redeployment forgejo + setup ldap #1
1 changed files with 74 additions and 86 deletions
|
@ -15,32 +15,17 @@ lvm_groups:
|
||||||
manage_lvm: true
|
manage_lvm: true
|
||||||
pvresize_to_max: true
|
pvresize_to_max: true
|
||||||
|
|
||||||
### geerlingguy_postgres
|
|
||||||
postgresql_user: postgres
|
|
||||||
postgresql_group: postgres
|
|
||||||
postgresql_databases:
|
|
||||||
- name: forgejo
|
|
||||||
postgresql_users:
|
|
||||||
- name: forgejo
|
|
||||||
password: supersecure # ändern
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### mgrote_apt_manage_packages
|
### mgrote_apt_manage_packages
|
||||||
apt_packages_extra:
|
apt_packages_extra:
|
||||||
- fail2ban
|
- fail2ban
|
||||||
|
|
||||||
|
### geerlingguy_postgres
|
||||||
|
postgresql_databases:
|
||||||
|
- name: "{{ gitea_db_name }}"
|
||||||
|
postgresql_users:
|
||||||
|
- name: "{{ gitea_db_user }}"
|
||||||
|
password: "{{ gitea_db_password }}"
|
||||||
|
|
||||||
### oefenweb.ufw
|
### oefenweb.ufw
|
||||||
ufw_rules:
|
ufw_rules:
|
||||||
- rule: allow
|
- rule: allow
|
||||||
|
@ -58,81 +43,84 @@ ufw_rules:
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
comment: 'gitea'
|
comment: 'gitea'
|
||||||
from_ip: 0.0.0.0/0
|
from_ip: 0.0.0.0/0
|
||||||
- rule: allow
|
|
||||||
to_port: "{{ gitea_ssh_port }}"
|
|
||||||
protocol: tcp
|
|
||||||
comment: 'gitea'
|
|
||||||
from_ip: 0.0.0.0/0
|
|
||||||
|
|
||||||
### l3d.gitea
|
### pyratlabs-ansible-role-gitea
|
||||||
# config liegt in /etc/gitea/gitea.ini
|
# https://git.mgrote.net/ansible-roles-mirrors/pyratlabs-ansible-role-gitea
|
||||||
gitea_version: "1.21.7-0"
|
# gitea update
|
||||||
gitea_fork: "forgejo"
|
gitea_version: "1.21.7-0" # alt zum renovate testen
|
||||||
gitea_app_name: "Gitea"
|
gitea_version_check: true
|
||||||
|
gitea_backup_on_upgrade: false
|
||||||
|
# gitea in the linux world
|
||||||
|
gitea_group: "gitea"
|
||||||
gitea_user: "gitea"
|
gitea_user: "gitea"
|
||||||
gitea_home: "/var/lib/gitea"
|
gitea_home: "/var/lib/gitea"
|
||||||
gitea_repository_root: "{{ gitea_home }}"
|
gitea_user_home: "{{ gitea_home }}"
|
||||||
gitea_user_repo_limit: 300
|
# config liegt in /etc/gitea/gitea.ini
|
||||||
gitea_root_url: https://git.mgrote.net
|
gitea_configuration_path: "/etc/gitea/etc/gitea"
|
||||||
gitea_offline_mode: true
|
gitea_app_name: "forgejo"
|
||||||
gitea_lfs_server_enabled: false
|
gitea_fqdn: "git.mgrote.net"
|
||||||
gitea_secret_key: "{{ lookup('keepass', 'gitea_secret_key', 'password') }}"
|
# ssh
|
||||||
gitea_internal_token: "{{ lookup('keepass', 'gitea_internal_token', 'password') }}"
|
gitea_ssh_port: 22 # assuming the host SSH server is running on port 22
|
||||||
gitea_disable_git_hooks: false
|
gitea_user: git # otherwise there will be permission issues
|
||||||
|
gitea_start_ssh: false # to not start the built-in SSH server
|
||||||
|
gitea_shell: "/bin/bash"
|
||||||
|
# Repository
|
||||||
|
gitea_default_branch: "master"
|
||||||
|
gitea_default_private: "public"
|
||||||
|
gitea_repository_root: "{{ gitea_home }}/repos"
|
||||||
|
# ui
|
||||||
gitea_show_user_email: false
|
gitea_show_user_email: false
|
||||||
gitea_disable_gravatar: true
|
# server
|
||||||
gitea_enable_captcha: true
|
gitea_protocol: "https"
|
||||||
gitea_only_allow_external_registration: false
|
gitea_http_domain: "https://{{ gitea_fqdn }}"
|
||||||
gitea_enable_notify_mail: true
|
gitea_http_port: 3000
|
||||||
gitea_autowatch_on_change: true
|
# database
|
||||||
gitea_force_private: false
|
gitea_db_type: postgres
|
||||||
gitea_oauth2_enabled: true
|
gitea_db_host: localhost
|
||||||
|
gitea_db_name: gitea
|
||||||
|
gitea_db_user: gitea
|
||||||
|
gitea_db_password: changeme
|
||||||
|
# indexer
|
||||||
gitea_repo_indexer_enabled: true
|
gitea_repo_indexer_enabled: true
|
||||||
|
# security
|
||||||
|
gitea_disable_webhooks: false
|
||||||
|
gitea_password_check_pwn: false
|
||||||
|
# service
|
||||||
|
gitea_disable_registration: true
|
||||||
|
gitea_register_email_confirm: true
|
||||||
|
gitea_require_signin: false
|
||||||
|
gitea_default_keep_mail_private: true
|
||||||
|
gitea_enable_captcha: false
|
||||||
|
gitea_show_registration_button: false
|
||||||
|
gitea_enable_notify_mail: true
|
||||||
|
gitea_default_user_visibility: "limited"
|
||||||
|
gitea_default_org_visibility: "limited"
|
||||||
|
gitea_show_milestones_dashboard_page: false
|
||||||
|
# Mailer
|
||||||
gitea_mailer_enabled: true
|
gitea_mailer_enabled: true
|
||||||
gitea_mailer_protocol: smtp
|
gitea_mailer_protocol: smtp
|
||||||
gitea_mailer_smtp_addr: docker10.mgrote.net
|
gitea_mailer_smtp_addr: docker10.mgrote.net
|
||||||
gitea_mailer_smtp_port: 1025
|
gitea_mailer_smtp_port: 1025
|
||||||
gitea_mailer_from: "gitea@mgrote.net"
|
gitea_mailer_from: "gitea@mgrote.net"
|
||||||
|
gitea_subject_prefix: "git.mgrote.net - " # muss der bindestrichs ein?
|
||||||
gitea_default_branch: 'master'
|
# log
|
||||||
|
gitea_log_systemd: true
|
||||||
gitea_db_type: sqlite3
|
gitea_log_level: "Info"
|
||||||
gitea_db_path: "{{ gitea_home }}/data/gitea.db" # for sqlite3
|
# Metrics
|
||||||
|
gitea_metrics_enabled: false
|
||||||
gitea_ssh_listen: 0.0.0.0
|
# Federation
|
||||||
gitea_ssh_domain: gitea.mgrote.net
|
gitea_federation_enabled: false
|
||||||
gitea_ssh_port: 2222
|
# Packages
|
||||||
gitea_start_ssh: true
|
gitea_packages_enabled: false
|
||||||
|
# actions
|
||||||
gitea_http_domain: git.mgrote.net
|
gitea_actions_enabled: false
|
||||||
gitea_http_listen: 0.0.0.0
|
|
||||||
gitea_http_port: 3000
|
|
||||||
gitea_disable_http_git: false
|
|
||||||
gitea_protocol: http
|
|
||||||
|
|
||||||
gitea_show_registration_button: false
|
|
||||||
gitea_require_signin: false
|
|
||||||
gitea_disable_registration: true
|
|
||||||
|
|
||||||
gitea_fail2ban_enabled: true
|
|
||||||
gitea_fail2ban_jail_maxretry: 3
|
|
||||||
gitea_fail2ban_jail_findtime: 300
|
|
||||||
gitea_fail2ban_jail_bantime: 600
|
|
||||||
# webhook: wird für drone benötigt, sonst wird der Webhook nicht "gesendet"
|
# webhook: wird für drone benötigt, sonst wird der Webhook nicht "gesendet"
|
||||||
# archive_cleanup: https://forum.gitea.com/t/how-to-configure-cron-task-for-delete-all-repositories-archives-zip-tar-gz-etc/4848/3
|
|
||||||
gitea_extra_config: |
|
gitea_extra_config: |
|
||||||
[webhook]
|
[webhook]
|
||||||
ALLOWED_HOST_LIST = *.mgrote.net
|
ALLOWED_HOST_LIST = *.mgrote.net
|
||||||
|
# Fail2Ban configuration
|
||||||
[cron.archive_cleanup]
|
gitea_fail2ban_enabled: true
|
||||||
ENABLED = true
|
gitea_fail2ban_jail_maxretry: "3"
|
||||||
RUN_AT_START = true
|
gitea_fail2ban_jail_findtime: "300"
|
||||||
SCHEDULE = @midnight
|
gitea_fail2ban_jail_bantime: "600"
|
||||||
|
gitea_fail2ban_jail_action: "iptables-allports"
|
||||||
gitea_backup_on_upgrade: false
|
|
||||||
gitea_backup_location: "{{ gitea_home }}/backups/"
|
|
||||||
|
|
||||||
submodules_versioncheck: true
|
|
||||||
gitea_log_systemd: true
|
|
||||||
gitea_log_level: "Info"
|
|
||||||
|
|
Loading…
Add table
Reference in a new issue