1
1
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_gitea.git synced 2024-08-16 11:39:50 +02:00
Commit graph

290 commits

Author SHA1 Message Date
L3D
9e98056b43
reorder service variables 2021-03-21 22:58:34 +01:00
L3D
ced73dde98
reorder security variables and add have I been pwned var 2021-03-21 22:45:27 +01:00
L3D
82f842dc85
Merge pull request #5 from roles-ansible/docs
add missing variable
2021-03-21 21:09:48 +01:00
L3D
1ca44426ff
add missing variable 2021-03-21 21:06:05 +01:00
L3D
22f22ab0c8
Merge pull request #4 from roles-ansible/DO1JLR-patch-1
fix typo
2021-03-21 18:09:50 +01:00
L3D
0c4185d369
Update README.md 2021-03-21 18:06:42 +01:00
L3D
c804494ddb
Merge pull request #3 from roles-ansible/docs
continue reordering variable names
2021-03-21 18:01:42 +01:00
L3D
62b0bc8ef8
improve linting 2021-03-21 17:57:41 +01:00
L3D
0b23826553
reorder gitea indexer config 2021-03-21 17:56:16 +01:00
L3D
32a1532f7a
reorder gitea database config 2021-03-21 17:42:28 +01:00
L3D
1cb903924a
reorder gitea server variables 2021-03-21 17:29:04 +01:00
L3D
db9c8c4341
reorder variables based on config-cheat-sheet 2021-03-21 17:08:17 +01:00
L3D
8ed69febc1
Merge pull request #2 from roles-ansible/docs
start updating docs and generate undefined secrets
2021-03-21 02:35:40 +01:00
L3D
5accc668ca
Merge branch 'docs' of github.com:roles-ansible/ansible_role_gitea into docs 2021-03-21 02:30:14 +01:00
L3D
1a8164b5ac
resolve linting error 2021-03-21 02:29:29 +01:00
L3D
d8653d9439
Update README.md 2021-03-21 02:27:20 +01:00
L3D
6ec2f8ed04
change secret mechanism and continue with README clenaup 2021-03-21 02:22:36 +01:00
L3D
154a0ac752
Start reordering variables and gitea_auto_watch_new_repos variable 2021-03-21 02:02:15 +01:00
L3D
d6cefc21d5
Merge pull request #1 from roles-ansible/geno
picking merge request
2021-03-21 00:32:13 +01:00
L3D
fb884c7263
resolve merge conflicts from https://github.com/thomas-maurice/ansible-role-gitea/pull/62 2021-03-21 00:27:27 +01:00
L3D
ab415b8027
Merge remote-tracking branch 'genofire/fix-repo-path' 2021-03-21 00:18:43 +01:00
L3D
216088b15f
Release role at ansible galaxy 2021-03-21 00:08:49 +01:00
L3D
2eaccfe2a8
improve yamllinting 2021-03-21 00:08:32 +01:00
L3D
bb6ae52acd
Change meta and README Information 2021-03-21 00:07:30 +01:00
L3D
406538ff1a
Add myself to License 2021-03-20 23:38:39 +01:00
L3D
fe43c45e1e
Merge branch 'version' 2021-03-20 23:35:02 +01:00
L3D
9333d622c5
update gitea to 1.13.4
The current release of gitea is [v1.13.4](https://github.com/go-gitea/gitea/releases/tag/v1.13.4).

The current master of this role is not able to do a version update properly. PLEASE first merge https://github.com/thomas-maurice/ansible-role-gitea/pull/81
2021-03-20 23:31:09 +01:00
L3D
8b71e3f137
update requirements for molecule (#78)
* start upgrading requirements

* add some more updated requirements

* add another junk

* add another junk

* update ansible version
2021-03-02 09:38:20 +00:00
L3D
2fa3f51eb4
Cleanup template (#85)
improve template and create loglevel variable
2021-03-02 09:35:13 +00:00
Maxim Burgerhout
183e58f0e5
Add / correct accepted SSL modes for PostgreSQL (#83)
Supported SSL modues for PostgreSQL are: disabled, require, verify-ca
and verify-full.

This fix adds `verify-ca` to README.md and gitea.ini.j2, and corrects
`require` to `required` in README.md.
2021-02-15 18:35:27 +00:00
L3D
1127d83778
make the backup on update optional
Documentation and introduction of the variable `gitea_backup_on_upgrade: false`
2021-02-13 05:41:32 +01:00
L3D
0ffd14ccf0
create backup direcotry
create a backup folder and move the gitea backup to backup.yml
2021-02-13 05:32:27 +01:00
Finwë
56375819a7
Improve ARM Support (#74)
* Gitea user should be a system user

* Improve installation system

* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading

* Improve ARM support

* Improve support for Vault Encrypted JWT tokens

* Fix spacing in gitea configuration template

When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.

* add proper redhat/debian deps for molecule testing

* Gitea group should be a system group

* fix linting for CI

* Update CI and meta information for up-to-date tests and distros

* molecule: fix typo for redhat packages

* fix typo

* bump gitea version to 1.13.1

* Use Ubuntu keyservers to play nicely with everyone

* Update minimum required ansible version to 2.9.8

This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8

* Replace yes by True to please the linting

* Truthy values needs to be lower-case

* bump gitea version to 1.13.2

* perform gitea dump as gitea user

* need to set become to yes

* autogenerate JWT_SECRETS (#77)

* autogenerate JWT_SECRETS

Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.

The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.

* drop ansible.builtin. syntax

* Update file permissions for "{{ gitea_home }}" (#75)

The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files.

This should be done better. And I have done here now.

By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me
```
find . -type f -exec chmod a-x {} \+;
find . -type f -exec chmod u=rwX {} \+;
```

* Bump cryptography from 3.2 to 3.3.2 (#79)

Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Gitea user should be a system user

* Improve installation system

* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading

* Improve ARM support

* Fix spacing in gitea configuration template

When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.

* add proper redhat/debian deps for molecule testing

* Gitea group should be a system group

* fix linting for CI

* Update CI and meta information for up-to-date tests and distros

* molecule: fix typo for redhat packages

* fix typo

* bump gitea version to 1.13.1

* Use Ubuntu keyservers to play nicely with everyone

* Update minimum required ansible version to 2.9.8

This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8

* Replace yes by True to please the linting

* Truthy values needs to be lower-case

* bump gitea version to 1.13.2

* perform gitea dump as gitea user

* need to set become to yes

* check-variables.yml doesn't exists anymore

Co-authored-by: L3D <l3d@c3woc.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-12 17:56:31 +00:00
dependabot[bot]
f6f5e733f0
Bump cryptography from 3.2 to 3.3.2 (#79)
Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-10 19:07:04 +00:00
L3D
7d91337447
Update file permissions for "{{ gitea_home }}" (#75)
The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files.

This should be done better. And I have done here now.

By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me
```
find . -type f -exec chmod a-x {} \+;
find . -type f -exec chmod u=rwX {} \+;
```
2021-02-10 19:05:04 +00:00
L3D
9cd664d91f
autogenerate JWT_SECRETS (#77)
* autogenerate JWT_SECRETS

Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.

The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.

* drop ansible.builtin. syntax
2021-02-10 19:04:13 +00:00
L3D
67afb71160
add default "gitea_group: gitea" (#71)
* delete trailing whitespace

* Add gitea_group

This will add the `gitea_group: gitea` and will probably
RESOLVE https://github.com/thomas-maurice/ansible-role-gitea/issues/70

* update variable length

update variable length to make this role idempotent

* vars should not include special character
2021-01-27 14:13:02 +00:00
L3D
cde4a964d5 add LFS_JWT_SECRET option
+ Add comments about git-lfs to the README.
+ New variable for LFS_JWT_SECRET.
+ absolute path for gitea_lfs_content_path.
+ maybe some help to resolve https://github.com/thomas-maurice/ansible-role-gitea/issues/70
2021-01-22 11:07:28 +00:00
L3D
c68565952a delete trailing whitespace 2021-01-22 11:07:28 +00:00
L3D
2500047d22 improve all easy to fix yaml warnings 2021-01-22 11:06:55 +00:00
L3D
fb45c4dfc5 add linting check and fix warning
There is this linting message:
```
[208] File permissions unset or incorrect
tasks/main.yml:27
Task/Handler: Create config and data directory
```

I fixed it in this commit and added a github action
to run the official™ ansible linting check!
2021-01-22 11:06:55 +00:00
Simeon Keske
aa75493677 add option to specify extra configuration 2020-12-06 21:39:19 +00:00
Leo Maroni
8af72e355e Add disable_git_hooks config option to security 2020-12-06 21:37:51 +00:00
Jens Timmerman
ecfff9cbc0 bump gitea version
gitea 1.13.0 was released which fixes security issues

some breaking changes were reported in the release notes but I didn't find any issues with them on my system, caution is advised

Support Gitea development, we now have a shop for Swag

    SECURITY
        Add Allow-/Block-List for Migrate & Mirrors (#13610) (#13776)
        Prevent git operations for inactive users (#13527) (#13536)
        Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13524)
        Mitigate Security vulnerability in the git hook feature (#13058)
        Disable DSA ssh keys by default (#13056)
        Set TLS minimum version to 1.2 (#12689)
        Use argon as default password hash algorithm (#12688)
    BREAKING
        Set RUN_MODE prod by default (#13765) (#13767)
        Don't replace underscores in auto-generated IDs in goldmark (#12805)
        Add Primary Key to Topic and RepoTopic tables (#12639)
        Disable password complexity check default (#12557)
        Change PIDFile default from /var/run/gitea.pid to /run/gitea.pid (#12500)
        Add extension Support to Attachments (allow all types for releases) (#12465)
        Remove IE11 Support (#11470)
2020-12-06 21:36:06 +00:00
dependabot[bot]
d5ca00bc21 Bump cryptography from 2.9 to 3.2
Bumps [cryptography](https://github.com/pyca/cryptography) from 2.9 to 3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/2.9...3.2)

Signed-off-by: dependabot[bot] <support@github.com>
2020-11-02 10:17:17 +00:00
genofire
373b5c237c fix repo path 2020-09-24 18:27:29 +02:00
genofire
883b6d958e fix logging path 2020-09-24 17:21:36 +01:00
Jens Timmerman
667c375a9d Update install_systemd.yml 2020-09-24 16:00:51 +01:00
Jens Timmerman
4976d531ba Update install_systemd.yml
reload systemd should be triggered via handler
2020-09-24 16:00:51 +01:00
Jens Timmerman
73d72a8264 1.12.4 was released which fixes security issues 2020-09-24 15:59:48 +01:00