homeserver/group_vars/gitea.yml
2023-07-19 19:36:11 +02:00

141 lines
4.5 KiB
YAML

---
### mrlesmithjr.ansible-manage-lvm
lvm_groups:
- vgname: vg_gitea_data
disks:
- /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
create: true
lvnames:
- lvname: lv_gitea_data
size: +100%FREE
create: true
filesystem: xfs
mount: true
mntp: /var/lib/gitea
manage_lvm: true
pvresize_to_max: true
### mgrote.restic
restic_folders_to_backup: "/ /var/lib/gitea" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: "{{ gitea_http_port }}"
protocol: tcp
comment: 'gitea'
from_ip: 0.0.0.0/0
- rule: allow
to_port: "{{ gitea_ssh_port }}"
protocol: tcp
comment: 'gitea'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 4949
protocol: tcp
comment: 'munin'
from_ip: 192.168.2.144/24
### l3d.gitea
# config liegt in /etc/gitea/gitea.ini
gitea_version: "1.20.0"
gitea_app_name: "Gitea"
gitea_user: "gitea"
gitea_home: "/var/lib/gitea"
gitea_repository_root: "{{ gitea_home }}"
gitea_user_repo_limit: 300
gitea_root_url: https://git.mgrote.net
gitea_offline_mode: true
gitea_lfs_server_enabled: false
gitea_secret_key: "{{ lookup('keepass', 'gitea_secret_key', 'password') }}"
gitea_internal_token: "{{ lookup('keepass', 'gitea_internal_token', 'password') }}"
gitea_disable_git_hooks: false
gitea_show_user_email: false
gitea_disable_gravatar: true
gitea_enable_captcha: true
gitea_only_allow_external_registration: false
gitea_enable_notify_mail: false
gitea_force_private: false
gitea_oauth2_enabled: true
gitea_repo_indexer_enabled: true
gitea_mailer_enabled: true
gitea_mailer_skip_verify: false
gitea_mailer_tls_enabled: true
gitea_mailer_host: smtp.strato.de:465
gitea_mailer_from: info@mgrote.net
gitea_mailer_user: "info@mgrote.net"
gitea_mailer_password: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
gitea_mailer_type: smtp
gitea_default_branch: 'master'
gitea_db_type: sqlite3
gitea_db_path: "{{ gitea_home }}/data/gitea.db" # for sqlite3
gitea_ssh_listen: 0.0.0.0
gitea_ssh_domain: git.mgrote.net
gitea_ssh_port: 2222
gitea_start_ssh: true
gitea_http_domain: git.mgrote.net
gitea_http_listen: 0.0.0.0
gitea_http_port: 3000
gitea_disable_http_git: false
gitea_protocol: http
gitea_show_registration_button: false
gitea_require_signin: false
gitea_disable_registration: true
gitea_fail2ban_enabled: true
gitea_fail2ban_jail_maxretry: 3
gitea_fail2ban_jail_findtime: 300
gitea_fail2ban_jail_bantime: 600
# wird für drone benötigt, sonst wird der Webhook nicht "gesendet"
gitea_extra_config: |
[webhook]
ALLOWED_HOST_LIST = *.grote.lan
gitea_backup_on_upgrade: false
gitea_backup_location: "{{ gitea_home }}/backups/"
### mgrote.munin-node
munin_node_plugins:
- name: chrony
src: https://git.mgrote.net/Mirror/munin-contrib/raw/branch/master/plugins/chrony/chrony
- name: systemd_status
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
- name: systemd_mem
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
config: |
[systemd_mem]
env.all_services true
- name: lvm_
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
config: |
[lvm_*]
user root
- name: fail2ban
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
config: |
[fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
user root
- name: http_response
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
config: |
[http_response]
env.sites http://gitea.grote.lan:3000 https://git.mgrote.net
env.max_time 20
env.short_label true
env.follow_redirect true
- name: drone
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/cicd/drone
config: |
[drone]
env.url http://docker10.grote.lan:81/api/user/repos?latest=true
env.token {{ lookup('keepass', 'munin_plugin_drone_token', 'password') }}