1
1
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_gitea.git synced 2024-08-16 11:39:50 +02:00
Commit graph

318 commits

Author SHA1 Message Date
L3D
2eaccfe2a8
improve yamllinting 2021-03-21 00:08:32 +01:00
L3D
bb6ae52acd
Change meta and README Information 2021-03-21 00:07:30 +01:00
L3D
406538ff1a
Add myself to License 2021-03-20 23:38:39 +01:00
L3D
fe43c45e1e
Merge branch 'version' 2021-03-20 23:35:02 +01:00
L3D
9333d622c5
update gitea to 1.13.4
The current release of gitea is [v1.13.4](https://github.com/go-gitea/gitea/releases/tag/v1.13.4).

The current master of this role is not able to do a version update properly. PLEASE first merge https://github.com/thomas-maurice/ansible-role-gitea/pull/81
2021-03-20 23:31:09 +01:00
L3D
8b71e3f137
update requirements for molecule ()
* start upgrading requirements

* add some more updated requirements

* add another junk

* add another junk

* update ansible version
2021-03-02 09:38:20 +00:00
L3D
2fa3f51eb4
Cleanup template ()
improve template and create loglevel variable
2021-03-02 09:35:13 +00:00
Maxim Burgerhout
183e58f0e5
Add / correct accepted SSL modes for PostgreSQL ()
Supported SSL modues for PostgreSQL are: disabled, require, verify-ca
and verify-full.

This fix adds `verify-ca` to README.md and gitea.ini.j2, and corrects
`require` to `required` in README.md.
2021-02-15 18:35:27 +00:00
L3D
1127d83778
make the backup on update optional
Documentation and introduction of the variable `gitea_backup_on_upgrade: false`
2021-02-13 05:41:32 +01:00
L3D
0ffd14ccf0
create backup direcotry
create a backup folder and move the gitea backup to backup.yml
2021-02-13 05:32:27 +01:00
Finwë
56375819a7
Improve ARM Support ()
* Gitea user should be a system user

* Improve installation system

* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading

* Improve ARM support

* Improve support for Vault Encrypted JWT tokens

* Fix spacing in gitea configuration template

When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.

* add proper redhat/debian deps for molecule testing

* Gitea group should be a system group

* fix linting for CI

* Update CI and meta information for up-to-date tests and distros

* molecule: fix typo for redhat packages

* fix typo

* bump gitea version to 1.13.1

* Use Ubuntu keyservers to play nicely with everyone

* Update minimum required ansible version to 2.9.8

This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8

* Replace yes by True to please the linting

* Truthy values needs to be lower-case

* bump gitea version to 1.13.2

* perform gitea dump as gitea user

* need to set become to yes

* autogenerate JWT_SECRETS ()

* autogenerate JWT_SECRETS

Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.

The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.

* drop ansible.builtin. syntax

* Update file permissions for "{{ gitea_home }}" ()

The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files.

This should be done better. And I have done here now.

By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me
```
find . -type f -exec chmod a-x {} \+;
find . -type f -exec chmod u=rwX {} \+;
```

* Bump cryptography from 3.2 to 3.3.2 ()

Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Gitea user should be a system user

* Improve installation system

* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading

* Improve ARM support

* Fix spacing in gitea configuration template

When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.

* add proper redhat/debian deps for molecule testing

* Gitea group should be a system group

* fix linting for CI

* Update CI and meta information for up-to-date tests and distros

* molecule: fix typo for redhat packages

* fix typo

* bump gitea version to 1.13.1

* Use Ubuntu keyservers to play nicely with everyone

* Update minimum required ansible version to 2.9.8

This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8

* Replace yes by True to please the linting

* Truthy values needs to be lower-case

* bump gitea version to 1.13.2

* perform gitea dump as gitea user

* need to set become to yes

* check-variables.yml doesn't exists anymore

Co-authored-by: L3D <l3d@c3woc.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-12 17:56:31 +00:00
dependabot[bot]
f6f5e733f0
Bump cryptography from 3.2 to 3.3.2 ()
Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-10 19:07:04 +00:00
L3D
7d91337447
Update file permissions for "{{ gitea_home }}" ()
The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files.

This should be done better. And I have done here now.

By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me
```
find . -type f -exec chmod a-x {} \+;
find . -type f -exec chmod u=rwX {} \+;
```
2021-02-10 19:05:04 +00:00
L3D
9cd664d91f
autogenerate JWT_SECRETS ()
* autogenerate JWT_SECRETS

Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.

The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.

* drop ansible.builtin. syntax
2021-02-10 19:04:13 +00:00
L3D
67afb71160
add default "gitea_group: gitea" ()
* delete trailing whitespace

* Add gitea_group

This will add the `gitea_group: gitea` and will probably
RESOLVE https://github.com/thomas-maurice/ansible-role-gitea/issues/70

* update variable length

update variable length to make this role idempotent

* vars should not include special character
2021-01-27 14:13:02 +00:00
L3D
cde4a964d5 add LFS_JWT_SECRET option
+ Add comments about git-lfs to the README.
+ New variable for LFS_JWT_SECRET.
+ absolute path for gitea_lfs_content_path.
+ maybe some help to resolve https://github.com/thomas-maurice/ansible-role-gitea/issues/70
2021-01-22 11:07:28 +00:00
L3D
c68565952a delete trailing whitespace 2021-01-22 11:07:28 +00:00
L3D
2500047d22 improve all easy to fix yaml warnings 2021-01-22 11:06:55 +00:00
L3D
fb45c4dfc5 add linting check and fix warning
There is this linting message:
```
[208] File permissions unset or incorrect
tasks/main.yml:27
Task/Handler: Create config and data directory
```

I fixed it in this commit and added a github action
to run the official™ ansible linting check!
2021-01-22 11:06:55 +00:00
Simeon Keske
aa75493677 add option to specify extra configuration 2020-12-06 21:39:19 +00:00
Leo Maroni
8af72e355e Add disable_git_hooks config option to security 2020-12-06 21:37:51 +00:00
Jens Timmerman
ecfff9cbc0 bump gitea version
gitea 1.13.0 was released which fixes security issues

some breaking changes were reported in the release notes but I didn't find any issues with them on my system, caution is advised

Support Gitea development, we now have a shop for Swag

    SECURITY
        Add Allow-/Block-List for Migrate & Mirrors () ()
        Prevent git operations for inactive users () ()
        Disallow urlencoded new lines in git protocol paths if there is a port () ()
        Mitigate Security vulnerability in the git hook feature ()
        Disable DSA ssh keys by default ()
        Set TLS minimum version to 1.2 ()
        Use argon as default password hash algorithm ()
    BREAKING
        Set RUN_MODE prod by default () ()
        Don't replace underscores in auto-generated IDs in goldmark ()
        Add Primary Key to Topic and RepoTopic tables ()
        Disable password complexity check default ()
        Change PIDFile default from /var/run/gitea.pid to /run/gitea.pid ()
        Add extension Support to Attachments (allow all types for releases) ()
        Remove IE11 Support ()
2020-12-06 21:36:06 +00:00
dependabot[bot]
d5ca00bc21 Bump cryptography from 2.9 to 3.2
Bumps [cryptography](https://github.com/pyca/cryptography) from 2.9 to 3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/2.9...3.2)

Signed-off-by: dependabot[bot] <support@github.com>
2020-11-02 10:17:17 +00:00
genofire
373b5c237c fix repo path 2020-09-24 18:27:29 +02:00
genofire
883b6d958e fix logging path 2020-09-24 17:21:36 +01:00
Jens Timmerman
667c375a9d Update install_systemd.yml 2020-09-24 16:00:51 +01:00
Jens Timmerman
4976d531ba Update install_systemd.yml
reload systemd should be triggered via handler
2020-09-24 16:00:51 +01:00
Jens Timmerman
73d72a8264 1.12.4 was released which fixes security issues 2020-09-24 15:59:48 +01:00
Jens Timmerman
f2c8610cc4 Update README.md 2020-09-05 10:46:41 +01:00
Jens Timmerman
d517cd1e64 also create inders and logs directory as gitea
Recursively set the gitea user as owner of all it's directories (and create /indexers and /logs directories.
This is needed if one tried to start gitea as root before.
2020-08-21 23:16:35 +01:00
Jens Timmerman
56d9e08c64 make sure git is installed
gitea service fails to start if the git binary is not present on the system
2020-08-21 23:15:44 +01:00
Thomas Maurice
8b5ae578f4
Badges 2020-08-01 15:12:55 +01:00
Thomas Maurice
b4ecdb3563
Merge pull request from em0lar/notify_mail
Add configuration option for enabling notify email
2020-08-01 15:01:48 +01:00
Leo Maroni
8f2e1bcd6a
Add configuration option for enabling notify email 2020-07-28 12:23:26 +02:00
Thomas Maurice
b1550d80ce
Merge pull request from orangerkater/define-mailer-type
issue : define mailer type
2020-07-22 18:35:13 +01:00
Martin Borer
f48402354f issue : define mailer type 2020-07-21 14:18:08 +02:00
Thomas Maurice
c7dca823c9
Merge pull request from em0lar/repo_indexer
Add config options for repository indexer
2020-06-20 15:47:56 +01:00
Thomas Maurice
a14e4bbe4b
Merge pull request from DO1JLR/1.12.0
Update gitea to 1.12.0
2020-06-20 15:41:33 +01:00
L3D
50fa6f1db5
Merge branch 'master' into 1.12.0 2020-06-18 21:59:19 +02:00
L3D
815d06b7d8
Update gitea to 1.12.0
New gitea release [1.12.0](https://github.com/go-gitea/gitea/releases/tag/v1.12.0) is available \o/
2020-06-18 21:58:09 +02:00
Leo Maroni
1df6bd8e23
Add config options for repository indexer 2020-06-18 07:41:59 +02:00
Sergej
77d593a4b9 Bugfix: set -o pipefail fails silently.
This is due the fact that Ansible often takes another default shell
to execute its commands, e.g., /bin/sh.
Solution is to require /bin/bash for the particular command.
2020-06-17 14:08:26 +01:00
Leo Maroni
2b665bdb1d Add variable to enable adding CAP_NET_BIND_SERVICE to systemd service 2020-06-03 15:16:57 +01:00
Leo Maroni
efc0363f4b Added CAP_NET_BIND_SERVICE to gitea.service to allow binding to ports
lower than 1024
2020-06-03 15:16:57 +01:00
L3D
c3891fc4b3 Update gitea to v1.11.6
New Release available:
https://github.com/go-gitea/gitea/releases/tag/v1.11.6
2020-06-03 10:51:26 +01:00
Simeon Keske
e83335d9fb add newline at the ent of the file 2020-05-19 14:21:12 +01:00
Simeon Keske
16707f4a38 Allow to set a custom Download-URL for gitea 2020-05-19 14:21:12 +01:00
Leo Maroni
8506ca4f2b Add config option to set repository path different to home_path 2020-05-19 14:19:23 +01:00
Simeon Keske
349d9dff4f fix typo in THEMES 2020-05-19 14:13:01 +01:00
Simeon Keske
259d761eb2 add variable gitea_only_allow_external_registration 2020-05-19 14:13:01 +01:00