From 56375819a72573c7fcdbc8e62ed0b674e6b7892b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Finw=C3=AB?= Date: Fri, 12 Feb 2021 18:56:31 +0100 Subject: [PATCH] Improve ARM Support (#74) * Gitea user should be a system user * Improve installation system * Download archive instead of binary * Add checksum validation * Add GPG check * Add backup process before upgrading * Improve ARM support * Improve support for Vault Encrypted JWT tokens * Fix spacing in gitea configuration template When Gitea rewrite the configuration file (e.g.: the JWT token is not set or doesn't fit their criteria), it'll align space on a per-section basis in the .ini file. If the template is not properly spaced, at the next Ansible run, you'll have an enormous diff, hidding what the real changes are. * add proper redhat/debian deps for molecule testing * Gitea group should be a system group * fix linting for CI * Update CI and meta information for up-to-date tests and distros * molecule: fix typo for redhat packages * fix typo * bump gitea version to 1.13.1 * Use Ubuntu keyservers to play nicely with everyone * Update minimum required ansible version to 2.9.8 This is required for Ubuntu Focal, which comes with systemd >= 245 The Get Facts modules doesn't work well with it before the bugfix introduced in 2.9.8 * Replace yes by True to please the linting * Truthy values needs to be lower-case * bump gitea version to 1.13.2 * perform gitea dump as gitea user * need to set become to yes * autogenerate JWT_SECRETS (#77) * autogenerate JWT_SECRETS Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined. In my opinion a much better idea than writing a value in the default config. The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit. * drop ansible.builtin. syntax * Update file permissions for "{{ gitea_home }}" (#75) The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files. This should be done better. And I have done here now. By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me ``` find . -type f -exec chmod a-x {} \+; find . -type f -exec chmod u=rwX {} \+; ``` * Bump cryptography from 3.2 to 3.3.2 (#79) Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Gitea user should be a system user * Improve installation system * Download archive instead of binary * Add checksum validation * Add GPG check * Add backup process before upgrading * Improve ARM support * Fix spacing in gitea configuration template When Gitea rewrite the configuration file (e.g.: the JWT token is not set or doesn't fit their criteria), it'll align space on a per-section basis in the .ini file. If the template is not properly spaced, at the next Ansible run, you'll have an enormous diff, hidding what the real changes are. * add proper redhat/debian deps for molecule testing * Gitea group should be a system group * fix linting for CI * Update CI and meta information for up-to-date tests and distros * molecule: fix typo for redhat packages * fix typo * bump gitea version to 1.13.1 * Use Ubuntu keyservers to play nicely with everyone * Update minimum required ansible version to 2.9.8 This is required for Ubuntu Focal, which comes with systemd >= 245 The Get Facts modules doesn't work well with it before the bugfix introduced in 2.9.8 * Replace yes by True to please the linting * Truthy values needs to be lower-case * bump gitea version to 1.13.2 * perform gitea dump as gitea user * need to set become to yes * check-variables.yml doesn't exists anymore Co-authored-by: L3D Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .travis.yml | 3 +- defaults/main.yml | 4 +- meta/main.yml | 15 ++-- molecule/default/prepare.yml | 13 ++- requirements-travis.txt | 2 +- tasks/create_user.yml | 4 +- tasks/install.yml | 93 ++++++++++++++++++++ tasks/main.yml | 25 +++--- templates/gitea.ini.j2 | 165 +++++++++++++++++------------------ vars/debian.yml | 5 ++ vars/main.yml | 10 ++- vars/redhat.yml | 5 ++ 12 files changed, 231 insertions(+), 113 deletions(-) create mode 100644 tasks/install.yml create mode 100644 vars/debian.yml create mode 100644 vars/redhat.yml diff --git a/.travis.yml b/.travis.yml index 524837b..62da97c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,11 +7,12 @@ env: matrix: - MOLECULE_DISTRO: centos8 - MOLECULE_DISTRO: centos7 + - MOLECULE_DISTRO: ubuntu2004 - MOLECULE_DISTRO: ubuntu1804 - MOLECULE_DISTRO: ubuntu1604 - MOLECULE_DISTRO: debian10 - MOLECULE_DISTRO: debian9 - - MOLECULE_DISTRO: fedora31 + - MOLECULE_DISTRO: fedora33 services: - docker diff --git a/defaults/main.yml b/defaults/main.yml index 65dccae..4ae6768 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,7 +1,9 @@ --- -gitea_version: "1.13.0" +gitea_version: "1.13.2" gitea_version_check: true gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}" +gitea_gpg_key: "7C9E68152594688862D62AF62D9AE806EC1592E2" +gitea_gpg_server: "hkp://keyserver.ubuntu.com:80" gitea_app_name: "Gitea" gitea_user: "gitea" diff --git a/meta/main.yml b/meta/main.yml index 27b7884..827fab6 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -2,7 +2,7 @@ galaxy_info: author: Thomas Maurice description: Ansible Role - Gitea - min_ansible_version: 2.7.9 + min_ansible_version: 2.9.8 license: BSD-3-Clause galaxy_tags: - git @@ -16,12 +16,17 @@ galaxy_info: platforms: - name: Debian versions: - - jessie - stretch - - name: EL - versions: - - 7 + - buster - name: Ubuntu versions: - xenial - bionic + - focal + - name: CentOS + versions: + - 7 + - 8 + - name: Fedora + versions: + - 33 diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 54efeee..4c3c05a 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -1,22 +1,27 @@ --- -- name: Perpare +- name: Prepare hosts: all become: true tasks: - name: install dependencies for gitea (RedHat based systems) yum: - name: "{{ packages }}" + name: "{{ redhat_packages }}" state: present update_cache: true when: ansible_os_family == "RedHat" - name: install dependencies for gitea (Debian based systems) apt: - name: "{{ packages }}" + name: "{{ debian_packages }}" state: present update_cache: true when: ansible_os_family == "Debian" vars: - packages: + debian_packages: - git - curl + - xz-utils + redhat_packages: + - git + - curl + - xz diff --git a/requirements-travis.txt b/requirements-travis.txt index 35ff381..17274d0 100644 --- a/requirements-travis.txt +++ b/requirements-travis.txt @@ -1,4 +1,4 @@ -ansible==2.9.6 +ansible==2.9.8 ansible-lint==4.2.0 anyconfig==0.9.7 arrow==0.15.5 diff --git a/tasks/create_user.yml b/tasks/create_user.yml index fd3278a..50d308a 100644 --- a/tasks/create_user.yml +++ b/tasks/create_user.yml @@ -2,7 +2,8 @@ - name: "Create Gitea Group" group: name: "{{ gitea_group }}" - state: present + system: true + state: "present" - name: "Create Gitea user" user: @@ -10,3 +11,4 @@ comment: "Gitea user" home: "{{ gitea_home }}" shell: "{{ gitea_shell }}" + system: true diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 0000000..2f4f143 --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,93 @@ +--- +- block: + - name: Update apt cache + apt: + cache_valid_time: 3600 + update_cache: true + register: _pre_update_apt_cache + until: _pre_update_apt_cache is succeeded + when: + - ansible_pkg_mgr == "apt" + + - name: Install dependencies + package: + name: "{{ gitea_dependencies }}" + state: present + register: _install_dep_packages + until: _install_dep_packages is succeeded + retries: 5 + delay: 2 + +- name: Get service facts + service_facts: + +- block: + - name: Stopping gitea before upgrade + service: + name: gitea + state: stopped + + - name: Backing up gitea before upgrade + command: + cmd: "gitea dump -c /etc/gitea/gitea.ini" + chdir: /var/backups/ + become: true + become_method: su + become_user: "{{ gitea_user }}" + become_flags: "-s /bin/sh" + when: + - ansible_facts.services["gitea.service"] is defined + - ansible_facts.services["gitea.service"].state == "running" + - gitea_active_version.stdout != gitea_version + +- block: + - name: Download gitea archive + get_url: + url: "{{ gitea_dl_url }}.xz" + dest: "/tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz" + checksum: "sha256:{{ gitea_dl_url }}.xz.sha256" + register: _download_archive + until: _download_archive is succeeded + retries: 5 + delay: 2 + + - name: Download gitea asc file + get_url: + url: "{{ gitea_dl_url }}.xz.asc" + dest: "/tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz.asc" + register: _download_asc + until: _download_asc is succeeded + retries: 5 + delay: 2 + + - name: Check gitea gpg key + command: "gpg --list-keys 0x{{ gitea_gpg_key }}" + register: _gitea_gpg_key_status + changed_when: false + failed_when: _gitea_gpg_key_status.rc not in (0, 2) + + - name: Import gitea gpg key + command: "gpg --keyserver {{ gitea_gpg_server }} --recv {{ gitea_gpg_key }}" + register: _gitea_import_key + changed_when: '"imported: 1" in _gitea_import_key.stderr' + when: _gitea_gpg_key_status.rc != 0 + + - name: Check archive signature + command: "gpg --verify /tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz.asc /tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz" + changed_when: false + + - name: Unpack gitea binary + command: + cmd: "xz -k -d /tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz" + creates: "/tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}" + + - name: Propagate gitea binary + copy: + src: "/tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}" + remote_src: true + dest: "/usr/local/bin/gitea" + mode: 0755 + owner: root + group: root + notify: "Restart gitea" + when: (not gitea_version_check|bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version)) diff --git a/tasks/main.yml b/tasks/main.yml index af87cf1..a148ff8 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,4 +1,12 @@ --- +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}.yml" - name: "Check gitea version" shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3" @@ -9,16 +17,7 @@ failed_when: false when: gitea_version_check|bool -- name: "Download the binary" - get_url: - url: "{{ gitea_dl_url }}" - dest: /usr/local/bin/gitea - owner: root - group: root - mode: 0755 - force: true - notify: "Restart gitea" - when: (not gitea_version_check|bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version)) +- include: install.yml - include: create_user.yml @@ -48,15 +47,11 @@ - "{{ gitea_home }}/custom/mailer" - "{{ gitea_home }}/indexers" - "{{ gitea_home }}/log" + - "{{ gitea_repository_root }}" - include: install_systemd.yml when: ansible_service_mgr == "systemd" -- name: 'Install git' - package: - name: 'git' - state: 'present' - - include_tasks: jwt_secrets.yml - name: "Configure gitea" diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index 4fbdc0e..deeb164 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -1,200 +1,197 @@ ; this file is the configuration of your local gitea instance ; {{ ansible_managed }} -; +; ; This file overwrites the default values from gitea. ; undefined variables will use the default value from gitea. ; Cheat Sheet: https://docs.gitea.io/en-us/config-cheat-sheet/ -; +; ; App name that shows on every page title -APP_NAME = {{ gitea_app_name }} +APP_NAME = {{ gitea_app_name }} ; Change it if you run locally RUN_USER = {{ gitea_user }} ; Either "dev", "prod" or "test", default is "dev" RUN_MODE = prod [repository] -ROOT = {{ gitea_repository_root }} +ROOT = {{ gitea_repository_root }} ; Force every new repository to be private -FORCE_PRIVATE = {{ gitea_force_private }} +FORCE_PRIVATE = {{ gitea_force_private }} ; Global limit of repositories per user, applied at creation time. -1 means no limit -MAX_CREATION_LIMIT = {{ gitea_user_repo_limit }} +MAX_CREATION_LIMIT = {{ gitea_user_repo_limit }} ; Mirror sync queue length, increase if mirror syncing starts hanging MIRROR_QUEUE_LENGTH = 1000 ; Disable the ability to interact with repositories using the HTTP protocol -DISABLE_HTTP_GIT = {{ gitea_disable_http_git }} +DISABLE_HTTP_GIT = {{ gitea_disable_http_git }} [ui] ; Whether the email of the user should be shown in the Explore Users page -SHOW_USER_EMAIL = {{ gitea_show_user_email }} -THEMES = {{ gitea_themes }} -DEFAULT_THEME = {{ gitea_theme_default }} +SHOW_USER_EMAIL = {{ gitea_show_user_email }} +THEMES = {{ gitea_themes }} +DEFAULT_THEME = {{ gitea_theme_default }} [server] ; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'. -PROTOCOL = {{ gitea_protocol }} -DOMAIN = {{ gitea_http_domain }} -ROOT_URL = {{ gitea_root_url }} +PROTOCOL = {{ gitea_protocol }} +DOMAIN = {{ gitea_http_domain }} +ROOT_URL = {{ gitea_root_url }} ; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket. -HTTP_ADDR = {{ gitea_http_listen }} -HTTP_PORT = {{ gitea_http_port }} +HTTP_ADDR = {{ gitea_http_listen }} +HTTP_PORT = {{ gitea_http_port }} ; Disable SSH feature when not available -DISABLE_SSH = false +DISABLE_SSH = false ; Whether to use the builtin SSH server or not. -START_SSH_SERVER = {{ gitea_start_ssh }} +START_SSH_SERVER = {{ gitea_start_ssh }} ; Domain name to be exposed in clone URL -SSH_DOMAIN = {{ gitea_ssh_domain }} +SSH_DOMAIN = {{ gitea_ssh_domain }} ; The network interface the builtin SSH server should listen on -SSH_LISTEN_HOST = {{ gitea_ssh_listen }} +SSH_LISTEN_HOST = {{ gitea_ssh_listen }} ; Port number to be exposed in clone URL -SSH_PORT = {{ gitea_ssh_port }} +SSH_PORT = {{ gitea_ssh_port }} ; The port number the builtin SSH server should listen on -SSH_LISTEN_PORT = %(SSH_PORT)s +SSH_LISTEN_PORT = %(SSH_PORT)s ; Disable CDN even in "prod" mode -OFFLINE_MODE = {{ gitea_offline_mode }} +OFFLINE_MODE = {{ gitea_offline_mode }} ; Default path for App data -APP_DATA_PATH = {{ gitea_home }}/data -{%- if gitea_lfs_server_enabled | bool %} +APP_DATA_PATH = {{ gitea_home }}/data +{% if gitea_lfs_server_enabled | bool -%} ;Enables git-lfs support. -LFS_START_SERVER = true +LFS_START_SERVER = true ; Where to store LFS files. -LFS_CONTENT_PATH = {{ gitea_lfs_content_path }} +LFS_CONTENT_PATH = {{ gitea_lfs_content_path }} ; LFS authentication secret -LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }} - -{%- endif %} +LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }} +{% endif %} [database] ; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice -DB_TYPE = {{ gitea_db_type }} -HOST = {{ gitea_db_host }} -NAME = {{ gitea_db_name }} -USER = {{ gitea_db_user }} +DB_TYPE = {{ gitea_db_type }} +HOST = {{ gitea_db_host }} +NAME = {{ gitea_db_name }} +USER = {{ gitea_db_user }} ; Use PASSWD = `your password` for quoting if you use special characters in the password. -PASSWD = {{ gitea_db_password }} +PASSWD = {{ gitea_db_password }} ; For Postgres, either "disable" (default), "require", or "verify-full" ; For MySQL, either "false" (default), "true", or "skip-verify" -SSL_MODE = {{ gitea_db_ssl }} +SSL_MODE = {{ gitea_db_ssl }} ; For "sqlite3" and "tidb", use an absolute path when you start gitea as service -PATH = {{ gitea_db_path }} +PATH = {{ gitea_db_path }} [indexer] ; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve -ISSUE_INDEXER_PATH = {{ gitea_home }}/indexers/issues.bleve +ISSUE_INDEXER_PATH = {{ gitea_home }}/indexers/issues.bleve ; Issue indexer queue, currently support: channel or levelqueue, default is levelqueue -ISSUE_INDEXER_QUEUE_TYPE = levelqueue +ISSUE_INDEXER_QUEUE_TYPE = levelqueue ; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path, ; default is indexers/issues.queue -ISSUE_INDEXER_QUEUE_DIR = {{ gitea_home }}/indexers/issues.queue - +ISSUE_INDEXER_QUEUE_DIR = {{ gitea_home }}/indexers/issues.queue ; repo indexer by default disabled, since it uses a lot of disk space -REPO_INDEXER_ENABLED = {{ gitea_repo_indexer_enabled }} -REPO_INDEXER_PATH = {{ gitea_home }}/indexers/repos.bleve -REPO_INDEXER_INCLUDE = {{ gitea_repo_indexer_include }} -REPO_INDEXER_EXCLUDE = {{ gitea_repo_indexer_exclude }} +REPO_INDEXER_ENABLED = {{ gitea_repo_indexer_enabled }} +REPO_INDEXER_PATH = {{ gitea_home }}/indexers/repos.bleve +REPO_INDEXER_INCLUDE = {{ gitea_repo_indexer_include }} +REPO_INDEXER_EXCLUDE = {{ gitea_repo_indexer_exclude }} REPO_INDEXER_EXCLUDE_VENDORED = {{ gitea_repo_exclude_vendored }} -MAX_FILE_SIZE = {{ gitea_repo_indexer_max_file_size }} +MAX_FILE_SIZE = {{ gitea_repo_indexer_max_file_size }} [security] ; Whether the installer is disabled -INSTALL_LOCK = true +INSTALL_LOCK = true ; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!! -SECRET_KEY = {{ gitea_secret_key }} -INTERNAL_TOKEN = {{ gitea_internal_token }} +SECRET_KEY = {{ gitea_secret_key }} +INTERNAL_TOKEN = {{ gitea_internal_token }} ; How long to remember that an user is logged in before requiring relogin (in days) LOGIN_REMEMBER_DAYS = 7 -DISABLE_GIT_HOOKS = {{ gitea_disable_git_hooks }} +DISABLE_GIT_HOOKS = {{ gitea_disable_git_hooks }} [service] ; Disallow registration, only allow admins to create accounts. -DISABLE_REGISTRATION = {{ gitea_disable_registration }} +DISABLE_REGISTRATION = {{ gitea_disable_registration }} ; User must sign in to view anything. -REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin }} +REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin }} ; Enable captcha validation for registration -ENABLE_CAPTCHA = {{ gitea_enable_captcha }} +ENABLE_CAPTCHA = {{ gitea_enable_captcha }} ; Type of captcha you want to use. Options: image, recaptcha -CAPTCHA_TYPE = image +CAPTCHA_TYPE = image ; Enable recaptcha to use Google's recaptcha service ; Go to https://www.google.com/recaptcha/admin to sign up for a key -RECAPTCHA_SECRET = -RECAPTCHA_SITEKEY = +RECAPTCHA_SECRET = +RECAPTCHA_SITEKEY = ; Show Registration button -SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button }} +SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button }} ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration }} -ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail }} +ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail }} [mailer] -ENABLED = {{ gitea_mailer_enabled }} +ENABLED = {{ gitea_mailer_enabled }} ; Mail server ; Gmail: smtp.gmail.com:587 ; QQ: smtp.qq.com:465 ; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used. -HOST = {{ gitea_mailer_host }} +HOST = {{ gitea_mailer_host }} ; Disable HELO operation when hostnames are different. -DISABLE_HELO = +DISABLE_HELO = ; Custom hostname for HELO operation, if no value is provided, one is retrieved from system. -HELO_HOSTNAME = +HELO_HOSTNAME = ; Do not verify the certificate of the server. Only use this for self-signed certificates -SKIP_VERIFY = {{ gitea_mailer_skip_verify }} +SKIP_VERIFY = {{ gitea_mailer_skip_verify }} ; Use client certificate -USE_CERTIFICATE = false -CERT_FILE = {{ gitea_home }}/custom/mailer/cert.pem -KEY_FILE = {{ gitea_home }}/custom/mailer/key.pem +USE_CERTIFICATE = false +CERT_FILE = {{ gitea_home }}/custom/mailer/cert.pem +KEY_FILE = {{ gitea_home }}/custom/mailer/key.pem ; Should SMTP connection use TLS -IS_TLS_ENABLED = {{ gitea_mailer_tls_enabled }} +IS_TLS_ENABLED = {{ gitea_mailer_tls_enabled }} ; Mail from address, RFC 5322. This can be just an email address, or the `"Name" ` format -FROM = {{ gitea_mailer_from }} +FROM = {{ gitea_mailer_from }} ; Mailer user name and password -USER = {{ gitea_mailer_user }} +USER = {{ gitea_mailer_user }} ; Use PASSWD = `your password` for quoting if you use special characters in the password. -PASSWD = `{{ gitea_mailer_password }}` +PASSWD = {{ gitea_mailer_password }} ; Send mails as plain text SEND_AS_PLAIN_TEXT = false ; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log) -MAILER_TYPE = {{ gitea_mailer_type }} +MAILER_TYPE = {{ gitea_mailer_type }} ; Specify an alternative sendmail binary -SENDMAIL_PATH = sendmail +SENDMAIL_PATH = sendmail ; Specify any extra sendmail arguments -SENDMAIL_ARGS = - +SENDMAIL_ARGS = [session] ; Either "memory", "file", or "redis", default is "memory" -PROVIDER = file +PROVIDER = file ; Provider config options ; memory: doesn't have any config yet ; file: session file path, e.g. `data/sessions` ; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180 ; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table` -PROVIDER_CONFIG = {{ gitea_home }}/data/sessions +PROVIDER_CONFIG = {{ gitea_home }}/data/sessions [picture] -AVATAR_UPLOAD_PATH = {{ gitea_home }}/data/avatars +AVATAR_UPLOAD_PATH = {{ gitea_home }}/data/avatars ; This value will always be true in offline mode. -DISABLE_GRAVATAR = {{ gitea_disable_gravatar }} +DISABLE_GRAVATAR = {{ gitea_disable_gravatar }} [attachment] ; Whether attachments are enabled. Defaults to `true` ENABLED = true ; Path for attachments. Defaults to `data/attachments` -PATH = {{ gitea_home }}/data/attachments +PATH = {{ gitea_home }}/data/attachments [log] -ROOT_PATH = {{ gitea_home }}/log +ROOT_PATH = {{ gitea_home }}/log ; Either "console", "file", "conn", "smtp" or "database", default is "console" ; Use comma to separate multiple modes, e.g. "console, file" -MODE = file +MODE = file ; Buffer length of the channel, keep it as it is if you don't know what it is. -BUFFER_LEN = 10000 +BUFFER_LEN = 10000 ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace" -LEVEL = Info +LEVEL = Info REDIRECT_MACARON_LOG = false [oauth2] -ENABLE = {{ gitea_oauth2_enabled }} +ENABLE = {{ gitea_oauth2_enabled }} JWT_SECRET = {{ gitea_oauth2_jwt_secret }} [metrics] ENABLED = {{ gitea_metrics_enabled }} -TOKEN = {{ gitea_metrics_token }} +TOKEN = {{ gitea_metrics_token }} {{ gitea_extra_config }} diff --git a/vars/debian.yml b/vars/debian.yml new file mode 100644 index 0000000..dc164f6 --- /dev/null +++ b/vars/debian.yml @@ -0,0 +1,5 @@ +--- +gitea_dependencies: + - git + - gnupg2 + - xz-utils diff --git a/vars/main.yml b/vars/main.yml index 9ec5113..b473a40 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,2 +1,10 @@ --- -gitea_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}" +gitea_go_arch_map: + i386: '386' + x86_64: 'amd64' + aarch64: 'arm64' + armv7l: 'arm-6' + armv6l: 'arm-6' + armv5l: 'arm-5' + +gitea_arch: "{{ gitea_go_arch_map[ansible_architecture] | default(ansible_architecture) }}" diff --git a/vars/redhat.yml b/vars/redhat.yml new file mode 100644 index 0000000..7c96415 --- /dev/null +++ b/vars/redhat.yml @@ -0,0 +1,5 @@ +--- +gitea_dependencies: + - git + - gnupg2 + - xz