lavenderguiar
3 years ago
11 changed files with 376 additions and 0 deletions
@ -0,0 +1,45 @@ |
|||
--- |
|||
gitea__version: '1.15.6' |
|||
gitea__checksum: '1b7473b5993e07b33fec58edbc1a90f15f040759ca4647e97317c33d5dfe58be' |
|||
|
|||
gitea__user: gitea |
|||
gitea__group: gitea |
|||
|
|||
# If no database installed, default to postgresql here. Otherwise set to false. |
|||
gitea__install_and_prepare_postgres: true |
|||
postgresql__version: '12' |
|||
|
|||
gitea__internal_token: 'qwerwertertyrtyu' # Random 48 character string (or acquire after initial installation). |
|||
gitea__secret_key: 'qwerwertertyrtyu' # Random password string. |
|||
gitea__lfs_jwt_secret: 'qwerwertertyrtyu' # Random password string. |
|||
|
|||
gitea__postgres_username: gitea |
|||
gitea__postgres_db_name: giteadb |
|||
gitea__postgres_db_password: qwerwertertyrtyu # Default. Change and encrypt using ansible-vault. |
|||
|
|||
# Gitea Settings |
|||
gitea__name: gitea # App name |
|||
gitea__repo_dir: /home/{{ gitea__user }}/gitea-repositories # Directory where Gitea stores repos. |
|||
gitea__install_lock: 'true' # Lock the installation page. |
|||
gitea__domain_name: git.example.com # FQDN of page to serve Gitea |
|||
gitea__ssh_port: 8822 # SSH port for Gitea to use (set sshd configs appropriately) |
|||
gitea__disable_registration: 'true' # Disable registration (Leave false until after initial install and admin creation). |
|||
gitea__http_port: 3000 |
|||
gitea__disable_ssh: 'false' |
|||
gitea__email_confirm_registration: 'false' |
|||
gitea__enable_notify_mail: 'true' |
|||
gitea__enable_captcha: 'true' |
|||
gitea__keep_email_private: 'true' |
|||
gitea__allow_org_creation: 'true' |
|||
gitea__no_reply_address: noreply.{{ gitea__domain_name }} |
|||
|
|||
gitea__log_path: /var/lib/gitea/log |
|||
gitea__log_rotate_retention: '3' # Number of days to keep log files. |
|||
|
|||
gitea__dependent_directories: |
|||
- { path: /var/lib/gitea/custom, owner: root, group: root, mode: 755} |
|||
- { path: /var/lib/gitea/public, owner: root, group: root, mode: 755} |
|||
- { path: /var/lib/gitea/data, owner: "{{ gitea__user }}", group: "{{ gitea__group }}", mode: 750} |
|||
- { path: /var/lib/gitea/indexers, owner: "{{ gitea__user }}", group: "{{ gitea__group }}", mode: 750} |
|||
- { path: /var/lib/gitea/log, owner: "{{ gitea__user }}", group: "{{ gitea__group }}", mode: 750} |
|||
- { path: /etc/gitea, owner: root, group: "{{ gitea__group }}", mode: 770} |
@ -0,0 +1,23 @@ |
|||
--- |
|||
- name: Reload daemon |
|||
systemd: |
|||
daemon_reload: true |
|||
become: yes |
|||
|
|||
- name: Restart gitea |
|||
systemd: |
|||
name: gitea |
|||
state: restarted |
|||
become: yes |
|||
|
|||
- name: Restart postgres |
|||
systemd: |
|||
name: postgresql |
|||
state: restarted |
|||
become: yes |
|||
|
|||
- name: Restart fail2ban |
|||
systemd: |
|||
name: fail2ban |
|||
state: restarted |
|||
become: yes |
@ -0,0 +1,45 @@ |
|||
--- |
|||
# - name: gitea | configure | daemonize gitea |
|||
# template: |
|||
# src: "etc/systemd/system/gitea.service.j2" |
|||
# dest: "/etc/systemd/system/gitea.service" |
|||
# owner: root |
|||
# group: root |
|||
# mode: 0644 |
|||
# become: yes |
|||
# notify: |
|||
# - Reload daemon |
|||
|
|||
# - name: gitea | configure | write gitea app.ini |
|||
# template: |
|||
# src: "etc/gitea/app.ini.j2" |
|||
# dest: "/etc/gitea/app.ini" |
|||
# owner: root |
|||
# group: "{{ gitea__group }}" |
|||
# mode: 0770 |
|||
# become: yes |
|||
# notify: |
|||
# - Restart gitea |
|||
|
|||
# - name: gitea | configure | write fail2ban filter config |
|||
# template: |
|||
# src: "etc/fail2ban/filter.d/gitea.conf.j2" |
|||
# dest: "/etc/fail2ban/filter.d/gitea.conf" |
|||
# become: yes |
|||
# notify: |
|||
# - Restart fail2ban |
|||
|
|||
# - name: gitea | configure | write fail2ban jail config |
|||
# template: |
|||
# src: "etc/fail2ban/jail.d/gitea.conf.j2" |
|||
# dest: "/etc/fail2ban/jail.d/gitea.conf" |
|||
# become: yes |
|||
# notify: |
|||
# - Restart fail2ban |
|||
|
|||
- name: gitea | configure | write Gitea logrotate config |
|||
template: |
|||
src: "etc/logrotate.d/gitea.j2" |
|||
dest: "/etc/logrotate.d/gitea" |
|||
mode: 0644 |
|||
become: yes |
@ -0,0 +1,58 @@ |
|||
--- |
|||
- include_tasks: postgres.yml |
|||
when: gitea__install_and_prepare_postgres == true |
|||
|
|||
- name: gitea | install | ensure package dependencies are installed |
|||
apt: |
|||
name: "{{ item }}" |
|||
state: present |
|||
update_cache: yes |
|||
loop: |
|||
- git |
|||
- gnupg2 |
|||
- xz-utils |
|||
- fail2ban |
|||
become: yes |
|||
|
|||
- name: gitea | install | Ensure gitea group exists |
|||
group: |
|||
name: "{{ gitea__group }}" |
|||
state: present |
|||
become: yes |
|||
|
|||
- name: gitea | install | Add gitea user |
|||
user: |
|||
name: "{{ gitea__user }}" |
|||
group: "{{ gitea__group }}" |
|||
state: present |
|||
create_home: yes |
|||
shell: /bin/bash |
|||
become: yes |
|||
|
|||
- name: gitea | install | ensure gitea config directories exist before install |
|||
file: |
|||
path: "{{ item.path }}" |
|||
owner: "{{ item.owner }}" |
|||
group: "{{ item.group }}" |
|||
mode: "{{ item.mode }}" |
|||
state: directory |
|||
with_items: "{{ gitea__dependent_directories }}" |
|||
become: yes |
|||
|
|||
- name: gitea | install | retrieve checksum |
|||
get_url: |
|||
url: "https://dl.gitea.io/gitea/{{ gitea__version }}/gitea-{{ gitea__version }}-linux-amd64.sha256" |
|||
dest: "/tmp/" |
|||
become: yes |
|||
|
|||
- name: gitea | install | register checksum |
|||
shell: cat /tmp/gitea-1.15.6-linux-amd64.sha256 |
|||
register: gitea__checksum |
|||
|
|||
- name: gitea | install | download gitea |
|||
get_url: |
|||
url: https://dl.gitea.io/gitea/{{ gitea__version }}/gitea-{{ gitea__version }}-linux-amd64 |
|||
dest: "/usr/local/bin/gitea" |
|||
mode: +x |
|||
checksum: "sha256:{{ gitea__checksum }}" |
|||
become: yes |
@ -0,0 +1,10 @@ |
|||
--- |
|||
# - include_tasks: install.yml |
|||
- include_tasks: configure.yml |
|||
|
|||
# - name: gitea | Ensure gitea is running and enabled on boot. |
|||
# systemd: |
|||
# name: gitea |
|||
# enabled: yes |
|||
# state: started |
|||
# become: yes |
@ -0,0 +1,79 @@ |
|||
--- |
|||
# - name: gitea | postgresql | install | ensure ansible postgres dependency is installed |
|||
# apt: |
|||
# name: "{{ item }}" |
|||
# state: present |
|||
# update_cache: yes |
|||
# loop: |
|||
# - python3-psycopg2 |
|||
# - acl |
|||
# become: yes |
|||
|
|||
# - name: gitea | postgresql | install | add apt key |
|||
# apt_key: |
|||
# url: "https://www.postgresql.org/media/keys/ACCC4CF8.asc" |
|||
# state: present |
|||
# become: yes |
|||
|
|||
# - name: gitea | postgresql | install | add PG apt repo |
|||
# apt_repository: |
|||
# repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main" |
|||
# state: present |
|||
# become: yes |
|||
|
|||
# - name: gitea | postgresql | install | install postgresql |
|||
# apt: |
|||
# name: "postgresql-{{ postgresql__version }}" |
|||
# state: present |
|||
# update_cache: yes |
|||
# become: yes |
|||
|
|||
# - name: gitea | postgresql | set postgres authentication method before start. |
|||
# postgresql_set: |
|||
# name: password_encryption |
|||
# value: scram-sha-256 |
|||
# become: yes |
|||
# become_user: postgres |
|||
|
|||
# - name: gitea | postgresql | ensure PG is running and enabled on boot. |
|||
# service: |
|||
# name: postgresql |
|||
# state: started |
|||
# enabled: yes |
|||
# become: yes |
|||
|
|||
# - name: gitea | postgresql | create gitea postgresql database |
|||
# postgresql_db: |
|||
# name: "{{ gitea__postgres_db_name }}" |
|||
# state: present |
|||
# encoding: UTF8 |
|||
# lc_collate: en_US.UTF-8 |
|||
# lc_ctype: en_US.UTF-8 |
|||
# template: template0 |
|||
# become: yes |
|||
# become_user: postgres |
|||
|
|||
# - name: gitea | postgresql | add gitea postgres user |
|||
# postgresql_user: |
|||
# name: "{{ gitea__postgres_username }}" |
|||
# password: "{{ gitea__postgres_db_password }}" |
|||
# db: "{{ gitea__postgres_db_name }}" |
|||
# state: present |
|||
# priv: "ALL" |
|||
# encrypted: yes |
|||
# expires: infinity |
|||
# become: yes |
|||
# become_user: postgres |
|||
|
|||
# - name: gitea | postgresql | add gitea user to pg_hba |
|||
# postgresql_pg_hba: |
|||
# dest: /etc/postgresql/12/main/pg_hba.conf |
|||
# contype: local |
|||
# users: "{{ gitea__postgres_username }}" |
|||
# databases: "{{ gitea__postgres_db_name }}" |
|||
# method: scram-sha-256 |
|||
# state: present |
|||
# dest: "" |
|||
# become: yes |
|||
# notify: |
|||
# - Restart postgres |
@ -0,0 +1,4 @@ |
|||
# gitea.conf |
|||
[Definition] |
|||
failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST> |
|||
ignoreregex = |
@ -0,0 +1,8 @@ |
|||
[gitea] |
|||
enabled = true |
|||
filter = gitea |
|||
logpath = /var/lib/gitea/log/gitea.log |
|||
maxretry = 10 |
|||
findtime = 3600 |
|||
bantime = 900 |
|||
action = iptables-allports |
@ -0,0 +1,65 @@ |
|||
APP_NAME = {{ gitea__name }} |
|||
RUN_USER = {{ gitea__user }} |
|||
RUN_MODE = prod |
|||
|
|||
[ui] |
|||
DEFAULT_THEME = gitea |
|||
THEMES = gitea,github-dark,earl-grey |
|||
|
|||
[security] |
|||
INTERNAL_TOKEN = {{ gitea__internal_token }} |
|||
INSTALL_LOCK = {{ gitea__install_lock }} |
|||
SECRET_KEY = {{ gitea__secret_key }} |
|||
|
|||
[database] |
|||
DB_TYPE = postgres |
|||
HOST = 127.0.0.1:5432 |
|||
NAME = {{ gitea__postgres_db_name }} |
|||
USER = {{ gitea__postgres_username }} |
|||
PASSWD = {{ gitea__postgres_db_password }} |
|||
SSL_MODE = disable |
|||
|
|||
[repository] |
|||
ROOT = {{ gitea__repo_dir }} |
|||
|
|||
[server] |
|||
SSH_DOMAIN = {{ gitea__domain_name }} |
|||
DOMAIN = {{ gitea__domain_name }} |
|||
HTTP_PORT = {{ gitea__http_port }} |
|||
ROOT_URL = https://{{ gitea__domain_name }}/ |
|||
DISABLE_SSH = {{ gitea__disable_ssh }} |
|||
SSH_PORT = {{ gitea__ssh_port }} |
|||
LFS_START_SERVER = true |
|||
LFS_CONTENT_PATH = /var/lib/gitea/data/lfs |
|||
LFS_JWT_SECRET = {{ gitea__lfs_jwt_secret }} |
|||
OFFLINE_MODE = false |
|||
|
|||
[mailer] |
|||
ENABLED = false |
|||
|
|||
[service] |
|||
REGISTER_EMAIL_CONFIRM = {{ gitea__email_confirm_registration }} |
|||
ENABLE_NOTIFY_MAIL = {{ gitea__enable_notify_mail }} |
|||
DISABLE_REGISTRATION = {{ gitea__disable_registration }} |
|||
ENABLE_CAPTCHA = {{ gitea__enable_captcha }} |
|||
REQUIRE_SIGNIN_VIEW = false |
|||
DEFAULT_KEEP_EMAIL_PRIVATE = {{ gitea__keep_email_private }} |
|||
DEFAULT_ALLOW_CREATE_ORGANIZATION = {{ gitea__allow_org_creation }} |
|||
DEFAULT_ENABLE_TIMETRACKING = true |
|||
NO_REPLY_ADDRESS = {{ gitea__no_reply_address }} |
|||
|
|||
[picture] |
|||
DISABLE_GRAVATAR = false |
|||
ENABLE_FEDERATED_AVATAR = true |
|||
|
|||
[openid] |
|||
ENABLE_OPENID_SIGNIN = false |
|||
ENABLE_OPENID_SIGNUP = false |
|||
|
|||
[session] |
|||
PROVIDER = file |
|||
|
|||
[log] |
|||
MODE = file |
|||
LEVEL = Info |
|||
ROOT_PATH = {{ gitea__log_path }} |
@ -0,0 +1,10 @@ |
|||
# Ansible-Managed |
|||
|
|||
{{ gitea__log_path }}/*.log { |
|||
su {{ gitea__user }} {{ gitea__group }} |
|||
daily |
|||
rotate {{ gitea__log_rotate_retention }} |
|||
missingok |
|||
compress |
|||
copytruncate |
|||
} |
@ -0,0 +1,29 @@ |
|||
[Unit] |
|||
Description=Gitea (Git with a cup of tea) |
|||
After=syslog.target |
|||
After=network.target |
|||
After=postgresql.service |
|||
|
|||
[Service] |
|||
# Modify these two values and uncomment them if you have |
|||
# repos with lots of files and get an HTTP error 500 because |
|||
# of that |
|||
### |
|||
#LimitMEMLOCK=infinity |
|||
#LimitNOFILE=65535 |
|||
RestartSec=2s |
|||
Type=simple |
|||
User={{ gitea__user }} |
|||
Group={{ gitea__group }} |
|||
WorkingDirectory=/var/lib/gitea/ |
|||
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini |
|||
Restart=always |
|||
Environment=USER={{ gitea__user }} HOME=/home/{{ gitea__user }} GITEA_WORK_DIR=/var/lib/gitea |
|||
# If you want to bind Gitea to a port below 1024 uncomment |
|||
# the two values below |
|||
### |
|||
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE |
|||
#AmbientCapabilities=CAP_NET_BIND_SERVICE |
|||
|
|||
[Install] |
|||
WantedBy=multi-user.target |
Loading…
Reference in new issue