mirror of
https://github.com/roles-ansible/ansible_role_gitea.git
synced 2024-08-16 11:39:50 +02:00
add default "gitea_group: gitea" (#71)
* delete trailing whitespace * Add gitea_group This will add the `gitea_group: gitea` and will probably RESOLVE https://github.com/thomas-maurice/ansible-role-gitea/issues/70 * update variable length update variable length to make this role idempotent * vars should not include special character
This commit is contained in:
parent
cde4a964d5
commit
67afb71160
7 changed files with 36 additions and 10 deletions
2
.github/workflows/ansible-linting-check.yml
vendored
2
.github/workflows/ansible-linting-check.yml
vendored
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
name: Ansible Lint check
|
||||
|
||||
# yamllint disable-line rule:truthy
|
||||
on: [push, pull_request]
|
||||
|
||||
jobs:
|
||||
|
@ -9,7 +10,6 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Lint Ansible Playbook
|
||||
|
|
|
@ -58,6 +58,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
|
|||
|
||||
* `gitea_version_check`: Check if installed version != `gitea_version` before initiating binary download
|
||||
* `gitea_user`: UNIX user used by Gitea
|
||||
* `gitea_group`: UNIX group used by Gitea
|
||||
* `gitea_home`: Base directory to work
|
||||
* `gitea_dl_url`: The URL, the compiled gitea-binary will be downloaded from
|
||||
* `gitea_systemd_cap_net_bind_service`: Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file
|
||||
|
@ -127,7 +128,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
|
|||
|
||||
* `gitea_lfs_enabled`: Enable GIT LFS *(git large file storeage: [git-lfs](https://git-lfs.github.com/))*. Default: `false`
|
||||
* `gitea_lfs_content_path`: path where the lfs files are stored
|
||||
* `gitea_lfs_secret`: JWT secret for remote LFS usage
|
||||
* `gitea_lfs_secret`: JWT secret for remote LFS usage, has to be exactly 43 characters long
|
||||
|
||||
|
||||
### Fail2Ban configuration
|
||||
|
@ -145,7 +146,7 @@ As this will only deploy config files, fail2ban already has to be installed or o
|
|||
### Oauth2 provider configuration
|
||||
|
||||
* `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false)
|
||||
* `gitea_oauth2_jwt_secret`: JWT secret, cannot be longer than 32 characters
|
||||
* `gitea_oauth2_jwt_secret`: JWT secret, has to be exactly 43 characters long
|
||||
|
||||
|
||||
### Metrics endpoint configuration
|
||||
|
|
|
@ -5,6 +5,7 @@ gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_ver
|
|||
|
||||
gitea_app_name: "Gitea"
|
||||
gitea_user: "gitea"
|
||||
gitea_group: "gitea"
|
||||
gitea_home: "/var/lib/gitea"
|
||||
gitea_shell: "/bin/false"
|
||||
gitea_systemd_cap_net_bind_service: false
|
||||
|
@ -22,7 +23,7 @@ gitea_offline_mode: true
|
|||
|
||||
gitea_lfs_server_enabled: false
|
||||
gitea_lfs_content_path: "{{ gitea_home }}/data/lfs"
|
||||
gitea_lfs_jwt_secret: LongUniqueS3cret_
|
||||
gitea_lfs_jwt_secret: 'ChangeMe1GGm26cTz5jsH9S3Df4MPzBx599wLCdKwmw'
|
||||
|
||||
gitea_db_type: sqlite3
|
||||
gitea_db_host: 127.0.0.0:3306
|
||||
|
@ -68,7 +69,7 @@ gitea_fail2ban_jail_bantime: 900
|
|||
gitea_fail2ban_jail_action: iptables-allports
|
||||
|
||||
gitea_oauth2_enabled: true
|
||||
gitea_oauth2_jwt_secret: ChangeMe
|
||||
gitea_oauth2_jwt_secret: PLZChangeThisToAFourtyThreeCharacterString1
|
||||
|
||||
gitea_metrics_enabled: false
|
||||
gitea_metrics_token: ~
|
||||
|
|
|
@ -1,7 +1,14 @@
|
|||
---
|
||||
- name: run checks to ensure set variables do not crash gitea
|
||||
- name: run checks to ensure gitea_oauth2_jwt_secret do not crash gitea and is idempotent
|
||||
block:
|
||||
- name: "check token length"
|
||||
fail:
|
||||
msg: 'gitea_oauth2_jwt_secret cannot be longer than 32 characters.'
|
||||
when: gitea_oauth2_jwt_secret | length > 32
|
||||
msg: 'gitea_oauth2_jwt_secret has to be 43 characters long. It is currently {{ gitea_oauth2_jwt_secret | length }} long.'
|
||||
when: gitea_oauth2_jwt_secret | length != 43
|
||||
|
||||
- name: run checks to ensure gitea_lfs_jwt_secret do not crash gitea and is idempotent
|
||||
block:
|
||||
- name: "check token length"
|
||||
fail:
|
||||
msg: 'gitea_lfs_jwt_secret has to be 43 characters long. It is currently {{ gitea_lfs_jwt_secret | length }} long.'
|
||||
when: gitea_lfs_jwt_secret | length != 43
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
---
|
||||
- name: "Create Gitea Group"
|
||||
group:
|
||||
name: "{{ gitea_group }}"
|
||||
state: present
|
||||
|
||||
- name: "Create Gitea user"
|
||||
user:
|
||||
name: "{{ gitea_user }}"
|
||||
|
|
|
@ -24,15 +24,25 @@
|
|||
|
||||
- include: create_user.yml
|
||||
|
||||
- name: "Create config and data directory"
|
||||
- name: "Create config directory"
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ gitea_user }}"
|
||||
group: "{{ gitea_group }}"
|
||||
mode: '0755'
|
||||
with_items:
|
||||
- "/etc/gitea"
|
||||
|
||||
- name: "Create data directory"
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ gitea_user }}"
|
||||
group: "{{ gitea_group }}"
|
||||
mode: '0755'
|
||||
recurse: true
|
||||
with_items:
|
||||
- "/etc/gitea"
|
||||
- "{{ gitea_home }}"
|
||||
- "{{ gitea_home }}/data"
|
||||
- "{{ gitea_home }}/custom"
|
||||
|
@ -54,6 +64,7 @@
|
|||
src: gitea.ini.j2
|
||||
dest: /etc/gitea/gitea.ini
|
||||
owner: "{{ gitea_user }}"
|
||||
group: "{{ gitea_group }}"
|
||||
mode: 0600
|
||||
notify: "Restart gitea"
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@ After=network.target
|
|||
|
||||
[Service]
|
||||
User={{ gitea_user }}
|
||||
Group={{ gitea_group }}
|
||||
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/gitea.ini
|
||||
Restart=on-failure
|
||||
WorkingDirectory={{ gitea_home }}
|
||||
|
|
Loading…
Reference in a new issue