ansible/ansible_role_gitea
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

.

Browse Source
This commit is contained in:
Bastian Epting
2023-12-08 12:38:53 +01:00
commit a986b486ca
34 changed files with 1999 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
templates/fail2ban/filter.conf.j2 Normal file
View File

@@ -0,0 +1,4 @@
# Managed by Ansible
[Definition]
failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
ignoreregex =

9
templates/fail2ban/jail.conf.j2 Normal file
View File

@@ -0,0 +1,9 @@
[gitea]
enabled = true
port = http,https
filter = gitea
logpath = {{ gitea_home }}/log/gitea.log
maxretry = {{ gitea_fail2ban_jail_maxretry }}
findtime = {{ gitea_fail2ban_jail_findtime }}
bantime = {{ gitea_fail2ban_jail_bantime }}
action = {{ gitea_fail2ban_jail_action }}

312
templates/gitea.ini.j2 Normal file
View File

@@ -0,0 +1,312 @@
; this file is the configuration of your local Gitea instance
; {{ ansible_managed }}
;
; This file overwrites the default values from Gitea.
; undefined variables will use the default value from Gitea.
; Cheat Sheet: https://docs.gitea.com/next/administration/config-cheat-sheet/
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet#overall-default
APP_NAME = {{ gitea_app_name }}
RUN_USER = {{ gitea_user }}
RUN_MODE = {{ gitea_run_mode }}
WORK_PATH = {{ gitea_home }}
;
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#repository-repository
[repository]
ROOT = {{ gitea_repository_root }}
FORCE_PRIVATE = {{ gitea_force_private | ternary('true', 'false') }}
DEFAULT_PRIVATE = {{ gitea_default_private }}
MAX_CREATION_LIMIT = {{ gitea_user_repo_limit }}
DISABLE_HTTP_GIT = {{ gitea_disable_http_git | ternary('true', 'false') }}
ENABLE_PUSH_CREATE_USER = {{ gitea_enable_push_create_user | ternary('true', 'false') }}
ENABLE_PUSH_CREATE_ORG = {{ gitea_enable_push_create_org | ternary('true', 'false') }}
DISABLED_REPO_UNITS = {{ gitea_disabled_repo_units }}
DEFAULT_REPO_UNITS = {{ gitea_default_repo_units }}
DISABLE_STARS = {{ gitea_disable_stars | ternary('true', 'false') }}
DEFAULT_BRANCH = {{ gitea_default_branch }}
{{ gitea_repository_extra_config }}
;
;
; -> https://docs.gitea.com/next/administration/administration/config-cheat-sheet/#repository---upload-repositoryupload
[repository.upload]
ENABLED = {{ gitea_repository_upload_enabled | ternary('true', 'false') }}
TEMP_PATH = {{ gitea_home }}/data/tmp/uploads
FILE_MAX_SIZE = {{ gitea_repository_upload_max_size }}
{{ gitea_repository_upload_extra_config }}
;
;
{% if gitea_enable_repo_signing_options | bool %}
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#repository---signing-repositorysigning
[repository.signing]
SIGNING_KEY = {{ gitea_repo_signing_key }}
SIGNING_NAME = {{ gitea_repo_signing_name }}
SIGNING_EMAIL = {{ gitea_repo_signing_email }}
INITIAL_COMMIT = {{ gitea_repo_initial_commit }}
DEFAULT_TRUST_MODEL = {{ gitea_repo_default_trust_model }}
WIKI = {{ gitea_repo_wiki }}
CRUD_ACTIONS = {{ gitea_repo_crud_actions }}
MERGES = {{ gitea_repo_merges }}
{{ gitea_enable_repo_signing_extra }}
;
{% endif %}
;
{% if gitea_enable_cors | bool %}
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#cors-cors
[cors]
ENABLED = {{ gitea_enable_cors | ternary('true', 'false') }}
SCHEME = {{ gitea_cors_scheme }}
ALLOW_DOMAIN = {{ gitea_cors_allow_domain }}
ALLOW_SUBDOMAIN = {{ gitea_cors_allow_subdomain | ternary('true', 'false') }}
METHODS = {{ gitea_cors_methods }}
MAX_AGE = {{ gitea_cors_max_age }}
ALLOW_CREDENTIALS = {{ gitea_cors_allow_credentials | ternary('true', 'false') }}
HEADERS = {{ gitea_cors_headers }}
X_FRAME_OPTIONS = {{ gitea_cors_x_frame_options }}
{{ gitea_cors_extra }}
;
{% endif %}
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#ui-ui
[ui]
THEMES = {{ gitea_themes }}
DEFAULT_THEME = {{ gitea_theme_default }}
SHOW_USER_EMAIL = {{ gitea_show_user_email | ternary('true', 'false') }}
{{ gitea_ui_extra_config }}
;
;
;
[ui.meta]
AUTHOR = {{ gitea_ui_author }}
DESCRIPTION = {{ gitea_ui_description }}
KEYWORDS = {{ gitea_ui_keywords }}
{{ gitea_ui_meta_extra_config }}
;
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#server-server
[server]
APP_DATA_PATH = {{ gitea_home }}/data
PROTOCOL = {{ gitea_protocol }}
DOMAIN = {{ gitea_http_domain }}
ROOT_URL = {{ gitea_root_url }}
HTTP_ADDR = {{ gitea_http_listen }}
HTTP_PORT = {{ gitea_http_port }}
START_SSH_SERVER = {{ gitea_start_ssh | ternary('true', 'false') }}
SSH_DOMAIN = {{ gitea_ssh_domain }}
SSH_PORT = {{ gitea_ssh_port }}
SSH_LISTEN_HOST = {{ gitea_ssh_listen }}
OFFLINE_MODE = {{ gitea_offline_mode | ternary('true', 'false') }}
{% if gitea_enable_tls_certs | bool %}
CERT_FILE = {{ gitea_tls_cert_file }}
KEY_FILE = {{ gitea_tls_key_file }}
{% endif %}
LANDING_PAGE = {{ gitea_landing_page }}
{% if gitea_lfs_server_enabled | bool %}
LFS_START_SERVER = true
LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
{% endif %}
REDIRECT_OTHER_PORT = {{ gitea_redirect_other_port | ternary('true', 'false') }}
PORT_TO_REDIRECT = {{ gitea_port_to_redirect }}
ENABLE_ACME = {{ gitea_enable_acme | ternary('true', 'false') }}
{% if gitea_enable_acme | bool %}
{% if gitea_acme_url != '' %}
ACME_URL = {{ gitea_acme_url }}
{% endif %}
ACME_ACCEPTTOS = {{ gitea_acme_accepttos | ternary('true', 'false') }}
ACME_DIRECTORY = {{ gitea_acme_directory }}
ACME_EMAIL = {{ gitea_acme_email }}
ACME_CA_ROOT = {{ gitea_acme_ca_root }}
{% endif %}
{{ gitea_server_extra_config }}
;
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#database-database
[database]
DB_TYPE = {{ gitea_db_type }}
HOST = {{ gitea_db_host }}
NAME = {{ gitea_db_name }}
USER = {{ gitea_db_user }}
PASSWD = {{ gitea_db_password }}
SSL_MODE = {{ gitea_db_ssl }}
PATH = {{ gitea_db_path }}
LOG_SQL = {{ gitea_db_log_sql | ternary('true', 'false') }}
{{ gitea_database_extra_config }}
;
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#indexer-indexer
[indexer]
ISSUE_INDEXER_PATH = {{ gitea_home }}/indexers/issues.bleve
REPO_INDEXER_ENABLED = {{ gitea_repo_indexer_enabled | ternary('true', 'false') }}
REPO_INDEXER_PATH = {{ gitea_home }}/indexers/repos.bleve
REPO_INDEXER_INCLUDE = {{ gitea_repo_indexer_include }}
REPO_INDEXER_EXCLUDE = {{ gitea_repo_indexer_exclude }}
REPO_INDEXER_EXCLUDE_VENDORED = {{ gitea_repo_exclude_vendored | ternary('true', 'false') }}
MAX_FILE_SIZE = {{ gitea_repo_indexer_max_file_size }}
{{ gitea_indexer_extra_config }}
;
;
; Queue (queue and queue.*)
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#queue-queue-and-queue
[queue.issue_indexer]
DATADIR = {{ gitea_home }}/indexers/issues.queue
{{ gitea_queue_issue_indexer_extra_config }}
;
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#security-security
[security]
INSTALL_LOCK = true
SECRET_KEY = {{ gitea_secret_key }}
DISABLE_GIT_HOOKS = {{ gitea_disable_git_hooks | ternary('true', 'false') }}
DISABLE_WEBHOOKS = {{ gitea_disable_webhooks | ternary('true', 'false') }}
INTERNAL_TOKEN = {{ gitea_internal_token }}
PASSWORD_CHECK_PWN = {{ gitea_password_check_pwn | ternary('true', 'false') }}
{{ gitea_security_extra_config }}
;
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#service-service
[service]
REGISTER_EMAIL_CONFIRM = {{ gitea_register_email_confirm | ternary('true', 'false') }}
DISABLE_REGISTRATION = {{ gitea_disable_registration | ternary('true', 'false') }}
REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin | ternary('true', 'false') }}
ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail | ternary('true', 'false') }}
ENABLE_CAPTCHA = {{ gitea_enable_captcha | ternary('true', 'false') }}
DEFAULT_KEEP_EMAIL_PRIVATE = {{ gitea_default_keep_mail_private | ternary('true', 'false') }}
SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button | ternary('true', 'false') }}
AUTO_WATCH_NEW_REPOS = {{ gitea_auto_watch_new_repos | ternary('true', 'false') }}
ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration | ternary('true', 'false') }}
AUTO_WATCH_ON_CHANGES = {{ gitea_autowatch_on_change | ternary('true', 'false') }}
SHOW_MILESTONES_DASHBOARD_PAGE = {{ gitea_show_milestones_dashboard_page | ternary('true', 'false') }}
REGISTER_MANUAL_CONFIRM = {{ gitea_register_manual_confirm | ternary('true', 'false') }}
DEFAULT_ALLOW_CREATE_ORGANIZATION = {{ gitea_default_allow_create_organization | ternary('true', 'false') }}
DEFAULT_USER_IS_RESTRICTED = {{ gitea_default_user_is_restricted | ternary('true', 'false') }}
{% if gitea_email_domain_allowlist is defined and gitea_email_domain_allowlist | length %}
EMAIL_DOMAIN_ALLOWLIST = {{ gitea_email_domain_allowlist }}
{% endif %}
DEFAULT_USER_VISIBILITY = {{ gitea_default_user_visibility }}
DEFAULT_ORG_VISIBILITY = {{ gitea_default_org_visibility }}
ALLOW_ONLY_INTERNAL_REGISTRATION = {{ gitea_allow_only_internal_registration | ternary('true', 'false') }}
ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_allow_only_external_registration | ternary('true', 'false') }}
{{ gitea_service_extra_config }}
;
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#mailer-mailer
[mailer]
ENABLED = {{ gitea_mailer_enabled | ternary('true', 'false') }}
{% if gitea_mailer_enabled | bool %}
{% if gitea_mailer_use_client_cert | bool %}
CLIENT_CERT_FILE = {{ gitea_mailer_client_cert_file }}
CLIENT_KEY_FILE = {{ gitea_mailer_client_key_file }}
{% endif %}
PROTOCOL = {{ gitea_mailer_protocol }}
SMTP_ADDR = {{ gitea_mailer_smtp_addr }}
SMTP_PORT = {{ gitea_mailer_smtp_port }}
USE_CLIENT_CERT = {{ gitea_mailer_use_client_cert | ternary('true', 'false') }}
FORCE_TRUST_SERVER_CERT = {{ gitea_mailer_force_trust_server_cert | ternary('true', 'false') }}
USER = {{ gitea_mailer_user }}
PASSWD = {{ gitea_mailer_password }}
ENABLE_HELO = {{ gitea_mailer_enable_helo | ternary('true', 'false') }}
FROM = {{ gitea_mailer_from }}
SUBJECT_PREFIX = {{ gitea_subject_prefix }}
SEND_AS_PLAIN_TEXT = {{ gitea_mailer_send_as_plaintext | ternary('true', 'false') }}
{{ gitea_mailer_extra_config }}
;
{% endif %}
;
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#session-session
[session]
PROVIDER = {{ gitea_session_provider }}
PROVIDER_CONFIG = {{ gitea_home }}/data/sessions
{{ gitea_session_extra_config }}
;
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#picture-picture
[picture]
AVATAR_UPLOAD_PATH = {{ gitea_home }}/data/avatars
{{ gitea_picture_extra_config }}
;
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#issue-and-pull-request-attachments-attachment
[attachment]
ENABLED = {{ gitea_attachment_enabled | ternary('true', 'false') }}
ALLOWED_TYPES = {{ gitea_attachment_types }}
MAX_SIZE = {{ gitea_attachment_max_size }}
PATH = {{ gitea_home }}/data/attachments
{{ gitea_attachment_extra_config }}
;
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#log-log
[log]
ROOT_PATH = {{ gitea_home }}/log
{% if gitea_log_systemd %}
MODE = console
{% else %}
MODE = file
{% endif %}
LEVEL = {{ gitea_log_level }}
{{ gitea_log_extra_config }}
;
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#metrics-metrics
[metrics]
ENABLED = {{ gitea_metrics_enabled | ternary('true', 'false') }}
TOKEN = {{ gitea_metrics_token }}
{{ gitea_metrics_extra }}
;
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#oauth2-oauth2
[oauth2]
ENABLE = {{ gitea_oauth2_enabled | ternary('true', 'false') }}
JWT_SECRET = {{ gitea_oauth2_jwt_secret }}
{{ gitea_oauth2_extra_config }}
;
;
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#federation-federation
[federation]
ENABLED = {{ gitea_federation_enabled | ternary('true', 'false') }}
SHARE_USER_STATISTICS = {{ gitea_federation_share_user_stats | ternary('true', 'false') }}
{{ gitea_federation_extra }}
;
;
; Packages (packages)
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#packages-packages
[packages]
ENABLED = {{ gitea_packages_enabled | ternary('true', 'false') }}
{% if gitea_packages_enabled | bool %}
CHUNKED_UPLOAD_PATH = {{ gitea_home }}/data/tmp/package-upload
{{ gitea_packages_extra }}
{% endif %}
;
;
{% if gitea_lfs_server_enabled | bool %}
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#lfs-lfs
[lfs]
STORAGE_TYPE = {{ gitea_lfs_storage_type }}
SERVE_DIRECT = {{ gitea_lfs_serve_direct | ternary('true', 'false') }}
PATH = {{ gitea_lfs_content_path }}
{{ gitea_lfs_extra }}
{% endif %}
;
;
{% if gitea_actions_enabled | bool %}
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#actions-actions
[actions]
ENABLED = {{ gitea_actions_enabled }}
DEFAULT_ACTIONS_URL = {{ gitea_actions_default_actions_url }}
{{ gitea_actions_extra }}
{% endif %}
;
;
; Other (other)
; -> https://docs.gitea.com/next/administration/config-cheat-sheet/#other-other
[other]
SHOW_FOOTER_VERSION = {{ gitea_other_show_footer_version | ternary('true', 'false') }}
SHOW_FOOTER_TEMPLATE_LOAD_TIME = {{ gitea_other_show_footer_template_load_time | ternary('true', 'false') }}
ENABLE_SITEMAP = {{ gitea_other_enable_sitemap | ternary('true', 'false') }}
ENABLE_FEED = {{ gitea_other_enable_feed | ternary('true', 'false') }}
;
;
;
; Optional additional config
{{ gitea_extra_config }}

16
templates/gitea.service.j2 Normal file
View File

@@ -0,0 +1,16 @@
[Unit]
Description={{ gitea_fork }} git server
After=network.target
[Service]
User={{ gitea_user }}
Group={{ gitea_group }}
ExecStart={{ gitea_full_executable_path }} web --config {{ gitea_configuration_path }}/gitea.ini --custom-path {{ gitea_custom }}/ --work-path {{ gitea_home }}
Restart=on-failure
WorkingDirectory={{ gitea_home }}
{% if gitea_systemd_cap_net_bind_service %}
AmbientCapabilities=CAP_NET_BIND_SERVICE
{% endif %}
[Install]
WantedBy=multi-user.target