add default "gitea_group: gitea" (#71)

* delete trailing whitespace

* Add gitea_group

This will add the `gitea_group: gitea` and will probably
RESOLVE https://github.com/thomas-maurice/ansible-role-gitea/issues/70

* update variable length

update variable length to make this role idempotent

* vars should not include special character
This commit is contained in:
L3D 2021-01-27 15:13:02 +01:00 committed by GitHub
parent cde4a964d5
commit 67afb71160
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 36 additions and 10 deletions

View file

@ -1,6 +1,7 @@
--- ---
name: Ansible Lint check name: Ansible Lint check
# yamllint disable-line rule:truthy
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
@ -9,7 +10,6 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: Lint Ansible Playbook - name: Lint Ansible Playbook

View file

@ -58,6 +58,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
* `gitea_version_check`: Check if installed version != `gitea_version` before initiating binary download * `gitea_version_check`: Check if installed version != `gitea_version` before initiating binary download
* `gitea_user`: UNIX user used by Gitea * `gitea_user`: UNIX user used by Gitea
* `gitea_group`: UNIX group used by Gitea
* `gitea_home`: Base directory to work * `gitea_home`: Base directory to work
* `gitea_dl_url`: The URL, the compiled gitea-binary will be downloaded from * `gitea_dl_url`: The URL, the compiled gitea-binary will be downloaded from
* `gitea_systemd_cap_net_bind_service`: Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file * `gitea_systemd_cap_net_bind_service`: Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file
@ -127,7 +128,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
* `gitea_lfs_enabled`: Enable GIT LFS *(git large file storeage: [git-lfs](https://git-lfs.github.com/))*. Default: `false` * `gitea_lfs_enabled`: Enable GIT LFS *(git large file storeage: [git-lfs](https://git-lfs.github.com/))*. Default: `false`
* `gitea_lfs_content_path`: path where the lfs files are stored * `gitea_lfs_content_path`: path where the lfs files are stored
* `gitea_lfs_secret`: JWT secret for remote LFS usage * `gitea_lfs_secret`: JWT secret for remote LFS usage, has to be exactly 43 characters long
### Fail2Ban configuration ### Fail2Ban configuration
@ -145,7 +146,7 @@ As this will only deploy config files, fail2ban already has to be installed or o
### Oauth2 provider configuration ### Oauth2 provider configuration
* `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false) * `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false)
* `gitea_oauth2_jwt_secret`: JWT secret, cannot be longer than 32 characters * `gitea_oauth2_jwt_secret`: JWT secret, has to be exactly 43 characters long
### Metrics endpoint configuration ### Metrics endpoint configuration

View file

@ -5,6 +5,7 @@ gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_ver
gitea_app_name: "Gitea" gitea_app_name: "Gitea"
gitea_user: "gitea" gitea_user: "gitea"
gitea_group: "gitea"
gitea_home: "/var/lib/gitea" gitea_home: "/var/lib/gitea"
gitea_shell: "/bin/false" gitea_shell: "/bin/false"
gitea_systemd_cap_net_bind_service: false gitea_systemd_cap_net_bind_service: false
@ -22,7 +23,7 @@ gitea_offline_mode: true
gitea_lfs_server_enabled: false gitea_lfs_server_enabled: false
gitea_lfs_content_path: "{{ gitea_home }}/data/lfs" gitea_lfs_content_path: "{{ gitea_home }}/data/lfs"
gitea_lfs_jwt_secret: LongUniqueS3cret_ gitea_lfs_jwt_secret: 'ChangeMe1GGm26cTz5jsH9S3Df4MPzBx599wLCdKwmw'
gitea_db_type: sqlite3 gitea_db_type: sqlite3
gitea_db_host: 127.0.0.0:3306 gitea_db_host: 127.0.0.0:3306
@ -68,7 +69,7 @@ gitea_fail2ban_jail_bantime: 900
gitea_fail2ban_jail_action: iptables-allports gitea_fail2ban_jail_action: iptables-allports
gitea_oauth2_enabled: true gitea_oauth2_enabled: true
gitea_oauth2_jwt_secret: ChangeMe gitea_oauth2_jwt_secret: PLZChangeThisToAFourtyThreeCharacterString1
gitea_metrics_enabled: false gitea_metrics_enabled: false
gitea_metrics_token: ~ gitea_metrics_token: ~

View file

@ -1,7 +1,14 @@
--- ---
- name: run checks to ensure set variables do not crash gitea - name: run checks to ensure gitea_oauth2_jwt_secret do not crash gitea and is idempotent
block: block:
- name: "check token length" - name: "check token length"
fail: fail:
msg: 'gitea_oauth2_jwt_secret cannot be longer than 32 characters.' msg: 'gitea_oauth2_jwt_secret has to be 43 characters long. It is currently {{ gitea_oauth2_jwt_secret | length }} long.'
when: gitea_oauth2_jwt_secret | length > 32 when: gitea_oauth2_jwt_secret | length != 43
- name: run checks to ensure gitea_lfs_jwt_secret do not crash gitea and is idempotent
block:
- name: "check token length"
fail:
msg: 'gitea_lfs_jwt_secret has to be 43 characters long. It is currently {{ gitea_lfs_jwt_secret | length }} long.'
when: gitea_lfs_jwt_secret | length != 43

View file

@ -1,4 +1,9 @@
--- ---
- name: "Create Gitea Group"
group:
name: "{{ gitea_group }}"
state: present
- name: "Create Gitea user" - name: "Create Gitea user"
user: user:
name: "{{ gitea_user }}" name: "{{ gitea_user }}"

View file

@ -24,15 +24,25 @@
- include: create_user.yml - include: create_user.yml
- name: "Create config and data directory" - name: "Create config directory"
file: file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
owner: "{{ gitea_user }}" owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
mode: '0755'
with_items:
- "/etc/gitea"
- name: "Create data directory"
file:
path: "{{ item }}"
state: directory
owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
mode: '0755' mode: '0755'
recurse: true recurse: true
with_items: with_items:
- "/etc/gitea"
- "{{ gitea_home }}" - "{{ gitea_home }}"
- "{{ gitea_home }}/data" - "{{ gitea_home }}/data"
- "{{ gitea_home }}/custom" - "{{ gitea_home }}/custom"
@ -54,6 +64,7 @@
src: gitea.ini.j2 src: gitea.ini.j2
dest: /etc/gitea/gitea.ini dest: /etc/gitea/gitea.ini
owner: "{{ gitea_user }}" owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
mode: 0600 mode: 0600
notify: "Restart gitea" notify: "Restart gitea"

View file

@ -4,6 +4,7 @@ After=network.target
[Service] [Service]
User={{ gitea_user }} User={{ gitea_user }}
Group={{ gitea_group }}
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/gitea.ini ExecStart=/usr/local/bin/gitea web -c /etc/gitea/gitea.ini
Restart=on-failure Restart=on-failure
WorkingDirectory={{ gitea_home }} WorkingDirectory={{ gitea_home }}