From 1d03f664ac84c2f705825cf25b04d1e139968979 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sat, 5 Aug 2023 15:48:47 +0200 Subject: [PATCH] refactor: move to podman container setup --- defaults/main.yml | 85 +++-- handlers/main.yml | 7 +- molecule/centos7/converge.yml | 5 - molecule/centos7/create.yml | 120 ------- molecule/centos7/molecule.yml | 24 -- molecule/centos7/tests/test_default.py | 18 - molecule/default | 2 +- molecule/requirements.yml | 10 +- molecule/rocky8/converge.yml | 5 - molecule/rocky8/destroy.yml | 78 ----- molecule/rocky8/prepare.yml | 15 - molecule/rocky8/tests/test_default.py | 18 - molecule/rocky9/converge.yml | 10 + molecule/{rocky8 => rocky9}/create.yml | 2 +- molecule/{centos7 => rocky9}/destroy.yml | 2 +- molecule/{rocky8 => rocky9}/molecule.yml | 4 +- molecule/{centos7 => rocky9}/prepare.yml | 0 molecule/rocky9/tests/test_default.py | 30 ++ tasks/install.yml | 59 ---- tasks/main.yml | 60 +++- tasks/post_tasks.yml | 9 - tasks/prepare.yml | 23 -- tasks/selinux.yml | 15 - tasks/tls.yml | 28 -- templates/custom/conf/app.ini.j2 | 315 ------------------ .../templates/custom/extra_links.tmpl.j2 | 4 - .../custom/extra_links_footer.tmpl.j2 | 4 - .../etc/containers/systemd/gitea.container.j2 | 32 ++ templates/etc/containers/systemd/gitea.env.j2 | 213 ++++++++++++ .../etc/containers/systemd/gitea.network.j2 | 19 ++ templates/etc/systemd/system/gitea.service.j2 | 20 -- 31 files changed, 424 insertions(+), 812 deletions(-) delete mode 100644 molecule/centos7/converge.yml delete mode 100644 molecule/centos7/create.yml delete mode 100644 molecule/centos7/molecule.yml delete mode 100644 molecule/centos7/tests/test_default.py delete mode 100644 molecule/rocky8/converge.yml delete mode 100644 molecule/rocky8/destroy.yml delete mode 100644 molecule/rocky8/prepare.yml delete mode 100644 molecule/rocky8/tests/test_default.py create mode 100644 molecule/rocky9/converge.yml rename molecule/{rocky8 => rocky9}/create.yml (99%) rename molecule/{centos7 => rocky9}/destroy.yml (98%) rename molecule/{rocky8 => rocky9}/molecule.yml (91%) rename molecule/{centos7 => rocky9}/prepare.yml (100%) create mode 100644 molecule/rocky9/tests/test_default.py delete mode 100644 tasks/install.yml delete mode 100644 tasks/post_tasks.yml delete mode 100644 tasks/prepare.yml delete mode 100644 tasks/selinux.yml delete mode 100644 tasks/tls.yml delete mode 100644 templates/custom/conf/app.ini.j2 delete mode 100644 templates/custom/templates/custom/extra_links.tmpl.j2 delete mode 100644 templates/custom/templates/custom/extra_links_footer.tmpl.j2 create mode 100644 templates/etc/containers/systemd/gitea.container.j2 create mode 100644 templates/etc/containers/systemd/gitea.env.j2 create mode 100644 templates/etc/containers/systemd/gitea.network.j2 delete mode 100644 templates/etc/systemd/system/gitea.service.j2 diff --git a/defaults/main.yml b/defaults/main.yml index abb7653..27e6178 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,35 +1,63 @@ --- -gitea_version: 1.16.1 -gitea_user: "gitea_adm" -gitea_user_home: "/home/{{ gitea_user }}" -gitea_group: "{{ gitea_user }}" -gitea_extra_groups: [] - -gitea_packages: - - git - -gitea_base_dir: "/opt/gitea" -gitea_config_dir: "{{ gitea_base_dir }}/custom/conf" -gitea_data_dir: "{{ gitea_base_dir }}/data" -gitea_run_dir: "{{ gitea_base_dir }}/run" -gitea_template_dir: "{{ gitea_base_dir }}/custom/templates" - -gitea_selinux_fcontext: - - target: "{{ gitea_log_dir }}(/.*)?" - setype: var_log_t -gitea_selinux_restorecon: - - "-ir {{ gitea_log_dir }}" - -gitea_bind_ip: 127.0.0.1 -gitea_bind_port: 61000 -gitea_listen_address: http://gitea.example.com +gitea_image: "docker.io/gitea/gitea:latest-rootless" +gitea_url: "http://localhost:3000" + +# @var gitea_volumes:description: > Define required docker volumes. +# @end +# @var gitea_volumes:example: > +# gitea_volumes: +# - name: data +# # target location inside the container +# dest: /var/lib/gitea +# type: volume +# @end +gitea_volumes: + - name: "gitea-data" + dest: /var/lib/gitea + - name: /etc/timezone + dest: /etc/timezone + type: bind + opts: Z,ro + - name: /etc/localtime + dest: /etc/localtime + type: bind + opts: Z,ro + +# @var gitea_network:description: > +# Name of the container network. If the name ends with `.network`, the network will be created with the specified configuration. +# Otherwise, the network must already exist and the container will be attached to the network. +# @end +gitea_network: "gitea.network" +gitea_network_ipv6_enabled: False +# @var gitea_network_ipv6_subnet:value: $ "_unset_" +# @var gitea_network_ipv6_subnet:example: $ "fd00:0:0:2::/64" +# @var gitea_network_ipv6_gateway:value: $ "_unset_" +# @var gitea_network_ipv6_gateway:example: $ "fd00:0:0:2::1" + +# @var gitea_network_ipv4_subnet:value: $ "_unset_" +# @var gitea_network_ipv4_gateway:value: $ "_unset_" + +# @var gitea_exposed_ports:description: > +# Ports you want to publish outside of Docker. The Gitea UI is running on `3000` inside of the container. +# @end +gitea_exposed_ports: [] + +gitea_cap_add: [] +gitea_cap_drop: [] + +gitea_podman_args: + - --pids-limit=-1 + - --health-cmd='["wget", "--spider", "--proxy", "off", "http://localhost:3000/api/healthz"]' + - --health-interval=5s + - --health-timeout=5s + - --health-retries=6 + - --health-on-failure=kill gitea_install_lock: True # @var gitea_secret:description: Should be replaced by your own secret. gitea_secret: "1234567ABCDEFG" # @var gitea_token:description: Should be replaced by your own secret. gitea_token: "akslkaldasasifiuvsiasfa7s7f8as7f8asd" -gitea_run_mode: prod gitea_login_remember_days: 7 gitea_password_min_lenght: 8 # @var gitea_password_complexity:description: > @@ -91,7 +119,6 @@ gitea_default_dependencies_enabled: True gitea_default_timetracking_enabled: True gitea_log_level: Info -gitea_log_dir: "{{ gitea_base_dir }}/log" gitea_repository_default_private: last gitea_repository_force_private: False @@ -275,9 +302,3 @@ gitea_jwt_signing_algorithm: RS256 gitea_metrics_enabled: False # @var gitea_metrics_token:description: If you want to add authorization, specify a token here. # @var gitea_metrics_token:default: $ "_unset_" - -gitea_tls_enabled: False -gitea_tls_cert_path: "{{ gitea_base_dir }}/tls/certs/mycert.pem" -gitea_tls_key_path: "{{ gitea_base_dir }}/tls/private/mykey.pem" -gitea_tls_cert_source: mycert.pem -gitea_tls_key_source: mykey.pem diff --git a/handlers/main.yml b/handlers/main.yml index ddf0c8f..d0ca9f4 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,10 +1,7 @@ --- -- name: Restart Gitea Service +- name: Restart Gitea service: name: gitea state: restarted - daemon_reload: yes - enabled: yes + daemon_reload: True listen: __gitea_restart - become: True - become_user: root diff --git a/molecule/centos7/converge.yml b/molecule/centos7/converge.yml deleted file mode 100644 index f1d295c..0000000 --- a/molecule/centos7/converge.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: xoxys.gitea diff --git a/molecule/centos7/create.yml b/molecule/centos7/create.yml deleted file mode 100644 index 8b945cd..0000000 --- a/molecule/centos7/create.yml +++ /dev/null @@ -1,120 +0,0 @@ ---- -- name: Create - hosts: localhost - connection: local - gather_facts: false - no_log: "{{ molecule_no_log }}" - vars: - ssh_port: 22 - ssh_user: root - ssh_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" - tasks: - - name: Create SSH key - user: - name: "{{ lookup('env', 'USER') }}" - generate_ssh_key: true - ssh_key_file: "{{ ssh_path }}" - force: true - register: generated_ssh_key - - - name: Register the SSH key name - set_fact: - ssh_key_name: "molecule-generated-{{ 12345 | random | to_uuid }}" - - - name: Register SSH key for test instance(s) - hcloud_ssh_key: - name: "{{ ssh_key_name }}" - public_key: "{{ generated_ssh_key.ssh_public_key }}" - state: present - - - name: Create molecule instance(s) - hcloud_server: - name: "{{ item.name }}" - server_type: "{{ item.server_type }}" - ssh_keys: - - "{{ ssh_key_name }}" - image: "{{ item.image }}" - location: "{{ item.location | default(omit) }}" - datacenter: "{{ item.datacenter | default(omit) }}" - user_data: "{{ item.user_data | default(omit) }}" - api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}" - state: present - register: server - loop: "{{ molecule_yml.platforms }}" - async: 7200 - poll: 0 - - - name: Wait for instance(s) creation to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: hetzner_jobs - until: hetzner_jobs.finished - retries: 300 - loop: "{{ server.results }}" - - - name: Create volume(s) - hcloud_volume: - name: "{{ item.name }}" - server: "{{ item.name }}" - location: "{{ item.location | default(omit) }}" - size: "{{ item.volume_size | default(10) }}" - api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}" - state: "present" - loop: "{{ molecule_yml.platforms }}" - when: item.volume | default(False) | bool - register: volumes - async: 7200 - poll: 0 - - - name: Wait for volume(s) creation to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: hetzner_volumes - until: hetzner_volumes.finished - retries: 300 - when: volumes.changed - loop: "{{ volumes.results }}" - - # Mandatory configuration for Molecule to function. - - - name: Populate instance config dict - set_fact: - instance_conf_dict: - { - "instance": "{{ item.hcloud_server.name }}", - "ssh_key_name": "{{ ssh_key_name }}", - "address": "{{ item.hcloud_server.ipv4_address }}", - "user": "{{ ssh_user }}", - "port": "{{ ssh_port }}", - "identity_file": "{{ ssh_path }}", - "volume": "{{ item.item.item.volume | default(False) | bool }}", - } - loop: "{{ hetzner_jobs.results }}" - register: instance_config_dict - when: server.changed | bool - - - name: Convert instance config dict to a list - set_fact: - instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" - when: server.changed | bool - - - name: Dump instance config - copy: - content: | - # Molecule managed - - {{ instance_conf | to_nice_yaml(indent=2) }} - dest: "{{ molecule_instance_config }}" - when: server.changed | bool - - - name: Wait for SSH - wait_for: - port: "{{ ssh_port }}" - host: "{{ item.address }}" - search_regex: SSH - delay: 10 - loop: "{{ lookup('file', molecule_instance_config) | from_yaml }}" - - - name: Wait for VM to settle down - pause: - seconds: 30 diff --git a/molecule/centos7/molecule.yml b/molecule/centos7/molecule.yml deleted file mode 100644 index 9493634..0000000 --- a/molecule/centos7/molecule.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -dependency: - name: galaxy - options: - role-file: molecule/requirements.yml - requirements-file: molecule/requirements.yml - env: - ANSIBLE_GALAXY_DISPLAY_PROGRESS: "false" -driver: - name: delegated -platforms: - - name: centos7-gitea - image: centos-7 - server_type: cx11 -lint: | - /usr/local/bin/flake8 -provisioner: - name: ansible - env: - ANSIBLE_FILTER_PLUGINS: ${ANSIBLE_FILTER_PLUGINS:-./plugins/filter} - ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-./library} - log: False -verifier: - name: testinfra diff --git a/molecule/centos7/tests/test_default.py b/molecule/centos7/tests/test_default.py deleted file mode 100644 index d347980..0000000 --- a/molecule/centos7/tests/test_default.py +++ /dev/null @@ -1,18 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ["MOLECULE_INVENTORY_FILE"] -).get_hosts("all") - - -def test_gitea_running_and_enabled(host): - gitea = host.service("gitea") - assert gitea.is_running - assert gitea.is_enabled - - -def test_gitea_socket(host): - # Verify the socket is listening for HTTP traffic - assert host.socket("tcp://127.0.0.1:61000").is_listening diff --git a/molecule/default b/molecule/default index 62ea184..afa9fc6 120000 --- a/molecule/default +++ b/molecule/default @@ -1 +1 @@ -rocky8 \ No newline at end of file +rocky9 \ No newline at end of file diff --git a/molecule/requirements.yml b/molecule/requirements.yml index 46da115..927757f 100644 --- a/molecule/requirements.yml +++ b/molecule/requirements.yml @@ -1,6 +1,12 @@ --- collections: - - name: https://gitea.rknet.org/ansible/xoxys.general/releases/download/v2.1.1/xoxys-general-2.1.1.tar.gz + - name: https://gitea.rknet.org/ansible/xoxys.general + type: git - name: community.general + - name: containers.podman -roles: [] +roles: + - src: https://gitea.rknet.org/ansible/xoxys.podman + name: xoxys.podman + scm: git + version: main diff --git a/molecule/rocky8/converge.yml b/molecule/rocky8/converge.yml deleted file mode 100644 index f1d295c..0000000 --- a/molecule/rocky8/converge.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: xoxys.gitea diff --git a/molecule/rocky8/destroy.yml b/molecule/rocky8/destroy.yml deleted file mode 100644 index 6454c71..0000000 --- a/molecule/rocky8/destroy.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -- name: Destroy - hosts: localhost - connection: local - gather_facts: false - no_log: "{{ molecule_no_log }}" - tasks: - - name: Check existing instance config file - stat: - path: "{{ molecule_instance_config }}" - register: cfg - - - name: Populate the instance config - set_fact: - instance_conf: "{{ (lookup('file', molecule_instance_config) | from_yaml) if cfg.stat.exists else [] }}" - - - name: Destroy molecule instance(s) - hcloud_server: - name: "{{ item.instance }}" - api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}" - state: absent - register: server - loop: "{{ instance_conf }}" - async: 7200 - poll: 0 - - - name: Wait for instance(s) deletion to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: hetzner_jobs - until: hetzner_jobs.finished - retries: 300 - loop: "{{ server.results }}" - - - pause: - seconds: 5 - - - name: Destroy volume(s) - hcloud_volume: - name: "{{ item.instance }}" - server: "{{ item.instance }}" - api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}" - state: "absent" - register: volumes - loop: "{{ instance_conf }}" - when: item.volume | default(False) | bool - async: 7200 - poll: 0 - - - name: Wait for volume(s) deletion to complete - async_status: - jid: "{{ item.ansible_job_id }}" - register: hetzner_volumes - until: hetzner_volumes.finished - retries: 300 - when: volumes.changed - loop: "{{ volumes.results }}" - - - name: Remove registered SSH key - hcloud_ssh_key: - name: "{{ instance_conf[0].ssh_key_name }}" - state: absent - when: (instance_conf | default([])) | length > 0 - - # Mandatory configuration for Molecule to function. - - - name: Populate instance config - set_fact: - instance_conf: {} - - - name: Dump instance config - copy: - content: | - # Molecule managed - - {{ instance_conf | to_nice_yaml(indent=2) }} - dest: "{{ molecule_instance_config }}" - when: server.changed | bool diff --git a/molecule/rocky8/prepare.yml b/molecule/rocky8/prepare.yml deleted file mode 100644 index 183f4d3..0000000 --- a/molecule/rocky8/prepare.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Prepare - hosts: all - gather_facts: false - tasks: - - name: Bootstrap python for Ansible - raw: | - command -v python3 python || ( - (test -e /usr/bin/dnf && sudo dnf install -y python3) || - (test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) || - (test -e /usr/bin/yum && sudo yum -y -qq install python3) || - echo "Warning: Python not boostrapped due to unknown platform." - ) - become: true - changed_when: false diff --git a/molecule/rocky8/tests/test_default.py b/molecule/rocky8/tests/test_default.py deleted file mode 100644 index d347980..0000000 --- a/molecule/rocky8/tests/test_default.py +++ /dev/null @@ -1,18 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ["MOLECULE_INVENTORY_FILE"] -).get_hosts("all") - - -def test_gitea_running_and_enabled(host): - gitea = host.service("gitea") - assert gitea.is_running - assert gitea.is_enabled - - -def test_gitea_socket(host): - # Verify the socket is listening for HTTP traffic - assert host.socket("tcp://127.0.0.1:61000").is_listening diff --git a/molecule/rocky9/converge.yml b/molecule/rocky9/converge.yml new file mode 100644 index 0000000..933cd95 --- /dev/null +++ b/molecule/rocky9/converge.yml @@ -0,0 +1,10 @@ +--- +- name: Converge + hosts: all + roles: + - role: xoxys.podman + - role: xoxys.gitea + vars: + gitea_exposed_ports: + - 127.0.0.1:3000:3000 + - 127.0.0.1:2222:2222 diff --git a/molecule/rocky8/create.yml b/molecule/rocky9/create.yml similarity index 99% rename from molecule/rocky8/create.yml rename to molecule/rocky9/create.yml index 8b945cd..719600d 100644 --- a/molecule/rocky8/create.yml +++ b/molecule/rocky9/create.yml @@ -117,4 +117,4 @@ - name: Wait for VM to settle down pause: - seconds: 30 + seconds: 30 \ No newline at end of file diff --git a/molecule/centos7/destroy.yml b/molecule/rocky9/destroy.yml similarity index 98% rename from molecule/centos7/destroy.yml rename to molecule/rocky9/destroy.yml index 6454c71..ed0b2ed 100644 --- a/molecule/centos7/destroy.yml +++ b/molecule/rocky9/destroy.yml @@ -75,4 +75,4 @@ {{ instance_conf | to_nice_yaml(indent=2) }} dest: "{{ molecule_instance_config }}" - when: server.changed | bool + when: server.changed | bool \ No newline at end of file diff --git a/molecule/rocky8/molecule.yml b/molecule/rocky9/molecule.yml similarity index 91% rename from molecule/rocky8/molecule.yml rename to molecule/rocky9/molecule.yml index d1aa1e8..3d63b73 100644 --- a/molecule/rocky8/molecule.yml +++ b/molecule/rocky9/molecule.yml @@ -9,8 +9,8 @@ dependency: driver: name: delegated platforms: - - name: rocky8-gitea - image: rocky-8 + - name: rocky9-gitea + image: rocky-9 server_type: cx11 lint: | /usr/local/bin/flake8 diff --git a/molecule/centos7/prepare.yml b/molecule/rocky9/prepare.yml similarity index 100% rename from molecule/centos7/prepare.yml rename to molecule/rocky9/prepare.yml diff --git a/molecule/rocky9/tests/test_default.py b/molecule/rocky9/tests/test_default.py new file mode 100644 index 0000000..18814f1 --- /dev/null +++ b/molecule/rocky9/tests/test_default.py @@ -0,0 +1,30 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ["MOLECULE_INVENTORY_FILE"] +).get_hosts("all") + + +def test_gitea_running_and_enabled(host): + gitea = host.service("gitea") + assert gitea.is_running + assert gitea.is_enabled + + +def test_gitea_socket(host): + # Verify the socket is listening for HTTP traffic + assert host.socket("tcp://127.0.0.1:3000").is_listening + # Verify the socket is listening for SSH traffic + assert host.socket("tcp://127.0.0.1:2222").is_listening + + +def test_gitea_conn_error(host): + code = int( + host.run("curl -sSL -w '%{http_code}' http://127.0.0.1:3000/ -o /dev/null").stdout # noqa + ) + body = host.run("curl -sSLX GET http://127.0.0.1:3000/").stdout + + assert code == 200 + assert "Gitea: Git with a cup of tea" in body diff --git a/tasks/install.yml b/tasks/install.yml deleted file mode 100644 index ce5d47a..0000000 --- a/tasks/install.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- -- name: Prepare base folder - file: - path: "{{ gitea_base_dir }}" - state: directory - owner: "{{ gitea_user }}" - group: "{{ gitea_user }}" - mode: 0750 - become: True - become_user: root - -- block: - - name: Prepare folder structure - file: - path: "{{ item }}" - state: directory - mode: 0750 - loop: - - "{{ gitea_config_dir }}" - - "{{ gitea_data_dir }}" - - "{{ gitea_log_dir }}" - - "{{ gitea_run_dir }}" - - "{{ gitea_template_dir }}/custom" - - - name: Download Gitea binary - get_url: - url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64" - dest: "{{ gitea_base_dir }}/gitea-latest" - mode: 0750 - notify: __gitea_restart - - - name: Copy config file - template: - src: "custom/conf/app.ini.j2" - dest: "{{ gitea_config_dir }}/app.ini" - mode: 0600 - notify: __gitea_restart - - - name: Copy template files - template: - src: "templates/custom/templates/custom/{{ item }}.tmpl.j2" - dest: "{{ gitea_template_dir }}/custom/{{ item }}.tmpl" - mode: 0600 - loop: - - extra_links_footer - - extra_links - notify: __gitea_restart - become: True - become_user: "{{ gitea_user }}" - -- block: - - name: Copy systemd unit file - template: - src: "etc/systemd/system/gitea.service.j2" - dest: "/etc/systemd/system/gitea.service" - mode: 0640 - notify: __gitea_restart - become: True - become_user: root diff --git a/tasks/main.yml b/tasks/main.yml index 365f1fa..a10247f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,9 +1,53 @@ --- -- include_tasks: prepare.yml -- include_tasks: install.yml -- include_tasks: selinux.yml - when: ansible_selinux.status == "enabled" -- import_tasks: tls.yml - when: gitea_tls_enabled | bool - tags: tls_renewal -- include_tasks: post_tasks.yml +- block: + - name: Create network specs + template: + src: etc/containers/systemd/gitea.network.j2 + dest: "/etc/containers/systemd/gitea.network" + owner: root + group: root + mode: "0640" + when: gitea_network | splitext | last == ".network" + notify: __gitea_restart + + - name: Create container volumes + containers.podman.podman_volume: + name: "{{ item.name }}" + options: "{{ item.options | default(omit) }}" + state: "{{ item.state | default('present') }}" + loop: "{{ gitea_volumes }}" + loop_control: + label: "{{ item.name }}" + when: item.type | default("volume") | lower == "volume" + register: __gitea_volumes_raw + + - name: Register container volumes map + set_fact: + __gitea_volumes_map: "{{ __gitea_volumes_raw.results | json_query('[].volume') | items2dict(key_name='Name', value_name='Mountpoint') }}" + + - name: Deploy gitea env file + template: + src: etc/containers/systemd/gitea.env.j2 + dest: "/etc/containers/systemd/gitea.env" + owner: root + group: root + mode: "0640" + notify: __gitea_restart + + - name: Create container specs + template: + src: etc/containers/systemd/gitea.container.j2 + dest: "/etc/containers/systemd/gitea.container" + owner: root + group: root + mode: "0640" + notify: __gitea_restart + + - name: Ensure service state + systemd: + name: "gitea.service" + state: started + daemon_reload: True + enabled: True + become: True + become_user: root diff --git a/tasks/post_tasks.yml b/tasks/post_tasks.yml deleted file mode 100644 index 2af1711..0000000 --- a/tasks/post_tasks.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Ensure gitea service is up and running - service: - state: started - daemon_reload: yes - enabled: yes - name: gitea - become: True - become_user: root diff --git a/tasks/prepare.yml b/tasks/prepare.yml deleted file mode 100644 index c8b055f..0000000 --- a/tasks/prepare.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- block: - - name: Create group '{{ gitea_group }}' - group: - name: "{{ gitea_group }}" - state: present - - - name: Create user '{{ gitea_user }}' - user: - comment: Gitea - name: "{{ gitea_user }}" - home: "{{ gitea_user_home }}" - group: "{{ gitea_group }}" - groups: "{{ gitea_extra_groups | join(',') }}" - - - name: Install dependencies - package: - name: "{{ item }}" - state: present - loop: - - "{{ gitea_packages }}" - become: True - become_user: root diff --git a/tasks/selinux.yml b/tasks/selinux.yml deleted file mode 100644 index ac43753..0000000 --- a/tasks/selinux.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- block: - - name: Add SELinux file context mapping definitions - sefcontext: - target: "{{ item.target }}" - setype: "{{ item.setype }}" - state: present - loop: "{{ gitea_selinux_fcontext }}" - - - name: Apply new SELinux file context to filesystem - command: "restorecon {{ item }}" - loop: "{{ gitea_selinux_restorecon }}" - changed_when: False - become: True - become_user: root diff --git a/tasks/tls.yml b/tasks/tls.yml deleted file mode 100644 index e33d86d..0000000 --- a/tasks/tls.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- block: - - name: Create tls folder structure - file: - path: "{{ item }}" - state: directory - owner: "{{ gitea_user }}" - group: "{{ gitea_group }}" - recurse: True - loop: - - "{{ gitea_tls_cert_path | dirname }}" - - "{{ gitea_tls_key_path | dirname }}" - become: True - become_user: root - -- block: - - name: Copy certs and private key - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - loop: - - { src: "{{ gitea_tls_key_source }}", dest: '{{ gitea_tls_key_path }}', mode: '0600' } - - { src: "{{ gitea_tls_cert_source }}", dest: '{{ gitea_tls_cert_path }}', mode: '0750' } - loop_control: - label: "{{ item.dest }}" - become: True - become_user: "{{ gitea_user }}" diff --git a/templates/custom/conf/app.ini.j2 b/templates/custom/conf/app.ini.j2 deleted file mode 100644 index 712efeb..0000000 --- a/templates/custom/conf/app.ini.j2 +++ /dev/null @@ -1,315 +0,0 @@ -#jinja2: lstrip_blocks: True -{{ ansible_managed | comment(decoration="; ")}} -APP_NAME = Gitea: Git with a cup of tea -RUN_USER = {{ gitea_user }} -RUN_MODE = {{ gitea_run_mode }} -WORK_PATH = {{ gitea_base_dir }} - -[repository] -ROOT = {{ gitea_data_dir }}/repos -FORCE_PRIVATE = {{ gitea_repository_force_private | bool | lower }} -DEFAULT_PRIVATE = {{ gitea_repository_default_private }} -MAX_CREATION_LIMIT = {{ gitea_repository_creation_limit }} -PREFERRED_LICENSES = {{ gitea_repository_default_license | join(",") }} -DISABLE_HTTP_GIT = {{ 'false' if gitea_repository_http_enabled | bool else 'true' }} -{% if gitea_repository_access_control_allow_origin is defined and gitea_repository_access_control_allow_origin %} -ACCESS_CONTROL_ALLOW_ORIGIN = {{ gitea_repository_access_control_allow_origin }} -{% endif %} -USE_COMPAT_SSH_URI = {{ gitea_repository_use_compat_ssh_uri | bool | lower }} -ENABLE_PUSH_CREATE_USER = {{ gitea_repository_push_create_user_enabled | bool | lower }} -ENABLE_PUSH_CREATE_ORG = {{ gitea_repository_push_create_org_enabled | bool | lower }} -DEFAULT_REPO_UNITS = {{ gitea_repository_default_repo_units | join(",") }} -DEFAULT_BRANCH = {{ gitea_repository_default_branch }} - -[repository.editor] -LINE_WRAP_EXTENSIONS = {{ gitea_repository_editor_line_wrap_ext | join(",") }} -PREVIEWABLE_FILE_MODES = markdown - -[repository.upload] -{% if gitea_repository_upload_enabled | bool %} -ENABLED = true -{% if gitea_repository_upload_allowed_types %} -ALLOWED_TYPES = {{ gitea_repository_upload_allowed_types | join(",") }} -{% endif %} -FILE_MAX_SIZE = {{ gitea_repository_upload_max_filesize }} -MAX_FILES = {{ gitea_repository_upload_max_files }} -{% else %} -ENABLED = false -{% endif %} - -[repository.pull-request] -WORK_IN_PROGRESS_PREFIXES = {{ gitea_repository_pr_wip_prefix | join(",") }} -CLOSE_KEYWORDS = {{ gitea_repository_pr_close_keyword | join(",") }} -REOPEN_KEYWORDS = {{ gitea_repository_pr_reopen_keyword | join(",") }} - -[repository.issue] -LOCK_REASONS = {{ gitea_repository_issue_lock_reason | join(",") }} - -[ui] -EXPLORE_PAGING_NUM = {{ gitea_ui_explore_paging_num }} -ISSUE_PAGING_NUM = {{ gitea_ui_issue_paging_num }} -FEED_MAX_COMMIT_NUM = {{ gitea_ui_feed_commit_num }} -GRAPH_MAX_COMMIT_NUM = {{ gitea_ui_graph_commit_num }} -CODE_COMMENT_LINES = {{ gitea_ui_code_comment_lines }} -SHOW_USER_EMAIL = {{ gitea_ui_show_user_email | bool | lower }} -REACTIONS = {{ gitea_ui_reaction | join(",") }} -DEFAULT_SHOW_FULL_NAME = {{ gitea_ui_show_full_name | bool | lower }} -SEARCH_REPO_DESCRIPTION = {{ gitea_ui_search_repo_description | bool | lower }} - -[ui.admin] -USER_PAGING_NUM = {{ gitea_ui_admin_user_paging_num }} -REPO_PAGING_NUM = {{ gitea_ui_admin_repo_paging_num }} -NOTICE_PAGING_NUM = {{ gitea_ui_admin_notice_paging_num }} -ORG_PAGING_NUM = {{ gitea_ui_admin_org_paging_num }} - -[ui.user] -REPO_PAGING_NUM = {{ gitea_ui_user_repo_paging_num }} - -[markdown] -ENABLE_HARD_LINE_BREAK = {{ gitea_markdown_hard_linebreak_enabled | bool | lower }} -{% if gitea_markdown_custom_url_scheme %} -CUSTOM_URL_SCHEMES = {{ gitea_markdown_custom_url_scheme | join(",") }} -{% endif %} -FILE_EXTENSIONS = {{ gitea_markdown_file_ext | join(",") }} - -[server] -PROTOCOL = {{ 'https' if gitea_tls_enabled else 'http' }} -DOMAIN = {{ gitea_listen_address | urlsplit('hostname') }} -ROOT_URL = {{ gitea_listen_address | urlsplit('scheme') }}://%(DOMAIN)s/ -HTTP_ADDR = {{ gitea_bind_ip }} -HTTP_PORT = {{ gitea_bind_port }} -LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/ -DISABLE_SSH = {{ 'false' if gitea_ssh_enabled | bool else 'true' }} -START_SSH_SERVER = false -MINIMUM_KEY_SIZE_CHECK = {{ gitea_minimum_keysize_check | bool | lower }} -OFFLINE_MODE = {{ gitea_offline_mode | bool | lower }} -{% if gitea_tls_enabled | bool %} -CERT_FILE = {{ gitea_tls_cert_path }} -KEY_FILE = {{ gitea_tls_key_path }} -{% endif %} -APP_DATA_PATH = {{ gitea_data_dir }} -PPROF_DATA_PATH = {{ gitea_data_dir }}/tmp/pprof -LANDING_PAGE = {{ gitea_landing_page }} -{% if gitea_lfs_enabled | bool %} -LFS_START_SERVER = true -LFS_CONTENT_PATH = {{ gitea_data_dir }}/lfs -LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }} -LFS_HTTP_AUTH_EXPIRY = 20m -{% else %} -LFS_START_SERVER = false -{% endif %} - -[ssh.minimum_key_sizes] -{% for key in gitea_minimum_keysize %} -{{ key.name }} = {{ key.size }} -{% endfor %} - -[database] -{% if gitea_db_type == "pgsql" %} -DB_TYPE = postgres -HOST = {{ gitea_db_server }}:{{ gitea_db_port }} -NAME = {{ gitea_db_name }} -USER = {{ gitea_db_user }} -PASSWD = {{ gitea_db_password }} -SSL_MODE = {{ gitea_db_ssl_mode }} -{% elif gitea_db_type == "sqlite" %} -DB_TYPE = sqlite3 -PATH = {{ gitea_data_dir }}/gitea.db -SQLITE_TIMEOUT = 500 -{% endif %} - -[indexer] -ISSUE_INDEXER_TYPE = bleve -ISSUE_INDEXER_PATH = {{ gitea_data_dir }}/indexers/issues.bleve -REPO_INDEXER_ENABLED = true -REPO_INDEXER_PATH = {{ gitea_data_dir }}/indexers/repos.bleve - -[queue.issue_indexer] -DATADIR = {{ gitea_data_dir }}/issues.queue - -[admin] -DISABLE_REGULAR_ORG_CREATION = {{ 'false' if gitea_org_creation_enabled | bool else 'true' }} -DEFAULT_EMAIL_NOTIFICATIONS = {{ gitea_default_email_notification }} - -[webhook] -QUEUE_LENGTH = 1000 -DELIVER_TIMEOUT = 5 -ALLOWED_HOST_LIST = {{ gitea_webhook_allowed_host_list | join(",") }} -SKIP_TLS_VERIFY = false - -[security] -INSTALL_LOCK = {{ gitea_install_lock | bool | lower }} -SECRET_KEY = {{ gitea_secret }} -LOGIN_REMEMBER_DAYS = {{ gitea_login_remember_days }} -MIN_PASSWORD_LENGTH = {{ gitea_password_min_lenght }} -DISABLE_GIT_HOOKS = {{ 'false' if gitea_git_hooks_enabled | bool else 'true' }} -PASSWORD_COMPLEXITY = {{ gitea_password_complexity | join(",") }} -PASSWORD_HASH_ALGO = pbkdf2 -INTERNAL_TOKEN = {{ gitea_token }} - -[service] -REGISTER_EMAIL_CONFIRM = {{ gitea_registration_email_confirm | bool | lower }} -{% if gitea_registration_email_domain_whitelist is defined and gitea_registration_email_domain_whitelist %} -EMAIL_DOMAIN_WHITELIST= {{ gitea_registration_email_domain_whitelist | join(",") }} -{% endif %} -DISABLE_REGISTRATION = {{ 'false' if gitea_registration_enabled | bool else 'true' }} -ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_registration_allow_external_only | bool | lower }} -REQUIRE_SIGNIN_VIEW = false -{% if gitea_mail_service_enabled | bool %} -ENABLE_NOTIFY_MAIL = true -{% endif %} -ENABLE_BASIC_AUTHENTICATION = true -ALLOW_CROSS_REPOSITORY_DEPENDENCIES = true -ENABLE_USER_HEATMAP = true -ENABLE_TIMETRACKING = true -NO_REPLY_ADDRESS = {{ gitea_no_reply_address }} -SHOW_REGISTRATION_BUTTON = {{ gitea_registration_button_enabled | bool | lower }} -SHOW_MILESTONES_DASHBOARD_PAGE = true -AUTO_WATCH_NEW_REPOS = {{ gitea_repository_auto_watch_on_creation | bool | lower }} -AUTO_WATCH_ON_CHANGES = {{ gitea_repository_auto_watch_on_change | bool | lower }} -DEFAULT_KEEP_EMAIL_PRIVATE = {{ gitea_default_keep_email_private | bool | lower }} -DEFAULT_ALLOW_CREATE_ORGANIZATION = {{ gitea_default_org_allow_creation | bool | lower }} -DEFAULT_ORG_VISIBILITY = {{ gitea_default_org_visible }} -DEFAULT_ORG_MEMBER_VISIBLE = {{ gitea_default_org_member_visible | bool | lower }} -DEFAULT_ENABLE_DEPENDENCIES = {{ gitea_default_dependencies_enabled | bool | lower }} -DEFAULT_ENABLE_TIMETRACKING = {{ gitea_default_timetracking_enabled | bool | lower }} -DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true - -{% if gitea_mail_service_enabled | bool %} -[mailer] -ENABLED = true -{% if gitea_mail_subject_prefix is defined and gitea_mail_subject_prefix %} -SUBJECT_PREFIX = {{ gitea_mail_subject_prefix }} -{% endif %} -FROM = {{ gitea_mail_service_from }} -PROTOCOL = sendmail -SENDMAIL_PATH = /usr/sbin/sendmail -{% else %} -[mailer] -ENABLED = false -{% endif %} - -[session] -PROVIDER = {{ gitea_session_provider }} -PROVIDER_CONFIG = {{ gitea_session_provider_config }} -COOKIE_NAME = {{ gitea_session_cookie_name }} -COOKIE_SECURE = {{ gitea_session_cookie_secure | bool | lower }} -ENABLE_SET_COOKIE = {{ gitea_session_enable_set_cookie | bool | lower }} -GC_INTERVAL_TIME = {{ gitea_session_session_life_time }} -SESSION_LIFE_TIME = {{ gitea_session_session_life_time }} - -[picture] -AVATAR_UPLOAD_PATH = {{ gitea_data_dir }}/avatars -REPOSITORY_AVATAR_UPLOAD_PATH = {{ gitea_data_dir }}/repo-avatars -REPOSITORY_AVATAR_FALLBACK = none -DISABLE_GRAVATAR = {{ 'false' if gitea_gravatar_enabled | bool else 'true' }} -GRAVATAR_SOURCE = {{ gitea_gravatar_source }} -ENABLE_FEDERATED_AVATAR = {{ gitea_avatar_federation_enabled | bool | lower }} - -[attachment] -{% if gitea_attachment_enabled | bool %} -ENABLE = true -PATH = {{ gitea_data_dir }}/attachments -ALLOWED_TYPES = {{ gitea_attachment_allowed_types | join("|") }} -MAX_SIZE = {{ gitea_attachment_max_filesize }} -MAX_FILES = {{ gitea_attachment_max_files }} -{% else %} -ENABLE = false -{% endif %} - -[log] -ROOT_PATH = {{ gitea_log_dir }} -MODE = file -REDIRECT_MACARON_LOG = true -MACARON = file -ROUTER_LOG_LEVEL = Info -logger.router.MODE = file -{% raw %} -ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}" -{% endraw %} -logger.access.MODE = file -LEVEL = {{ gitea_log_level }} -STACKTRACE_LEVEL = None - -[log.file] -LOG_ROTATE = false - -[log.file.macaron] -LEVEL = Info - -[log.file.router] -LEVEL = Info - -[log.file.access] -LEVEL = Info - -[cron] -ENABLED = true -RUN_AT_START = false - -[cron.update_mirrors] -SCHEDULE = @every 10m - -[cron.repo_health_check] -SCHEDULE = @every 24h -TIMEOUT = -ARGS = - -[cron.check_repo_stats] -RUN_AT_START = true -SCHEDULE = @every 24h - -[cron.archive_cleanup] -ENABLED = true -RUN_AT_START = true -SCHEDULE = @every 24h -OLDER_THAN = 24h - -[cron.sync_external_users] -RUN_AT_START = true -SCHEDULE = @every 24h -UPDATE_EXISTING = true - -[cron.update_migration_post_id] -SCHEDULE = @every 24h - -[mirror] -DEFAULT_INTERVAL = {{ gitea_mirror_default_interval }} -MIN_INTERVAL = {{ gitea_mirror_min_interval }} - -[api] -ENABLE_SWAGGER = {{ gitea_api_swagger_enabled | bool | lower }} -MAX_RESPONSE_ITEMS = 50 -DEFAULT_PAGING_NUM = {{ gitea_api_default_paging_num }} -DEFAULT_GIT_TREES_PER_PAGE = {{ gitea_api_default_git_trees_per_page }} -DEFAULT_MAX_BLOB_SIZE = 10485760 - -{% if gitea_oauth_provider_enabled | bool %} -[oauth2] -ENABLE = true -ACCESS_TOKEN_EXPIRATION_TIME = {{ gitea_access_token_expiration_time }} -REFRESH_TOKEN_EXPIRATION_TIME = {{ gitea_refresh_token_expiration_time }} -INVALIDATE_REFRESH_TOKENS = {{ gitea_invalidate_refresh_tokens | bool | lower }} -JWT_SIGNING_ALGORITHM = {{ gitea_jwt_signing_algorithm }} -JWT_SECRET = {{ gitea_jwt_secret }} -{% else %} -[oauth2] -ENABLE = false -{% endif %} - -[other] -SHOW_FOOTER_BRANDING = {{ gitea_footer_show_branding | bool | lower }} -SHOW_FOOTER_VERSION = {{ gitea_footer_show_version | bool | lower }} -SHOW_FOOTER_TEMPLATE_LOAD_TIME = {{ gitea_footer_show_template_load_time | bool | lower }} - -[markup.asciidoc] -ENABLED = false -FILE_EXTENSIONS = .adoc,.asciidoc -RENDER_COMMAND = asciidoc --out-file=- - -IS_INPUT_FILE = false - -[metrics] -ENABLED = {{ gitea_metrics_enabled | bool | lower }} -{% if gitea_metrics_token is defined and gitea_metrics_token %} -TOKEN = {{ gitea_metrics_token }} -{% endif %} diff --git a/templates/custom/templates/custom/extra_links.tmpl.j2 b/templates/custom/templates/custom/extra_links.tmpl.j2 deleted file mode 100644 index c0e9ad5..0000000 --- a/templates/custom/templates/custom/extra_links.tmpl.j2 +++ /dev/null @@ -1,4 +0,0 @@ -#jinja2: lstrip_blocks: True -{% for link in gitea_extra_links %} -{{ link.name }} -{% endfor %} diff --git a/templates/custom/templates/custom/extra_links_footer.tmpl.j2 b/templates/custom/templates/custom/extra_links_footer.tmpl.j2 deleted file mode 100644 index 65fd549..0000000 --- a/templates/custom/templates/custom/extra_links_footer.tmpl.j2 +++ /dev/null @@ -1,4 +0,0 @@ -#jinja2: lstrip_blocks: True -{% for link in gitea_extra_links_footer %} -{{ link.name }} -{% endfor %} diff --git a/templates/etc/containers/systemd/gitea.container.j2 b/templates/etc/containers/systemd/gitea.container.j2 new file mode 100644 index 0000000..a507c71 --- /dev/null +++ b/templates/etc/containers/systemd/gitea.container.j2 @@ -0,0 +1,32 @@ +#jinja2: lstrip_blocks: True +{{ ansible_managed | comment }} +[Install] +WantedBy=default.target + +[Service] +Restart=on-failure +RestartSec=5s + +ExecReload=/usr/bin/podman kill --signal=SIGHUP %p + +[Container] +Image={{ gitea_image }} +EnvironmentFile=/etc/containers/systemd/gitea.env +{% for item in gitea_volumes %} +Volume={{ item.name }}:{{ item.dest }}{{ ":" + item.opts if item.opts is defined else "" }} +{% endfor %} + +{% if gitea_cap_add | length > 0 %} +AddCapability={{ gitea_cap_add | join(" ") }} +{% endif %} +{% if gitea_cap_drop | length > 0 %} +DropCapability={{ gitea_cap_drop | join(" ") }} +{% endif %} + +Network={{ gitea_network }} +{% for item in gitea_exposed_ports %} +PublishPort={{ item }} +{% endfor %} +{% for item in gitea_podman_args %} +PodmanArgs={{ item }} +{% endfor %} diff --git a/templates/etc/containers/systemd/gitea.env.j2 b/templates/etc/containers/systemd/gitea.env.j2 new file mode 100644 index 0000000..e3e1d59 --- /dev/null +++ b/templates/etc/containers/systemd/gitea.env.j2 @@ -0,0 +1,213 @@ +#jinja2: lstrip_blocks: True +{{ ansible_managed | comment }} +GITEA__RUN_MODE=prod + +GITEA__repository__FORCE_PRIVATE={{ gitea_repository_force_private | bool | lower }} +GITEA__repository__DEFAULT_PRIVATE={{ gitea_repository_default_private }} +GITEA__repository__MAX_CREATION_LIMIT={{ gitea_repository_creation_limit }} +GITEA__repository__PREFERRED_LICENSES={{ gitea_repository_default_license | join(",") }} +GITEA__repository__DISABLE_HTTP_GIT={{ "false" if gitea_repository_http_enabled | bool else "true" }} +{% if gitea_repository_access_control_allow_origin is defined and gitea_repository_access_control_allow_origin %} +GITEA__repository__ACCESS_CONTROL_ALLOW_ORIGIN={{ gitea_repository_access_control_allow_origin }} +{% endif %} +GITEA__repository__USE_COMPAT_SSH_URI={{ gitea_repository_use_compat_ssh_uri | bool | lower }} +GITEA__repository__ENABLE_PUSH_CREATE_USER={{ gitea_repository_push_create_user_enabled | bool | lower }} +GITEA__repository__ENABLE_PUSH_CREATE_ORG={{ gitea_repository_push_create_org_enabled | bool | lower }} +GITEA__repository__DEFAULT_REPO_UNITS={{ gitea_repository_default_repo_units | join(",") }} +GITEA__repository__DEFAULT_BRANCH={{ gitea_repository_default_branch }} + +GITEA__repository_0X2E_editor__LINE_WRAP_EXTENSIONS={{ gitea_repository_editor_line_wrap_ext | join(",") }} +GITEA__repository_0X2E_editor__PREVIEWABLE_FILE_MODES=markdown + +{% if gitea_repository_upload_enabled | bool %} +GITEA__repository_0X2E_upload__ENABLED=true +{% if gitea_repository_upload_allowed_types %} +GITEA__repository_0X2E_upload__ALLOWED_TYPES={{ gitea_repository_upload_allowed_types | join(",") }} +{% endif %} +GITEA__repository_0X2E_upload__FILE_MAX_SIZE={{ gitea_repository_upload_max_filesize }} +GITEA__repository_0X2E_upload__MAX_FILES={{ gitea_repository_upload_max_files }} +{% else %} +GITEA__repository_0X2E_upload__ENABLED=false +{% endif %} + +GITEA__repository_0X2E_pull_0X2D_request__WORK_IN_PROGRESS_PREFIXES={{ gitea_repository_pr_wip_prefix | join(",") }} +GITEA__repository_0X2E_pull_0X2D_request__CLOSE_KEYWORDS={{ gitea_repository_pr_close_keyword | join(",") }} +GITEA__repository_0X2E_pull_0X2D_request__REOPEN_KEYWORDS={{ gitea_repository_pr_reopen_keyword | join(",") }} + +GITEA__repository_0X2E_issue__LOCK_REASONS={{ gitea_repository_issue_lock_reason | join(",") }} + +GITEA__ui__EXPLORE_PAGING_NUM={{ gitea_ui_explore_paging_num }} +GITEA__ui__ISSUE_PAGING_NUM={{ gitea_ui_issue_paging_num }} +GITEA__ui__FEED_MAX_COMMIT_NUM={{ gitea_ui_feed_commit_num }} +GITEA__ui__GRAPH_MAX_COMMIT_NUM={{ gitea_ui_graph_commit_num }} +GITEA__ui__CODE_COMMENT_LINES={{ gitea_ui_code_comment_lines }} +GITEA__ui__SHOW_USER_EMAIL={{ gitea_ui_show_user_email | bool | lower }} +GITEA__ui__REACTIONS={{ gitea_ui_reaction | join(",") }} +GITEA__ui__DEFAULT_SHOW_FULL_NAME={{ gitea_ui_show_full_name | bool | lower }} +GITEA__ui__SEARCH_REPO_DESCRIPTION={{ gitea_ui_search_repo_description | bool | lower }} + +GITEA__ui_0X2E_admin__USER_PAGING_NUM={{ gitea_ui_admin_user_paging_num }} +GITEA__ui_0X2E_admin__REPO_PAGING_NUM={{ gitea_ui_admin_repo_paging_num }} +GITEA__ui_0X2E_admin__NOTICE_PAGING_NUM={{ gitea_ui_admin_notice_paging_num }} +GITEA__ui_0X2E_admin__ORG_PAGING_NUM={{ gitea_ui_admin_org_paging_num }} + +GITEA__ui_0X2E_user__REPO_PAGING_NUM={{ gitea_ui_user_repo_paging_num }} + +GITEA__markdown__ENABLE_HARD_LINE_BREAK={{ gitea_markdown_hard_linebreak_enabled | bool | lower }} +{% if gitea_markdown_custom_url_scheme %} +GITEA__markdown__CUSTOM_URL_SCHEMES={{ gitea_markdown_custom_url_scheme | join(",") }} +{% endif %} +GITEA__markdown__FILE_EXTENSIONS={{ gitea_markdown_file_ext | join(",") }} + +GITEA__server__DOMAIN={{ gitea_url | urlsplit("hostname") }} +GITEA__server__ROOT_URL={{ gitea_url }} +GITEA__server__DISABLE_SSH={{ "false" if gitea_ssh_enabled | bool else "true" }} +GITEA__server__START_SSH_SERVER=true +GITEA__server__MINIMUM_KEY_SIZE_CHECK={{ gitea_minimum_keysize_check | bool | lower }} +GITEA__server__OFFLINE_MODE={{ gitea_offline_mode | bool | lower }} +GITEA__server__LANDING_PAGE={{ gitea_landing_page }} +{% if gitea_lfs_enabled | bool %} +GITEA__server__LFS_START_SERVER=true +GITEA__server__LFS_JWT_SECRET={{ gitea_lfs_jwt_secret }} +GITEA__server__LFS_HTTP_AUTH_EXPIRY=20m +{% else %} +GITEA__server__LFS_START_SERVER=false +{% endif %} + +{% for key in gitea_minimum_keysize %} +GITEA__ssh_0X2E_minimum_key_sizes__{{ key.name | upper }}={{ key.size }} +{% endfor %} + +{% if gitea_db_type == "pgsql" %} +GITEA__database__DB_TYPE=postgres +GITEA__database__HOST={{ gitea_db_server }}:{{ gitea_db_port }} +GITEA__database__NAME={{ gitea_db_name }} +GITEA__database__USER={{ gitea_db_user }} +GITEA__database__PASSWD={{ gitea_db_password }} +GITEA__database__SSL_MODE={{ gitea_db_ssl_mode }} +{% elif gitea_db_type == "sqlite" %} +GITEA__database__DB_TYPE=sqlite3 +GITEA__database__SQLITE_TIMEOUT=500 +{% endif %} + +GITEA__admin__DISABLE_REGULAR_ORG_CREATION={{ "false" if gitea_org_creation_enabled | bool else "true" }} +GITEA__admin__DEFAULT_EMAIL_NOTIFICATIONS={{ gitea_default_email_notification }} + +GITEA__webhook__QUEUE_LENGTH=1000 +GITEA__webhook__DELIVER_TIMEOUT=5 +GITEA__webhook__ALLOWED_HOST_LIST={{ gitea_webhook_allowed_host_list | join(",") }} +GITEA__webhook__SKIP_TLS_VERIFY=false + +GITEA__security__INSTALL_LOCK={{ gitea_install_lock | bool | lower }} +GITEA__security__SECRET_KEY={{ gitea_secret }} +GITEA__security__LOGIN_REMEMBER_DAYS={{ gitea_login_remember_days }} +GITEA__security__MIN_PASSWORD_LENGTH={{ gitea_password_min_lenght }} +GITEA__security__DISABLE_GIT_HOOKS={{ "false" if gitea_git_hooks_enabled | bool else "true" }} +GITEA__security__PASSWORD_COMPLEXITY={{ gitea_password_complexity | join(",") }} +GITEA__security__PASSWORD_HASH_ALGO=pbkdf2 +GITEA__security__INTERNAL_TOKEN={{ gitea_token }} + +GITEA__service__REGISTER_EMAIL_CONFIRM={{ gitea_registration_email_confirm | bool | lower }} +{% if gitea_registration_email_domain_whitelist is defined and gitea_registration_email_domain_whitelist %} +GITEA__service__EMAIL_DOMAIN_WHITELIST= {{ gitea_registration_email_domain_whitelist | join(",") }} +{% endif %} +GITEA__service__DISABLE_REGISTRATION={{ "false" if gitea_registration_enabled | bool else "true" }} +GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION={{ gitea_registration_allow_external_only | bool | lower }} +GITEA__service__REQUIRE_SIGNIN_VIEW=false +{% if gitea_mail_service_enabled | bool %} +GITEA__service__ENABLE_NOTIFY_MAIL=true +{% endif %} +GITEA__service__ENABLE_BASIC_AUTHENTICATION=true +GITEA__service__ALLOW_CROSS_REPOSITORY_DEPENDENCIES=true +GITEA__service__ENABLE_USER_HEATMAP=true +GITEA__service__ENABLE_TIMETRACKING=true +GITEA__service__NO_REPLY_ADDRESS={{ gitea_no_reply_address }} +GITEA__service__SHOW_REGISTRATION_BUTTON={{ gitea_registration_button_enabled | bool | lower }} +GITEA__service__SHOW_MILESTONES_DASHBOARD_PAGE=true +GITEA__service__AUTO_WATCH_NEW_REPOS={{ gitea_repository_auto_watch_on_creation | bool | lower }} +GITEA__service__AUTO_WATCH_ON_CHANGES={{ gitea_repository_auto_watch_on_change | bool | lower }} +GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE={{ gitea_default_keep_email_private | bool | lower }} +GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION={{ gitea_default_org_allow_creation | bool | lower }} +GITEA__service__DEFAULT_ORG_VISIBILITY={{ gitea_default_org_visible }} +GITEA__service__DEFAULT_ORG_MEMBER_VISIBLE={{ gitea_default_org_member_visible | bool | lower }} +GITEA__service__DEFAULT_ENABLE_DEPENDENCIES={{ gitea_default_dependencies_enabled | bool | lower }} +GITEA__service__DEFAULT_ENABLE_TIMETRACKING={{ gitea_default_timetracking_enabled | bool | lower }} +GITEA__service__DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME=true + +{% if gitea_mail_service_enabled | bool %} +GITEA__mailer__ENABLED=true +{% if gitea_mail_subject_prefix is defined and gitea_mail_subject_prefix %} +GITEA__mailer__SUBJECT_PREFIX={{ gitea_mail_subject_prefix }} +{% endif %} +GITEA__mailer__FROM={{ gitea_mail_service_from }} +GITEA__mailer__PROTOCOL=sendmail +GITEA__mailer__SENDMAIL_PATH=/usr/sbin/sendmail +{% else %} +GITEA__mailer__ENABLED=false +{% endif %} + +GITEA__session__PROVIDER={{ gitea_session_provider }} +GITEA__session__PROVIDER_CONFIG={{ gitea_session_provider_config }} +GITEA__session__COOKIE_NAME={{ gitea_session_cookie_name }} +GITEA__session__COOKIE_SECURE={{ gitea_session_cookie_secure | bool | lower }} +GITEA__session__ENABLE_SET_COOKIE={{ gitea_session_enable_set_cookie | bool | lower }} +GITEA__session__GC_INTERVAL_TIME={{ gitea_session_session_life_time }} +GITEA__session__SESSION_LIFE_TIME={{ gitea_session_session_life_time }} + +GITEA__picture__REPOSITORY_AVATAR_FALLBACK=none +GITEA__picture__DISABLE_GRAVATAR={{ "false" if gitea_gravatar_enabled | bool else "true" }} +GITEA__picture__GRAVATAR_SOURCE={{ gitea_gravatar_source }} +GITEA__picture__ENABLE_FEDERATED_AVATAR={{ gitea_avatar_federation_enabled | bool | lower }} + +{% if gitea_attachment_enabled | bool %} +GITEA__attachment__ENABLE=true +GITEA__attachment__ALLOWED_TYPES={{ gitea_attachment_allowed_types | join("|") }} +GITEA__attachment__MAX_SIZE={{ gitea_attachment_max_filesize }} +GITEA__attachment__MAX_FILES={{ gitea_attachment_max_files }} +{% else %} +GITEA__attachment__ENABLE=false +{% endif %} + +GITEA__log__logger_0X2E_xorm_0X2E_MODE= +GITEA__log__logger_0X2E_router_0X2E_MODE= + +#GITEA__log__MODE=file +#GITEA__log__REDIRECT_MACARON_LOG=true +#GITEA__log__MACARON=file +#GITEA__log__ROUTER_LOG_LEVEL=Info +#GITEA__log__logger_0X2E_router_0X2E_MODE=file +#{% raw %} +#GITEA__log__ACCESS_LOG_TEMPLATE={{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}" +#{% endraw %} +#GITEA__log__logger_0X2E_access_0X2E_MODE=file +#GITEA__log__LEVEL={{ gitea_log_level }} +#GITEA__log__STACKTRACE_LEVEL=None + +GITEA__mirror__DEFAULT_INTERVAL={{ gitea_mirror_default_interval }} +GITEA__mirror__MIN_INTERVAL={{ gitea_mirror_min_interval }} + +GITEA__api__ENABLE_SWAGGER={{ gitea_api_swagger_enabled | bool | lower }} +GITEA__api__MAX_RESPONSE_ITEMS=50 +GITEA__api__DEFAULT_PAGING_NUM={{ gitea_api_default_paging_num }} +GITEA__api__DEFAULT_GIT_TREES_PER_PAGE={{ gitea_api_default_git_trees_per_page }} +GITEA__api__DEFAULT_MAX_BLOB_SIZE=10485760 + +{% if gitea_oauth_provider_enabled | bool %} +GITEA__oauth2__ENABLE=true +GITEA__oauth2__ACCESS_TOKEN_EXPIRATION_TIME={{ gitea_access_token_expiration_time }} +GITEA__oauth2__REFRESH_TOKEN_EXPIRATION_TIME={{ gitea_refresh_token_expiration_time }} +GITEA__oauth2__INVALIDATE_REFRESH_TOKENS={{ gitea_invalidate_refresh_tokens | bool | lower }} +GITEA__oauth2__JWT_SIGNING_ALGORITHM={{ gitea_jwt_signing_algorithm }} +GITEA__oauth2__JWT_SECRET={{ gitea_jwt_secret }} +{% else %} +GITEA__oauth2__ENABLE=false +{% endif %} + +GITEA__other__SHOW_FOOTER_BRANDING={{ gitea_footer_show_branding | bool | lower }} +GITEA__other__SHOW_FOOTER_VERSION={{ gitea_footer_show_version | bool | lower }} +GITEA__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME={{ gitea_footer_show_template_load_time | bool | lower }} + +GITEA__metrics__ENABLED={{ gitea_metrics_enabled | bool | lower }} +{% if gitea_metrics_token is defined and gitea_metrics_token %} +GITEA__metrics__TOKEN={{ gitea_metrics_token }} +{% endif %} diff --git a/templates/etc/containers/systemd/gitea.network.j2 b/templates/etc/containers/systemd/gitea.network.j2 new file mode 100644 index 0000000..ecad473 --- /dev/null +++ b/templates/etc/containers/systemd/gitea.network.j2 @@ -0,0 +1,19 @@ +#jinja2: lstrip_blocks: True +{{ ansible_managed | comment }} +[Network] +{% if gitea_network_ipv4_subnet is defined %} +Subnet={{ gitea_network_ipv4_subnet }} +{% endif %} +{% if gitea_network_ipv4_gateway is defined %} +Gateway={{ gitea_network_ipv4_gateway }} +{% endif %} +IPv6={{ gitea_network_ipv6_enabled | bool | lower }} +{% if gitea_network_ipv6_enabled | bool %} +{% if gitea_network_ipv6_subnet is defined %} +Subnet={{ gitea_network_ipv6_subnet }} +{% endif %} +{% if gitea_network_ipv6_gateway is defined %} +Gateway={{ gitea_network_ipv6_gateway }} +{% endif %} +{% endif %} +Label=app=gitea diff --git a/templates/etc/systemd/system/gitea.service.j2 b/templates/etc/systemd/system/gitea.service.j2 deleted file mode 100644 index f9186c4..0000000 --- a/templates/etc/systemd/system/gitea.service.j2 +++ /dev/null @@ -1,20 +0,0 @@ -{{ ansible_managed | comment }} -[Unit] -Description=Gitea (Git with a cup of tea) -After=syslog.target -After=network.target - -[Service] -Type=simple -Environment=USER={{ gitea_user }} -Environment=HOME={{ gitea_user_home }} -Environment=GITEA_WORK_DIR={{ gitea_base_dir }} -User={{ gitea_user }} -Group={{ gitea_group }} -WorkingDirectory={{ gitea_base_dir }} -ExecStart={{ gitea_base_dir }}/gitea-latest web -c {{ gitea_config_dir }}/app.ini -P {{ gitea_run_dir }}/gitea.pid -Restart=on-failure -PrivateTmp=yes - -[Install] -WantedBy=multi-user.target