mirror of
https://github.com/roles-ansible/ansible_role_gitea.git
synced 2024-08-16 11:39:50 +02:00
add default "gitea_group: gitea" (#71)
* delete trailing whitespace * Add gitea_group This will add the `gitea_group: gitea` and will probably RESOLVE https://github.com/thomas-maurice/ansible-role-gitea/issues/70 * update variable length update variable length to make this role idempotent * vars should not include special character
This commit is contained in:
parent
cde4a964d5
commit
67afb71160
7 changed files with 36 additions and 10 deletions
2
.github/workflows/ansible-linting-check.yml
vendored
2
.github/workflows/ansible-linting-check.yml
vendored
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
name: Ansible Lint check
|
name: Ansible Lint check
|
||||||
|
|
||||||
|
# yamllint disable-line rule:truthy
|
||||||
on: [push, pull_request]
|
on: [push, pull_request]
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
@ -9,7 +10,6 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: Lint Ansible Playbook
|
- name: Lint Ansible Playbook
|
||||||
|
|
|
@ -58,6 +58,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
|
||||||
|
|
||||||
* `gitea_version_check`: Check if installed version != `gitea_version` before initiating binary download
|
* `gitea_version_check`: Check if installed version != `gitea_version` before initiating binary download
|
||||||
* `gitea_user`: UNIX user used by Gitea
|
* `gitea_user`: UNIX user used by Gitea
|
||||||
|
* `gitea_group`: UNIX group used by Gitea
|
||||||
* `gitea_home`: Base directory to work
|
* `gitea_home`: Base directory to work
|
||||||
* `gitea_dl_url`: The URL, the compiled gitea-binary will be downloaded from
|
* `gitea_dl_url`: The URL, the compiled gitea-binary will be downloaded from
|
||||||
* `gitea_systemd_cap_net_bind_service`: Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file
|
* `gitea_systemd_cap_net_bind_service`: Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file
|
||||||
|
@ -127,7 +128,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
|
||||||
|
|
||||||
* `gitea_lfs_enabled`: Enable GIT LFS *(git large file storeage: [git-lfs](https://git-lfs.github.com/))*. Default: `false`
|
* `gitea_lfs_enabled`: Enable GIT LFS *(git large file storeage: [git-lfs](https://git-lfs.github.com/))*. Default: `false`
|
||||||
* `gitea_lfs_content_path`: path where the lfs files are stored
|
* `gitea_lfs_content_path`: path where the lfs files are stored
|
||||||
* `gitea_lfs_secret`: JWT secret for remote LFS usage
|
* `gitea_lfs_secret`: JWT secret for remote LFS usage, has to be exactly 43 characters long
|
||||||
|
|
||||||
|
|
||||||
### Fail2Ban configuration
|
### Fail2Ban configuration
|
||||||
|
@ -145,7 +146,7 @@ As this will only deploy config files, fail2ban already has to be installed or o
|
||||||
### Oauth2 provider configuration
|
### Oauth2 provider configuration
|
||||||
|
|
||||||
* `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false)
|
* `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false)
|
||||||
* `gitea_oauth2_jwt_secret`: JWT secret, cannot be longer than 32 characters
|
* `gitea_oauth2_jwt_secret`: JWT secret, has to be exactly 43 characters long
|
||||||
|
|
||||||
|
|
||||||
### Metrics endpoint configuration
|
### Metrics endpoint configuration
|
||||||
|
|
|
@ -5,6 +5,7 @@ gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_ver
|
||||||
|
|
||||||
gitea_app_name: "Gitea"
|
gitea_app_name: "Gitea"
|
||||||
gitea_user: "gitea"
|
gitea_user: "gitea"
|
||||||
|
gitea_group: "gitea"
|
||||||
gitea_home: "/var/lib/gitea"
|
gitea_home: "/var/lib/gitea"
|
||||||
gitea_shell: "/bin/false"
|
gitea_shell: "/bin/false"
|
||||||
gitea_systemd_cap_net_bind_service: false
|
gitea_systemd_cap_net_bind_service: false
|
||||||
|
@ -22,7 +23,7 @@ gitea_offline_mode: true
|
||||||
|
|
||||||
gitea_lfs_server_enabled: false
|
gitea_lfs_server_enabled: false
|
||||||
gitea_lfs_content_path: "{{ gitea_home }}/data/lfs"
|
gitea_lfs_content_path: "{{ gitea_home }}/data/lfs"
|
||||||
gitea_lfs_jwt_secret: LongUniqueS3cret_
|
gitea_lfs_jwt_secret: 'ChangeMe1GGm26cTz5jsH9S3Df4MPzBx599wLCdKwmw'
|
||||||
|
|
||||||
gitea_db_type: sqlite3
|
gitea_db_type: sqlite3
|
||||||
gitea_db_host: 127.0.0.0:3306
|
gitea_db_host: 127.0.0.0:3306
|
||||||
|
@ -68,7 +69,7 @@ gitea_fail2ban_jail_bantime: 900
|
||||||
gitea_fail2ban_jail_action: iptables-allports
|
gitea_fail2ban_jail_action: iptables-allports
|
||||||
|
|
||||||
gitea_oauth2_enabled: true
|
gitea_oauth2_enabled: true
|
||||||
gitea_oauth2_jwt_secret: ChangeMe
|
gitea_oauth2_jwt_secret: PLZChangeThisToAFourtyThreeCharacterString1
|
||||||
|
|
||||||
gitea_metrics_enabled: false
|
gitea_metrics_enabled: false
|
||||||
gitea_metrics_token: ~
|
gitea_metrics_token: ~
|
||||||
|
|
|
@ -1,7 +1,14 @@
|
||||||
---
|
---
|
||||||
- name: run checks to ensure set variables do not crash gitea
|
- name: run checks to ensure gitea_oauth2_jwt_secret do not crash gitea and is idempotent
|
||||||
block:
|
block:
|
||||||
- name: "check token length"
|
- name: "check token length"
|
||||||
fail:
|
fail:
|
||||||
msg: 'gitea_oauth2_jwt_secret cannot be longer than 32 characters.'
|
msg: 'gitea_oauth2_jwt_secret has to be 43 characters long. It is currently {{ gitea_oauth2_jwt_secret | length }} long.'
|
||||||
when: gitea_oauth2_jwt_secret | length > 32
|
when: gitea_oauth2_jwt_secret | length != 43
|
||||||
|
|
||||||
|
- name: run checks to ensure gitea_lfs_jwt_secret do not crash gitea and is idempotent
|
||||||
|
block:
|
||||||
|
- name: "check token length"
|
||||||
|
fail:
|
||||||
|
msg: 'gitea_lfs_jwt_secret has to be 43 characters long. It is currently {{ gitea_lfs_jwt_secret | length }} long.'
|
||||||
|
when: gitea_lfs_jwt_secret | length != 43
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
---
|
---
|
||||||
|
- name: "Create Gitea Group"
|
||||||
|
group:
|
||||||
|
name: "{{ gitea_group }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
- name: "Create Gitea user"
|
- name: "Create Gitea user"
|
||||||
user:
|
user:
|
||||||
name: "{{ gitea_user }}"
|
name: "{{ gitea_user }}"
|
||||||
|
|
|
@ -24,15 +24,25 @@
|
||||||
|
|
||||||
- include: create_user.yml
|
- include: create_user.yml
|
||||||
|
|
||||||
- name: "Create config and data directory"
|
- name: "Create config directory"
|
||||||
file:
|
file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ gitea_user }}"
|
owner: "{{ gitea_user }}"
|
||||||
|
group: "{{ gitea_group }}"
|
||||||
|
mode: '0755'
|
||||||
|
with_items:
|
||||||
|
- "/etc/gitea"
|
||||||
|
|
||||||
|
- name: "Create data directory"
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ gitea_user }}"
|
||||||
|
group: "{{ gitea_group }}"
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
recurse: true
|
recurse: true
|
||||||
with_items:
|
with_items:
|
||||||
- "/etc/gitea"
|
|
||||||
- "{{ gitea_home }}"
|
- "{{ gitea_home }}"
|
||||||
- "{{ gitea_home }}/data"
|
- "{{ gitea_home }}/data"
|
||||||
- "{{ gitea_home }}/custom"
|
- "{{ gitea_home }}/custom"
|
||||||
|
@ -54,6 +64,7 @@
|
||||||
src: gitea.ini.j2
|
src: gitea.ini.j2
|
||||||
dest: /etc/gitea/gitea.ini
|
dest: /etc/gitea/gitea.ini
|
||||||
owner: "{{ gitea_user }}"
|
owner: "{{ gitea_user }}"
|
||||||
|
group: "{{ gitea_group }}"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
notify: "Restart gitea"
|
notify: "Restart gitea"
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ After=network.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
User={{ gitea_user }}
|
User={{ gitea_user }}
|
||||||
|
Group={{ gitea_group }}
|
||||||
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/gitea.ini
|
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/gitea.ini
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
WorkingDirectory={{ gitea_home }}
|
WorkingDirectory={{ gitea_home }}
|
||||||
|
|
Loading…
Reference in a new issue