From a1c047b341e59b2dbbaec19685c0b4f8af827f75 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Thu, 26 Jan 2023 01:01:54 +0100
Subject: [PATCH] CHANGING - update acme variables

updated server variables and most important replaced letsencrypt with acme.
---
 README.md              | 15 +++++++++++++--
 defaults/main.yml      | 14 ++++++++++++--
 templates/gitea.ini.j2 | 30 +++++++++++++++++++-----------
 3 files changed, 44 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index b8e1169..5579f49 100644
--- a/README.md
+++ b/README.md
@@ -133,15 +133,26 @@ Either you define exactly which release you install. Or you use the option ``lat
 | `gitea_root_url` | `http://localhost:3000` | Root URL used to access your web app (full URL) |
 | `gitea_http_listen` | `127.0.0.1` | HTTP listen address |
 | `gitea_http_port` | `3000` | Bind port *(redirect from `80` will be activated if value is `443`)* |
-| `gitea_http_letsencrypt_mail` | `undefined` | Enable Let`s Encrypt if a email address is given |
+
 | `gitea_start_ssh` | `true` | When enabled, use the built-in SSH server. |
 | `gitea_ssh_domain` | `{{ gitea_http_domain ` |  Domain name of this server, used for displayed clone URL |
 | `gitea_ssh_port` | `2222` | SSH port displayed in clone URL. |
 | `gitea_ssh_listen` | `0.0.0.0` | Listen address for the built-in SSH server. |
 | `gitea_offline_mode` | `true` | Disables use of CDN for static files and Gravatar for profile pictures. (true/false) |
+| `gitea_landing_page` | `home` | Landing page for unauthenticated users |
 | `gitea_lfs_server_enabled` | `false` | Enable GIT-LFS Support *(git large file storage: [git-lfs](https://git-lfs.github.com/))*. |
-| `gitea_lfs_content_path` | `{{ gitea_home }}/data/lfs` |  LFS content path. *(if it is on local storage.)* |
 | `gitea_lfs_jwt_secret` |  | LFS authentication secret. Can be generated with ``gitea generate secret JWT_SECRET``. Will be autogenerated if not defined |
+| `gitea_redirect_other_port` | `false` | If true and `gitea_protocol` is https, allows redirecting http requests on `gitea_port_to_redirect` to the https port Gitea listens on. |
+| `gitea_port_to_redirect` | `80` | Port for the http redirection service to listen on, if enabled |
+| `gitea_enable_tls_certs` | `false` | Write TLS Cert and Key Path to config file |
+| `gitea_tls_cert_file` | `https/cert.pem` |  Cert file path used for HTTPS. |
+| `gitea_tls_key_file` | `https/key.pem` | Key file path used for HTTPS. |
+| `gitea_enable_acme` | `false` | Flag to enable automatic certificate management via an ACME capable CA Server. *(default is letsencrypt)* |
+| `gitea_acme_url` | | The CA’s ACME directory URL |
+| `gitea_acme_accepttos` | `false` | This is an explicit check that you accept the terms of service of the ACME provider. |
+| `gitea_acme_directory` | `https` | Directory that the certificate manager will use to cache information such as certs and private keys. |
+| `gitea_acme_email` | | Email used for the ACME registration |
+| `gitea_acme_ca_root` | | The CA’s root certificate. If left empty, it defaults to using the system’s trust chain. |
 | `gitea_server_extra_config` |  | you can use this variable to pass additional config parameters in the `[server]` section of the config. |
 
 ### Database ([database](https://docs.gitea.io/en-us/config-cheat-sheet/#database-database))
diff --git a/defaults/main.yml b/defaults/main.yml
index 9dfcccf..c46e0f4 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -89,15 +89,25 @@ gitea_http_domain: "{{ gitea_fqdn }}"
 gitea_root_url: "http://{{ gitea_fqdn }}:3000"
 gitea_http_listen: '127.0.0.1'
 gitea_http_port: '3000'
-# gitea_http_letsencrypt_mail: 'mail@example.com'
 gitea_start_ssh: true
 gitea_ssh_domain: "{{ gitea_fqdn }}"
 gitea_ssh_port: '2222'
 gitea_ssh_listen: '0.0.0.0'
 gitea_offline_mode: true
+gitea_landing_page: 'home'
 gitea_lfs_server_enabled: false
-gitea_lfs_content_path: "{{ gitea_home }}/data/lfs"
 gitea_lfs_jwt_secret: ''
+gitea_redirect_other_port: false
+gitea_port_to_redirect: '80'
+gitea_enable_tls_certs: false
+gitea_tls_cert_file: 'https/cert.pem'
+gitea_tls_key_file: 'https/key.pem'
+gitea_enable_acme: false
+gitea_acme_url: ''
+gitea_acme_accepttos: false
+gitea_acme_directory: 'https'
+gitea_acme_email: ''
+gitea_acme_ca_root: ''
 gitea_server_extra_config: ''
 
 # Database (database)
diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2
index 58cab05..1f8effe 100644
--- a/templates/gitea.ini.j2
+++ b/templates/gitea.ini.j2
@@ -81,26 +81,34 @@ DOMAIN                = {{ gitea_http_domain }}
 ROOT_URL              = {{ gitea_root_url }}
 HTTP_ADDR             = {{ gitea_http_listen }}
 HTTP_PORT             = {{ gitea_http_port }}
-{% if gitea_http_port == 443 %}
-PORT_TO_REDIRECT      = 80
-{% endif %}
-{% if gitea_http_letsencrypt_mail is defined %}
-ENABLE_LETSENCRYPT    = true
-LETSENCRYPT_ACCEPTTOS = true
-LETSENCRYPT_EMAIL     = {{ gitea_http_letsencrypt_mail }}
-{% endif %}
 START_SSH_SERVER      = {{ gitea_start_ssh | ternary('true', 'false') }}
 SSH_DOMAIN            = {{ gitea_ssh_domain }}
 SSH_PORT              = {{ gitea_ssh_port }}
 SSH_LISTEN_HOST       = {{ gitea_ssh_listen }}
 OFFLINE_MODE          = {{ gitea_offline_mode | ternary('true', 'false') }}
 APP_DATA_PATH         = {{ gitea_home }}/data
+LANDING_PAGE          = {{ gitea_landing_page }}
 {% if gitea_lfs_server_enabled | bool -%}
 LFS_START_SERVER      = true
-LFS_CONTENT_PATH      = {{ gitea_lfs_content_path }}
 LFS_JWT_SECRET        = {{ gitea_lfs_jwt_secret }}
-{% endif %}
-{{ gitea_server_extra_config }}
+{% endif -%}
+REDIRECT_OTHER_PORT   = {{ gitea_redirect_other_port | ternary('true', 'false') }}
+PORT_TO_REDIRECT      = {{ gitea_port_to_redirect }}
+{%- if gitea_enable_tls_certs | bool %}
+CERT_FILE             = {{ gitea_tls_cert_file }}
+KEY_FILE              = {{ gitea_tls_key_file }}
+{%- endif %}
+ENABLE_ACME           = {{ gitea_enable_acme | ternary('true', 'false') }}
+{%- if gitea_enable_acme | bool %}
+{%- if gitea_acme_url != '' %}
+ACME_URL              = {{ gitea_acme_url }}
+{%- endif %}
+ACME_ACCEPTTOS        = {{ gitea_acme_accepttos | ternary('true', 'false') }}
+ACME_DIRECTORY        = {{ gitea_acme_directory }}
+ACME_EMAIL            = {{ gitea_acme_email }}
+ACME_CA_ROOT          = {{ gitea_acme_ca_root }}
+{%- endif %}
+{% if gitea_server_extra_config != '' %}{{ gitea_server_extra_config }}{% else %};{% endif %}
 ;
 ;
 ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#database-database