108 lines
2.8 KiB
YAML
108 lines
2.8 KiB
YAML
---
|
|
### mrlesmithjr.ansible-manage-lvm
|
|
lvm_groups:
|
|
- vgname: vg_gitea_data
|
|
disks:
|
|
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
|
|
create: true
|
|
lvnames:
|
|
- lvname: lv_gitea_data
|
|
size: +100%FREE
|
|
create: true
|
|
filesystem: xfs
|
|
mount: true
|
|
mntp: /var/lib/gitea
|
|
manage_lvm: true
|
|
pvresize_to_max: true
|
|
|
|
### mgrote_restic
|
|
restic_folders_to_backup: "/ /var/lib/gitea" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
|
|
|
|
### mgrote_apt_manage_packages
|
|
apt_packages_extra:
|
|
- fail2ban
|
|
|
|
### oefenweb.ufw
|
|
ufw_rules:
|
|
- rule: allow
|
|
to_port: 22
|
|
protocol: tcp
|
|
comment: 'ssh'
|
|
from_ip: 0.0.0.0/0
|
|
- rule: allow
|
|
to_port: "{{ gitea_http_port }}"
|
|
protocol: tcp
|
|
comment: 'gitea'
|
|
from_ip: 0.0.0.0/0
|
|
- rule: allow
|
|
to_port: "{{ gitea_ssh_port }}"
|
|
protocol: tcp
|
|
comment: 'gitea'
|
|
from_ip: 0.0.0.0/0
|
|
|
|
### l3d.gitea
|
|
# config liegt in /etc/gitea/gitea.ini
|
|
gitea_version: "1.21.5"
|
|
gitea_fork: "gitea"
|
|
gitea_app_name: "Gitea"
|
|
gitea_user: "gitea"
|
|
gitea_home: "/var/lib/gitea"
|
|
gitea_repository_root: "{{ gitea_home }}"
|
|
gitea_user_repo_limit: 300
|
|
gitea_root_url: https://git.mgrote.net
|
|
gitea_offline_mode: true
|
|
gitea_lfs_server_enabled: false
|
|
gitea_secret_key: "{{ lookup('keepass', 'gitea_secret_key', 'password') }}"
|
|
gitea_internal_token: "{{ lookup('keepass', 'gitea_internal_token', 'password') }}"
|
|
gitea_disable_git_hooks: false
|
|
gitea_show_user_email: false
|
|
gitea_disable_gravatar: true
|
|
gitea_enable_captcha: true
|
|
gitea_only_allow_external_registration: false
|
|
gitea_enable_notify_mail: true
|
|
gitea_autowatch_on_change: true
|
|
gitea_force_private: false
|
|
gitea_oauth2_enabled: true
|
|
gitea_repo_indexer_enabled: true
|
|
|
|
gitea_mailer_enabled: true
|
|
gitea_mailer_protocol: smtp
|
|
gitea_mailer_smtp_addr: docker10.mgrote.net
|
|
gitea_mailer_smtp_port: 1025
|
|
gitea_mailer_from: "gitea@mgrote.net"
|
|
|
|
gitea_default_branch: 'master'
|
|
|
|
gitea_db_type: sqlite3
|
|
gitea_db_path: "{{ gitea_home }}/data/gitea.db" # for sqlite3
|
|
|
|
gitea_ssh_listen: 0.0.0.0
|
|
gitea_ssh_domain: gitea.mgrote.net
|
|
gitea_ssh_port: 2222
|
|
gitea_start_ssh: true
|
|
|
|
gitea_http_domain: git.mgrote.net
|
|
gitea_http_listen: 0.0.0.0
|
|
gitea_http_port: 3000
|
|
gitea_disable_http_git: false
|
|
gitea_protocol: http
|
|
|
|
gitea_show_registration_button: false
|
|
gitea_require_signin: false
|
|
gitea_disable_registration: true
|
|
|
|
gitea_fail2ban_enabled: true
|
|
gitea_fail2ban_jail_maxretry: 3
|
|
gitea_fail2ban_jail_findtime: 300
|
|
gitea_fail2ban_jail_bantime: 600
|
|
# wird für drone benötigt, sonst wird der Webhook nicht "gesendet"
|
|
gitea_extra_config: |
|
|
[webhook]
|
|
ALLOWED_HOST_LIST = *.mgrote.net
|
|
|
|
gitea_backup_on_upgrade: false
|
|
gitea_backup_location: "{{ gitea_home }}/backups/"
|
|
|
|
submodules_versioncheck: true
|
|
gitea_log_systemd: true
|
|
gitea_log_level: "Info"
|