redeployment forgejo + setup ldap #1

Merged
mg merged 123 commits from gb into master 2024-04-04 09:48:10 +02:00
Showing only changes of commit 20500a2776 - Show all commits

View file

@ -15,32 +15,17 @@ lvm_groups:
manage_lvm: true manage_lvm: true
pvresize_to_max: true pvresize_to_max: true
### geerlingguy_postgres
postgresql_user: postgres
postgresql_group: postgres
postgresql_databases:
- name: forgejo
postgresql_users:
- name: forgejo
password: supersecure # ändern
### mgrote_apt_manage_packages ### mgrote_apt_manage_packages
apt_packages_extra: apt_packages_extra:
- fail2ban - fail2ban
### geerlingguy_postgres
postgresql_databases:
- name: "{{ gitea_db_name }}"
postgresql_users:
- name: "{{ gitea_db_user }}"
password: "{{ gitea_db_password }}"
### oefenweb.ufw ### oefenweb.ufw
ufw_rules: ufw_rules:
- rule: allow - rule: allow
@ -58,81 +43,84 @@ ufw_rules:
protocol: tcp protocol: tcp
comment: 'gitea' comment: 'gitea'
from_ip: 0.0.0.0/0 from_ip: 0.0.0.0/0
- rule: allow
to_port: "{{ gitea_ssh_port }}"
protocol: tcp
comment: 'gitea'
from_ip: 0.0.0.0/0
### l3d.gitea ### pyratlabs-ansible-role-gitea
# config liegt in /etc/gitea/gitea.ini # https://git.mgrote.net/ansible-roles-mirrors/pyratlabs-ansible-role-gitea
gitea_version: "1.21.7-0" # gitea update
gitea_fork: "forgejo" gitea_version: "1.21.7-0" # alt zum renovate testen
gitea_app_name: "Gitea" gitea_version_check: true
gitea_backup_on_upgrade: false
# gitea in the linux world
gitea_group: "gitea"
gitea_user: "gitea" gitea_user: "gitea"
gitea_home: "/var/lib/gitea" gitea_home: "/var/lib/gitea"
gitea_repository_root: "{{ gitea_home }}" gitea_user_home: "{{ gitea_home }}"
gitea_user_repo_limit: 300 # config liegt in /etc/gitea/gitea.ini
gitea_root_url: https://git.mgrote.net gitea_configuration_path: "/etc/gitea/etc/gitea"
gitea_offline_mode: true gitea_app_name: "forgejo"
gitea_lfs_server_enabled: false gitea_fqdn: "git.mgrote.net"
gitea_secret_key: "{{ lookup('keepass', 'gitea_secret_key', 'password') }}" # ssh
gitea_internal_token: "{{ lookup('keepass', 'gitea_internal_token', 'password') }}" gitea_ssh_port: 22 # assuming the host SSH server is running on port 22
gitea_disable_git_hooks: false gitea_user: git # otherwise there will be permission issues
gitea_start_ssh: false # to not start the built-in SSH server
gitea_shell: "/bin/bash"
# Repository
gitea_default_branch: "master"
gitea_default_private: "public"
gitea_repository_root: "{{ gitea_home }}/repos"
# ui
gitea_show_user_email: false gitea_show_user_email: false
gitea_disable_gravatar: true # server
gitea_enable_captcha: true gitea_protocol: "https"
gitea_only_allow_external_registration: false gitea_http_domain: "https://{{ gitea_fqdn }}"
gitea_enable_notify_mail: true gitea_http_port: 3000
gitea_autowatch_on_change: true # database
gitea_force_private: false gitea_db_type: postgres
gitea_oauth2_enabled: true gitea_db_host: localhost
gitea_db_name: gitea
gitea_db_user: gitea
gitea_db_password: changeme
# indexer
gitea_repo_indexer_enabled: true gitea_repo_indexer_enabled: true
# security
gitea_disable_webhooks: false
gitea_password_check_pwn: false
# service
gitea_disable_registration: true
gitea_register_email_confirm: true
gitea_require_signin: false
gitea_default_keep_mail_private: true
gitea_enable_captcha: false
gitea_show_registration_button: false
gitea_enable_notify_mail: true
gitea_default_user_visibility: "limited"
gitea_default_org_visibility: "limited"
gitea_show_milestones_dashboard_page: false
# Mailer
gitea_mailer_enabled: true gitea_mailer_enabled: true
gitea_mailer_protocol: smtp gitea_mailer_protocol: smtp
gitea_mailer_smtp_addr: docker10.mgrote.net gitea_mailer_smtp_addr: docker10.mgrote.net
gitea_mailer_smtp_port: 1025 gitea_mailer_smtp_port: 1025
gitea_mailer_from: "gitea@mgrote.net" gitea_mailer_from: "gitea@mgrote.net"
gitea_subject_prefix: "git.mgrote.net - " # muss der bindestrichs ein?
gitea_default_branch: 'master' # log
gitea_log_systemd: true
gitea_db_type: sqlite3 gitea_log_level: "Info"
gitea_db_path: "{{ gitea_home }}/data/gitea.db" # for sqlite3 # Metrics
gitea_metrics_enabled: false
gitea_ssh_listen: 0.0.0.0 # Federation
gitea_ssh_domain: gitea.mgrote.net gitea_federation_enabled: false
gitea_ssh_port: 2222 # Packages
gitea_start_ssh: true gitea_packages_enabled: false
# actions
gitea_http_domain: git.mgrote.net gitea_actions_enabled: false
gitea_http_listen: 0.0.0.0
gitea_http_port: 3000
gitea_disable_http_git: false
gitea_protocol: http
gitea_show_registration_button: false
gitea_require_signin: false
gitea_disable_registration: true
gitea_fail2ban_enabled: true
gitea_fail2ban_jail_maxretry: 3
gitea_fail2ban_jail_findtime: 300
gitea_fail2ban_jail_bantime: 600
# webhook: wird für drone benötigt, sonst wird der Webhook nicht "gesendet" # webhook: wird für drone benötigt, sonst wird der Webhook nicht "gesendet"
# archive_cleanup: https://forum.gitea.com/t/how-to-configure-cron-task-for-delete-all-repositories-archives-zip-tar-gz-etc/4848/3
gitea_extra_config: | gitea_extra_config: |
[webhook] [webhook]
ALLOWED_HOST_LIST = *.mgrote.net ALLOWED_HOST_LIST = *.mgrote.net
# Fail2Ban configuration
[cron.archive_cleanup] gitea_fail2ban_enabled: true
ENABLED = true gitea_fail2ban_jail_maxretry: "3"
RUN_AT_START = true gitea_fail2ban_jail_findtime: "300"
SCHEDULE = @midnight gitea_fail2ban_jail_bantime: "600"
gitea_fail2ban_jail_action: "iptables-allports"
gitea_backup_on_upgrade: false
gitea_backup_location: "{{ gitea_home }}/backups/"
submodules_versioncheck: true
gitea_log_systemd: true
gitea_log_level: "Info"