Upgrade/ansible version 2.10 (#84)
* added new vars for lfs remote usage git lfs can be hosted elsewhere and therefore need some config * added configuration describtion for lfs vars * added new vars for notifications * added describtion for new vars for mail notis * added gitea_lfs_secret describtion to README * remove whitespaces and lines * upgraded minimum ansible version to 2.10 * refactored coansible to use minimum version 2.10 * Cleanup template (#85) improve template and create loglevel variable * update requirements for molecule (#78) * start upgrading requirements * add some more updated requirements * add another junk * add another junk * update ansible version * modify backup on upgrade (#81) * create backup direcotry create a backup folder and move the gitea backup to backup.yml * make the backup on update optional Documentation and introduction of the variable `gitea_backup_on_upgrade: false` * change become_method to sudo change become_method to sudo as suggested by @wzzrd. removed become_flags. * Full path to gitea binary in backup task. thanks to @wzzrd * update gitea to 1.13.4 (#86) The current release of gitea is [v1.13.4](https://github.com/go-gitea/gitea/releases/tag/v1.13.4). The current master of this role is not able to do a version update properly. PLEASE first merge https://github.com/thomas-maurice/ansible-role-gitea/pull/81 * Bump pyyaml from 5.3.1 to 5.4 (#89) Bumps [pyyaml](https://github.com/yaml/pyyaml) from 5.3.1 to 5.4. - [Release notes](https://github.com/yaml/pyyaml/releases) - [Changelog](https://github.com/yaml/pyyaml/blob/master/CHANGES) - [Commits](https://github.com/yaml/pyyaml/compare/5.3.1...5.4) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * bump gitea version (#87) fixes security issues https://github.com/go-gitea/gitea/releases/tag/v1.13.6 * added new vars for lfs remote usage git lfs can be hosted elsewhere and therefore need some config added configuration describtion for lfs vars added new vars for notifications added describtion for new vars for mail notis added gitea_lfs_secret describtion to README remove whitespaces and lines upgraded minimum ansible version to 2.10 refactored coansible to use minimum version 2.10 Co-authored-by: L3D <l3d@c3woc.de> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Timmerman <jens.timmerman@gmail.com>
This commit is contained in:
parent
b04f4ca1dd
commit
4dfd303061
10 changed files with 58 additions and 37 deletions
15
README.md
15
README.md
|
@ -123,13 +123,10 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
|
||||||
* `gitea_mailer_password`: SMTP server password
|
* `gitea_mailer_password`: SMTP server password
|
||||||
* `gitea_mailer_from`: Sender mail address
|
* `gitea_mailer_from`: Sender mail address
|
||||||
* `gitea_enable_notify_mail`: Whether e-mail should be send to watchers of a repository when something happens. Default: `false`
|
* `gitea_enable_notify_mail`: Whether e-mail should be send to watchers of a repository when something happens. Default: `false`
|
||||||
|
* `gitea_mail_default`: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disable (Default: `onmention` )
|
||||||
### LFS configuration
|
* `gitea_autowatch_new_repo`: Enable this to let all organisation users watch new repos when they are created (Default: `false`)
|
||||||
|
* `gitea_autowatch_on_change`: Enable this to make users watch a repository after their first commit to it (Default: `true`)
|
||||||
* `gitea_lfs_enabled`: Enable GIT LFS *(git large file storeage: [git-lfs](https://git-lfs.github.com/))*. Default: `false`
|
* `gitea_show_mailstones_dashboard`: Enable this to show the milestones dashboard page - a view of all the user’s milestones (Default: `true`)
|
||||||
* `gitea_lfs_content_path`: path where the lfs files are stored
|
|
||||||
* `gitea_lfs_secret`: JWT secret for remote LFS usage. Can be generated with ``gitea generate secret JWT_SECRET``
|
|
||||||
|
|
||||||
|
|
||||||
### Fail2Ban configuration
|
### Fail2Ban configuration
|
||||||
|
|
||||||
|
@ -148,6 +145,10 @@ As this will only deploy config files, fail2ban already has to be installed or o
|
||||||
* `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false)
|
* `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false)
|
||||||
* `gitea_oauth2_jwt_secret`: Oauth2 JWT secret. Can be generated with ``gitea generate secret JWT_SECRET``
|
* `gitea_oauth2_jwt_secret`: Oauth2 JWT secret. Can be generated with ``gitea generate secret JWT_SECRET``
|
||||||
|
|
||||||
|
### GIT LFS configuration
|
||||||
|
* `gitea_lfs_enabled`: Enable GIT LFS (large filesystem)
|
||||||
|
* `gitea_lfs_mode`: should lfs be in offline mode (true/false)
|
||||||
|
* `gitea_lfs_secret`: JWT secret for remote LFS usage
|
||||||
|
|
||||||
### Metrics endpoint configuration
|
### Metrics endpoint configuration
|
||||||
|
|
||||||
|
|
|
@ -26,6 +26,9 @@ gitea_offline_mode: true
|
||||||
gitea_lfs_server_enabled: false
|
gitea_lfs_server_enabled: false
|
||||||
gitea_lfs_content_path: "{{ gitea_home }}/data/lfs"
|
gitea_lfs_content_path: "{{ gitea_home }}/data/lfs"
|
||||||
gitea_lfs_jwt_secret: ''
|
gitea_lfs_jwt_secret: ''
|
||||||
|
gitea_lfs_content_path: "data/lfs"
|
||||||
|
gitea_lfs_secret: SomethingVeryLong
|
||||||
|
gitea_lfs_mode: true
|
||||||
|
|
||||||
gitea_db_type: sqlite3
|
gitea_db_type: sqlite3
|
||||||
gitea_db_host: 127.0.0.0:3306
|
gitea_db_host: 127.0.0.0:3306
|
||||||
|
@ -52,6 +55,10 @@ gitea_require_signin: true
|
||||||
gitea_enable_captcha: true
|
gitea_enable_captcha: true
|
||||||
gitea_only_allow_external_registration: false
|
gitea_only_allow_external_registration: false
|
||||||
gitea_enable_notify_mail: false
|
gitea_enable_notify_mail: false
|
||||||
|
gitea_mail_default: onmention
|
||||||
|
gitea_autowatch_new_repo: false
|
||||||
|
gitea_autowatch_on_change: true
|
||||||
|
gitea_show_mailstones_dashboard: true
|
||||||
|
|
||||||
gitea_force_private: false
|
gitea_force_private: false
|
||||||
|
|
||||||
|
|
|
@ -1,17 +1,17 @@
|
||||||
---
|
---
|
||||||
- name: "Restart gitea"
|
- name: "Restart gitea"
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: gitea
|
name: gitea
|
||||||
state: restarted
|
state: restarted
|
||||||
when: ansible_service_mgr == "systemd"
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
- name: "Reload systemd"
|
- name: "Reload systemd"
|
||||||
systemd:
|
ansible.builtin.systemd:
|
||||||
daemon_reload: true
|
daemon_reload: true
|
||||||
when: ansible_service_mgr == "systemd"
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
- name: "Restart fail2ban"
|
- name: "Restart fail2ban"
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: fail2ban
|
name: fail2ban
|
||||||
state: restarted
|
state: restarted
|
||||||
when: ansible_service_mgr == "systemd"
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: Thomas Maurice
|
author: Thomas Maurice
|
||||||
description: Ansible Role - Gitea
|
description: Ansible Role - Gitea
|
||||||
min_ansible_version: 2.9.8
|
min_ansible_version: 2.10
|
||||||
license: BSD-3-Clause
|
license: BSD-3-Clause
|
||||||
galaxy_tags:
|
galaxy_tags:
|
||||||
- git
|
- git
|
||||||
|
|
|
@ -1,10 +1,6 @@
|
||||||
ansible==2.10.7
|
ansible==2.10
|
||||||
ansible-lint==5.0.0
|
ansible-lint==4.2.0
|
||||||
anyconfig==0.10.0
|
anyconfig==0.9.7
|
||||||
atomicwrites==1.4.0
|
|
||||||
attrs==20.3.0
|
|
||||||
autopep8==1.5.5
|
|
||||||
bcrypt==3.2.0
|
|
||||||
arrow==0.15.5
|
arrow==0.15.5
|
||||||
asn1crypto==0.24.0
|
asn1crypto==0.24.0
|
||||||
binaryornot==0.4.4
|
binaryornot==0.4.4
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
state: "present"
|
state: "present"
|
||||||
|
|
||||||
- name: "Create Gitea user"
|
- name: "Create Gitea user"
|
||||||
user:
|
ansible.builtin.user:
|
||||||
name: "{{ gitea_user }}"
|
name: "{{ gitea_user }}"
|
||||||
comment: "Gitea user"
|
comment: "Gitea user"
|
||||||
home: "{{ gitea_home }}"
|
home: "{{ gitea_home }}"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: Install fail2ban filter
|
- name: Install fail2ban filter
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: fail2ban/filter.conf.j2
|
src: fail2ban/filter.conf.j2
|
||||||
dest: /etc/fail2ban/filter.d/gitea.conf
|
dest: /etc/fail2ban/filter.d/gitea.conf
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
notify: Restart fail2ban
|
notify: Restart fail2ban
|
||||||
|
|
||||||
- name: Install fail2ban jail
|
- name: Install fail2ban jail
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: fail2ban/jail.conf.j2
|
src: fail2ban/jail.conf.j2
|
||||||
dest: /etc/fail2ban/jail.d/gitea.conf
|
dest: /etc/fail2ban/jail.d/gitea.conf
|
||||||
owner: root
|
owner: root
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Setup systemd service"
|
- name: "Setup systemd service"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: gitea.service.j2
|
src: gitea.service.j2
|
||||||
dest: /lib/systemd/system/gitea.service
|
dest: /lib/systemd/system/gitea.service
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -13,5 +13,5 @@
|
||||||
# systemd to be reloaded the first time because
|
# systemd to be reloaded the first time because
|
||||||
# it is the only way Systemd is going to be aware of the new unit file.
|
# it is the only way Systemd is going to be aware of the new unit file.
|
||||||
- name: "Reload systemd"
|
- name: "Reload systemd"
|
||||||
systemd:
|
ansible.builtin.systemd:
|
||||||
daemon_reload: true
|
daemon_reload: true
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
- "{{ ansible_os_family | lower }}.yml"
|
- "{{ ansible_os_family | lower }}.yml"
|
||||||
|
|
||||||
- name: "Check gitea version"
|
- name: "Check gitea version"
|
||||||
shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3"
|
ansible.builtin.shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3"
|
||||||
args:
|
args:
|
||||||
executable: /bin/bash
|
executable: /bin/bash
|
||||||
register: gitea_active_version
|
register: gitea_active_version
|
||||||
|
@ -17,17 +17,21 @@
|
||||||
failed_when: false
|
failed_when: false
|
||||||
when: gitea_version_check|bool
|
when: gitea_version_check|bool
|
||||||
|
|
||||||
- name: backup gitea before update
|
- name: "Download the binary"
|
||||||
include_tasks: backup.yml
|
ansible.builtin.get_url:
|
||||||
when: gitea_backup_on_upgrade|bool
|
url: "{{ gitea_dl_url }}"
|
||||||
|
dest: /usr/local/bin/gitea
|
||||||
- name: install or update gitea
|
owner: root
|
||||||
include_tasks: install.yml
|
group: root
|
||||||
|
mode: 0755
|
||||||
|
force: true
|
||||||
|
notify: "Restart gitea"
|
||||||
|
when: (not gitea_version_check|bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version))
|
||||||
|
|
||||||
- include: create_user.yml
|
- include: create_user.yml
|
||||||
|
|
||||||
- name: "Create config directory"
|
- name: "Create config and data directory"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ gitea_user }}"
|
owner: "{{ gitea_user }}"
|
||||||
|
@ -58,9 +62,13 @@
|
||||||
when: ansible_service_mgr == "systemd"
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
- include_tasks: jwt_secrets.yml
|
- include_tasks: jwt_secrets.yml
|
||||||
|
- name: 'Install git'
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: 'git'
|
||||||
|
state: 'present'
|
||||||
|
|
||||||
- name: "Configure gitea"
|
- name: "Configure gitea"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: gitea.ini.j2
|
src: gitea.ini.j2
|
||||||
dest: /etc/gitea/gitea.ini
|
dest: /etc/gitea/gitea.ini
|
||||||
owner: "{{ gitea_user }}"
|
owner: "{{ gitea_user }}"
|
||||||
|
@ -69,7 +77,7 @@
|
||||||
notify: "Restart gitea"
|
notify: "Restart gitea"
|
||||||
|
|
||||||
- name: "Service gitea"
|
- name: "Service gitea"
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: gitea
|
name: gitea
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
|
@ -62,6 +62,11 @@ LFS_CONTENT_PATH = {{ gitea_lfs_content_path }}
|
||||||
LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
|
LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
LFS_CONTENT_PATH = {{ gitea_lfs_content_path }}
|
||||||
|
; if the LFS sotre is not offline/local
|
||||||
|
LFS_JWT_SECRET = {{ gitea_lfs_secret }}
|
||||||
|
OFFLINE_MODE = {{ gitea_lfs_mode }}
|
||||||
|
{%- endif %}
|
||||||
[database]
|
[database]
|
||||||
; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
|
; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
|
||||||
DB_TYPE = {{ gitea_db_type }}
|
DB_TYPE = {{ gitea_db_type }}
|
||||||
|
@ -116,9 +121,13 @@ CAPTCHA_TYPE = image
|
||||||
RECAPTCHA_SECRET =
|
RECAPTCHA_SECRET =
|
||||||
RECAPTCHA_SITEKEY =
|
RECAPTCHA_SITEKEY =
|
||||||
; Show Registration button
|
; Show Registration button
|
||||||
SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button | ternary('true', 'false') }}
|
SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button }}
|
||||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration | ternary('true', 'false') }}
|
ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration }}
|
||||||
ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail | ternary('true', 'false') }}
|
ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail }}
|
||||||
|
DEFAULT_EMAIL_NOTIFICATIONS = {{ gitea_mail_default }}
|
||||||
|
AUTO_WATCH_NEW_REPOS = {{ gitea_autowatch_new_repo }}
|
||||||
|
AUTO_WATCH_ON_CHANGES = {{ gitea_autowatch_on_change }}
|
||||||
|
SHOW_MILESTONES_DASHBOARD_PAGE = {{ gitea_show_mailstones_dashboard }}
|
||||||
|
|
||||||
[mailer]
|
[mailer]
|
||||||
ENABLED = {{ gitea_mailer_enabled | ternary('true', 'false') }}
|
ENABLED = {{ gitea_mailer_enabled | ternary('true', 'false') }}
|
||||||
|
|
Loading…
Reference in a new issue