1 files changed, 47 insertions, 27 deletions

diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml
index 6892455..acb6f80 100644
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@@ -1,14 +1,5 @@
+---
 gitea:
-  root_url: 'https://gitea.example.com'
-  name: 'Gitea: Git with a cup of tea'
-  webhook_allowed_hosts: '*'
-  require_signing_view: true
-  actions: false
-  ssl:
-    cert: '/etc/ssl/certs/ssl-cert-snakeoil.pem'
-    key: '/etc/ssl/private/ssl-cert-snakeoil.key'
-  version:
-    ver: '1.19.1'
   ldap:
     enable: true
     security: 'starttls'
@@ -23,20 +14,49 @@ gitea:
     firstname_attribute: 'givenName'
     surname_attribute: 'sn'
     email_attribute: 'mail'
-  mysql:
-    host: 'db.example.com:3306'
-    db: ''
-    user: ''
-    passwd: ''
-    ssl: 'true'
-  mail:
-    enable: false
-    smtp_host: ''
-    tls: false
-    skip_verify: false
-    from: ''
-    user: ''
-    pass: ''
-    plain_text: false
-    subject_prefix: ''
-
+  version:
+    ver: '1.21.1'
+  config:
+    APP_NAME: "Gitea: Git with a cup of tea"
+    RUN_USER: git
+    RUN_MODE: prod
+    repository:
+      ROOT: /home/git/gitea-repositories
+    server:
+      APP_DATA_PATH: /var/lib/gitea/data
+      PROTOCOL: https
+      DOMAIN: '{{ ansible_facts.fqdn }}'
+      STATIC_URL_PREFIX:
+      HTTP_ADDR: 0.0.0.0
+      HTTP_PORT: 8443
+      LOCAL_ROOT_URL: "%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/"
+      DISABLE_SSH: false
+      SSH_DOMAIN: "%(DOMAIN)s"
+      SSH_PORT: 22
+      SSH_CREATE_AUTHORIZED_KEYS_FILE: true
+      SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE: true
+      CERT_FILE: '/etc/ssl/certs/ssl-cert-snakeoil.pem'
+      KEY_FILE: '/etc/ssl/certs/ssl-cert-snakeoil.pem'
+      LANDING_PAGE: login
+    database:
+      DB_TYPE: mysql
+      HOST: db.example.com:3306
+      NAME: db
+      USER: dbuser
+      PASSWD: "`dbpass`"
+      SSL_MODE: true
+      CHARSET: utf8mb4
+    security:
+      INSTALL_LOCK: true
+      SECRET_KEY: '{{ sec_key.content }}'
+      INTERNAL_TOKEN: '{{ int_tok.content }}'
+      DISABLE_GIT_HOOKS: true
+    service:
+      DISABLE_REGISTRATION: true
+      REQUIRE_SIGNIN_VIEW: true
+      ENABLE_NOTIFY_MAIL: false
+    webhook:
+      ALLOWED_HOST_LIST: ''
+    oauth2:
+      ENABLE: false
+      JWT_SECRET: '{{ jwt_sec.content }}'