diff --git a/defaults/main.yml b/defaults/main.yml
index abb7653..27e6178 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,35 +1,63 @@
---
-gitea_version: 1.16.1
-gitea_user: "gitea_adm"
-gitea_user_home: "/home/{{ gitea_user }}"
-gitea_group: "{{ gitea_user }}"
-gitea_extra_groups: []
+gitea_image: "docker.io/gitea/gitea:latest-rootless"
+gitea_url: "http://localhost:3000"
-gitea_packages:
- - git
+# @var gitea_volumes:description: > Define required docker volumes.
+# @end
+# @var gitea_volumes:example: >
+# gitea_volumes:
+# - name: data
+# # target location inside the container
+# dest: /var/lib/gitea
+# type: volume
+# @end
+gitea_volumes:
+ - name: "gitea-data"
+ dest: /var/lib/gitea
+ - name: /etc/timezone
+ dest: /etc/timezone
+ type: bind
+ opts: Z,ro
+ - name: /etc/localtime
+ dest: /etc/localtime
+ type: bind
+ opts: Z,ro
-gitea_base_dir: "/opt/gitea"
-gitea_config_dir: "{{ gitea_base_dir }}/custom/conf"
-gitea_data_dir: "{{ gitea_base_dir }}/data"
-gitea_run_dir: "{{ gitea_base_dir }}/run"
-gitea_template_dir: "{{ gitea_base_dir }}/custom/templates"
+# @var gitea_network:description: >
+# Name of the container network. If the name ends with `.network`, the network will be created with the specified configuration.
+# Otherwise, the network must already exist and the container will be attached to the network.
+# @end
+gitea_network: "gitea.network"
+gitea_network_ipv6_enabled: False
+# @var gitea_network_ipv6_subnet:value: $ "_unset_"
+# @var gitea_network_ipv6_subnet:example: $ "fd00:0:0:2::/64"
+# @var gitea_network_ipv6_gateway:value: $ "_unset_"
+# @var gitea_network_ipv6_gateway:example: $ "fd00:0:0:2::1"
-gitea_selinux_fcontext:
- - target: "{{ gitea_log_dir }}(/.*)?"
- setype: var_log_t
-gitea_selinux_restorecon:
- - "-ir {{ gitea_log_dir }}"
+# @var gitea_network_ipv4_subnet:value: $ "_unset_"
+# @var gitea_network_ipv4_gateway:value: $ "_unset_"
-gitea_bind_ip: 127.0.0.1
-gitea_bind_port: 61000
-gitea_listen_address: http://gitea.example.com
+# @var gitea_exposed_ports:description: >
+# Ports you want to publish outside of Docker. The Gitea UI is running on `3000` inside of the container.
+# @end
+gitea_exposed_ports: []
+
+gitea_cap_add: []
+gitea_cap_drop: []
+
+gitea_podman_args:
+ - --pids-limit=-1
+ - --health-cmd='["wget", "--spider", "--proxy", "off", "http://localhost:3000/api/healthz"]'
+ - --health-interval=5s
+ - --health-timeout=5s
+ - --health-retries=6
+ - --health-on-failure=kill
gitea_install_lock: True
# @var gitea_secret:description: Should be replaced by your own secret.
gitea_secret: "1234567ABCDEFG"
# @var gitea_token:description: Should be replaced by your own secret.
gitea_token: "akslkaldasasifiuvsiasfa7s7f8as7f8asd"
-gitea_run_mode: prod
gitea_login_remember_days: 7
gitea_password_min_lenght: 8
# @var gitea_password_complexity:description: >
@@ -91,7 +119,6 @@ gitea_default_dependencies_enabled: True
gitea_default_timetracking_enabled: True
gitea_log_level: Info
-gitea_log_dir: "{{ gitea_base_dir }}/log"
gitea_repository_default_private: last
gitea_repository_force_private: False
@@ -275,9 +302,3 @@ gitea_jwt_signing_algorithm: RS256
gitea_metrics_enabled: False
# @var gitea_metrics_token:description: If you want to add authorization, specify a token here.
# @var gitea_metrics_token:default: $ "_unset_"
-
-gitea_tls_enabled: False
-gitea_tls_cert_path: "{{ gitea_base_dir }}/tls/certs/mycert.pem"
-gitea_tls_key_path: "{{ gitea_base_dir }}/tls/private/mykey.pem"
-gitea_tls_cert_source: mycert.pem
-gitea_tls_key_source: mykey.pem
diff --git a/handlers/main.yml b/handlers/main.yml
index ddf0c8f..d0ca9f4 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,10 +1,7 @@
---
-- name: Restart Gitea Service
+- name: Restart Gitea
service:
name: gitea
state: restarted
- daemon_reload: yes
- enabled: yes
+ daemon_reload: True
listen: __gitea_restart
- become: True
- become_user: root
diff --git a/molecule/centos7/converge.yml b/molecule/centos7/converge.yml
deleted file mode 100644
index f1d295c..0000000
--- a/molecule/centos7/converge.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: Converge
- hosts: all
- roles:
- - role: xoxys.gitea
diff --git a/molecule/centos7/create.yml b/molecule/centos7/create.yml
deleted file mode 100644
index 8b945cd..0000000
--- a/molecule/centos7/create.yml
+++ /dev/null
@@ -1,120 +0,0 @@
----
-- name: Create
- hosts: localhost
- connection: local
- gather_facts: false
- no_log: "{{ molecule_no_log }}"
- vars:
- ssh_port: 22
- ssh_user: root
- ssh_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key"
- tasks:
- - name: Create SSH key
- user:
- name: "{{ lookup('env', 'USER') }}"
- generate_ssh_key: true
- ssh_key_file: "{{ ssh_path }}"
- force: true
- register: generated_ssh_key
-
- - name: Register the SSH key name
- set_fact:
- ssh_key_name: "molecule-generated-{{ 12345 | random | to_uuid }}"
-
- - name: Register SSH key for test instance(s)
- hcloud_ssh_key:
- name: "{{ ssh_key_name }}"
- public_key: "{{ generated_ssh_key.ssh_public_key }}"
- state: present
-
- - name: Create molecule instance(s)
- hcloud_server:
- name: "{{ item.name }}"
- server_type: "{{ item.server_type }}"
- ssh_keys:
- - "{{ ssh_key_name }}"
- image: "{{ item.image }}"
- location: "{{ item.location | default(omit) }}"
- datacenter: "{{ item.datacenter | default(omit) }}"
- user_data: "{{ item.user_data | default(omit) }}"
- api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
- state: present
- register: server
- loop: "{{ molecule_yml.platforms }}"
- async: 7200
- poll: 0
-
- - name: Wait for instance(s) creation to complete
- async_status:
- jid: "{{ item.ansible_job_id }}"
- register: hetzner_jobs
- until: hetzner_jobs.finished
- retries: 300
- loop: "{{ server.results }}"
-
- - name: Create volume(s)
- hcloud_volume:
- name: "{{ item.name }}"
- server: "{{ item.name }}"
- location: "{{ item.location | default(omit) }}"
- size: "{{ item.volume_size | default(10) }}"
- api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
- state: "present"
- loop: "{{ molecule_yml.platforms }}"
- when: item.volume | default(False) | bool
- register: volumes
- async: 7200
- poll: 0
-
- - name: Wait for volume(s) creation to complete
- async_status:
- jid: "{{ item.ansible_job_id }}"
- register: hetzner_volumes
- until: hetzner_volumes.finished
- retries: 300
- when: volumes.changed
- loop: "{{ volumes.results }}"
-
- # Mandatory configuration for Molecule to function.
-
- - name: Populate instance config dict
- set_fact:
- instance_conf_dict:
- {
- "instance": "{{ item.hcloud_server.name }}",
- "ssh_key_name": "{{ ssh_key_name }}",
- "address": "{{ item.hcloud_server.ipv4_address }}",
- "user": "{{ ssh_user }}",
- "port": "{{ ssh_port }}",
- "identity_file": "{{ ssh_path }}",
- "volume": "{{ item.item.item.volume | default(False) | bool }}",
- }
- loop: "{{ hetzner_jobs.results }}"
- register: instance_config_dict
- when: server.changed | bool
-
- - name: Convert instance config dict to a list
- set_fact:
- instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
- when: server.changed | bool
-
- - name: Dump instance config
- copy:
- content: |
- # Molecule managed
-
- {{ instance_conf | to_nice_yaml(indent=2) }}
- dest: "{{ molecule_instance_config }}"
- when: server.changed | bool
-
- - name: Wait for SSH
- wait_for:
- port: "{{ ssh_port }}"
- host: "{{ item.address }}"
- search_regex: SSH
- delay: 10
- loop: "{{ lookup('file', molecule_instance_config) | from_yaml }}"
-
- - name: Wait for VM to settle down
- pause:
- seconds: 30
diff --git a/molecule/centos7/molecule.yml b/molecule/centos7/molecule.yml
deleted file mode 100644
index 9493634..0000000
--- a/molecule/centos7/molecule.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-dependency:
- name: galaxy
- options:
- role-file: molecule/requirements.yml
- requirements-file: molecule/requirements.yml
- env:
- ANSIBLE_GALAXY_DISPLAY_PROGRESS: "false"
-driver:
- name: delegated
-platforms:
- - name: centos7-gitea
- image: centos-7
- server_type: cx11
-lint: |
- /usr/local/bin/flake8
-provisioner:
- name: ansible
- env:
- ANSIBLE_FILTER_PLUGINS: ${ANSIBLE_FILTER_PLUGINS:-./plugins/filter}
- ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-./library}
- log: False
-verifier:
- name: testinfra
diff --git a/molecule/centos7/tests/test_default.py b/molecule/centos7/tests/test_default.py
deleted file mode 100644
index d347980..0000000
--- a/molecule/centos7/tests/test_default.py
+++ /dev/null
@@ -1,18 +0,0 @@
-import os
-
-import testinfra.utils.ansible_runner
-
-testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
- os.environ["MOLECULE_INVENTORY_FILE"]
-).get_hosts("all")
-
-
-def test_gitea_running_and_enabled(host):
- gitea = host.service("gitea")
- assert gitea.is_running
- assert gitea.is_enabled
-
-
-def test_gitea_socket(host):
- # Verify the socket is listening for HTTP traffic
- assert host.socket("tcp://127.0.0.1:61000").is_listening
diff --git a/molecule/default b/molecule/default
index 62ea184..afa9fc6 120000
--- a/molecule/default
+++ b/molecule/default
@@ -1 +1 @@
-rocky8
\ No newline at end of file
+rocky9
\ No newline at end of file
diff --git a/molecule/requirements.yml b/molecule/requirements.yml
index 46da115..927757f 100644
--- a/molecule/requirements.yml
+++ b/molecule/requirements.yml
@@ -1,6 +1,12 @@
---
collections:
- - name: https://gitea.rknet.org/ansible/xoxys.general/releases/download/v2.1.1/xoxys-general-2.1.1.tar.gz
+ - name: https://gitea.rknet.org/ansible/xoxys.general
+ type: git
- name: community.general
+ - name: containers.podman
-roles: []
+roles:
+ - src: https://gitea.rknet.org/ansible/xoxys.podman
+ name: xoxys.podman
+ scm: git
+ version: main
diff --git a/molecule/rocky8/converge.yml b/molecule/rocky8/converge.yml
deleted file mode 100644
index f1d295c..0000000
--- a/molecule/rocky8/converge.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: Converge
- hosts: all
- roles:
- - role: xoxys.gitea
diff --git a/molecule/rocky8/destroy.yml b/molecule/rocky8/destroy.yml
deleted file mode 100644
index 6454c71..0000000
--- a/molecule/rocky8/destroy.yml
+++ /dev/null
@@ -1,78 +0,0 @@
----
-- name: Destroy
- hosts: localhost
- connection: local
- gather_facts: false
- no_log: "{{ molecule_no_log }}"
- tasks:
- - name: Check existing instance config file
- stat:
- path: "{{ molecule_instance_config }}"
- register: cfg
-
- - name: Populate the instance config
- set_fact:
- instance_conf: "{{ (lookup('file', molecule_instance_config) | from_yaml) if cfg.stat.exists else [] }}"
-
- - name: Destroy molecule instance(s)
- hcloud_server:
- name: "{{ item.instance }}"
- api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
- state: absent
- register: server
- loop: "{{ instance_conf }}"
- async: 7200
- poll: 0
-
- - name: Wait for instance(s) deletion to complete
- async_status:
- jid: "{{ item.ansible_job_id }}"
- register: hetzner_jobs
- until: hetzner_jobs.finished
- retries: 300
- loop: "{{ server.results }}"
-
- - pause:
- seconds: 5
-
- - name: Destroy volume(s)
- hcloud_volume:
- name: "{{ item.instance }}"
- server: "{{ item.instance }}"
- api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
- state: "absent"
- register: volumes
- loop: "{{ instance_conf }}"
- when: item.volume | default(False) | bool
- async: 7200
- poll: 0
-
- - name: Wait for volume(s) deletion to complete
- async_status:
- jid: "{{ item.ansible_job_id }}"
- register: hetzner_volumes
- until: hetzner_volumes.finished
- retries: 300
- when: volumes.changed
- loop: "{{ volumes.results }}"
-
- - name: Remove registered SSH key
- hcloud_ssh_key:
- name: "{{ instance_conf[0].ssh_key_name }}"
- state: absent
- when: (instance_conf | default([])) | length > 0
-
- # Mandatory configuration for Molecule to function.
-
- - name: Populate instance config
- set_fact:
- instance_conf: {}
-
- - name: Dump instance config
- copy:
- content: |
- # Molecule managed
-
- {{ instance_conf | to_nice_yaml(indent=2) }}
- dest: "{{ molecule_instance_config }}"
- when: server.changed | bool
diff --git a/molecule/rocky8/prepare.yml b/molecule/rocky8/prepare.yml
deleted file mode 100644
index 183f4d3..0000000
--- a/molecule/rocky8/prepare.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-- name: Prepare
- hosts: all
- gather_facts: false
- tasks:
- - name: Bootstrap python for Ansible
- raw: |
- command -v python3 python || (
- (test -e /usr/bin/dnf && sudo dnf install -y python3) ||
- (test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) ||
- (test -e /usr/bin/yum && sudo yum -y -qq install python3) ||
- echo "Warning: Python not boostrapped due to unknown platform."
- )
- become: true
- changed_when: false
diff --git a/molecule/rocky8/tests/test_default.py b/molecule/rocky8/tests/test_default.py
deleted file mode 100644
index d347980..0000000
--- a/molecule/rocky8/tests/test_default.py
+++ /dev/null
@@ -1,18 +0,0 @@
-import os
-
-import testinfra.utils.ansible_runner
-
-testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
- os.environ["MOLECULE_INVENTORY_FILE"]
-).get_hosts("all")
-
-
-def test_gitea_running_and_enabled(host):
- gitea = host.service("gitea")
- assert gitea.is_running
- assert gitea.is_enabled
-
-
-def test_gitea_socket(host):
- # Verify the socket is listening for HTTP traffic
- assert host.socket("tcp://127.0.0.1:61000").is_listening
diff --git a/molecule/rocky9/converge.yml b/molecule/rocky9/converge.yml
new file mode 100644
index 0000000..933cd95
--- /dev/null
+++ b/molecule/rocky9/converge.yml
@@ -0,0 +1,10 @@
+---
+- name: Converge
+ hosts: all
+ roles:
+ - role: xoxys.podman
+ - role: xoxys.gitea
+ vars:
+ gitea_exposed_ports:
+ - 127.0.0.1:3000:3000
+ - 127.0.0.1:2222:2222
diff --git a/molecule/rocky8/create.yml b/molecule/rocky9/create.yml
similarity index 99%
rename from molecule/rocky8/create.yml
rename to molecule/rocky9/create.yml
index 8b945cd..719600d 100644
--- a/molecule/rocky8/create.yml
+++ b/molecule/rocky9/create.yml
@@ -117,4 +117,4 @@
- name: Wait for VM to settle down
pause:
- seconds: 30
+ seconds: 30
\ No newline at end of file
diff --git a/molecule/centos7/destroy.yml b/molecule/rocky9/destroy.yml
similarity index 98%
rename from molecule/centos7/destroy.yml
rename to molecule/rocky9/destroy.yml
index 6454c71..ed0b2ed 100644
--- a/molecule/centos7/destroy.yml
+++ b/molecule/rocky9/destroy.yml
@@ -75,4 +75,4 @@
{{ instance_conf | to_nice_yaml(indent=2) }}
dest: "{{ molecule_instance_config }}"
- when: server.changed | bool
+ when: server.changed | bool
\ No newline at end of file
diff --git a/molecule/rocky8/molecule.yml b/molecule/rocky9/molecule.yml
similarity index 91%
rename from molecule/rocky8/molecule.yml
rename to molecule/rocky9/molecule.yml
index d1aa1e8..3d63b73 100644
--- a/molecule/rocky8/molecule.yml
+++ b/molecule/rocky9/molecule.yml
@@ -9,8 +9,8 @@ dependency:
driver:
name: delegated
platforms:
- - name: rocky8-gitea
- image: rocky-8
+ - name: rocky9-gitea
+ image: rocky-9
server_type: cx11
lint: |
/usr/local/bin/flake8
diff --git a/molecule/centos7/prepare.yml b/molecule/rocky9/prepare.yml
similarity index 100%
rename from molecule/centos7/prepare.yml
rename to molecule/rocky9/prepare.yml
diff --git a/molecule/rocky9/tests/test_default.py b/molecule/rocky9/tests/test_default.py
new file mode 100644
index 0000000..18814f1
--- /dev/null
+++ b/molecule/rocky9/tests/test_default.py
@@ -0,0 +1,30 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ os.environ["MOLECULE_INVENTORY_FILE"]
+).get_hosts("all")
+
+
+def test_gitea_running_and_enabled(host):
+ gitea = host.service("gitea")
+ assert gitea.is_running
+ assert gitea.is_enabled
+
+
+def test_gitea_socket(host):
+ # Verify the socket is listening for HTTP traffic
+ assert host.socket("tcp://127.0.0.1:3000").is_listening
+ # Verify the socket is listening for SSH traffic
+ assert host.socket("tcp://127.0.0.1:2222").is_listening
+
+
+def test_gitea_conn_error(host):
+ code = int(
+ host.run("curl -sSL -w '%{http_code}' http://127.0.0.1:3000/ -o /dev/null").stdout # noqa
+ )
+ body = host.run("curl -sSLX GET http://127.0.0.1:3000/").stdout
+
+ assert code == 200
+ assert "Gitea: Git with a cup of tea" in body
diff --git a/tasks/install.yml b/tasks/install.yml
deleted file mode 100644
index ce5d47a..0000000
--- a/tasks/install.yml
+++ /dev/null
@@ -1,59 +0,0 @@
----
-- name: Prepare base folder
- file:
- path: "{{ gitea_base_dir }}"
- state: directory
- owner: "{{ gitea_user }}"
- group: "{{ gitea_user }}"
- mode: 0750
- become: True
- become_user: root
-
-- block:
- - name: Prepare folder structure
- file:
- path: "{{ item }}"
- state: directory
- mode: 0750
- loop:
- - "{{ gitea_config_dir }}"
- - "{{ gitea_data_dir }}"
- - "{{ gitea_log_dir }}"
- - "{{ gitea_run_dir }}"
- - "{{ gitea_template_dir }}/custom"
-
- - name: Download Gitea binary
- get_url:
- url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64"
- dest: "{{ gitea_base_dir }}/gitea-latest"
- mode: 0750
- notify: __gitea_restart
-
- - name: Copy config file
- template:
- src: "custom/conf/app.ini.j2"
- dest: "{{ gitea_config_dir }}/app.ini"
- mode: 0600
- notify: __gitea_restart
-
- - name: Copy template files
- template:
- src: "templates/custom/templates/custom/{{ item }}.tmpl.j2"
- dest: "{{ gitea_template_dir }}/custom/{{ item }}.tmpl"
- mode: 0600
- loop:
- - extra_links_footer
- - extra_links
- notify: __gitea_restart
- become: True
- become_user: "{{ gitea_user }}"
-
-- block:
- - name: Copy systemd unit file
- template:
- src: "etc/systemd/system/gitea.service.j2"
- dest: "/etc/systemd/system/gitea.service"
- mode: 0640
- notify: __gitea_restart
- become: True
- become_user: root
diff --git a/tasks/main.yml b/tasks/main.yml
index 365f1fa..a10247f 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,9 +1,53 @@
---
-- include_tasks: prepare.yml
-- include_tasks: install.yml
-- include_tasks: selinux.yml
- when: ansible_selinux.status == "enabled"
-- import_tasks: tls.yml
- when: gitea_tls_enabled | bool
- tags: tls_renewal
-- include_tasks: post_tasks.yml
+- block:
+ - name: Create network specs
+ template:
+ src: etc/containers/systemd/gitea.network.j2
+ dest: "/etc/containers/systemd/gitea.network"
+ owner: root
+ group: root
+ mode: "0640"
+ when: gitea_network | splitext | last == ".network"
+ notify: __gitea_restart
+
+ - name: Create container volumes
+ containers.podman.podman_volume:
+ name: "{{ item.name }}"
+ options: "{{ item.options | default(omit) }}"
+ state: "{{ item.state | default('present') }}"
+ loop: "{{ gitea_volumes }}"
+ loop_control:
+ label: "{{ item.name }}"
+ when: item.type | default("volume") | lower == "volume"
+ register: __gitea_volumes_raw
+
+ - name: Register container volumes map
+ set_fact:
+ __gitea_volumes_map: "{{ __gitea_volumes_raw.results | json_query('[].volume') | items2dict(key_name='Name', value_name='Mountpoint') }}"
+
+ - name: Deploy gitea env file
+ template:
+ src: etc/containers/systemd/gitea.env.j2
+ dest: "/etc/containers/systemd/gitea.env"
+ owner: root
+ group: root
+ mode: "0640"
+ notify: __gitea_restart
+
+ - name: Create container specs
+ template:
+ src: etc/containers/systemd/gitea.container.j2
+ dest: "/etc/containers/systemd/gitea.container"
+ owner: root
+ group: root
+ mode: "0640"
+ notify: __gitea_restart
+
+ - name: Ensure service state
+ systemd:
+ name: "gitea.service"
+ state: started
+ daemon_reload: True
+ enabled: True
+ become: True
+ become_user: root
diff --git a/tasks/post_tasks.yml b/tasks/post_tasks.yml
deleted file mode 100644
index 2af1711..0000000
--- a/tasks/post_tasks.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-- name: Ensure gitea service is up and running
- service:
- state: started
- daemon_reload: yes
- enabled: yes
- name: gitea
- become: True
- become_user: root
diff --git a/tasks/prepare.yml b/tasks/prepare.yml
deleted file mode 100644
index c8b055f..0000000
--- a/tasks/prepare.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-- block:
- - name: Create group '{{ gitea_group }}'
- group:
- name: "{{ gitea_group }}"
- state: present
-
- - name: Create user '{{ gitea_user }}'
- user:
- comment: Gitea
- name: "{{ gitea_user }}"
- home: "{{ gitea_user_home }}"
- group: "{{ gitea_group }}"
- groups: "{{ gitea_extra_groups | join(',') }}"
-
- - name: Install dependencies
- package:
- name: "{{ item }}"
- state: present
- loop:
- - "{{ gitea_packages }}"
- become: True
- become_user: root
diff --git a/tasks/selinux.yml b/tasks/selinux.yml
deleted file mode 100644
index ac43753..0000000
--- a/tasks/selinux.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-- block:
- - name: Add SELinux file context mapping definitions
- sefcontext:
- target: "{{ item.target }}"
- setype: "{{ item.setype }}"
- state: present
- loop: "{{ gitea_selinux_fcontext }}"
-
- - name: Apply new SELinux file context to filesystem
- command: "restorecon {{ item }}"
- loop: "{{ gitea_selinux_restorecon }}"
- changed_when: False
- become: True
- become_user: root
diff --git a/tasks/tls.yml b/tasks/tls.yml
deleted file mode 100644
index e33d86d..0000000
--- a/tasks/tls.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-- block:
- - name: Create tls folder structure
- file:
- path: "{{ item }}"
- state: directory
- owner: "{{ gitea_user }}"
- group: "{{ gitea_group }}"
- recurse: True
- loop:
- - "{{ gitea_tls_cert_path | dirname }}"
- - "{{ gitea_tls_key_path | dirname }}"
- become: True
- become_user: root
-
-- block:
- - name: Copy certs and private key
- copy:
- src: "{{ item.src }}"
- dest: "{{ item.dest }}"
- mode: "{{ item.mode }}"
- loop:
- - { src: "{{ gitea_tls_key_source }}", dest: '{{ gitea_tls_key_path }}', mode: '0600' }
- - { src: "{{ gitea_tls_cert_source }}", dest: '{{ gitea_tls_cert_path }}', mode: '0750' }
- loop_control:
- label: "{{ item.dest }}"
- become: True
- become_user: "{{ gitea_user }}"
diff --git a/templates/custom/conf/app.ini.j2 b/templates/custom/conf/app.ini.j2
deleted file mode 100644
index 712efeb..0000000
--- a/templates/custom/conf/app.ini.j2
+++ /dev/null
@@ -1,315 +0,0 @@
-#jinja2: lstrip_blocks: True
-{{ ansible_managed | comment(decoration="; ")}}
-APP_NAME = Gitea: Git with a cup of tea
-RUN_USER = {{ gitea_user }}
-RUN_MODE = {{ gitea_run_mode }}
-WORK_PATH = {{ gitea_base_dir }}
-
-[repository]
-ROOT = {{ gitea_data_dir }}/repos
-FORCE_PRIVATE = {{ gitea_repository_force_private | bool | lower }}
-DEFAULT_PRIVATE = {{ gitea_repository_default_private }}
-MAX_CREATION_LIMIT = {{ gitea_repository_creation_limit }}
-PREFERRED_LICENSES = {{ gitea_repository_default_license | join(",") }}
-DISABLE_HTTP_GIT = {{ 'false' if gitea_repository_http_enabled | bool else 'true' }}
-{% if gitea_repository_access_control_allow_origin is defined and gitea_repository_access_control_allow_origin %}
-ACCESS_CONTROL_ALLOW_ORIGIN = {{ gitea_repository_access_control_allow_origin }}
-{% endif %}
-USE_COMPAT_SSH_URI = {{ gitea_repository_use_compat_ssh_uri | bool | lower }}
-ENABLE_PUSH_CREATE_USER = {{ gitea_repository_push_create_user_enabled | bool | lower }}
-ENABLE_PUSH_CREATE_ORG = {{ gitea_repository_push_create_org_enabled | bool | lower }}
-DEFAULT_REPO_UNITS = {{ gitea_repository_default_repo_units | join(",") }}
-DEFAULT_BRANCH = {{ gitea_repository_default_branch }}
-
-[repository.editor]
-LINE_WRAP_EXTENSIONS = {{ gitea_repository_editor_line_wrap_ext | join(",") }}
-PREVIEWABLE_FILE_MODES = markdown
-
-[repository.upload]
-{% if gitea_repository_upload_enabled | bool %}
-ENABLED = true
-{% if gitea_repository_upload_allowed_types %}
-ALLOWED_TYPES = {{ gitea_repository_upload_allowed_types | join(",") }}
-{% endif %}
-FILE_MAX_SIZE = {{ gitea_repository_upload_max_filesize }}
-MAX_FILES = {{ gitea_repository_upload_max_files }}
-{% else %}
-ENABLED = false
-{% endif %}
-
-[repository.pull-request]
-WORK_IN_PROGRESS_PREFIXES = {{ gitea_repository_pr_wip_prefix | join(",") }}
-CLOSE_KEYWORDS = {{ gitea_repository_pr_close_keyword | join(",") }}
-REOPEN_KEYWORDS = {{ gitea_repository_pr_reopen_keyword | join(",") }}
-
-[repository.issue]
-LOCK_REASONS = {{ gitea_repository_issue_lock_reason | join(",") }}
-
-[ui]
-EXPLORE_PAGING_NUM = {{ gitea_ui_explore_paging_num }}
-ISSUE_PAGING_NUM = {{ gitea_ui_issue_paging_num }}
-FEED_MAX_COMMIT_NUM = {{ gitea_ui_feed_commit_num }}
-GRAPH_MAX_COMMIT_NUM = {{ gitea_ui_graph_commit_num }}
-CODE_COMMENT_LINES = {{ gitea_ui_code_comment_lines }}
-SHOW_USER_EMAIL = {{ gitea_ui_show_user_email | bool | lower }}
-REACTIONS = {{ gitea_ui_reaction | join(",") }}
-DEFAULT_SHOW_FULL_NAME = {{ gitea_ui_show_full_name | bool | lower }}
-SEARCH_REPO_DESCRIPTION = {{ gitea_ui_search_repo_description | bool | lower }}
-
-[ui.admin]
-USER_PAGING_NUM = {{ gitea_ui_admin_user_paging_num }}
-REPO_PAGING_NUM = {{ gitea_ui_admin_repo_paging_num }}
-NOTICE_PAGING_NUM = {{ gitea_ui_admin_notice_paging_num }}
-ORG_PAGING_NUM = {{ gitea_ui_admin_org_paging_num }}
-
-[ui.user]
-REPO_PAGING_NUM = {{ gitea_ui_user_repo_paging_num }}
-
-[markdown]
-ENABLE_HARD_LINE_BREAK = {{ gitea_markdown_hard_linebreak_enabled | bool | lower }}
-{% if gitea_markdown_custom_url_scheme %}
-CUSTOM_URL_SCHEMES = {{ gitea_markdown_custom_url_scheme | join(",") }}
-{% endif %}
-FILE_EXTENSIONS = {{ gitea_markdown_file_ext | join(",") }}
-
-[server]
-PROTOCOL = {{ 'https' if gitea_tls_enabled else 'http' }}
-DOMAIN = {{ gitea_listen_address | urlsplit('hostname') }}
-ROOT_URL = {{ gitea_listen_address | urlsplit('scheme') }}://%(DOMAIN)s/
-HTTP_ADDR = {{ gitea_bind_ip }}
-HTTP_PORT = {{ gitea_bind_port }}
-LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
-DISABLE_SSH = {{ 'false' if gitea_ssh_enabled | bool else 'true' }}
-START_SSH_SERVER = false
-MINIMUM_KEY_SIZE_CHECK = {{ gitea_minimum_keysize_check | bool | lower }}
-OFFLINE_MODE = {{ gitea_offline_mode | bool | lower }}
-{% if gitea_tls_enabled | bool %}
-CERT_FILE = {{ gitea_tls_cert_path }}
-KEY_FILE = {{ gitea_tls_key_path }}
-{% endif %}
-APP_DATA_PATH = {{ gitea_data_dir }}
-PPROF_DATA_PATH = {{ gitea_data_dir }}/tmp/pprof
-LANDING_PAGE = {{ gitea_landing_page }}
-{% if gitea_lfs_enabled | bool %}
-LFS_START_SERVER = true
-LFS_CONTENT_PATH = {{ gitea_data_dir }}/lfs
-LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
-LFS_HTTP_AUTH_EXPIRY = 20m
-{% else %}
-LFS_START_SERVER = false
-{% endif %}
-
-[ssh.minimum_key_sizes]
-{% for key in gitea_minimum_keysize %}
-{{ key.name }} = {{ key.size }}
-{% endfor %}
-
-[database]
-{% if gitea_db_type == "pgsql" %}
-DB_TYPE = postgres
-HOST = {{ gitea_db_server }}:{{ gitea_db_port }}
-NAME = {{ gitea_db_name }}
-USER = {{ gitea_db_user }}
-PASSWD = {{ gitea_db_password }}
-SSL_MODE = {{ gitea_db_ssl_mode }}
-{% elif gitea_db_type == "sqlite" %}
-DB_TYPE = sqlite3
-PATH = {{ gitea_data_dir }}/gitea.db
-SQLITE_TIMEOUT = 500
-{% endif %}
-
-[indexer]
-ISSUE_INDEXER_TYPE = bleve
-ISSUE_INDEXER_PATH = {{ gitea_data_dir }}/indexers/issues.bleve
-REPO_INDEXER_ENABLED = true
-REPO_INDEXER_PATH = {{ gitea_data_dir }}/indexers/repos.bleve
-
-[queue.issue_indexer]
-DATADIR = {{ gitea_data_dir }}/issues.queue
-
-[admin]
-DISABLE_REGULAR_ORG_CREATION = {{ 'false' if gitea_org_creation_enabled | bool else 'true' }}
-DEFAULT_EMAIL_NOTIFICATIONS = {{ gitea_default_email_notification }}
-
-[webhook]
-QUEUE_LENGTH = 1000
-DELIVER_TIMEOUT = 5
-ALLOWED_HOST_LIST = {{ gitea_webhook_allowed_host_list | join(",") }}
-SKIP_TLS_VERIFY = false
-
-[security]
-INSTALL_LOCK = {{ gitea_install_lock | bool | lower }}
-SECRET_KEY = {{ gitea_secret }}
-LOGIN_REMEMBER_DAYS = {{ gitea_login_remember_days }}
-MIN_PASSWORD_LENGTH = {{ gitea_password_min_lenght }}
-DISABLE_GIT_HOOKS = {{ 'false' if gitea_git_hooks_enabled | bool else 'true' }}
-PASSWORD_COMPLEXITY = {{ gitea_password_complexity | join(",") }}
-PASSWORD_HASH_ALGO = pbkdf2
-INTERNAL_TOKEN = {{ gitea_token }}
-
-[service]
-REGISTER_EMAIL_CONFIRM = {{ gitea_registration_email_confirm | bool | lower }}
-{% if gitea_registration_email_domain_whitelist is defined and gitea_registration_email_domain_whitelist %}
-EMAIL_DOMAIN_WHITELIST= {{ gitea_registration_email_domain_whitelist | join(",") }}
-{% endif %}
-DISABLE_REGISTRATION = {{ 'false' if gitea_registration_enabled | bool else 'true' }}
-ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_registration_allow_external_only | bool | lower }}
-REQUIRE_SIGNIN_VIEW = false
-{% if gitea_mail_service_enabled | bool %}
-ENABLE_NOTIFY_MAIL = true
-{% endif %}
-ENABLE_BASIC_AUTHENTICATION = true
-ALLOW_CROSS_REPOSITORY_DEPENDENCIES = true
-ENABLE_USER_HEATMAP = true
-ENABLE_TIMETRACKING = true
-NO_REPLY_ADDRESS = {{ gitea_no_reply_address }}
-SHOW_REGISTRATION_BUTTON = {{ gitea_registration_button_enabled | bool | lower }}
-SHOW_MILESTONES_DASHBOARD_PAGE = true
-AUTO_WATCH_NEW_REPOS = {{ gitea_repository_auto_watch_on_creation | bool | lower }}
-AUTO_WATCH_ON_CHANGES = {{ gitea_repository_auto_watch_on_change | bool | lower }}
-DEFAULT_KEEP_EMAIL_PRIVATE = {{ gitea_default_keep_email_private | bool | lower }}
-DEFAULT_ALLOW_CREATE_ORGANIZATION = {{ gitea_default_org_allow_creation | bool | lower }}
-DEFAULT_ORG_VISIBILITY = {{ gitea_default_org_visible }}
-DEFAULT_ORG_MEMBER_VISIBLE = {{ gitea_default_org_member_visible | bool | lower }}
-DEFAULT_ENABLE_DEPENDENCIES = {{ gitea_default_dependencies_enabled | bool | lower }}
-DEFAULT_ENABLE_TIMETRACKING = {{ gitea_default_timetracking_enabled | bool | lower }}
-DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true
-
-{% if gitea_mail_service_enabled | bool %}
-[mailer]
-ENABLED = true
-{% if gitea_mail_subject_prefix is defined and gitea_mail_subject_prefix %}
-SUBJECT_PREFIX = {{ gitea_mail_subject_prefix }}
-{% endif %}
-FROM = {{ gitea_mail_service_from }}
-PROTOCOL = sendmail
-SENDMAIL_PATH = /usr/sbin/sendmail
-{% else %}
-[mailer]
-ENABLED = false
-{% endif %}
-
-[session]
-PROVIDER = {{ gitea_session_provider }}
-PROVIDER_CONFIG = {{ gitea_session_provider_config }}
-COOKIE_NAME = {{ gitea_session_cookie_name }}
-COOKIE_SECURE = {{ gitea_session_cookie_secure | bool | lower }}
-ENABLE_SET_COOKIE = {{ gitea_session_enable_set_cookie | bool | lower }}
-GC_INTERVAL_TIME = {{ gitea_session_session_life_time }}
-SESSION_LIFE_TIME = {{ gitea_session_session_life_time }}
-
-[picture]
-AVATAR_UPLOAD_PATH = {{ gitea_data_dir }}/avatars
-REPOSITORY_AVATAR_UPLOAD_PATH = {{ gitea_data_dir }}/repo-avatars
-REPOSITORY_AVATAR_FALLBACK = none
-DISABLE_GRAVATAR = {{ 'false' if gitea_gravatar_enabled | bool else 'true' }}
-GRAVATAR_SOURCE = {{ gitea_gravatar_source }}
-ENABLE_FEDERATED_AVATAR = {{ gitea_avatar_federation_enabled | bool | lower }}
-
-[attachment]
-{% if gitea_attachment_enabled | bool %}
-ENABLE = true
-PATH = {{ gitea_data_dir }}/attachments
-ALLOWED_TYPES = {{ gitea_attachment_allowed_types | join("|") }}
-MAX_SIZE = {{ gitea_attachment_max_filesize }}
-MAX_FILES = {{ gitea_attachment_max_files }}
-{% else %}
-ENABLE = false
-{% endif %}
-
-[log]
-ROOT_PATH = {{ gitea_log_dir }}
-MODE = file
-REDIRECT_MACARON_LOG = true
-MACARON = file
-ROUTER_LOG_LEVEL = Info
-logger.router.MODE = file
-{% raw %}
-ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"
-{% endraw %}
-logger.access.MODE = file
-LEVEL = {{ gitea_log_level }}
-STACKTRACE_LEVEL = None
-
-[log.file]
-LOG_ROTATE = false
-
-[log.file.macaron]
-LEVEL = Info
-
-[log.file.router]
-LEVEL = Info
-
-[log.file.access]
-LEVEL = Info
-
-[cron]
-ENABLED = true
-RUN_AT_START = false
-
-[cron.update_mirrors]
-SCHEDULE = @every 10m
-
-[cron.repo_health_check]
-SCHEDULE = @every 24h
-TIMEOUT =
-ARGS =
-
-[cron.check_repo_stats]
-RUN_AT_START = true
-SCHEDULE = @every 24h
-
-[cron.archive_cleanup]
-ENABLED = true
-RUN_AT_START = true
-SCHEDULE = @every 24h
-OLDER_THAN = 24h
-
-[cron.sync_external_users]
-RUN_AT_START = true
-SCHEDULE = @every 24h
-UPDATE_EXISTING = true
-
-[cron.update_migration_post_id]
-SCHEDULE = @every 24h
-
-[mirror]
-DEFAULT_INTERVAL = {{ gitea_mirror_default_interval }}
-MIN_INTERVAL = {{ gitea_mirror_min_interval }}
-
-[api]
-ENABLE_SWAGGER = {{ gitea_api_swagger_enabled | bool | lower }}
-MAX_RESPONSE_ITEMS = 50
-DEFAULT_PAGING_NUM = {{ gitea_api_default_paging_num }}
-DEFAULT_GIT_TREES_PER_PAGE = {{ gitea_api_default_git_trees_per_page }}
-DEFAULT_MAX_BLOB_SIZE = 10485760
-
-{% if gitea_oauth_provider_enabled | bool %}
-[oauth2]
-ENABLE = true
-ACCESS_TOKEN_EXPIRATION_TIME = {{ gitea_access_token_expiration_time }}
-REFRESH_TOKEN_EXPIRATION_TIME = {{ gitea_refresh_token_expiration_time }}
-INVALIDATE_REFRESH_TOKENS = {{ gitea_invalidate_refresh_tokens | bool | lower }}
-JWT_SIGNING_ALGORITHM = {{ gitea_jwt_signing_algorithm }}
-JWT_SECRET = {{ gitea_jwt_secret }}
-{% else %}
-[oauth2]
-ENABLE = false
-{% endif %}
-
-[other]
-SHOW_FOOTER_BRANDING = {{ gitea_footer_show_branding | bool | lower }}
-SHOW_FOOTER_VERSION = {{ gitea_footer_show_version | bool | lower }}
-SHOW_FOOTER_TEMPLATE_LOAD_TIME = {{ gitea_footer_show_template_load_time | bool | lower }}
-
-[markup.asciidoc]
-ENABLED = false
-FILE_EXTENSIONS = .adoc,.asciidoc
-RENDER_COMMAND = asciidoc --out-file=- -
-IS_INPUT_FILE = false
-
-[metrics]
-ENABLED = {{ gitea_metrics_enabled | bool | lower }}
-{% if gitea_metrics_token is defined and gitea_metrics_token %}
-TOKEN = {{ gitea_metrics_token }}
-{% endif %}
diff --git a/templates/custom/templates/custom/extra_links.tmpl.j2 b/templates/custom/templates/custom/extra_links.tmpl.j2
deleted file mode 100644
index c0e9ad5..0000000
--- a/templates/custom/templates/custom/extra_links.tmpl.j2
+++ /dev/null
@@ -1,4 +0,0 @@
-#jinja2: lstrip_blocks: True
-{% for link in gitea_extra_links %}
-{{ link.name }}
-{% endfor %}
diff --git a/templates/custom/templates/custom/extra_links_footer.tmpl.j2 b/templates/custom/templates/custom/extra_links_footer.tmpl.j2
deleted file mode 100644
index 65fd549..0000000
--- a/templates/custom/templates/custom/extra_links_footer.tmpl.j2
+++ /dev/null
@@ -1,4 +0,0 @@
-#jinja2: lstrip_blocks: True
-{% for link in gitea_extra_links_footer %}
-{{ link.name }}
-{% endfor %}
diff --git a/templates/etc/containers/systemd/gitea.container.j2 b/templates/etc/containers/systemd/gitea.container.j2
new file mode 100644
index 0000000..a507c71
--- /dev/null
+++ b/templates/etc/containers/systemd/gitea.container.j2
@@ -0,0 +1,32 @@
+#jinja2: lstrip_blocks: True
+{{ ansible_managed | comment }}
+[Install]
+WantedBy=default.target
+
+[Service]
+Restart=on-failure
+RestartSec=5s
+
+ExecReload=/usr/bin/podman kill --signal=SIGHUP %p
+
+[Container]
+Image={{ gitea_image }}
+EnvironmentFile=/etc/containers/systemd/gitea.env
+{% for item in gitea_volumes %}
+Volume={{ item.name }}:{{ item.dest }}{{ ":" + item.opts if item.opts is defined else "" }}
+{% endfor %}
+
+{% if gitea_cap_add | length > 0 %}
+AddCapability={{ gitea_cap_add | join(" ") }}
+{% endif %}
+{% if gitea_cap_drop | length > 0 %}
+DropCapability={{ gitea_cap_drop | join(" ") }}
+{% endif %}
+
+Network={{ gitea_network }}
+{% for item in gitea_exposed_ports %}
+PublishPort={{ item }}
+{% endfor %}
+{% for item in gitea_podman_args %}
+PodmanArgs={{ item }}
+{% endfor %}
diff --git a/templates/etc/containers/systemd/gitea.env.j2 b/templates/etc/containers/systemd/gitea.env.j2
new file mode 100644
index 0000000..e3e1d59
--- /dev/null
+++ b/templates/etc/containers/systemd/gitea.env.j2
@@ -0,0 +1,213 @@
+#jinja2: lstrip_blocks: True
+{{ ansible_managed | comment }}
+GITEA__RUN_MODE=prod
+
+GITEA__repository__FORCE_PRIVATE={{ gitea_repository_force_private | bool | lower }}
+GITEA__repository__DEFAULT_PRIVATE={{ gitea_repository_default_private }}
+GITEA__repository__MAX_CREATION_LIMIT={{ gitea_repository_creation_limit }}
+GITEA__repository__PREFERRED_LICENSES={{ gitea_repository_default_license | join(",") }}
+GITEA__repository__DISABLE_HTTP_GIT={{ "false" if gitea_repository_http_enabled | bool else "true" }}
+{% if gitea_repository_access_control_allow_origin is defined and gitea_repository_access_control_allow_origin %}
+GITEA__repository__ACCESS_CONTROL_ALLOW_ORIGIN={{ gitea_repository_access_control_allow_origin }}
+{% endif %}
+GITEA__repository__USE_COMPAT_SSH_URI={{ gitea_repository_use_compat_ssh_uri | bool | lower }}
+GITEA__repository__ENABLE_PUSH_CREATE_USER={{ gitea_repository_push_create_user_enabled | bool | lower }}
+GITEA__repository__ENABLE_PUSH_CREATE_ORG={{ gitea_repository_push_create_org_enabled | bool | lower }}
+GITEA__repository__DEFAULT_REPO_UNITS={{ gitea_repository_default_repo_units | join(",") }}
+GITEA__repository__DEFAULT_BRANCH={{ gitea_repository_default_branch }}
+
+GITEA__repository_0X2E_editor__LINE_WRAP_EXTENSIONS={{ gitea_repository_editor_line_wrap_ext | join(",") }}
+GITEA__repository_0X2E_editor__PREVIEWABLE_FILE_MODES=markdown
+
+{% if gitea_repository_upload_enabled | bool %}
+GITEA__repository_0X2E_upload__ENABLED=true
+{% if gitea_repository_upload_allowed_types %}
+GITEA__repository_0X2E_upload__ALLOWED_TYPES={{ gitea_repository_upload_allowed_types | join(",") }}
+{% endif %}
+GITEA__repository_0X2E_upload__FILE_MAX_SIZE={{ gitea_repository_upload_max_filesize }}
+GITEA__repository_0X2E_upload__MAX_FILES={{ gitea_repository_upload_max_files }}
+{% else %}
+GITEA__repository_0X2E_upload__ENABLED=false
+{% endif %}
+
+GITEA__repository_0X2E_pull_0X2D_request__WORK_IN_PROGRESS_PREFIXES={{ gitea_repository_pr_wip_prefix | join(",") }}
+GITEA__repository_0X2E_pull_0X2D_request__CLOSE_KEYWORDS={{ gitea_repository_pr_close_keyword | join(",") }}
+GITEA__repository_0X2E_pull_0X2D_request__REOPEN_KEYWORDS={{ gitea_repository_pr_reopen_keyword | join(",") }}
+
+GITEA__repository_0X2E_issue__LOCK_REASONS={{ gitea_repository_issue_lock_reason | join(",") }}
+
+GITEA__ui__EXPLORE_PAGING_NUM={{ gitea_ui_explore_paging_num }}
+GITEA__ui__ISSUE_PAGING_NUM={{ gitea_ui_issue_paging_num }}
+GITEA__ui__FEED_MAX_COMMIT_NUM={{ gitea_ui_feed_commit_num }}
+GITEA__ui__GRAPH_MAX_COMMIT_NUM={{ gitea_ui_graph_commit_num }}
+GITEA__ui__CODE_COMMENT_LINES={{ gitea_ui_code_comment_lines }}
+GITEA__ui__SHOW_USER_EMAIL={{ gitea_ui_show_user_email | bool | lower }}
+GITEA__ui__REACTIONS={{ gitea_ui_reaction | join(",") }}
+GITEA__ui__DEFAULT_SHOW_FULL_NAME={{ gitea_ui_show_full_name | bool | lower }}
+GITEA__ui__SEARCH_REPO_DESCRIPTION={{ gitea_ui_search_repo_description | bool | lower }}
+
+GITEA__ui_0X2E_admin__USER_PAGING_NUM={{ gitea_ui_admin_user_paging_num }}
+GITEA__ui_0X2E_admin__REPO_PAGING_NUM={{ gitea_ui_admin_repo_paging_num }}
+GITEA__ui_0X2E_admin__NOTICE_PAGING_NUM={{ gitea_ui_admin_notice_paging_num }}
+GITEA__ui_0X2E_admin__ORG_PAGING_NUM={{ gitea_ui_admin_org_paging_num }}
+
+GITEA__ui_0X2E_user__REPO_PAGING_NUM={{ gitea_ui_user_repo_paging_num }}
+
+GITEA__markdown__ENABLE_HARD_LINE_BREAK={{ gitea_markdown_hard_linebreak_enabled | bool | lower }}
+{% if gitea_markdown_custom_url_scheme %}
+GITEA__markdown__CUSTOM_URL_SCHEMES={{ gitea_markdown_custom_url_scheme | join(",") }}
+{% endif %}
+GITEA__markdown__FILE_EXTENSIONS={{ gitea_markdown_file_ext | join(",") }}
+
+GITEA__server__DOMAIN={{ gitea_url | urlsplit("hostname") }}
+GITEA__server__ROOT_URL={{ gitea_url }}
+GITEA__server__DISABLE_SSH={{ "false" if gitea_ssh_enabled | bool else "true" }}
+GITEA__server__START_SSH_SERVER=true
+GITEA__server__MINIMUM_KEY_SIZE_CHECK={{ gitea_minimum_keysize_check | bool | lower }}
+GITEA__server__OFFLINE_MODE={{ gitea_offline_mode | bool | lower }}
+GITEA__server__LANDING_PAGE={{ gitea_landing_page }}
+{% if gitea_lfs_enabled | bool %}
+GITEA__server__LFS_START_SERVER=true
+GITEA__server__LFS_JWT_SECRET={{ gitea_lfs_jwt_secret }}
+GITEA__server__LFS_HTTP_AUTH_EXPIRY=20m
+{% else %}
+GITEA__server__LFS_START_SERVER=false
+{% endif %}
+
+{% for key in gitea_minimum_keysize %}
+GITEA__ssh_0X2E_minimum_key_sizes__{{ key.name | upper }}={{ key.size }}
+{% endfor %}
+
+{% if gitea_db_type == "pgsql" %}
+GITEA__database__DB_TYPE=postgres
+GITEA__database__HOST={{ gitea_db_server }}:{{ gitea_db_port }}
+GITEA__database__NAME={{ gitea_db_name }}
+GITEA__database__USER={{ gitea_db_user }}
+GITEA__database__PASSWD={{ gitea_db_password }}
+GITEA__database__SSL_MODE={{ gitea_db_ssl_mode }}
+{% elif gitea_db_type == "sqlite" %}
+GITEA__database__DB_TYPE=sqlite3
+GITEA__database__SQLITE_TIMEOUT=500
+{% endif %}
+
+GITEA__admin__DISABLE_REGULAR_ORG_CREATION={{ "false" if gitea_org_creation_enabled | bool else "true" }}
+GITEA__admin__DEFAULT_EMAIL_NOTIFICATIONS={{ gitea_default_email_notification }}
+
+GITEA__webhook__QUEUE_LENGTH=1000
+GITEA__webhook__DELIVER_TIMEOUT=5
+GITEA__webhook__ALLOWED_HOST_LIST={{ gitea_webhook_allowed_host_list | join(",") }}
+GITEA__webhook__SKIP_TLS_VERIFY=false
+
+GITEA__security__INSTALL_LOCK={{ gitea_install_lock | bool | lower }}
+GITEA__security__SECRET_KEY={{ gitea_secret }}
+GITEA__security__LOGIN_REMEMBER_DAYS={{ gitea_login_remember_days }}
+GITEA__security__MIN_PASSWORD_LENGTH={{ gitea_password_min_lenght }}
+GITEA__security__DISABLE_GIT_HOOKS={{ "false" if gitea_git_hooks_enabled | bool else "true" }}
+GITEA__security__PASSWORD_COMPLEXITY={{ gitea_password_complexity | join(",") }}
+GITEA__security__PASSWORD_HASH_ALGO=pbkdf2
+GITEA__security__INTERNAL_TOKEN={{ gitea_token }}
+
+GITEA__service__REGISTER_EMAIL_CONFIRM={{ gitea_registration_email_confirm | bool | lower }}
+{% if gitea_registration_email_domain_whitelist is defined and gitea_registration_email_domain_whitelist %}
+GITEA__service__EMAIL_DOMAIN_WHITELIST= {{ gitea_registration_email_domain_whitelist | join(",") }}
+{% endif %}
+GITEA__service__DISABLE_REGISTRATION={{ "false" if gitea_registration_enabled | bool else "true" }}
+GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION={{ gitea_registration_allow_external_only | bool | lower }}
+GITEA__service__REQUIRE_SIGNIN_VIEW=false
+{% if gitea_mail_service_enabled | bool %}
+GITEA__service__ENABLE_NOTIFY_MAIL=true
+{% endif %}
+GITEA__service__ENABLE_BASIC_AUTHENTICATION=true
+GITEA__service__ALLOW_CROSS_REPOSITORY_DEPENDENCIES=true
+GITEA__service__ENABLE_USER_HEATMAP=true
+GITEA__service__ENABLE_TIMETRACKING=true
+GITEA__service__NO_REPLY_ADDRESS={{ gitea_no_reply_address }}
+GITEA__service__SHOW_REGISTRATION_BUTTON={{ gitea_registration_button_enabled | bool | lower }}
+GITEA__service__SHOW_MILESTONES_DASHBOARD_PAGE=true
+GITEA__service__AUTO_WATCH_NEW_REPOS={{ gitea_repository_auto_watch_on_creation | bool | lower }}
+GITEA__service__AUTO_WATCH_ON_CHANGES={{ gitea_repository_auto_watch_on_change | bool | lower }}
+GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE={{ gitea_default_keep_email_private | bool | lower }}
+GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION={{ gitea_default_org_allow_creation | bool | lower }}
+GITEA__service__DEFAULT_ORG_VISIBILITY={{ gitea_default_org_visible }}
+GITEA__service__DEFAULT_ORG_MEMBER_VISIBLE={{ gitea_default_org_member_visible | bool | lower }}
+GITEA__service__DEFAULT_ENABLE_DEPENDENCIES={{ gitea_default_dependencies_enabled | bool | lower }}
+GITEA__service__DEFAULT_ENABLE_TIMETRACKING={{ gitea_default_timetracking_enabled | bool | lower }}
+GITEA__service__DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME=true
+
+{% if gitea_mail_service_enabled | bool %}
+GITEA__mailer__ENABLED=true
+{% if gitea_mail_subject_prefix is defined and gitea_mail_subject_prefix %}
+GITEA__mailer__SUBJECT_PREFIX={{ gitea_mail_subject_prefix }}
+{% endif %}
+GITEA__mailer__FROM={{ gitea_mail_service_from }}
+GITEA__mailer__PROTOCOL=sendmail
+GITEA__mailer__SENDMAIL_PATH=/usr/sbin/sendmail
+{% else %}
+GITEA__mailer__ENABLED=false
+{% endif %}
+
+GITEA__session__PROVIDER={{ gitea_session_provider }}
+GITEA__session__PROVIDER_CONFIG={{ gitea_session_provider_config }}
+GITEA__session__COOKIE_NAME={{ gitea_session_cookie_name }}
+GITEA__session__COOKIE_SECURE={{ gitea_session_cookie_secure | bool | lower }}
+GITEA__session__ENABLE_SET_COOKIE={{ gitea_session_enable_set_cookie | bool | lower }}
+GITEA__session__GC_INTERVAL_TIME={{ gitea_session_session_life_time }}
+GITEA__session__SESSION_LIFE_TIME={{ gitea_session_session_life_time }}
+
+GITEA__picture__REPOSITORY_AVATAR_FALLBACK=none
+GITEA__picture__DISABLE_GRAVATAR={{ "false" if gitea_gravatar_enabled | bool else "true" }}
+GITEA__picture__GRAVATAR_SOURCE={{ gitea_gravatar_source }}
+GITEA__picture__ENABLE_FEDERATED_AVATAR={{ gitea_avatar_federation_enabled | bool | lower }}
+
+{% if gitea_attachment_enabled | bool %}
+GITEA__attachment__ENABLE=true
+GITEA__attachment__ALLOWED_TYPES={{ gitea_attachment_allowed_types | join("|") }}
+GITEA__attachment__MAX_SIZE={{ gitea_attachment_max_filesize }}
+GITEA__attachment__MAX_FILES={{ gitea_attachment_max_files }}
+{% else %}
+GITEA__attachment__ENABLE=false
+{% endif %}
+
+GITEA__log__logger_0X2E_xorm_0X2E_MODE=
+GITEA__log__logger_0X2E_router_0X2E_MODE=
+
+#GITEA__log__MODE=file
+#GITEA__log__REDIRECT_MACARON_LOG=true
+#GITEA__log__MACARON=file
+#GITEA__log__ROUTER_LOG_LEVEL=Info
+#GITEA__log__logger_0X2E_router_0X2E_MODE=file
+#{% raw %}
+#GITEA__log__ACCESS_LOG_TEMPLATE={{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"
+#{% endraw %}
+#GITEA__log__logger_0X2E_access_0X2E_MODE=file
+#GITEA__log__LEVEL={{ gitea_log_level }}
+#GITEA__log__STACKTRACE_LEVEL=None
+
+GITEA__mirror__DEFAULT_INTERVAL={{ gitea_mirror_default_interval }}
+GITEA__mirror__MIN_INTERVAL={{ gitea_mirror_min_interval }}
+
+GITEA__api__ENABLE_SWAGGER={{ gitea_api_swagger_enabled | bool | lower }}
+GITEA__api__MAX_RESPONSE_ITEMS=50
+GITEA__api__DEFAULT_PAGING_NUM={{ gitea_api_default_paging_num }}
+GITEA__api__DEFAULT_GIT_TREES_PER_PAGE={{ gitea_api_default_git_trees_per_page }}
+GITEA__api__DEFAULT_MAX_BLOB_SIZE=10485760
+
+{% if gitea_oauth_provider_enabled | bool %}
+GITEA__oauth2__ENABLE=true
+GITEA__oauth2__ACCESS_TOKEN_EXPIRATION_TIME={{ gitea_access_token_expiration_time }}
+GITEA__oauth2__REFRESH_TOKEN_EXPIRATION_TIME={{ gitea_refresh_token_expiration_time }}
+GITEA__oauth2__INVALIDATE_REFRESH_TOKENS={{ gitea_invalidate_refresh_tokens | bool | lower }}
+GITEA__oauth2__JWT_SIGNING_ALGORITHM={{ gitea_jwt_signing_algorithm }}
+GITEA__oauth2__JWT_SECRET={{ gitea_jwt_secret }}
+{% else %}
+GITEA__oauth2__ENABLE=false
+{% endif %}
+
+GITEA__other__SHOW_FOOTER_BRANDING={{ gitea_footer_show_branding | bool | lower }}
+GITEA__other__SHOW_FOOTER_VERSION={{ gitea_footer_show_version | bool | lower }}
+GITEA__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME={{ gitea_footer_show_template_load_time | bool | lower }}
+
+GITEA__metrics__ENABLED={{ gitea_metrics_enabled | bool | lower }}
+{% if gitea_metrics_token is defined and gitea_metrics_token %}
+GITEA__metrics__TOKEN={{ gitea_metrics_token }}
+{% endif %}
diff --git a/templates/etc/containers/systemd/gitea.network.j2 b/templates/etc/containers/systemd/gitea.network.j2
new file mode 100644
index 0000000..ecad473
--- /dev/null
+++ b/templates/etc/containers/systemd/gitea.network.j2
@@ -0,0 +1,19 @@
+#jinja2: lstrip_blocks: True
+{{ ansible_managed | comment }}
+[Network]
+{% if gitea_network_ipv4_subnet is defined %}
+Subnet={{ gitea_network_ipv4_subnet }}
+{% endif %}
+{% if gitea_network_ipv4_gateway is defined %}
+Gateway={{ gitea_network_ipv4_gateway }}
+{% endif %}
+IPv6={{ gitea_network_ipv6_enabled | bool | lower }}
+{% if gitea_network_ipv6_enabled | bool %}
+{% if gitea_network_ipv6_subnet is defined %}
+Subnet={{ gitea_network_ipv6_subnet }}
+{% endif %}
+{% if gitea_network_ipv6_gateway is defined %}
+Gateway={{ gitea_network_ipv6_gateway }}
+{% endif %}
+{% endif %}
+Label=app=gitea
diff --git a/templates/etc/systemd/system/gitea.service.j2 b/templates/etc/systemd/system/gitea.service.j2
deleted file mode 100644
index f9186c4..0000000
--- a/templates/etc/systemd/system/gitea.service.j2
+++ /dev/null
@@ -1,20 +0,0 @@
-{{ ansible_managed | comment }}
-[Unit]
-Description=Gitea (Git with a cup of tea)
-After=syslog.target
-After=network.target
-
-[Service]
-Type=simple
-Environment=USER={{ gitea_user }}
-Environment=HOME={{ gitea_user_home }}
-Environment=GITEA_WORK_DIR={{ gitea_base_dir }}
-User={{ gitea_user }}
-Group={{ gitea_group }}
-WorkingDirectory={{ gitea_base_dir }}
-ExecStart={{ gitea_base_dir }}/gitea-latest web -c {{ gitea_config_dir }}/app.ini -P {{ gitea_run_dir }}/gitea.pid
-Restart=on-failure
-PrivateTmp=yes
-
-[Install]
-WantedBy=multi-user.target