Merge pull request 'New options in the app.ini template.' (#2 ) from development into main

Reviewed-on: ghost-automation/ds-gitea#2
New options in the app.ini template.
2026-02-15 15:37:27 +01:00 · 2026-02-15 15:29:33 +01:00 · 2026-02-12 07:20:30 +01:00 · 2026-02-12 07:16:52 +01:00 · 2026-02-11 21:43:35 +01:00 · 2026-02-11 21:41:48 +01:00
4 changed files with 64 additions and 49 deletions
--- a/README.org
+++ b/README.org
@@ -1,34 +1,33 @@
-#+TITLE: Gitea Server Installer Role
+#+TITLE: Gitea Server Role
 #+AUTHOR: DeadSwitch | The Silent Architect
 #+OPTIONS: toc:nil num:nil \n:t
-[[https://opensource.org/licenses/MIT][https://img.shields.io/badge/license-MIT-blue.svg]] [[https://img.shields.io/badge/version-3.0.0-green.svg]]
+[[https://opensource.org/licenses/MIT][https://img.shields.io/badge/license-MIT-blue.svg]] [[https://img.shields.io/badge/version-3.0.2-green.svg]]
 * ds-gitea
-This role installs and configures a [[https://docs.gitea.com/][Gitea]] server.
+This role can install and configures a [[https://docs.gitea.com/][Gitea]] server.
-It uses SQLite as its default database service - with optional PostgreSQL support.
+It uses SQLite as its default database service - with optional PostgreSQL support (=ds-posgresql=).
-The role can set up a reverse proxy with SSL using Nginx.
+The role can set up a reverse proxy with SSL using Nginx (=ds-nginx=).
 Self-signed certificates and Let's Encrypt with =certbot= are supported.
- Use the =ds-ufw= role to configure the firewall.
+The =ds-ufw= role can configure the firewall.
- Use the =ds-posgresql= role to configure the database.
+
- Use the =ds-nginx= role to install the proxy server.
+The =ds-act_runner= role can configure and register Actions runners.
 - Use the =ds-act_runner= role to configure and register Actions runners.
 * Role Behavior
 1. Download and install the Gitea binary
 2. (Optionally) Set up the PostgreSQL user and database
-3. Set up the user and group for the service
+3. (Optionally) Set up an =nginx= reverse proxy with SSL support
-4. Create the required directory structure
+4. Create a user and group for the service
-5. Wait for the secret creation and storage in SOPS - if secrets are not present
+5. Create the required directory structure
-6. Deploy the Gitea configuration
+6. Wait to save the secrets in SOPS (only if secrets are not present)
-7. Deploy the Gitea systemd service file
+7. Deploy the Gitea =app.ini= configuration
-8. (Optionally) Set up the reverse proxy with optional SSL
+8. Deploy the Gitea systemd service
-9. Enable and start the service
+9. Enable and start the services
 * Defaults
@@ -37,8 +36,11 @@ gitea_user: git
 gitea_group: git
 gitea_http_port: 3000
 gitea_ssh_port: 22
-gitea_database_server: ''
+gitea_require_signin_view: true
-gitea_reverse_proxy: ''
+gitea_disable_registration: true
 gitea_register_manual_confirm: false
 gitea_enable_captcha: false
 gitea_default_keep_email_private: true
 #+end_src
 * Requirements
@@ -50,11 +52,12 @@ gitea_reverse_proxy: ''
 - ca-certificates
 - (optional) PosgreSQL database
 - (optional) Nginx server
 - (optional) certbot for Let's Encrypt
 * Variables
 | Variable                         | Type    | Comment                                          |
-|----------------------------+---------+----------------------------------------------|
+|----------------------------------+---------+--------------------------------------------------|
 | gitea_user                       | string  | Gitea user                                       |
 | gitea_group                      | string  | Gitea group                                      |
 | gitea_binary_url                 | string  | Download URL of Gitea                            |
@@ -78,6 +81,11 @@ gitea_reverse_proxy: ''
 | gitea_self_signed                | boolean | Generate a self-signed cert and key              |
 | gitea_lets_encrypt               | boolean | Use certbot to configure the SSL                 |
 | gitea_certbot_email              | string  | Email to register the certificates               |
 | gitea_require_signin_view        | boolean | If false, public repos are visible without login |
 | gitea_disable_registration       | boolean | Turn off the user registration feature           |
 | gitea_register_manual_confirm    | boolean | Registration requires admin verification         |
 | gitea_enable_captcha             | boolean | Enable captcha for registration                  |
 | gitea_default_keep_email_private | boolean | Default email policy: private                    |
 * Handlers
@@ -88,7 +96,7 @@ gitea_reverse_proxy: ''
 Always save the production secrets in SOPS, or in Ansible Vault.
-Generate the secrets manually when the playbook stops:
+You can generate the secrets manually when the playbook stops:
 #+begin_src shell
 gitea generate secret INTERNAL_TOKEN
@@ -101,6 +109,8 @@ Then re-run the playbook to finish the installation.
 * Example Playbook
 You can find more playbook examples in the =examples= directory.
 #+begin_src yaml
 - name: Deploy a Gitea server
  hosts: gitea
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,3 +3,8 @@ gitea_user: git
 gitea_group: git
 gitea_http_port: 3000
 gitea_ssh_port: 22
 gitea_require_signin_view: true
 gitea_disable_registration: true
 gitea_register_manual_confirm: false
 gitea_enable_captcha: false
 gitea_default_keep_email_private: true
--- a/examples/lightweight-playbook.yml
+++ b/examples/lightweight-playbook.yml
@@ -19,4 +19,3 @@
        gitea_lfs_jwt_secret: G9bZrRHMhRQ8w4R0KkH2VLnx2rzq81ROQ951IQjlMs4 
        gitea_internal_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3NzA2Mzk1Njh9.ybbaeNLFiLbyvxfj4vkqhXSAXKRGpwvP8jIm9YLPgXw
        gitea_jwt_secret: uJni4x4e0AzpkLYc-t4keRJKOB6EaLzwVsdLeamkFyU
        gitea_db_password: Eegh7Aothooph7pa6eu7eitha_zaim0G
--- a/templates/app.ini.j2
+++ b/templates/app.ini.j2
@@ -50,14 +50,15 @@ ENABLED = false
 [service]
 REGISTER_EMAIL_CONFIRM = false
 ENABLE_NOTIFY_MAIL = false
-DISABLE_REGISTRATION = false
+DISABLE_REGISTRATION = {{ gitea_disable_registration }}
 ALLOW_ONLY_EXTERNAL_REGISTRATION = false
-ENABLE_CAPTCHA = false
+ENABLE_CAPTCHA = {{ gitea_enable_captcha }}
-REQUIRE_SIGNIN_VIEW = false
+REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin_view }}
-DEFAULT_KEEP_EMAIL_PRIVATE = false
+DEFAULT_KEEP_EMAIL_PRIVATE = {{ gitea_default_keep_email_private }}
 DEFAULT_ALLOW_CREATE_ORGANIZATION = true
 DEFAULT_ENABLE_TIMETRACKING = true
 NO_REPLY_ADDRESS = noreply.localhost
 REGISTER_MANUAL_CONFIRM = {{ gitea_register_manual_confirm }}
 [openid]
 ENABLE_OPENID_SIGNIN = false
Author	SHA1	Message	Date
Tom	bfabc38a46	Merge pull request 'New options in the app.ini template.' (#2 ) from development into main Reviewed-on: ghost-automation/ds-gitea#2	2026-02-15 15:37:27 +01:00
DeadSwitch	818626b236	New options in the app.ini template.	2026-02-15 15:29:33 +01:00
Tom	d3927f6c5d	Merge pull request 'Templated registration config.' (#1 ) from development into main Reviewed-on: ghost-automation/ds-gitea#1	2026-02-12 07:20:30 +01:00
DeadSwitch	1120daab40	Templated registration config. Self-registration can be turned off. Admin verification can be set. Guest users' read-only view can be configured.	2026-02-12 07:16:52 +01:00
Tom	e4ea3a420d	Merge pull request 'Added unregistered view.' (#10 ) from development into main Reviewed-on: http://gitea.tomsitcafe.com:3000/iron/ds-gitea/pulls/10	2026-02-11 21:43:35 +01:00
DeadSwitch	14d463a882	Added unregistered view.	2026-02-11 21:41:48 +01:00
DeadSwitch	1816d8a585	Merge pull request 'Readme update and registration admin verification.' (#9 ) from development into main Reviewed-on: http://gitea.tomsitcafe.com:3000/iron/ds-gitea/pulls/9	2026-02-11 17:18:47 +01:00
DeadSwitch	a22b78d585	Registered users must be activated by admin.	2026-02-11 17:07:40 +01:00
DeadSwitch	aafa72a464	Removed the db password from the light example.	2026-02-11 17:07:23 +01:00
DeadSwitch	ae3af7ea83	Major readme update.	2026-02-11 15:17:09 +01:00
DeadSwitch	09e8534569	Merge pull request 'Certbot (Let's Encrypt) support.' (#8 ) from development into main Reviewed-on: http://gitea.tomsitcafe.com:3000/iron/ds-gitea/pulls/8	2026-02-11 13:20:18 +01:00
DeadSwitch	7b0b2e8194	Merge pull request 'Proxy and SSL support' (#7 ) from development into main Reviewed-on: http://gitea.tomsitcafe.com:3000/iron/ds-gitea/pulls/7	2026-02-10 13:52:44 +01:00
DeadSwitch	c8fa7680ca	Merge pull request 'Service file update with the Postgresql service' (#6 ) from development into main Reviewed-on: http://gitea.tomsitcafe.com:3000/iron/ds-gitea/pulls/6	2026-02-10 10:18:17 +01:00
DeadSwitch	0f2c17071c	Merge pull request 'Added the PostgreSQL support to the role.' (#5 ) from development into main Reviewed-on: http://gitea.tomsitcafe.com:3000/iron/ds-gitea/pulls/5	2026-02-09 20:33:58 +01:00
DeadSwitch	d716fefb88	Merge pull request 'Fixed a typo in the readme.' (#3 ) from development into main Reviewed-on: http://gitea.tomsitcafe.com:3000/iron/ds-gitea/pulls/3	2026-02-09 15:44:16 +01:00
DeadSwitch	764883f26d	Gitea development v0.0.1 (#1 ) The first working version is tested against a Debian machine. Reviewed-on: http://gitea.tomsitcafe.com:3000/iron/ds-gitea/pulls/1 Co-authored-by: DeadSwitch <deadswitch404@proton.me> Co-committed-by: DeadSwitch <deadswitch404@proton.me>	2026-02-09 15:08:11 +01:00