Add app.ini template for gitea with vars

2022-04-07 22:34:22 +02:00 · 2022-04-07 22:34:22 +02:00 · 1b39e5de29
commit 1b39e5de29
parent 51305f107e
6 changed files with 126 additions and 20 deletions
--- a/playbook.yml
+++ b/playbook.yml
@ -2,6 +2,7 @@
 - hosts: lime2
  roles:
    - role: common
+    - role: mail
    - role: gitea
    - role: 2px
    - role: tunuifranken
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@ -1,4 +1,6 @@
 ---
+- include_vars: vault.yml
+
 - name: Install git
  become: true
  apt:
@ -56,25 +58,14 @@
    state: directory
    owner: root
    group: git
-    mode: 0770
+    mode: 0750
    recurse: false

-# - name: Set permissions for /etc/gitea after installation
-#   become: true
-#   file:
-#     path: /etc/gitea
-#     state: directory
-#     owner: root
-#     group: git
-#     mode: 0750
-#     recurse: false
-#
-# - name: Set permissions for /etc/gitea/app.ini after installation
-#   become: true
-#   file:
-#     path: /etc/gitea/app.ini
-#     state: present
-#     owner: root
-#     group: git
-#     mode: 0640
-#     recurse: false
+- name: Copy /etc/gitea/app.ini
+  become: true
+  template:
+    src: app.ini.j2
+    dest: /etc/gitea/app.ini
+    owner: root
+    group: git
+    mode: 0640
--- a/roles/gitea/templates/app.ini.j2
+++ b/roles/gitea/templates/app.ini.j2
@ -0,0 +1,80 @@
+APP_NAME = {{ ansible_facts['env']['USER'] }}'s git
+#APP_NAME = Gitea: Git with a cup of tea
+RUN_USER = git
+RUN_MODE = prod
+
+[oauth2]
+JWT_SECRET = {{ gitea_jtw_secret }}
+
+[security]
+INTERNAL_TOKEN = {{ gitea_internal_token }}
+INSTALL_LOCK   = true
+SECRET_KEY     = {{ gitea_secret_key }}
+
+[database]
+DB_TYPE  = mysql
+HOST     = 127.0.0.1:3306
+NAME     = {{ name_gitea_db }}
+USER     = {{ user_gitea_db }}
+PASSWD   = {{ pass_gitea_db }}
+SCHEMA   =
+SSL_MODE = disable
+CHARSET  = utf8mb4
+PATH     = /var/lib/gitea/data/gitea.db
+
+[repository]
+ROOT              = /home/git/gitea-repositories
+DISABLE_HTTP_GIT  = false
+DEFAULT_BRANCH    = main
+
+[server]
+PROTOCOL              = http
+DOMAIN                = {{ gitea_domain }}
+HTTP_PORT             = 3000
+ROOT_URL              = https://{{ gitea_domain }}
+SSH_DOMAIN            = {{ gitea_ssh_host }}
+DISABLE_SSH           = false
+SSH_PORT              = {{ gitea_ssh_port }}
+LFS_START_SERVER      = false
+OFFLINE_MODE          = false
+LANDING_PAGE          = explore
+
+[mailer]
+ENABLED = true
+HOST    = {{ mail_host }}
+FROM    = {{ gitea_mail_user }}@{{ mail_domain }}
+USER    = git
+PASSWD  = {{ gitea_mail_pass }}
+
+[service]
+REGISTER_EMAIL_CONFIRM            = false
+ENABLE_NOTIFY_MAIL                = true
+DISABLE_REGISTRATION              = true
+ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+ENABLE_CAPTCHA                    = false
+REQUIRE_SIGNIN_VIEW               = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = true
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING       = true
+NO_REPLY_ADDRESS                  = noreply.localhost
+
+[picture]
+DISABLE_GRAVATAR        = false
+ENABLE_FEDERATED_AVATAR = true
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+
+[session]
+PROVIDER = file
+
+[log]
+MODE      = file
+LEVEL     = info
+ROOT_PATH = /var/lib/gitea/log
+
+[other]
+SHOW_FOOTER_BRANDING = false
+SHOW_FOOTER_VERSION = false
+SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
--- a/roles/gitea/vars/main.yml
+++ b/roles/gitea/vars/main.yml
@ -0,0 +1,9 @@
+---
+gitea_domain: git.tunuifranken.info
+gitea_jtw_secret: "{{ vault_gitea_jtw_secret }}"
+gitea_internal_token: "{{ vault_gitea_internal_token }}"
+gitea_secret_key: "{{ vault_gitea_secret_key }}"
+gitea_ssh_host: tunuifranken.info
+gitea_ssh_port: 22
+gitea_mail_user: git
+gitea_mail_pass: "{{ vault_gitea_mail_pass }}"
--- a/roles/gitea/vars/vault.yml
+++ b/roles/gitea/vars/vault.yml
@ -0,0 +1,22 @@
+$ANSIBLE_VAULT;1.1;AES256
+30373831333463323066386535316537343335663433333965613833333261356266626530346262
+3161363339363565653530643032396564336637313265310a323863303161663562643964316264
+66333365346534343934333436613735383566386439333934303037356263353730623462643930
+6262326261383161340a613464383264383761363933366266623061306539643037313138656561
+31356430376464346462303965343038636664623138663936623334336539376533376664613532
+30326635326631613338373961343362343434623561303961353064316266376631303035343037
+34393734336263636637396232343432663335636531396464623835636264643534633263616332
+63343162633464653336376237366661636265353832373930303834646466663630303766373138
+35656133353138343631393333323338623637353961373330643330373036383966633335306237
+39306534343363326461633431626530333239356364643261353661306637666133323563303731
+65663236653861633866366533353462623666346162353935643135313565356530303838393431
+66393665623737623535316133393633633132653461623735353630386530336466663263616666
+36353733303964383139303430343834346366313637333464366265623161343237373762613661
+33643635306630633465313231653432326439323938666563626437623831353732353437333733
+38396166366337643138643463326432613033336465613764373331303633353261346131656164
+39373561393236393333653966633837653063356663633361393537646666336363633537626431
+33346336323733323564343936393334316565636336373262383833633533326136323033376463
+66303161343862323163333436373038616335343938353264393235306431306635353362626634
+37336664326431303937346234666632393337316237303266666634653132643362623861663034
+36653961306162666633363666633331626532636635656638306132616530326238333338656638
+6361
--- a/roles/mail/vars/main.yml
+++ b/roles/mail/vars/main.yml
@ -0,0 +1,3 @@
+---
+mail_domain: tunuifranken.info
+mail_host: mail.tunuifranken.info