Merge pull request #90 from roles-ansible/t

BREAKING CHANGES: Update config file to fit gitea 1.18
2024-08-16 11:39:50 +02:00 · 2023-01-26 13:33:10 +01:00 · 2023-01-26 13:33:10 +01:00 · 577faa21cd
commit 577faa21cd
parent 9e7f0b0eff 47c3dedd1e
4 changed files with 357 additions and 74 deletions
--- a/README.md
+++ b/README.md
@ -68,23 +68,63 @@ Either you define exactly which release you install. Or you use the option ``lat
 ### Repository ([repository](https://docs.gitea.io/en-us/config-cheat-sheet/#repository-repository))
 | variable name | default value | description |
 | ------------- | ------------- | ----------- |
-| `gitea_repository_root` | `{{ gitea_home }}/repos` |  Root path for storing all repository data. It must be an absolute path. |
-| `gitea_force_private` | `false` | Force every new repository to be private. |
-| `gitea_user_repo_limit` | `-1` | Limit how many repos a user can have *(`-1` for unlimited)* |
-| `gitea_disable_http_git` | `false` | Disable the ability to interact with repositories over the HTTP protocol. (true/false) |
 | `gitea_default_branch` | `main` | Default branch name of all repositories. |
 | `gitea_default_private` | `last` | Default private when creating a new repository. [`last`, `private`, `public`] |
-| `gitea_repository_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[repository]` section of the config. |
-| `gitea_repository_upload_extra_config` | you can use this variable to pass additional config parameters in the `[repository.upload]` section of the config. |
+| `gitea_default_repo_units` | *(see defaults)* | Comma separated list of default repo units. See official docs for more |
+| `gitea_disabled_repo_units` | | Comma separated list of globally disabled repo units. |
+| `gitea_disable_http_git` | `false` | Disable the ability to interact with repositories over the HTTP protocol. (true/false) |
+| `gitea_disable_stars` | `false` | Disable stars feature. |
+| `gitea_enable_push_create_org` | `false` | Allow users to push local repositories to Gitea and have them automatically created for an org. |
+| `gitea_enable_push_create_user` | `false` | Allow users to push local repositories to Gitea and have them automatically created for an user. |
+| `gitea_force_private` | `false` | Force every new repository to be private. |
+| `gitea_user_repo_limit` | `-1` | Limit how many repos a user can have *(`-1` for unlimited)* |
+| `gitea_repository_root` | `{{ gitea_home }}/repos` |  Root path for storing all repository data. It must be an absolute path. |
+| `gitea_repository_extra_config` | | you can use this variable to pass additional config parameters in the `[repository]` section of the config. |
+| `gitea_repository_upload_extra_config` | | you can use this variable to pass additional config parameters in the `[repository.upload]` section of the config. |
+
+### Repository - Signing ([repository.signing](https://docs.gitea.io/en-us/config-cheat-sheet/#repository---signing-repositorysigning))
+| variable name | default value | description |
+| ------------- | ------------- | ----------- |
+| `gitea_enable_repo_signing_options` | `false` | Allow to configure repo signing options |
+| `gitea_repo_signing_key` | `default` | Key to sign with. |
+| `gitea_repo_signing_name` | | if a KEYID is provided as the `gitea_repo_signing_key`, use these as the Name and Email address of the signer. |
+| `gitea_repo_signing_email` | | if a KEYID is provided as the `gitea_repo_signing_key`, use these as the Name and Email address of the signer. |
+| `gitea_repo_initial_commit` | `always` | Sign initial commit. |
+| `gitea_repo_default_trust_model` | `collaborator` | The default trust model used for verifying commits. |
+| `gitea_repo_wiki` | `never` |  Sign commits to wiki. |
+| `gitea_repo_crud_actions` | *(see defaults)* | Sign CRUD actions. |
+| `gitea_repo_merges` | *(see defaults)* | Sign merges. |
+| `gitea_enable_repo_signing_extra` | | you can use this variable to pass additional config parameters in the `[repository.signing]` section of the config. |
+
+### CORS ([cors](https://docs.gitea.io/en-us/config-cheat-sheet/#cors-cors))
+| ------------- | ------------- | ----------- |
+| `gitea_enable_cors` | `false` | enable cors headers (disabled by default) |
+| `gitea_cors_scheme` | `http` | scheme of allowed requests |
+| `gitea_cors_allow_domain` | `*` | list of requesting domains that are allowed |
+| `gitea_cors_allow_subdomain` | `false` |allow subdomains of headers listed above to request |
+| `gitea_cors_methods` | *(see defaults)* | list of methods allowed to request |
+| `gitea_cors_max_age` | `10m` | max time to cache response |
+| `gitea_cors_allow_credentials` | `false` | allow request with credentials |
+| `gitea_cors_headers` | `Content-Type,User-Agent` | additional headers that are permitted in requests |
+| `gitea_cors_x_frame_options` | `SAMEORIGIN` |  Set the `X-Frame-Options` header value. |
+| `gitea_cors_extra` | | you can use this variable to pass additional config parameters in the `[cors]` section of the config. |

 ### UI ([ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui))
 | variable name | default value | description |
 | ------------- | ------------- | ----------- |
 | `gitea_show_user_email` | `false` | Do you want to display email addresses ? (true/false) |
-| `gitea_theme_default` | `gitea` | Default theme |
-| `gitea_themes` | `gitea,arc-green` | List of enabled themes |
+| `gitea_theme_default` | `auto` | Default theme |
+| `gitea_themes` | `auto,gitea,arc-green` | List of enabled themes |
 | `gitea_ui_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[ui]` section of the config. |

+### UI - Meta ([ui.meta](https://docs.gitea.io/en-us/config-cheat-sheet/#ui---metadata-uimeta))
+| variable name | default value | description |
+| ------------- | ------------- | ----------- |
+| `gitea_ui_author` | *(see defaults)* | Author meta tag of the homepage. |
+| `gitea_ui_description` | *(see defaults)* | Description meta tag of the homepage. |
+| `gitea_ui_keywords` | *(see defaults)* | Keywords meta tag of the homepage |
+| `gitea_ui_meta_extra_config` | | you can use this variable to pass additional config parameters in the `[ui.meta]` section of the config. |
+
 ### Server ([server](https://docs.gitea.io/en-us/config-cheat-sheet/#server-server))
 | variable name | default value | description |
 | ------------- | ------------- | ----------- |
@ -93,16 +133,27 @@ Either you define exactly which release you install. Or you use the option ``lat
 | `gitea_root_url` | `http://localhost:3000` | Root URL used to access your web app (full URL) |
 | `gitea_http_listen` | `127.0.0.1` | HTTP listen address |
 | `gitea_http_port` | `3000` | Bind port *(redirect from `80` will be activated if value is `443`)* |
-| `gitea_http_letsencrypt_mail` | `undefined` | Enable Let`s Encrypt if a email address is given |
+
 | `gitea_start_ssh` | `true` | When enabled, use the built-in SSH server. |
 | `gitea_ssh_domain` | `{{ gitea_http_domain ` |  Domain name of this server, used for displayed clone URL |
 | `gitea_ssh_port` | `2222` | SSH port displayed in clone URL. |
 | `gitea_ssh_listen` | `0.0.0.0` | Listen address for the built-in SSH server. |
 | `gitea_offline_mode` | `true` | Disables use of CDN for static files and Gravatar for profile pictures. (true/false) |
+| `gitea_landing_page` | `home` | Landing page for unauthenticated users |
 | `gitea_lfs_server_enabled` | `false` | Enable GIT-LFS Support *(git large file storage: [git-lfs](https://git-lfs.github.com/))*. |
-| `gitea_lfs_content_path` | `{{ gitea_home }}/data/lfs` |  LFS content path. *(if it is on local storage.)* |
-| `gitea_lfs_jwt_secret` | `''` | LFS authentication secret. Can be generated with ``gitea generate secret JWT_SECRET``. Will be autogenerated if not defined |
-| `gitea_server_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[server]` section of the config. |
+| `gitea_lfs_jwt_secret` |  | LFS authentication secret. Can be generated with ``gitea generate secret JWT_SECRET``. Will be autogenerated if not defined |
+| `gitea_redirect_other_port` | `false` | If true and `gitea_protocol` is https, allows redirecting http requests on `gitea_port_to_redirect` to the https port Gitea listens on. |
+| `gitea_port_to_redirect` | `80` | Port for the http redirection service to listen on, if enabled |
+| `gitea_enable_tls_certs` | `false` | Write TLS Cert and Key Path to config file |
+| `gitea_tls_cert_file` | `https/cert.pem` |  Cert file path used for HTTPS. |
+| `gitea_tls_key_file` | `https/key.pem` | Key file path used for HTTPS. |
+| `gitea_enable_acme` | `false` | Flag to enable automatic certificate management via an ACME capable CA Server. *(default is letsencrypt)* |
+| `gitea_acme_url` | | The CA’s ACME directory URL |
+| `gitea_acme_accepttos` | `false` | This is an explicit check that you accept the terms of service of the ACME provider. |
+| `gitea_acme_directory` | `https` | Directory that the certificate manager will use to cache information such as certs and private keys. |
+| `gitea_acme_email` | | Email used for the ACME registration |
+| `gitea_acme_ca_root` | | The CA’s root certificate. If left empty, it defaults to using the system’s trust chain. |
+| `gitea_server_extra_config` |  | you can use this variable to pass additional config parameters in the `[server]` section of the config. |

 ### Database ([database](https://docs.gitea.io/en-us/config-cheat-sheet/#database-database))
 | variable name | default value | description |
@ -121,18 +172,20 @@ Either you define exactly which release you install. Or you use the option ``lat
 | variable name | default value | description |
 | ------------- | ------------- | ----------- |
 | `gitea_repo_indexer_enabled` | `false` | Enables code search *(uses a lot of disk space, about 6 times more than the repository size).* |
-| `gitea_repo_indexer_include` | `''` |Glob patterns to include in the index *(comma-separated list)*. An empty list means include all files. |
-| `gitea_repo_indexer_exclude` | `''` | Glob patterns to exclude from the index (comma-separated list). |
+| `gitea_repo_indexer_include` |  |Glob patterns to include in the index *(comma-separated list)*. An empty list means include all files. |
+| `gitea_repo_indexer_exclude` |  | Glob patterns to exclude from the index (comma-separated list). |
 | `gitea_repo_exclude_vendored` | `true` | Exclude vendored files from index. |
 | `gitea_repo_indexer_max_file_size` | `1048576` | Maximum size in bytes of files to be indexed. |
-| `gitea_indexer_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[indexer]` section of the config. |
+| `gitea_indexer_extra_config` |  | you can use this variable to pass additional config parameters in the `[indexer]` section of the config. |
+| `gitea_queue_issue_indexer_extra_config` | | | you can use this variable to pass additional config parameters in the `[queue.issue_indexer]` section of the config. |

 ### Security ([security](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security))
 | variable name | default value | description |
 | ------------- | ------------- | ----------- |
 | `gitea_secret_key` | `''` | Global secret key. Will be autogenerated if not defined. Should be unique. |
-| `gitea_internal_token` | `''` | Internal API token. Will be autogenerated if not defined. Should be unique. |
 | `gitea_disable_git_hooks` | `true` | Set to false to enable users with git hook privilege to create custom git hooks. Can be dangerous. |
+| `gitea_disable_webhooks`  | `false` | Set to true to disable webhooks feature. |
+| `gitea_internal_token` | `''` | Internal API token. Will be autogenerated if not defined. Should be unique. |
 | `gitea_password_check_pwn` | `false` | Check [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) to see if a password has been exposed. |
 | `gitea_security_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[security]` section of the config. |

@ -154,15 +207,20 @@ Either you define exactly which release you install. Or you use the option ``lat
 | variable name | default value | description |
 | ------------- | ------------- | ----------- |
 | `gitea_mailer_enabled` | `false` | Whether to enable the mailer. |
-| `gitea_mailer_host` | `localhost:25` | SMTP server hostname and port |
-| `gitea_mailer_skip_verify` | `false` | Skip SMTP TLS certificate verification (true/false) |
-| `gitea_mailer_tls_enabled` | `true` | Forcibly use TLS to connect even if not on a default SMTPS port.  |
-| `gitea_mailer_from` | `noreply@{{ gitea_http_domain }}` | Mail from address, RFC 5322. This can be just an email address, or the “Name” <email@example.com> format. |
-| `gitea_mailer_user` | `''` | Username of mailing user *(usually the sender’s e-mail address)*. |
-| `gitea_mailer_password` | `''` | SMTP server password |
-| `gitea_subject_prefix` | `''` | Prefix to be placed before e-mail subject lines |
-| `gitea_mailer_type` | `smtp` |  `[smtp, sendmail, dummy]` |
-| `gitea_mailer_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[mailer]` section of the config. |
+| `gitea_mailer_protocol` | `dummy` |Mail server protocol. One of “smtp”, “smtps”, “smtp+starttls”, “smtp+unix”, “sendmail”, “dummy”.|
+| `gitea_mailer_smtp_addr` | | Mail server address. e.g. smtp.gmail.com. For smtp+unix, this should be a path to a unix socket instead. |
+| `gitea_mailer_smtp_port` | | Mail server port |
+| `gitea_mailer_use_client_cert` | `false` | Use client certificate for TLS/SSL. |
+| `gitea_mailer_client_cert_file` | | Client certificate file. |
+| `gitea_mailer_client_key_file` | | Client key file. |
+| `gitea_mailer_force_trust_server_cert` | `false` | completely ignores server certificate validation errors. This option is unsafe. Consider adding the certificate to the system trust store instead. |
+| `gitea_mailer_user` | | Username of mailing user (usually the sender’s e-mail address). |
+| `gitea_mailer_password ` | |Password of mailing user. Use `your password` for quoting if you use special characters in the password. |
+| `gitea_mailer_enable_helo` | `true` |Enable HELO operation. |
+| `gitea_mailer_from` | `noreply@{{ gitea_http_domain }}` | Mail from address, RFC 5322. |
+| `gitea_subject_prefix` | |Prefix to be placed before e-mail subject lines. |
+| `gitea_mailer_send_as_plaintext` | `false` | Send mails only in plain text, without HTML alternative. |
+| `gitea_mailer_extra_config` | | you can use this variable to pass additional config parameters in the `[mailer]` section of the config. |

 ### Session ([session](https://docs.gitea.io/en-us/config-cheat-sheet/#session-session))
 | variable name | default value | description |
@ -173,7 +231,6 @@ Either you define exactly which release you install. Or you use the option ``lat
 ### Picture ([picture](https://docs.gitea.io/en-us/config-cheat-sheet/#picture-picture))
 | variable name | default value | description |
 | ------------- | ------------- | ----------- |
-| `gitea_disable_gravatar` | `true` | Do you want to disable Gravatar ? (privacy and so on) (true/false) |
 | `gitea_picture_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[picture]` section of the config. |

 ### Issue and pull request attachments ([attachment](https://docs.gitea.io/en-us/config-cheat-sheet/#issue-and-pull-request-attachments-attachment))
@ -187,20 +244,51 @@ Either you define exactly which release you install. Or you use the option ``lat
 | ------------- | ------------- | ----------- |
 | `gitea_log_systemd` | `false` | Disable logging into `file`, use systemd-journald |
 | `gitea_log_level` | `Warn` | General log level. `[Trace, Debug, Info, Warn, Error, Critical, Fatal, None]` |
-| `gitea_log_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[log]` section of the config. |
+| `gitea_log_extra_config` | | you can use this variable to pass additional config parameters in the `[log]` section of the config. |

 ### Metrics ([metrics](https://docs.gitea.io/en-us/config-cheat-sheet/#metrics-metrics))
 | variable name | default value | description |
 | ------------- | ------------- | ----------- |
 | `gitea_metrics_enabled`| `false` | Enable the metrics endpoint |
-| `gitea_metrics_token`| `''` | Bearer token for the Prometheus scrape job |
+| `gitea_metrics_token`| | Bearer token for the Prometheus scrape job |
+| `gitea_metrics_extra` | | you can use this variable to pass additional config parameters in the `[metrics]` section of the config. |

 ### OAuth2 ([oauth2](https://docs.gitea.io/en-us/config-cheat-sheet/#oauth2-oauth2))
 | variable name | default value | description |
 | ------------- | ------------- | ----------- |
 | `gitea_oauth2_enabled` | `true` | Enable the Oauth2 provider (true/false) |
-| `gitea_oauth2_jwt_secret` | `''` | Oauth2 JWT secret. Can be generated with ``gitea generate secret JWT_SECRET``. Will be autogenerated if not defined. |
-| `gitea_oauth2_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[oauth2]` section of the config. |
+| `gitea_oauth2_jwt_secret` |  | Oauth2 JWT secret. Can be generated with ``gitea generate secret JWT_SECRET``. Will be autogenerated if not defined. |
+| `gitea_oauth2_extra_config` |  | you can use this variable to pass additional config parameters in the `[oauth2]` section of the config. |
+
+### Federation ([federation](https://docs.gitea.io/en-us/config-cheat-sheet/#federation-federation))
+| variable name | default value | description |
+| ------------- | ------------- | ----------- |
+| `gitea_federation_enabled` | `false` | Enable/Disable federation capabilities |
+| `gitea_federation_share_user_stats` | `false` | Enable/Disable user statistics for nodeinfo if federation is enabled |
+| `gitea_federation_extra` | | you can use this variable to pass additional config parameters in the `[federation]` section of the config. |
+
+### Packages ([packages](https://docs.gitea.io/en-us/config-cheat-sheet/#packages-packages))
+| variable name | default value | description |
+| ------------- | ------------- | ----------- |
+| `gitea_packages_enabled` | `true` | Enable/Disable package registry capabilities |
+| `gitea_packages_extra` | |you can use this variable to pass additional config parameters in the `[packages]` section of the config. |
+
+### LFS ([lfs](https://docs.gitea.io/en-us/config-cheat-sheet/#lfs-lfs))
+| variable name | default value | description |
+| ------------- | ------------- | ----------- |
+| `gitea_lfs_storage_type` | `local` | Storage type for lfs |
+| `gitea_lfs_serve_direct` | `false` | Allows the storage driver to redirect to authenticated URLs to serve files directly. *(only Minio/S3)* |
+| `gitea_lfs_content_path` | `{{ gitea_home }}/data/lfs` | Where to store LFS files |
+| `gitea_lfs_extra` ||you can use this variable to pass additional config parameters in the `[lfs]` section of the config. |
+
+### Other ([other](https://docs.gitea.io/en-us/config-cheat-sheet/#other-other))
+| variable name | default value | description |
+| ------------- | ------------- | ----------- |
+| `gitea_other_show_footer_branding` | `false` | Show Gitea branding in the footer. |
+| `gitea_other_show_footer_version` | `true` | Show Gitea and Go version information in the footer. |
+| `gitea_other_show_footer_template_load_time` | `true` | Show time of template execution in the footer. |
+| `gitea_other_enable_sitemap` | `true` | Generate sitemap. |
+| `gitea_other_enable_feed` | `true` | Enable/Disable RSS/Atom feed. |

 ### additional gitea config
 | variable name | default value | description |
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -28,22 +28,60 @@ gitea_fqdn: 'localhost'

 # Repository (repository)
 # -> https://docs.gitea.io/en-us/config-cheat-sheet/#repository-repository
-gitea_repository_root: "{{ gitea_home }}/repos"
-gitea_force_private: false
-gitea_user_repo_limit: '-1'
-gitea_disable_http_git: false
 gitea_default_branch: 'main'
 gitea_default_private: 'last'
+gitea_default_repo_units: 'repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects'
+gitea_disabled_repo_units: ''
+gitea_disable_http_git: false
+gitea_disable_stars: false
+gitea_enable_push_create_org: false
+gitea_enable_push_create_user: false
+gitea_force_private: false
+gitea_user_repo_limit: '-1'
+gitea_repository_root: "{{ gitea_home }}/repos"
 gitea_repository_extra_config: ''
 gitea_repository_upload_extra_config: ''

+# Repository - Signing (repository.signing)
+# -> https://docs.gitea.io/en-us/config-cheat-sheet/#repository---signing-repositorysigning
+gitea_enable_repo_signing_options: false
+gitea_repo_signing_key: 'default'
+gitea_repo_signing_name: ''
+gitea_repo_signing_email: ''
+gitea_repo_initial_commit: 'always'
+gitea_repo_default_trust_model: 'collaborator'
+gitea_repo_wiki: 'never'
+gitea_repo_crud_actions: 'pubkey, twofa, parentsigned'
+gitea_repo_merges: ' pubkey, twofa, basesigned, commitssigned'
+gitea_enable_repo_signing_extra: ''
+
+# CORS (cors)
+# -> https://docs.gitea.io/en-us/config-cheat-sheet/#cors-cors
+gitea_enable_cors: false
+gitea_cors_scheme: 'http'
+gitea_cors_allow_domain: '*'
+gitea_cors_allow_subdomain: false
+gitea_cors_methods: 'GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS'
+gitea_cors_max_age: '10m'
+gitea_cors_allow_credentials: false
+gitea_cors_headers: 'Content-Type,User-Agent'
+gitea_cors_x_frame_options: 'SAMEORIGIN'
+gitea_cors_extra: ''
+
 # UI (ui)
 # -> https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui
 gitea_show_user_email: false
-gitea_theme_default: 'gitea'
-gitea_themes: 'gitea,arc-green'
+gitea_theme_default: 'auto'
+gitea_themes: 'auto,gitea,arc-green'
 gitea_ui_extra_config: ''

+# UI - Metadata (ui.meta)
+# -> https://docs.gitea.io/en-us/config-cheat-sheet/#ui---metadata-uimeta
+gitea_ui_author: 'Gitea - Git with a cup of tea'
+gitea_ui_description: 'Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go:'
+gitea_ui_keywords: 'go,git,self-hosted,gitea,forgejo'
+gitea_ui_meta_extra_config: ''
+
 # Server (server)
 # -> https://docs.gitea.io/en-us/config-cheat-sheet/#server-server
 gitea_protocol: 'http'
@ -51,15 +89,25 @@ gitea_http_domain: "{{ gitea_fqdn }}"
 gitea_root_url: "http://{{ gitea_fqdn }}:3000"
 gitea_http_listen: '127.0.0.1'
 gitea_http_port: '3000'
-# gitea_http_letsencrypt_mail: 'mail@example.com'
 gitea_start_ssh: true
 gitea_ssh_domain: "{{ gitea_fqdn }}"
 gitea_ssh_port: '2222'
 gitea_ssh_listen: '0.0.0.0'
 gitea_offline_mode: true
+gitea_landing_page: 'home'
 gitea_lfs_server_enabled: false
-gitea_lfs_content_path: "{{ gitea_home }}/data/lfs"
 gitea_lfs_jwt_secret: ''
+gitea_redirect_other_port: false
+gitea_port_to_redirect: '80'
+gitea_enable_tls_certs: false
+gitea_tls_cert_file: 'https/cert.pem'
+gitea_tls_key_file: 'https/key.pem'
+gitea_enable_acme: false
+gitea_acme_url: ''
+gitea_acme_accepttos: false
+gitea_acme_directory: 'https'
+gitea_acme_email: ''
+gitea_acme_ca_root: ''
 gitea_server_extra_config: ''

 # Database (database)
@ -82,12 +130,14 @@ gitea_repo_indexer_exclude: ''
 gitea_repo_exclude_vendored: true
 gitea_repo_indexer_max_file_size: '1048576'
 gitea_indexer_extra_config: ''
+gitea_queue_issue_indexer_extra_config: ''

 # Security (security)
 # -> https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
 gitea_secret_key: ''
-gitea_internal_token: ''
 gitea_disable_git_hooks: true
+gitea_disable_webhooks: false
+gitea_internal_token: ''
 gitea_password_check_pwn: false
 gitea_security_extra_config: ''

@ -107,14 +157,19 @@ gitea_service_extra_config: ''
 # Mailer [mailer]
 # -> https://docs.gitea.io/en-us/config-cheat-sheet/#mailer-mailer
 gitea_mailer_enabled: false
-gitea_mailer_host: 'localhost:25'
-gitea_mailer_skip_verify: false
-gitea_mailer_tls_enabled: true
-gitea_mailer_from: "noreply@{{ gitea_http_domain }}"
+gitea_mailer_protocol: 'dummy'
+gitea_mailer_smtp_addr: ''
+gitea_mailer_smtp_port: ''
+gitea_mailer_use_client_cert: false
+gitea_mailer_client_cert_file: ''
+gitea_mailer_client_key_file: ''
+gitea_mailer_force_trust_server_cert: false
 gitea_mailer_user: ''
 gitea_mailer_password: ''
+gitea_mailer_enable_helo: true
+gitea_mailer_from: "noreply@{{ gitea_http_domain }}"
 gitea_subject_prefix: ''
-gitea_mailer_type: smtp
+gitea_mailer_send_as_plaintext: false
 gitea_mailer_extra_config: ''

 # Session (session)
@ -123,27 +178,58 @@ gitea_session_provider: 'file'
 gitea_session_extra_config: ''

 # Picture (picture)
-gitea_disable_gravatar: true
+# -> https://docs.gitea.io/en-us/config-cheat-sheet/#picture-picture
 gitea_picture_extra_config: ''

 # Issue and pull request attachments (attachment)
+# -> https://docs.gitea.io/en-us/config-cheat-sheet/#issue-and-pull-request-attachments-attachment
 gitea_attachment_enabled: true
 gitea_attachment_extra_config: ''

 # Log (log)
+# -> https://docs.gitea.io/en-us/config-cheat-sheet/#log-log
 gitea_log_systemd: false
 gitea_log_level: 'Warn'
 gitea_log_extra_config: ''

 # Metrics (metrics)
+# -> https://docs.gitea.io/en-us/config-cheat-sheet/#metrics-metrics
 gitea_metrics_enabled: false
 gitea_metrics_token: ''
+gitea_metrics_extra: ''

 # OAuth2 (oauth2)
+# -> https://docs.gitea.io/en-us/config-cheat-sheet/#oauth2-oauth2
 gitea_oauth2_enabled: true
 gitea_oauth2_jwt_secret: ''
 gitea_oauth2_extra_config: ''

+# Federation (federation)
+# -> https://docs.gitea.io/en-us/config-cheat-sheet/#federation-federation
+gitea_federation_enabled: false
+gitea_federation_share_user_stats: false
+gitea_federation_extra: ''
+
+# Packages (packages)
+# -> https://docs.gitea.io/en-us/config-cheat-sheet/#packages-packages
+gitea_packages_enabled: true
+gitea_packages_extra: ''
+
+# LFS (lfs)
+# -> https://docs.gitea.io/en-us/config-cheat-sheet/#lfs-lfs
+gitea_lfs_storage_type: 'local'
+gitea_lfs_serve_direct: false
+gitea_lfs_content_path: "{{ gitea_home }}/data/lfs"
+gitea_lfs_extra: ''
+
+# Other (other)
+# -> https://docs.gitea.io/en-us/config-cheat-sheet/#other-other
+gitea_other_show_footer_branding: false
+gitea_other_show_footer_version: true
+gitea_other_show_footer_template_load_time: true
+gitea_other_enable_sitemap: true
+gitea_other_enable_feed: true
+
 # additional gitea config
 gitea_extra_config: ""

--- a/templates/gitea.ini.j2
+++ b/templates/gitea.ini.j2
@ -13,19 +13,57 @@ RUN_MODE = {{ gitea_run_mode }}
 ;
 ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#repository-repository
 [repository]
-ROOT                = {{ gitea_repository_root }}
-FORCE_PRIVATE       = {{ gitea_force_private | ternary('true', 'false') }}
-MAX_CREATION_LIMIT  = {{ gitea_user_repo_limit }}
-DISABLE_HTTP_GIT    = {{ gitea_disable_http_git | ternary('true', 'false') }}
-DEFAULT_BRANCH      = {{ gitea_default_branch }}
-DEFAULT_PRIVATE     = {{ gitea_default_private }}
+DEFAULT_BRANCH          = {{ gitea_default_branch }}
+DEFAULT_PRIVATE         = {{ gitea_default_private }}
+DEFAULT_REPO_UNITS      = {{ gitea_default_repo_units }}
+DISABLED_REPO_UNITS     = {{ gitea_disabled_repo_units }}
+DISABLE_HTTP_GIT        = {{ gitea_disable_http_git | ternary('true', 'false') }}
+DISABLE_STARS           = {{ gitea_disable_stars | ternary('true', 'false') }}
+ENABLE_PUSH_CREATE_ORG  = {{ gitea_enable_push_create_org | ternary('true', 'false') }}
+ENABLE_PUSH_CREATE_USER = {{ gitea_enable_push_create_user | ternary('true', 'false') }}
+FORCE_PRIVATE           = {{ gitea_force_private | ternary('true', 'false') }}
+MAX_CREATION_LIMIT      = {{ gitea_user_repo_limit }}
+ROOT                    = {{ gitea_repository_root }}
 {{ gitea_repository_extra_config }}
 ;
+;
 [repository.upload]
 TEMP_PATH           = {{ gitea_home }}/data/tmp/uploads
 {{ gitea_repository_upload_extra_config }}
 ;
 ;
+{% if gitea_enable_repo_signing_options | bool %}
+; -> https://docs.gitea.io/en-us/config-cheat-sheet/#repository---signing-repositorysigning
+[repository.signing]
+SIGNING_KEY         = {{ gitea_repo_signing_key }}
+SIGNING_NAME        = {{ gitea_repo_signing_name }}
+SIGNING_EMAIL       = {{ gitea_repo_signing_email }}
+INITIAL_COMMIT      = {{ gitea_repo_initial_commit }}
+DEFAULT_TRUST_MODEL = {{ gitea_repo_default_trust_model }}
+WIKI                = {{ gitea_repo_wiki }}
+CRUD_ACTIONS        = {{ gitea_repo_crud_actions }}
+MERGES              = {{ gitea_repo_merges }}
+{{ gitea_enable_repo_signing_extra }}
+;
+{% endif %}
+;
+{% if gitea_enable_cors | bool %}
+;
+; -> https://docs.gitea.io/en-us/config-cheat-sheet/#cors-cors
+[cors]
+ENABLED = {{ gitea_enable_cors | ternary('true', 'false') }}
+SCHEME  = {{ gitea_cors_scheme }}
+ALLOW_DOMAIN = {{ gitea_cors_allow_domain }}
+ALLOW_SUBDOMAIN   = {{ gitea_cors_allow_subdomain | ternary('true', 'false') }}
+METHODS           = {{ gitea_cors_methods }}
+MAX_AGE           = {{ gitea_cors_max_age }}
+ALLOW_CREDENTIALS = {{ gitea_cors_allow_credentials | ternary('true', 'false') }}
+HEADERS           = {{ gitea_cors_headers }}
+X_FRAME_OPTIONS   = {{ gitea_cors_x_frame_options }}
+{{ gitea_cors_extra }}
+;
+{% endif %}
+;
 ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui
 [ui]
 SHOW_USER_EMAIL = {{ gitea_show_user_email | ternary('true', 'false') }}
@ -34,6 +72,14 @@ THEMES          = {{ gitea_themes }}
 {{ gitea_ui_extra_config }}
 ;
 ;
+;
+[ui.meta]
+AUTHOR      = {{ gitea_ui_author }}
+DESCRIPTION = {{ gitea_ui_description }}
+KEYWORDS    = {{ gitea_ui_keywords }}
+{{ gitea_ui_meta_extra_config }}
+;
+;
 ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#server-server
 [server]
 PROTOCOL              = {{ gitea_protocol }}
@ -41,25 +87,33 @@ DOMAIN                = {{ gitea_http_domain }}
 ROOT_URL              = {{ gitea_root_url }}
 HTTP_ADDR             = {{ gitea_http_listen }}
 HTTP_PORT             = {{ gitea_http_port }}
-{% if gitea_http_port == 443 %}
-PORT_TO_REDIRECT      = 80
-{% endif %}
-{% if gitea_http_letsencrypt_mail is defined %}
-ENABLE_LETSENCRYPT    = true
-LETSENCRYPT_ACCEPTTOS = true
-LETSENCRYPT_EMAIL     = {{ gitea_http_letsencrypt_mail }}
-{% endif %}
 START_SSH_SERVER      = {{ gitea_start_ssh | ternary('true', 'false') }}
 SSH_DOMAIN            = {{ gitea_ssh_domain }}
 SSH_PORT              = {{ gitea_ssh_port }}
 SSH_LISTEN_HOST       = {{ gitea_ssh_listen }}
 OFFLINE_MODE          = {{ gitea_offline_mode | ternary('true', 'false') }}
 APP_DATA_PATH         = {{ gitea_home }}/data
+LANDING_PAGE          = {{ gitea_landing_page }}
 {% if gitea_lfs_server_enabled | bool -%}
 LFS_START_SERVER      = true
-LFS_CONTENT_PATH      = {{ gitea_lfs_content_path }}
 LFS_JWT_SECRET        = {{ gitea_lfs_jwt_secret }}
 {% endif %}
+REDIRECT_OTHER_PORT   = {{ gitea_redirect_other_port | ternary('true', 'false') }}
+PORT_TO_REDIRECT      = {{ gitea_port_to_redirect }}
+{% if gitea_enable_tls_certs | bool %}
+CERT_FILE             = {{ gitea_tls_cert_file }}
+KEY_FILE              = {{ gitea_tls_key_file }}
+{% endif %}
+ENABLE_ACME           = {{ gitea_enable_acme | ternary('true', 'false') }}
+{% if gitea_enable_acme | bool %}
+{% if gitea_acme_url != '' %}
+ACME_URL              = {{ gitea_acme_url }}
+{% endif %}
+ACME_ACCEPTTOS        = {{ gitea_acme_accepttos | ternary('true', 'false') }}
+ACME_DIRECTORY        = {{ gitea_acme_directory }}
+ACME_EMAIL            = {{ gitea_acme_email }}
+ACME_CA_ROOT          = {{ gitea_acme_ca_root }}
+{% endif %}
 {{ gitea_server_extra_config }}
 ;
 ;
@ -79,7 +133,6 @@ LOG_SQL  = {{ gitea_db_log_sql | ternary('true', 'false') }}
 ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#indexer-indexer
 [indexer]
 ISSUE_INDEXER_PATH            = {{ gitea_home }}/indexers/issues.bleve
-ISSUE_INDEXER_QUEUE_DIR       = {{ gitea_home }}/indexers/issues.queue
 REPO_INDEXER_ENABLED          = {{ gitea_repo_indexer_enabled | ternary('true', 'false') }}
 REPO_INDEXER_PATH             = {{ gitea_home }}/indexers/repos.bleve
 REPO_INDEXER_INCLUDE          = {{ gitea_repo_indexer_include }}
@ -89,12 +142,20 @@ MAX_FILE_SIZE                 = {{ gitea_repo_indexer_max_file_size }}
 {{ gitea_indexer_extra_config }}
 ;
 ;
+; Queue (queue and queue.*)
+; -> https://docs.gitea.io/en-us/config-cheat-sheet/#queue-queue-and-queue
+[queue.issue_indexer]
+DATADIR = {{ gitea_home }}/indexers/issues.queue
+{{ gitea_queue_issue_indexer_extra_config }}
+;
+;
 ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
 [security]
 INSTALL_LOCK        = true
 SECRET_KEY          = {{ gitea_secret_key }}
-INTERNAL_TOKEN      = {{ gitea_internal_token }}
 DISABLE_GIT_HOOKS   = {{ gitea_disable_git_hooks | ternary('true', 'false') }}
+DISABLE_WEBHOOKS    = { gitea_disable_webhooks | ternary('true', 'false') }
+INTERNAL_TOKEN      = {{ gitea_internal_token }}
 PASSWORD_CHECK_PWN  = {{ gitea_password_check_pwn | ternary('true', 'false') }}
 {{ gitea_security_extra_config }}
 ;
@ -115,17 +176,27 @@ AUTO_WATCH_NEW_REPOS              = {{ gitea_auto_watch_new_repos | ternary('tru
 ;
 ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#mailer-mailer
 [mailer]
-ENABLED            = {{ gitea_mailer_enabled | ternary('true', 'false') }}
-HOST               = {{ gitea_mailer_host }}
-SKIP_VERIFY        = {{ gitea_mailer_skip_verify | ternary('true', 'false') }}
-IS_TLS_ENABLED     = {{ gitea_mailer_tls_enabled | ternary('true', 'false') }}
-FROM               = {{ gitea_mailer_from }}
-USER               = {{ gitea_mailer_user }}
-PASSWD             = `{{ gitea_mailer_password }}`
-SUBJECT_PREFIX     = {{ gitea_subject_prefix }}
-MAILER_TYPE        = {{ gitea_mailer_type }}
+ENABLED                 = {{ gitea_mailer_enabled | ternary('true', 'false') }}
+{% if gitea_mailer_enabled | bool %}
+PROTOCOL                = {{ gitea_mailer_protocol }}
+SMTP_ADDR               = {{ gitea_mailer_smtp_addr }}
+SMTP_PORT               = {{ gitea_mailer_smtp_port }}
+USE_CLIENT_CERT         = {{ gitea_mailer_use_client_cert | ternary('true', 'false') }}
+{% if gitea_mailer_use_client_cert | bool %}
+CLIENT_CERT_FILE        = {{ gitea_mailer_client_cert_file }}
+CLIENT_KEY_FILE         = {{ gitea_mailer_client_key_file }}
+{% endif %}
+FORCE_TRUST_SERVER_CERT = {{ gitea_mailer_force_trust_server_cert | ternary('true', 'false') }}
+USER                    = {{ gitea_mailer_user }}
+PASSWD                  = `{{ gitea_mailer_password }}`
+ENABLE_HELO             = {{ gitea_mailer_enable_helo | ternary('true', 'false') }}
+FROM                    = {{ gitea_mailer_from }}
+SUBJECT_PREFIX          = {{ gitea_subject_prefix }}
+SEND_AS_PLAIN_TEXT      = {{ gitea_mailer_send_as_plaintext | ternary('true', 'false') }}
 {{ gitea_mailer_extra_config }}
 ;
+{% endif %}
+;
 ;
 ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#session-session
 [session]
@ -137,7 +208,6 @@ PROVIDER_CONFIG = {{ gitea_home }}/data/sessions
 ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#picture-picture
 [picture]
 AVATAR_UPLOAD_PATH = {{ gitea_home }}/data/avatars
-DISABLE_GRAVATAR   = {{ gitea_disable_gravatar | ternary('true', 'false') }}
 {{ gitea_picture_extra_config }}
 ;
 ;
@ -164,14 +234,53 @@ LEVEL      = {{ gitea_log_level }}
 [metrics]
 ENABLED = {{ gitea_metrics_enabled | ternary('true', 'false') }}
 TOKEN   = {{ gitea_metrics_token }}
+{{ gitea_metrics_extra }}
 ;
 ;
-; https://docs.gitea.io/en-us/config-cheat-sheet/#oauth2-oauth2
+; -> https://docs.gitea.io/en-us/config-cheat-sheet/#oauth2-oauth2
 [oauth2]
 ENABLE     = {{ gitea_oauth2_enabled | ternary('true', 'false') }}
 JWT_SECRET = {{ gitea_oauth2_jwt_secret }}
 {{ gitea_oauth2_extra_config }}
 ;
 ;
+; -> https://docs.gitea.io/en-us/config-cheat-sheet/#federation-federation
+[federation]
+ENABLED               = {{ gitea_federation_enabled | ternary('true', 'false') }}
+SHARE_USER_STATISTICS = {{ gitea_federation_share_user_stats | ternary('true', 'false') }}
+{{ gitea_federation_extra }}
+;
+;
+; Packages (packages)
+; -> https://docs.gitea.io/en-us/config-cheat-sheet/#packages-packages
+[packages]
+ENABLED             = {{ gitea_packages_enabled | ternary('true', 'false') }}
+{% if gitea_packages_enabled | bool %}
+CHUNKED_UPLOAD_PATH = {{ gitea_home }}/data/tmp/package-upload
+{{ gitea_packages_extra }}
+{% endif %}
+;
+;
+{% if gitea_lfs_server_enabled | bool %}
+; -> https://docs.gitea.io/en-us/config-cheat-sheet/#lfs-lfs
+[lfs]
+STORAGE_TYPE  = {{ gitea_lfs_storage_type }}
+SERVE_DIRECT  = {{ gitea_lfs_serve_direct | ternary('true', 'false') }}
+PATH          = {{ gitea_lfs_content_path }}
+{{ gitea_lfs_extra }}
+{% endif %}
+;
+;
+; Other (other)
+; -> https://docs.gitea.io/en-us/config-cheat-sheet/#other-other
+[other]
+SHOW_FOOTER_BRANDING           = {{ gitea_other_show_footer_branding | ternary('true', 'false') }}
+SHOW_FOOTER_VERSION            = {{ gitea_other_show_footer_version | ternary('true', 'false') }}
+SHOW_FOOTER_TEMPLATE_LOAD_TIME = {{ gitea_other_show_footer_template_load_time | ternary('true', 'false') }}
+ENABLE_SITEMAP                 = {{ gitea_other_enable_sitemap | ternary('true', 'false') }}
+ENABLE_FEED                    = {{ gitea_other_enable_feed | ternary('true', 'false') }}
+;
+;
+;
 ; Optional additional config
 {{ gitea_extra_config }}
--- a/vars/main.yml
+++ b/vars/main.yml
@ -56,5 +56,5 @@ transfer_custom_footer:
    - 'files/gitea_footer/extra_links_footer.tmpl'
    - 'files/extra_links_footer.tmpl'

-playbook_version_number: 39  # should be int
+playbook_version_number: 40  # should be int
 playbook_version_path: 'do1jlr.gitea.version'