diff --git a/defaults/main.yml b/defaults/main.yml index 0e76e2a..52b86ad 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -8,7 +8,7 @@ gitea_extra_groups: [] gitea_packages: - git -# Create separate LVM storage for gitea +## Create separate LVM storage for gitea gitea_lvm_enabled: False # This variables are only necessary if gitea_lvm_enabled is 'True' # Set physical volumes to use in LVM @@ -28,6 +28,7 @@ gitea_bind_port: 61000 gitea_listen_address: http://gitea.example.com gitea_install_lock: true +## Change this to a unique string gitea_secret: "1234567ABCDEFG" gitea_token: "akslkaldasasifiuvsiasfa7s7f8as7f8asd" gitea_run_mode: prod @@ -90,6 +91,15 @@ gitea_attachment_max_files: 5 gitea_mail_service_enabled: False gitea_mail_service_from: '"System" ' +gitea_no_reply_address: noreply.example.org + +gitea_oauth_provider_enabled: False +gitea_access_token_expiration_time: 3600 +gitea_refresh_token_expiration_time: 730 +gitea_invalidate_refresh_tokens: False +## OAuth2 authentication secret for access and refresh tokens +## Change this to a unique string +gitea_jwt_secret: Bk0yK7Y9g_p56v86KaHqjSbxvNvu3SbKoOdOt2ZcXvU gitea_tls_enabled: False gitea_tls_cert_path: "{{ gitea_base_dir }}/tls/certs/mycert.pem" diff --git a/tasks/install.yml b/tasks/install.yml index a5f38fa..ec8ef6e 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -65,6 +65,6 @@ with_items: "{{ gitea_open_ports }}" loop_control: label: "{{ item.name }}" - when: gitea_iptables_enabled + when: gitea_iptables_enabled | bool become: True become_user: root diff --git a/tasks/main.yml b/tasks/main.yml index e47458a..9a4add8 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,9 +1,9 @@ --- - include_tasks: prepare.yml - import_tasks: storage.yml - when: gitea_lvm_enabled + when: gitea_lvm_enabled | bool - include_tasks: install.yml - import_tasks: tls.yml - when: gitea_tls_enabled + when: gitea_tls_enabled | bool tags: tls_renewal - include_tasks: post_tasks.yml diff --git a/templates/custom/conf/app.ini.j2 b/templates/custom/conf/app.ini.j2 index 72f8907..eee24fd 100644 --- a/templates/custom/conf/app.ini.j2 +++ b/templates/custom/conf/app.ini.j2 @@ -1,16 +1,24 @@ #jinja2: lstrip_blocks: True -; {{ ansible_managed }} +{{ ansible_managed | comment }} + APP_NAME = Gitea: Git with a cup of tea RUN_USER = {{ gitea_user }} RUN_MODE = {{ gitea_run_mode }} [repository] -ROOT = {{ gitea_data_dir }}/repos -SCRIPT_TYPE = bash -FORCE_PRIVATE = false -DEFAULT_PRIVATE = last -DISABLE_HTTP_GIT = false -PREFERRED_LICENSES = MIT License +ROOT = {{ gitea_data_dir }}/repos +SCRIPT_TYPE = bash +ANSI_CHARSET = +FORCE_PRIVATE = false +DEFAULT_PRIVATE = public +MAX_CREATION_LIMIT = -1 +MIRROR_QUEUE_LENGTH = 1000 +PULL_REQUEST_QUEUE_LENGTH = 1000 +DISABLE_HTTP_GIT = false +PREFERRED_LICENSES = MIT License +ACCESS_CONTROL_ALLOW_ORIGIN = +USE_COMPAT_SSH_URI = false +DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = false [repository.editor] LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd, @@ -18,51 +26,49 @@ PREVIEWABLE_FILE_MODES = markdown [repository.local] LOCAL_COPY_PATH = tmp/local-repo +LOCAL_WIKI_PATH = tmp/local-wiki [repository.upload] ENABLED = true TEMP_PATH = tmp/uploads +ALLOWED_TYPES = FILE_MAX_SIZE = {{ gitea_repository_upload_max_filesize }} MAX_FILES = {{ gitea_repository_upload_max_files }} [repository.pull-request] WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP] -[attachment] -ENABLE = true -PATH = data/attachments -ALLOWED_TYPES = */* -MAX_SIZE = {{ gitea_attachment_max_filesize }} -MAX_FILES = {{ gitea_attachment_max_files }} +[repository.issue] +LOCK_REASONS = Too heated,Off-topic,Resolved,Spam [ui] -EXPLORE_PAGING_NUM = 20 -ISSUE_PAGING_NUM = 10 -FEED_MAX_COMMIT_NUM = 5 -MAX_DISPLAY_FILE_SIZE = 8388608 -SHOW_USER_EMAIL = true -GRAPH_MAX_COMMIT_NUM = 100 -CODE_COMMENT_LINES = 4 -DEFAULT_THEME = gitea -ENABLE_CAPTCHA = false -ENABLE_TIMETRACKING = true +EXPLORE_PAGING_NUM = 20 +ISSUE_PAGING_NUM = 10 +FEED_MAX_COMMIT_NUM = 5 +MAX_DISPLAY_FILE_SIZE = 8388608 +SHOW_USER_EMAIL = true +GRAPH_MAX_COMMIT_NUM = 100 +CODE_COMMENT_LINES = 4 +DEFAULT_THEME = gitea +DEFAULT_SHOW_FULL_NAME = false [ui.admin] USER_PAGING_NUM = 50 REPO_PAGING_NUM = 50 NOTICE_PAGING_NUM = 25 ORG_PAGING_NUM = 50 -ENABLE_PPROF = false [ui.user] REPO_PAGING_NUM = 15 -[api] -ENABLE_SWAGGER = true -MAX_RESPONSE_ITEMS = 50 +[ui.meta] +AUTHOR = Gitea - Git with a cup of tea +DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go +KEYWORDS = go,git,self-hosted,gitea [markdown] ENABLE_HARD_LINE_BREAK = false +CUSTOM_URL_SCHEMES = FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd [server] @@ -71,55 +77,82 @@ DOMAIN = {{ gitea_listen_address | urlsplit('hostname') }} ROOT_URL = {{ gitea_listen_address | urlsplit('scheme') }}://%(DOMAIN)s/ HTTP_ADDR = {{ gitea_bind_ip }} HTTP_PORT = {{ gitea_bind_port }} +REDIRECT_OTHER_PORT = false {% if gitea_tls_enabled %} -CERT_FILE = {{ gitea_tls_cert_path }} -KEY_FILE = {{ gitea_tls_key_path }} +CERT_FILE = {{ gitea_tls_cert_path }} +KEY_FILE = {{ gitea_tls_key_path }} {% endif %} UNIX_SOCKET_PERMISSION = 666 LANDING_PAGE = {{ gitea_landing_page }} START_SSH_SERVER = false +MINIMUM_KEY_SIZE_CHECK = true +OFFLINE_MODE = false +ENABLE_PPROF = false [ssh.minimum_key_sizes] ED25519 = 256 ECDSA = 256 RSA = 2048 -DSA = 1024 [database] {% if gitea_postgres_enabled %} -DB_TYPE = postgres -HOST = {{ gitea_postgres_server }}:{{ gitea_postgres_port }} -NAME = {{ gitea_postgres_db.name }} -USER = {{ gitea_postgres_user.name }} -PASSWD = {{ gitea_postgres_user.password }} -SSL_MODE = {{ gitea_postgres_ssl_mode }} +DB_TYPE = postgres +HOST = {{ gitea_postgres_server }}:{{ gitea_postgres_port }} +NAME = {{ gitea_postgres_db.name }} +USER = {{ gitea_postgres_user.name }} +PASSWD = {{ gitea_postgres_user.password }} +SSL_MODE = {{ gitea_postgres_ssl_mode }} +{% else %} +DB_TYPE = sqlite3 +PATH = {{ gitea_data_dir }}/gitea.db +SQLITE_TIMEOUT = 500 {% endif %} +ITERATE_BUFFER_SIZE = 50 +LOG_SQL = true +DB_RETRIES = 10 +DB_RETRY_BACKOFF = 3s [indexer] -ISSUE_INDEXER_PATH = {{ gitea_data_dir }}/indexers/issues.bleve -REPO_INDEXER_PATH = {{ gitea_data_dir }}/indexers/repos.bleve -REPO_INDEXER_ENABLED = true +ISSUE_INDEXER_TYPE = bleve +ISSUE_INDEXER_QUEUE_TYPE = levelqueue +ISSUE_INDEXER_PATH = {{ gitea_data_dir }}/indexers/issues.bleve +REPO_INDEXER_PATH = {{ gitea_data_dir }}/indexers/repos.bleve +ISSUE_INDEXER_QUEUE_DIR = {{ gitea_data_dir }}/issues.queue +REPO_INDEXER_ENABLED = true + +[admin] +DISABLE_REGULAR_ORG_CREATION = false [security] -INSTALL_LOCK = {{ gitea_install_lock }} -SECRET_KEY = {{ gitea_secret }} -INTERNAL_TOKEN = {{ gitea_token }} -MIN_PASSWORD_LENGTH = 8 -DISABLE_GIT_HOOKS = false +INSTALL_LOCK = {{ gitea_install_lock }} +SECRET_KEY = {{ gitea_secret }} +LOGIN_REMEMBER_DAYS = 7 +COOKIE_USERNAME = gitea_awesome +COOKIE_REMEMBER_NAME = gitea_incredible +INTERNAL_TOKEN = {{ gitea_token }} +MIN_PASSWORD_LENGTH = 8 +DISABLE_GIT_HOOKS = false [service] DISABLE_REGISTRATION = {{ gitea_disable_registration }} -DEFAULT_KEEP_EMAIL_PRIVATE = false -ENABLE_TIMETRACKING = true {% if gitea_mail_service_enabled %} ENABLE_NOTIFY_MAIL = true +{% endif %} ENABLE_USER_HEATMAP = true +ENABLE_CAPTCHA = false +ENABLE_TIMETRACKING = true +AUTO_WATCH_NEW_REPOS = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +NO_REPLY_ADDRESS = "{{ gitea_no_reply_address }}" +{% if gitea_mail_service_enabled %} [mailer] ENABLED = true +SUBJECT = %(APP_NAME)s FROM = {{ gitea_mail_service_from }} -USE_SENDMAIL = true +MAILER_TYPE = sendmail SENDMAIL_PATH = /usr/sbin/sendmail +SENDMAIL_ARGS = {% else %} [mailer] ENABLED = false @@ -130,11 +163,19 @@ AVATAR_UPLOAD_PATH = {{ gitea_data_dir }}/avatars DISABLE_GRAVATAR = true ENABLE_FEDERATED_AVATAR = false +[attachment] +ENABLE = true +PATH = {{ gitea_data_dir }}/attachments +ALLOWED_TYPES = */* +MAX_SIZE = {{ gitea_attachment_max_filesize }} +MAX_FILES = {{ gitea_attachment_max_files }} + [log] -ROOT_PATH = {{ gitea_global_log_dir }} -MODE = file -BUFFER_LEN = 10000 -LEVEL = {{ gitea_global_log_level }} +ROOT_PATH = {{ gitea_global_log_dir }} +MODE = file +BUFFER_LEN = 10000 +LEVEL = {{ gitea_global_log_level }} +REDIRECT_MACARON_LOG = false [log.file] LEVEL = {{ gitea_file_log_level }} @@ -169,6 +210,12 @@ RUN_AT_START = true SCHEDULE = @every 24h UPDATE_EXISTING = true +[api] +ENABLE_SWAGGER = true +MAX_RESPONSE_ITEMS = 50 +DEFAULT_PAGING_NUM = 30 +DEFAULT_GIT_TREES_PER_PAGE = 1000 + [other] SHOW_FOOTER_BRANDING = false SHOW_FOOTER_VERSION = false @@ -177,3 +224,15 @@ SHOW_FOOTER_TEMPLATE_LOAD_TIME = false [metrics] ENABLED = false TOKEN = + +{% if gitea_oauth_provider_enabled %} +[oauth2] +ENABLE = true +ACCESS_TOKEN_EXPIRATION_TIME = {{ gitea_access_token_expiration_time }} +REFRESH_TOKEN_EXPIRATION_TIME = {{ gitea_refresh_token_expiration_time }} +INVALIDATE_REFRESH_TOKENS = {{ gitea_invalidate_refresh_tokens | lower }} +JWT_SECRET = {{ gitea_jwt_secret }} +{% else %} +[oauth2] +ENABLE = false +{% endif %}