fix logging path

.github/workflows/ansible-linting-check.yml

@@ -1,22 +0,0 @@
----
-name: Ansible Lint check
-
-# yamllint disable-line rule:truthy
-on: [push, pull_request]
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Lint Ansible Playbook
-        uses: ansible/ansible-lint-action@master
-        with:
-          targets: "."
-          # [required]
-          # Paths to ansible files (i.e., playbooks, tasks, handlers etc..)
-          args: ""
-          # [optional]

.travis.yml

@@ -7,12 +7,11 @@ env:
   matrix:
     - MOLECULE_DISTRO: centos8
     - MOLECULE_DISTRO: centos7
-    - MOLECULE_DISTRO: ubuntu2004
     - MOLECULE_DISTRO: ubuntu1804
     - MOLECULE_DISTRO: ubuntu1604
     - MOLECULE_DISTRO: debian10
     - MOLECULE_DISTRO: debian9
-    - MOLECULE_DISTRO: fedora33
+    - MOLECULE_DISTRO: fedora31
 
 services:
   - docker

README.md

@@ -58,11 +58,9 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
 
 * `gitea_version_check`: Check if installed version != `gitea_version` before initiating binary download
 * `gitea_user`: UNIX user used by Gitea
-* `gitea_group`: UNIX group used by Gitea
 * `gitea_home`: Base directory to work
 * `gitea_dl_url`: The URL, the compiled gitea-binary will be downloaded from
 * `gitea_systemd_cap_net_bind_service`: Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file
-* `gitea_extra_config`: Additional configuration
 
 ### Look and feel
 
@@ -71,18 +69,14 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
 * `gitea_disable_gravatar`: Do you want to disable Gravatar ? (privacy and so on) (true/false)
 * `gitea_offline_mode`: Same but for disabling CDNs for frontend assets (true/false)
 * `gitea_disable_registration`: Do you want to disable user registration ? (true/false)
-* `gitea_register_email_confirm`: Enable this to ask for mail confirmation of registration. Requires `gitea_mailer_enabled` to be enabled (Default: `false`)
 * `gitea_only_allow_external_registration`: Do you want to force registration only using third-party services ? (true/false)
 * `gitea_show_registration_button`: Do you want to show the registration button? (true/false)
 * `gitea_require_signin`: Do you require a signin to see repo's (even public ones) ? (true/false)
 * `gitea_enable_captcha`: Do you want to enable captcha's ? (true/false)
-* `gitea_themes`: List of enabled themes
-* `gitea_theme_default`: Default theme
-
-### Security
 * `gitea_secret_key`: Cookie secret key
 * `gitea_internal_token`: Internal API token
-* `gitea_disable_git_hooks`: Do you want to disable the interface to add git hooks? If enabled it could be a security bug as it can be used for RCE. Defaults to true (true/false)
+* `gitea_themes`: List of enabled themes
+* `gitea_theme_default`: Default theme
 
 ### Limits
 
@@ -94,9 +88,8 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
 * `gitea_root_url`: Root URL used to access your web app (full URL)
 * `gitea_protocol`: Listening protocol (http/https)
 * `gitea_http_listen`: Bind address
-* `gitea_http_port`: Bind port (redirect from `80` will be activated if value is `443` - Default: `3000`)
+* `gitea_http_port`: Bind port
 * `gitea_disable_http_git`: Disable the use of Git over HTTP ? (true/false)
-* `gitea_http_letsencrypt_mail` Enable Let`s Encrypt if a email address is given
 
 ### SSH configuration
 
@@ -112,7 +105,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
 * `gitea_db_name`: Database name
 * `gitea_db_user`: Database username
 * `gitea_db_password`: Database password
-* `gitea_db_ssl`: Use SSL ? (postgres only!). Can be `require`, `disable`, `verify-ca` or `verify-full`
+* `gitea_db_ssl`: Use SSL ? (postgres only!). Can be `required`, `disable`, `verify-full`
 * `gitea_db_path`: DB path, if you use `sqlite3`. The default is good enough to work though.
 
 ### Mailer configuration
@@ -124,16 +117,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
 * `gitea_mailer_user`: SMTP server username
 * `gitea_mailer_password`: SMTP server password
 * `gitea_mailer_from`: Sender mail address
-* `gitea_subject_prefix`: Prefix to be placed before e-mail subject lines (Default: ``)
 * `gitea_enable_notify_mail`:  Whether e-mail should be send to watchers of a repository when something happens. Default: `false`
-* `gitea_mail_default`: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disable  (Default: `onmention` )
-* `gitea_autowatch_new_repo`: Enable this to let all organisation users watch new repos when they are created (Default: `false`)
-* `gitea_autowatch_on_change`: Enable this to make users watch a repository after their first commit to it (Default: `true`)
-* `gitea_show_mailstones_dashboard`: Enable this to show the milestones dashboard page - a view of all the user’s milestones (Default: `true`)
-
-### Log configuration
-* `gitea_log_systemd` Disable logging into `file`, use systemd-journald
-* `gitea_log_only_warning` Log only warnings or above, no http access or sql logging (Default: `true`)
 
 ### Fail2Ban configuration
 
@@ -150,12 +134,8 @@ As this will only deploy config files, fail2ban already has to be installed or o
 ### Oauth2 provider configuration
 
 * `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false)
-* `gitea_oauth2_jwt_secret`: Oauth2 JWT secret. Can be generated with ``gitea generate secret JWT_SECRET``
+* `gitea_oauth2_jwt_secret`: JWT secret, cannot be longer than 32 characters
 
-### GIT LFS configuration
-* `gitea_lfs_enabled`: Enable GIT LFS (large filesystem)
-* `gitea_lfs_mode`: should lfs be in offline mode (true/false)
-* `gitea_lfs_secret`: JWT secret for remote LFS usage 
 
 ### Metrics endpoint configuration
 
@@ -170,10 +150,6 @@ As this will only deploy config files, fail2ban already has to be installed or o
 * `gitea_repo_exclude_vendored`: Exclude vendored files from the index. Default: `true`
 * `gitea_repo_indexer_max_file_size`: Maximum size of files to be indexed (in bytes). Default: `1048576` (1 MB)
 
-### backup on upgrade
-* `gitea_backup_on_upgrade`: Optionally a backup can be created with every update of gitea. Default: `false`
-* `gitea_backup_location`: Where to store the gitea backup if one is created with this role. Default: `{{ gitea_home }}/backups/`
-
 ## Contributing
 Don't hesitate to create a pull request, and when in doubt you can reach me on
 Twitter [@thomas_maurice](https://twitter.com/thomas_maurice).

defaults/main.yml

@@ -1,18 +1,15 @@
 ---
-gitea_version: "1.17.1"
+gitea_version: "1.12.0"
 gitea_version_check: true
 gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}"
-gitea_gpg_key: "7C9E68152594688862D62AF62D9AE806EC1592E2"
-gitea_gpg_server: "hkps://keys.openpgp.org"
 
 gitea_app_name: "Gitea"
 gitea_user: "gitea"
-gitea_group: "gitea"
 gitea_home: "/var/lib/gitea"
 gitea_shell: "/bin/false"
 gitea_systemd_cap_net_bind_service: false
 
-gitea_repository_root: "{{ gitea_home }}/repos"
+gitea_repository_root: "{{ gitea_home }}"
 gitea_user_repo_limit: -1
 
 gitea_http_domain: localhost
@@ -20,15 +17,11 @@ gitea_root_url: http://localhost:3000
 gitea_protocol: http
 gitea_http_listen: 127.0.0.1
 gitea_http_port: 3000
-# gitea_http_letsencrypt_mail:  - required
 gitea_disable_http_git: false
 gitea_offline_mode: true
 
 gitea_lfs_server_enabled: false
-gitea_lfs_content_path: "{{ gitea_home }}/data/lfs"
-gitea_lfs_jwt_secret: ''
-gitea_lfs_secret: SomethingVeryLong
-gitea_lfs_mode: true
+gitea_lfs_content_path: "data/lfs"
 
 gitea_db_type: sqlite3
 gitea_db_host: 127.0.0.0:3306
@@ -45,21 +38,15 @@ gitea_ssh_port: 2222
 
 gitea_secret_key: T0pS3cr31
 gitea_internal_token: SomethingVeryLong
-gitea_disable_git_hooks: true
 
 gitea_show_user_email: false
 gitea_disable_gravatar: true
 gitea_disable_registration: false
-gitea_register_email_confirm: false
 gitea_show_registration_button: true
 gitea_require_signin: true
 gitea_enable_captcha: true
 gitea_only_allow_external_registration: false
 gitea_enable_notify_mail: false
-gitea_mail_default: onmention
-gitea_autowatch_new_repo: false
-gitea_autowatch_on_change: true
-gitea_show_mailstones_dashboard: true
 
 gitea_force_private: false
 
@@ -70,12 +57,8 @@ gitea_mailer_host: localhost:25
 gitea_mailer_from: noreply@your.domain
 gitea_mailer_user: ""
 gitea_mailer_password: ""
-gitea_subject_prefix: ""
 gitea_mailer_type: smtp
 
-gitea_log_systemd: false
-gitea_log_only_warning: true
-
 gitea_fail2ban_enabled: false
 gitea_fail2ban_jail_maxretry: 10
 gitea_fail2ban_jail_findtime: 3600
@@ -83,7 +66,7 @@ gitea_fail2ban_jail_bantime: 900
 gitea_fail2ban_jail_action: iptables-allports
 
 gitea_oauth2_enabled: true
-gitea_oauth2_jwt_secret: ''
+gitea_oauth2_jwt_secret: ChangeMe
 
 gitea_metrics_enabled: false
 gitea_metrics_token: ~
@@ -96,10 +79,3 @@ gitea_repo_indexer_include: ""
 gitea_repo_indexer_exclude: ""
 gitea_repo_exclude_vendored: true
 gitea_repo_indexer_max_file_size: 1048576
-
-gitea_log_level: Info
-
-gitea_extra_config: ""
-
-gitea_backup_on_upgrade: false
-gitea_backup_location: "{{ gitea_home }}/backups/"

handlers/main.yml

@@ -1,17 +1,17 @@
 ---
 - name: "Restart gitea"
-  ansible.builtin.service:
+  service:
     name: gitea
     state: restarted
   when: ansible_service_mgr == "systemd"
 
 - name: "Reload systemd"
-  ansible.builtin.systemd:
+  systemd:
     daemon_reload: true
   when: ansible_service_mgr == "systemd"
 
 - name: "Restart fail2ban"
-  ansible.builtin.service:
+  service:
     name: fail2ban
     state: restarted
   when: ansible_service_mgr == "systemd"

meta/main.yml

@@ -2,7 +2,7 @@
 galaxy_info:
   author: Thomas Maurice
   description: Ansible Role - Gitea
-  min_ansible_version: 2.10
+  min_ansible_version: 2.7.9
   license: BSD-3-Clause
   galaxy_tags:
     - git
@@ -16,17 +16,12 @@ galaxy_info:
   platforms:
     - name: Debian
       versions:
+        - jessie
         - stretch
-        - buster
+    - name: EL
+      versions:
+        - 7
     - name: Ubuntu
       versions:
         - xenial
         - bionic
-        - focal
-    - name: CentOS
-      versions:
-        - 7
-        - 8
-    - name: Fedora
-      versions:
-        - 33

molecule/default/prepare.yml

@@ -1,27 +1,22 @@
 ---
-- name: Prepare
+- name: Perpare
   hosts: all
   become: true
   tasks:
     - name: install dependencies for gitea (RedHat based systems)
       yum:
-        name: "{{ redhat_packages }}"
+        name: "{{ packages }}"
         state: present
         update_cache: true
       when: ansible_os_family == "RedHat"
     - name: install dependencies for gitea (Debian based systems)
       apt:
-        name: "{{ debian_packages }}"
+        name: "{{ packages }}"
         state: present
         update_cache: true
       when: ansible_os_family == "Debian"
 
   vars:
-    debian_packages:
+    packages:
       - git
       - curl
-      - xz-utils
-    redhat_packages:
-      - git
-      - curl
-      - xz

requirements-travis.txt

@@ -1,21 +1,24 @@
-ansible==2.10.7
+ansible==2.9.6
 ansible-lint==4.2.0
 anyconfig==0.9.7
 arrow==0.15.5
 asn1crypto==0.24.0
+atomicwrites==1.3.0
+attrs==19.1.0
+autopep8==1.5.1
+bcrypt==3.1.7
 binaryornot==0.4.4
 Cerberus==1.3.2
-certifi==2020.12.5
-cffi==1.14.4
-chardet==4.0.0
-click==7.1.2
+certifi==2020.4.5.1
+cffi==1.14.0
+chardet==3.0.4
+click==7.1.1
 click-completion==0.5.2
-click-help-colors==0.9
-colorama==0.4.4
-cookiecutter==1.7.2
-cryptography==3.3.1
-cryptography==3.3.2
-docker==4.4.1
+click-help-colors==0.8
+colorama==0.4.3
+cookiecutter==1.7.0
+cryptography==2.9
+docker==4.2.0
 docker-pycreds==0.4.0
 entrypoints==0.3
 fasteners==0.15
@@ -24,23 +27,23 @@ future==0.18.2
 git-url-parse==1.2.1
 idna==2.9
 importlib-metadata==1.6.0
-Jinja2==2.11.3
+Jinja2==2.11.2
 jinja2-time==0.2.0
 MarkupSafe==1.1.1
 mccabe==0.6.1
 molecule==3.0.3
 monotonic==1.5
-more-itertools==8.6.0
-paramiko==2.7.2
-pathspec==0.8.1
-pbr==5.5.1
+more-itertools==6.0.0
+paramiko==2.7.1
+pathspec==0.8.0
+pbr==5.1.1
 pexpect==4.8.0
 pi==0.1.2
 pluggy==0.13.1
 poyo==0.5.0
 psutil==5.6.6
 ptyprocess==0.6.0
-py==1.10.0
+py==1.8.0
 pyasn1==0.4.5
 pycodestyle==2.5.0
 pycparser==2.20
@@ -49,7 +52,7 @@ PyNaCl==1.3.0
 pytest==4.3.1
 python-dateutil==2.8.1
 python-gilt==1.2.3
-PyYAML==5.4
+PyYAML==5.3.1
 requests==2.23.0
 ruamel.yaml==0.16.10
 ruamel.yaml.clib==0.2.0
@@ -57,10 +60,10 @@ sh==1.12.14
 shellingham==1.3.2
 six==1.14.0
 tabulate==0.8.7
-testinfra==6.0.0
+testinfra==5.0.0
 tree-format==0.1.2
-urllib3==1.26.5
+urllib3==1.25.8
 websocket-client==0.57.0
 whichcraft==0.6.1
-yamllint==1.26.0
-zipp==3.4.0
+yamllint==1.22.1
+zipp==3.1.0

tasks/backup.yml

@@ -1,30 +0,0 @@
----
-- name: Get service facts
-  service_facts:
-
-- block:
-    - name: Stopping gitea before upgrade
-      service:
-        name: gitea
-        state: stopped
-
-    - name: "Create backup directory"
-      file:
-        path: "{{ item }}"
-        state: directory
-        owner: "{{ gitea_user }}"
-        group: "{{ gitea_group }}"
-        mode: 'u=rwx,g=rx,o='
-      with_items:
-        - "{{ gitea_backup_location }}"
-
-    - name: Backing up gitea before upgrade
-      command:
-        cmd: "/usr/local/bin/gitea dump -c /etc/gitea/gitea.ini"
-        chdir: "{{ gitea_backup_location }}"
-      become: true
-      become_user: "{{ gitea_user }}"
-  when:
-    - ansible_facts.services["gitea.service"] is defined
-    - ansible_facts.services["gitea.service"].state == "running"
-    - gitea_active_version.stdout != gitea_version

tasks/check-variables.yml

@@ -0,0 +1,7 @@
+---
+- name: run checks to ensure set variables do not crash gitea
+  block:
+    - name: "check token length"
+      fail:
+        msg: 'gitea_oauth2_jwt_secret cannot be longer than 32 characters.'
+      when: gitea_oauth2_jwt_secret | length > 32

tasks/create_user.yml

@@ -1,14 +1,7 @@
 ---
-- name: "Create Gitea Group"
-  group:
-    name: "{{ gitea_group }}"
-    system: true
-    state: "present"
-
 - name: "Create Gitea user"
-  ansible.builtin.user:
+  user:
     name: "{{ gitea_user }}"
     comment: "Gitea user"
     home: "{{ gitea_home }}"
     shell: "{{ gitea_shell }}"
-    system: true

tasks/fail2ban.yml

@@ -1,26 +1,18 @@
 ---
 - name: Install fail2ban filter
-  ansible.builtin.template:
+  template:
     src: fail2ban/filter.conf.j2
     dest: /etc/fail2ban/filter.d/gitea.conf
     owner: root
     group: root
     mode: 0444
   notify: Restart fail2ban
-  when: "'fail2ban' in ansible_facts.packages"
 
 - name: Install fail2ban jail
-  ansible.builtin.template:
+  template:
     src: fail2ban/jail.conf.j2
     dest: /etc/fail2ban/jail.d/gitea.conf
     owner: root
     group: root
     mode: 0444
   notify: Restart fail2ban
-  when: "'fail2ban' in ansible_facts.packages"
-
-- name: warn if fail2ban is not installed
-  ansible.builtin.fail:
-    msg: "the package fail2ban is not installed. no fail2ban filters deployed."
-  when: "'fail2ban' not in ansible_facts.packages"
-  ignore_errors: true

tasks/install.yml

@@ -1,71 +0,0 @@
----
-- block:
-    - name: Update apt cache
-      apt:
-        cache_valid_time: 3600
-        update_cache: true
-      register: _pre_update_apt_cache
-      until: _pre_update_apt_cache is succeeded
-      when:
-        - ansible_pkg_mgr == "apt"
-
-    - name: Install dependencies
-      package:
-        name: "{{ gitea_dependencies }}"
-        state: present
-      register: _install_dep_packages
-      until: _install_dep_packages is succeeded
-      retries: 5
-      delay: 2
-
-- block:
-    - name: Download gitea archive
-      get_url:
-        url: "{{ gitea_dl_url }}.xz"
-        dest: "/tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz"
-        checksum: "sha256:{{ gitea_dl_url }}.xz.sha256"
-      register: _download_archive
-      until: _download_archive is succeeded
-      retries: 5
-      delay: 2
-
-    - name: Download gitea asc file
-      get_url:
-        url: "{{ gitea_dl_url }}.xz.asc"
-        dest: "/tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz.asc"
-      register: _download_asc
-      until: _download_asc is succeeded
-      retries: 5
-      delay: 2
-
-    - name: Check gitea gpg key
-      command: "gpg --list-keys 0x{{ gitea_gpg_key }}"
-      register: _gitea_gpg_key_status
-      changed_when: false
-      failed_when: _gitea_gpg_key_status.rc not in (0, 2)
-
-    - name: Import gitea gpg key
-      command: "gpg --keyserver {{ gitea_gpg_server }} --recv {{ gitea_gpg_key }}"
-      register: _gitea_import_key
-      changed_when: '"imported: 1" in _gitea_import_key.stderr'
-      when: _gitea_gpg_key_status.rc != 0
-
-    - name: Check archive signature
-      command: "gpg --verify /tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz.asc /tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz"
-      changed_when: false
-
-    - name: Unpack gitea binary
-      command:
-        cmd: "xz -k -d /tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}.xz"
-        creates: "/tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}"
-
-    - name: Propagate gitea binary
-      copy:
-        src: "/tmp/gitea-{{ gitea_version }}.linux-{{ gitea_arch }}"
-        remote_src: true
-        dest: "/usr/local/bin/gitea"
-        mode: 0755
-        owner: root
-        group: root
-      notify: "Restart gitea"
-  when: (not gitea_version_check|bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version))

tasks/install_systemd.yml

@@ -1,6 +1,6 @@
 ---
 - name: "Setup systemd service"
-  ansible.builtin.template:
+  template:
     src: gitea.service.j2
     dest: /lib/systemd/system/gitea.service
     owner: root
@@ -10,8 +10,6 @@
     - "Reload systemd"
     - "Restart gitea"
 
-# systemd to be reloaded the first time because
-#  it is the only way Systemd is going to be aware of the new unit file.
 - name: "Reload systemd"
-  ansible.builtin.systemd:
+  systemd:
     daemon_reload: true

tasks/jwt_secrets.yml

@@ -1,38 +0,0 @@
----
-- name: generate OAuth2 JWT_SECRET if not provided
-  become: true
-  shell: 'umask 077; /usr/local/bin/gitea generate secret JWT_SECRET > /etc/gitea/gitea_oauth_jwt_secret'
-  args:
-    creates: '/etc/gitea/gitea_oauth_jwt_secret'
-  when: gitea_oauth2_jwt_secret | length == 0
-
-- name: read OAuth2 JWT_SECRET from file
-  become: true
-  slurp:
-    src: '/etc/gitea/gitea_oauth_jwt_secret'
-  register: oauth_jwt_secret
-  when: gitea_oauth2_jwt_secret | length == 0
-
-- name: set fact gitea_oauth2_jwt_secret
-  set_fact:
-    gitea_oauth2_jwt_secret: "{{ oauth_jwt_secret['content'] | b64decode }}"
-  when: gitea_oauth2_jwt_secret | length == 0
-
-- name: generate LFS JWT_SECRET if not provided
-  become: true
-  shell: 'umask 077; /usr/local/bin/gitea generate secret JWT_SECRET > /etc/gitea/gitea_lfs_jwt_secret'
-  args:
-    creates: '/etc/gitea/gitea_lfs_jwt_secret'
-  when: gitea_lfs_jwt_secret | length == 0
-
-- name: read LFS JWT_SECRET from file
-  become: true
-  slurp:
-    src: '/etc/gitea/gitea_lfs_jwt_secret'
-  register: lfs_jwt_secret
-  when: gitea_lfs_jwt_secret | length == 0
-
-- name: set fact gitea_lfs_jwt_secret
-  set_fact:
-    gitea_lfs_jwt_secret: "{{ lfs_jwt_secret['content'] | b64decode }}"
-  when: gitea_lfs_jwt_secret | length == 0

tasks/main.yml

@@ -1,19 +1,9 @@
 ---
-- name: Gather variables for each operating system
-  include_vars: "{{ item }}"
-  with_first_found:
-    - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
-    - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
-    - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
-    - "{{ ansible_distribution | lower }}.yml"
-    - "{{ ansible_os_family | lower }}.yml"
 
-- name: Gather installed packages for checks in the role (fail2ban)
-  ansible.builtin.package_facts:
-    manager: auto
+- include: check-variables.yml
 
 - name: "Check gitea version"
-  ansible.builtin.shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3"
+  shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3"
   args:
     executable: /bin/bash
   register: gitea_active_version
@@ -22,7 +12,7 @@
   when: gitea_version_check|bool
 
 - name: "Download the binary"
-  ansible.builtin.get_url:
+  get_url:
     url: "{{ gitea_dl_url }}"
     dest: /usr/local/bin/gitea
     owner: root
@@ -35,24 +25,13 @@
 - include: create_user.yml
 
 - name: "Create config and data directory"
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: directory
-    owner: "{{ gitea_user }}"
-    group: "{{ gitea_group }}"
-    mode: '0755'
-  with_items:
-    - "/etc/gitea"
-
-- name: "Create data directory"
   file:
     path: "{{ item }}"
     state: directory
     owner: "{{ gitea_user }}"
-    group: "{{ gitea_group }}"
-    mode: 'u=rwX,g=rX,o='
-    recurse: true
+    recurse: True
   with_items:
+    - "/etc/gitea"
     - "{{ gitea_home }}"
     - "{{ gitea_home }}/data"
     - "{{ gitea_home }}/custom"
@@ -60,28 +39,25 @@
     - "{{ gitea_home }}/custom/mailer"
     - "{{ gitea_home }}/indexers"
     - "{{ gitea_home }}/log"
-    - "{{ gitea_repository_root }}"
 
 - include: install_systemd.yml
   when: ansible_service_mgr == "systemd"
 
-- include_tasks: jwt_secrets.yml
 - name: 'Install git'
-  ansible.builtin.package:
+  package:
     name: 'git'
     state: 'present'
 
 - name: "Configure gitea"
-  ansible.builtin.template:
+  template:
     src: gitea.ini.j2
     dest: /etc/gitea/gitea.ini
     owner: "{{ gitea_user }}"
-    group: "{{ gitea_group }}"
     mode: 0600
   notify: "Restart gitea"
 
 - name: "Service gitea"
-  ansible.builtin.service:
+  service:
     name: gitea
     state: started
     enabled: true

templates/gitea.ini.j2

@@ -3,219 +3,193 @@
 ;
 ; This file overwrites the default values from gitea.
 ; undefined variables will use the default value from gitea.
-; Cheat Sheet: https://docs.gitea.io/en-us/config-cheat-sheet/
+; Cheat Sheet: https://docs.gitea.io/en-us/config-cheat-sheet/ 
 ;
 ; App name that shows on every page title
-APP_NAME = {{ gitea_app_name }}
+APP_NAME = {{ gitea_app_name }}
 ; Change it if you run locally
 RUN_USER = {{ gitea_user }}
 ; Either "dev", "prod" or "test", default is "dev"
 RUN_MODE = prod
 
 [repository]
-ROOT                = {{ gitea_repository_root }}
+ROOT                  = {{ gitea_repository_root }}
 ; Force every new repository to be private
-FORCE_PRIVATE       = {{ gitea_force_private | ternary('true', 'false') }}
+FORCE_PRIVATE         = {{ gitea_force_private }}
 ; Global limit of repositories per user, applied at creation time. -1 means no limit
-MAX_CREATION_LIMIT  = {{ gitea_user_repo_limit }}
+MAX_CREATION_LIMIT    = {{ gitea_user_repo_limit }}
 ; Mirror sync queue length, increase if mirror syncing starts hanging
 MIRROR_QUEUE_LENGTH = 1000
 ; Disable the ability to interact with repositories using the HTTP protocol
-DISABLE_HTTP_GIT    = {{ gitea_disable_http_git | ternary('true', 'false') }}
+DISABLE_HTTP_GIT      = {{ gitea_disable_http_git }}
 
 [ui]
 ; Whether the email of the user should be shown in the Explore Users page
-SHOW_USER_EMAIL = {{ gitea_show_user_email | ternary('true', 'false') }}
-THEMES          = {{ gitea_themes }}
-DEFAULT_THEME   = {{ gitea_theme_default }}
+SHOW_USER_EMAIL       = {{ gitea_show_user_email }}
+THEMES                = {{ gitea_themes }}
+DEFAULT_THEME         = {{ gitea_theme_default }}
 
 [server]
 ; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'.
-PROTOCOL         = {{ gitea_protocol }}
-DOMAIN           = {{ gitea_http_domain }}
-ROOT_URL         = {{ gitea_root_url }}
+PROTOCOL              = {{ gitea_protocol }}
+DOMAIN                = {{ gitea_http_domain }}
+ROOT_URL              = {{ gitea_root_url }}
 ; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
 HTTP_ADDR             = {{ gitea_http_listen }}
 HTTP_PORT             = {{ gitea_http_port }}
-{% if gitea_http_port == 443 %}
-PORT_TO_REDIRECT      = 80
-{% endif %}
-{% if gitea_http_letsencrypt_mail is defined %}
-ENABLE_LETSENCRYPT    = true
-LETSENCRYPT_ACCEPTTOS = true
-LETSENCRYPT_EMAIL     = {{ gitea_http_letsencrypt_mail }}
-{% endif %}
 ; Disable SSH feature when not available
-DISABLE_SSH      = false
+DISABLE_SSH = false
 ; Whether to use the builtin SSH server or not.
-START_SSH_SERVER = {{ gitea_start_ssh | ternary('true', 'false') }}
+START_SSH_SERVER      = {{ gitea_start_ssh }}
 ; Domain name to be exposed in clone URL
-SSH_DOMAIN       = {{ gitea_ssh_domain }}
+SSH_DOMAIN            = {{ gitea_ssh_domain }}
 ; The network interface the builtin SSH server should listen on
-SSH_LISTEN_HOST  = {{ gitea_ssh_listen }}
+SSH_LISTEN_HOST       = {{ gitea_ssh_listen }}
 ; Port number to be exposed in clone URL
-SSH_PORT         = {{ gitea_ssh_port }}
+SSH_PORT              = {{ gitea_ssh_port }}
 ; The port number the builtin SSH server should listen on
-SSH_LISTEN_PORT  = %(SSH_PORT)s
+SSH_LISTEN_PORT       = %(SSH_PORT)s
 ; Disable CDN even in "prod" mode
-OFFLINE_MODE     = {{ gitea_offline_mode | ternary('true', 'false') }}
+OFFLINE_MODE          = {{ gitea_offline_mode }}
 ; Default path for App data
-APP_DATA_PATH    = {{ gitea_home }}/data
-{% if gitea_lfs_server_enabled | bool -%}
+APP_DATA_PATH         = {{ gitea_home }}/data
+{%- if gitea_lfs_server_enabled | bool %}
 ;Enables git-lfs support.
-LFS_START_SERVER = true
+LFS_START_SERVER      = true
 ; Where to store LFS files.
-LFS_CONTENT_PATH = {{ gitea_lfs_content_path }}
-; LFS authentication secret
-LFS_JWT_SECRET   = {{ gitea_lfs_jwt_secret }}
 LFS_CONTENT_PATH      = {{ gitea_lfs_content_path }}
-; if the LFS sotre is not offline/local
-LFS_JWT_SECRET       = {{ gitea_lfs_secret }} 
-OFFLINE_MODE         = {{ gitea_lfs_mode }}
-{% endif %}
+{%- endif %}
+
 [database]
 ; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
-DB_TYPE  = {{ gitea_db_type }}
-HOST     = {{ gitea_db_host }}
-NAME     = {{ gitea_db_name }}
-USER     = {{ gitea_db_user }}
+DB_TYPE               = {{ gitea_db_type }}
+HOST                  = {{ gitea_db_host }}
+NAME                  = {{ gitea_db_name }}
+USER                  = {{ gitea_db_user }}
 ; Use PASSWD = `your password` for quoting if you use special characters in the password.
-PASSWD   = {{ gitea_db_password }}
-; For Postgres, either "disable" (default), "require", "verify-ca" or "verify-full"
+PASSWD                = {{ gitea_db_password }}
+; For Postgres, either "disable" (default), "require", or "verify-full"
 ; For MySQL, either "false" (default), "true", or "skip-verify"
-SSL_MODE = {{ gitea_db_ssl }}
+SSL_MODE              = {{ gitea_db_ssl }}
 ; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
 PATH                  = {{ gitea_db_path }}
-{% if gitea_log_only_warning %}
-LOG_SQL               = false
-{% endif %}
 
 [indexer]
 ; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
-ISSUE_INDEXER_PATH            = {{ gitea_home }}/indexers/issues.bleve
+ISSUE_INDEXER_PATH    = {{ gitea_home }}/indexers/issues.bleve
 ; Issue indexer queue, currently support: channel or levelqueue, default is levelqueue
-ISSUE_INDEXER_QUEUE_TYPE      = levelqueue
+ISSUE_INDEXER_QUEUE_TYPE = levelqueue
 ; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path,
 ; default is indexers/issues.queue
-ISSUE_INDEXER_QUEUE_DIR       = {{ gitea_home }}/indexers/issues.queue
+ISSUE_INDEXER_QUEUE_DIR = {{ gitea_home }}/indexers/issues.queue
+
 ; repo indexer by default disabled, since it uses a lot of disk space
-REPO_INDEXER_ENABLED          = {{ gitea_repo_indexer_enabled }}
-REPO_INDEXER_PATH             = {{ gitea_home }}/indexers/repos.bleve
-REPO_INDEXER_INCLUDE          = {{ gitea_repo_indexer_include }}
-REPO_INDEXER_EXCLUDE          = {{ gitea_repo_indexer_exclude }}
+REPO_INDEXER_ENABLED = {{ gitea_repo_indexer_enabled }}
+REPO_INDEXER_PATH       = {{ gitea_home }}/indexers/repos.bleve
+REPO_INDEXER_INCLUDE = {{ gitea_repo_indexer_include }}
+REPO_INDEXER_EXCLUDE = {{ gitea_repo_indexer_exclude }}
 REPO_INDEXER_EXCLUDE_VENDORED = {{ gitea_repo_exclude_vendored }}
-MAX_FILE_SIZE                 = {{ gitea_repo_indexer_max_file_size }}
+MAX_FILE_SIZE = {{ gitea_repo_indexer_max_file_size }}
 
 [security]
 ; Whether the installer is disabled
-INSTALL_LOCK        = true
+INSTALL_LOCK = true
 ; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
-SECRET_KEY          = {{ gitea_secret_key }}
-INTERNAL_TOKEN      = {{ gitea_internal_token }}
+SECRET_KEY              = {{ gitea_secret_key }}
+INTERNAL_TOKEN          = {{ gitea_internal_token }}
 ; How long to remember that an user is logged in before requiring relogin (in days)
 LOGIN_REMEMBER_DAYS = 7
-DISABLE_GIT_HOOKS   = {{ gitea_disable_git_hooks | ternary('true', 'false') }}
 
 [service]
 ; Disallow registration, only allow admins to create accounts.
 DISABLE_REGISTRATION    = {{ gitea_disable_registration }}
-REGISTER_EMAIL_CONFIRM  = {{ gitea_register_email_confirm }}
 ; User must sign in to view anything.
-REQUIRE_SIGNIN_VIEW              = {{ gitea_require_signin | ternary('true', 'false') }}
+REQUIRE_SIGNIN_VIEW     = {{ gitea_require_signin }}
 ; Enable captcha validation for registration
-ENABLE_CAPTCHA                   = {{ gitea_enable_captcha | ternary('true', 'false') }}
+ENABLE_CAPTCHA          = {{ gitea_enable_captcha }}
 ; Type of captcha you want to use. Options: image, recaptcha
-CAPTCHA_TYPE                     = image
+CAPTCHA_TYPE = image
 ; Enable recaptcha to use Google's recaptcha service
 ; Go to https://www.google.com/recaptcha/admin to sign up for a key
-RECAPTCHA_SECRET                 =
-RECAPTCHA_SITEKEY                =
+RECAPTCHA_SECRET  =
+RECAPTCHA_SITEKEY =
 ; Show Registration button
 SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button }}
 ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration }}
 ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail }}
-DEFAULT_EMAIL_NOTIFICATIONS       = {{ gitea_mail_default }} 
-AUTO_WATCH_NEW_REPOS              = {{ gitea_autowatch_new_repo }} 
-AUTO_WATCH_ON_CHANGES             = {{ gitea_autowatch_on_change }} 
-SHOW_MILESTONES_DASHBOARD_PAGE    = {{ gitea_show_mailstones_dashboard }} 
 
 [mailer]
-ENABLED            = {{ gitea_mailer_enabled | ternary('true', 'false') }}
+ENABLED                 = {{ gitea_mailer_enabled }}
 ; Mail server
 ; Gmail: smtp.gmail.com:587
 ; QQ: smtp.qq.com:465
 ; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used.
-HOST               = {{ gitea_mailer_host }}
+HOST                    = {{ gitea_mailer_host }}
+; Disable HELO operation when hostnames are different.
+DISABLE_HELO =
+; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
+HELO_HOSTNAME =
 ; Do not verify the certificate of the server. Only use this for self-signed certificates
-SKIP_VERIFY        = {{ gitea_mailer_skip_verify }}
+SKIP_VERIFY             = {{ gitea_mailer_skip_verify }}
 ; Use client certificate
-USE_CERTIFICATE    = false
-CERT_FILE          = {{ gitea_home }}/custom/mailer/cert.pem
-KEY_FILE           = {{ gitea_home }}/custom/mailer/key.pem
+USE_CERTIFICATE = false
+CERT_FILE               = {{ gitea_home }}/custom/mailer/cert.pem
+KEY_FILE                = {{ gitea_home }}/custom/mailer/key.pem
 ; Should SMTP connection use TLS
-IS_TLS_ENABLED     = {{ gitea_mailer_tls_enabled | ternary('true', 'false') }}
+IS_TLS_ENABLED = {{ gitea_mailer_tls_enabled }}
 ; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
-FROM               = {{ gitea_mailer_from }}
+FROM                    = {{ gitea_mailer_from }}
 ; Mailer user name and password
-USER               = {{ gitea_mailer_user }}
+USER                    = {{ gitea_mailer_user }}
 ; Use PASSWD = `your password` for quoting if you use special characters in the password.
-PASSWD             = {{ gitea_mailer_password }}
+PASSWD                  = `{{ gitea_mailer_password }}`
 ; Send mails as plain text
 SEND_AS_PLAIN_TEXT = false
-SUBJECT_PREFIX = {{ gitea_subject_prefix }}
 ; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
-MAILER_TYPE        = {{ gitea_mailer_type }}
+MAILER_TYPE = {{ gitea_mailer_type }}
 ; Specify an alternative sendmail binary
-SENDMAIL_PATH      = sendmail
+SENDMAIL_PATH = sendmail
+; Specify any extra sendmail arguments
+SENDMAIL_ARGS =
+
 
 [session]
 ; Either "memory", "file", or "redis", default is "memory"
-PROVIDER        = file
+PROVIDER = file
 ; Provider config options
 ; memory: doesn't have any config yet
 ; file: session file path, e.g. `data/sessions`
 ; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
 ; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
-PROVIDER_CONFIG = {{ gitea_home }}/data/sessions
+PROVIDER_CONFIG         = {{ gitea_home }}/data/sessions
 
 [picture]
-AVATAR_UPLOAD_PATH = {{ gitea_home }}/data/avatars
+AVATAR_UPLOAD_PATH      = {{ gitea_home }}/data/avatars
 ; This value will always be true in offline mode.
-DISABLE_GRAVATAR   = {{ gitea_disable_gravatar | ternary('true', 'false') }}
+DISABLE_GRAVATAR        = {{ gitea_disable_gravatar }}
 
 [attachment]
 ; Whether attachments are enabled. Defaults to `true`
 ENABLED = true
 ; Path for attachments. Defaults to `data/attachments`
-PATH    = {{ gitea_home }}/data/attachments
+PATH                    = {{ gitea_home }}/data/attachments
 
 [log]
-ROOT_PATH            = {{ gitea_home }}/log
+ROOT_PATH               = {{ gitea_home }}/log
 ; Either "console", "file", "conn", "smtp" or "database", default is "console"
 ; Use comma to separate multiple modes, e.g. "console, file"
-{% if gitea_log_systemd %}
-MODE       = console
-MACARON    = console
-{% else %}
 MODE       = file
-{% endif %}
 ; Buffer length of the channel, keep it as it is if you don't know what it is.
-BUFFER_LEN           = 10000
+BUFFER_LEN = 10000
 ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
-{% if gitea_log_only_warning %}
-LEVEL      = Warn
-REDIRECT_MACARON_LOG = true
-{% else %}
-LEVEL                = {{ gitea_log_level }}
+LEVEL      = Info
 REDIRECT_MACARON_LOG = false
-{% endif %}
 
 [oauth2]
-ENABLE     = {{ gitea_oauth2_enabled }}
+ENABLE = {{ gitea_oauth2_enabled }}
 JWT_SECRET = {{ gitea_oauth2_jwt_secret }}
 
 [metrics]
 ENABLED = {{ gitea_metrics_enabled }}
-TOKEN   = {{ gitea_metrics_token }}
+TOKEN = {{ gitea_metrics_token }}
 
-{{ gitea_extra_config }}

templates/gitea.service.j2

@@ -4,8 +4,7 @@ After=network.target
 
 [Service]
 User={{ gitea_user }}
-Group={{ gitea_group }}
-ExecStart=/usr/local/bin/gitea web -c /etc/gitea/gitea.ini --custom-path {{ gitea_home }}/custom/
+ExecStart=/usr/local/bin/gitea web -c /etc/gitea/gitea.ini
 Restart=on-failure
 WorkingDirectory={{ gitea_home }}
 {% if gitea_systemd_cap_net_bind_service %}

vars/debian.yml

@@ -1,5 +0,0 @@
----
-gitea_dependencies:
-  - git
-  - gnupg2
-  - xz-utils

vars/main.yml

@@ -1,10 +1,2 @@
 ---
-gitea_go_arch_map:
-  i386: '386'
-  x86_64: 'amd64'
-  aarch64: 'arm64'
-  armv7l: 'arm-6'
-  armv6l: 'arm-6'
-  armv5l: 'arm-5'
-
-gitea_arch: "{{ gitea_go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
+gitea_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}"

vars/redhat.yml

@@ -1,5 +0,0 @@
----
-gitea_dependencies:
-  - git
-  - gnupg2
-  - xz