* Add condition to only configure fail2ban if it is installed
* Add package_facts to determine if fail2ban is installed
* Added warning message by @DO1JLR
+ Warning message by @DO1JLR
-> The message will prompt a warning to the user if fail2ban is not installed without stopping the execution.
+ removed trailing whitespaces
* added new vars for lfs remote usage
git lfs can be hosted elsewhere and therefore need some config
* added configuration describtion for lfs vars
* added new vars for notifications
* added describtion for new vars for mail notis
* added gitea_lfs_secret describtion to README
* remove whitespaces and lines
* upgraded minimum ansible version to 2.10
* refactored coansible to use minimum version 2.10
* Cleanup template (#85)
improve template and create loglevel variable
* update requirements for molecule (#78)
* start upgrading requirements
* add some more updated requirements
* add another junk
* add another junk
* update ansible version
* modify backup on upgrade (#81)
* create backup direcotry
create a backup folder and move the gitea backup to backup.yml
* make the backup on update optional
Documentation and introduction of the variable `gitea_backup_on_upgrade: false`
* change become_method to sudo
change become_method to sudo as suggested by @wzzrd. removed become_flags.
* Full path to gitea binary in backup task. thanks to @wzzrd
* update gitea to 1.13.4 (#86)
The current release of gitea is [v1.13.4](https://github.com/go-gitea/gitea/releases/tag/v1.13.4).
The current master of this role is not able to do a version update properly. PLEASE first merge https://github.com/thomas-maurice/ansible-role-gitea/pull/81
* Bump pyyaml from 5.3.1 to 5.4 (#89)
Bumps [pyyaml](https://github.com/yaml/pyyaml) from 5.3.1 to 5.4.
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/master/CHANGES)
- [Commits](https://github.com/yaml/pyyaml/compare/5.3.1...5.4)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* bump gitea version (#87)
fixes security issues https://github.com/go-gitea/gitea/releases/tag/v1.13.6
* added new vars for lfs remote usage
git lfs can be hosted elsewhere and therefore need some config
added configuration describtion for lfs vars
added new vars for notifications
added describtion for new vars for mail notis
added gitea_lfs_secret describtion to README
remove whitespaces and lines
upgraded minimum ansible version to 2.10
refactored coansible to use minimum version 2.10
Co-authored-by: L3D <l3d@c3woc.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Timmerman <jens.timmerman@gmail.com>
* create backup direcotry
create a backup folder and move the gitea backup to backup.yml
* make the backup on update optional
Documentation and introduction of the variable `gitea_backup_on_upgrade: false`
* change become_method to sudo
change become_method to sudo as suggested by @wzzrd. removed become_flags.
* Full path to gitea binary in backup task. thanks to @wzzrd
Supported SSL modues for PostgreSQL are: disabled, require, verify-ca
and verify-full.
This fix adds `verify-ca` to README.md and gitea.ini.j2, and corrects
`require` to `required` in README.md.
* Gitea user should be a system user
* Improve installation system
* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading
* Improve ARM support
* Improve support for Vault Encrypted JWT tokens
* Fix spacing in gitea configuration template
When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.
* add proper redhat/debian deps for molecule testing
* Gitea group should be a system group
* fix linting for CI
* Update CI and meta information for up-to-date tests and distros
* molecule: fix typo for redhat packages
* fix typo
* bump gitea version to 1.13.1
* Use Ubuntu keyservers to play nicely with everyone
* Update minimum required ansible version to 2.9.8
This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8
* Replace yes by True to please the linting
* Truthy values needs to be lower-case
* bump gitea version to 1.13.2
* perform gitea dump as gitea user
* need to set become to yes
* autogenerate JWT_SECRETS (#77)
* autogenerate JWT_SECRETS
Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.
The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.
* drop ansible.builtin. syntax
* Update file permissions for "{{ gitea_home }}" (#75)
The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files.
This should be done better. And I have done here now.
By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me
```
find . -type f -exec chmod a-x {} \+;
find . -type f -exec chmod u=rwX {} \+;
```
* Bump cryptography from 3.2 to 3.3.2 (#79)
Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Gitea user should be a system user
* Improve installation system
* Download archive instead of binary
* Add checksum validation
* Add GPG check
* Add backup process before upgrading
* Improve ARM support
* Fix spacing in gitea configuration template
When Gitea rewrite the configuration file (e.g.: the JWT token is not
set or doesn't fit their criteria), it'll align space on a per-section
basis in the .ini file.
If the template is not properly spaced, at the next Ansible run, you'll
have an enormous diff, hidding what the real changes are.
* add proper redhat/debian deps for molecule testing
* Gitea group should be a system group
* fix linting for CI
* Update CI and meta information for up-to-date tests and distros
* molecule: fix typo for redhat packages
* fix typo
* bump gitea version to 1.13.1
* Use Ubuntu keyservers to play nicely with everyone
* Update minimum required ansible version to 2.9.8
This is required for Ubuntu Focal, which comes with systemd >= 245
The Get Facts modules doesn't work well with it before the bugfix
introduced in 2.9.8
* Replace yes by True to please the linting
* Truthy values needs to be lower-case
* bump gitea version to 1.13.2
* perform gitea dump as gitea user
* need to set become to yes
* check-variables.yml doesn't exists anymore
Co-authored-by: L3D <l3d@c3woc.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The file permissions for {{ gitea_home }} especially in conjunction with the recurse: true flag are on closer inspection very open to all and also have a +x set on files.
This should be done better. And I have done here now.
By the way: To improve the -x on normal files in his gitea installation this shell command was useful for me
```
find . -type f -exec chmod a-x {} \+;
find . -type f -exec chmod u=rwX {} \+;
```
* autogenerate JWT_SECRETS
Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.
The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.
* drop ansible.builtin. syntax
* delete trailing whitespace
* Add gitea_group
This will add the `gitea_group: gitea` and will probably
RESOLVE https://github.com/thomas-maurice/ansible-role-gitea/issues/70
* update variable length
update variable length to make this role idempotent
* vars should not include special character
There is this linting message:
```
[208] File permissions unset or incorrect
tasks/main.yml:27
Task/Handler: Create config and data directory
```
I fixed it in this commit and added a github action
to run the official™ ansible linting check!
gitea 1.13.0 was released which fixes security issues
some breaking changes were reported in the release notes but I didn't find any issues with them on my system, caution is advised
Support Gitea development, we now have a shop for Swag
SECURITY
Add Allow-/Block-List for Migrate & Mirrors (#13610) (#13776)
Prevent git operations for inactive users (#13527) (#13536)
Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13524)
Mitigate Security vulnerability in the git hook feature (#13058)
Disable DSA ssh keys by default (#13056)
Set TLS minimum version to 1.2 (#12689)
Use argon as default password hash algorithm (#12688)
BREAKING
Set RUN_MODE prod by default (#13765) (#13767)
Don't replace underscores in auto-generated IDs in goldmark (#12805)
Add Primary Key to Topic and RepoTopic tables (#12639)
Disable password complexity check default (#12557)
Change PIDFile default from /var/run/gitea.pid to /run/gitea.pid (#12500)
Add extension Support to Attachments (allow all types for releases) (#12465)
Remove IE11 Support (#11470)
Recursively set the gitea user as owner of all it's directories (and create /indexers and /logs directories.
This is needed if one tried to start gitea as root before.