Commit graph

116 commits

Author SHA1 Message Date
L3D
b04f4ca1dd
change keyserver to keys.openpgp.org (#92)
* change keyserver to keys.openpgp.org

based on https://docs.gitea.io/en-us/install-from-binary/ gitea is recomending ``keys.openpgp.org`` as key server.

RESOLVE #91

* s/hkp:\/\//hkps:\/\//
2021-04-10 18:06:07 +01:00
L3D
ca2f5df0c1
update to gitea v1.13.7 (#93)
https://github.com/go-gitea/gitea/releases/tag/v1.13.7
2021-04-10 18:03:22 +01:00
Jens Timmerman
d3ab000e54
bump gitea version (#87)
fixes security issues https://github.com/go-gitea/gitea/releases/tag/v1.13.6
2021-03-26 15:29:35 +00:00
dependabot[bot]
05d32284a0
Bump pyyaml from 5.3.1 to 5.4 (#89)
Bumps [pyyaml](https://github.com/yaml/pyyaml) from 5.3.1 to 5.4.
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/master/CHANGES)
- [Commits](https://github.com/yaml/pyyaml/compare/5.3.1...5.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-26 15:28:11 +00:00
L3D
ab6b357e39
update gitea to 1.13.4 (#86)
The current release of gitea is [v1.13.4](https://github.com/go-gitea/gitea/releases/tag/v1.13.4).

The current master of this role is not able to do a version update properly. PLEASE first merge https://github.com/thomas-maurice/ansible-role-gitea/pull/81
2021-03-21 16:11:16 +00:00
L3D
71ea49b7ac
modify backup on upgrade (#81)
* create backup direcotry

create a backup folder and move the gitea backup to backup.yml

* make the backup on update optional

Documentation and introduction of the variable `gitea_backup_on_upgrade: false`

* change become_method to sudo

change become_method to sudo as suggested by @wzzrd. removed become_flags.

* Full path to gitea binary in backup task. thanks to @wzzrd
2021-03-21 16:10:42 +00:00
L3D
8b71e3f137
update requirements for molecule (#78)
* start upgrading requirements

* add some more updated requirements

* add another junk

* add another junk

* update ansible version
2021-03-02 09:38:20 +00:00
L3D
2fa3f51eb4
Cleanup template (#85)
improve template and create loglevel variable
2021-03-02 09:35:13 +00:00
Maxim Burgerhout
183e58f0e5
Add / correct accepted SSL modes for PostgreSQL (#83)
Supported SSL modues for PostgreSQL are: disabled, require, verify-ca
and verify-full.

This fix adds `verify-ca` to README.md and gitea.ini.j2, and corrects
`require` to `required` in README.md.
2021-02-15 18:35:27 +00:00
Finwë
56375819a7
Improve ARM Support (#74)
* Gitea user should be a system user

* Improve installation system

* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading

* Improve ARM support

* Improve support for Vault Encrypted JWT tokens

* Fix spacing in gitea configuration template

When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.

* add proper redhat/debian deps for molecule testing

* Gitea group should be a system group

* fix linting for CI

* Update CI and meta information for up-to-date tests and distros

* molecule: fix typo for redhat packages

* fix typo

* bump gitea version to 1.13.1

* Use Ubuntu keyservers to play nicely with everyone

* Update minimum required ansible version to 2.9.8

This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8

* Replace yes by True to please the linting

* Truthy values needs to be lower-case

* bump gitea version to 1.13.2

* perform gitea dump as gitea user

* need to set become to yes

* autogenerate JWT_SECRETS (#77)

* autogenerate JWT_SECRETS

Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.

The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.

* drop ansible.builtin. syntax

* Update file permissions for "{{ gitea_home }}" (#75)

The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files.

This should be done better. And I have done here now.

By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me
```
find . -type f -exec chmod a-x {} \+;
find . -type f -exec chmod u=rwX {} \+;
```

* Bump cryptography from 3.2 to 3.3.2 (#79)

Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Gitea user should be a system user

* Improve installation system

* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading

* Improve ARM support

* Fix spacing in gitea configuration template

When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.

* add proper redhat/debian deps for molecule testing

* Gitea group should be a system group

* fix linting for CI

* Update CI and meta information for up-to-date tests and distros

* molecule: fix typo for redhat packages

* fix typo

* bump gitea version to 1.13.1

* Use Ubuntu keyservers to play nicely with everyone

* Update minimum required ansible version to 2.9.8

This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8

* Replace yes by True to please the linting

* Truthy values needs to be lower-case

* bump gitea version to 1.13.2

* perform gitea dump as gitea user

* need to set become to yes

* check-variables.yml doesn't exists anymore

Co-authored-by: L3D <l3d@c3woc.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-12 17:56:31 +00:00
dependabot[bot]
f6f5e733f0
Bump cryptography from 3.2 to 3.3.2 (#79)
Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-10 19:07:04 +00:00
L3D
7d91337447
Update file permissions for "{{ gitea_home }}" (#75)
The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files.

This should be done better. And I have done here now.

By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me
```
find . -type f -exec chmod a-x {} \+;
find . -type f -exec chmod u=rwX {} \+;
```
2021-02-10 19:05:04 +00:00
L3D
9cd664d91f
autogenerate JWT_SECRETS (#77)
* autogenerate JWT_SECRETS

Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.

The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.

* drop ansible.builtin. syntax
2021-02-10 19:04:13 +00:00
L3D
67afb71160
add default "gitea_group: gitea" (#71)
* delete trailing whitespace

* Add gitea_group

This will add the `gitea_group: gitea` and will probably
RESOLVE https://github.com/thomas-maurice/ansible-role-gitea/issues/70

* update variable length

update variable length to make this role idempotent

* vars should not include special character
2021-01-27 14:13:02 +00:00
L3D
cde4a964d5 add LFS_JWT_SECRET option
+ Add comments about git-lfs to the README.
+ New variable for LFS_JWT_SECRET.
+ absolute path for gitea_lfs_content_path.
+ maybe some help to resolve https://github.com/thomas-maurice/ansible-role-gitea/issues/70
2021-01-22 11:07:28 +00:00
L3D
c68565952a delete trailing whitespace 2021-01-22 11:07:28 +00:00
L3D
2500047d22 improve all easy to fix yaml warnings 2021-01-22 11:06:55 +00:00
L3D
fb45c4dfc5 add linting check and fix warning
There is this linting message:
```
[208] File permissions unset or incorrect
tasks/main.yml:27
Task/Handler: Create config and data directory
```

I fixed it in this commit and added a github action
to run the official™ ansible linting check!
2021-01-22 11:06:55 +00:00
Simeon Keske
aa75493677 add option to specify extra configuration 2020-12-06 21:39:19 +00:00
Leo Maroni
8af72e355e Add disable_git_hooks config option to security 2020-12-06 21:37:51 +00:00
Jens Timmerman
ecfff9cbc0 bump gitea version
gitea 1.13.0 was released which fixes security issues

some breaking changes were reported in the release notes but I didn't find any issues with them on my system, caution is advised

Support Gitea development, we now have a shop for Swag

    SECURITY
        Add Allow-/Block-List for Migrate & Mirrors (#13610) (#13776)
        Prevent git operations for inactive users (#13527) (#13536)
        Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13524)
        Mitigate Security vulnerability in the git hook feature (#13058)
        Disable DSA ssh keys by default (#13056)
        Set TLS minimum version to 1.2 (#12689)
        Use argon as default password hash algorithm (#12688)
    BREAKING
        Set RUN_MODE prod by default (#13765) (#13767)
        Don't replace underscores in auto-generated IDs in goldmark (#12805)
        Add Primary Key to Topic and RepoTopic tables (#12639)
        Disable password complexity check default (#12557)
        Change PIDFile default from /var/run/gitea.pid to /run/gitea.pid (#12500)
        Add extension Support to Attachments (allow all types for releases) (#12465)
        Remove IE11 Support (#11470)
2020-12-06 21:36:06 +00:00
dependabot[bot]
d5ca00bc21 Bump cryptography from 2.9 to 3.2
Bumps [cryptography](https://github.com/pyca/cryptography) from 2.9 to 3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/2.9...3.2)

Signed-off-by: dependabot[bot] <support@github.com>
2020-11-02 10:17:17 +00:00
883b6d958e fix logging path 2020-09-24 17:21:36 +01:00
Jens Timmerman
667c375a9d Update install_systemd.yml 2020-09-24 16:00:51 +01:00
Jens Timmerman
4976d531ba Update install_systemd.yml
reload systemd should be triggered via handler
2020-09-24 16:00:51 +01:00
Jens Timmerman
73d72a8264 1.12.4 was released which fixes security issues 2020-09-24 15:59:48 +01:00
Jens Timmerman
f2c8610cc4 Update README.md 2020-09-05 10:46:41 +01:00
Jens Timmerman
d517cd1e64 also create inders and logs directory as gitea
Recursively set the gitea user as owner of all it's directories (and create /indexers and /logs directories.
This is needed if one tried to start gitea as root before.
2020-08-21 23:16:35 +01:00
Jens Timmerman
56d9e08c64 make sure git is installed
gitea service fails to start if the git binary is not present on the system
2020-08-21 23:15:44 +01:00
Thomas Maurice
8b5ae578f4
Badges 2020-08-01 15:12:55 +01:00
Thomas Maurice
b4ecdb3563
Merge pull request #55 from em0lar/notify_mail
Add configuration option for enabling notify email
2020-08-01 15:01:48 +01:00
Leo Maroni
8f2e1bcd6a
Add configuration option for enabling notify email 2020-07-28 12:23:26 +02:00
Thomas Maurice
b1550d80ce
Merge pull request #54 from orangerkater/define-mailer-type
issue #53: define mailer type
2020-07-22 18:35:13 +01:00
Martin Borer
f48402354f issue #53: define mailer type 2020-07-21 14:18:08 +02:00
Thomas Maurice
c7dca823c9
Merge pull request #50 from em0lar/repo_indexer
Add config options for repository indexer
2020-06-20 15:47:56 +01:00
Thomas Maurice
a14e4bbe4b
Merge pull request #46 from DO1JLR/1.12.0
Update gitea to 1.12.0
2020-06-20 15:41:33 +01:00
L3D
50fa6f1db5
Merge branch 'master' into 1.12.0 2020-06-18 21:59:19 +02:00
L3D
815d06b7d8
Update gitea to 1.12.0
New gitea release [1.12.0](https://github.com/go-gitea/gitea/releases/tag/v1.12.0) is available \o/
2020-06-18 21:58:09 +02:00
Leo Maroni
1df6bd8e23
Add config options for repository indexer 2020-06-18 07:41:59 +02:00
Sergej
77d593a4b9 Bugfix: set -o pipefail fails silently.
This is due the fact that Ansible often takes another default shell
to execute its commands, e.g., /bin/sh.
Solution is to require /bin/bash for the particular command.
2020-06-17 14:08:26 +01:00
Leo Maroni
2b665bdb1d Add variable to enable adding CAP_NET_BIND_SERVICE to systemd service 2020-06-03 15:16:57 +01:00
Leo Maroni
efc0363f4b Added CAP_NET_BIND_SERVICE to gitea.service to allow binding to ports
lower than 1024
2020-06-03 15:16:57 +01:00
L3D
c3891fc4b3 Update gitea to v1.11.6
New Release available:
https://github.com/go-gitea/gitea/releases/tag/v1.11.6
2020-06-03 10:51:26 +01:00
Simeon Keske
e83335d9fb add newline at the ent of the file 2020-05-19 14:21:12 +01:00
Simeon Keske
16707f4a38 Allow to set a custom Download-URL for gitea 2020-05-19 14:21:12 +01:00
Leo Maroni
8506ca4f2b Add config option to set repository path different to home_path 2020-05-19 14:19:23 +01:00
Simeon Keske
349d9dff4f fix typo in THEMES 2020-05-19 14:13:01 +01:00
Simeon Keske
259d761eb2 add variable gitea_only_allow_external_registration 2020-05-19 14:13:01 +01:00
Simeon Keske
1f88e7238a Allow to specify default theme 2020-05-19 14:13:01 +01:00
L. Alberto Giménez
7e7626ed2a Fix check mode for binary download task
In check_mode, the binary download task depends on the execution of the
previous one, which uses the module shell to fill in a variable. In the
download binary task we use a field on that variable that does not exist
in check_mode, so the task fails.

Signed-off-by: L. Alberto Giménez <agimenez@sysvalve.es>
2020-05-15 09:47:24 +01:00