Compare commits
16 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
bfabc38a46 | ||
818626b236
|
|||
|
|
d3927f6c5d | ||
|
1120daab40
|
|||
|
|
e4ea3a420d | ||
|
14d463a882
|
|||
|
|
1816d8a585 | ||
|
a22b78d585
|
|||
|
aafa72a464
|
|||
|
ae3af7ea83
|
|||
|
|
09e8534569 | ||
|
|
7b0b2e8194 | ||
|
|
c8fa7680ca | ||
|
|
0f2c17071c | ||
|
|
d716fefb88 | ||
| 764883f26d |
98
README.org
98
README.org
@@ -1,34 +1,33 @@
|
||||
#+TITLE: Gitea Server Installer Role
|
||||
#+TITLE: Gitea Server Role
|
||||
#+AUTHOR: DeadSwitch | The Silent Architect
|
||||
#+OPTIONS: toc:nil num:nil \n:t
|
||||
|
||||
[[https://opensource.org/licenses/MIT][https://img.shields.io/badge/license-MIT-blue.svg]] [[https://img.shields.io/badge/version-3.0.0-green.svg]]
|
||||
[[https://opensource.org/licenses/MIT][https://img.shields.io/badge/license-MIT-blue.svg]] [[https://img.shields.io/badge/version-3.0.2-green.svg]]
|
||||
|
||||
* ds-gitea
|
||||
|
||||
This role installs and configures a [[https://docs.gitea.com/][Gitea]] server.
|
||||
This role can install and configures a [[https://docs.gitea.com/][Gitea]] server.
|
||||
|
||||
It uses SQLite as its default database service - with optional PostgreSQL support.
|
||||
It uses SQLite as its default database service - with optional PostgreSQL support (=ds-posgresql=).
|
||||
|
||||
The role can set up a reverse proxy with SSL using Nginx.
|
||||
The role can set up a reverse proxy with SSL using Nginx (=ds-nginx=).
|
||||
Self-signed certificates and Let's Encrypt with =certbot= are supported.
|
||||
|
||||
- Use the =ds-ufw= role to configure the firewall.
|
||||
- Use the =ds-posgresql= role to configure the database.
|
||||
- Use the =ds-nginx= role to install the proxy server.
|
||||
- Use the =ds-act_runner= role to configure and register Actions runners.
|
||||
The =ds-ufw= role can configure the firewall.
|
||||
|
||||
The =ds-act_runner= role can configure and register Actions runners.
|
||||
|
||||
* Role Behavior
|
||||
|
||||
1. Download and install the Gitea binary
|
||||
2. (Optionally) Set up the PostgreSQL user and database
|
||||
3. Set up the user and group for the service
|
||||
4. Create the required directory structure
|
||||
5. Wait for the secret creation and storage in SOPS - if secrets are not present
|
||||
6. Deploy the Gitea configuration
|
||||
7. Deploy the Gitea systemd service file
|
||||
8. (Optionally) Set up the reverse proxy with optional SSL
|
||||
9. Enable and start the service
|
||||
3. (Optionally) Set up an =nginx= reverse proxy with SSL support
|
||||
4. Create a user and group for the service
|
||||
5. Create the required directory structure
|
||||
6. Wait to save the secrets in SOPS (only if secrets are not present)
|
||||
7. Deploy the Gitea =app.ini= configuration
|
||||
8. Deploy the Gitea systemd service
|
||||
9. Enable and start the services
|
||||
|
||||
* Defaults
|
||||
|
||||
@@ -37,8 +36,11 @@ gitea_user: git
|
||||
gitea_group: git
|
||||
gitea_http_port: 3000
|
||||
gitea_ssh_port: 22
|
||||
gitea_database_server: ''
|
||||
gitea_reverse_proxy: ''
|
||||
gitea_require_signin_view: true
|
||||
gitea_disable_registration: true
|
||||
gitea_register_manual_confirm: false
|
||||
gitea_enable_captcha: false
|
||||
gitea_default_keep_email_private: true
|
||||
#+end_src
|
||||
|
||||
* Requirements
|
||||
@@ -50,34 +52,40 @@ gitea_reverse_proxy: ''
|
||||
- ca-certificates
|
||||
- (optional) PosgreSQL database
|
||||
- (optional) Nginx server
|
||||
- (optional) certbot for Let's Encrypt
|
||||
|
||||
* Variables
|
||||
|
||||
| Variable | Type | Comment |
|
||||
|----------------------------+---------+----------------------------------------------|
|
||||
| gitea_user | string | Gitea user |
|
||||
| gitea_group | string | Gitea group |
|
||||
| gitea_binary_url | string | Download URL of Gitea |
|
||||
| gitea_checksum_url | string | Checksum URL of the binary |
|
||||
| gitea_app_name | string | Gitea server title |
|
||||
| gitea_ssh_domain | string | SSH domain |
|
||||
| gitea_domain | string | Domain to reach Gitea |
|
||||
| gitea_http_port | int | HTTP port |
|
||||
| gitea_ssh_port | int | SSH port |
|
||||
| gitea_root_url | string | Protocol + FQDN + port |
|
||||
| gitea_lfs_jwt_secret | string | LFS storage secret |
|
||||
| gitea_internal_token | string | Internal token |
|
||||
| gitea_jwt_secret | string | JWT secret |
|
||||
| gitea_database_server | string | DB server - 'postgresql' or empty for sqlite |
|
||||
| gitea_db_password | string | PosgreSQL db password (if pgsql is used) |
|
||||
| gitea_reverse_proxy | string | Reverse proxy to use or not set for no proxy |
|
||||
| gitea_enable_https | boolean | Configure HTTPS in the proxy |
|
||||
| gitea_ssl_cert | string | SSL certificate |
|
||||
| gitea_ssl_key | string | SSL key |
|
||||
| gitea_enable_http_redirect | boolean | Redirect HTTP to HTTPS |
|
||||
| gitea_self_signed | boolean | Generate a self-signed cert and key |
|
||||
| gitea_lets_encrypt | boolean | Use certbot to configure the SSL |
|
||||
| gitea_certbot_email | string | Email to register the certificates |
|
||||
| Variable | Type | Comment |
|
||||
|----------------------------------+---------+--------------------------------------------------|
|
||||
| gitea_user | string | Gitea user |
|
||||
| gitea_group | string | Gitea group |
|
||||
| gitea_binary_url | string | Download URL of Gitea |
|
||||
| gitea_checksum_url | string | Checksum URL of the binary |
|
||||
| gitea_app_name | string | Gitea server title |
|
||||
| gitea_ssh_domain | string | SSH domain |
|
||||
| gitea_domain | string | Domain to reach Gitea |
|
||||
| gitea_http_port | int | HTTP port |
|
||||
| gitea_ssh_port | int | SSH port |
|
||||
| gitea_root_url | string | Protocol + FQDN + port |
|
||||
| gitea_lfs_jwt_secret | string | LFS storage secret |
|
||||
| gitea_internal_token | string | Internal token |
|
||||
| gitea_jwt_secret | string | JWT secret |
|
||||
| gitea_database_server | string | DB server - 'postgresql' or empty for sqlite |
|
||||
| gitea_db_password | string | PosgreSQL db password (if pgsql is used) |
|
||||
| gitea_reverse_proxy | string | Reverse proxy to use or not set for no proxy |
|
||||
| gitea_enable_https | boolean | Configure HTTPS in the proxy |
|
||||
| gitea_ssl_cert | string | SSL certificate |
|
||||
| gitea_ssl_key | string | SSL key |
|
||||
| gitea_enable_http_redirect | boolean | Redirect HTTP to HTTPS |
|
||||
| gitea_self_signed | boolean | Generate a self-signed cert and key |
|
||||
| gitea_lets_encrypt | boolean | Use certbot to configure the SSL |
|
||||
| gitea_certbot_email | string | Email to register the certificates |
|
||||
| gitea_require_signin_view | boolean | If false, public repos are visible without login |
|
||||
| gitea_disable_registration | boolean | Turn off the user registration feature |
|
||||
| gitea_register_manual_confirm | boolean | Registration requires admin verification |
|
||||
| gitea_enable_captcha | boolean | Enable captcha for registration |
|
||||
| gitea_default_keep_email_private | boolean | Default email policy: private |
|
||||
|
||||
* Handlers
|
||||
|
||||
@@ -88,7 +96,7 @@ gitea_reverse_proxy: ''
|
||||
|
||||
Always save the production secrets in SOPS, or in Ansible Vault.
|
||||
|
||||
Generate the secrets manually when the playbook stops:
|
||||
You can generate the secrets manually when the playbook stops:
|
||||
|
||||
#+begin_src shell
|
||||
gitea generate secret INTERNAL_TOKEN
|
||||
@@ -101,6 +109,8 @@ Then re-run the playbook to finish the installation.
|
||||
|
||||
* Example Playbook
|
||||
|
||||
You can find more playbook examples in the =examples= directory.
|
||||
|
||||
#+begin_src yaml
|
||||
- name: Deploy a Gitea server
|
||||
hosts: gitea
|
||||
|
||||
@@ -3,3 +3,8 @@ gitea_user: git
|
||||
gitea_group: git
|
||||
gitea_http_port: 3000
|
||||
gitea_ssh_port: 22
|
||||
gitea_require_signin_view: true
|
||||
gitea_disable_registration: true
|
||||
gitea_register_manual_confirm: false
|
||||
gitea_enable_captcha: false
|
||||
gitea_default_keep_email_private: true
|
||||
|
||||
@@ -19,4 +19,3 @@
|
||||
gitea_lfs_jwt_secret: G9bZrRHMhRQ8w4R0KkH2VLnx2rzq81ROQ951IQjlMs4
|
||||
gitea_internal_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3NzA2Mzk1Njh9.ybbaeNLFiLbyvxfj4vkqhXSAXKRGpwvP8jIm9YLPgXw
|
||||
gitea_jwt_secret: uJni4x4e0AzpkLYc-t4keRJKOB6EaLzwVsdLeamkFyU
|
||||
gitea_db_password: Eegh7Aothooph7pa6eu7eitha_zaim0G
|
||||
|
||||
@@ -50,14 +50,15 @@ ENABLED = false
|
||||
[service]
|
||||
REGISTER_EMAIL_CONFIRM = false
|
||||
ENABLE_NOTIFY_MAIL = false
|
||||
DISABLE_REGISTRATION = false
|
||||
DISABLE_REGISTRATION = {{ gitea_disable_registration }}
|
||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
|
||||
ENABLE_CAPTCHA = false
|
||||
REQUIRE_SIGNIN_VIEW = false
|
||||
DEFAULT_KEEP_EMAIL_PRIVATE = false
|
||||
ENABLE_CAPTCHA = {{ gitea_enable_captcha }}
|
||||
REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin_view }}
|
||||
DEFAULT_KEEP_EMAIL_PRIVATE = {{ gitea_default_keep_email_private }}
|
||||
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
|
||||
DEFAULT_ENABLE_TIMETRACKING = true
|
||||
NO_REPLY_ADDRESS = noreply.localhost
|
||||
REGISTER_MANUAL_CONFIRM = {{ gitea_register_manual_confirm }}
|
||||
|
||||
[openid]
|
||||
ENABLE_OPENID_SIGNIN = false
|
||||
|
||||
Reference in New Issue
Block a user