mirror of
https://github.com/roles-ansible/ansible_role_gitea.git
synced 2024-08-16 11:39:50 +02:00
Improve ARM Support (#74)
* Gitea user should be a system user * Improve installation system * Download archive instead of binary * Add checksum validation * Add GPG check * Add backup process before upgrading * Improve ARM support * Improve support for Vault Encrypted JWT tokens * Fix spacing in gitea configuration template When Gitea rewrite the configuration file (e.g.: the JWT token is not set or doesn't fit their criteria), it'll align space on a per-section basis in the .ini file. If the template is not properly spaced, at the next Ansible run, you'll have an enormous diff, hidding what the real changes are. * add proper redhat/debian deps for molecule testing * Gitea group should be a system group * fix linting for CI * Update CI and meta information for up-to-date tests and distros * molecule: fix typo for redhat packages * fix typo * bump gitea version to 1.13.1 * Use Ubuntu keyservers to play nicely with everyone * Update minimum required ansible version to 2.9.8 This is required for Ubuntu Focal, which comes with systemd >= 245 The Get Facts modules doesn't work well with it before the bugfix introduced in 2.9.8 * Replace yes by True to please the linting * Truthy values needs to be lower-case * bump gitea version to 1.13.2 * perform gitea dump as gitea user * need to set become to yes * autogenerate JWT_SECRETS (#77) * autogenerate JWT_SECRETS Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined. In my opinion a much better idea than writing a value in the default config. The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit. * drop ansible.builtin. syntax * Update file permissions for "{{ gitea_home }}" (#75) The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files. This should be done better. And I have done here now. By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me ``` find . -type f -exec chmod a-x {} \+; find . -type f -exec chmod u=rwX {} \+; ``` * Bump cryptography from 3.2 to 3.3.2 (#79) Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Gitea user should be a system user * Improve installation system * Download archive instead of binary * Add checksum validation * Add GPG check * Add backup process before upgrading * Improve ARM support * Fix spacing in gitea configuration template When Gitea rewrite the configuration file (e.g.: the JWT token is not set or doesn't fit their criteria), it'll align space on a per-section basis in the .ini file. If the template is not properly spaced, at the next Ansible run, you'll have an enormous diff, hidding what the real changes are. * add proper redhat/debian deps for molecule testing * Gitea group should be a system group * fix linting for CI * Update CI and meta information for up-to-date tests and distros * molecule: fix typo for redhat packages * fix typo * bump gitea version to 1.13.1 * Use Ubuntu keyservers to play nicely with everyone * Update minimum required ansible version to 2.9.8 This is required for Ubuntu Focal, which comes with systemd >= 245 The Get Facts modules doesn't work well with it before the bugfix introduced in 2.9.8 * Replace yes by True to please the linting * Truthy values needs to be lower-case * bump gitea version to 1.13.2 * perform gitea dump as gitea user * need to set become to yes * check-variables.yml doesn't exists anymore Co-authored-by: L3D <l3d@c3woc.de> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit is contained in:
parent
f6f5e733f0
commit
56375819a7
12 changed files with 231 additions and 113 deletions
|
@ -7,11 +7,12 @@ env:
|
|||
matrix:
|
||||
- MOLECULE_DISTRO: centos8
|
||||
- MOLECULE_DISTRO: centos7
|
||||
- MOLECULE_DISTRO: ubuntu2004
|
||||
- MOLECULE_DISTRO: ubuntu1804
|
||||
- MOLECULE_DISTRO: ubuntu1604
|
||||
- MOLECULE_DISTRO: debian10
|
||||
- MOLECULE_DISTRO: debian9
|
||||
- MOLECULE_DISTRO: fedora31
|
||||
- MOLECULE_DISTRO: fedora33
|
||||
|
||||
services:
|
||||
- docker
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
---
|
||||
gitea_version: "1.13.0"
|
||||
gitea_version: "1.13.2"
|
||||
gitea_version_check: true
|
||||
gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}"
|
||||
gitea_gpg_key: "7C9E68152594688862D62AF62D9AE806EC1592E2"
|
||||
gitea_gpg_server: "hkp://keyserver.ubuntu.com:80"
|
||||
|
||||
gitea_app_name: "Gitea"
|
||||
gitea_user: "gitea"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
galaxy_info:
|
||||
author: Thomas Maurice
|
||||
description: Ansible Role - Gitea
|
||||
min_ansible_version: 2.7.9
|
||||
min_ansible_version: 2.9.8
|
||||
license: BSD-3-Clause
|
||||
galaxy_tags:
|
||||
- git
|
||||
|
@ -16,12 +16,17 @@ galaxy_info:
|
|||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- name: EL
|
||||
versions:
|
||||
- 7
|
||||
- buster
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- xenial
|
||||
- bionic
|
||||
- focal
|
||||
- name: CentOS
|
||||
versions:
|
||||
- 7
|
||||
- 8
|
||||
- name: Fedora
|
||||
versions:
|
||||
- 33
|
||||
|
|
|
@ -1,22 +1,27 @@
|
|||
---
|
||||
- name: Perpare
|
||||
- name: Prepare
|
||||
hosts: all
|
||||
become: true
|
||||
tasks:
|
||||
- name: install dependencies for gitea (RedHat based systems)
|
||||
yum:
|
||||
name: "{{ packages }}"
|
||||
name: "{{ redhat_packages }}"
|
||||
state: present
|
||||
update_cache: true
|
||||
when: ansible_os_family == "RedHat"
|
||||
- name: install dependencies for gitea (Debian based systems)
|
||||
apt:
|
||||
name: "{{ packages }}"
|
||||
name: "{{ debian_packages }}"
|
||||
state: present
|
||||
update_cache: true
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
vars:
|
||||
packages:
|
||||
debian_packages:
|
||||
- git
|
||||
- curl
|
||||
- xz-utils
|
||||
redhat_packages:
|
||||
- git
|
||||
- curl
|
||||
- xz
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
ansible==2.9.6
|
||||
ansible==2.9.8
|
||||
ansible-lint==4.2.0
|
||||
anyconfig==0.9.7
|
||||
arrow==0.15.5
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
- name: "Create Gitea Group"
|
||||
group:
|
||||
name: "{{ gitea_group }}"
|
||||
state: present
|
||||
system: true
|
||||
state: "present"
|
||||
|
||||
- name: "Create Gitea user"
|
||||
user:
|
||||
|
@ -10,3 +11,4 @@
|
|||
comment: "Gitea user"
|
||||
home: "{{ gitea_home }}"
|
||||
shell: "{{ gitea_shell }}"
|
||||
system: true
|
||||
|
|
93
tasks/install.yml
Normal file
93
tasks/install.yml
Normal file
|
@ -0,0 +1,93 @@
|
|||
---
|
||||
- block:
|
||||
- name: Update apt cache
|
||||
apt:
|
||||
cache_valid_time: 3600
|
||||
update_cache: true
|
||||
register: _pre_update_apt_cache
|
||||
until: _pre_update_apt_cache is succeeded
|
||||
when:
|
||||
- ansible_pkg_mgr == "apt"
|
||||
|
||||
- name: Install dependencies
|
||||
package:
|
||||
name: "{{ gitea_dependencies }}"
|
||||
state: present
|
||||
register: _install_dep_packages
|
||||
until: _install_dep_packages is succeeded
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
- name: Get service facts
|
||||
service_facts:
|
||||
|
||||
- block:
|
||||
- name: Stopping gitea before upgrade
|
||||
service:
|
||||
name: gitea
|
||||
state: stopped
|
||||
|
||||
- name: Backing up gitea before upgrade
|
||||
command:
|
||||
cmd: "gitea dump -c /etc/gitea/gitea.ini"
|
||||
chdir: /var/backups/
|
||||
become: true
|
||||
become_method: su
|
||||
become_user: "{{ gitea_user }}"
|
||||
become_flags: "-s /bin/sh"
|
||||
when:
|
||||
- ansible_facts.services["gitea.service"] is defined
|
||||
- ansible_facts.services["gitea.service"].state == "running"
|
||||
- gitea_active_version.stdout != gitea_version
|
||||
|
||||
- block:
|
||||
- name: Download gitea archive
|
||||
get_url:
|
||||
url: "{{ gitea_dl_url }}.xz"
|
||||
dest: "/tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz"
|
||||
checksum: "sha256:{{ gitea_dl_url }}.xz.sha256"
|
||||
register: _download_archive
|
||||
until: _download_archive is succeeded
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
- name: Download gitea asc file
|
||||
get_url:
|
||||
url: "{{ gitea_dl_url }}.xz.asc"
|
||||
dest: "/tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz.asc"
|
||||
register: _download_asc
|
||||
until: _download_asc is succeeded
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
- name: Check gitea gpg key
|
||||
command: "gpg --list-keys 0x{{ gitea_gpg_key }}"
|
||||
register: _gitea_gpg_key_status
|
||||
changed_when: false
|
||||
failed_when: _gitea_gpg_key_status.rc not in (0, 2)
|
||||
|
||||
- name: Import gitea gpg key
|
||||
command: "gpg --keyserver {{ gitea_gpg_server }} --recv {{ gitea_gpg_key }}"
|
||||
register: _gitea_import_key
|
||||
changed_when: '"imported: 1" in _gitea_import_key.stderr'
|
||||
when: _gitea_gpg_key_status.rc != 0
|
||||
|
||||
- name: Check archive signature
|
||||
command: "gpg --verify /tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz.asc /tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz"
|
||||
changed_when: false
|
||||
|
||||
- name: Unpack gitea binary
|
||||
command:
|
||||
cmd: "xz -k -d /tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz"
|
||||
creates: "/tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}"
|
||||
|
||||
- name: Propagate gitea binary
|
||||
copy:
|
||||
src: "/tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}"
|
||||
remote_src: true
|
||||
dest: "/usr/local/bin/gitea"
|
||||
mode: 0755
|
||||
owner: root
|
||||
group: root
|
||||
notify: "Restart gitea"
|
||||
when: (not gitea_version_check|bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version))
|
|
@ -1,4 +1,12 @@
|
|||
---
|
||||
- name: Gather variables for each operating system
|
||||
include_vars: "{{ item }}"
|
||||
with_first_found:
|
||||
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
|
||||
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
|
||||
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
|
||||
- "{{ ansible_distribution | lower }}.yml"
|
||||
- "{{ ansible_os_family | lower }}.yml"
|
||||
|
||||
- name: "Check gitea version"
|
||||
shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3"
|
||||
|
@ -9,16 +17,7 @@
|
|||
failed_when: false
|
||||
when: gitea_version_check|bool
|
||||
|
||||
- name: "Download the binary"
|
||||
get_url:
|
||||
url: "{{ gitea_dl_url }}"
|
||||
dest: /usr/local/bin/gitea
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
force: true
|
||||
notify: "Restart gitea"
|
||||
when: (not gitea_version_check|bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version))
|
||||
- include: install.yml
|
||||
|
||||
- include: create_user.yml
|
||||
|
||||
|
@ -48,15 +47,11 @@
|
|||
- "{{ gitea_home }}/custom/mailer"
|
||||
- "{{ gitea_home }}/indexers"
|
||||
- "{{ gitea_home }}/log"
|
||||
- "{{ gitea_repository_root }}"
|
||||
|
||||
- include: install_systemd.yml
|
||||
when: ansible_service_mgr == "systemd"
|
||||
|
||||
- name: 'Install git'
|
||||
package:
|
||||
name: 'git'
|
||||
state: 'present'
|
||||
|
||||
- include_tasks: jwt_secrets.yml
|
||||
|
||||
- name: "Configure gitea"
|
||||
|
|
|
@ -6,195 +6,192 @@
|
|||
; Cheat Sheet: https://docs.gitea.io/en-us/config-cheat-sheet/
|
||||
;
|
||||
; App name that shows on every page title
|
||||
APP_NAME = {{ gitea_app_name }}
|
||||
APP_NAME = {{ gitea_app_name }}
|
||||
; Change it if you run locally
|
||||
RUN_USER = {{ gitea_user }}
|
||||
; Either "dev", "prod" or "test", default is "dev"
|
||||
RUN_MODE = prod
|
||||
|
||||
[repository]
|
||||
ROOT = {{ gitea_repository_root }}
|
||||
ROOT = {{ gitea_repository_root }}
|
||||
; Force every new repository to be private
|
||||
FORCE_PRIVATE = {{ gitea_force_private }}
|
||||
FORCE_PRIVATE = {{ gitea_force_private }}
|
||||
; Global limit of repositories per user, applied at creation time. -1 means no limit
|
||||
MAX_CREATION_LIMIT = {{ gitea_user_repo_limit }}
|
||||
MAX_CREATION_LIMIT = {{ gitea_user_repo_limit }}
|
||||
; Mirror sync queue length, increase if mirror syncing starts hanging
|
||||
MIRROR_QUEUE_LENGTH = 1000
|
||||
; Disable the ability to interact with repositories using the HTTP protocol
|
||||
DISABLE_HTTP_GIT = {{ gitea_disable_http_git }}
|
||||
DISABLE_HTTP_GIT = {{ gitea_disable_http_git }}
|
||||
|
||||
[ui]
|
||||
; Whether the email of the user should be shown in the Explore Users page
|
||||
SHOW_USER_EMAIL = {{ gitea_show_user_email }}
|
||||
THEMES = {{ gitea_themes }}
|
||||
DEFAULT_THEME = {{ gitea_theme_default }}
|
||||
SHOW_USER_EMAIL = {{ gitea_show_user_email }}
|
||||
THEMES = {{ gitea_themes }}
|
||||
DEFAULT_THEME = {{ gitea_theme_default }}
|
||||
|
||||
[server]
|
||||
; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'.
|
||||
PROTOCOL = {{ gitea_protocol }}
|
||||
DOMAIN = {{ gitea_http_domain }}
|
||||
ROOT_URL = {{ gitea_root_url }}
|
||||
PROTOCOL = {{ gitea_protocol }}
|
||||
DOMAIN = {{ gitea_http_domain }}
|
||||
ROOT_URL = {{ gitea_root_url }}
|
||||
; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
|
||||
HTTP_ADDR = {{ gitea_http_listen }}
|
||||
HTTP_PORT = {{ gitea_http_port }}
|
||||
HTTP_ADDR = {{ gitea_http_listen }}
|
||||
HTTP_PORT = {{ gitea_http_port }}
|
||||
; Disable SSH feature when not available
|
||||
DISABLE_SSH = false
|
||||
DISABLE_SSH = false
|
||||
; Whether to use the builtin SSH server or not.
|
||||
START_SSH_SERVER = {{ gitea_start_ssh }}
|
||||
START_SSH_SERVER = {{ gitea_start_ssh }}
|
||||
; Domain name to be exposed in clone URL
|
||||
SSH_DOMAIN = {{ gitea_ssh_domain }}
|
||||
SSH_DOMAIN = {{ gitea_ssh_domain }}
|
||||
; The network interface the builtin SSH server should listen on
|
||||
SSH_LISTEN_HOST = {{ gitea_ssh_listen }}
|
||||
SSH_LISTEN_HOST = {{ gitea_ssh_listen }}
|
||||
; Port number to be exposed in clone URL
|
||||
SSH_PORT = {{ gitea_ssh_port }}
|
||||
SSH_PORT = {{ gitea_ssh_port }}
|
||||
; The port number the builtin SSH server should listen on
|
||||
SSH_LISTEN_PORT = %(SSH_PORT)s
|
||||
SSH_LISTEN_PORT = %(SSH_PORT)s
|
||||
; Disable CDN even in "prod" mode
|
||||
OFFLINE_MODE = {{ gitea_offline_mode }}
|
||||
OFFLINE_MODE = {{ gitea_offline_mode }}
|
||||
; Default path for App data
|
||||
APP_DATA_PATH = {{ gitea_home }}/data
|
||||
{%- if gitea_lfs_server_enabled | bool %}
|
||||
APP_DATA_PATH = {{ gitea_home }}/data
|
||||
{% if gitea_lfs_server_enabled | bool -%}
|
||||
;Enables git-lfs support.
|
||||
LFS_START_SERVER = true
|
||||
LFS_START_SERVER = true
|
||||
; Where to store LFS files.
|
||||
LFS_CONTENT_PATH = {{ gitea_lfs_content_path }}
|
||||
LFS_CONTENT_PATH = {{ gitea_lfs_content_path }}
|
||||
; LFS authentication secret
|
||||
LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
|
||||
|
||||
{%- endif %}
|
||||
LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
|
||||
{% endif %}
|
||||
|
||||
[database]
|
||||
; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
|
||||
DB_TYPE = {{ gitea_db_type }}
|
||||
HOST = {{ gitea_db_host }}
|
||||
NAME = {{ gitea_db_name }}
|
||||
USER = {{ gitea_db_user }}
|
||||
DB_TYPE = {{ gitea_db_type }}
|
||||
HOST = {{ gitea_db_host }}
|
||||
NAME = {{ gitea_db_name }}
|
||||
USER = {{ gitea_db_user }}
|
||||
; Use PASSWD = `your password` for quoting if you use special characters in the password.
|
||||
PASSWD = {{ gitea_db_password }}
|
||||
PASSWD = {{ gitea_db_password }}
|
||||
; For Postgres, either "disable" (default), "require", or "verify-full"
|
||||
; For MySQL, either "false" (default), "true", or "skip-verify"
|
||||
SSL_MODE = {{ gitea_db_ssl }}
|
||||
SSL_MODE = {{ gitea_db_ssl }}
|
||||
; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
|
||||
PATH = {{ gitea_db_path }}
|
||||
PATH = {{ gitea_db_path }}
|
||||
|
||||
[indexer]
|
||||
; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
|
||||
ISSUE_INDEXER_PATH = {{ gitea_home }}/indexers/issues.bleve
|
||||
ISSUE_INDEXER_PATH = {{ gitea_home }}/indexers/issues.bleve
|
||||
; Issue indexer queue, currently support: channel or levelqueue, default is levelqueue
|
||||
ISSUE_INDEXER_QUEUE_TYPE = levelqueue
|
||||
ISSUE_INDEXER_QUEUE_TYPE = levelqueue
|
||||
; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path,
|
||||
; default is indexers/issues.queue
|
||||
ISSUE_INDEXER_QUEUE_DIR = {{ gitea_home }}/indexers/issues.queue
|
||||
|
||||
ISSUE_INDEXER_QUEUE_DIR = {{ gitea_home }}/indexers/issues.queue
|
||||
; repo indexer by default disabled, since it uses a lot of disk space
|
||||
REPO_INDEXER_ENABLED = {{ gitea_repo_indexer_enabled }}
|
||||
REPO_INDEXER_PATH = {{ gitea_home }}/indexers/repos.bleve
|
||||
REPO_INDEXER_INCLUDE = {{ gitea_repo_indexer_include }}
|
||||
REPO_INDEXER_EXCLUDE = {{ gitea_repo_indexer_exclude }}
|
||||
REPO_INDEXER_ENABLED = {{ gitea_repo_indexer_enabled }}
|
||||
REPO_INDEXER_PATH = {{ gitea_home }}/indexers/repos.bleve
|
||||
REPO_INDEXER_INCLUDE = {{ gitea_repo_indexer_include }}
|
||||
REPO_INDEXER_EXCLUDE = {{ gitea_repo_indexer_exclude }}
|
||||
REPO_INDEXER_EXCLUDE_VENDORED = {{ gitea_repo_exclude_vendored }}
|
||||
MAX_FILE_SIZE = {{ gitea_repo_indexer_max_file_size }}
|
||||
MAX_FILE_SIZE = {{ gitea_repo_indexer_max_file_size }}
|
||||
|
||||
[security]
|
||||
; Whether the installer is disabled
|
||||
INSTALL_LOCK = true
|
||||
INSTALL_LOCK = true
|
||||
; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
|
||||
SECRET_KEY = {{ gitea_secret_key }}
|
||||
INTERNAL_TOKEN = {{ gitea_internal_token }}
|
||||
SECRET_KEY = {{ gitea_secret_key }}
|
||||
INTERNAL_TOKEN = {{ gitea_internal_token }}
|
||||
; How long to remember that an user is logged in before requiring relogin (in days)
|
||||
LOGIN_REMEMBER_DAYS = 7
|
||||
DISABLE_GIT_HOOKS = {{ gitea_disable_git_hooks }}
|
||||
DISABLE_GIT_HOOKS = {{ gitea_disable_git_hooks }}
|
||||
|
||||
[service]
|
||||
; Disallow registration, only allow admins to create accounts.
|
||||
DISABLE_REGISTRATION = {{ gitea_disable_registration }}
|
||||
DISABLE_REGISTRATION = {{ gitea_disable_registration }}
|
||||
; User must sign in to view anything.
|
||||
REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin }}
|
||||
REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin }}
|
||||
; Enable captcha validation for registration
|
||||
ENABLE_CAPTCHA = {{ gitea_enable_captcha }}
|
||||
ENABLE_CAPTCHA = {{ gitea_enable_captcha }}
|
||||
; Type of captcha you want to use. Options: image, recaptcha
|
||||
CAPTCHA_TYPE = image
|
||||
CAPTCHA_TYPE = image
|
||||
; Enable recaptcha to use Google's recaptcha service
|
||||
; Go to https://www.google.com/recaptcha/admin to sign up for a key
|
||||
RECAPTCHA_SECRET =
|
||||
RECAPTCHA_SITEKEY =
|
||||
RECAPTCHA_SECRET =
|
||||
RECAPTCHA_SITEKEY =
|
||||
; Show Registration button
|
||||
SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button }}
|
||||
SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button }}
|
||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration }}
|
||||
ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail }}
|
||||
ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail }}
|
||||
|
||||
[mailer]
|
||||
ENABLED = {{ gitea_mailer_enabled }}
|
||||
ENABLED = {{ gitea_mailer_enabled }}
|
||||
; Mail server
|
||||
; Gmail: smtp.gmail.com:587
|
||||
; QQ: smtp.qq.com:465
|
||||
; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used.
|
||||
HOST = {{ gitea_mailer_host }}
|
||||
HOST = {{ gitea_mailer_host }}
|
||||
; Disable HELO operation when hostnames are different.
|
||||
DISABLE_HELO =
|
||||
DISABLE_HELO =
|
||||
; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
|
||||
HELO_HOSTNAME =
|
||||
HELO_HOSTNAME =
|
||||
; Do not verify the certificate of the server. Only use this for self-signed certificates
|
||||
SKIP_VERIFY = {{ gitea_mailer_skip_verify }}
|
||||
SKIP_VERIFY = {{ gitea_mailer_skip_verify }}
|
||||
; Use client certificate
|
||||
USE_CERTIFICATE = false
|
||||
CERT_FILE = {{ gitea_home }}/custom/mailer/cert.pem
|
||||
KEY_FILE = {{ gitea_home }}/custom/mailer/key.pem
|
||||
USE_CERTIFICATE = false
|
||||
CERT_FILE = {{ gitea_home }}/custom/mailer/cert.pem
|
||||
KEY_FILE = {{ gitea_home }}/custom/mailer/key.pem
|
||||
; Should SMTP connection use TLS
|
||||
IS_TLS_ENABLED = {{ gitea_mailer_tls_enabled }}
|
||||
IS_TLS_ENABLED = {{ gitea_mailer_tls_enabled }}
|
||||
; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
|
||||
FROM = {{ gitea_mailer_from }}
|
||||
FROM = {{ gitea_mailer_from }}
|
||||
; Mailer user name and password
|
||||
USER = {{ gitea_mailer_user }}
|
||||
USER = {{ gitea_mailer_user }}
|
||||
; Use PASSWD = `your password` for quoting if you use special characters in the password.
|
||||
PASSWD = `{{ gitea_mailer_password }}`
|
||||
PASSWD = {{ gitea_mailer_password }}
|
||||
; Send mails as plain text
|
||||
SEND_AS_PLAIN_TEXT = false
|
||||
; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
|
||||
MAILER_TYPE = {{ gitea_mailer_type }}
|
||||
MAILER_TYPE = {{ gitea_mailer_type }}
|
||||
; Specify an alternative sendmail binary
|
||||
SENDMAIL_PATH = sendmail
|
||||
SENDMAIL_PATH = sendmail
|
||||
; Specify any extra sendmail arguments
|
||||
SENDMAIL_ARGS =
|
||||
|
||||
SENDMAIL_ARGS =
|
||||
|
||||
[session]
|
||||
; Either "memory", "file", or "redis", default is "memory"
|
||||
PROVIDER = file
|
||||
PROVIDER = file
|
||||
; Provider config options
|
||||
; memory: doesn't have any config yet
|
||||
; file: session file path, e.g. `data/sessions`
|
||||
; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
|
||||
; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
|
||||
PROVIDER_CONFIG = {{ gitea_home }}/data/sessions
|
||||
PROVIDER_CONFIG = {{ gitea_home }}/data/sessions
|
||||
|
||||
[picture]
|
||||
AVATAR_UPLOAD_PATH = {{ gitea_home }}/data/avatars
|
||||
AVATAR_UPLOAD_PATH = {{ gitea_home }}/data/avatars
|
||||
; This value will always be true in offline mode.
|
||||
DISABLE_GRAVATAR = {{ gitea_disable_gravatar }}
|
||||
DISABLE_GRAVATAR = {{ gitea_disable_gravatar }}
|
||||
|
||||
[attachment]
|
||||
; Whether attachments are enabled. Defaults to `true`
|
||||
ENABLED = true
|
||||
; Path for attachments. Defaults to `data/attachments`
|
||||
PATH = {{ gitea_home }}/data/attachments
|
||||
PATH = {{ gitea_home }}/data/attachments
|
||||
|
||||
[log]
|
||||
ROOT_PATH = {{ gitea_home }}/log
|
||||
ROOT_PATH = {{ gitea_home }}/log
|
||||
; Either "console", "file", "conn", "smtp" or "database", default is "console"
|
||||
; Use comma to separate multiple modes, e.g. "console, file"
|
||||
MODE = file
|
||||
MODE = file
|
||||
; Buffer length of the channel, keep it as it is if you don't know what it is.
|
||||
BUFFER_LEN = 10000
|
||||
BUFFER_LEN = 10000
|
||||
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
|
||||
LEVEL = Info
|
||||
LEVEL = Info
|
||||
REDIRECT_MACARON_LOG = false
|
||||
|
||||
[oauth2]
|
||||
ENABLE = {{ gitea_oauth2_enabled }}
|
||||
ENABLE = {{ gitea_oauth2_enabled }}
|
||||
JWT_SECRET = {{ gitea_oauth2_jwt_secret }}
|
||||
|
||||
[metrics]
|
||||
ENABLED = {{ gitea_metrics_enabled }}
|
||||
TOKEN = {{ gitea_metrics_token }}
|
||||
TOKEN = {{ gitea_metrics_token }}
|
||||
|
||||
{{ gitea_extra_config }}
|
||||
|
|
5
vars/debian.yml
Normal file
5
vars/debian.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
gitea_dependencies:
|
||||
- git
|
||||
- gnupg2
|
||||
- xz-utils
|
|
@ -1,2 +1,10 @@
|
|||
---
|
||||
gitea_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}"
|
||||
gitea_go_arch_map:
|
||||
i386: '386'
|
||||
x86_64: 'amd64'
|
||||
aarch64: 'arm64'
|
||||
armv7l: 'arm-6'
|
||||
armv6l: 'arm-6'
|
||||
armv5l: 'arm-5'
|
||||
|
||||
gitea_arch: "{{ gitea_go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
|
||||
|
|
5
vars/redhat.yml
Normal file
5
vars/redhat.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
gitea_dependencies:
|
||||
- git
|
||||
- gnupg2
|
||||
- xz
|
Loading…
Reference in a new issue