Upgrade/ansible version 2.10 (#84)

* added new vars for lfs remote usage
git lfs can be hosted elsewhere and therefore need some config

* added configuration describtion for lfs vars

* added new vars for notifications

* added describtion for new vars for mail notis

* added gitea_lfs_secret describtion to README

* remove whitespaces and lines

* upgraded minimum ansible version to 2.10

* refactored coansible to use minimum version 2.10

* Cleanup template (#85)

improve template and create loglevel variable

* update requirements for molecule (#78)

* start upgrading requirements

* add some more updated requirements

* add another junk

* add another junk

* update ansible version

* modify backup on upgrade (#81)

* create backup direcotry

create a backup folder and move the gitea backup to backup.yml

* make the backup on update optional

Documentation and introduction of the variable `gitea_backup_on_upgrade: false`

* change become_method to sudo

change become_method to sudo as suggested by @wzzrd. removed become_flags.

* Full path to gitea binary in backup task. thanks to @wzzrd

* update gitea to 1.13.4 (#86)

The current release of gitea is [v1.13.4](https://github.com/go-gitea/gitea/releases/tag/v1.13.4).

The current master of this role is not able to do a version update properly. PLEASE first merge https://github.com/thomas-maurice/ansible-role-gitea/pull/81

* Bump pyyaml from 5.3.1 to 5.4 (#89)

Bumps [pyyaml](https://github.com/yaml/pyyaml) from 5.3.1 to 5.4.
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/master/CHANGES)
- [Commits](https://github.com/yaml/pyyaml/compare/5.3.1...5.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* bump gitea version (#87)

fixes security issues https://github.com/go-gitea/gitea/releases/tag/v1.13.6

* added new vars for lfs remote usage
git lfs can be hosted elsewhere and therefore need some config

added configuration describtion for lfs vars

added new vars for notifications

added describtion for new vars for mail notis

added gitea_lfs_secret describtion to README

remove whitespaces and lines

upgraded minimum ansible version to 2.10

refactored coansible to use minimum version 2.10

Co-authored-by: L3D <l3d@c3woc.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Timmerman <jens.timmerman@gmail.com>

README.md

@@ -123,13 +123,10 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
 * `gitea_mailer_password`: SMTP server password
 * `gitea_mailer_from`: Sender mail address
 * `gitea_enable_notify_mail`:  Whether e-mail should be send to watchers of a repository when something happens. Default: `false`
-
-### LFS configuration
-
-* `gitea_lfs_enabled`: Enable GIT LFS *(git large file storeage: [git-lfs](https://git-lfs.github.com/))*. Default: `false`
-* `gitea_lfs_content_path`: path where the lfs files are stored
-* `gitea_lfs_secret`: JWT secret for remote LFS usage. Can be generated with ``gitea generate secret JWT_SECRET``
-
+* `gitea_mail_default`: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disable  (Default: `onmention` )
+* `gitea_autowatch_new_repo`: Enable this to let all organisation users watch new repos when they are created (Default: `false`)
+* `gitea_autowatch_on_change`: Enable this to make users watch a repository after their first commit to it (Default: `true`)
+* `gitea_show_mailstones_dashboard`: Enable this to show the milestones dashboard page - a view of all the user’s milestones (Default: `true`)
 
 ### Fail2Ban configuration
 
@@ -148,6 +145,10 @@ As this will only deploy config files, fail2ban already has to be installed or o
 * `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false)
 * `gitea_oauth2_jwt_secret`: Oauth2 JWT secret. Can be generated with ``gitea generate secret JWT_SECRET``
 
+### GIT LFS configuration
+* `gitea_lfs_enabled`: Enable GIT LFS (large filesystem)
+* `gitea_lfs_mode`: should lfs be in offline mode (true/false)
+* `gitea_lfs_secret`: JWT secret for remote LFS usage 
 
 ### Metrics endpoint configuration
 

defaults/main.yml

@@ -26,6 +26,9 @@ gitea_offline_mode: true
 gitea_lfs_server_enabled: false
 gitea_lfs_content_path: "{{ gitea_home }}/data/lfs"
 gitea_lfs_jwt_secret: ''
+gitea_lfs_content_path: "data/lfs"
+gitea_lfs_secret: SomethingVeryLong
+gitea_lfs_mode: true
 
 gitea_db_type: sqlite3
 gitea_db_host: 127.0.0.0:3306
@@ -52,6 +55,10 @@ gitea_require_signin: true
 gitea_enable_captcha: true
 gitea_only_allow_external_registration: false
 gitea_enable_notify_mail: false
+gitea_mail_default: onmention
+gitea_autowatch_new_repo: false
+gitea_autowatch_on_change: true
+gitea_show_mailstones_dashboard: true
 
 gitea_force_private: false
 

handlers/main.yml

@@ -1,17 +1,17 @@
 ---
 - name: "Restart gitea"
-  service:
+  ansible.builtin.service:
     name: gitea
     state: restarted
   when: ansible_service_mgr == "systemd"
 
 - name: "Reload systemd"
-  systemd:
+  ansible.builtin.systemd:
     daemon_reload: true
   when: ansible_service_mgr == "systemd"
 
 - name: "Restart fail2ban"
-  service:
+  ansible.builtin.service:
     name: fail2ban
     state: restarted
   when: ansible_service_mgr == "systemd"

meta/main.yml

@@ -2,7 +2,7 @@
 galaxy_info:
   author: Thomas Maurice
   description: Ansible Role - Gitea
-  min_ansible_version: 2.9.8
+  min_ansible_version: 2.10
   license: BSD-3-Clause
   galaxy_tags:
     - git

requirements-travis.txt

@@ -1,10 +1,6 @@
-ansible==2.10.7
-ansible-lint==5.0.0
-anyconfig==0.10.0
-atomicwrites==1.4.0
-attrs==20.3.0
-autopep8==1.5.5
-bcrypt==3.2.0
+ansible==2.10
+ansible-lint==4.2.0
+anyconfig==0.9.7
 arrow==0.15.5
 asn1crypto==0.24.0
 binaryornot==0.4.4

tasks/create_user.yml

@@ -6,7 +6,7 @@
     state: "present"
 
 - name: "Create Gitea user"
-  user:
+  ansible.builtin.user:
     name: "{{ gitea_user }}"
     comment: "Gitea user"
     home: "{{ gitea_home }}"

tasks/fail2ban.yml

@@ -1,6 +1,6 @@
 ---
 - name: Install fail2ban filter
-  template:
+  ansible.builtin.template:
     src: fail2ban/filter.conf.j2
     dest: /etc/fail2ban/filter.d/gitea.conf
     owner: root
@@ -9,7 +9,7 @@
   notify: Restart fail2ban
 
 - name: Install fail2ban jail
-  template:
+  ansible.builtin.template:
     src: fail2ban/jail.conf.j2
     dest: /etc/fail2ban/jail.d/gitea.conf
     owner: root

tasks/install_systemd.yml

@@ -1,6 +1,6 @@
 ---
 - name: "Setup systemd service"
-  template:
+  ansible.builtin.template:
     src: gitea.service.j2
     dest: /lib/systemd/system/gitea.service
     owner: root
@@ -13,5 +13,5 @@
 # systemd to be reloaded the first time because
 #  it is the only way Systemd is going to be aware of the new unit file.
 - name: "Reload systemd"
-  systemd:
+  ansible.builtin.systemd:
     daemon_reload: true

tasks/main.yml

@@ -9,7 +9,7 @@
     - "{{ ansible_os_family | lower }}.yml"
 
 - name: "Check gitea version"
-  shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3"
+  ansible.builtin.shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3"
   args:
     executable: /bin/bash
   register: gitea_active_version
@@ -17,17 +17,21 @@
   failed_when: false
   when: gitea_version_check|bool
 
-- name: backup gitea before update
-  include_tasks: backup.yml
-  when: gitea_backup_on_upgrade|bool
-
-- name: install or update gitea
-  include_tasks: install.yml
+- name: "Download the binary"
+  ansible.builtin.get_url:
+    url: "{{ gitea_dl_url }}"
+    dest: /usr/local/bin/gitea
+    owner: root
+    group: root
+    mode: 0755
+    force: true
+  notify: "Restart gitea"
+  when: (not gitea_version_check|bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version))
 
 - include: create_user.yml
 
-- name: "Create config directory"
-  file:
+- name: "Create config and data directory"
+  ansible.builtin.file:
     path: "{{ item }}"
     state: directory
     owner: "{{ gitea_user }}"
@@ -58,9 +62,13 @@
   when: ansible_service_mgr == "systemd"
 
 - include_tasks: jwt_secrets.yml
+- name: 'Install git'
+  ansible.builtin.package:
+    name: 'git'
+    state: 'present'
 
 - name: "Configure gitea"
-  template:
+  ansible.builtin.template:
     src: gitea.ini.j2
     dest: /etc/gitea/gitea.ini
     owner: "{{ gitea_user }}"
@@ -69,7 +77,7 @@
   notify: "Restart gitea"
 
 - name: "Service gitea"
-  service:
+  ansible.builtin.service:
     name: gitea
     state: started
     enabled: true

templates/gitea.ini.j2

@@ -62,6 +62,11 @@ LFS_CONTENT_PATH = {{ gitea_lfs_content_path }}
 LFS_JWT_SECRET   = {{ gitea_lfs_jwt_secret }}
 {% endif %}
 
+LFS_CONTENT_PATH      = {{ gitea_lfs_content_path }}
+; if the LFS sotre is not offline/local
+LFS_JWT_SECRET       = {{ gitea_lfs_secret }} 
+OFFLINE_MODE         = {{ gitea_lfs_mode }}
+{%- endif %}
 [database]
 ; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
 DB_TYPE  = {{ gitea_db_type }}
@@ -116,9 +121,13 @@ CAPTCHA_TYPE                     = image
 RECAPTCHA_SECRET                 =
 RECAPTCHA_SITEKEY                =
 ; Show Registration button
-SHOW_REGISTRATION_BUTTON         = {{ gitea_show_registration_button | ternary('true', 'false') }}
-ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration | ternary('true', 'false') }}
-ENABLE_NOTIFY_MAIL               = {{ gitea_enable_notify_mail | ternary('true', 'false') }}
+SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button }}
+ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration }}
+ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail }}
+DEFAULT_EMAIL_NOTIFICATIONS       = {{ gitea_mail_default }} 
+AUTO_WATCH_NEW_REPOS              = {{ gitea_autowatch_new_repo }} 
+AUTO_WATCH_ON_CHANGES             = {{ gitea_autowatch_on_change }} 
+SHOW_MILESTONES_DASHBOARD_PAGE    = {{ gitea_show_mailstones_dashboard }} 
 
 [mailer]
 ENABLED            = {{ gitea_mailer_enabled | ternary('true', 'false') }}