From ced73dde9883f7f2e38c44eea4468b38c94c1986 Mon Sep 17 00:00:00 2001 From: L3D Date: Sun, 21 Mar 2021 22:45:27 +0100 Subject: [PATCH 01/10] reorder security variables and add have I been pwned var --- README.md | 12 ++++++++---- defaults/main.yml | 11 ++++++++--- templates/gitea.ini.j2 | 14 ++++++-------- 3 files changed, 22 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 74784cd..efe3dba 100644 --- a/README.md +++ b/README.md @@ -136,7 +136,14 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu | `gitea_repo_indexer_max_file_size` | `1048576` | Maximum size in bytes of files to be indexed. | | `gitea_indexer_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[indexer]` section of the config. | - +### Security ([security](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security)) +| variable name | default value | description | +| ------------- | ------------- | ----------- | +| `gitea_secret_key` | `''` | Global secret key. Will be autogenerated if not defined. Should be unique. | +| `gitea_internal_token` | `''` | Internal API token. Will be autogenerated if not defined. Should be unique. | +| `gitea_disable_git_hooks` | `true` | Set to false to enable users with git hook privilege to create custom git hooks. Can be dangerous. | +| `gitea_password_check_pwn` | `false` | Check [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) to see if a password has been exposed. | +| `gitea_security_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[security]` section of the config. | @@ -159,9 +166,6 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu ### Security | variable name | default value | description | | ------------- | ------------- | ----------- | -| `gitea_secret_key` | `''` | Global secret key. Will be autogenerated if not defined. Should be unique. | -| `gitea_internal_token` | `''` | Internal API token. Will be autogenerated if not defined. Should be unique. | -| `gitea_disable_git_hooks` | `true` | Set to false to enable users with git hook privilege to create custom git hooks. Can be dangerous. | | `gitea_oauth2_jwt_secret` | `''` | Oauth2 JWT secret. Can be generated with ``gitea generate secret JWT_SECRET``. Will be autogenerated if not defined. | diff --git a/defaults/main.yml b/defaults/main.yml index 0eabc93..55012c2 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -70,6 +70,14 @@ gitea_repo_exclude_vendored: true gitea_repo_indexer_max_file_size: '1048576' gitea_indexer_extra_config: '' +# Security (security) +# -> https://docs.gitea.io/en-us/config-cheat-sheet/#security-security +gitea_secret_key: '' +gitea_internal_token: '' +gitea_disable_git_hooks: true +gitea_password_check_pwn: false +gitea_security_extra_config: '' + # look and feel gitea_disable_gravatar: true gitea_disable_registration: false @@ -82,9 +90,6 @@ gitea_enable_notify_mail: false gitea_auto_watch_new_repos: true # security -gitea_secret_key: '' -gitea_internal_token: '' -gitea_disable_git_hooks: true gitea_lfs_jwt_secret: '' gitea_oauth2_jwt_secret: '' diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index c0603fa..a38f2ed 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -86,19 +86,17 @@ MAX_FILE_SIZE = {{ gitea_repo_indexer_max_file_size }} {{ gitea_indexer_extra_config }} ; ; -; - - +; -> https://docs.gitea.io/en-us/config-cheat-sheet/#security-security [security] -; Whether the installer is disabled INSTALL_LOCK = true -; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!! SECRET_KEY = {{ gitea_secret_key }} INTERNAL_TOKEN = {{ gitea_internal_token }} -; How long to remember that an user is logged in before requiring relogin (in days) -LOGIN_REMEMBER_DAYS = 7 DISABLE_GIT_HOOKS = {{ gitea_disable_git_hooks | ternary('true', 'false') }} - +PASSWORD_CHECK_PWN = {{ gitea_password_check_pwn | ternary('true', 'false') }} +{{ gitea_security_extra_config }} +; +; +; [service] ; Disallow registration, only allow admins to create accounts. DISABLE_REGISTRATION = {{ gitea_disable_registration }} From 9e98056b43e9e8b64838a0ddb8ec2f5e7df3aebc Mon Sep 17 00:00:00 2001 From: L3D Date: Sun, 21 Mar 2021 22:58:34 +0100 Subject: [PATCH 02/10] reorder service variables --- README.md | 19 +++++++++++-------- defaults/main.yml | 12 ++++++++---- templates/gitea.ini.j2 | 21 ++++++++------------- 3 files changed, 27 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index efe3dba..104509e 100644 --- a/README.md +++ b/README.md @@ -145,6 +145,17 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu | `gitea_password_check_pwn` | `false` | Check [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) to see if a password has been exposed. | | `gitea_security_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[security]` section of the config. | +### Service ([service](https://docs.gitea.io/en-us/config-cheat-sheet/#service-service)) +| `gitea_disable_registration` | `false` | Do you want to disable user registration? (true/false) | +| `gitea_register_email_confirm` | `false` | Enable this to ask for mail confirmation of registration. Requires `gitea_mailer_enabled` to be enabled. | +| `gitea_require_signin` | `true` | Do you require a signin to see repo's (even public ones)? (true/false)| +| `gitea_enable_captcha` | `true` | Do you want to enable captcha's ? (true/false)| +| `gitea_show_registration_button` | `true` | Here you can hide the registration button. This will not disable registration! (true/false)| +| `gitea_only_allow_external_registration` | `false` | Set to true to force registration only using third-party services (true/false) | +| `gitea_enable_notify_mail` | `false` | Enable this to send e-mail to watchers of a repository when something happens, like creating issues (true/false) | +| `gitea_auto_watch_new_repos` | `true` | Enable this to let all organisation users watch new repos when they are created (true/false) | +| `gitea_service_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[service]` section of the config. | + @@ -153,14 +164,6 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu | variable name | default value | description | | ------------- | ------------- | ----------- | | `gitea_disable_gravatar` | `true` | Do you want to disable Gravatar ? (privacy and so on) (true/false) | -| `gitea_disable_registration` | `false` | Do you want to disable user registration? (true/false) | -| `gitea_register_email_confirm` | `false` | Enable this to ask for mail confirmation of registration. Requires `gitea_mailer_enabled` to be enabled. | -| `gitea_only_allow_external_registration` | `false` | Set to true to force registration only using third-party services (true/false) | -| `gitea_show_registration_button` | `true` | Here you can hide the registration button. This will not disable registration! (true/false)| -| `gitea_require_signin` | `true` | Do you require a signin to see repo's (even public ones)? (true/false)| -| `gitea_enable_captcha` | `true` | Do you want to enable captcha's ? (true/false)| -| `gitea_enable_notify_mail` | `false` | Enable this to send e-mail to watchers of a repository when something happens, like creating issues (true/false) | -| `gitea_auto_watch_new_repos` | `true` | Enable this to let all organisation users watch new repos when they are created (true/false) | ### Security diff --git a/defaults/main.yml b/defaults/main.yml index 55012c2..4d7bb70 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -78,16 +78,20 @@ gitea_disable_git_hooks: true gitea_password_check_pwn: false gitea_security_extra_config: '' -# look and feel -gitea_disable_gravatar: true +# Service (service) +# -> https://docs.gitea.io/en-us/config-cheat-sheet/#service-service gitea_disable_registration: false gitea_register_email_confirm: false -gitea_only_allow_external_registration: false -gitea_show_registration_button: true gitea_require_signin: true gitea_enable_captcha: true +gitea_show_registration_button: true +gitea_only_allow_external_registration: false gitea_enable_notify_mail: false gitea_auto_watch_new_repos: true +gitea_service_extra_config: '' + +# look and feel +gitea_disable_gravatar: true # security gitea_lfs_jwt_secret: '' diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index a38f2ed..a5a9ffa 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -96,26 +96,21 @@ PASSWORD_CHECK_PWN = {{ gitea_password_check_pwn | ternary('true', 'false') }} {{ gitea_security_extra_config }} ; ; -; +; -> https://docs.gitea.io/en-us/config-cheat-sheet/#service-service [service] -; Disallow registration, only allow admins to create accounts. -DISABLE_REGISTRATION = {{ gitea_disable_registration }} -REGISTER_EMAIL_CONFIRM = {{ gitea_register_email_confirm }} -; User must sign in to view anything. +DISABLE_REGISTRATION = {{ gitea_disable_registration | ternary('true', 'false') }} +REGISTER_EMAIL_CONFIRM = {{ gitea_register_email_confirm | ternary('true', 'false') }} REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin | ternary('true', 'false') }} -; Enable captcha validation for registration ENABLE_CAPTCHA = {{ gitea_enable_captcha | ternary('true', 'false') }} -; Type of captcha you want to use. Options: image, recaptcha -CAPTCHA_TYPE = image -; Enable recaptcha to use Google's recaptcha service -; Go to https://www.google.com/recaptcha/admin to sign up for a key -RECAPTCHA_SECRET = -RECAPTCHA_SITEKEY = -; Show Registration button SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button | ternary('true', 'false') }} ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration | ternary('true', 'false') }} ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail | ternary('true', 'false') }} AUTO_WATCH_NEW_REPOS = {{ gitea_auto_watch_new_repos | ternary('true', 'false') }} +{{ gitea_service_extra_config }} +; +; +; + [mailer] ENABLED = {{ gitea_mailer_enabled | ternary('true', 'false') }} ; Mail server From fc7025755a0c29aa4127ff69f153cf7b4b90fb8a Mon Sep 17 00:00:00 2001 From: L3D Date: Sun, 21 Mar 2021 23:17:13 +0100 Subject: [PATCH 03/10] reorder mailer variables --- README.md | 30 +++++++++++++++++----------- defaults/main.yml | 22 ++++++++++++--------- templates/gitea.ini.j2 | 44 ++++++++++++++---------------------------- 3 files changed, 46 insertions(+), 50 deletions(-) diff --git a/README.md b/README.md index 104509e..ca88133 100644 --- a/README.md +++ b/README.md @@ -146,6 +146,8 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu | `gitea_security_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[security]` section of the config. | ### Service ([service](https://docs.gitea.io/en-us/config-cheat-sheet/#service-service)) +| variable name | default value | description | +| ------------- | ------------- | ----------- | | `gitea_disable_registration` | `false` | Do you want to disable user registration? (true/false) | | `gitea_register_email_confirm` | `false` | Enable this to ask for mail confirmation of registration. Requires `gitea_mailer_enabled` to be enabled. | | `gitea_require_signin` | `true` | Do you require a signin to see repo's (even public ones)? (true/false)| @@ -156,8 +158,25 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu | `gitea_auto_watch_new_repos` | `true` | Enable this to let all organisation users watch new repos when they are created (true/false) | | `gitea_service_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[service]` section of the config. | +### Mailer ([mailer](https://docs.gitea.io/en-us/config-cheat-sheet/#mailer-mailer)) +| variable name | default value | description | +| ------------- | ------------- | ----------- | +| `gitea_mailer_enabled` | `false` | Whether to enable the mailer. | +| `gitea_mailer_host` | `localhost:25` | SMTP server hostname and port | +| `gitea_mailer_skip_verify` | `false` | Skip SMTP TLS certificate verification (true/false) | +| `gitea_mailer_tls_enabled` | `true` | Forcibly use TLS to connect even if not on a default SMTPS port. | +| `gitea_mailer_from` | `noreply@{{ gitea_http_domain }}` | Mail from address, RFC 5322. This can be just an email address, or the “Name” format. | +| `gitea_mailer_user` | `''` | Username of mailing user *(usually the sender’s e-mail address)*. | +| `gitea_mailer_password` | `''` | SMTP server password | +| `gitea_subject_prefix` | `''` | Prefix to be placed before e-mail subject lines | +| `gitea_mailer_type` | `smtp` | `[smtp, sendmail, dummy]` | +| `gitea_mailer_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[mailer]` section of the config. | +| `gitea_enable_notify_mail`: Whether e-mail should be send to watchers of a repository when something happens. Default: `false` + +### LFS configuration + ### Look and feel @@ -182,17 +201,6 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu ### Mailer configuration -* `gitea_mailer_enabled`: Whether to enable the mailer. Default: `false` -* `gitea_mailer_skip_verify`: Skip SMTP TLS certificate verification (true/false) -* `gitea_mailer_tls_enabled`: Enable TLS for SMTP connections (true/false) -* `gitea_mailer_host`: SMTP server hostname and port -* `gitea_mailer_user`: SMTP server username -* `gitea_mailer_password`: SMTP server password -* `gitea_mailer_from`: Sender mail address -* `gitea_subject_prefix`: Prefix to be placed before e-mail subject lines (Default: ``) -* `gitea_enable_notify_mail`: Whether e-mail should be send to watchers of a repository when something happens. Default: `false` - -### LFS configuration ### Log configuration diff --git a/defaults/main.yml b/defaults/main.yml index 4d7bb70..b6ef213 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -90,6 +90,19 @@ gitea_enable_notify_mail: false gitea_auto_watch_new_repos: true gitea_service_extra_config: '' +# Mailer [mailer] +# -> https://docs.gitea.io/en-us/config-cheat-sheet/#mailer-mailer +gitea_mailer_enabled: false +gitea_mailer_host: 'localhost:25' +gitea_mailer_skip_verify: false +gitea_mailer_tls_enabled: true +gitea_mailer_from: "noreply@{{ gitea_http_domain }}" +gitea_mailer_user: '' +gitea_mailer_password: '' +gitea_subject_prefix: '' +gitea_mailer_type: smtp +gitea_mailer_extra_config: '' + # look and feel gitea_disable_gravatar: true @@ -99,15 +112,6 @@ gitea_oauth2_jwt_secret: '' gitea_systemd_cap_net_bind_service: false -gitea_mailer_enabled: false -gitea_mailer_skip_verify: false -gitea_mailer_tls_enabled: true -gitea_mailer_host: localhost:25 -gitea_mailer_from: noreply@your.domain -gitea_mailer_user: "" -gitea_mailer_password: "" -gitea_subject_prefix: "" -gitea_mailer_type: smtp gitea_log_systemd: false gitea_log_only_warning: true diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index a5a9ffa..f0911ea 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -98,48 +98,32 @@ PASSWORD_CHECK_PWN = {{ gitea_password_check_pwn | ternary('true', 'false') }} ; ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#service-service [service] -DISABLE_REGISTRATION = {{ gitea_disable_registration | ternary('true', 'false') }} -REGISTER_EMAIL_CONFIRM = {{ gitea_register_email_confirm | ternary('true', 'false') }} -REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin | ternary('true', 'false') }} -ENABLE_CAPTCHA = {{ gitea_enable_captcha | ternary('true', 'false') }} -SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button | ternary('true', 'false') }} -ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration | ternary('true', 'false') }} -ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail | ternary('true', 'false') }} -AUTO_WATCH_NEW_REPOS = {{ gitea_auto_watch_new_repos | ternary('true', 'false') }} +DISABLE_REGISTRATION = {{ gitea_disable_registration | ternary('true', 'false') }} +REGISTER_EMAIL_CONFIRM = {{ gitea_register_email_confirm | ternary('true', 'false') }} +REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin | ternary('true', 'false') }} +ENABLE_CAPTCHA = {{ gitea_enable_captcha | ternary('true', 'false') }} +SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button | ternary('true', 'false') }} +ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration | ternary('true', 'false') }} +ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail | ternary('true', 'false') }} +AUTO_WATCH_NEW_REPOS = {{ gitea_auto_watch_new_repos | ternary('true', 'false') }} {{ gitea_service_extra_config }} ; ; -; - +; -> https://docs.gitea.io/en-us/config-cheat-sheet/#mailer-mailer [mailer] ENABLED = {{ gitea_mailer_enabled | ternary('true', 'false') }} -; Mail server -; Gmail: smtp.gmail.com:587 -; QQ: smtp.qq.com:465 -; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used. HOST = {{ gitea_mailer_host }} -; Do not verify the certificate of the server. Only use this for self-signed certificates SKIP_VERIFY = {{ gitea_mailer_skip_verify }} -; Use client certificate -USE_CERTIFICATE = false -CERT_FILE = {{ gitea_home }}/custom/mailer/cert.pem -KEY_FILE = {{ gitea_home }}/custom/mailer/key.pem -; Should SMTP connection use TLS IS_TLS_ENABLED = {{ gitea_mailer_tls_enabled | ternary('true', 'false') }} -; Mail from address, RFC 5322. This can be just an email address, or the `"Name" ` format FROM = {{ gitea_mailer_from }} -; Mailer user name and password USER = {{ gitea_mailer_user }} -; Use PASSWD = `your password` for quoting if you use special characters in the password. PASSWD = {{ gitea_mailer_password }} -; Send mails as plain text -SEND_AS_PLAIN_TEXT = false -SUBJECT_PREFIX = {{ gitea_subject_prefix }} -; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log) +SUBJECT_PREFIX = {{ gitea_subject_prefix }} MAILER_TYPE = {{ gitea_mailer_type }} -; Specify an alternative sendmail binary -SENDMAIL_PATH = sendmail - +{{ gitea_mailer_extra_config }} +; +; +; [session] ; Either "memory", "file", or "redis", default is "memory" PROVIDER = file From f568d8f13c56be78d181ce7df284c14e2e291b72 Mon Sep 17 00:00:00 2001 From: L3D Date: Sun, 21 Mar 2021 23:26:08 +0100 Subject: [PATCH 04/10] reorder session variables --- README.md | 9 +++++++++ defaults/main.yml | 6 ++++++ templates/gitea.ini.j2 | 17 +++++++---------- 3 files changed, 22 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index ca88133..0c72d8a 100644 --- a/README.md +++ b/README.md @@ -172,6 +172,15 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu | `gitea_mailer_type` | `smtp` | `[smtp, sendmail, dummy]` | | `gitea_mailer_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[mailer]` section of the config. | +### Session ([session](https://docs.gitea.io/en-us/config-cheat-sheet/#session-session)) +| variable name | default value | description | +| ------------- | ------------- | ----------- | +| `gitea_session_provider` | `file` | Session engine provider | +| `gitea_session_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[session]` section of the config. | + + + + | `gitea_enable_notify_mail`: Whether e-mail should be send to watchers of a repository when something happens. Default: `false` diff --git a/defaults/main.yml b/defaults/main.yml index b6ef213..01141e1 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -103,6 +103,12 @@ gitea_subject_prefix: '' gitea_mailer_type: smtp gitea_mailer_extra_config: '' +# Session (session) +# -> https://docs.gitea.io/en-us/config-cheat-sheet/#session-session +gitea_session_provider: 'file' +gitea_session_extra_config: '' + +# # look and feel gitea_disable_gravatar: true diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index f0911ea..cbc2f68 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -113,7 +113,7 @@ AUTO_WATCH_NEW_REPOS = {{ gitea_auto_watch_new_repos | ternary('tru [mailer] ENABLED = {{ gitea_mailer_enabled | ternary('true', 'false') }} HOST = {{ gitea_mailer_host }} -SKIP_VERIFY = {{ gitea_mailer_skip_verify }} +SKIP_VERIFY = {{ gitea_mailer_skip_verify | ternary('true', 'false') }} IS_TLS_ENABLED = {{ gitea_mailer_tls_enabled | ternary('true', 'false') }} FROM = {{ gitea_mailer_from }} USER = {{ gitea_mailer_user }} @@ -123,17 +123,14 @@ MAILER_TYPE = {{ gitea_mailer_type }} {{ gitea_mailer_extra_config }} ; ; -; +; -> https://docs.gitea.io/en-us/config-cheat-sheet/#session-session [session] -; Either "memory", "file", or "redis", default is "memory" -PROVIDER = file -; Provider config options -; memory: doesn't have any config yet -; file: session file path, e.g. `data/sessions` -; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180 -; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table` +PROVIDER = {{ gitea_session_provider }} PROVIDER_CONFIG = {{ gitea_home }}/data/sessions - +{{ gitea_session_extra_config }} +; +; +; [picture] AVATAR_UPLOAD_PATH = {{ gitea_home }}/data/avatars ; This value will always be true in offline mode. From 4aa5562c497702cfabf36d44e8346c189968f9e8 Mon Sep 17 00:00:00 2001 From: L3D Date: Sun, 21 Mar 2021 23:34:25 +0100 Subject: [PATCH 05/10] reorder pictures variables --- README.md | 6 +++++- defaults/main.yml | 4 ++-- templates/gitea.ini.j2 | 7 +++++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 0c72d8a..ceaf5be 100644 --- a/README.md +++ b/README.md @@ -178,6 +178,11 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu | `gitea_session_provider` | `file` | Session engine provider | | `gitea_session_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[session]` section of the config. | +### Picture ([picture](https://docs.gitea.io/en-us/config-cheat-sheet/#picture-picture)) +| variable name | default value | description | +| ------------- | ------------- | ----------- | +| `gitea_disable_gravatar` | `true` | Do you want to disable Gravatar ? (privacy and so on) (true/false) | +| `gitea_picture_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[picture]` section of the config. | @@ -191,7 +196,6 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu ### Look and feel | variable name | default value | description | | ------------- | ------------- | ----------- | -| `gitea_disable_gravatar` | `true` | Do you want to disable Gravatar ? (privacy and so on) (true/false) | ### Security diff --git a/defaults/main.yml b/defaults/main.yml index 01141e1..e94ab31 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -108,9 +108,9 @@ gitea_mailer_extra_config: '' gitea_session_provider: 'file' gitea_session_extra_config: '' -# -# look and feel +# Picture (picture) gitea_disable_gravatar: true +gitea_picture_extra_config: '' # security gitea_lfs_jwt_secret: '' diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index cbc2f68..4b579a0 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -130,11 +130,14 @@ PROVIDER_CONFIG = {{ gitea_home }}/data/sessions {{ gitea_session_extra_config }} ; ; -; +; -> https://docs.gitea.io/en-us/config-cheat-sheet/#picture-picture [picture] AVATAR_UPLOAD_PATH = {{ gitea_home }}/data/avatars -; This value will always be true in offline mode. DISABLE_GRAVATAR = {{ gitea_disable_gravatar | ternary('true', 'false') }} +{{ gitea_picture_extra_config }} +; +; +; [attachment] ; Whether attachments are enabled. Defaults to `true` From 9f867af9cae76a6648b1a3b9d9ad387d7bc9b50e Mon Sep 17 00:00:00 2001 From: L3D Date: Sun, 21 Mar 2021 23:45:20 +0100 Subject: [PATCH 06/10] reorder Issue and pull request attachments variables --- README.md | 6 ++++++ defaults/main.yml | 4 ++++ templates/gitea.ini.j2 | 12 ++++++------ 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index ceaf5be..3cadbf3 100644 --- a/README.md +++ b/README.md @@ -184,6 +184,12 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu | `gitea_disable_gravatar` | `true` | Do you want to disable Gravatar ? (privacy and so on) (true/false) | | `gitea_picture_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[picture]` section of the config. | +### Issue and pull request attachments ([attachment](https://docs.gitea.io/en-us/config-cheat-sheet/#issue-and-pull-request-attachments-attachment)) +| variable name | default value | description | +| ------------- | ------------- | ----------- | +| `attachment_enabled` | `true` | Whether issue and pull request attachments are enabled. | +| `gitea_attachment_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[attachment]` section of the config. | + diff --git a/defaults/main.yml b/defaults/main.yml index e94ab31..3001339 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -112,6 +112,10 @@ gitea_session_extra_config: '' gitea_disable_gravatar: true gitea_picture_extra_config: '' +# Issue and pull request attachments (attachment) +gitea_attachment_enabled: true +gitea_picture_extra_config: '' + # security gitea_lfs_jwt_secret: '' gitea_oauth2_jwt_secret: '' diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index 4b579a0..d45d6dd 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -137,14 +137,14 @@ DISABLE_GRAVATAR = {{ gitea_disable_gravatar | ternary('true', 'false') }} {{ gitea_picture_extra_config }} ; ; -; - +; -> https://docs.gitea.io/en-us/config-cheat-sheet/#issue-and-pull-request-attachments-attachment [attachment] -; Whether attachments are enabled. Defaults to `true` -ENABLED = true -; Path for attachments. Defaults to `data/attachments` +ENABLED = {{ gitea_attachment_enabled | ternary('true', 'false') }} PATH = {{ gitea_home }}/data/attachments - +{{ gitea_attachment_extra_config }} +; +; +; [log] ROOT_PATH = {{ gitea_home }}/log ; Either "console", "file", "conn", "smtp" or "database", default is "console" From 889c3ac71396b1061f83a89fe712c4e0166f7a29 Mon Sep 17 00:00:00 2001 From: L3D Date: Mon, 22 Mar 2021 00:05:21 +0100 Subject: [PATCH 07/10] reorder logging variables --- README.md | 9 +++++++-- defaults/main.yml | 13 +++++++------ templates/gitea.ini.j2 | 25 +++++++------------------ 3 files changed, 21 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 3cadbf3..10784c2 100644 --- a/README.md +++ b/README.md @@ -124,6 +124,7 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu | `gitea_db_password` | `lel` | Database password. **PLEASE CHANGE** | | `gitea_db_ssl` | `disable` | Configure SSL only if your database type supports it. Have a look into the [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/#database-database) for more detailed information | | `gitea_db_path` | `{{ gitea_home }}/data/gitea.db` | DB path, if you use `sqlite3`. | +| `gitea_db_log_sql` | `false` | Log the executed SQL. | | `gitea_database_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[database]` section of the config. | ### Indexer ([indexer](https://docs.gitea.io/en-us/config-cheat-sheet/#indexer-indexer)) @@ -190,6 +191,12 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu | `attachment_enabled` | `true` | Whether issue and pull request attachments are enabled. | | `gitea_attachment_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[attachment]` section of the config. | +### Log ([log](https://docs.gitea.io/en-us/config-cheat-sheet/#log-log)) +| variable name | default value | description | +| ------------- | ------------- | ----------- | +| `gitea_log_systemd` | `false` | Disable logging into `file`, use systemd-journald | +| `gitea_log_level` | `Warn` | General log level. `[Trace, Debug, Info, Warn, Error, Critical, Fatal, None]` | +| `gitea_log_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[log]` section of the config. | @@ -223,8 +230,6 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu ### Log configuration -* `gitea_log_systemd` Disable logging into `file`, use systemd-journald -* `gitea_log_only_warning` Log only warnings or above, no http access or sql logging (Default: `true`) ### Fail2Ban configuration diff --git a/defaults/main.yml b/defaults/main.yml index 3001339..93e0be3 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -59,6 +59,7 @@ gitea_db_user: 'gitea' gitea_db_password: 'lel' gitea_db_ssl: 'disable' gitea_db_path: "{{ gitea_home }}/data/gitea.db" +gitea_db_log_sql: false gitea_database_extra_config: '' # Indexer (indexer) @@ -114,7 +115,12 @@ gitea_picture_extra_config: '' # Issue and pull request attachments (attachment) gitea_attachment_enabled: true -gitea_picture_extra_config: '' +gitea_attachment_extra_config: '' + +# Log (log) +gitea_log_systemd: false +gitea_log_level: 'Warn' +gitea_log_extra_config: '' # security gitea_lfs_jwt_secret: '' @@ -123,9 +129,6 @@ gitea_oauth2_jwt_secret: '' gitea_systemd_cap_net_bind_service: false -gitea_log_systemd: false -gitea_log_only_warning: true - gitea_fail2ban_enabled: false gitea_fail2ban_jail_maxretry: 10 gitea_fail2ban_jail_findtime: 3600 @@ -137,8 +140,6 @@ gitea_oauth2_enabled: true gitea_metrics_enabled: false gitea_metrics_token: ~ -gitea_log_level: Info - gitea_extra_config: "" gitea_backup_on_upgrade: false diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index d45d6dd..082f70e 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -67,9 +67,7 @@ USER = {{ gitea_db_user }} PASSWD = {{ gitea_db_password }} SSL_MODE = {{ gitea_db_ssl }} PATH = {{ gitea_db_path }} -{% if gitea_log_only_warning %} -LOG_SQL = false -{% endif %} +LOG_SQL = {{ gitea_db_log_sql | ternary('true', 'false') }} {{ gitea_database_extra_config }} ; ; @@ -144,28 +142,19 @@ PATH = {{ gitea_home }}/data/attachments {{ gitea_attachment_extra_config }} ; ; -; +; -> https://docs.gitea.io/en-us/config-cheat-sheet/#log-log [log] ROOT_PATH = {{ gitea_home }}/log -; Either "console", "file", "conn", "smtp" or "database", default is "console" -; Use comma to separate multiple modes, e.g. "console, file" {% if gitea_log_systemd %} MODE = console -MACARON = console {% else %} MODE = file {% endif %} -; Buffer length of the channel, keep it as it is if you don't know what it is. -BUFFER_LEN = 10000 -; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace" -{% if gitea_log_only_warning %} -LEVEL = Warn -REDIRECT_MACARON_LOG = true -{% else %} -LEVEL = Info -REDIRECT_MACARON_LOG = false -{% endif %} - +LEVEL = {{ gitea_log_level }} +{{ gitea_log_extra_config }} +; +; +; [oauth2] ENABLE = {{ gitea_oauth2_enabled }} JWT_SECRET = {{ gitea_oauth2_jwt_secret }} From 7d8ff11f5e725431a4e5447b9ec7e1086bd65dc0 Mon Sep 17 00:00:00 2001 From: L3D Date: Mon, 22 Mar 2021 00:17:13 +0100 Subject: [PATCH 08/10] reorder metrics and oauth2 variables --- defaults/main.yml | 15 +++++++++++---- templates/gitea.ini.j2 | 17 +++++++++++------ 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 93e0be3..c6598a4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -122,9 +122,19 @@ gitea_log_systemd: false gitea_log_level: 'Warn' gitea_log_extra_config: '' +# Metrics (metrics) +gitea_metrics_enabled: false +gitea_metrics_token: '' + +# OAuth2 (oauth2) +gitea_oauth2_enabled: true +gitea_oauth2_jwt_secret: '' +gitea_oauth2_extra_config: '' + + + # security gitea_lfs_jwt_secret: '' -gitea_oauth2_jwt_secret: '' gitea_systemd_cap_net_bind_service: false @@ -135,10 +145,7 @@ gitea_fail2ban_jail_findtime: 3600 gitea_fail2ban_jail_bantime: 900 gitea_fail2ban_jail_action: iptables-allports -gitea_oauth2_enabled: true -gitea_metrics_enabled: false -gitea_metrics_token: ~ gitea_extra_config: "" diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index 082f70e..824a53b 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -154,13 +154,18 @@ LEVEL = {{ gitea_log_level }} {{ gitea_log_extra_config }} ; ; -; -[oauth2] -ENABLE = {{ gitea_oauth2_enabled }} -JWT_SECRET = {{ gitea_oauth2_jwt_secret }} - +; -> https://docs.gitea.io/en-us/config-cheat-sheet/#metrics-metrics [metrics] ENABLED = {{ gitea_metrics_enabled }} TOKEN = {{ gitea_metrics_token }} - +; +; +; https://docs.gitea.io/en-us/config-cheat-sheet/#oauth2-oauth2 +[oauth2] +ENABLE = {{ gitea_oauth2_enabled }} +JWT_SECRET = {{ gitea_oauth2_jwt_secret }} +{{ gitea_oauth2_extra_config }} +; +; +; Optional additional config {{ gitea_extra_config }} From 42f6a4e59441f5a4b436994ec6f5d18cf60e9e82 Mon Sep 17 00:00:00 2001 From: L3D Date: Mon, 22 Mar 2021 00:35:16 +0100 Subject: [PATCH 09/10] cleanup README --- README.md | 103 ++++++++++------------------------------------ defaults/main.yml | 29 +++++-------- 2 files changed, 33 insertions(+), 99 deletions(-) diff --git a/README.md b/README.md index 10784c2..64cfd49 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,8 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu | `gitea_dl_url` | *(see [defaults/main.yml](defaults/main.yml#L5))* | The path from where this role downloads the gitea binary | | `gitea_gpg_key` | `7C9E68152594688862D62AF62D9AE806EC1592E2` | the gpg key the gitea binary is signed with | | `gitea_gpg_server` | `hkp://keyserver.ubuntu.com:80` | A gpg key server where this role can download the gpg key | +| `gitea_backup_on_upgrade` | `false` | Optionally a backup can be created with every update of gitea. | +| `gitea_backup_location` | `{{ gitea_home }}/backups/` | Where to store the gitea backup if one is created with this role. | ### gitea in the linux world | variable name | default value | description | @@ -69,6 +71,7 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu | `gitea_group` | `gitea` | UNIX group used by Gitea | | `gitea_home` | `/var/lib/gitea` | Base directory to work | | `gitea_shell` | `/bin/false` | UNIX shell used by gitea. Set it to `/bin/bash` if you don't use the gitea built-in ssh server. | +| `gitea_systemd_cap_net_bind_service` | `false` | Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file | ### Overall ([DEFAULT](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default)) | variable name | default value | description | @@ -198,38 +201,23 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu | `gitea_log_level` | `Warn` | General log level. `[Trace, Debug, Info, Warn, Error, Critical, Fatal, None]` | | `gitea_log_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[log]` section of the config. | - - -| `gitea_enable_notify_mail`: Whether e-mail should be send to watchers of a repository when something happens. Default: `false` - -### LFS configuration - - - -### Look and feel +### Metrics ([metrics](https://docs.gitea.io/en-us/config-cheat-sheet/#metrics-metrics)) | variable name | default value | description | | ------------- | ------------- | ----------- | +| `gitea_metrics_enabled`| `false` | Enable the metrics endpoint | +| `gitea_metrics_token`| `''` | Bearer token for the Prometheus scrape job | - -### Security +### OAuth2 ([oauth2](https://docs.gitea.io/en-us/config-cheat-sheet/#oauth2-oauth2)) | variable name | default value | description | | ------------- | ------------- | ----------- | +| `gitea_oauth2_enabled` | `true` | Enable the Oauth2 provider (true/false) | | `gitea_oauth2_jwt_secret` | `''` | Oauth2 JWT secret. Can be generated with ``gitea generate secret JWT_SECRET``. Will be autogenerated if not defined. | +| `gitea_oauth2_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[oauth2]` section of the config. | - -### HTTP configuration - - -### SSH configuration - - -### Database configuration - -### Mailer configuration - - - -### Log configuration +### additional gitea config +| variable name | default value | description | +| ------------- | ------------- | ----------- | +| `gitea_extra_config` | `''` | Additional gitea configuration. Have a look at the [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) before using it! | ### Fail2Ban configuration @@ -237,31 +225,14 @@ If enabled, this will deploy a fail2ban filter and jail config for Gitea as desc As this will only deploy config files, fail2ban already has to be installed or otherwise the role will fail. -* `gitea_fail2ban_enabled`: Whether to deploy the fail2ban config or not -* `gitea_fail2ban_jail_maxretry`: fail2ban jail `maxretry` setting. Default: `10` -* `gitea_fail2ban_jail_findtime`: fail2ban jail `findtime` setting. Default: `3600` -* `gitea_fail2ban_jail_bantime`: fail2ban jail `bantime` setting. Default: `900` -* `gitea_fail2ban_jail_action`: fail2ban jail `action` setting. Default: `iptables-allports` +| variable name | default value | description | +| ------------- | ------------- | ----------- | +| `gitea_fail2ban_enabled` | `false` | Whether to deploy the fail2ban config or not | +| `gitea_fail2ban_jail_maxretry` | `10` | fail2ban jail `maxretry` setting. | +| `gitea_fail2ban_jail_findtime` | `3600` | fail2ban jail `findtime` setting. | +| `gitea_fail2ban_jail_bantime` | `900` | fail2ban jail `bantime` setting. | +| `gitea_fail2ban_jail_action` | `iptables-allports` | fail2ban jail `action` setting. | -### Oauth2 provider configuration - -* `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false) - - -### Metrics endpoint configuration - -* `gitea_metrics_enabled`: Enable the metrics endpoint -* `gitea_metrics_token`: Bearer token for the Prometheus scrape job - -### Repository Indexer configuration - - -### backup on upgrade -* `gitea_backup_on_upgrade`: Optionally a backup can be created with every update of gitea. Default: `false` -* `gitea_backup_location`: Where to store the gitea backup if one is created with this role. Default: `{{ gitea_home }}/backups/` - -* `gitea_systemd_cap_net_bind_service`: Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file -* `gitea_extra_config`: Additional configuration ## Contributing Don't hesitate to create a pull request, and when in doubt you can reach me on Mastodon [@l3d@chaos.social](https://chaos.social/@l3d). @@ -269,35 +240,5 @@ Mastodon [@l3d@chaos.social](https://chaos.social/@l3d). I'm happy to fix any issue that's been opened, or even better, review your pull requests :) ## Testing -Testing uses [molecule](https://molecule.readthedocs.io/en/stable-1.22/usage.html). To start the -tests, install the dependencies first. I would recommend you use [a virtual env](https://virtualenv.pypa.io/en/latest/) for that but who am I to tell you what to do. - -``` -pip install pew # install pew to manage the venvs -pew new ansible # create the venv -pip install -r requirements-travis.txt # install the requirements -molecule test # Run the actual tests -``` - -Note: you need Docker installed - -### Known testing limitations -Currently it's mainly validating that the playbook runs, the lint is ok, and that kind of things. -Since it runs in Docker, we currently have no way to check if the service is actually launched by systemd -and so on. This has to be worked on. - -## License -``` -Copyright (c) 2019 - today L3D -Copyright (c) 2019 - 2021 Thomas Maurice - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -``` +There is a test that is using [molecule](https://molecule.readthedocs.io/en/stable-1.22/usage.html). And som linting tests with github actions. +*For locale molecule testing docker is required.* diff --git a/defaults/main.yml b/defaults/main.yml index c6598a4..92c7822 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,11 +5,14 @@ gitea_version_check: true gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}" gitea_gpg_key: '7C9E68152594688862D62AF62D9AE806EC1592E2' gitea_gpg_server: 'hkp://keyserver.ubuntu.com:80' +gitea_backup_on_upgrade: false +gitea_backup_location: "{{ gitea_home }}/backups/" # gitea in the linux world gitea_group: 'gitea' gitea_home: '/var/lib/gitea' gitea_shell: '/bin/false' +gitea_systemd_cap_net_bind_service: false # Overall (DEFAULT) # -> https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default @@ -48,6 +51,7 @@ gitea_ssh_listen: '0.0.0.0' gitea_offline_mode: true gitea_lfs_server_enabled: false gitea_lfs_content_path: "{{ gitea_home }}/data/lfs" +gitea_lfs_jwt_secret: '' gitea_server_extra_config: '' # Database (database) @@ -131,23 +135,12 @@ gitea_oauth2_enabled: true gitea_oauth2_jwt_secret: '' gitea_oauth2_extra_config: '' - - -# security -gitea_lfs_jwt_secret: '' - -gitea_systemd_cap_net_bind_service: false - - -gitea_fail2ban_enabled: false -gitea_fail2ban_jail_maxretry: 10 -gitea_fail2ban_jail_findtime: 3600 -gitea_fail2ban_jail_bantime: 900 -gitea_fail2ban_jail_action: iptables-allports - - - +# additional gitea config gitea_extra_config: "" -gitea_backup_on_upgrade: false -gitea_backup_location: "{{ gitea_home }}/backups/" +# fail2ban +gitea_fail2ban_enabled: false +gitea_fail2ban_jail_maxretry: '10' +gitea_fail2ban_jail_findtime: '3600' +gitea_fail2ban_jail_bantime: '900' +gitea_fail2ban_jail_action: 'iptables-allports' From 2be8ac269d9dac33216cc487928be302df5174bc Mon Sep 17 00:00:00 2001 From: L3D Date: Mon, 22 Mar 2021 00:38:25 +0100 Subject: [PATCH 10/10] make the license more readable --- LICENSE | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/LICENSE b/LICENSE index 71df040..1206eb8 100644 --- a/LICENSE +++ b/LICENSE @@ -1,12 +1,31 @@ +BSD 3-Clause License + Copyright (c) 2019 - today L3D Copyright (c) 2019 - 2021 Thomas Maurice -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: +All rights reserved. -1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: -2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. -3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +3. Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.