From 95d696a55a43f38f8aa4bd8a38d448bcc593da76 Mon Sep 17 00:00:00 2001 From: Jonas Gunz Date: Thu, 4 Jan 2024 22:38:36 +0100 Subject: refactor gitea --- roles/gitea/Readme.md | 76 +++++++++++++++++++++++++++++++++++---------------- 1 file changed, 52 insertions(+), 24 deletions(-) (limited to 'roles/gitea/Readme.md') diff --git a/roles/gitea/Readme.md b/roles/gitea/Readme.md index 56edd0a..c306d1b 100644 --- a/roles/gitea/Readme.md +++ b/roles/gitea/Readme.md @@ -1,13 +1,12 @@ # kompetenzbolzen.stuff.gitea -``` +normal gitea `app.ini` config parameters can be passed under `config.` + +Available vars: `jwt_sec.content`, `int_tok.content`, `sec_key.content` + +```yaml +--- gitea: - root_url: 'https://gitea.example.com' - ssl: - cert: '/etc/ssl/certs/ssl-cert-snakeoil.pem' - key: '/etc/ssl/private/ssl-cert-snakeoil.key' - version: - ver: '1.15.3' ldap: enable: true security: 'starttls' @@ -22,21 +21,50 @@ gitea: firstname_attribute: 'givenName' surname_attribute: 'sn' email_attribute: 'mail' - mysql: - host: 'db.example.com:3306' - db: '' - user: '' - passwd: '' - ssl: 'true' - mail: - enable: false - smtp_host: '' - tls: false - skip_verify: false - from: '' - user: '' - pass: '' - plain_text: false - subject_prefix: '' - + version: + ver: '1.21.1' + config: + APP_NAME: "Gitea: Git with a cup of tea" + RUN_USER: git + RUN_MODE: prod + repository: + ROOT: /home/git/gitea-repositories + server: + APP_DATA_PATH: /var/lib/gitea/data + PROTOCOL: https + DOMAIN: '{{ ansible_facts.fqdn }}' + STATIC_URL_PREFIX: + HTTP_ADDR: 0.0.0.0 + HTTP_PORT: 8443 + LOCAL_ROOT_URL: "%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/" + DISABLE_SSH: false + SSH_DOMAIN: "%(DOMAIN)s" + SSH_PORT: 22 + SSH_CREATE_AUTHORIZED_KEYS_FILE: true + SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE: true + CERT_FILE: '/etc/ssl/certs/ssl-cert-snakeoil.pem' + KEY_FILE: '/etc/ssl/certs/ssl-cert-snakeoil.pem' + LANDING_PAGE: login + database: + DB_TYPE: mysql + HOST: db.example.com:3306 + NAME: db + USER: dbuser + PASSWD: "`dbpass`" + SSL_MODE: true + CHARSET: utf8mb4 + security: + INSTALL_LOCK: true + SECRET_KEY: '{{ sec_key.content }}' + INTERNAL_TOKEN: '{{ int_tok.content }}' + DISABLE_GIT_HOOKS: true + service: + DISABLE_REGISTRATION: true + REQUIRE_SIGNIN_VIEW: true + ENABLE_NOTIFY_MAIL: false + webhook: + ALLOWED_HOST_LIST: '' + oauth2: + ENABLE: false + JWT_SECRET: '{{ jwt_sec.content }}' ``` -- cgit v1.2.3