-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathgitea.yml
195 lines (168 loc) · 7.71 KB
/
gitea.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
---
- hosts: homelab
vars:
application: gitea
docker_network: "{{ networks.pub }}"
tasks:
- name: Create config folder
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ common_user }}"
group: "{{ common_group }}"
mode: "0771"
loop:
- "{{ config_directory }}"
- /var/log/gitea
- name: Create postgres container
ansible.builtin.include_role:
name: postgres
vars:
postgres_version: 17
postgres_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
61343333353734383736653837366562643461333136616136343137343762336361613038343662
3938343633353465303438356335376331663765376435320a343835386261636163356166343361
62656439656431393136616533626265363738313864626464643334373663653166393137396638
3763626466613631310a656366336136653036393139626133613264643938353333663264373665
63383862376364343634656635666261393062363136333239656634663132316233656537343265
3232646432666434363733383764653137633363313234316263
# https://docs.gitea.io/en-us/database-prep/
postgres_initdb_args: '-E "UTF8"'
lc_collate: en_US.UTF-8
lc_ctype: en_US.UTF-8
postgres_host_auth_method: scram-sha-256
- name: Create container
ansible.builtin.include_role:
name: docker_container
vars:
image: gitea/gitea:1.23.1
volumes:
- "{{ config_directory }}/data:/data"
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
env:
USER_UID: "{{ common_user_id | string }}"
USER_GID: "{{ common_group_id | string }}"
# https://docs.gitea.com/next/administration/config-cheat-sheet
GITEA__repository__DEFAULT_BRANCH: "master"
GITEA__repository__FORCE_PRIVATE: "true"
GITEA__repository__DEFAULT_PRIVATE: "true"
GITEA__repository__DISABLED_REPO_UNITS: "repo.ext_issues,repo.wiki,repo.ext_wiki,repo.projects,repo.packages"
GITEA__repository__DEFAULT_REPO_UNITS: "repo.code,repo.pulls,repo.actions"
GITEA__repository__DISABLE_STARS: "true"
GITEA__markdown__ENABLE_MATH: "false"
GITEA__server__DOMAIN: "{{ application }}.{{ common_tld }}"
GITEA__server__ROOT_URL: "https://{{ application }}.{{ common_tld }}"
GITEA__server__OFFLINE_MODE: "true"
GITEA__server__DISABLE_SSH: "true"
GITEA__server__SSH_DOMAIN: "{{ application }}.{{ common_tld }}"
GITEA__server__LFS_START_SERVER: "false"
GITEA__server__MINIMUM_KEY_SIZE_CHECK: "true"
GITEA__server__LANDING_PAGE: "/user/login"
GITEA__database__DB_TYPE: postgres
GITEA__database__HOST: "{{ _postgres_hostname }}:{{ _postgres_port | string }}"
GITEA__database__NAME: "{{ _postgres_database }}"
GITEA__database__USER: "{{ _postgres_username }}"
GITEA__database__PASSWD: "{{ _postgres_password }}"
GITEA__security__INSTALL_LOCK: "true"
GITEA__security__LOGIN_REMEMBER_DAYS: "180"
GITEA__security__DISABLE_QUERY_AUTH_TOKEN: "true"
GITEA__mailer__ENABLED: "true"
GITEA__mailer__PROTOCOL: "smtp+starttls"
GITEA__mailer__SMTP_ADDR: "{{ common_email_server }}"
GITEA__mailer__SMTP_PORT: "{{ common_email_port | string }}"
GITEA__mailer__USER: "{{ common_email_username }}"
GITEA__mailer__PASSWD: "{{ common_email_password }}"
GITEA__mailer__FROM: "{{ application }}{{ common_email_to }}"
GITEA__openid__ENABLE_OPENID_SIGNIN: "false"
GITEA__openid__ENABLE_OPENID_SIGNUP: "true"
GITEA__openid__WHITELISTED_URIS: "{{ oidc_base_url }}"
GITEA__service__DISABLE_REGISTRATION: "true"
GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "true"
GITEA__service__NO_REPLY_ADDRESS: "noreply.{{ application }}"
GITEA__service__SHOW_REGISTRATION_BUTTON: "false"
GITEA__oauth2_client__ENABLE_AUTO_REGISTRATION: "true"
GITEA__oauth2_client__OPENID_CONNECT_SCOPES: "email profile"
GITEA__service__ACTIVE_CODE_LIVE_MINUTES: "5"
GITEA__service__RESET_PASSWD_CODE_LIVE_MINUTES: "5"
GITEA__service__REQUIRE_SIGNIN_VIEW: "true"
GITEA__service__ENABLE_NOTIFY_MAIL: "true"
GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE: "true"
GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION: "false"
GITEA__service__ENABLE_USER_HEATMAP: "false"
GITEA__service__ENABLE_TIMETRACKING: "false"
GITEA__service__DEFAULT_ENABLE_TIMETRACKING: "false"
GITEA__service__AUTO_WATCH_NEW_REPOS: "false"
GITEA__service__AUTO_WATCH_ON_CHANGES: "false"
GITEA__service__DEFAULT_USER_VISIBILITY: "private"
GITEA__service__ALLOWED_USER_VISIBILITY_MODES: "private"
GITEA__service__DEFAULT_ORG_VISIBILITY: "private"
GITEA__service__SHOW_MILESTONES_DASHBOARD_PAGE: "false"
GITEA__service.explore__REQUIRE_SIGNIN_VIEW: "true"
GITEA__service.explore__DISABLE_USERS_PAGE: "true"
GITEA__picture__DISABLE_GRAVATAR: "true"
GITEA__picture__ENABLE_FEDERATED_AVATAR: "false"
GITEA__log__MODE: "console"
GITEA__log__logger.access.MODE: ""
GITEA__log__logger.router.MODE: ""
GITEA__log__logger.xorm.MODE: ""
GITEA__log__MAX_DAYS: "2"
GITEA__api__ENABLE_SWAGGER: "false"
GITEA__oauth2__ENABLED: "true"
GITEA__packages__ENABLED: "false"
GITEA__actions__ENABLED: "true"
GITEA__other__SHOW_FOOTER_VERSION: "false"
GITEA__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME: "false"
GITEA__other__ENABLE_SITEMAP: "false"
GITEA__other__ENABLE_FEED: "false"
traefik:
- port: 3000
homepage:
group: Programming
weight: 100
description: "Git service"
blackbox:
path: /api/healthz
- name: Add OIDC source
community.docker.docker_container_exec:
container: "{{ application }}"
user: 1000
command: >-
gitea admin auth add-oauth
--name {{ oidc_provider | title }}
--provider openidConnect
--key {{ application }}
--secret {{ oidc_auth.gitea.secret }}
--auto-discover-url {{ oidc_discovery_url }}
register: _command_result
failed_when:
- ('Command error' in _command_result.stderr)
- ('login source already exists' not in _command_result.stderr)
changed_when: ('login source already exists' not in _command_result.stderr)
- name: Get OIDC source ID
community.docker.docker_container_exec:
container: "{{ application }}"
user: 1000
command: gitea admin auth list
register: _gitea_auth_sources
failed_when: ('Command error' in _gitea_auth_sources.stderr)
changed_when: false
- name: Set source id
ansible.builtin.set_fact:
_gitea_auth_id: "{{ _gitea_auth_sources.stdout_lines[1] | split('\t') | first }}"
- name: Update OIDC source
community.docker.docker_container_exec:
container: "{{ application }}"
user: 1000
command: >-
gitea admin auth update-oauth
--id {{ _gitea_auth_id }}
--name {{ oidc_provider | title }}
--provider openidConnect
--key {{ application }}
--secret {{ oidc_auth.gitea.secret }}
--auto-discover-url {{ oidc_discovery_url }}
register: _command_result
failed_when: ('Command error' in _command_result.stderr)
changed_when: true # nothing is returned so we'll always assume changed