From 20500a27768a13031c82a595a80d1e8a2178767c Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Tue, 2 Apr 2024 22:08:55 +0200 Subject: [PATCH] config --- host_vars/forgejo.mgrote.net.yml | 160 ++++++++++++++----------------- 1 file changed, 74 insertions(+), 86 deletions(-) diff --git a/host_vars/forgejo.mgrote.net.yml b/host_vars/forgejo.mgrote.net.yml index 67719970..a00de3fe 100644 --- a/host_vars/forgejo.mgrote.net.yml +++ b/host_vars/forgejo.mgrote.net.yml @@ -15,32 +15,17 @@ lvm_groups: manage_lvm: true pvresize_to_max: true -### geerlingguy_postgres -postgresql_user: postgres -postgresql_group: postgres -postgresql_databases: - - name: forgejo -postgresql_users: - - name: forgejo - password: supersecure # ändern - - - - - - - - - - - - - - ### mgrote_apt_manage_packages apt_packages_extra: - fail2ban +### geerlingguy_postgres +postgresql_databases: + - name: "{{ gitea_db_name }}" +postgresql_users: + - name: "{{ gitea_db_user }}" + password: "{{ gitea_db_password }}" + ### oefenweb.ufw ufw_rules: - rule: allow @@ -58,81 +43,84 @@ ufw_rules: protocol: tcp comment: 'gitea' from_ip: 0.0.0.0/0 - - rule: allow - to_port: "{{ gitea_ssh_port }}" - protocol: tcp - comment: 'gitea' - from_ip: 0.0.0.0/0 -### l3d.gitea -# config liegt in /etc/gitea/gitea.ini -gitea_version: "1.21.7-0" -gitea_fork: "forgejo" -gitea_app_name: "Gitea" +### pyratlabs-ansible-role-gitea +# https://git.mgrote.net/ansible-roles-mirrors/pyratlabs-ansible-role-gitea +# gitea update +gitea_version: "1.21.7-0" # alt zum renovate testen +gitea_version_check: true +gitea_backup_on_upgrade: false +# gitea in the linux world +gitea_group: "gitea" gitea_user: "gitea" gitea_home: "/var/lib/gitea" -gitea_repository_root: "{{ gitea_home }}" -gitea_user_repo_limit: 300 -gitea_root_url: https://git.mgrote.net -gitea_offline_mode: true -gitea_lfs_server_enabled: false -gitea_secret_key: "{{ lookup('keepass', 'gitea_secret_key', 'password') }}" -gitea_internal_token: "{{ lookup('keepass', 'gitea_internal_token', 'password') }}" -gitea_disable_git_hooks: false +gitea_user_home: "{{ gitea_home }}" +# config liegt in /etc/gitea/gitea.ini +gitea_configuration_path: "/etc/gitea/etc/gitea" +gitea_app_name: "forgejo" +gitea_fqdn: "git.mgrote.net" +# ssh +gitea_ssh_port: 22 # assuming the host SSH server is running on port 22 +gitea_user: git # otherwise there will be permission issues +gitea_start_ssh: false # to not start the built-in SSH server +gitea_shell: "/bin/bash" +# Repository +gitea_default_branch: "master" +gitea_default_private: "public" +gitea_repository_root: "{{ gitea_home }}/repos" +# ui gitea_show_user_email: false -gitea_disable_gravatar: true -gitea_enable_captcha: true -gitea_only_allow_external_registration: false -gitea_enable_notify_mail: true -gitea_autowatch_on_change: true -gitea_force_private: false -gitea_oauth2_enabled: true +# server +gitea_protocol: "https" +gitea_http_domain: "https://{{ gitea_fqdn }}" +gitea_http_port: 3000 +# database +gitea_db_type: postgres +gitea_db_host: localhost +gitea_db_name: gitea +gitea_db_user: gitea +gitea_db_password: changeme +# indexer gitea_repo_indexer_enabled: true - +# security +gitea_disable_webhooks: false +gitea_password_check_pwn: false +# service +gitea_disable_registration: true +gitea_register_email_confirm: true +gitea_require_signin: false +gitea_default_keep_mail_private: true +gitea_enable_captcha: false +gitea_show_registration_button: false +gitea_enable_notify_mail: true +gitea_default_user_visibility: "limited" +gitea_default_org_visibility: "limited" +gitea_show_milestones_dashboard_page: false +# Mailer gitea_mailer_enabled: true gitea_mailer_protocol: smtp gitea_mailer_smtp_addr: docker10.mgrote.net gitea_mailer_smtp_port: 1025 gitea_mailer_from: "gitea@mgrote.net" - -gitea_default_branch: 'master' - -gitea_db_type: sqlite3 -gitea_db_path: "{{ gitea_home }}/data/gitea.db" # for sqlite3 - -gitea_ssh_listen: 0.0.0.0 -gitea_ssh_domain: gitea.mgrote.net -gitea_ssh_port: 2222 -gitea_start_ssh: true - -gitea_http_domain: git.mgrote.net -gitea_http_listen: 0.0.0.0 -gitea_http_port: 3000 -gitea_disable_http_git: false -gitea_protocol: http - -gitea_show_registration_button: false -gitea_require_signin: false -gitea_disable_registration: true - -gitea_fail2ban_enabled: true -gitea_fail2ban_jail_maxretry: 3 -gitea_fail2ban_jail_findtime: 300 -gitea_fail2ban_jail_bantime: 600 +gitea_subject_prefix: "git.mgrote.net - " # muss der bindestrichs ein? +# log +gitea_log_systemd: true +gitea_log_level: "Info" +# Metrics +gitea_metrics_enabled: false +# Federation +gitea_federation_enabled: false +# Packages +gitea_packages_enabled: false +# actions +gitea_actions_enabled: false # webhook: wird für drone benötigt, sonst wird der Webhook nicht "gesendet" -# archive_cleanup: https://forum.gitea.com/t/how-to-configure-cron-task-for-delete-all-repositories-archives-zip-tar-gz-etc/4848/3 gitea_extra_config: | [webhook] ALLOWED_HOST_LIST = *.mgrote.net - - [cron.archive_cleanup] - ENABLED = true - RUN_AT_START = true - SCHEDULE = @midnight - -gitea_backup_on_upgrade: false -gitea_backup_location: "{{ gitea_home }}/backups/" - -submodules_versioncheck: true -gitea_log_systemd: true -gitea_log_level: "Info" +# Fail2Ban configuration +gitea_fail2ban_enabled: true +gitea_fail2ban_jail_maxretry: "3" +gitea_fail2ban_jail_findtime: "300" +gitea_fail2ban_jail_bantime: "600" +gitea_fail2ban_jail_action: "iptables-allports"