Commit graph

28 commits

Author SHA1 Message Date
Finwë
56375819a7
Improve ARM Support (#74)
* Gitea user should be a system user

* Improve installation system

* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading

* Improve ARM support

* Improve support for Vault Encrypted JWT tokens

* Fix spacing in gitea configuration template

When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.

* add proper redhat/debian deps for molecule testing

* Gitea group should be a system group

* fix linting for CI

* Update CI and meta information for up-to-date tests and distros

* molecule: fix typo for redhat packages

* fix typo

* bump gitea version to 1.13.1

* Use Ubuntu keyservers to play nicely with everyone

* Update minimum required ansible version to 2.9.8

This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8

* Replace yes by True to please the linting

* Truthy values needs to be lower-case

* bump gitea version to 1.13.2

* perform gitea dump as gitea user

* need to set become to yes

* autogenerate JWT_SECRETS (#77)

* autogenerate JWT_SECRETS

Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.

The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.

* drop ansible.builtin. syntax

* Update file permissions for "{{ gitea_home }}" (#75)

The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files.

This should be done better. And I have done here now.

By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me
```
find . -type f -exec chmod a-x {} \+;
find . -type f -exec chmod u=rwX {} \+;
```

* Bump cryptography from 3.2 to 3.3.2 (#79)

Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Gitea user should be a system user

* Improve installation system

* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading

* Improve ARM support

* Fix spacing in gitea configuration template

When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.

* add proper redhat/debian deps for molecule testing

* Gitea group should be a system group

* fix linting for CI

* Update CI and meta information for up-to-date tests and distros

* molecule: fix typo for redhat packages

* fix typo

* bump gitea version to 1.13.1

* Use Ubuntu keyservers to play nicely with everyone

* Update minimum required ansible version to 2.9.8

This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8

* Replace yes by True to please the linting

* Truthy values needs to be lower-case

* bump gitea version to 1.13.2

* perform gitea dump as gitea user

* need to set become to yes

* check-variables.yml doesn't exists anymore

Co-authored-by: L3D <l3d@c3woc.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-12 17:56:31 +00:00
L3D
7d91337447
Update file permissions for "{{ gitea_home }}" (#75)
The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files.

This should be done better. And I have done here now.

By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me
```
find . -type f -exec chmod a-x {} \+;
find . -type f -exec chmod u=rwX {} \+;
```
2021-02-10 19:05:04 +00:00
L3D
9cd664d91f
autogenerate JWT_SECRETS (#77)
* autogenerate JWT_SECRETS

Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.

The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.

* drop ansible.builtin. syntax
2021-02-10 19:04:13 +00:00
L3D
67afb71160
add default "gitea_group: gitea" (#71)
* delete trailing whitespace

* Add gitea_group

This will add the `gitea_group: gitea` and will probably
RESOLVE https://github.com/thomas-maurice/ansible-role-gitea/issues/70

* update variable length

update variable length to make this role idempotent

* vars should not include special character
2021-01-27 14:13:02 +00:00
L3D
2500047d22 improve all easy to fix yaml warnings 2021-01-22 11:06:55 +00:00
L3D
fb45c4dfc5 add linting check and fix warning
There is this linting message:
```
[208] File permissions unset or incorrect
tasks/main.yml:27
Task/Handler: Create config and data directory
```

I fixed it in this commit and added a github action
to run the official™ ansible linting check!
2021-01-22 11:06:55 +00:00
883b6d958e fix logging path 2020-09-24 17:21:36 +01:00
Jens Timmerman
667c375a9d Update install_systemd.yml 2020-09-24 16:00:51 +01:00
Jens Timmerman
4976d531ba Update install_systemd.yml
reload systemd should be triggered via handler
2020-09-24 16:00:51 +01:00
Jens Timmerman
d517cd1e64 also create inders and logs directory as gitea
Recursively set the gitea user as owner of all it's directories (and create /indexers and /logs directories.
This is needed if one tried to start gitea as root before.
2020-08-21 23:16:35 +01:00
Jens Timmerman
56d9e08c64 make sure git is installed
gitea service fails to start if the git binary is not present on the system
2020-08-21 23:15:44 +01:00
Sergej
77d593a4b9 Bugfix: set -o pipefail fails silently.
This is due the fact that Ansible often takes another default shell
to execute its commands, e.g., /bin/sh.
Solution is to require /bin/bash for the particular command.
2020-06-17 14:08:26 +01:00
Simeon Keske
16707f4a38 Allow to set a custom Download-URL for gitea 2020-05-19 14:21:12 +01:00
L. Alberto Giménez
7e7626ed2a Fix check mode for binary download task
In check_mode, the binary download task depends on the execution of the
previous one, which uses the module shell to fill in a variable. In the
download binary task we use a field on that variable that does not exist
in check_mode, so the task fails.

Signed-off-by: L. Alberto Giménez <agimenez@sysvalve.es>
2020-05-15 09:47:24 +01:00
Thomas Maurice
cdfb5bd354 Fix linting 2020-04-20 15:38:03 +01:00
dhs
d65ac0f919 Update main.yml
remove debugging remnant
2020-04-20 15:09:35 +01:00
dhs
7e59a636cb improved testing 2020-04-20 15:09:35 +01:00
dhach
15a5f64e8a check that jwt token is < 32 chars to prevent gitea from crashing 2020-04-20 15:02:41 +01:00
L3D
5e971278c3 Fixing deprecation warning
ANsible comes with the error:
```bash
[DEPRECATION WARNING]: evaluating gitea_fail2ban_enabled as a bare variable, this behaviour will go away and you might need to add |bool to the expression in the future. Also see CONDITIONAL_BARE_VARS configuration toggle.. This
feature will be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
```

appending ``|bool`` after a boolean variable will resolve the issue.
2019-05-23 21:19:21 +01:00
Thomas Maurice
37b1ff8837 #17 fix the quality score of the module 2019-04-30 19:45:20 +01:00
Trysdyn Black
3226a76d94 Add toggle to do a version check before download
Old behavior is to download the binary of `gitea_version` every run,
then checksum it against the currently installed version to see if it needs
to be copied over.

New behavior is to attempt to extract the current running version of gitea
and only initiate the old behavior if the running version != `gitea_version`.

Default is old behavior due to the major logic change involved.
2019-04-30 08:55:21 +01:00
Lilian Roller
609a47de72 Update gitea and create shell variable
The current gitea version is updated to 1.7.5.

And now you are able to customize the shell of your gitea user.
[Issue 14](https://github.com/thomas-maurice/ansible-role-gitea/issues/14)
2019-04-09 13:40:38 +01:00
Thomas Maurice
168be1f6bb Bunch of improvements around testing and ansible galaxy
* added a license info
 * added galaxy tags/platforms
 * added travis test support
 * testing the playbook using molecule
2019-03-16 12:11:02 +00:00
Mathias Merscher
41797ebdfd rename gitea_install_fail2ban_config to gitea_fail2ban_enabled 2019-03-15 17:05:09 +00:00
Mathias Merscher
a9414f6593 consistent task name capitalization 2019-03-15 17:05:09 +00:00
Mathias Merscher
11374216ac adds support for optional deployment of fail2ban jail 2019-03-15 17:05:09 +00:00
ikarulus
ebddb8b7d4 add version var 2019-01-10 21:45:34 +00:00
Thomas Maurice
59d3cfc7c8
First commit 2017-01-10 22:09:34 +01:00