---
### mrlesmithjr.ansible-manage-lvm
lvm_groups:
  - vgname: vg_gitea_data
    disks:
      - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
    create: true
    lvnames:
      - lvname: lv_gitea_data
        size: +100%FREE
        create: true
        filesystem: xfs
        mount: true
        mntp: /var/lib/gitea
manage_lvm: true
pvresize_to_max: true

### mgrote_restic
restic_folders_to_backup: "/ /var/lib/gitea" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files

### oefenweb.ufw
ufw_rules:
  - rule: allow
    to_port: 22
    protocol: tcp
    comment: 'ssh'
    from_ip: 0.0.0.0/0
  - rule: allow
    to_port: "{{ gitea_http_port }}"
    protocol: tcp
    comment: 'gitea'
    from_ip: 0.0.0.0/0
  - rule: allow
    to_port: "{{ gitea_ssh_port }}"
    protocol: tcp
    comment: 'gitea'
    from_ip: 0.0.0.0/0

### l3d.gitea
# config liegt in /etc/gitea/gitea.ini
gitea_version: "1.21.0"
gitea_app_name: "Gitea"
gitea_user: "gitea"
gitea_home: "/var/lib/gitea"
gitea_repository_root: "{{ gitea_home }}"
gitea_user_repo_limit: 300
gitea_root_url: https://git.mgrote.net
gitea_offline_mode: true
gitea_lfs_server_enabled: false
gitea_secret_key: "{{ lookup('keepass', 'gitea_secret_key', 'password') }}"
gitea_internal_token: "{{ lookup('keepass', 'gitea_internal_token', 'password') }}"
gitea_disable_git_hooks: false
gitea_show_user_email: false
gitea_disable_gravatar: true
gitea_enable_captcha: true
gitea_only_allow_external_registration: false
gitea_enable_notify_mail: true
gitea_force_private: false
gitea_oauth2_enabled: true
gitea_repo_indexer_enabled: true

gitea_mailer_enabled: true
gitea_mailer_skip_verify: false
gitea_mailer_tls_enabled: true
gitea_mailer_host: smtp.strato.de:465
gitea_mailer_from: info@mgrote.net
gitea_mailer_user: "info@mgrote.net"
gitea_mailer_password: "{{ lookup('keepass', 'strato_smtp_password', 'password') }}"
gitea_mailer_type: smtp

gitea_default_branch: 'master'

gitea_db_type: sqlite3
gitea_db_path: "{{ gitea_home }}/data/gitea.db" # for sqlite3

gitea_ssh_listen: 0.0.0.0
gitea_ssh_domain: gitea.mgrote.net
gitea_ssh_port: 2222
gitea_start_ssh: true

gitea_http_domain: git.mgrote.net
gitea_http_listen: 0.0.0.0
gitea_http_port: 3000
gitea_disable_http_git: false
gitea_protocol: http

gitea_show_registration_button: false
gitea_require_signin: false
gitea_disable_registration: true

gitea_fail2ban_enabled: true
gitea_fail2ban_jail_maxretry: 3
gitea_fail2ban_jail_findtime: 300
gitea_fail2ban_jail_bantime: 600
# wird für drone benötigt, sonst wird der Webhook nicht "gesendet"
gitea_extra_config: |
  [webhook]
  ALLOWED_HOST_LIST = *.mgrote.net
  [actions]
  ENABLED=true
gitea_backup_on_upgrade: false
gitea_backup_location: "{{ gitea_home }}/backups/"