From e872178fe09d13793c0a438d390f8e3c92ef61a9 Mon Sep 17 00:00:00 2001 From: "Daniel A. Maierhofer" Date: Mon, 19 Mar 2018 10:07:11 +0100 Subject: [PATCH] Config gitea --- roles/common | 2 +- roles/gitea/tasks/gitea.yml | 3 ++ roles/gitea/templates/gitea.conf.j2 | 46 ++++++++++++++--------------- 3 files changed, 27 insertions(+), 24 deletions(-) diff --git a/roles/common b/roles/common index cb190ef..e8cc0a6 160000 --- a/roles/common +++ b/roles/common @@ -1 +1 @@ -Subproject commit cb190efd2cd3b56c5fb8c314bbda4955c5bce806 +Subproject commit e8cc0a65f3981b5203b730a81eadbdffee71de36 diff --git a/roles/gitea/tasks/gitea.yml b/roles/gitea/tasks/gitea.yml index 48ada98..9d2d03c 100644 --- a/roles/gitea/tasks/gitea.yml +++ b/roles/gitea/tasks/gitea.yml @@ -8,3 +8,6 @@ - name: gitea - /etc/gitea.conf template: dest=/etc/gitea.conf src=gitea.conf.j2 owner=root group=root mode=0644 notify: restart gitea + +- name: gitea - git user + user: name=_gitea shell=/bin/bash diff --git a/roles/gitea/templates/gitea.conf.j2 b/roles/gitea/templates/gitea.conf.j2 index 3213905..00c806d 100644 --- a/roles/gitea/templates/gitea.conf.j2 +++ b/roles/gitea/templates/gitea.conf.j2 @@ -11,7 +11,7 @@ SCRIPT_TYPE = bash ; Default ANSI charset ANSI_CHARSET = ; Force every new repository to be private -FORCE_PRIVATE = true +FORCE_PRIVATE = false ; Global maximum creation limit of repository per user, -1 means no limit MAX_CREATION_LIMIT = -1 ; Mirror sync queue length, increase if mirror syncing starts hanging @@ -42,7 +42,7 @@ LOCAL_COPY_PATH = /var/lib/gitea/tmp/local-repo ; Whether repository file uploads are enabled. Defaults to `true` ENABLED = true ; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart) -TEMP_PATH = /var/lib/gitea/tmp/uploads +TEMP_PATH = /var/lib/gitea/data/tmp/uploads ; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type ALLOWED_TYPES = ; Max size of each file in MB. Defaults to 3MB @@ -64,7 +64,7 @@ THEME_COLOR_META_TAG = `#6cc644` ; Max size of files to be displayed (defaults is 8MiB) MAX_DISPLAY_FILE_SIZE = 8388608 ; Whether show the user email in the Explore Users page -SHOW_USER_EMAIL = false +SHOW_USER_EMAIL = true [ui.admin] ; Number of users that are showed in one page @@ -98,8 +98,8 @@ FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd [server] ; Listen protocol. One of 'http', 'https', 'unix' or 'fcgi'. PROTOCOL = http -DOMAIN = localhost -ROOT_URL = http://localhost:3000/ +DOMAIN = fet.at +ROOT_URL = https://git.fet.at/ ; Listen address. Either a IPv4/IPv6 address or the path to a unix socket. HTTP_ADDR = 0.0.0.0 HTTP_PORT = 3000 @@ -116,15 +116,15 @@ START_SSH_SERVER = false ; Username to use for builtin SSH server. If blank, then it is the value of RUN_USER. BUILTIN_SSH_SERVER_USER = ; Domain name to be exposed in clone URL -SSH_DOMAIN = localhost +SSH_DOMAIN = zyklon ; Network interface builtin SSH server listens on SSH_LISTEN_HOST = ; Port number to be exposed in clone URL -SSH_PORT = 2222 +SSH_PORT = 22 ; Port number builtin SSH server listens on SSH_LISTEN_PORT = %(SSH_PORT)s ; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'. -SSH_ROOT_PATH = /var/lib/gitea/ssh +SSH_ROOT_PATH = ; For built-in SSH server only, choose the ciphers to support for SSH connections, ; for system SSH this setting has no effect SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128 @@ -155,8 +155,8 @@ DISABLE_ROUTER_LOG = false ; not forget to export the private key): ; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys ; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes -CERT_FILE = custom/https/cert.pem -KEY_FILE = custom/https/key.pem +CERT_FILE = /var/lib/gitea/custom/https/cert.pem +KEY_FILE = /var/lib/gitea/custom/https/key.pem ; Upper level of template and static file path ; default is the path where Gitea is executed STATIC_ROOT_PATH = @@ -171,7 +171,7 @@ LFS_START_SERVER = true ; Where your lfs files put on, default is data/lfs. LFS_CONTENT_PATH = /var/lib/gitea/data/lfs ; LFS authentication secret, changed this to yourself. -LFS_JWT_SECRET = w8m-ISKhpr3M0of3kvFy0UYoL1jEXNtYenTWjgAwdWE +LFS_JWT_SECRET = fmdsyalJh8IKUpu5ZtUjLTfRiIhHYkRvWLVvT19CPiI ; Define allowed algorithms and their minimum key length (use -1 to disable a type) [ssh.minimum_key_sizes] @@ -200,7 +200,7 @@ ITERATE_BUFFER_SIZE = 50 ISSUE_INDEXER_PATH = /var/lib/gitea/indexers/issues.bleve ; repo indexer by default disabled, since it uses a lot of disk space REPO_INDEXER_ENABLED = false -REPO_INDEXER_PATH = indexers/repos.bleve +REPO_INDEXER_PATH = /var/lib/gitea/indexers/repos.bleve UPDATE_BUFFER_LEN = 20 MAX_FILE_SIZE = 1048576 @@ -212,7 +212,7 @@ DISABLE_REGULAR_ORG_CREATION = false ; Whether the installer is disabled INSTALL_LOCK = true ; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!! -SECRET_KEY = 6i46vXZHHD +SECRET_KEY = HqlMtuPUZY ; Auto-login remember days LOGIN_REMEMBER_DAYS = 7 COOKIE_USERNAME = gitea_awesome @@ -225,7 +225,7 @@ MIN_PASSWORD_LENGTH = 8 IMPORT_LOCAL_PATHS = false ; Prevent all users (including admin) from creating custom git hooks DISABLE_GIT_HOOKS = false -INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1MTgwMDgwMzZ9.QnIEGL0w5G91_3DxBPG3pgcBkHVY2JDkBYUgEgbLopY +INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1MjE0MTcyOTF9.47KQWaBIolVnGJNpSmCNH8_Ter_vlR8i0Cu2mLKpP8g [openid] ; @@ -246,7 +246,7 @@ INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmY ; - .livejournal.com ; ; Whether to allow signin in via OpenID -ENABLE_OPENID_SIGNIN = false +ENABLE_OPENID_SIGNIN = true ; Whether to allow registering via OpenID ; Do not include to rely on DISABLE_REGISTRATION setting ;ENABLE_OPENID_SIGNUP = true @@ -270,11 +270,11 @@ RESET_PASSWD_CODE_LIVE_MINUTES = 180 ; User need to confirm e-mail for registration REGISTER_EMAIL_CONFIRM = false ; Does not allow register and admin create account only -DISABLE_REGISTRATION = false +DISABLE_REGISTRATION = true ; User must sign in to view anything. -REQUIRE_SIGNIN_VIEW = false +REQUIRE_SIGNIN_VIEW = true ; Mail notification -ENABLE_NOTIFY_MAIL = false +ENABLE_NOTIFY_MAIL = true ; More detail: https://github.com/go-gitea/gitea/issues/165 ENABLE_REVERSE_PROXY_AUTHENTICATION = false ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false @@ -308,7 +308,7 @@ SKIP_TLS_VERIFY = false PAGING_NUM = 10 [mailer] -ENABLED = false +ENABLED = true ; Buffer length of channel, keep it as it is if you don't know what it is. SEND_BUFFER_LEN = 100 ; Name displayed in mail title @@ -317,7 +317,7 @@ SUBJECT = %(APP_NAME)s ; Gmail: smtp.gmail.com:587 ; QQ: smtp.qq.com:465 ; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used. -HOST = +HOST = buran.htu.tuwien.ac.at:25 ; Disable HELO operation when hostname are different. DISABLE_HELO = ; Custom hostname for HELO operation, default is from system. @@ -326,10 +326,10 @@ HELO_HOSTNAME = SKIP_VERIFY = ; Use client certificate USE_CERTIFICATE = false -CERT_FILE = custom/mailer/cert.pem -KEY_FILE = custom/mailer/key.pem +CERT_FILE = /var/lib/gitea/custom/mailer/cert.pem +KEY_FILE = /var/lib/gitea/custom/mailer/key.pem ; Mail from address, RFC 5322. This can be just an email address, or the `"Name" ` format -FROM = +FROM = noreply@fet.at ; Mailer user name and password USER = PASSWD =