Upgrade/ansible version 2.10 (#84)

* added new vars for lfs remote usage
git lfs can be hosted elsewhere and therefore need some config

* added configuration describtion for lfs vars

* added new vars for notifications

* added describtion for new vars for mail notis

* added gitea_lfs_secret describtion to README

* remove whitespaces and lines

* upgraded minimum ansible version to 2.10

* refactored coansible to use minimum version 2.10

* Cleanup template (#85)

improve template and create loglevel variable

* update requirements for molecule (#78)

* start upgrading requirements

* add some more updated requirements

* add another junk

* add another junk

* update ansible version

* modify backup on upgrade (#81)

* create backup direcotry

create a backup folder and move the gitea backup to backup.yml

* make the backup on update optional

Documentation and introduction of the variable `gitea_backup_on_upgrade: false`

* change become_method to sudo

change become_method to sudo as suggested by @wzzrd. removed become_flags.

* Full path to gitea binary in backup task. thanks to @wzzrd

* update gitea to 1.13.4 (#86)

The current release of gitea is [v1.13.4](https://github.com/go-gitea/gitea/releases/tag/v1.13.4).

The current master of this role is not able to do a version update properly. PLEASE first merge https://github.com/thomas-maurice/ansible-role-gitea/pull/81

* Bump pyyaml from 5.3.1 to 5.4 (#89)

Bumps [pyyaml](https://github.com/yaml/pyyaml) from 5.3.1 to 5.4.
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/master/CHANGES)
- [Commits](https://github.com/yaml/pyyaml/compare/5.3.1...5.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* bump gitea version (#87)

fixes security issues https://github.com/go-gitea/gitea/releases/tag/v1.13.6

* added new vars for lfs remote usage
git lfs can be hosted elsewhere and therefore need some config

added configuration describtion for lfs vars

added new vars for notifications

added describtion for new vars for mail notis

added gitea_lfs_secret describtion to README

remove whitespaces and lines

upgraded minimum ansible version to 2.10

refactored coansible to use minimum version 2.10

Co-authored-by: L3D <l3d@c3woc.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Timmerman <jens.timmerman@gmail.com>
This commit is contained in:
Anton 2021-04-10 19:07:02 +02:00 committed by GitHub
parent b04f4ca1dd
commit 4dfd303061
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 58 additions and 37 deletions

View file

@ -123,13 +123,10 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
* `gitea_mailer_password`: SMTP server password * `gitea_mailer_password`: SMTP server password
* `gitea_mailer_from`: Sender mail address * `gitea_mailer_from`: Sender mail address
* `gitea_enable_notify_mail`: Whether e-mail should be send to watchers of a repository when something happens. Default: `false` * `gitea_enable_notify_mail`: Whether e-mail should be send to watchers of a repository when something happens. Default: `false`
* `gitea_mail_default`: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disable (Default: `onmention` )
### LFS configuration * `gitea_autowatch_new_repo`: Enable this to let all organisation users watch new repos when they are created (Default: `false`)
* `gitea_autowatch_on_change`: Enable this to make users watch a repository after their first commit to it (Default: `true`)
* `gitea_lfs_enabled`: Enable GIT LFS *(git large file storeage: [git-lfs](https://git-lfs.github.com/))*. Default: `false` * `gitea_show_mailstones_dashboard`: Enable this to show the milestones dashboard page - a view of all the users milestones (Default: `true`)
* `gitea_lfs_content_path`: path where the lfs files are stored
* `gitea_lfs_secret`: JWT secret for remote LFS usage. Can be generated with ``gitea generate secret JWT_SECRET``
### Fail2Ban configuration ### Fail2Ban configuration
@ -148,6 +145,10 @@ As this will only deploy config files, fail2ban already has to be installed or o
* `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false) * `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false)
* `gitea_oauth2_jwt_secret`: Oauth2 JWT secret. Can be generated with ``gitea generate secret JWT_SECRET`` * `gitea_oauth2_jwt_secret`: Oauth2 JWT secret. Can be generated with ``gitea generate secret JWT_SECRET``
### GIT LFS configuration
* `gitea_lfs_enabled`: Enable GIT LFS (large filesystem)
* `gitea_lfs_mode`: should lfs be in offline mode (true/false)
* `gitea_lfs_secret`: JWT secret for remote LFS usage
### Metrics endpoint configuration ### Metrics endpoint configuration

View file

@ -26,6 +26,9 @@ gitea_offline_mode: true
gitea_lfs_server_enabled: false gitea_lfs_server_enabled: false
gitea_lfs_content_path: "{{ gitea_home }}/data/lfs" gitea_lfs_content_path: "{{ gitea_home }}/data/lfs"
gitea_lfs_jwt_secret: '' gitea_lfs_jwt_secret: ''
gitea_lfs_content_path: "data/lfs"
gitea_lfs_secret: SomethingVeryLong
gitea_lfs_mode: true
gitea_db_type: sqlite3 gitea_db_type: sqlite3
gitea_db_host: 127.0.0.0:3306 gitea_db_host: 127.0.0.0:3306
@ -52,6 +55,10 @@ gitea_require_signin: true
gitea_enable_captcha: true gitea_enable_captcha: true
gitea_only_allow_external_registration: false gitea_only_allow_external_registration: false
gitea_enable_notify_mail: false gitea_enable_notify_mail: false
gitea_mail_default: onmention
gitea_autowatch_new_repo: false
gitea_autowatch_on_change: true
gitea_show_mailstones_dashboard: true
gitea_force_private: false gitea_force_private: false

View file

@ -1,17 +1,17 @@
--- ---
- name: "Restart gitea" - name: "Restart gitea"
service: ansible.builtin.service:
name: gitea name: gitea
state: restarted state: restarted
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd"
- name: "Reload systemd" - name: "Reload systemd"
systemd: ansible.builtin.systemd:
daemon_reload: true daemon_reload: true
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd"
- name: "Restart fail2ban" - name: "Restart fail2ban"
service: ansible.builtin.service:
name: fail2ban name: fail2ban
state: restarted state: restarted
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd"

View file

@ -2,7 +2,7 @@
galaxy_info: galaxy_info:
author: Thomas Maurice author: Thomas Maurice
description: Ansible Role - Gitea description: Ansible Role - Gitea
min_ansible_version: 2.9.8 min_ansible_version: 2.10
license: BSD-3-Clause license: BSD-3-Clause
galaxy_tags: galaxy_tags:
- git - git

View file

@ -1,10 +1,6 @@
ansible==2.10.7 ansible==2.10
ansible-lint==5.0.0 ansible-lint==4.2.0
anyconfig==0.10.0 anyconfig==0.9.7
atomicwrites==1.4.0
attrs==20.3.0
autopep8==1.5.5
bcrypt==3.2.0
arrow==0.15.5 arrow==0.15.5
asn1crypto==0.24.0 asn1crypto==0.24.0
binaryornot==0.4.4 binaryornot==0.4.4

View file

@ -6,7 +6,7 @@
state: "present" state: "present"
- name: "Create Gitea user" - name: "Create Gitea user"
user: ansible.builtin.user:
name: "{{ gitea_user }}" name: "{{ gitea_user }}"
comment: "Gitea user" comment: "Gitea user"
home: "{{ gitea_home }}" home: "{{ gitea_home }}"

View file

@ -1,6 +1,6 @@
--- ---
- name: Install fail2ban filter - name: Install fail2ban filter
template: ansible.builtin.template:
src: fail2ban/filter.conf.j2 src: fail2ban/filter.conf.j2
dest: /etc/fail2ban/filter.d/gitea.conf dest: /etc/fail2ban/filter.d/gitea.conf
owner: root owner: root
@ -9,7 +9,7 @@
notify: Restart fail2ban notify: Restart fail2ban
- name: Install fail2ban jail - name: Install fail2ban jail
template: ansible.builtin.template:
src: fail2ban/jail.conf.j2 src: fail2ban/jail.conf.j2
dest: /etc/fail2ban/jail.d/gitea.conf dest: /etc/fail2ban/jail.d/gitea.conf
owner: root owner: root

View file

@ -1,6 +1,6 @@
--- ---
- name: "Setup systemd service" - name: "Setup systemd service"
template: ansible.builtin.template:
src: gitea.service.j2 src: gitea.service.j2
dest: /lib/systemd/system/gitea.service dest: /lib/systemd/system/gitea.service
owner: root owner: root
@ -13,5 +13,5 @@
# systemd to be reloaded the first time because # systemd to be reloaded the first time because
# it is the only way Systemd is going to be aware of the new unit file. # it is the only way Systemd is going to be aware of the new unit file.
- name: "Reload systemd" - name: "Reload systemd"
systemd: ansible.builtin.systemd:
daemon_reload: true daemon_reload: true

View file

@ -9,7 +9,7 @@
- "{{ ansible_os_family | lower }}.yml" - "{{ ansible_os_family | lower }}.yml"
- name: "Check gitea version" - name: "Check gitea version"
shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3" ansible.builtin.shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3"
args: args:
executable: /bin/bash executable: /bin/bash
register: gitea_active_version register: gitea_active_version
@ -17,17 +17,21 @@
failed_when: false failed_when: false
when: gitea_version_check|bool when: gitea_version_check|bool
- name: backup gitea before update - name: "Download the binary"
include_tasks: backup.yml ansible.builtin.get_url:
when: gitea_backup_on_upgrade|bool url: "{{ gitea_dl_url }}"
dest: /usr/local/bin/gitea
- name: install or update gitea owner: root
include_tasks: install.yml group: root
mode: 0755
force: true
notify: "Restart gitea"
when: (not gitea_version_check|bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version))
- include: create_user.yml - include: create_user.yml
- name: "Create config directory" - name: "Create config and data directory"
file: ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
owner: "{{ gitea_user }}" owner: "{{ gitea_user }}"
@ -58,9 +62,13 @@
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd"
- include_tasks: jwt_secrets.yml - include_tasks: jwt_secrets.yml
- name: 'Install git'
ansible.builtin.package:
name: 'git'
state: 'present'
- name: "Configure gitea" - name: "Configure gitea"
template: ansible.builtin.template:
src: gitea.ini.j2 src: gitea.ini.j2
dest: /etc/gitea/gitea.ini dest: /etc/gitea/gitea.ini
owner: "{{ gitea_user }}" owner: "{{ gitea_user }}"
@ -69,7 +77,7 @@
notify: "Restart gitea" notify: "Restart gitea"
- name: "Service gitea" - name: "Service gitea"
service: ansible.builtin.service:
name: gitea name: gitea
state: started state: started
enabled: true enabled: true

View file

@ -62,6 +62,11 @@ LFS_CONTENT_PATH = {{ gitea_lfs_content_path }}
LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }} LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
{% endif %} {% endif %}
LFS_CONTENT_PATH = {{ gitea_lfs_content_path }}
; if the LFS sotre is not offline/local
LFS_JWT_SECRET = {{ gitea_lfs_secret }}
OFFLINE_MODE = {{ gitea_lfs_mode }}
{%- endif %}
[database] [database]
; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice ; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
DB_TYPE = {{ gitea_db_type }} DB_TYPE = {{ gitea_db_type }}
@ -116,9 +121,13 @@ CAPTCHA_TYPE = image
RECAPTCHA_SECRET = RECAPTCHA_SECRET =
RECAPTCHA_SITEKEY = RECAPTCHA_SITEKEY =
; Show Registration button ; Show Registration button
SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button | ternary('true', 'false') }} SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button }}
ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration | ternary('true', 'false') }} ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration }}
ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail | ternary('true', 'false') }} ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail }}
DEFAULT_EMAIL_NOTIFICATIONS = {{ gitea_mail_default }}
AUTO_WATCH_NEW_REPOS = {{ gitea_autowatch_new_repo }}
AUTO_WATCH_ON_CHANGES = {{ gitea_autowatch_on_change }}
SHOW_MILESTONES_DASHBOARD_PAGE = {{ gitea_show_mailstones_dashboard }}
[mailer] [mailer]
ENABLED = {{ gitea_mailer_enabled | ternary('true', 'false') }} ENABLED = {{ gitea_mailer_enabled | ternary('true', 'false') }}