* Gitea user should be a system user
* Improve installation system
* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading
* Improve ARM support
* Improve support for Vault Encrypted JWT tokens
* Fix spacing in gitea configuration template
When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.
* add proper redhat/debian deps for molecule testing
* Gitea group should be a system group
* fix linting for CI
* Update CI and meta information for up-to-date tests and distros
* molecule: fix typo for redhat packages
* fix typo
* bump gitea version to 1.13.1
* Use Ubuntu keyservers to play nicely with everyone
* Update minimum required ansible version to 2.9.8
This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8
* Replace yes by True to please the linting
* Truthy values needs to be lower-case
* bump gitea version to 1.13.2
* perform gitea dump as gitea user
* need to set become to yes
* autogenerate JWT_SECRETS (#77)
* autogenerate JWT_SECRETS
Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.
The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.
* drop ansible.builtin. syntax
* Update file permissions for "{{ gitea_home }}" (#75)
The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files.
This should be done better. And I have done here now.
By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me
```
find . -type f -exec chmod a-x {} \+;
find . -type f -exec chmod u=rwX {} \+;
```
* Bump cryptography from 3.2 to 3.3.2 (#79)
Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Gitea user should be a system user
* Improve installation system
* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading
* Improve ARM support
* Fix spacing in gitea configuration template
When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.
* add proper redhat/debian deps for molecule testing
* Gitea group should be a system group
* fix linting for CI
* Update CI and meta information for up-to-date tests and distros
* molecule: fix typo for redhat packages
* fix typo
* bump gitea version to 1.13.1
* Use Ubuntu keyservers to play nicely with everyone
* Update minimum required ansible version to 2.9.8
This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8
* Replace yes by True to please the linting
* Truthy values needs to be lower-case
* bump gitea version to 1.13.2
* perform gitea dump as gitea user
* need to set become to yes
* check-variables.yml doesn't exists anymore
Co-authored-by: L3D <l3d@c3woc.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files.
This should be done better. And I have done here now.
By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me
```
find . -type f -exec chmod a-x {} \+;
find . -type f -exec chmod u=rwX {} \+;
```
* autogenerate JWT_SECRETS
Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.
The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.
* drop ansible.builtin. syntax
* delete trailing whitespace
* Add gitea_group
This will add the `gitea_group: gitea` and will probably
RESOLVE https://github.com/thomas-maurice/ansible-role-gitea/issues/70
* update variable length
update variable length to make this role idempotent
* vars should not include special character
There is this linting message:
```
[208] File permissions unset or incorrect
tasks/main.yml:27
Task/Handler: Create config and data directory
```
I fixed it in this commit and added a github action
to run the official™ ansible linting check!
Recursively set the gitea user as owner of all it's directories (and create /indexers and /logs directories.
This is needed if one tried to start gitea as root before.
This is due the fact that Ansible often takes another default shell
to execute its commands, e.g., /bin/sh.
Solution is to require /bin/bash for the particular command.
In check_mode, the binary download task depends on the execution of the
previous one, which uses the module shell to fill in a variable. In the
download binary task we use a field on that variable that does not exist
in check_mode, so the task fails.
Signed-off-by: L. Alberto Giménez <agimenez@sysvalve.es>
ANsible comes with the error:
```bash
[DEPRECATION WARNING]: evaluating gitea_fail2ban_enabled as a bare variable, this behaviour will go away and you might need to add |bool to the expression in the future. Also see CONDITIONAL_BARE_VARS configuration toggle.. This
feature will be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
```
appending ``|bool`` after a boolean variable will resolve the issue.
Old behavior is to download the binary of `gitea_version` every run,
then checksum it against the currently installed version to see if it needs
to be copied over.
New behavior is to attempt to extract the current running version of gitea
and only initiate the old behavior if the running version != `gitea_version`.
Default is old behavior due to the major logic change involved.