2024-04-04 09:48:09 +02:00
|
|
|
---
|
|
|
|
### mrlesmithjr.ansible-manage-lvm
|
|
|
|
lvm_groups:
|
|
|
|
- vgname: vg_data
|
|
|
|
disks:
|
|
|
|
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
|
|
|
|
create: true
|
|
|
|
lvnames:
|
|
|
|
- lvname: lv_data
|
|
|
|
size: +100%FREE
|
|
|
|
create: true
|
|
|
|
filesystem: xfs
|
|
|
|
mount: true
|
|
|
|
mntp: /var/lib/gitea
|
|
|
|
manage_lvm: true
|
|
|
|
pvresize_to_max: true
|
|
|
|
|
|
|
|
### mgrote_apt_manage_packages
|
|
|
|
apt_packages_extra:
|
|
|
|
- fail2ban
|
|
|
|
|
2024-05-25 20:58:07 +02:00
|
|
|
### mgrote_restic
|
|
|
|
restic_folders_to_backup: "/usr/local /etc /root /home {{ gitea_home }}"
|
|
|
|
|
2024-10-23 21:10:43 +02:00
|
|
|
### mgrote_user
|
|
|
|
users:
|
|
|
|
- username: mg
|
|
|
|
password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
|
|
|
|
update_password: always
|
|
|
|
groups:
|
|
|
|
- ssh
|
|
|
|
- sudo
|
|
|
|
state: present
|
|
|
|
public_ssh_key: "{{ ssh_public_key_mg }}"
|
|
|
|
allow_sudo: true
|
|
|
|
allow_passwordless_sudo: true
|
|
|
|
- username: ansible-user
|
|
|
|
password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
|
|
|
update_password: always
|
|
|
|
groups:
|
|
|
|
- ssh
|
|
|
|
- sudo
|
|
|
|
state: present
|
|
|
|
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE
|
|
|
|
allow_sudo: true
|
|
|
|
allow_passwordless_sudo: true
|
2024-10-23 21:23:39 +02:00
|
|
|
- username: postgres
|
|
|
|
password: postgres
|
|
|
|
update_password: always
|
|
|
|
groups:
|
|
|
|
- ssh
|
|
|
|
- sudo
|
2024-10-23 21:25:09 +02:00
|
|
|
state: present
|
2024-10-23 21:12:58 +02:00
|
|
|
allow_sudo: true
|
|
|
|
allow_passwordless_sudo: true
|
2024-10-23 21:10:43 +02:00
|
|
|
|
2024-04-04 09:48:09 +02:00
|
|
|
### geerlingguy_postgres
|
|
|
|
postgresql_databases:
|
|
|
|
- name: "{{ gitea_db_name }}"
|
|
|
|
postgresql_users:
|
|
|
|
- name: "{{ gitea_db_user }}"
|
|
|
|
password: "{{ gitea_db_password }}"
|
|
|
|
|
2024-10-23 21:10:43 +02:00
|
|
|
postgres_users_no_log: false # TODO wieder weg
|
2024-10-23 21:08:20 +02:00
|
|
|
|
2024-04-04 09:48:09 +02:00
|
|
|
### oefenweb.ufw
|
|
|
|
ufw_rules:
|
|
|
|
- rule: allow
|
|
|
|
to_port: 22
|
|
|
|
protocol: tcp
|
|
|
|
comment: 'ssh'
|
|
|
|
from_ip: 0.0.0.0/0
|
|
|
|
- rule: allow
|
|
|
|
to_port: 4949
|
|
|
|
protocol: tcp
|
|
|
|
comment: 'munin'
|
|
|
|
from_ip: 192.168.2.0/24
|
|
|
|
- rule: allow
|
|
|
|
to_port: "{{ gitea_http_port }}"
|
|
|
|
protocol: tcp
|
|
|
|
comment: 'gitea'
|
|
|
|
from_ip: 0.0.0.0/0
|
2024-05-13 22:16:10 +02:00
|
|
|
- rule: allow
|
|
|
|
to_port: "{{ gitea_ssh_port }}"
|
|
|
|
protocol: tcp
|
|
|
|
comment: 'gitea'
|
|
|
|
from_ip: 0.0.0.0/0
|
2024-04-04 09:48:09 +02:00
|
|
|
|
2024-09-16 12:44:27 +02:00
|
|
|
### roles-ansible.gitea
|
2024-04-04 09:48:09 +02:00
|
|
|
gitea_fork: "forgejo"
|
|
|
|
# gitea update
|
2024-10-22 11:53:50 +02:00
|
|
|
gitea_version: "9.0.0" # TODO renovate, wird das erkannt?
|
2024-04-04 09:48:09 +02:00
|
|
|
gitea_version_check: true
|
|
|
|
gitea_backup_on_upgrade: false
|
|
|
|
# gitea in the linux world
|
|
|
|
gitea_group: "gitea"
|
|
|
|
gitea_user: "gitea"
|
|
|
|
gitea_home: "/var/lib/gitea"
|
|
|
|
gitea_user_home: "{{ gitea_home }}"
|
|
|
|
# config liegt in /etc/gitea/gitea.ini
|
|
|
|
gitea_configuration_path: "/etc/gitea" # anpassen
|
|
|
|
gitea_app_name: "forgejo"
|
|
|
|
gitea_fqdn: "git.mgrote.net"
|
|
|
|
# ssh
|
2024-05-13 11:34:21 +02:00
|
|
|
gitea_ssh_port: 2222
|
|
|
|
gitea_start_ssh: true
|
|
|
|
gitea_shell: "/bin/false"
|
2024-04-04 09:48:09 +02:00
|
|
|
# Repository
|
|
|
|
gitea_default_branch: "master"
|
|
|
|
gitea_default_private: "public"
|
|
|
|
gitea_repository_root: "{{ gitea_home }}/repos"
|
|
|
|
# ui
|
|
|
|
gitea_show_user_email: false
|
|
|
|
# server
|
|
|
|
gitea_protocol: "http"
|
|
|
|
gitea_http_domain: "{{ gitea_fqdn }}"
|
|
|
|
gitea_http_port: "3000"
|
|
|
|
gitea_http_listen: "0.0.0.0"
|
2024-04-04 21:52:07 +02:00
|
|
|
gitea_root_url: "https://git.mgrote.net"
|
|
|
|
gitea_landing_page: "login"
|
2024-04-04 09:48:09 +02:00
|
|
|
# database
|
|
|
|
gitea_db_type: "postgres"
|
|
|
|
gitea_db_host: "localhost"
|
|
|
|
gitea_db_name: "gitea"
|
|
|
|
gitea_db_user: "gitea"
|
2024-07-09 17:35:56 +02:00
|
|
|
gitea_db_password: "{{ lookup('viczem.keepass.keepass', 'forgejo_db_password', 'password') }}"
|
2024-04-04 09:48:09 +02:00
|
|
|
# indexer
|
|
|
|
gitea_repo_indexer_enabled: true
|
|
|
|
# security
|
|
|
|
gitea_disable_webhooks: false
|
|
|
|
gitea_password_check_pwn: false
|
2024-07-09 17:35:56 +02:00
|
|
|
gitea_internal_token: "{{ lookup('viczem.keepass.keepass', 'forgejo_internal_token', 'password') }}"
|
|
|
|
gitea_secret_key: "{{ lookup('viczem.keepass.keepass', 'forgejo_secret_key', 'password') }}"
|
2024-04-04 09:48:09 +02:00
|
|
|
# service
|
|
|
|
gitea_disable_registration: true
|
|
|
|
gitea_register_email_confirm: true
|
|
|
|
gitea_require_signin: false
|
|
|
|
gitea_default_keep_mail_private: true
|
|
|
|
gitea_enable_captcha: false
|
|
|
|
gitea_show_registration_button: false
|
|
|
|
gitea_enable_notify_mail: true
|
|
|
|
gitea_default_user_visibility: "public"
|
|
|
|
gitea_show_milestones_dashboard_page: false
|
|
|
|
gitea_default_allow_create_organization: true
|
|
|
|
gitea_default_org_visibility: "public"
|
2024-04-04 21:52:07 +02:00
|
|
|
gitea_default_user_is_restricted: false
|
2024-04-04 09:48:09 +02:00
|
|
|
# Mailer
|
|
|
|
gitea_mailer_enabled: true
|
|
|
|
gitea_mailer_protocol: "smtp"
|
|
|
|
gitea_mailer_smtp_addr: "docker10.mgrote.net"
|
|
|
|
gitea_mailer_smtp_port: 1025
|
|
|
|
gitea_mailer_from: "gitea@mgrote.net"
|
|
|
|
gitea_subject_prefix: "git.mgrote.net - "
|
|
|
|
# log
|
|
|
|
gitea_log_systemd: true
|
|
|
|
gitea_log_level: "Info"
|
|
|
|
# Metrics
|
|
|
|
gitea_metrics_enabled: false
|
|
|
|
# Federation
|
|
|
|
gitea_federation_enabled: false
|
|
|
|
# Packages
|
|
|
|
gitea_packages_enabled: false
|
|
|
|
# actions
|
2024-08-22 22:45:13 +02:00
|
|
|
gitea_actions_enabled: true
|
2024-04-04 09:48:09 +02:00
|
|
|
gitea_extra_config: |
|
|
|
|
; webhook: wird für drone benötigt, sonst wird der Webhook nicht "gesendet"
|
|
|
|
[webhook]
|
|
|
|
ALLOWED_HOST_LIST = *.mgrote.net
|
|
|
|
; für Import/Migration aus anderen Git-Systemen
|
|
|
|
[migrations]
|
|
|
|
ALLOWED_DOMAINS = *
|
2024-04-10 20:30:49 +02:00
|
|
|
; disabled; see: https://github.com/go-gitea/gitea/issues/25992
|
|
|
|
[repo-archive]
|
|
|
|
ENABLED = false
|
2024-07-30 22:21:10 +02:00
|
|
|
[repository]
|
|
|
|
DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true
|
2024-04-04 09:48:09 +02:00
|
|
|
# oauth2
|
2024-07-09 17:35:56 +02:00
|
|
|
gitea_oauth2_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'forgejo_oauth2_jwt_secret', 'password') }}"
|
2024-04-04 09:48:09 +02:00
|
|
|
# Fail2Ban configuration
|
|
|
|
gitea_fail2ban_enabled: true
|
|
|
|
gitea_fail2ban_jail_maxretry: "3"
|
|
|
|
gitea_fail2ban_jail_findtime: "300"
|
|
|
|
gitea_fail2ban_jail_bantime: "600"
|
|
|
|
gitea_fail2ban_jail_action: "iptables-allports"
|
|
|
|
|
|
|
|
### mgrote_gitea_setup
|
|
|
|
gitea_ldap_host: "ldap.mgrote.net"
|
2024-04-04 19:11:51 +02:00
|
|
|
gitea_ldap_base_path: "dc=mgrote,dc=net"
|
|
|
|
gitea_ldap_bind_user: "forgejo_bind_user"
|
2024-07-09 17:35:56 +02:00
|
|
|
gitea_ldap_bind_pass: "{{ lookup('viczem.keepass.keepass', 'lldap_forgejo_bind_user', 'password') }}"
|
2024-04-04 09:48:09 +02:00
|
|
|
gitea_admin_user: "fadmin"
|
2024-07-09 17:35:56 +02:00
|
|
|
gitea_admin_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo_admin_user_pass', 'password') }}"
|