ghost-automation/ds_gitea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Updated the readme for the 3.1.0 release.
All checks were successful
Test the role / test-the-role (push) Successful in 7s
Details

Browse Source
This commit is contained in:
Tom
2026-02-25 10:19:57 +01:00
parent d0245e00b7
commit 53cb178ee8
1 changed files with 45 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
README.org
View File

@@ -2,17 +2,17 @@
#+AUTHOR: DeadSwitch | The Silent Architect #+AUTHOR: DeadSwitch | The Silent Architect
#+OPTIONS: toc:nil num:nil \n:t #+OPTIONS: toc:nil num:nil \n:t
[[https://opensource.org/licenses/MIT][https://img.shields.io/badge/license-MIT-blue.svg]] [[https://img.shields.io/badge/version-3.0.3-green.svg]] [[https://opensource.org/licenses/MIT][https://img.shields.io/badge/license-MIT-blue.svg]] [[https://img.shields.io/badge/version-3.1.0-green.svg]]
* ds_gitea * ds_gitea
This role can install and configures a [[https://docs.gitea.com/][Gitea]] server. This role can install and configures a [[https://docs.gitea.com/][Gitea]] server.
- It uses SQLite as its default database service - with optional PostgreSQL support (=ds-posgresql=). - Defaults to SQLite backend with optional PostgreSQL support (Install it with =ds_posgresql=).
- The role can set up a reverse proxy with SSL using Nginx (=ds-nginx=). - It can set up a reverse proxy with SSL using Nginx (Install it with =ds_nginx=).
- Self-signed certificates and Let's Encrypt with =certbot= are supported. - The role supports self-signed certificates and /Let's Encrypt/ with =certbot=.
- The =ds-ufw= role can configure the firewall. - The =ds_ufw= role can configure the host firewall.
- The =ds-act_runner= role can configure and register Actions runners. - The =ds_act_runner= role can configure and register /Gitea Actions/ runners.
* Role Behavior * Role Behavior
@@ -21,7 +21,7 @@ This role can install and configures a [[https://docs.gitea.com/][Gitea]] server
3. (Optionally) Set up an =nginx= reverse proxy with SSL support 3. (Optionally) Set up an =nginx= reverse proxy with SSL support
4. Create a user and group for the service 4. Create a user and group for the service
5. Create the required directory structure 5. Create the required directory structure
6. Wait to save the secrets in SOPS (only if secrets are not present) 6. Wait for the operator to save the secrets in SOPS or Ansible Vault (only if secrets are not present)
7. Deploy the Gitea =app.ini= configuration 7. Deploy the Gitea =app.ini= configuration
8. Deploy the Gitea systemd service 8. Deploy the Gitea systemd service
9. Enable and start the services 9. Enable and start the services
@@ -58,50 +58,46 @@ gitea_default_keep_email_private: true
* Variables * Variables
| Variable | Type | Comment | | Variable | Type | Comment |
|----------------------------------+---------+--------------------------------------------------| |----------------------------------+---------+---------------------------------------------------------|
| gitea_user | string | Gitea user | | gitea_user | string | Gitea user |
| gitea_group | string | Gitea group | | gitea_group | string | Gitea group |
| gitea_binary_url | string | Download URL of Gitea | | gitea_binary_url | string | Download URL of Gitea |
| gitea_checksum_url | string | Checksum URL of the binary | | gitea_checksum_url | string | Checksum URL of the binary |
| gitea_app_name | string | Gitea server title | | gitea_app_name | string | Gitea server title |
| gitea_ssh_domain | string | SSH domain | | gitea_ssh_domain | string | SSH domain |
| gitea_domain | string | Domain to reach Gitea | | gitea_domain | string | Domain to reach Gitea |
| gitea_http_port | int | HTTP port | | gitea_http_port | int | HTTP port |
| gitea_ssh_port | int | SSH port | | gitea_ssh_port | int | SSH port |
| gitea_work_path | string | Workdir | | gitea_work_path | string | Workdir |
| gitea_app_data_path | string | Application data path | | gitea_app_data_path | string | Application data path |
| gitea_repo_root | string | Repo root path | | gitea_repo_root | string | Repo root path |
| gitea_lfs_path | string | LFS path | | gitea_lfs_path | string | LFS path |
| gitea_log_path | string | Log path | | gitea_log_path | string | Log path |
| gitea_root_url | string | Protocol + FQDN + port | | gitea_root_url | string | Protocol + FQDN + port |
| gitea_lfs_jwt_secret | string | LFS storage secret | | gitea_lfs_jwt_secret | string | LFS storage secret |
| gitea_internal_token | string | Internal token | | gitea_internal_token | string | Internal token |
| gitea_jwt_secret | string | JWT secret | | gitea_jwt_secret | string | JWT secret |
| gitea_database_server | string | DB server - 'postgresql' or empty for sqlite | | gitea_database_server | string | DB server - 'postgresql' or empty for sqlite |
| gitea_db_password | string | PosgreSQL db password (if pgsql is used) | | gitea_db_password | string | PosgreSQL db password (if pgsql is used) |
| gitea_reverse_proxy | string | Reverse proxy to use or not set for no proxy | | gitea_reverse_proxy | string | 'nginx' to set up a reverse proxy or empty for no proxy |
| gitea_enable_https | boolean | Configure HTTPS in the proxy | | gitea_enable_https | boolean | Configure HTTPS in the proxy |
| gitea_ssl_cert | string | SSL certificate | | gitea_ssl_cert | string | Path to the SSL certificate |
| gitea_ssl_key | string | SSL key | | gitea_ssl_key | string | Path to the SSL key |
| gitea_enable_http_redirect | boolean | Redirect HTTP to HTTPS | | gitea_ssl_trusted_certificate | string | Path to the SSL certificate chain |
| gitea_self_signed | boolean | Generate a self-signed cert and key | | gitea_enable_http_redirect | boolean | Redirect HTTP traffic to HTTPS |
| gitea_lets_encrypt | boolean | Use certbot to configure the SSL | | gitea_self_signed | boolean | Generate a self-signed certificate and key |
| gitea_certbot_email | string | Email to register the certificates | | gitea_lets_encrypt | boolean | Use certbot to configure HTTPS |
| gitea_require_signin_view | boolean | If false, public repos are visible without login | | gitea_certbot_email | string | Email to register the certificates |
| gitea_disable_registration | boolean | Turn off the user registration feature | | gitea_require_signin_view | boolean | If false, public repos are visible without login |
| gitea_register_manual_confirm | boolean | Registration requires admin verification | | gitea_disable_registration | boolean | Turn off the user registration feature |
| gitea_enable_captcha | boolean | Enable captcha for registration | | gitea_register_manual_confirm | boolean | Registration requires admin verification |
| gitea_default_keep_email_private | boolean | Default email policy: private | | gitea_enable_captcha | boolean | Enable captcha for registration |
| gitea_default_keep_email_private | boolean | Default email policy: private |
* Handlers
- =Reload_systemd=: It runs a =daemon-reload=
- =Restart_gitea=: It restarts the Gitea service
* Secrets * Secrets
Always save the production secrets in SOPS, or in Ansible Vault. Always save the production secrets in SOPS or in Ansible Vault.
You can generate the secrets manually when the playbook stops: You can generate the secrets manually when the playbook stops:
@@ -110,7 +106,7 @@ gitea generate secret INTERNAL_TOKEN
gitea generate secret JWT_SECRET gitea generate secret JWT_SECRET
#+end_src #+end_src
Use the =JWT_SECRET= command to generate the =gitea_lfs_jwt_secret= as well. It's an alias. Use the =JWT_SECRET= option to generate the =gitea_lfs_jwt_secret= as well.
Then re-run the playbook to finish the installation. Then re-run the playbook to finish the installation.