Skip to content

Commit

Permalink
cleanup README
Browse files Browse the repository at this point in the history
  • Loading branch information
@DO1JLR
DO1JLR committed Mar 21, 2021
1 parent 7d8ff11 commit 42f6a4e
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 99 deletions.
103 changes: 22 additions & 81 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,13 +62,16 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu
| `gitea_dl_url` | *(see [defaults/main.yml](defaults/main.yml#L5))* | The path from where this role downloads the gitea binary |
| `gitea_gpg_key` | `7C9E68152594688862D62AF62D9AE806EC1592E2` | the gpg key the gitea binary is signed with |
| `gitea_gpg_server` | `hkp://keyserver.ubuntu.com:80` | A gpg key server where this role can download the gpg key |
| `gitea_backup_on_upgrade` | `false` | Optionally a backup can be created with every update of gitea. |
| `gitea_backup_location` | `{{ gitea_home }}/backups/` | Where to store the gitea backup if one is created with this role. |

### gitea in the linux world
| variable name | default value | description |
| ------------- | ------------- | ----------- |
| `gitea_group` | `gitea` | UNIX group used by Gitea |
| `gitea_home` | `/var/lib/gitea` | Base directory to work |
| `gitea_shell` | `/bin/false` | UNIX shell used by gitea. Set it to `/bin/bash` if you don't use the gitea built-in ssh server. |
| `gitea_systemd_cap_net_bind_service` | `false` | Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file |

### Overall ([DEFAULT](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default))
| variable name | default value | description |
Expand Down Expand Up @@ -198,106 +201,44 @@ Here is a deeper insight into the variables of this gitea role. For the exact fu
| `gitea_log_level` | `Warn` | General log level. `[Trace, Debug, Info, Warn, Error, Critical, Fatal, None]` |
| `gitea_log_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[log]` section of the config. |



| `gitea_enable_notify_mail`: Whether e-mail should be send to watchers of a repository when something happens. Default: `false`

### LFS configuration



### Look and feel
### Metrics ([metrics](https://docs.gitea.io/en-us/config-cheat-sheet/#metrics-metrics))
| variable name | default value | description |
| ------------- | ------------- | ----------- |
| `gitea_metrics_enabled`| `false` | Enable the metrics endpoint |
| `gitea_metrics_token`| `''` | Bearer token for the Prometheus scrape job |


### Security
### OAuth2 ([oauth2](https://docs.gitea.io/en-us/config-cheat-sheet/#oauth2-oauth2))
| variable name | default value | description |
| ------------- | ------------- | ----------- |
| `gitea_oauth2_enabled` | `true` | Enable the Oauth2 provider (true/false) |
| `gitea_oauth2_jwt_secret` | `''` | Oauth2 JWT secret. Can be generated with ``gitea generate secret JWT_SECRET``. Will be autogenerated if not defined. |
| `gitea_oauth2_extra_config` | `''` | you can use this variable to pass additional config parameters in the `[oauth2]` section of the config. |


### HTTP configuration


### SSH configuration


### Database configuration

### Mailer configuration



### Log configuration
### additional gitea config
| variable name | default value | description |
| ------------- | ------------- | ----------- |
| `gitea_extra_config` | `''` | Additional gitea configuration. Have a look at the [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) before using it! |

### Fail2Ban configuration

If enabled, this will deploy a fail2ban filter and jail config for Gitea as described in the [Gitea Documentation](https://docs.gitea.io/en-us/fail2ban-setup/).

As this will only deploy config files, fail2ban already has to be installed or otherwise the role will fail.

* `gitea_fail2ban_enabled`: Whether to deploy the fail2ban config or not
* `gitea_fail2ban_jail_maxretry`: fail2ban jail `maxretry` setting. Default: `10`
* `gitea_fail2ban_jail_findtime`: fail2ban jail `findtime` setting. Default: `3600`
* `gitea_fail2ban_jail_bantime`: fail2ban jail `bantime` setting. Default: `900`
* `gitea_fail2ban_jail_action`: fail2ban jail `action` setting. Default: `iptables-allports`

### Oauth2 provider configuration

* `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false)


### Metrics endpoint configuration

* `gitea_metrics_enabled`: Enable the metrics endpoint
* `gitea_metrics_token`: Bearer token for the Prometheus scrape job

### Repository Indexer configuration


### backup on upgrade
* `gitea_backup_on_upgrade`: Optionally a backup can be created with every update of gitea. Default: `false`
* `gitea_backup_location`: Where to store the gitea backup if one is created with this role. Default: `{{ gitea_home }}/backups/`
| variable name | default value | description |
| ------------- | ------------- | ----------- |
| `gitea_fail2ban_enabled` | `false` | Whether to deploy the fail2ban config or not |
| `gitea_fail2ban_jail_maxretry` | `10` | fail2ban jail `maxretry` setting. |
| `gitea_fail2ban_jail_findtime` | `3600` | fail2ban jail `findtime` setting. |
| `gitea_fail2ban_jail_bantime` | `900` | fail2ban jail `bantime` setting. |
| `gitea_fail2ban_jail_action` | `iptables-allports` | fail2ban jail `action` setting. |

* `gitea_systemd_cap_net_bind_service`: Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file
* `gitea_extra_config`: Additional configuration
## Contributing
Don't hesitate to create a pull request, and when in doubt you can reach me on
Mastodon [@[email protected]](https://chaos.social/@l3d).

I'm happy to fix any issue that's been opened, or even better, review your pull requests :)

## Testing
Testing uses [molecule](https://molecule.readthedocs.io/en/stable-1.22/usage.html). To start the
tests, install the dependencies first. I would recommend you use [a virtual env](https://virtualenv.pypa.io/en/latest/) for that but who am I to tell you what to do.

```
pip install pew # install pew to manage the venvs
pew new ansible # create the venv
pip install -r requirements-travis.txt # install the requirements
molecule test # Run the actual tests
```
Note: you need Docker installed
### Known testing limitations
Currently it's mainly validating that the playbook runs, the lint is ok, and that kind of things.
Since it runs in Docker, we currently have no way to check if the service is actually launched by systemd
and so on. This has to be worked on.
## License
```
Copyright (c) 2019 - today L3D <[email protected]>
Copyright (c) 2019 - 2021 Thomas Maurice

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
```
There is a test that is using [molecule](https://molecule.readthedocs.io/en/stable-1.22/usage.html). And som linting tests with github actions.
*For locale molecule testing docker is required.*
29 changes: 11 additions & 18 deletions defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,14 @@ gitea_version_check: true
gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}"
gitea_gpg_key: '7C9E68152594688862D62AF62D9AE806EC1592E2'
gitea_gpg_server: 'hkp://keyserver.ubuntu.com:80'
gitea_backup_on_upgrade: false
gitea_backup_location: "{{ gitea_home }}/backups/"

# gitea in the linux world
gitea_group: 'gitea'
gitea_home: '/var/lib/gitea'
gitea_shell: '/bin/false'
gitea_systemd_cap_net_bind_service: false

# Overall (DEFAULT)
# -> https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default
Expand Down Expand Up @@ -48,6 +51,7 @@ gitea_ssh_listen: '0.0.0.0'
gitea_offline_mode: true
gitea_lfs_server_enabled: false
gitea_lfs_content_path: "{{ gitea_home }}/data/lfs"
gitea_lfs_jwt_secret: ''
gitea_server_extra_config: ''

# Database (database)
Expand Down Expand Up @@ -131,23 +135,12 @@ gitea_oauth2_enabled: true
gitea_oauth2_jwt_secret: ''
gitea_oauth2_extra_config: ''



# security
gitea_lfs_jwt_secret: ''

gitea_systemd_cap_net_bind_service: false


gitea_fail2ban_enabled: false
gitea_fail2ban_jail_maxretry: 10
gitea_fail2ban_jail_findtime: 3600
gitea_fail2ban_jail_bantime: 900
gitea_fail2ban_jail_action: iptables-allports



# additional gitea config
gitea_extra_config: ""

gitea_backup_on_upgrade: false
gitea_backup_location: "{{ gitea_home }}/backups/"
# fail2ban
gitea_fail2ban_enabled: false
gitea_fail2ban_jail_maxretry: '10'
gitea_fail2ban_jail_findtime: '3600'
gitea_fail2ban_jail_bantime: '900'
gitea_fail2ban_jail_action: 'iptables-allports'

0 comments on commit 42f6a4e

Please sign in to comment.