Compare commits
34 commits
Author | SHA1 | Date | |
---|---|---|---|
bd4c5af5bb | |||
4e2d8007bb | |||
041aa75a0d | |||
19d296b9d7 | |||
5bd74bd11b | |||
3f50a9f3ba | |||
56782e146d | |||
faf1fb5895 | |||
58b4b3d74e | |||
edf2d1721d | |||
a2b34421b3 | |||
2ac865ad85 | |||
776d8682ea | |||
17d93c2341 | |||
c0a39a213b | |||
745d5740d0 | |||
a5c2c1b890 | |||
cf9fdd51b3 | |||
53e11a8b98 | |||
35bdc8f062 | |||
170bc3dcf2 | |||
52b136833b | |||
3359b9de89 | |||
35276dc6f3 | |||
b33011ed8c | |||
a3f9c2efc1 | |||
2558786ef3 | |||
9862d76824 | |||
4dff6e75bd | |||
75d7138c82 | |||
d50021d9f2 | |||
c291788219 | |||
7b9e2bcc04 | |||
0a9f425857 |
18 changed files with 735 additions and 272 deletions
6
.ansible-lint
Normal file
6
.ansible-lint
Normal file
|
@ -0,0 +1,6 @@
|
|||
skip_list:
|
||||
- fqcn-builtins
|
||||
- fqcn[action]
|
||||
- fqcn[action-core]
|
||||
- fqcn[canonical]
|
||||
- name[casing]
|
60
Playbooks/forgejo.yml
Normal file
60
Playbooks/forgejo.yml
Normal file
|
@ -0,0 +1,60 @@
|
|||
---
|
||||
|
||||
- name: 'Create backup directories'
|
||||
hosts: forgejo
|
||||
tasks:
|
||||
- name: '[BACKUP] - Create backup dir'
|
||||
file:
|
||||
path: '{{ forgejo_dump_path }}'
|
||||
state: directory
|
||||
mode: '0775'
|
||||
- name: '[BACKUP] - Create db backup dir'
|
||||
file:
|
||||
path: '{{ forgejo_dump_path }}/db'
|
||||
state: directory
|
||||
mode: '0755'
|
||||
- name: '[BACKUP] - Create code backup dir'
|
||||
file:
|
||||
path: '{{ forgejo_dump_path }}/code'
|
||||
state: directory
|
||||
owner: '{{ forgejo_user }}'
|
||||
mode: '0755'
|
||||
|
||||
- name: 'Create db backup for forgejo'
|
||||
hosts: forgejo
|
||||
tasks:
|
||||
- name: '[BACKUP] - Run db backup for forgejo'
|
||||
shell:
|
||||
cmd: 'sudo -u postgres pg_dump {{ forgejo_db_name }} | gzip -c > {{ forgejo_dump_path }}/db/{{ forgejo_db_name }}-{{ ansible_date_time.iso8601_basic_short }}.sql.gz'
|
||||
- name: '[BACKUP] - Remove all but two latest backup files'
|
||||
shell:
|
||||
cmd: 'ls -t |tail -n +3 | xargs --no-run-if-empty rm'
|
||||
chdir: '{{ forgejo_dump_path }}/db'
|
||||
vars_files:
|
||||
- ../defaults/main.yml
|
||||
|
||||
- name: 'Make backup of forgejo'
|
||||
hosts: 'forgejo'
|
||||
tasks:
|
||||
- name: '[BACKUP] - Remove all but two latest backup files'
|
||||
shell:
|
||||
cmd: 'ls -t |tail -n +2 | xargs --no-run-if-empty rm'
|
||||
chdir: '{{ forgejo_dump_path }}/code'
|
||||
- name: '[BACKUP] - Make backup of forgejo'
|
||||
shell:
|
||||
cmd: 'sudo -u {{ forgejo_user }} {{ forgejo_bindir }}/forgejo dump -c {{ forgejo_confdir }}'
|
||||
chdir: '{{ forgejo_dump_path}}/code'
|
||||
vars_files:
|
||||
- ../defaults/main.yml
|
||||
|
||||
- name: 'Run Forgejo role'
|
||||
hosts: forgejo
|
||||
roles:
|
||||
- postgresql
|
||||
- forgejo
|
||||
|
||||
vars_files:
|
||||
- ../defaults/main.yml
|
||||
|
||||
vars:
|
||||
- ansible_python_interpreter: '/usr/bin/python3'
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
|
||||
- hosts: gitea
|
||||
roles:
|
||||
- postgresql
|
||||
- gitea
|
||||
|
||||
vars_files:
|
||||
- ../defaults/main.yml
|
31
README.md
31
README.md
|
@ -1,14 +1,35 @@
|
|||
# Gitea - Ansible Role
|
||||
# Forgejo - Ansible Role
|
||||
|
||||
This role covers deployment, configuration and software updates of Gitea. This role is released under MIT Licence and we give no warranty for this piece of software. Currently supported OS - Debian.
|
||||
This role covers deployment, configuration and software updates of Forgejo. This role is released under MIT Licence and we give no warranty for this piece of software. Currently supported OS - Debian.
|
||||
|
||||
You can deploy test instance using `Vagrantfile` attached to the role.
|
||||
`vagrant up`
|
||||
|
||||
`ansible-playbook -b Playbooks/gitea.yml`
|
||||
`ansible-playbook -b Playbooks/forgejo.yml`
|
||||
|
||||
Then you can then access gitea from your computer on `http://192.168.33.14:3000`
|
||||
Then you can then access forgejo from your computer on `http://192.168.33.14:3000`
|
||||
|
||||
The first user you create becomes the admin.
|
||||
|
||||
# Gitea or Forgejo
|
||||
This role allows for deployment of gitea and forgejo. By default the role deploys forgejo and this is the flavor that is supported and maintained. Installing Gitea using the role is possible however starting from version 1.18.2 is no longer maintained by Disroot team.
|
||||
To switch to gitea, update following variables in your Playbook/host_vars:
|
||||
|
||||
|
||||
```
|
||||
forgejo_flavour: 'gitea'
|
||||
forgejo_version: '1.18.2'
|
||||
forgejo_arch: 'linux-amd64'
|
||||
forgejo_download_url: 'https://github.com/go-gitea/gitea/releases/download/v{{ forgejo_version }}/gitea-{{ forgejo_version }}-{{ forgejo_arch }}'
|
||||
```
|
||||
|
||||
## Playbook
|
||||
The playbook includes postgresql role and deploys entire stack needed to run Gitea. Additional roles are also available in the Ansible roles repos in git.
|
||||
The playbook includes postgresql role and deploys entire stack needed to run Forgejo. Additional roles are also available in the Ansible roles repos in git.
|
||||
|
||||
## Customization
|
||||
You can deploy custom themes with this role. To do so, uncomment `forgejo_theme_dir` and `forgejo_custom_themes` from `defaults/main.yml`. Add the theme repos' address and name there, enable them and then deploy with `ansible-playbook -b Playbooks/forgejo.yml --tags theme`.
|
||||
|
||||
You can also add you own images like favicon, icons, etc. See https://forgejo.org/docs/v1.21/developer/customization/ to see how to prepare your images.
|
||||
Then, copy them in the `img` folder of this role and uncomment `forgejo_extra_files_path` and `forgejo_theme_dir` from `defaults/main.yml`. You can then deploy with `ansible-playbook -b Playbooks/forgejo.yml --tags config`.
|
||||
|
||||
For more information about customizaton, check https://forgejo.org/docs/v1.21/developer/customization/
|
||||
|
|
14
Vagrantfile
vendored
14
Vagrantfile
vendored
|
@ -7,14 +7,14 @@
|
|||
# you're doing.
|
||||
Vagrant.configure("2") do |config|
|
||||
#config.ssh.insert_key = false
|
||||
config.vm.define "gitea" do |gitea|
|
||||
gitea.vm.box = "generic/debian11"
|
||||
gitea.vm.provider :libvirt do |libvirt|
|
||||
config.vm.define "forgejo" do |forgejo|
|
||||
forgejo.vm.box = "generic/debian12"
|
||||
forgejo.vm.provider :libvirt do |libvirt|
|
||||
libvirt.memory = 256
|
||||
end
|
||||
gitea.vm.network "forwarded_port", guest: 80, host: 8888, host_ip: "192.168.33.14"
|
||||
gitea.vm.network "forwarded_port", guest: 443, host: 4443, host_ip: "192.168.33.14"
|
||||
gitea.vm.network "private_network", ip: "192.168.33.14"
|
||||
|
||||
forgejo.vm.network "forwarded_port", guest: 80, host: 8888, host_ip: "192.168.33.14"
|
||||
forgejo.vm.network "forwarded_port", guest: 443, host: 4443, host_ip: "192.168.33.14"
|
||||
forgejo.vm.network "private_network", ip: "192.168.33.14"
|
||||
config.vm.provision "shell", inline: "apt install acl"
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,67 +1,89 @@
|
|||
---
|
||||
|
||||
gitea_bindir: "/usr/local/bin/gitea"
|
||||
gitea_lib_dir: "/var/lib/gitea"
|
||||
gitea_user: 'git'
|
||||
gitea_group: 'git'
|
||||
gitea_confdir: '/etc/gitea/app.ini'
|
||||
gitea_version: '1.16.6'
|
||||
forgejo_bindir: "/usr/local/bin/forgejo"
|
||||
forgejo_lib_dir: "/var/lib/forgejo"
|
||||
forgejo_user: 'git'
|
||||
forgejo_group: 'git'
|
||||
forgejo_confdir: '/etc/forgejo/app.ini'
|
||||
forgejo_dump_path: '/srv/forgejo-dump'
|
||||
forgejo_flavor: 'forgejo'
|
||||
forgejo_version: '9.0.2'
|
||||
forgejo_arch: 'linux-amd64'
|
||||
forgejo_download_url: 'https://codeberg.org/forgejo/forgejo/releases/download/v{{ forgejo_version }}/forgejo-{{ forgejo_version }}-{{ forgejo_arch }}'
|
||||
|
||||
# Uncomment below if you want to add custom themes or images
|
||||
# forgejo_extra_files_path: '../img' # the folder name where you have the images you want to deploy
|
||||
forgejo_theme_dir: '{{ forgejo_lib_dir }}/custom'
|
||||
# forgejo_custom_themes:
|
||||
# - name: '' # add name of the theme
|
||||
# repo: '' # add git repository of the theme
|
||||
# version: '' # add git branch
|
||||
# enable: 'true' # set it to false to remove it
|
||||
|
||||
#[CONFIG]
|
||||
|
||||
# [CONFIG]
|
||||
# App.ini file variables
|
||||
gitea_base_config:
|
||||
- 'APP_NAME = Gitea: Git with a cup of tea'
|
||||
forgejo_base_config:
|
||||
- 'APP_NAME = Forgejo: Beyond coding. We forge.'
|
||||
- 'RUN_USER = git'
|
||||
- 'RUN_MODE = prod'
|
||||
- 'WORK_PATH = {{ forgejo_lib_dir }}'
|
||||
|
||||
gitea_oauth2_config:
|
||||
- 'JWT_SECRET = ' #41 random chars
|
||||
forgejo_oauth2_config:
|
||||
- 'JWT_SECRET = ' # 41 random chars
|
||||
|
||||
gitea_ui_config:
|
||||
- 'DEFAULT_THEME = arc-green'
|
||||
forgejo_oauth2_client_config:
|
||||
- 'ENABLE_AUTO_REGISTRATION = false'
|
||||
- 'REGISTER_EMAIL_CONFIRM = false'
|
||||
- 'ACCOUNT_LINKING = login'
|
||||
- 'UPDATE_AVATAR = false'
|
||||
|
||||
gitea_security_config:
|
||||
- 'INTERNAL_TOKEN = ' #106 random chars
|
||||
forgejo_ui_config:
|
||||
- 'THEMES = gitea-auto,gitea-light,gitea-dark,forgejo-auto,forgejo-light,forgejo-dark' # add only the default ones, not themes ones
|
||||
- 'DEFAULT_THEME = gitea-dark'
|
||||
|
||||
forgejo_security_config:
|
||||
- 'INTERNAL_TOKEN = ' # 106 random chars
|
||||
- 'INSTALL_LOCK = true'
|
||||
- 'SECRET_KEY = ' #64 random chars
|
||||
- 'SECRET_KEY = ' # 64 random chars
|
||||
|
||||
gitea_database_config:
|
||||
forgejo_database_config:
|
||||
- 'DB_TYPE = postgres'
|
||||
- 'HOST = localhost:5432'
|
||||
- 'NAME = gitea'
|
||||
- 'NAME = forgejo'
|
||||
- 'USER = admin'
|
||||
- 'PASSWD = changeme'
|
||||
- 'SSL_MODE = disable'
|
||||
- 'PATH = /home/git/data/gitea.db'
|
||||
|
||||
gitea_repository_config:
|
||||
- 'ROOT = /home/git/gitea-repositories'
|
||||
forgejo_repository_config:
|
||||
- 'ROOT = {{ forgejo_lib_dir }}/gitea-repositories'
|
||||
|
||||
gitea_server_config:
|
||||
forgejo_server_config:
|
||||
- 'SSH_DOMAIN = git.example.org'
|
||||
- 'DOMAIN = git.example.org'
|
||||
- 'DOMAIN = 192.168.33.14'
|
||||
- 'HTTP_PORT = 3000'
|
||||
- 'ROOT_URL = https://git.example.org'
|
||||
- 'ROOT_URL = http://192.168.33.14:3000'
|
||||
- 'DISABLE_SSH = false'
|
||||
- 'SSH_PORT = 22'
|
||||
- 'LFS_START_SERVER = true'
|
||||
- 'LFS_CONTENT_PATH = /home/git/data/lfs'
|
||||
- 'LFS_JWT_SECRET = ' #40 random chars
|
||||
- 'LFS_JWT_SECRET = ' # 40 random chars
|
||||
- 'OFFLINE_MODE = false'
|
||||
- 'APP_DATA_PATH = {{ forgejo_lib_dir }}/data/'
|
||||
|
||||
gitea_mailer_config:
|
||||
forgejo_lfs_config:
|
||||
- 'PATH = /home/git/data/lfs'
|
||||
|
||||
forgejo_mailer_config:
|
||||
- 'ENABLED = true'
|
||||
- 'HOST = mail.example.org:587'
|
||||
- 'SMTP_ADDR = mail.example.org'
|
||||
- 'SMTP_PORT = 587'
|
||||
- 'FROM = noreply@example.org'
|
||||
- 'USER = noreply@example.org'
|
||||
- 'PASSWD = CHANGEME' #PASSWD
|
||||
- 'IS_TLS_ENABLED = true'
|
||||
- 'PASSWD = CHANGEME' # PASSWORD
|
||||
- 'PROTOCOL = smtp+starttls'
|
||||
|
||||
gitea_service_config:
|
||||
- 'REGISTER_EMAIL_CONFIRM = true'
|
||||
- 'ENABLE_NOTIFY_MAIL = true'
|
||||
forgejo_service_config:
|
||||
- 'REGISTER_EMAIL_CONFIRM = false'
|
||||
- 'ENABLE_NOTIFY_MAIL = false'
|
||||
- 'DISABLE_REGISTRATION = false'
|
||||
- 'ALLOW_ONLY_EXTERNAL_REGISTRATION = false'
|
||||
- 'ENABLE_CAPTCHA = false'
|
||||
|
@ -71,56 +93,89 @@ gitea_service_config:
|
|||
- 'DEFAULT_ENABLE_TIMETRACKING = true'
|
||||
- 'NO_REPLY_ADDRESS = noreply@example.org'
|
||||
|
||||
gitea_mirror_config:
|
||||
forgejo_mirror_config:
|
||||
- 'ENABLED = true'
|
||||
|
||||
gitea_picture_config:
|
||||
forgejo_picture_config:
|
||||
- 'DISABLE_GRAVATAR = true'
|
||||
- 'ENABLE_FEDERATED_AVATAR = true'
|
||||
|
||||
gitea_openid_config:
|
||||
forgejo_openid_config:
|
||||
- 'ENABLE_OPENID_SIGNIN = false'
|
||||
- 'ENABLE_OPENID_SIGNUP = false'
|
||||
|
||||
gitea_session_config:
|
||||
forgejo_session_config:
|
||||
- 'PROVIDER = file'
|
||||
|
||||
gitea_log_config:
|
||||
forgejo_log_config:
|
||||
- 'MODE = file'
|
||||
- 'LEVEL = Info'
|
||||
- 'ROOT_PATH = /home/git/log'
|
||||
|
||||
# External renderers
|
||||
# See https://docs.gitea.io/en-us/external-renderers/
|
||||
forgejo_markup_config:
|
||||
- name: 'asciidoc'
|
||||
apt: 'asciidoc'
|
||||
enable: 'false'
|
||||
- name: 'jupyter'
|
||||
apt: 'jupyter'
|
||||
enable: 'false'
|
||||
- name: 'html'
|
||||
apt: ''
|
||||
enable: 'false'
|
||||
|
||||
#apt
|
||||
gitea_apt_list:
|
||||
# Incoming emails
|
||||
# See https://forgejo.org/docs/latest/admin/incoming-email/
|
||||
forgejo_email_incoming:
|
||||
- 'ENABLED = true'
|
||||
- 'REPLY_TO_ADDRESS = incoming+%{token}@example.org'
|
||||
- 'HOST = example.org'
|
||||
- 'PORT = 993'
|
||||
- 'USERNAME = incoming'
|
||||
- 'PASSWORD = changeme'
|
||||
- 'USE_TLS = true'
|
||||
- 'MAILBOX = INBOX'
|
||||
- 'DELETE_HANDLED_MESSAGE = true'
|
||||
- 'MAXIMUM_MESSAGE_SIZE = 0'
|
||||
|
||||
|
||||
# Systemd
|
||||
# forgejo_dbservice: 'postgresql.service' # uncomment to enable this. You can cnange to mysql, mariadb, redis, memcached
|
||||
# forgejo_websocket: 'true' # uncomment to enable this
|
||||
# forgejo_limitnofile: '524288:524288' # Uncomment if you have repos with lots of files and get a HTTP 500 error because of that
|
||||
# forgejo_custom_path: 'Environment=PATH={{ forgejo_custom_path }}:/bin:/sbin:/usr/bin:/usr/sbin' # Uncomment if you install Git to directory prefix other than default PATH and add that prefix to PATH
|
||||
# forgejo_cap_net_bind_service: 'CAP_NET_BIND_SERVICE' # Uncomment if you want to bind Forgejo to a port below 1024, or use socket activation to pass Forgejo its ports as above
|
||||
# forgejo_privateusers: 'false' # Uncomment, when using forgejo_cap_net_bind_service option, to allow capabilities to be applied on Forgejo process. If set to true sandboxes Forgejo service and prevent any processes from running with privileges in the host user namespace
|
||||
|
||||
# apt
|
||||
forgejo_apt_list:
|
||||
- git
|
||||
|
||||
|
||||
|
||||
# POSTGRES
|
||||
postgresql_version: 12
|
||||
postgresql_version: 15
|
||||
postgresql_listen_addresses:
|
||||
- "127.0.0.1"
|
||||
- "127.0.0.1"
|
||||
|
||||
postgresql_pg_hba_default:
|
||||
- { type: local, database: all, user: '{{ postgresql_admin_user }}', address: '', method: '{{ postgresql_default_auth_method }}', comment: '' }
|
||||
- { type: local, database: all, user: all, address: '', method: '{{ postgresql_default_auth_method }}', comment: '"local" is for Unix domain socket connections only' }
|
||||
- { type: host, database: all, user: all, address: '127.0.0.1/32', method: '{{ postgresql_default_auth_method_hosts }}', comment: 'IPv4 local connections:' }
|
||||
- { type: local, database: all, user: '{{ postgresql_admin_user }}', address: '', method: '{{ postgresql_default_auth_method }}', comment: ''}
|
||||
- { type: local, database: all, user: all, address: '', method: '{{ postgresql_default_auth_method }}', comment: '"local" is for Unix domain socket connections only'}
|
||||
- { type: host, database: all, user: all, address: '127.0.0.1/32', method: '{{ postgresql_default_auth_method_hosts }}', comment: 'IPv4 local connections:'}
|
||||
|
||||
postgresql_databases:
|
||||
- name: gitea
|
||||
owner: admin # optional; specify the owner of the database
|
||||
hstore: no # flag to install the hstore extension on this database (yes/no)
|
||||
uuid_ossp: no # flag to install the uuid-ossp extension on this database (yes/no)
|
||||
citext: no # flag to install the citext extension on this database (yes/no)
|
||||
- name: 'forgejo'
|
||||
owner: 'admin' # optional; specify the owner of the database
|
||||
hstore: 'no' # flag to install the hstore extension on this database (yes/no)
|
||||
uuid_ossp: 'no' # flag to install the uuid-ossp extension on this database (yes/no)
|
||||
citext: 'no' # flag to install the citext extension on this database (yes/no)
|
||||
|
||||
postgresql_users:
|
||||
- name: admin
|
||||
pass: changeme
|
||||
encrypted: yes # denotes if the password is already encrypted.
|
||||
- name: 'admin'
|
||||
pass: 'changeme'
|
||||
encrypted: 'yes' # denotes if the password is already encrypted.
|
||||
|
||||
postgresql_user_privileges:
|
||||
- name: admin # user name
|
||||
db: gitea # database
|
||||
priv: "ALL" # privilege string format: example: INSERT,UPDATE/table:SELECT/anothertable:ALL
|
||||
role_attr_flags: "" # role attribute flags
|
||||
- name: 'admin' # user name
|
||||
db: 'forgejo' # database
|
||||
priv: 'ALL' # privilege string format: example: INSERT,UPDATE/table:SELECT/anothertable:ALL
|
||||
role_attr_flags: '' # role attribute flags
|
||||
|
|
|
@ -1,6 +1,11 @@
|
|||
---
|
||||
|
||||
- name: 'Restart gitea'
|
||||
- name: 'Restart forgejo'
|
||||
systemd:
|
||||
name: gitea
|
||||
state: restarted
|
||||
name: 'forgejo'
|
||||
state: 'restarted'
|
||||
|
||||
- name: 'Stop forgejo'
|
||||
systemd:
|
||||
name: 'forgejo'
|
||||
state: 'stopped'
|
||||
|
|
|
@ -2,27 +2,27 @@
|
|||
|
||||
- name: '[DIR] - Create bin dir'
|
||||
file:
|
||||
path: '{{ gitea_bindir }}'
|
||||
state: directory
|
||||
owner: "{{ gitea_user }}"
|
||||
group: "{{ gitea_group }}"
|
||||
path: '{{ forgejo_bindir }}'
|
||||
state: 'directory'
|
||||
owner: '{{ forgejo_user }}'
|
||||
group: '{{ forgejo_group }}'
|
||||
mode: '0750'
|
||||
|
||||
- name: '[DIR] - Create lib dir'
|
||||
file:
|
||||
path: '{{ gitea_lib_dir }}'
|
||||
state: directory
|
||||
path: '{{ forgejo_lib_dir }}'
|
||||
state: 'directory'
|
||||
mode: '0750'
|
||||
owner: "{{ gitea_user }}"
|
||||
group: "{{ gitea_group }}"
|
||||
owner: '{{ forgejo_user }}'
|
||||
group: '{{ forgejo_group }}'
|
||||
|
||||
- name: '[DIR] - Create lib dirs'
|
||||
file:
|
||||
path: "{{ gitea_lib_dir }}/{{ item }}"
|
||||
state: directory
|
||||
path: '{{ forgejo_lib_dir }}/{{ item }}'
|
||||
state: 'directory'
|
||||
mode: '0750'
|
||||
owner: "{{ gitea_user }}"
|
||||
group: "{{ gitea_group }}"
|
||||
owner: '{{ forgejo_user }}'
|
||||
group: '{{ forgejo_group }}'
|
||||
with_items:
|
||||
- 'custom'
|
||||
- 'data'
|
||||
|
@ -30,15 +30,62 @@
|
|||
|
||||
- name: '[DIR] - Create etc dir'
|
||||
file:
|
||||
path: /etc/gitea
|
||||
state: directory
|
||||
path: '/etc/forgejo'
|
||||
state: 'directory'
|
||||
mode: '0770'
|
||||
owner: "{{ gitea_user }}"
|
||||
group: "{{ gitea_group }}"
|
||||
owner: '{{ forgejo_user }}'
|
||||
group: '{{ forgejo_group }}'
|
||||
|
||||
- name: '[CONF] - Deploy gitea config'
|
||||
- name: '[CONF] - Deploy forgejo config'
|
||||
template:
|
||||
src: etc/gitea/app.ini.j2
|
||||
dest: "{{ gitea_confdir }}"
|
||||
owner: "{{ gitea_user }}"
|
||||
group: "{{ gitea_group }}"
|
||||
src: 'etc/forgejo/app.ini.j2'
|
||||
dest: '{{ forgejo_confdir }}'
|
||||
owner: '{{ forgejo_user }}'
|
||||
group: '{{ forgejo_group }}'
|
||||
mode: '0744'
|
||||
notify:
|
||||
- 'Restart forgejo'
|
||||
tags:
|
||||
- 'config'
|
||||
|
||||
- name: '[CONF] - Create assets dir'
|
||||
file:
|
||||
path: '{{ forgejo_theme_dir }}/public/assets/'
|
||||
state: 'directory'
|
||||
owner: '{{ forgejo_user }}'
|
||||
group: '{{ forgejo_group }}'
|
||||
mode: '0744'
|
||||
when: forgejo_extra_files_path is defined
|
||||
tags:
|
||||
- 'config'
|
||||
|
||||
- name: '[CONF] - Create img folder'
|
||||
file:
|
||||
path: '{{ forgejo_theme_dir }}/public/assets/img/'
|
||||
state: 'directory'
|
||||
owner: '{{ forgejo_user }}'
|
||||
group: '{{ forgejo_group }}'
|
||||
mode: '0744'
|
||||
when: forgejo_extra_files_path is defined
|
||||
tags:
|
||||
- 'config'
|
||||
|
||||
- name: '[CONF] - Deploy img folder'
|
||||
copy:
|
||||
src: '{{ forgejo_extra_files_path }}/'
|
||||
dest: '{{ forgejo_theme_dir }}/public/assets/img/'
|
||||
owner: '{{ forgejo_user }}'
|
||||
group: '{{ forgejo_group }}'
|
||||
mode: '0744'
|
||||
when: forgejo_extra_files_path is defined
|
||||
tags:
|
||||
- 'config'
|
||||
|
||||
- name: '[CONF] - Install dependencies for renderers'
|
||||
apt:
|
||||
name: '{{ item.apt }}'
|
||||
update_cache: true
|
||||
loop: '{{ forgejo_markup_config }}'
|
||||
when: item.enable == 'true' and item.apt != ''
|
||||
tags:
|
||||
- 'config'
|
||||
|
|
91
tasks/custom_themes.yml
Normal file
91
tasks/custom_themes.yml
Normal file
|
@ -0,0 +1,91 @@
|
|||
---
|
||||
|
||||
- name: '[THEME] - Create css dir'
|
||||
file:
|
||||
path: '{{ forgejo_theme_dir }}/public/assets/css'
|
||||
state: 'directory'
|
||||
owner: '{{ forgejo_user }}'
|
||||
group: '{{ forgejo_group }}'
|
||||
mode: '0744'
|
||||
tags:
|
||||
- 'theme'
|
||||
|
||||
# First, remove the css files from public folder, then theme repos
|
||||
- name: '[THEME] - Remove css files from the css folder'
|
||||
command:
|
||||
cmd: bash -c 'find "{{ forgejo_theme_dir }}/{{ item.name }}" -type f -name "*.css" -printf "%f\n" | xargs -I{} rm public/assets/css/{}'
|
||||
# find "{{ forgejo_theme_dir }}/{{ item.name }}" -type f -name "*.css" -printf "%f\n" | xargs -I{} rm public/assets/css/{}
|
||||
chdir: '{{ forgejo_theme_dir }}'
|
||||
loop: '{{ forgejo_custom_themes }}'
|
||||
when: item.enable == 'false'
|
||||
tags:
|
||||
- 'theme'
|
||||
|
||||
- name: '[THEME] - Remove theme repo'
|
||||
file:
|
||||
path: '{{ forgejo_theme_dir }}/{{ item.name }}'
|
||||
state: 'absent'
|
||||
owner: '{{ forgejo_user }}'
|
||||
group: '{{ forgejo_group }}'
|
||||
loop: '{{ forgejo_custom_themes }}'
|
||||
when: item.enable == 'false'
|
||||
tags:
|
||||
- 'theme'
|
||||
|
||||
# Second, get theme repos and deploy css files in public folder
|
||||
- name: '[THEME] - Get repo'
|
||||
git:
|
||||
repo: '{{ item.repo }}'
|
||||
dest: '{{ forgejo_theme_dir }}/{{ item.name }}'
|
||||
version: '{{ item.version }}'
|
||||
force: true
|
||||
loop: '{{ forgejo_custom_themes }}'
|
||||
when: item.enable == 'true'
|
||||
become: true
|
||||
become_user: '{{ forgejo_user }}'
|
||||
tags:
|
||||
- 'theme'
|
||||
|
||||
- name: '[THEME] - Find css files from different repos'
|
||||
find:
|
||||
paths: '{{ forgejo_theme_dir }}'
|
||||
patterns: ".*(?<!\\.min)\\.css$"
|
||||
recurse: true
|
||||
use_regex: true
|
||||
register: 'css_files'
|
||||
tags:
|
||||
- 'theme'
|
||||
|
||||
- name: '[THEME] - Copy css files to the public folder'
|
||||
copy:
|
||||
src: '{{ item.path }}'
|
||||
dest: '{{ forgejo_theme_dir }}/public/assets/css/'
|
||||
remote_src: true
|
||||
force: true
|
||||
mode: '0644'
|
||||
with_items: '{{ css_files.files }}'
|
||||
when: "'/public/' not in item.path"
|
||||
become: true
|
||||
become_user: '{{ forgejo_user }}'
|
||||
tags:
|
||||
- 'theme'
|
||||
|
||||
|
||||
# Lastly, update app.ini by adding the theme's name list.
|
||||
- name: '[THEME] - Get and prepare a list for app.ini of css files in public folder, register it'
|
||||
command:
|
||||
cmd: bash -c "ls '{{ forgejo_theme_dir }}/public/assets/css' | awk '{ if ($0 ~ /^theme-/) { gsub(/^theme-/, \"\", $0) }; gsub(/.css$/, \"\", $0); print }' | paste -s -d,"
|
||||
chdir: "{{ forgejo_theme_dir }}"
|
||||
register: 'theme_name'
|
||||
tags:
|
||||
- 'theme'
|
||||
|
||||
- name: '[THEME] - Add list of themes in app.ini'
|
||||
lineinfile:
|
||||
path: '{{ forgejo_confdir }}'
|
||||
regexp: '^THEMES'
|
||||
line: '{{ forgejo_ui_config[0] }},{{ theme_name.stdout }}'
|
||||
notify:
|
||||
- 'Restart forgejo'
|
||||
tags:
|
||||
- 'theme'
|
|
@ -1,28 +0,0 @@
|
|||
---
|
||||
|
||||
- name: '[INSTALL] - Install dependencies'
|
||||
apt:
|
||||
name: "{{ gitea_apt_list }}"
|
||||
update_cache: yes
|
||||
|
||||
|
||||
- name: '[INSTALL] - Download gitea binary'
|
||||
get_url:
|
||||
url: 'https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64'
|
||||
dest: '{{ gitea_bindir }}/gitea'
|
||||
mode: '0750'
|
||||
owner: '{{ gitea_user }}'
|
||||
group: '{{ gitea_group }}'
|
||||
force: 'yes'
|
||||
notify: 'Restart gitea'
|
||||
|
||||
|
||||
- name: '[INSTALL] - Set rights to read-only'
|
||||
file:
|
||||
path: '/etc/gitea'
|
||||
mode: '0750'
|
||||
|
||||
- name: '[INSTALL] - Set rights to read-only'
|
||||
file:
|
||||
path: '/etc/gitea/app.ini'
|
||||
mode: '0640'
|
103
tasks/install_upgrade.yml
Normal file
103
tasks/install_upgrade.yml
Normal file
|
@ -0,0 +1,103 @@
|
|||
---
|
||||
|
||||
- name: '[INSTALL] - Install dependencies'
|
||||
apt:
|
||||
name: '{{ forgejo_apt_list }}'
|
||||
update_cache: true
|
||||
|
||||
- name: '[INSTALL] - Check if forgejo is already installed'
|
||||
shell:
|
||||
cmd: '{{ forgejo_bindir }}/forgejo --version -c {{ forgejo_confdir }}'
|
||||
register: 'forgejo_is_installed'
|
||||
ignore_errors: true # needed when forgejo is not yet installed
|
||||
|
||||
# The following task is needed for the doctor check task, as `gitea-repositories` needs to exist,
|
||||
# but is created only when the first user creates a repo # so doctor gives an error on first installation
|
||||
# and on other installation if no user has created any repo yet.
|
||||
# It also allows to make sure forgejo was installed and used.
|
||||
- name: '[INSTALL] - Check gitea-repositories exists'
|
||||
stat:
|
||||
path: '{{ forgejo_lib_dir }}/gitea-repositories'
|
||||
register: 'gitea_repositories'
|
||||
|
||||
- name: '[UPGRADE] - Check forgejo health with doctor before updating'
|
||||
shell:
|
||||
cmd: '{{ forgejo_bindir }}/forgejo doctor check --all -c {{ forgejo_confdir }}'
|
||||
become: true
|
||||
become_user: '{{ forgejo_user }}'
|
||||
register: 'forgejo_health'
|
||||
when:
|
||||
- forgejo_is_installed.rc == 0
|
||||
- gitea_repositories.stat.exists
|
||||
|
||||
- name: '[UPGRADE] - Restart forgejo'
|
||||
systemd:
|
||||
name: 'forgejo'
|
||||
state: 'restarted'
|
||||
when:
|
||||
- forgejo_is_installed.rc == 0
|
||||
- forgejo_health is defined and forgejo_health.rc is defined and forgejo_health.rc == 0
|
||||
|
||||
- name: '[UPGRADE] - Wait for forgejo to be back online'
|
||||
pause:
|
||||
seconds: 10
|
||||
when:
|
||||
- forgejo_is_installed.rc == 0
|
||||
- forgejo_health is defined and forgejo_health.rc is defined and forgejo_health.rc == 0
|
||||
|
||||
- name: '[UPGRADE] - Flush all queues'
|
||||
shell:
|
||||
cmd: '{{ forgejo_bindir }}/forgejo manager flush-queues -c {{ forgejo_confdir }}'
|
||||
become: true
|
||||
become_user: '{{ forgejo_user }}'
|
||||
when:
|
||||
- forgejo_is_installed.rc == 0
|
||||
- forgejo_health is defined and forgejo_health.rc is defined and forgejo_health.rc == 0
|
||||
|
||||
- name: '[UPGRADE] - Stop forgejo'
|
||||
systemd:
|
||||
name: 'forgejo'
|
||||
state: 'stopped'
|
||||
when:
|
||||
- forgejo_is_installed.rc == 0
|
||||
- forgejo_health is defined and forgejo_health.rc is defined and forgejo_health.rc == 0
|
||||
|
||||
- name: '[INSTALL] - Download forgejo binary'
|
||||
get_url:
|
||||
url: '{{ forgejo_download_url }}'
|
||||
dest: '{{ forgejo_bindir }}/forgejo'
|
||||
mode: '0750'
|
||||
owner: '{{ forgejo_user }}'
|
||||
group: '{{ forgejo_group }}'
|
||||
force: true
|
||||
notify:
|
||||
- 'Restart forgejo'
|
||||
|
||||
- name: '[INSTALL] - Set /etc/forgejo rights to read-only'
|
||||
file:
|
||||
path: '/etc/forgejo'
|
||||
mode: '0750'
|
||||
|
||||
- name: '[INSTALL] - Set app.ini rights to read-only'
|
||||
file:
|
||||
path: '/etc/forgejo/app.ini'
|
||||
mode: '0640'
|
||||
|
||||
- name: '[UPGRADE] - Check forgejo health after upgrading'
|
||||
command:
|
||||
cmd: '{{ forgejo_bindir }}/forgejo doctor check --all -c {{ forgejo_confdir }}'
|
||||
become: true
|
||||
become_user: '{{ forgejo_user }}'
|
||||
register: 'forgejo_health'
|
||||
when:
|
||||
- forgejo_is_installed.rc == 0
|
||||
- gitea_repositories.stat.exists
|
||||
|
||||
- name: '[UPGRADE] - Display problem message'
|
||||
fail:
|
||||
msg: 'Forgejo doctor detected issues after upgrade task. Please check the instance manually and fix issues before continuing'
|
||||
when:
|
||||
- forgejo_is_installed.rc == 0
|
||||
- forgejo_health is defined and forgejo_health.rc is defined and forgejo_health.rc != 0
|
||||
notify:
|
||||
- 'Stop forgejo'
|
|
@ -1,13 +1,21 @@
|
|||
---
|
||||
|
||||
- name: "[GITEA]- Create user"
|
||||
include: user.yml
|
||||
- name: '[FORGEJO]- Create user'
|
||||
include_tasks: 'user.yml'
|
||||
|
||||
- name: "[GITEA] - configure"
|
||||
include: configure.yml
|
||||
- name: '[FORGEJO] - configure'
|
||||
include_tasks: 'configure.yml'
|
||||
tags:
|
||||
- 'config'
|
||||
|
||||
- name: "[GITEA] - systemd"
|
||||
include: systemd.yml
|
||||
- name: '[FORGEJO] - install or upgrade'
|
||||
include_tasks: 'install_upgrade.yml'
|
||||
|
||||
- name: "[GITEA] - install"
|
||||
include: install.yml
|
||||
- name: '[FORGEJO] - theme'
|
||||
include_tasks: 'custom_themes.yml'
|
||||
when: forgejo_custom_themes is defined
|
||||
tags:
|
||||
- 'theme'
|
||||
|
||||
- name: '[FORGEJO] - systemd'
|
||||
include_tasks: 'systemd.yml'
|
||||
|
|
|
@ -2,23 +2,24 @@
|
|||
|
||||
- name: '[SYSTEMD] - Deploy Systemd config'
|
||||
template:
|
||||
src: etc/systemd/system/gitea.service.j2
|
||||
dest: /etc/systemd/system/gitea.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
register: gitea_systemd
|
||||
src: 'etc/systemd/system/forgejo.service.j2'
|
||||
dest: '/etc/systemd/system/forgejo.service'
|
||||
owner: 'root'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
register: 'forgejo_systemd'
|
||||
|
||||
- name: '[SYSTEMD] - Enable systemd'
|
||||
systemd:
|
||||
name: gitea
|
||||
enabled: yes
|
||||
state: started
|
||||
daemon_reload: yes
|
||||
notify: Restart gitea
|
||||
name: 'forgejo'
|
||||
enabled: true
|
||||
state: 'started'
|
||||
daemon_reload: true
|
||||
notify:
|
||||
- 'Restart forgejo'
|
||||
|
||||
- name: "[SYSTEMD] - Daemon-reload"
|
||||
- name: '[SYSTEMD] - Daemon-reload'
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
name: gitea
|
||||
when: gitea_systemd.changed
|
||||
daemon_reload: true
|
||||
name: 'forgejo'
|
||||
when: forgejo_systemd.changed
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
---
|
||||
|
||||
- name: Add group
|
||||
- name: '[User] - Add group'
|
||||
group:
|
||||
name: '{{ gitea_group }}'
|
||||
state: present
|
||||
name: '{{ forgejo_group }}'
|
||||
state: 'present'
|
||||
|
||||
- name: Add user
|
||||
- name: '[User] - Add user'
|
||||
user:
|
||||
name: '{{ gitea_user }}'
|
||||
shell: /bin/bash
|
||||
group: '{{ gitea_group }}'
|
||||
name: '{{ forgejo_user }}'
|
||||
shell: '/bin/bash'
|
||||
group: '{{ forgejo_group }}'
|
||||
|
|
115
templates/etc/forgejo/app.ini.j2
Normal file
115
templates/etc/forgejo/app.ini.j2
Normal file
|
@ -0,0 +1,115 @@
|
|||
# {{ ansible_managed }}
|
||||
{% for item in forgejo_base_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[oauth2]
|
||||
{% for item in forgejo_oauth2_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[oauth2_client]
|
||||
{% for item in forgejo_oauth2_client_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[ui]
|
||||
{% for item in forgejo_ui_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[security]
|
||||
{% for item in forgejo_security_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[database]
|
||||
{% for item in forgejo_database_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[repository]
|
||||
{% for item in forgejo_repository_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[server]
|
||||
{% for item in forgejo_server_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[lfs]
|
||||
{% for item in forgejo_lfs_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[mailer]
|
||||
{% for item in forgejo_mailer_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[service]
|
||||
{% for item in forgejo_service_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
[mirror]
|
||||
{% for item in forgejo_mirror_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[picture]
|
||||
{% for item in forgejo_picture_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
[openid]
|
||||
{% for item in forgejo_openid_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[session]
|
||||
{% for item in forgejo_session_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[log]
|
||||
{% for item in forgejo_log_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[markup]
|
||||
{% for item in forgejo_markup_config %}
|
||||
{% if item.name == 'asciidoc' and item.enable == 'true' %}
|
||||
[markup.asciidoc]
|
||||
ENABLED = true
|
||||
NEED_POSTPROCESS = true
|
||||
FILE_EXTENSIONS = .adoc,.asciidoc
|
||||
RENDER_COMMAND = "asciidoctor -s -a showtitle --out-file=- -"
|
||||
IS_INPUT_FILE = false
|
||||
RENDER_CONTENT_MODE = sanitized
|
||||
{% endif %}
|
||||
{% if item.name == 'jupyter' and item.enable == 'true' %}
|
||||
[markup.jupyter]
|
||||
ENABLED = true
|
||||
FILE_EXTENSIONS = .ipynb
|
||||
RENDER_COMMAND = "jupyter nbconvert --stdin --stdout --to html --template basic"
|
||||
IS_INPUT_FILE = false
|
||||
RENDER_CONTENT_MODE = sanitized
|
||||
{% endif %}
|
||||
{% if item.name == 'html' and item.enable == 'true' %}
|
||||
[markup.html]
|
||||
ENABLED = true
|
||||
FILE_EXTENSIONS = .html,.htm
|
||||
RENDER_COMMAND = cat
|
||||
IS_INPUT_FILE = true
|
||||
RENDER_CONTENT_MODE = sanitized
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
[email.incoming]
|
||||
{% for item in forgejo_email_incoming %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
|
@ -1,75 +0,0 @@
|
|||
# {{ ansible_managed }}
|
||||
{% for item in gitea_base_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
[oauth2]
|
||||
{% for item in gitea_oauth2_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[ui]
|
||||
{% for item in gitea_ui_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[security]
|
||||
{% for item in gitea_security_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
[database]
|
||||
{% for item in gitea_database_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[repository]
|
||||
{% for item in gitea_repository_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[server]
|
||||
{% for item in gitea_server_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
[mailer]
|
||||
{% for item in gitea_mailer_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[service]
|
||||
{% for item in gitea_service_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
[mirror]
|
||||
{% for item in gitea_mirror_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[picture]
|
||||
{% for item in gitea_picture_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
[openid]
|
||||
{% for item in gitea_openid_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
[session]
|
||||
{% for item in gitea_session_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
|
||||
[log]
|
||||
{% for item in gitea_log_config %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
97
templates/etc/systemd/system/forgejo.service.j2
Normal file
97
templates/etc/systemd/system/forgejo.service.j2
Normal file
|
@ -0,0 +1,97 @@
|
|||
[Unit]
|
||||
Description=Forgejo (Beyond coding. We forge.)
|
||||
After=syslog.target
|
||||
After=network.target
|
||||
###
|
||||
# Don't forget to add the database service dependencies
|
||||
###
|
||||
{% if forgejo_dbservice is defined %}
|
||||
Wants={{ forgejo_dbservice }}
|
||||
After={{ forgejo_dbservice }}
|
||||
{% endif %}
|
||||
|
||||
###
|
||||
# If using socket activation for main http/s
|
||||
###
|
||||
{% if forgejo_websocket is defined %}
|
||||
After=forgejo.main.socket
|
||||
Requires=forgejo.main.socket
|
||||
|
||||
###
|
||||
# (You can also provide forgejo an http fallback and/or ssh socket too)
|
||||
#
|
||||
# An example of /etc/systemd/system/forgejo.main.socket
|
||||
###
|
||||
|
||||
[Unit]
|
||||
Description=Forgejo Web Socket
|
||||
PartOf=forgejo.service
|
||||
|
||||
[Socket]
|
||||
Service=forgejo.service
|
||||
ListenStream=<some_port>
|
||||
NoDelay=true
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
||||
{% endif %}
|
||||
|
||||
|
||||
[Service]
|
||||
# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
|
||||
{% if forgejo_limitnofile is defined %}
|
||||
LimitNOFILE={{ forgejo_limitnofile }}
|
||||
{% else %}
|
||||
# LimitNOFILE=524288:524288
|
||||
{% endif %}
|
||||
RestartSec=2s
|
||||
Type=simple
|
||||
User={{ forgejo_user }}
|
||||
Group={{ forgejo_group }}
|
||||
WorkingDirectory={{ forgejo_lib_dir }}
|
||||
# If using Unix socket: tells systemd to create the /run/forgejo folder, which will contain the forgejo.sock file
|
||||
# (manually creating /run/forgejo doesn't work, because it would not persist across reboots)
|
||||
{% if forgejo_websocket is defined %}
|
||||
RuntimeDirectory=forgejo
|
||||
{% else %}
|
||||
#RuntimeDirectory=forgejo
|
||||
{% endif %}
|
||||
ExecStart={{ forgejo_bindir }}/forgejo web -c {{ forgejo_confdir }}
|
||||
Restart=always
|
||||
RestartSec=3
|
||||
Environment=USER={{ forgejo_user }} HOME=/home/{{ forgejo_user }} FORGEJO_WORK_DIR={{ forgejo_lib_dir }} FORGEJO_CUSTOM={{ forgejo_theme_dir }}
|
||||
# If you install Git to directory prefix other than default PATH (which happens
|
||||
# for example if you install other versions of Git side-to-side with
|
||||
# distribution version), uncomment below line and add that prefix to PATH
|
||||
# Don't forget to place git-lfs binary on the PATH below if you want to enable
|
||||
# Git LFS support
|
||||
{% if forgejo_custom_path is defined %}
|
||||
Environment=PATH={{ forgejo_custom_path }}:/bin:/sbin:/usr/bin:/usr/sbin
|
||||
{% else %}
|
||||
#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
|
||||
{% endif %}
|
||||
# If you want to bind Forgejo to a port below 1024, uncomment
|
||||
# the two values below, or use socket activation to pass Forgejo its ports as above
|
||||
###
|
||||
{% if forgejo_cap_net_bind_service is defined %}
|
||||
CapabilityBoundingSet={{ forgejo_cap_net_bind_service }}
|
||||
AmbientCapabilities={{ forgejo_cap_net_bind_service }}
|
||||
{% else %}
|
||||
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
#AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
{% endif %}
|
||||
###
|
||||
# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
|
||||
# set the following value to false to allow capabilities to be applied on Forgejo process. The following
|
||||
# value if set to true sandboxes Forgejo service and prevent any processes from running with privileges
|
||||
# in the host user namespace.
|
||||
###
|
||||
{% if forgejo_privateusers is defined %}
|
||||
PrivateUsers={{ forgejo_privateusers }}
|
||||
{% else %}
|
||||
#PrivateUsers=false
|
||||
{% endif %}
|
||||
###
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,34 +0,0 @@
|
|||
[Unit]
|
||||
Description=Gitea (Git with a cup of tea)
|
||||
After=syslog.target
|
||||
After=network.target
|
||||
#Requires=mysql.service
|
||||
#Requires=mariadb.service
|
||||
#Requires=postgresql.service
|
||||
#Requires=memcached.service
|
||||
#Requires=redis.service
|
||||
|
||||
[Service]
|
||||
# Modify these two values and uncomment them if you have
|
||||
# repos with lots of files and get an HTTP error 500 because
|
||||
# of that
|
||||
###
|
||||
#LimitMEMLOCK=infinity
|
||||
#LimitNOFILE=65535
|
||||
RestartSec=2s
|
||||
Type=simple
|
||||
User={{ gitea_user }}
|
||||
Group={{ gitea_group }}
|
||||
WorkingDirectory=/var/lib/gitea/
|
||||
ExecStart={{ gitea_bindir }}/gitea web -c {{ gitea_confdir }}
|
||||
Restart=always
|
||||
RestartSec=3
|
||||
Environment=USER={{ gitea_user }} HOME=/home/{{ gitea_user }} GITEA_WORK_DIR=/var/lib/gitea
|
||||
# If you want to bind Gitea to a port below 1024 uncomment
|
||||
# the two values below
|
||||
###
|
||||
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
#AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in a new issue