-
-
Notifications
You must be signed in to change notification settings - Fork 31
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #6 from roles-ansible/docs
optimize Docs, reorder variables
- Loading branch information
Showing
4 changed files
with
205 additions
and
211 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,12 +1,31 @@ | ||
| BSD 3-Clause License | ||
|
|
||
| Copyright (c) 2019 - today L3D <[email protected]> | ||
| Copyright (c) 2019 - 2021 Thomas Maurice | ||
|
|
||
| Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: | ||
| All rights reserved. | ||
|
|
||
| Redistribution and use in source and binary forms, with or without | ||
| modification, are permitted provided that the following conditions are met: | ||
|
|
||
| 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. | ||
| 1. Redistributions of source code must retain the above copyright notice, this | ||
| list of conditions and the following disclaimer. | ||
|
|
||
| 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. | ||
| 2. Redistributions in binary form must reproduce the above copyright notice, | ||
| this list of conditions and the following disclaimer in the documentation | ||
| and/or other materials provided with the distribution. | ||
|
|
||
| 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. | ||
| 3. Neither the name of the copyright holder nor the names of its | ||
| contributors may be used to endorse or promote products derived from | ||
| this software without specific prior written permission. | ||
|
|
||
| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | ||
| AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
| DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE | ||
| FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | ||
| SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | ||
| CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | ||
| OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | ||
| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -62,13 +62,16 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu | |
| | `gitea_dl_url` | *(see [defaults/main.yml](defaults/main.yml#L5))* | The path from where this role downloads the gitea binary | | ||
| | `gitea_gpg_key` | `7C9E68152594688862D62AF62D9AE806EC1592E2` | the gpg key the gitea binary is signed with | | ||
| | `gitea_gpg_server` | `hkp://keyserver.ubuntu.com:80` | A gpg key server where this role can download the gpg key | | ||
| | `gitea_backup_on_upgrade` | `false` | Optionally a backup can be created with every update of gitea. | | ||
| | `gitea_backup_location` | `{{ gitea_home }}/backups/` | Where to store the gitea backup if one is created with this role. | | ||
|
|
||
| ### gitea in the linux world | ||
| | variable name | default value | description | | ||
| | ------------- | ------------- | ----------- | | ||
| | `gitea_group` | `gitea` | UNIX group used by Gitea | | ||
| | `gitea_home` | `/var/lib/gitea` | Base directory to work | | ||
| | `gitea_shell` | `/bin/false` | UNIX shell used by gitea. Set it to `/bin/bash` if you don't use the gitea built-in ssh server. | | ||
| | `gitea_systemd_cap_net_bind_service` | `false` | Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file | | ||
|
|
||
| ### Overall ([DEFAULT](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default)) | ||
| | variable name | default value | description | | ||
|
|
@@ -124,6 +127,7 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu | |
| | `gitea_db_password` | `lel` | Database password. **PLEASE CHANGE** | | ||
| | `gitea_db_ssl` | `disable` | Configure SSL only if your database type supports it. Have a look into the [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/#database-database) for more detailed information | | ||
| | `gitea_db_path` | `{{ gitea_home }}/data/gitea.db` | DB path, if you use `sqlite3`. | | ||
| | `gitea_db_log_sql` | `false` | Log the executed SQL. | | ||
| | `gitea_database_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[database]` section of the config. | | ||
|
|
||
| ### Indexer ([indexer](https://docs.gitea.io/en-us/config-cheat-sheet/#indexer-indexer)) | ||
|
|
@@ -136,129 +140,105 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu | |
| | `gitea_repo_indexer_max_file_size` | `1048576` | Maximum size in bytes of files to be indexed. | | ||
| | `gitea_indexer_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[indexer]` section of the config. | | ||
|
|
||
| ### Security ([security](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security)) | ||
| | variable name | default value | description | | ||
| | ------------- | ------------- | ----------- | | ||
| | `gitea_secret_key` | `''` | Global secret key. Will be autogenerated if not defined. Should be unique. | | ||
| | `gitea_internal_token` | `''` | Internal API token. Will be autogenerated if not defined. Should be unique. | | ||
| | `gitea_disable_git_hooks` | `true` | Set to false to enable users with git hook privilege to create custom git hooks. Can be dangerous. | | ||
| | `gitea_password_check_pwn` | `false` | Check [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) to see if a password has been exposed. | | ||
| | `gitea_security_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[security]` section of the config. | | ||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
| ### Look and feel | ||
| ### Service ([service](https://docs.gitea.io/en-us/config-cheat-sheet/#service-service)) | ||
| | variable name | default value | description | | ||
| | ------------- | ------------- | ----------- | | ||
| | `gitea_disable_gravatar` | `true` | Do you want to disable Gravatar ? (privacy and so on) (true/false) | | ||
| | `gitea_disable_registration` | `false` | Do you want to disable user registration? (true/false) | | ||
| | `gitea_register_email_confirm` | `false` | Enable this to ask for mail confirmation of registration. Requires `gitea_mailer_enabled` to be enabled. | | ||
| | `gitea_only_allow_external_registration` | `false` | Set to true to force registration only using third-party services (true/false) | | ||
| | `gitea_show_registration_button` | `true` | Here you can hide the registration button. This will not disable registration! (true/false)| | ||
| | `gitea_require_signin` | `true` | Do you require a signin to see repo's (even public ones)? (true/false)| | ||
| | `gitea_enable_captcha` | `true` | Do you want to enable captcha's ? (true/false)| | ||
| | `gitea_show_registration_button` | `true` | Here you can hide the registration button. This will not disable registration! (true/false)| | ||
| | `gitea_only_allow_external_registration` | `false` | Set to true to force registration only using third-party services (true/false) | | ||
| | `gitea_enable_notify_mail` | `false` | Enable this to send e-mail to watchers of a repository when something happens, like creating issues (true/false) | | ||
| | `gitea_auto_watch_new_repos` | `true` | Enable this to let all organisation users watch new repos when they are created (true/false) | | ||
| | `gitea_service_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[service]` section of the config. | | ||
|
|
||
|
|
||
| ### Security | ||
| ### Mailer ([mailer](https://docs.gitea.io/en-us/config-cheat-sheet/#mailer-mailer)) | ||
| | variable name | default value | description | | ||
| | ------------- | ------------- | ----------- | | ||
| | `gitea_secret_key` | `''` | Global secret key. Will be autogenerated if not defined. Should be unique. | | ||
| | `gitea_internal_token` | `''` | Internal API token. Will be autogenerated if not defined. Should be unique. | | ||
| | `gitea_disable_git_hooks` | `true` | Set to false to enable users with git hook privilege to create custom git hooks. Can be dangerous. | | ||
| | `gitea_oauth2_jwt_secret` | `''` | Oauth2 JWT secret. Can be generated with ``gitea generate secret JWT_SECRET``. Will be autogenerated if not defined. | | ||
|
|
||
|
|
||
| ### HTTP configuration | ||
|
|
||
|
|
||
| ### SSH configuration | ||
|
|
||
| | `gitea_mailer_enabled` | `false` | Whether to enable the mailer. | | ||
| | `gitea_mailer_host` | `localhost:25` | SMTP server hostname and port | | ||
| | `gitea_mailer_skip_verify` | `false` | Skip SMTP TLS certificate verification (true/false) | | ||
| | `gitea_mailer_tls_enabled` | `true` | Forcibly use TLS to connect even if not on a default SMTPS port. | | ||
| | `gitea_mailer_from` | `noreply@{{ gitea_http_domain }}` | Mail from address, RFC 5322. This can be just an email address, or the “Name” <[email protected]> format. | | ||
| | `gitea_mailer_user` | `''` | Username of mailing user *(usually the sender’s e-mail address)*. | | ||
| | `gitea_mailer_password` | `''` | SMTP server password | | ||
| | `gitea_subject_prefix` | `''` | Prefix to be placed before e-mail subject lines | | ||
| | `gitea_mailer_type` | `smtp` | `[smtp, sendmail, dummy]` | | ||
| | `gitea_mailer_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[mailer]` section of the config. | | ||
|
|
||
| ### Session ([session](https://docs.gitea.io/en-us/config-cheat-sheet/#session-session)) | ||
| | variable name | default value | description | | ||
| | ------------- | ------------- | ----------- | | ||
| | `gitea_session_provider` | `file` | Session engine provider | | ||
| | `gitea_session_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[session]` section of the config. | | ||
|
|
||
| ### Database configuration | ||
| ### Picture ([picture](https://docs.gitea.io/en-us/config-cheat-sheet/#picture-picture)) | ||
| | variable name | default value | description | | ||
| | ------------- | ------------- | ----------- | | ||
| | `gitea_disable_gravatar` | `true` | Do you want to disable Gravatar ? (privacy and so on) (true/false) | | ||
| | `gitea_picture_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[picture]` section of the config. | | ||
|
|
||
| ### Mailer configuration | ||
| ### Issue and pull request attachments ([attachment](https://docs.gitea.io/en-us/config-cheat-sheet/#issue-and-pull-request-attachments-attachment)) | ||
| | variable name | default value | description | | ||
| | ------------- | ------------- | ----------- | | ||
| | `attachment_enabled` | `true` | Whether issue and pull request attachments are enabled. | | ||
| | `gitea_attachment_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[attachment]` section of the config. | | ||
|
|
||
| * `gitea_mailer_enabled`: Whether to enable the mailer. Default: `false` | ||
| * `gitea_mailer_skip_verify`: Skip SMTP TLS certificate verification (true/false) | ||
| * `gitea_mailer_tls_enabled`: Enable TLS for SMTP connections (true/false) | ||
| * `gitea_mailer_host`: SMTP server hostname and port | ||
| * `gitea_mailer_user`: SMTP server username | ||
| * `gitea_mailer_password`: SMTP server password | ||
| * `gitea_mailer_from`: Sender mail address | ||
| * `gitea_subject_prefix`: Prefix to be placed before e-mail subject lines (Default: ``) | ||
| * `gitea_enable_notify_mail`: Whether e-mail should be send to watchers of a repository when something happens. Default: `false` | ||
| ### Log ([log](https://docs.gitea.io/en-us/config-cheat-sheet/#log-log)) | ||
| | variable name | default value | description | | ||
| | ------------- | ------------- | ----------- | | ||
| | `gitea_log_systemd` | `false` | Disable logging into `file`, use systemd-journald | | ||
| | `gitea_log_level` | `Warn` | General log level. `[Trace, Debug, Info, Warn, Error, Critical, Fatal, None]` | | ||
| | `gitea_log_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[log]` section of the config. | | ||
|
|
||
| ### LFS configuration | ||
| ### Metrics ([metrics](https://docs.gitea.io/en-us/config-cheat-sheet/#metrics-metrics)) | ||
| | variable name | default value | description | | ||
| | ------------- | ------------- | ----------- | | ||
| | `gitea_metrics_enabled`| `false` | Enable the metrics endpoint | | ||
| | `gitea_metrics_token`| `''` | Bearer token for the Prometheus scrape job | | ||
|
|
||
| ### OAuth2 ([oauth2](https://docs.gitea.io/en-us/config-cheat-sheet/#oauth2-oauth2)) | ||
| | variable name | default value | description | | ||
| | ------------- | ------------- | ----------- | | ||
| | `gitea_oauth2_enabled` | `true` | Enable the Oauth2 provider (true/false) | | ||
| | `gitea_oauth2_jwt_secret` | `''` | Oauth2 JWT secret. Can be generated with ``gitea generate secret JWT_SECRET``. Will be autogenerated if not defined. | | ||
| | `gitea_oauth2_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[oauth2]` section of the config. | | ||
|
|
||
| ### Log configuration | ||
| * `gitea_log_systemd` Disable logging into `file`, use systemd-journald | ||
| * `gitea_log_only_warning` Log only warnings or above, no http access or sql logging (Default: `true`) | ||
| ### additional gitea config | ||
| | variable name | default value | description | | ||
| | ------------- | ------------- | ----------- | | ||
| | `gitea_extra_config` | `''` | Additional gitea configuration. Have a look at the [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) before using it! | | ||
|
|
||
| ### Fail2Ban configuration | ||
|
|
||
| If enabled, this will deploy a fail2ban filter and jail config for Gitea as described in the [Gitea Documentation](https://docs.gitea.io/en-us/fail2ban-setup/). | ||
|
|
||
| As this will only deploy config files, fail2ban already has to be installed or otherwise the role will fail. | ||
|
|
||
| * `gitea_fail2ban_enabled`: Whether to deploy the fail2ban config or not | ||
| * `gitea_fail2ban_jail_maxretry`: fail2ban jail `maxretry` setting. Default: `10` | ||
| * `gitea_fail2ban_jail_findtime`: fail2ban jail `findtime` setting. Default: `3600` | ||
| * `gitea_fail2ban_jail_bantime`: fail2ban jail `bantime` setting. Default: `900` | ||
| * `gitea_fail2ban_jail_action`: fail2ban jail `action` setting. Default: `iptables-allports` | ||
|
|
||
| ### Oauth2 provider configuration | ||
|
|
||
| * `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false) | ||
|
|
||
|
|
||
| ### Metrics endpoint configuration | ||
|
|
||
| * `gitea_metrics_enabled`: Enable the metrics endpoint | ||
| * `gitea_metrics_token`: Bearer token for the Prometheus scrape job | ||
|
|
||
| ### Repository Indexer configuration | ||
|
|
||
|
|
||
| ### backup on upgrade | ||
| * `gitea_backup_on_upgrade`: Optionally a backup can be created with every update of gitea. Default: `false` | ||
| * `gitea_backup_location`: Where to store the gitea backup if one is created with this role. Default: `{{ gitea_home }}/backups/` | ||
| | variable name | default value | description | | ||
| | ------------- | ------------- | ----------- | | ||
| | `gitea_fail2ban_enabled` | `false` | Whether to deploy the fail2ban config or not | | ||
| | `gitea_fail2ban_jail_maxretry` | `10` | fail2ban jail `maxretry` setting. | | ||
| | `gitea_fail2ban_jail_findtime` | `3600` | fail2ban jail `findtime` setting. | | ||
| | `gitea_fail2ban_jail_bantime` | `900` | fail2ban jail `bantime` setting. | | ||
| | `gitea_fail2ban_jail_action` | `iptables-allports` | fail2ban jail `action` setting. | | ||
|
|
||
| * `gitea_systemd_cap_net_bind_service`: Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file | ||
| * `gitea_extra_config`: Additional configuration | ||
| ## Contributing | ||
| Don't hesitate to create a pull request, and when in doubt you can reach me on | ||
| Mastodon [@[email protected]](https://chaos.social/@l3d). | ||
|
|
||
| I'm happy to fix any issue that's been opened, or even better, review your pull requests :) | ||
|
|
||
| ## Testing | ||
| Testing uses [molecule](https://molecule.readthedocs.io/en/stable-1.22/usage.html). To start the | ||
| tests, install the dependencies first. I would recommend you use [a virtual env](https://virtualenv.pypa.io/en/latest/) for that but who am I to tell you what to do. | ||
|
|
||
| ``` | ||
| pip install pew # install pew to manage the venvs | ||
| pew new ansible # create the venv | ||
| pip install -r requirements-travis.txt # install the requirements | ||
| molecule test # Run the actual tests | ||
| ``` | ||
| Note: you need Docker installed | ||
| ### Known testing limitations | ||
| Currently it's mainly validating that the playbook runs, the lint is ok, and that kind of things. | ||
| Since it runs in Docker, we currently have no way to check if the service is actually launched by systemd | ||
| and so on. This has to be worked on. | ||
| ## License | ||
| ``` | ||
| Copyright (c) 2019 - today L3D <[email protected]> | ||
| Copyright (c) 2019 - 2021 Thomas Maurice | ||
|
|
||
| Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: | ||
|
|
||
| 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. | ||
|
|
||
| 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. | ||
|
|
||
| 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. | ||
|
|
||
| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| ``` | ||
| There is a test that is using [molecule](https://molecule.readthedocs.io/en/stable-1.22/usage.html). And som linting tests with github actions. | ||
| *For locale molecule testing docker is required.* | ||
Oops, something went wrong.