2018-05-31 13:55:54 -05:00
# Ansible role gitea - Install a gitea server
2019-03-16 06:51:32 -05:00
[![Build Status ](https://travis-ci.org/thomas-maurice/ansible-role-gitea.svg?branch=master )](https://travis-ci.org/thomas-maurice/ansible-role-gitea)
2020-08-01 09:12:55 -05:00
![Ansible Role ](https://img.shields.io/ansible/role/38779 )
![Ansible Role ](https://img.shields.io/ansible/role/d/38779 )
![Ansible Quality Score ](https://img.shields.io/ansible/quality/38779 )
2017-01-10 15:09:34 -06:00
This role installs and manages a [gitea ](https://gitea.io ) server -
[Source code & screenshots ](https://github.com/go-gitea/gitea ).
Gitea is a Golang Git repository webapp, having the same look and feel as GitHub.
2019-04-27 19:00:35 -05:00
## Sample example of use in a playbook
2017-01-10 15:09:34 -06:00
2019-10-01 14:43:54 -05:00
The following code has been tested with Debian 8, it should work on Ubuntu as well.
2017-01-10 15:09:34 -06:00
```yaml
- name: "Install gitea"
hosts: all
vars:
gitea_user: "gitea"
gitea_home: "/var/lib/gitea"
# To limit your users to 30 repos
gitea_user_repo_limit: 30
2019-10-01 14:43:54 -05:00
# Don't use a public CDN for frontend assets
2017-01-10 15:09:34 -06:00
gitea_offline_mode: true
# Some 'rendering' options for your URLs
gitea_http_domain: git.yourdomain.fr
gitea_root_url: https://git.yourdomain.fr
# Here we assume we are behind a reverse proxy that will
# handle https for us, so we bind on localhost:3000 using HTTP
gitea_protocol: http
gitea_http_listen: 127.0.0.1
gitea_http_port: 3000
# SSH server configuration
gitea_ssh_listen: 0.0.0.0
gitea_ssh_port: 2222
# For URLs rendering again
gitea_ssh_domain: git.yourdomain.fr
gitea_start_ssh: true
gitea_secret_key: 3sp00ky5me
gitea_disable_gravatar: true
# To make at least your first user register
gitea_disable_registration: false
gitea_require_signin: true
gitea_enable_captcha: true
gitea_show_user_email: false
roles:
- gitea
```
## More detailed options
2018-05-31 13:55:54 -05:00
### General
2017-01-10 15:09:34 -06:00
2019-04-27 19:00:35 -05:00
* `gitea_version_check` : Check if installed version != `gitea_version` before initiating binary download
2017-01-10 15:09:34 -06:00
* `gitea_user` : UNIX user used by Gitea
* `gitea_home` : Base directory to work
2020-05-17 08:56:23 -05:00
* `gitea_dl_url` : The URL, the compiled gitea-binary will be downloaded from
2020-05-20 07:13:11 -05:00
* `gitea_systemd_cap_net_bind_service` : Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file
2017-01-10 15:09:34 -06:00
### Look and feel
* `gitea_app_name` : Displayed application name
2019-10-01 14:43:54 -05:00
* `gitea_show_user_email` : Do you want to display email addresses ? (true/false)
* `gitea_disable_gravatar` : Do you want to disable Gravatar ? (privacy and so on) (true/false)
* `gitea_offline_mode` : Same but for disabling CDNs for frontend assets (true/false)
* `gitea_disable_registration` : Do you want to disable user registration ? (true/false)
2020-05-09 21:18:59 -05:00
* `gitea_only_allow_external_registration` : Do you want to force registration only using third-party services ? (true/false)
2019-03-10 08:49:39 -05:00
* `gitea_show_registration_button` : Do you want to show the registration button? (true/false)
2019-10-01 14:43:54 -05:00
* `gitea_require_signin` : Do you require a signin to see repo's (even public ones) ? (true/false)
* `gitea_enable_captcha` : Do you want to enable captcha's ? (true/false)
2017-01-10 15:09:34 -06:00
* `gitea_secret_key` : Cookie secret key
2019-03-10 08:49:39 -05:00
* `gitea_internal_token` : Internal API token
2020-05-09 16:01:51 -05:00
* `gitea_themes` : List of enabled themes
* `gitea_theme_default` : Default theme
2017-01-10 15:09:34 -06:00
2018-05-31 13:55:54 -05:00
### Limits
2017-01-10 15:09:34 -06:00
2019-10-01 14:43:54 -05:00
* `gitea_user_repo_limit` : Limit how many repos a user can have (-1 for unlimited)
2017-01-10 15:09:34 -06:00
### HTTP configuration
* `gitea_http_domain` : HTTP domain (displayed in your clone URLs, just the domain like git.foo.fr)
* `gitea_root_url` : Root URL used to access your web app (full URL)
* `gitea_protocol` : Listening protocol (http/https)
* `gitea_http_listen` : Bind address
* `gitea_http_port` : Bind port
* `gitea_disable_http_git` : Disable the use of Git over HTTP ? (true/false)
2018-05-31 13:55:54 -05:00
### SSH configuration
2017-01-10 15:09:34 -06:00
* `gitea_ssh_listen` : Bind address for the SSH server
* `gitea_ssh_domain` : SSH domain (displayed in your clone URLs)
2019-10-01 14:43:54 -05:00
* `gitea_start_ssh` : Do you want to start a built-in SSH server ? (true/false)
2017-01-10 15:09:34 -06:00
* `gitea_ssh_port` : SSH bind port
2017-01-11 01:01:37 -06:00
### Database configuration
* `gitea_db_type` : Database type, can be `mysql` , `postgres` or `sqlite3`
2020-08-29 12:30:12 -05:00
* `gitea_db_host` : Database host string `host:port` or `/run/postgresql/` when connectiong to postgres via local unix socket (peer authentication)
2017-01-11 01:01:37 -06:00
* `gitea_db_name` : Database name
* `gitea_db_user` : Database username
2019-03-08 04:58:14 -06:00
* `gitea_db_password` : Database password
2017-01-11 01:01:37 -06:00
* `gitea_db_ssl` : Use SSL ? (postgres only!). Can be `required` , `disable` , `verify-full`
* `gitea_db_path` : DB path, if you use `sqlite3` . The default is good enough to work though.
2019-03-08 05:35:26 -06:00
### Mailer configuration
2019-10-01 14:43:54 -05:00
* `gitea_mailer_enabled` : Whether to enable the mailer. Default: `false`
2019-03-10 08:49:39 -05:00
* `gitea_mailer_skip_verify` : Skip SMTP TLS certificate verification (true/false)
2019-10-01 14:43:54 -05:00
* `gitea_mailer_tls_enabled` : Enable TLS for SMTP connections (true/false)
2019-03-08 05:35:26 -06:00
* `gitea_mailer_host` : SMTP server hostname and port
2019-06-12 04:39:10 -05:00
* `gitea_mailer_user` : SMTP server username
* `gitea_mailer_password` : SMTP server password
2019-03-08 05:35:26 -06:00
* `gitea_mailer_from` : Sender mail address
2020-07-28 05:22:35 -05:00
* `gitea_enable_notify_mail` : Whether e-mail should be send to watchers of a repository when something happens. Default: `false`
2019-03-08 05:35:26 -06:00
2019-03-08 06:12:16 -06:00
### Fail2Ban configuration
2019-03-09 14:48:15 -06:00
If enabled, this will deploy a fail2ban filter and jail config for Gitea as described in the [Gitea Documentation ](https://docs.gitea.io/en-us/fail2ban-setup/ ).
2019-10-01 14:43:54 -05:00
As this will only deploy config files, fail2ban already has to be installed or otherwise the role will fail.
2019-03-09 14:46:23 -06:00
2019-10-01 14:43:54 -05:00
* `gitea_fail2ban_enabled` : Whether to deploy the fail2ban config or not
2019-03-09 14:46:23 -06:00
* `gitea_fail2ban_jail_maxretry` : fail2ban jail `maxretry` setting. Default: `10`
* `gitea_fail2ban_jail_findtime` : fail2ban jail `findtime` setting. Default: `3600`
* `gitea_fail2ban_jail_bantime` : fail2ban jail `bantime` setting. Default: `900`
* `gitea_fail2ban_jail_action` : fail2ban jail `action` setting. Default: `iptables-allports`
2019-03-08 06:12:16 -06:00
2019-03-10 08:49:39 -05:00
### Oauth2 provider configuration
* `gitea_oauth2_enabled` : Enable the Oauth2 provider (true/false)
2020-04-04 07:06:25 -05:00
* `gitea_oauth2_jwt_secret` : JWT secret, cannot be longer than 32 characters
2019-03-10 08:49:39 -05:00
2019-12-21 06:08:19 -06:00
### Metrics endpoint configuration
* `gitea_metrics_enabled` : Enable the metrics endpoint
* `gitea_metrics_token` : Bearer token for the Prometheus scrape job
2020-06-18 00:41:59 -05:00
### Repository Indexer configuration
* `gitea_repo_indexer_enabled` : Whether to enable the repository indexer (code search). Default: `false`
* `gitea_repo_indexer_include` : Glob patterns to include in the index (comma-separated list). Default: `""` (all files)
* `gitea_repo_indexer_exclude` : Glob patterns to exclude from the index (comma-separated list). Default: `""` (no files)
* `gitea_repo_exclude_vendored` : Exclude vendored files from the index. Default: `true`
* `gitea_repo_indexer_max_file_size` : Maximum size of files to be indexed (in bytes). Default: `1048576` (1 MB)
2017-01-10 15:09:34 -06:00
## Contributing
2019-10-01 14:43:54 -05:00
Don't hesitate to create a pull request, and when in doubt you can reach me on
2017-01-10 15:09:34 -06:00
Twitter [@thomas_maurice ](https://twitter.com/thomas_maurice ).
2019-10-01 14:43:54 -05:00
I'm happy to fix any issue that's been opened, or even better, review your pull requests :)
2017-01-10 15:09:34 -06:00
2019-03-16 06:51:32 -05:00
## Testing
2019-10-01 14:43:54 -05:00
Testing uses [molecule ](https://molecule.readthedocs.io/en/stable-1.22/usage.html ). To start the
tests, install the dependencies first. I would recommend you use [a virtual env ](https://virtualenv.pypa.io/en/latest/ ) for that but who am I to tell you what to do.
2019-03-16 06:51:32 -05:00
```
pip install pew # install pew to manage the venvs
pew new ansible # create the venv
pip install -r requirements-travis.txt # install the requirements
molecule test # Run the actual tests
```
Note: you need Docker installed
### Known testing limitations
2019-10-01 14:43:54 -05:00
Currently it's mainly validating that the playbook runs, the lint is ok, and that kind of things.
Since it runs in Docker, we currently have no way to check if the service is actually launched by systemd
and so on. This has to be worked on.
2019-03-16 06:51:32 -05:00
## License
```
Copyright 2019-present Thomas Maurice
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2019-04-27 19:00:35 -05:00
```