--- ### mrlesmithjr.ansible-manage-lvm lvm_groups: - vgname: vg_data disks: - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1 create: true lvnames: - lvname: lv_data size: +100%FREE create: true filesystem: xfs mount: true mntp: /var/lib/gitea manage_lvm: true pvresize_to_max: true ### mgrote_apt_manage_packages apt_packages_extra: - fail2ban ### mgrote_restic restic_folders_to_backup: "/usr/local /etc /root /home {{ gitea_home }}" ### mgrote_user users: - username: mg password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}" update_password: always groups: - ssh - sudo state: present public_ssh_key: "{{ ssh_public_key_mg }}" allow_sudo: true allow_passwordless_sudo: true - username: ansible-user password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: always groups: - ssh - sudo state: present public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE allow_sudo: true allow_passwordless_sudo: true - username: postgres password: postgres update_password: always groups: - ssh - sudo state: present allow_sudo: true allow_passwordless_sudo: true ### geerlingguy_postgres postgresql_databases: - name: "{{ gitea_db_name }}" postgresql_users: - name: "{{ gitea_db_user }}" password: "{{ gitea_db_password }}" postgres_users_no_log: false # TODO wieder weg ### oefenweb.ufw ufw_rules: - rule: allow to_port: 22 protocol: tcp comment: 'ssh' from_ip: 0.0.0.0/0 - rule: allow to_port: 4949 protocol: tcp comment: 'munin' from_ip: 192.168.2.0/24 - rule: allow to_port: "{{ gitea_http_port }}" protocol: tcp comment: 'gitea' from_ip: 0.0.0.0/0 - rule: allow to_port: "{{ gitea_ssh_port }}" protocol: tcp comment: 'gitea' from_ip: 0.0.0.0/0 ### roles-ansible.gitea gitea_fork: "forgejo" # gitea update gitea_version: "9.0.0" # TODO renovate, wird das erkannt? gitea_version_check: true gitea_backup_on_upgrade: false # gitea in the linux world gitea_group: "gitea" gitea_user: "gitea" gitea_home: "/var/lib/gitea" gitea_user_home: "{{ gitea_home }}" # config liegt in /etc/gitea/gitea.ini gitea_configuration_path: "/etc/gitea" # anpassen gitea_app_name: "forgejo" gitea_fqdn: "git.mgrote.net" # ssh gitea_ssh_port: 2222 gitea_start_ssh: true gitea_shell: "/bin/false" # Repository gitea_default_branch: "master" gitea_default_private: "public" gitea_repository_root: "{{ gitea_home }}/repos" # ui gitea_show_user_email: false # server gitea_protocol: "http" gitea_http_domain: "{{ gitea_fqdn }}" gitea_http_port: "3000" gitea_http_listen: "0.0.0.0" gitea_root_url: "https://git.mgrote.net" gitea_landing_page: "login" # database gitea_db_type: "postgres" gitea_db_host: "localhost" gitea_db_name: "gitea" gitea_db_user: "gitea" gitea_db_password: "{{ lookup('viczem.keepass.keepass', 'forgejo_db_password', 'password') }}" # indexer gitea_repo_indexer_enabled: true # security gitea_disable_webhooks: false gitea_password_check_pwn: false gitea_internal_token: "{{ lookup('viczem.keepass.keepass', 'forgejo_internal_token', 'password') }}" gitea_secret_key: "{{ lookup('viczem.keepass.keepass', 'forgejo_secret_key', 'password') }}" # service gitea_disable_registration: true gitea_register_email_confirm: true gitea_require_signin: false gitea_default_keep_mail_private: true gitea_enable_captcha: false gitea_show_registration_button: false gitea_enable_notify_mail: true gitea_default_user_visibility: "public" gitea_show_milestones_dashboard_page: false gitea_default_allow_create_organization: true gitea_default_org_visibility: "public" gitea_default_user_is_restricted: false # Mailer gitea_mailer_enabled: true gitea_mailer_protocol: "smtp" gitea_mailer_smtp_addr: "docker10.mgrote.net" gitea_mailer_smtp_port: 1025 gitea_mailer_from: "gitea@mgrote.net" gitea_subject_prefix: "git.mgrote.net - " # log gitea_log_systemd: true gitea_log_level: "Info" # Metrics gitea_metrics_enabled: false # Federation gitea_federation_enabled: false # Packages gitea_packages_enabled: false # actions gitea_actions_enabled: true gitea_extra_config: | ; webhook: wird für drone benötigt, sonst wird der Webhook nicht "gesendet" [webhook] ALLOWED_HOST_LIST = *.mgrote.net ; für Import/Migration aus anderen Git-Systemen [migrations] ALLOWED_DOMAINS = * ; disabled; see: https://github.com/go-gitea/gitea/issues/25992 [repo-archive] ENABLED = false [repository] DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true # oauth2 gitea_oauth2_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'forgejo_oauth2_jwt_secret', 'password') }}" # Fail2Ban configuration gitea_fail2ban_enabled: true gitea_fail2ban_jail_maxretry: "3" gitea_fail2ban_jail_findtime: "300" gitea_fail2ban_jail_bantime: "600" gitea_fail2ban_jail_action: "iptables-allports" ### mgrote_gitea_setup gitea_ldap_host: "ldap.mgrote.net" gitea_ldap_base_path: "dc=mgrote,dc=net" gitea_ldap_bind_user: "forgejo_bind_user" gitea_ldap_bind_pass: "{{ lookup('viczem.keepass.keepass', 'lldap_forgejo_bind_user', 'password') }}" gitea_admin_user: "fadmin" gitea_admin_user_pass: "{{ lookup('viczem.keepass.keepass', 'forgejo_admin_user_pass', 'password') }}"