea_disable_registration`: Do you want to disable user registration ? (true/false) +* `gitea_only_allow_external_registration`: Do you want to force registration only using third-party services ? (true/false) * `gitea_show_registration_button`: Do you want to show the registration button? (true/false) * `gitea_require_signin`: Do you require a signin to see repo's (even public ones) ? (true/false) * `gitea_enable_captcha`: Do you want to enable captcha's ? (true/false) diff --git a/defaults/main.yml b/defaults/main.yml index 919797b..f301092 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -42,6 +42,7 @@ gitea_disable_registration: false gitea_show_registration_button: true gitea_require_signin: true gitea_enable_captcha: true +gitea_only_allow_external_registration: false gitea_force_private: false diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index e8412d4..b0dd770 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -111,6 +111,7 @@ RECAPTCHA_SECRET = RECAPTCHA_SITEKEY = ; Show Registration button SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button }} +ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration }} [mailer] ENABLED = {{ gitea_mailer_enabled }} From 349d9dff4f114795c91dba9753250efb2cb52119 Mon Sep 17 00:00:00 2001 From: Simeon Keske Date: Fri, 15 May 2020 10:56:12 +0200 Subject: [PATCH 03/10] fix typo in THEMES --- templates/gitea.ini.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index b0dd770..6810c93 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -26,7 +26,7 @@ DISABLE_HTTP_GIT = {{ gitea_disable_http_git }} [ui] ; Whether the email of the user should be shown in the Explore Users page SHOW_USER_EMAIL = {{ gitea_show_user_email }} -TMEMES = {{ gitea_themes }} +THEMES = {{ gitea_themes }} DEFAULT_THEME = {{ gitea_theme_default }} [server] From 8506ca4f2b877eb3e2df843f2f30651a364f8344 Mon Sep 17 00:00:00 2001 From: Leo Maroni Date: Mon, 18 May 2020 23:37:17 +0200 Subject: [PATCH 04/10] Add config option to set repository path different to home_path --- defaults/main.yml | 1 + templates/gitea.ini.j2 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index f301092..21d8b61 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -7,6 +7,7 @@ gitea_user: "gitea" gitea_home: "/var/lib/gitea" gitea_shell: "/bin/false" +gitea_repository_root: "{{ gitea_home }}" gitea_user_repo_limit: -1 gitea_http_domain: localhost diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index 6810c93..eee69d3 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -13,7 +13,7 @@ RUN_USER = {{ gitea_user }} RUN_MODE = prod [repository] -ROOT = {{ gitea_home }} +ROOT = {{ gitea_repository_root }} ; Force every new repository to be private FORCE_PRIVATE = {{ gitea_force_private }} ; Global limit of repositories per user, applied at creation time. -1 means no limit From 16707f4a3800d1d5fcb2190ec9e4387dcdfbff96 Mon Sep 17 00:00:00 2001 From: Simeon Keske Date: Sun, 17 May 2020 15:56:23 +0200 Subject: [PATCH 05/10] Allow to set a custom Download-URL for gitea --- README.md | 1 + defaults/main.yml | 1 + tasks/main.yml | 2 +- vars/main.yml | 3 +-- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e600240..36ede6e 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we * `gitea_version_check`: Check if installed version != `gitea_version` before initiating binary download * `gitea_user`: UNIX user used by Gitea * `gitea_home`: Base directory to work +* `gitea_dl_url`: The URL, the compiled gitea-binary will be downloaded from ### Look and feel diff --git a/defaults/main.yml b/defaults/main.yml index 21d8b61..b010faa 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,7 @@ --- gitea_version: "1.11.5" gitea_version_check: true +gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}" gitea_app_name: "Gitea" gitea_user: "gitea" diff --git a/tasks/main.yml b/tasks/main.yml index ca9912d..7dc5921 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -11,7 +11,7 @@ - name: "Download the binary" get_url: - url: "{{ gitea_dl_url }}/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}" + url: "{{ gitea_dl_url }}" dest: /usr/local/bin/gitea owner: root group: root diff --git a/vars/main.yml b/vars/main.yml index 3581cfb..5f1cce7 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,3 +1,2 @@ --- -gitea_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}" -gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download" +gitea_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}" \ No newline at end of file From e83335d9fb646755c8d62455a65869d2774278e9 Mon Sep 17 00:00:00 2001 From: Simeon Keske Date: Sun, 17 May 2020 16:49:43 +0200 Subject: [PATCH 06/10] add newline at the ent of the file --- vars/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/main.yml b/vars/main.yml index 5f1cce7..9ec5113 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,2 +1,2 @@ --- -gitea_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}" \ No newline at end of file +gitea_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}" From c3891fc4b3b4fe979afac20f21968ddf31cd5fa3 Mon Sep 17 00:00:00 2001 From: L3D Date: Tue, 2 Jun 2020 10:54:58 +0200 Subject: [PATCH 07/10] Update gitea to v1.11.6 New Release available: https://github.com/go-gitea/gitea/releases/tag/v1.11.6 --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index b010faa..bbf28e1 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -gitea_version: "1.11.5" +gitea_version: "1.11.6" gitea_version_check: true gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}" From efc0363f4b7b0b9cb446984bbf91603897354fb6 Mon Sep 17 00:00:00 2001 From: Leo Maroni Date: Tue, 19 May 2020 10:27:52 +0200 Subject: [PATCH 08/10] Added CAP_NET_BIND_SERVICE to gitea.service to allow binding to ports lower than 1024 --- templates/gitea.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/gitea.service.j2 b/templates/gitea.service.j2 index c746cc4..7b59386 100644 --- a/templates/gitea.service.j2 +++ b/templates/gitea.service.j2 @@ -7,6 +7,7 @@ User={{ gitea_user }} ExecStart=/usr/local/bin/gitea web -c /etc/gitea/gitea.ini Restart=on-failure WorkingDirectory={{ gitea_home }} +AmbientCapabilities=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target From 2b665bdb1d12a21b4734716ebfcf35a6383c615a Mon Sep 17 00:00:00 2001 From: Leo Maroni Date: Wed, 20 May 2020 14:13:11 +0200 Subject: [PATCH 09/10] Add variable to enable adding CAP_NET_BIND_SERVICE to systemd service --- README.md | 1 + defaults/main.yml | 1 + templates/gitea.service.j2 | 2 ++ 3 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 36ede6e..1116f1c 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we * `gitea_user`: UNIX user used by Gitea * `gitea_home`: Base directory to work * `gitea_dl_url`: The URL, the compiled gitea-binary will be downloaded from +* `gitea_systemd_cap_net_bind_service`: Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file ### Look and feel diff --git a/defaults/main.yml b/defaults/main.yml index bbf28e1..dfa2884 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -7,6 +7,7 @@ gitea_app_name: "Gitea" gitea_user: "gitea" gitea_home: "/var/lib/gitea" gitea_shell: "/bin/false" +gitea_systemd_cap_net_bind_service: false gitea_repository_root: "{{ gitea_home }}" gitea_user_repo_limit: -1 diff --git a/templates/gitea.service.j2 b/templates/gitea.service.j2 index 7b59386..f7c004d 100644 --- a/templates/gitea.service.j2 +++ b/templates/gitea.service.j2 @@ -7,7 +7,9 @@ User={{ gitea_user }} ExecStart=/usr/local/bin/gitea web -c /etc/gitea/gitea.ini Restart=on-failure WorkingDirectory={{ gitea_home }} +{% if gitea_systemd_cap_net_bind_service %} AmbientCapabilities=CAP_NET_BIND_SERVICE +{% endif %} [Install] WantedBy=multi-user.target From 77d593a4b9b4e8af8ee82479e5c8f905d42d349a Mon Sep 17 00:00:00 2001 From: Sergej Date: Tue, 16 Jun 2020 08:53:32 +0200 Subject: [PATCH 10/10] Bugfix: set -o pipefail fails silently. This is due the fact that Ansible often takes another default shell to execute its commands, e.g., /bin/sh. Solution is to require /bin/bash for the particular command. --- tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tasks/main.yml b/tasks/main.yml index 7dc5921..00c2fe1 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -4,6 +4,8 @@ - name: "Check gitea version" shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3" + args: + executable: /bin/bash register: gitea_active_version changed_when: false failed_when: false