From 95d696a55a43f38f8aa4bd8a38d448bcc593da76 Mon Sep 17 00:00:00 2001 From: Jonas Gunz Date: Thu, 4 Jan 2024 22:38:36 +0100 Subject: refactor gitea --- roles/gitea/defaults/main.yml | 74 +++++++++++++++++++++++++++---------------- 1 file changed, 47 insertions(+), 27 deletions(-) (limited to 'roles/gitea/defaults/main.yml') diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 6892455..acb6f80 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -1,14 +1,5 @@ +--- gitea: - root_url: 'https://gitea.example.com' - name: 'Gitea: Git with a cup of tea' - webhook_allowed_hosts: '*' - require_signing_view: true - actions: false - ssl: - cert: '/etc/ssl/certs/ssl-cert-snakeoil.pem' - key: '/etc/ssl/private/ssl-cert-snakeoil.key' - version: - ver: '1.19.1' ldap: enable: true security: 'starttls' @@ -23,20 +14,49 @@ gitea: firstname_attribute: 'givenName' surname_attribute: 'sn' email_attribute: 'mail' - mysql: - host: 'db.example.com:3306' - db: '' - user: '' - passwd: '' - ssl: 'true' - mail: - enable: false - smtp_host: '' - tls: false - skip_verify: false - from: '' - user: '' - pass: '' - plain_text: false - subject_prefix: '' - + version: + ver: '1.21.1' + config: + APP_NAME: "Gitea: Git with a cup of tea" + RUN_USER: git + RUN_MODE: prod + repository: + ROOT: /home/git/gitea-repositories + server: + APP_DATA_PATH: /var/lib/gitea/data + PROTOCOL: https + DOMAIN: '{{ ansible_facts.fqdn }}' + STATIC_URL_PREFIX: + HTTP_ADDR: 0.0.0.0 + HTTP_PORT: 8443 + LOCAL_ROOT_URL: "%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/" + DISABLE_SSH: false + SSH_DOMAIN: "%(DOMAIN)s" + SSH_PORT: 22 + SSH_CREATE_AUTHORIZED_KEYS_FILE: true + SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE: true + CERT_FILE: '/etc/ssl/certs/ssl-cert-snakeoil.pem' + KEY_FILE: '/etc/ssl/certs/ssl-cert-snakeoil.pem' + LANDING_PAGE: login + database: + DB_TYPE: mysql + HOST: db.example.com:3306 + NAME: db + USER: dbuser + PASSWD: "`dbpass`" + SSL_MODE: true + CHARSET: utf8mb4 + security: + INSTALL_LOCK: true + SECRET_KEY: '{{ sec_key.content }}' + INTERNAL_TOKEN: '{{ int_tok.content }}' + DISABLE_GIT_HOOKS: true + service: + DISABLE_REGISTRATION: true + REQUIRE_SIGNIN_VIEW: true + ENABLE_NOTIFY_MAIL: false + webhook: + ALLOWED_HOST_LIST: '' + oauth2: + ENABLE: false + JWT_SECRET: '{{ jwt_sec.content }}' -- cgit v1.2.3