diff --git a/group_vars/gitea.yml b/group_vars/gitea.yml index 4165e4e2..f9df980b 100644 --- a/group_vars/gitea.yml +++ b/group_vars/gitea.yml @@ -40,7 +40,7 @@ from_ip: 192.168.2.144/24 ### l3d.gitea # config liegt in /etc/gitea/gitea.ini - gitea_version: "1.19.3" + gitea_version: "1.20.0" gitea_app_name: "Gitea" gitea_user: "gitea" gitea_home: "/var/lib/gitea" diff --git a/roles/l3d.gitea/.github/dependabot.yml b/roles/l3d.gitea/.github/dependabot.yml new file mode 100644 index 00000000..dde6f4ad --- /dev/null +++ b/roles/l3d.gitea/.github/dependabot.yml @@ -0,0 +1,9 @@ +--- +# See https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates +version: 2 +updates: + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" diff --git a/roles/l3d.gitea/.github/workflows/ansible-linting-check.yml b/roles/l3d.gitea/.github/workflows/ansible-linting-check.yml index 150e9086..5c55ca68 100644 --- a/roles/l3d.gitea/.github/workflows/ansible-linting-check.yml +++ b/roles/l3d.gitea/.github/workflows/ansible-linting-check.yml @@ -2,22 +2,22 @@ name: Ansible Lint check # yamllint disable-line rule:truthy -on: - push: - branches: '*' - pull_request: - branches: '*' +on: [push, pull_request] jobs: build: - + name: Ansible Lint runs-on: ubuntu-latest steps: - name: 'checkout git repo' uses: actions/checkout@v3 + with: + lfs: true + submodules: false + fetch-depth: 0 - name: 'Lint Ansible Playbook' uses: ansible/ansible-lint-action@v6 with: - targets: "." + path: "." diff --git a/roles/l3d.gitea/.github/workflows/galaxy.yml b/roles/l3d.gitea/.github/workflows/galaxy.yml index adcecbd8..39fa2bee 100644 --- a/roles/l3d.gitea/.github/workflows/galaxy.yml +++ b/roles/l3d.gitea/.github/workflows/galaxy.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v3 - name: 'release on galaxy' - uses: robertdebock/galaxy-action@1.2.0 + uses: robertdebock/galaxy-action@1.2.1 with: galaxy_api_key: ${{ secrets.galaxy_api_key }} git_branch: 'main' diff --git a/roles/l3d.gitea/.github/workflows/yamllint.yaml b/roles/l3d.gitea/.github/workflows/yamllint.yaml index d744e9cd..361b111a 100644 --- a/roles/l3d.gitea/.github/workflows/yamllint.yaml +++ b/roles/l3d.gitea/.github/workflows/yamllint.yaml @@ -17,7 +17,7 @@ jobs: uses: actions/checkout@v3 - name: 'Yamllint' - uses: karancode/yamllint-github-action@v2.0.0 + uses: karancode/yamllint-github-action@v2.1.1 with: yamllint_file_or_dir: '.' yamllint_config_filepath: './.yamllint' diff --git a/roles/l3d.gitea/.yamllint b/roles/l3d.gitea/.yamllint index e9713aeb..2e52fdcb 100644 --- a/roles/l3d.gitea/.yamllint +++ b/roles/l3d.gitea/.yamllint @@ -2,7 +2,7 @@ extends: default rules: - # 170 chars should be enough, but don't fail if a line is longer + # 190 chars should be enough, but don't fail if a line is longer line-length: - max: 170 + max: 190 level: warning diff --git a/roles/l3d.gitea/README.md b/roles/l3d.gitea/README.md index 20488061..31793d49 100644 --- a/roles/l3d.gitea/README.md +++ b/roles/l3d.gitea/README.md @@ -94,6 +94,12 @@ Either you define exactly which release you install. Or you use the option ``lat | `gitea_user_repo_limit` | `-1` | Limit how many repos a user can have *(`-1` for unlimited)* | | `gitea_repository_root` | `{{ gitea_home }}/repos` | Root path for storing all repository data. It must be an absolute path. | | `gitea_repository_extra_config` | | you can use this variable to pass additional config parameters in the `[repository]` section of the config. | + +### Repository - Upload ([repository.upload](https://docs.gitea.io/en-us/administration/config-cheat-sheet/#repository---upload-repositoryupload)) +| variable name | default value | description | +| ------------- | ------------- | ----------- | +| `gitea_repository_upload_enabled` | `true` | Whether repository file uploads are enabled | +| `gitea_repository_upload_max_size` | `4` | Max size of each file in megabytes. | | `gitea_repository_upload_extra_config` | | you can use this variable to pass additional config parameters in the `[repository.upload]` section of the config. | ### Repository - Signing ([repository.signing](https://docs.gitea.io/en-us/config-cheat-sheet/#repository---signing-repositorysigning)) @@ -251,6 +257,8 @@ Either you define exactly which release you install. Or you use the option ``lat | variable name | default value | description | | ------------- | ------------- | ----------- | | `attachment_enabled` | `true` | Whether issue and pull request attachments are enabled. | +| `gitea_attachment_types` | see Docs | Comma-separated list of allowed file extensions (`.zip,.txt`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types. | +| `gitea_attachment_max_size` | `4` | Maximum size (MB). | | `gitea_attachment_extra_config` | | you can use this variable to pass additional config parameters in the `[attachment]` section of the config. | ### Log ([log](https://docs.gitea.io/en-us/config-cheat-sheet/#log-log)) @@ -293,12 +301,18 @@ Either you define exactly which release you install. Or you use the option ``lat | `gitea_lfs_storage_type` | `local` | Storage type for lfs | | `gitea_lfs_serve_direct` | `false` | Allows the storage driver to redirect to authenticated URLs to serve files directly. *(only Minio/S3)* | | `gitea_lfs_content_path` | `{{ gitea_home }}/data/lfs` | Where to store LFS files | -| `gitea_lfs_extra` ||you can use this variable to pass additional config parameters in the `[lfs]` section of the config. | +| `gitea_lfs_extra` | | you can use this variable to pass additional config parameters in the `[lfs]` section of the config. | + +### Actions ([actions](https://docs.gitea.io/en-us/config-cheat-sheet/#actions-actions)) +| variable name | default value | description | +| ------------- | ------------- | ----------- | +| `gitea_actions_enabled` | `false` | Enable/Disable actions capabilities globaly. You may want to add `repo.actions` to `gitea_default_repo_units` to enable actions on all new repositories | +| `gitea_actions_default_actions_url` | `https://gitea.com/` | Default address to get action plugins, e.g. the default value means downloading from `https://gitea.com/actions/checkout` for `uses: actions/checkout@v3` | +| `gitea_actions_extra` | | you can use this variable to pass additional config parameters in the `[actions]` section of the config. | ### Other ([other](https://docs.gitea.io/en-us/config-cheat-sheet/#other-other)) | variable name | default value | description | | ------------- | ------------- | ----------- | -| `gitea_other_show_footer_branding` | `false` | Show Gitea branding in the footer. | | `gitea_other_show_footer_version` | `true` | Show Gitea and Go version information in the footer. | | `gitea_other_show_footer_template_load_time` | `true` | Show time of template execution in the footer. | | `gitea_other_enable_sitemap` | `true` | Generate sitemap. | diff --git a/roles/l3d.gitea/defaults/main.yml b/roles/l3d.gitea/defaults/main.yml index 37e8bd84..7c41c1c5 100644 --- a/roles/l3d.gitea/defaults/main.yml +++ b/roles/l3d.gitea/defaults/main.yml @@ -45,6 +45,11 @@ gitea_force_private: false gitea_user_repo_limit: '-1' gitea_repository_root: "{{ gitea_home }}/repos" gitea_repository_extra_config: '' + +# Repository - Upload (repository.upload) +# -> https://docs.gitea.io/en-us/administration/config-cheat-sheet/#repository---upload-repositoryupload +gitea_repository_upload_enabled: true +gitea_repository_upload_max_size: 4 gitea_repository_upload_extra_config: '' # Repository - Signing (repository.signing) @@ -189,6 +194,8 @@ gitea_picture_extra_config: '' # Issue and pull request attachments (attachment) # -> https://docs.gitea.io/en-us/config-cheat-sheet/#issue-and-pull-request-attachments-attachment gitea_attachment_enabled: true +gitea_attachment_types: '.csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip' +gitea_attachment_max_size: 4 gitea_attachment_extra_config: '' # Log (log) @@ -227,9 +234,14 @@ gitea_lfs_serve_direct: false gitea_lfs_content_path: "{{ gitea_home }}/data/lfs" gitea_lfs_extra: '' +# Actions (actions) +# -> https://docs.gitea.io/en-us/config-cheat-sheet/#actions-actions +gitea_actions_enabled: false +gitea_actions_default_actions_url: "https://gitea.com" +gitea_actions_extra: '' + # Other (other) # -> https://docs.gitea.io/en-us/config-cheat-sheet/#other-other -gitea_other_show_footer_branding: false gitea_other_show_footer_version: true gitea_other_show_footer_template_load_time: true gitea_other_enable_sitemap: true diff --git a/roles/l3d.gitea/tasks/install_forgejo.yml b/roles/l3d.gitea/tasks/install_forgejo.yml index e3f3112e..31a48017 100644 --- a/roles/l3d.gitea/tasks/install_forgejo.yml +++ b/roles/l3d.gitea/tasks/install_forgejo.yml @@ -51,6 +51,7 @@ ansible.builtin.command: "gpg --list-keys 0x{{ gitea_forgejo_gpg_key }}" register: _gitea_gpg_key_status changed_when: false + become: false failed_when: _gitea_gpg_key_status.rc not in (0, 2) - name: Print gpg key staus on verbosity diff --git a/roles/l3d.gitea/tasks/install_gitea.yml b/roles/l3d.gitea/tasks/install_gitea.yml index bf166e8f..86823e49 100644 --- a/roles/l3d.gitea/tasks/install_gitea.yml +++ b/roles/l3d.gitea/tasks/install_gitea.yml @@ -68,6 +68,7 @@ - name: Check archive signature ansible.builtin.command: "gpg --verify /tmp/{{ gitea_filename }}.xz.asc /tmp/{{ gitea_filename }}.xz" changed_when: false + become: false - name: Unpack gitea binary ansible.builtin.command: diff --git a/roles/l3d.gitea/tasks/set_forgejo_version.yml b/roles/l3d.gitea/tasks/set_forgejo_version.yml index f44218f7..7b3d1950 100644 --- a/roles/l3d.gitea/tasks/set_forgejo_version.yml +++ b/roles/l3d.gitea/tasks/set_forgejo_version.yml @@ -35,18 +35,24 @@ gitea_version_target: "{{ gitea_remote_version }}" when: not ansible_check_mode -- name: "Set gitea version target {{ gitea_version }}" +- name: "Set forgejo version target {{ gitea_version }}" ansible.builtin.set_fact: gitea_version_target: "{{ gitea_version }}" when: gitea_version != "latest" -- name: "Get specific forgejo release metadata" - ansible.builtin.uri: - url: 'https://codeberg.org/api/v1/repos/forgejo/forgejo/releases/tags/v{{ gitea_version_target }}' - return_content: true - register: gitea_forgejo_remote_tags_metadata - become: false +- name: "Download forgejo version {{ gitea_version_target }}" when: not ansible_check_mode + block: + - name: "Get specific forgejo release metadata" + ansible.builtin.uri: + url: 'https://codeberg.org/api/v1/repos/forgejo/forgejo/releases/tags/v{{ gitea_version_target }}' + return_content: true + register: gitea_forgejo_remote_tags_metadata + become: false + rescue: + - name: "Error Downloading https://codeberg.org/api/v1/repos/forgejo/forgejo/releases/tags/v{{ gitea_version_target }}" + ansible.builtin.fail: + msg: "We did not find the forgejo version you specified. Are you sure that '{{ gitea_version_target }}' is a valid forgejo version?" - name: "Generate forgejo download url" ansible.builtin.set_fact: diff --git a/roles/l3d.gitea/templates/gitea.ini.j2 b/roles/l3d.gitea/templates/gitea.ini.j2 index eed51a13..cbe7cb2b 100644 --- a/roles/l3d.gitea/templates/gitea.ini.j2 +++ b/roles/l3d.gitea/templates/gitea.ini.j2 @@ -13,22 +13,25 @@ RUN_MODE = {{ gitea_run_mode }} ; ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#repository-repository [repository] -DEFAULT_BRANCH = {{ gitea_default_branch }} -DEFAULT_PRIVATE = {{ gitea_default_private }} -DEFAULT_REPO_UNITS = {{ gitea_default_repo_units }} -DISABLED_REPO_UNITS = {{ gitea_disabled_repo_units }} -DISABLE_HTTP_GIT = {{ gitea_disable_http_git | ternary('true', 'false') }} -DISABLE_STARS = {{ gitea_disable_stars | ternary('true', 'false') }} -ENABLE_PUSH_CREATE_ORG = {{ gitea_enable_push_create_org | ternary('true', 'false') }} -ENABLE_PUSH_CREATE_USER = {{ gitea_enable_push_create_user | ternary('true', 'false') }} -FORCE_PRIVATE = {{ gitea_force_private | ternary('true', 'false') }} -MAX_CREATION_LIMIT = {{ gitea_user_repo_limit }} ROOT = {{ gitea_repository_root }} +FORCE_PRIVATE = {{ gitea_force_private | ternary('true', 'false') }} +DEFAULT_PRIVATE = {{ gitea_default_private }} +MAX_CREATION_LIMIT = {{ gitea_user_repo_limit }} +DISABLE_HTTP_GIT = {{ gitea_disable_http_git | ternary('true', 'false') }} +ENABLE_PUSH_CREATE_USER = {{ gitea_enable_push_create_user | ternary('true', 'false') }} +ENABLE_PUSH_CREATE_ORG = {{ gitea_enable_push_create_org | ternary('true', 'false') }} +DISABLED_REPO_UNITS = {{ gitea_disabled_repo_units }} +DEFAULT_REPO_UNITS = {{ gitea_default_repo_units }} +DISABLE_STARS = {{ gitea_disable_stars | ternary('true', 'false') }} +DEFAULT_BRANCH = {{ gitea_default_branch }} {{ gitea_repository_extra_config }} ; ; +; -> https://docs.gitea.io/en-us/administration/config-cheat-sheet/#repository---upload-repositoryupload [repository.upload] +ENABLED = {{ gitea_repository_upload_enabled | ternary('true', 'false') }} TEMP_PATH = {{ gitea_home }}/data/tmp/uploads +FILE_MAX_SIZE = {{ gitea_repository_upload_max_size }} {{ gitea_repository_upload_extra_config }} ; ; @@ -51,9 +54,9 @@ MERGES = {{ gitea_repo_merges }} ; ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#cors-cors [cors] -ENABLED = {{ gitea_enable_cors | ternary('true', 'false') }} -SCHEME = {{ gitea_cors_scheme }} -ALLOW_DOMAIN = {{ gitea_cors_allow_domain }} +ENABLED = {{ gitea_enable_cors | ternary('true', 'false') }} +SCHEME = {{ gitea_cors_scheme }} +ALLOW_DOMAIN = {{ gitea_cors_allow_domain }} ALLOW_SUBDOMAIN = {{ gitea_cors_allow_subdomain | ternary('true', 'false') }} METHODS = {{ gitea_cors_methods }} MAX_AGE = {{ gitea_cors_max_age }} @@ -66,9 +69,9 @@ X_FRAME_OPTIONS = {{ gitea_cors_x_frame_options }} ; ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui [ui] -SHOW_USER_EMAIL = {{ gitea_show_user_email | ternary('true', 'false') }} -DEFAULT_THEME = {{ gitea_theme_default }} THEMES = {{ gitea_themes }} +DEFAULT_THEME = {{ gitea_theme_default }} +SHOW_USER_EMAIL = {{ gitea_show_user_email | ternary('true', 'false') }} {{ gitea_ui_extra_config }} ; ; @@ -82,6 +85,7 @@ KEYWORDS = {{ gitea_ui_keywords }} ; ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#server-server [server] +APP_DATA_PATH = {{ gitea_home }}/data PROTOCOL = {{ gitea_protocol }} DOMAIN = {{ gitea_http_domain }} ROOT_URL = {{ gitea_root_url }} @@ -92,7 +96,10 @@ SSH_DOMAIN = {{ gitea_ssh_domain }} SSH_PORT = {{ gitea_ssh_port }} SSH_LISTEN_HOST = {{ gitea_ssh_listen }} OFFLINE_MODE = {{ gitea_offline_mode | ternary('true', 'false') }} -APP_DATA_PATH = {{ gitea_home }}/data +{% if gitea_enable_tls_certs | bool %} +CERT_FILE = {{ gitea_tls_cert_file }} +KEY_FILE = {{ gitea_tls_key_file }} +{% endif %} LANDING_PAGE = {{ gitea_landing_page }} {% if gitea_lfs_server_enabled | bool -%} LFS_START_SERVER = true @@ -100,10 +107,6 @@ LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }} {% endif %} REDIRECT_OTHER_PORT = {{ gitea_redirect_other_port | ternary('true', 'false') }} PORT_TO_REDIRECT = {{ gitea_port_to_redirect }} -{% if gitea_enable_tls_certs | bool %} -CERT_FILE = {{ gitea_tls_cert_file }} -KEY_FILE = {{ gitea_tls_key_file }} -{% endif %} ENABLE_ACME = {{ gitea_enable_acme | ternary('true', 'false') }} {% if gitea_enable_acme | bool %} {% if gitea_acme_url != '' %} @@ -162,15 +165,15 @@ PASSWORD_CHECK_PWN = {{ gitea_password_check_pwn | ternary('true', 'false') }} ; ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#service-service [service] -DISABLE_REGISTRATION = {{ gitea_disable_registration | ternary('true', 'false') }} REGISTER_EMAIL_CONFIRM = {{ gitea_register_email_confirm | ternary('true', 'false') }} +DISABLE_REGISTRATION = {{ gitea_disable_registration | ternary('true', 'false') }} REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin | ternary('true', 'false') }} -DEFAULT_KEEP_EMAIL_PRIVATE = {{ gitea_default_keep_mail_private | ternary('true', 'false') }} -ENABLE_CAPTCHA = {{ gitea_enable_captcha | ternary('true', 'false') }} -SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button | ternary('true', 'false') }} -ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration | ternary('true', 'false') }} ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail | ternary('true', 'false') }} +ENABLE_CAPTCHA = {{ gitea_enable_captcha | ternary('true', 'false') }} +DEFAULT_KEEP_EMAIL_PRIVATE = {{ gitea_default_keep_mail_private | ternary('true', 'false') }} +SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button | ternary('true', 'false') }} AUTO_WATCH_NEW_REPOS = {{ gitea_auto_watch_new_repos | ternary('true', 'false') }} +ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration | ternary('true', 'false') }} {{ gitea_service_extra_config }} ; ; @@ -213,8 +216,10 @@ AVATAR_UPLOAD_PATH = {{ gitea_home }}/data/avatars ; ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#issue-and-pull-request-attachments-attachment [attachment] -ENABLED = {{ gitea_attachment_enabled | ternary('true', 'false') }} -PATH = {{ gitea_home }}/data/attachments +ENABLED = {{ gitea_attachment_enabled | ternary('true', 'false') }} +ALLOWED_TYPES = {{ gitea_attachment_types }} +MAX_SIZE = {{ gitea_attachment_max_size }} +PATH = {{ gitea_home }}/data/attachments {{ gitea_attachment_extra_config }} ; ; @@ -222,11 +227,11 @@ PATH = {{ gitea_home }}/data/attachments [log] ROOT_PATH = {{ gitea_home }}/log {% if gitea_log_systemd %} -MODE = console +MODE = console {% else %} -MODE = file +MODE = file {% endif %} -LEVEL = {{ gitea_log_level }} +LEVEL = {{ gitea_log_level }} {{ gitea_log_extra_config }} ; ; @@ -271,10 +276,18 @@ PATH = {{ gitea_lfs_content_path }} {% endif %} ; ; +{% if gitea_actions_enabled | bool %} +; -> https://docs.gitea.io/en-us/config-cheat-sheet/#actions-actions +[actions] +ENABLED = {{ gitea_actions_enabled }} +DEFAULT_ACTIONS_URL = {{ gitea_actions_default_actions_url }} +{{ gitea_actions_extra }} +{% endif %} +; +; ; Other (other) ; -> https://docs.gitea.io/en-us/config-cheat-sheet/#other-other [other] -SHOW_FOOTER_BRANDING = {{ gitea_other_show_footer_branding | ternary('true', 'false') }} SHOW_FOOTER_VERSION = {{ gitea_other_show_footer_version | ternary('true', 'false') }} SHOW_FOOTER_TEMPLATE_LOAD_TIME = {{ gitea_other_show_footer_template_load_time | ternary('true', 'false') }} ENABLE_SITEMAP = {{ gitea_other_enable_sitemap | ternary('true', 'false') }} diff --git a/roles/l3d.gitea/templates/gitea.service.j2 b/roles/l3d.gitea/templates/gitea.service.j2 index 1db7f852..76a12a1a 100644 --- a/roles/l3d.gitea/templates/gitea.service.j2 +++ b/roles/l3d.gitea/templates/gitea.service.j2 @@ -5,7 +5,7 @@ After=network.target [Service] User={{ gitea_user }} Group={{ gitea_group }} -ExecStart={{ gitea_full_executable_path }} web -c {{ gitea_configuraion_path }}/gitea.ini --custom-path {{ gitea_custom }}/ +ExecStart={{ gitea_full_executable_path }} web --config {{ gitea_configuraion_path }}/gitea.ini --custom-path {{ gitea_custom }}/ Restart=on-failure WorkingDirectory={{ gitea_home }} {% if gitea_systemd_cap_net_bind_service %} diff --git a/roles/l3d.gitea/vars/main.yml b/roles/l3d.gitea/vars/main.yml index a73b6536..70d6b20f 100644 --- a/roles/l3d.gitea/vars/main.yml +++ b/roles/l3d.gitea/vars/main.yml @@ -62,5 +62,5 @@ transfer_custom_footer: - 'files/gitea_footer/extra_links_footer.tmpl' - 'files/extra_links_footer.tmpl' -playbook_version_number: 44 # should be int +playbook_version_number: 49 # should be int playbook_version_path: 'do1jlr.gitea.version'