From 183e58f0e5682cc56265cf22e5d5a0afac685129 Mon Sep 17 00:00:00 2001 From: Maxim Burgerhout Date: Mon, 15 Feb 2021 19:35:27 +0100 Subject: [PATCH 1/4] Add / correct accepted SSL modes for PostgreSQL (#83) Supported SSL modues for PostgreSQL are: disabled, require, verify-ca and verify-full. This fix adds `verify-ca` to README.md and gitea.ini.j2, and corrects `require` to `required` in README.md. --- README.md | 2 +- templates/gitea.ini.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0cb20d5..02dcc0b 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we * `gitea_db_name`: Database name * `gitea_db_user`: Database username * `gitea_db_password`: Database password -* `gitea_db_ssl`: Use SSL ? (postgres only!). Can be `required`, `disable`, `verify-full` +* `gitea_db_ssl`: Use SSL ? (postgres only!). Can be `require`, `disable`, `verify-ca` or `verify-full` * `gitea_db_path`: DB path, if you use `sqlite3`. The default is good enough to work though. ### Mailer configuration diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index deeb164..6c1e3d9 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -70,7 +70,7 @@ NAME = {{ gitea_db_name }} USER = {{ gitea_db_user }} ; Use PASSWD = `your password` for quoting if you use special characters in the password. PASSWD = {{ gitea_db_password }} -; For Postgres, either "disable" (default), "require", or "verify-full" +; For Postgres, either "disable" (default), "require", "verify-ca" or "verify-full" ; For MySQL, either "false" (default), "true", or "skip-verify" SSL_MODE = {{ gitea_db_ssl }} ; For "sqlite3" and "tidb", use an absolute path when you start gitea as service From 2fa3f51eb4fb100c54d2cfd140dd0bfe476e0f37 Mon Sep 17 00:00:00 2001 From: L3D Date: Tue, 2 Mar 2021 10:35:13 +0100 Subject: [PATCH 2/4] Cleanup template (#85) improve template and create loglevel variable --- defaults/main.yml | 2 ++ templates/gitea.ini.j2 | 44 ++++++++++++++++++------------------------ 2 files changed, 21 insertions(+), 25 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 4ae6768..5f76ee2 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -85,4 +85,6 @@ gitea_repo_indexer_exclude: "" gitea_repo_exclude_vendored: true gitea_repo_indexer_max_file_size: 1048576 +gitea_log_level: Info + gitea_extra_config: "" diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index 6c1e3d9..3030715 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -1,10 +1,10 @@ ; this file is the configuration of your local gitea instance ; {{ ansible_managed }} -; +; ; This file overwrites the default values from gitea. ; undefined variables will use the default value from gitea. ; Cheat Sheet: https://docs.gitea.io/en-us/config-cheat-sheet/ -; +; ; App name that shows on every page title APP_NAME = {{ gitea_app_name }} ; Change it if you run locally @@ -15,17 +15,17 @@ RUN_MODE = prod [repository] ROOT = {{ gitea_repository_root }} ; Force every new repository to be private -FORCE_PRIVATE = {{ gitea_force_private }} +FORCE_PRIVATE = {{ gitea_force_private | ternary('true', 'false') }} ; Global limit of repositories per user, applied at creation time. -1 means no limit MAX_CREATION_LIMIT = {{ gitea_user_repo_limit }} ; Mirror sync queue length, increase if mirror syncing starts hanging MIRROR_QUEUE_LENGTH = 1000 ; Disable the ability to interact with repositories using the HTTP protocol -DISABLE_HTTP_GIT = {{ gitea_disable_http_git }} +DISABLE_HTTP_GIT = {{ gitea_disable_http_git | ternary('true', 'false') }} [ui] ; Whether the email of the user should be shown in the Explore Users page -SHOW_USER_EMAIL = {{ gitea_show_user_email }} +SHOW_USER_EMAIL = {{ gitea_show_user_email | ternary('true', 'false') }} THEMES = {{ gitea_themes }} DEFAULT_THEME = {{ gitea_theme_default }} @@ -40,7 +40,7 @@ HTTP_PORT = {{ gitea_http_port }} ; Disable SSH feature when not available DISABLE_SSH = false ; Whether to use the builtin SSH server or not. -START_SSH_SERVER = {{ gitea_start_ssh }} +START_SSH_SERVER = {{ gitea_start_ssh | ternary('true', 'false') }} ; Domain name to be exposed in clone URL SSH_DOMAIN = {{ gitea_ssh_domain }} ; The network interface the builtin SSH server should listen on @@ -50,7 +50,7 @@ SSH_PORT = {{ gitea_ssh_port }} ; The port number the builtin SSH server should listen on SSH_LISTEN_PORT = %(SSH_PORT)s ; Disable CDN even in "prod" mode -OFFLINE_MODE = {{ gitea_offline_mode }} +OFFLINE_MODE = {{ gitea_offline_mode | ternary('true', 'false') }} ; Default path for App data APP_DATA_PATH = {{ gitea_home }}/data {% if gitea_lfs_server_enabled | bool -%} @@ -100,37 +100,33 @@ SECRET_KEY = {{ gitea_secret_key }} INTERNAL_TOKEN = {{ gitea_internal_token }} ; How long to remember that an user is logged in before requiring relogin (in days) LOGIN_REMEMBER_DAYS = 7 -DISABLE_GIT_HOOKS = {{ gitea_disable_git_hooks }} +DISABLE_GIT_HOOKS = {{ gitea_disable_git_hooks | ternary('true', 'false') }} [service] ; Disallow registration, only allow admins to create accounts. DISABLE_REGISTRATION = {{ gitea_disable_registration }} ; User must sign in to view anything. -REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin }} +REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin | ternary('true', 'false') }} ; Enable captcha validation for registration -ENABLE_CAPTCHA = {{ gitea_enable_captcha }} +ENABLE_CAPTCHA = {{ gitea_enable_captcha | ternary('true', 'false') }} ; Type of captcha you want to use. Options: image, recaptcha CAPTCHA_TYPE = image ; Enable recaptcha to use Google's recaptcha service ; Go to https://www.google.com/recaptcha/admin to sign up for a key -RECAPTCHA_SECRET = -RECAPTCHA_SITEKEY = +RECAPTCHA_SECRET = +RECAPTCHA_SITEKEY = ; Show Registration button -SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button }} -ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration }} -ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail }} +SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button | ternary('true', 'false') }} +ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration | ternary('true', 'false') }} +ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail | ternary('true', 'false') }} [mailer] -ENABLED = {{ gitea_mailer_enabled }} +ENABLED = {{ gitea_mailer_enabled | ternary('true', 'false') }} ; Mail server ; Gmail: smtp.gmail.com:587 ; QQ: smtp.qq.com:465 ; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used. HOST = {{ gitea_mailer_host }} -; Disable HELO operation when hostnames are different. -DISABLE_HELO = -; Custom hostname for HELO operation, if no value is provided, one is retrieved from system. -HELO_HOSTNAME = ; Do not verify the certificate of the server. Only use this for self-signed certificates SKIP_VERIFY = {{ gitea_mailer_skip_verify }} ; Use client certificate @@ -138,7 +134,7 @@ USE_CERTIFICATE = false CERT_FILE = {{ gitea_home }}/custom/mailer/cert.pem KEY_FILE = {{ gitea_home }}/custom/mailer/key.pem ; Should SMTP connection use TLS -IS_TLS_ENABLED = {{ gitea_mailer_tls_enabled }} +IS_TLS_ENABLED = {{ gitea_mailer_tls_enabled | ternary('true', 'false') }} ; Mail from address, RFC 5322. This can be just an email address, or the `"Name" ` format FROM = {{ gitea_mailer_from }} ; Mailer user name and password @@ -151,8 +147,6 @@ SEND_AS_PLAIN_TEXT = false MAILER_TYPE = {{ gitea_mailer_type }} ; Specify an alternative sendmail binary SENDMAIL_PATH = sendmail -; Specify any extra sendmail arguments -SENDMAIL_ARGS = [session] ; Either "memory", "file", or "redis", default is "memory" @@ -167,7 +161,7 @@ PROVIDER_CONFIG = {{ gitea_home }}/data/sessions [picture] AVATAR_UPLOAD_PATH = {{ gitea_home }}/data/avatars ; This value will always be true in offline mode. -DISABLE_GRAVATAR = {{ gitea_disable_gravatar }} +DISABLE_GRAVATAR = {{ gitea_disable_gravatar | ternary('true', 'false') }} [attachment] ; Whether attachments are enabled. Defaults to `true` @@ -183,7 +177,7 @@ MODE = file ; Buffer length of the channel, keep it as it is if you don't know what it is. BUFFER_LEN = 10000 ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace" -LEVEL = Info +LEVEL = {{ gitea_log_level }} REDIRECT_MACARON_LOG = false [oauth2] From 8b71e3f137e75006a52de7dd6bbbf765bcf03dff Mon Sep 17 00:00:00 2001 From: L3D Date: Tue, 2 Mar 2021 10:38:20 +0100 Subject: [PATCH 3/4] update requirements for molecule (#78) * start upgrading requirements * add some more updated requirements * add another junk * add another junk * update ansible version --- requirements-travis.txt | 49 +++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/requirements-travis.txt b/requirements-travis.txt index 17274d0..0cd9a66 100644 --- a/requirements-travis.txt +++ b/requirements-travis.txt @@ -1,24 +1,25 @@ -ansible==2.9.8 -ansible-lint==4.2.0 -anyconfig==0.9.7 +ansible==2.10.7 +ansible-lint==5.0.0 +anyconfig==0.10.0 +atomicwrites==1.4.0 +attrs==20.3.0 +autopep8==1.5.5 +bcrypt==3.2.0 arrow==0.15.5 asn1crypto==0.24.0 -atomicwrites==1.3.0 -attrs==19.1.0 -autopep8==1.5.1 -bcrypt==3.1.7 binaryornot==0.4.4 Cerberus==1.3.2 -certifi==2020.4.5.1 -cffi==1.14.0 -chardet==3.0.4 -click==7.1.1 +certifi==2020.12.5 +cffi==1.14.4 +chardet==4.0.0 +click==7.1.2 click-completion==0.5.2 -click-help-colors==0.8 -colorama==0.4.3 -cookiecutter==1.7.0 +click-help-colors==0.9 +colorama==0.4.4 +cookiecutter==1.7.2 +cryptography==3.3.1 cryptography==3.3.2 -docker==4.2.0 +docker==4.4.1 docker-pycreds==0.4.0 entrypoints==0.3 fasteners==0.15 @@ -27,16 +28,16 @@ future==0.18.2 git-url-parse==1.2.1 idna==2.9 importlib-metadata==1.6.0 -Jinja2==2.11.2 +Jinja2==2.11.3 jinja2-time==0.2.0 MarkupSafe==1.1.1 mccabe==0.6.1 molecule==3.0.3 monotonic==1.5 -more-itertools==6.0.0 -paramiko==2.7.1 -pathspec==0.8.0 -pbr==5.1.1 +more-itertools==8.6.0 +paramiko==2.7.2 +pathspec==0.8.1 +pbr==5.5.1 pexpect==4.8.0 pi==0.1.2 pluggy==0.13.1 @@ -60,10 +61,10 @@ sh==1.12.14 shellingham==1.3.2 six==1.14.0 tabulate==0.8.7 -testinfra==5.0.0 +testinfra==6.0.0 tree-format==0.1.2 -urllib3==1.25.8 +urllib3==1.26.3 websocket-client==0.57.0 whichcraft==0.6.1 -yamllint==1.22.1 -zipp==3.1.0 +yamllint==1.26.0 +zipp==3.4.0 From 9333d622c5167ab15a7a0f550ba019fc90dc87da Mon Sep 17 00:00:00 2001 From: L3D Date: Sat, 20 Mar 2021 23:31:09 +0100 Subject: [PATCH 4/4] update gitea to 1.13.4 The current release of gitea is [v1.13.4](https://github.com/go-gitea/gitea/releases/tag/v1.13.4). The current master of this role is not able to do a version update properly. PLEASE first merge https://github.com/thomas-maurice/ansible-role-gitea/pull/81 --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 5f76ee2..e423ae3 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -gitea_version: "1.13.2" +gitea_version: "1.13.4" gitea_version_check: true gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}" gitea_gpg_key: "7C9E68152594688862D62AF62D9AE806EC1592E2"