gitea#
Ansible role to install gitea server in docker environment
This role configure :
docker network
docker service
docker volume
an example of variables file :
---
gitea_user:
uname: "gitea"
uid: "6000"
gname: "gitea"
gid: "6000"
home: "/var/local/gitea"
# Docker part
gitea_docker_project_directory: "{{ gitea_user.home }}/gitea"
gitea_docker_data_directory: "{{ gitea_docker_project_directory }}/data"
gitea_docker_log_directory: "{{ gitea_docker_project_directory }}/log"
gitea_docker_compose_file_path: "{{ gitea_docker_project_directory }}/docker-compose.yml"
gitea_docker_network_name: "gitea"
gitea_docker_network_subnet: 172.26.0.0/24
gitea_docker_network_gateway: 172.26.0.1
gitea_server_name: "gitea"
gitea_image: "gitea/gitea:1.17.3"
gitea_container_name: "gitea-server"
gitea_docker_network_ipv4_address: "172.26.0.42"
gitea_docker_systemd_service_file: "/lib/systemd/system/gitea.service"
# APP part
gitea_user_uid: "1000"
gitea_user_gid: "1000"
gitea_disable_registration: "true"
gitea_web_protocol: "http"
gitea_web_port: "3000"
gitea_ssh_port: "2222"
gitea_server_domain: "localhost"
gitea_server_min_password_length: "6"
gitea_ssl_mode: "disable"
gitea_app_name: "Gitea"
gitea_repo_root_path: "/data/git/repositories"
gitea_lfs_root_path: "/data/git/lfs"
gitea_run_user: "git"
__gitea_app_url: "{{ gitea_web_protocol }}://{{ gitea_server_domain }}:{{ gitea_web_port }}/"
gitea_log_root_path: "/data/gitea/log"
gitea_enable_federated_avatar: "on"
gitea_enable_open_id_sign_in: "on"
gitea_enable_open_id_sign_up: "on"
gitea_default_allow_create_organization: "on"
gitea_default_enable_timetracking: "on"
gitea_no_reply_address: "noreply.gitea.local.ici"
gitea_password_algorithm: "pbkdf2"
gitea_admin_name: "gitea"
gitea_admin_passwd: "gitea"
gitea_admin_email: "gitea@local.ici"
# Passwd complexity; can be : "lower,upper,digit,spec"
gitea_server_password_complexity: "off"
# MAIL part
gitea_smtp_host: ""
gitea_smtp_from: ""
gitea_smtp_user: ""
gitea_smtp_passwd: ""
# DB part
gitea_db_type: "postgres"
gitea_db_host: "172.16.1.42"
gitea_db_port: "5432"
gitea_db_name: "database42"
gitea_db_user: "user42"
gitea_db_password: "password42"
gitea_db_schema: ""
gitea_db_path: "/data/gitea/gitea.db"
gitea_db_charset: "utf8"
Enjoy :)
docker compose -f docker-compose.gitea.yml -p glxforge-gitea ps -a –format json
/app/gitea/gitea admin user create –admin –username glxforge-admin –random-password –email admin@gitea.local.ici –access-token
docker exec -u git 633d755cb66b05183f5882eed244967a0c2326e551e18b909cdfd9c74e137ce2 /app/gitea/gitea admin user create –admin –username glxforge-admin –random-password –email admin@gitea.local.ici –access-token
Defaults#
Docker part#
Gitea domain
glxforge_gitea_domain: "local.ici"
Docker Network (will be create during the role apply)
glxforge_gitea_docker_network_name: "glxforge-network"
glxforge_gitea_docker_network_subnet: "172.26.0.0/24"
glxforge_gitea_docker_network_gateway: "172.26.0.1"
Container ipv4 address
glxforge_gitea_docker_network_ipv4_address: "172.26.0.10"
Dockerfile part
glxforge_gitea_version: "1.19.4"
glxforge_gitea_container_image: "gitea/gitea:{{ glxforge_gitea_version }}"
glxforge_gitea_docker_name: "gitea-server"
glxforge_gitea_compose_project: "glxforge-gitea"
glxforge_gitea_container_name: "gitea-server"
Port mapping
glxforge_gitea_internal_http_port: "3000"
glxforge_gitea_external_http_port: "{{ glxforge_http_port | default('3030') }}"
glxforge_gitea_internal_ssh_port: "2222"
glxforge_gitea_external_ssh_port: "{{ glxforge_ssh_port | default('3022') }}"
glxforge_gitea_home_dir: "/tmp/glxforge/gitea"
glxforge_gitea_data_dir: "{{ glxforge_gitea_home_dir }}/glxdata"
glxforge_gitea_compose_filename: "docker-compose.gitea.yml"
glxforge_gitea_compose_file_path: "{{ glxforge_gitea_home_dir }}/{{ glxforge_gitea_compose_filename }}"
glxforge_gitea_data_dir_server: "{{ glxforge_gitea_data_dir }}/gitea-server"
glxforge_gitea_secret_token_path: "{{ glxforge_gitea_data_dir_server }}/internal.token"
glxforge_gitea_access_token_dir: "{{ glxforge_gitea_home_dir }}/group_vars/galaxie_forge"
glxforge_gitea_access_token_path: "{{ glxforge_gitea_access_token_dir }}/gitea.yml"
Gitea WEG GUI admin access
glxforge_gitea_admin: "glxforge-admin"
glxforge_gitea_admin_random_password: true
Setup up gitea admin password if glxforge_gitea_admin_random_password is false
glxforge_gitea_admin_password: "Super42!"
Gitea APP registration
glxforge_gitea_app_registration_enabled: true
glxforge_gitea_app_registration_name: "glxforge_woodpecker_app"
glxforge_gitea_app_registration_redirects_uris:
- "http://woodpecker.local.ici:3000/authorize"
App ini#
App name that shows in every page title
glxforge_gitea_app_name: "Galaxie-Forge (gitea inside)"
Change it if you run locally
glxforge_gitea_run_user: "git"
Either “dev”, “prod” or “test”, default is “dev”
glxforge_gitea_run_mode: "prod"
The protocol the server listens on. One of ‘http’, ‘https’, ‘unix’ or ‘fcgi’
glxforge_gitea_server_protocol: "http"
Expect PROXY protocol headers on connections
glxforge_gitea_server_use_proxy_protocol: "false"
Set the domain for the server
glxforge_gitea_server_domain: "{{ glxforge_gitea_docker_name }}"
Relative paths will be made absolute against the AppWorkPath.
glxforge_gitea_server_http_addr: "0.0.0.0"
The port to listen on. Leave empty when using a unix socket.
glxforge_gitea_server_http_port: "{{ glxforge_gitea_internal_http_port }}"
Disable SSH feature when not available
glxforge_gitea_server_disable_ssh: false
Whether to use the builtin SSH server or not.
glxforge_gitea_server_start_ssh_server: "true"
Domain name to be exposed in clone URL
glxforge_gitea_server_ssh_domain: "{{ glxforge_gitea_domain }}"
Port number to be exposed in clone URL
glxforge_gitea_server_ssh_port: "{{ glxforge_gitea_external_ssh_port }}"
The port number the builtin SSH server should listen on
glxforge_gitea_server_ssh_listen_port: "{{ glxforge_gitea_internal_ssh_port }}"
Overwrite the automatically generated public URL. Necessary for proxies and docker.
glxforge_gitea_server_root_url: "http://gitea.{{ glxforge_gitea_domain }}:{{ glxforge_gitea_external_http_port }}/"
LFS authentication secret, change this yourself
glxforge_gitea_server_lfs_jwt_secret: ""
Database type to use
glxforge_gitea_database_db_type: "sqlite3"
Database data location
glxforge_gitea_database_path: "/data/gitea/gitea.db"
Database timeout
glxforge_gitea_database_sqlite_timeout: "500"
https://www.sqlite.org/pragma.html#pragma_journal_mode
glxforge_gitea_database_sqlite_journal_mode: "OFF"
Whether the installer is disabled (set to true to disable the installer)
glxforge_gitea_security_install_lock: "true"
Secret used to validate communication within Gitea binary
glxforge_gitea_security_internal_token: "{{ __glxforge_gitea_internal_token_bcrypt }}"
Password Hash algorithm, either “argon2”, “pbkdf2”, “scrypt” or “bcrypt”
glxforge_gitea_security_password_hash_algo: "bcrypt"
Reverse proxy authentication header name of user name, email, and full name
glxforge_gitea_security_rp_authentication_user: "X-WEBAUTH-USER"
Reverse proxy authentication header name of user name, email, and full name
glxforge_gitea_security_rp_authentication_email: "X-WEBAUTH-EMAIL"
Reverse proxy authentication header name of user name, email, and full name
glxforge_gitea_security_rp_authentication_full_name: "X-WEBAUTH-FULLNAME"
Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request
glxforge_gitea_security_rp_limit: "1"
List of IP addresses and networks separated by comma of trusted proxy servers. Use * to trust all.
glxforge_gitea_security_rp_trusted_proxies: "127.0.0.0/8,::1/128"
Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, the default is off (no checking) Classes include “lower,upper,digit,spec”
glxforge_gitea_security_password_complexity: "off"
The minimum password length for new Users
glxforge_gitea_security_min_password_length: "6"
Set to false to allow users with git hook privileges to create custom git hooks
glxforge_gitea_security_disable_git_hooks: "true"
Set to true to disable webhooks feature
glxforge_gitea_security_disable_webhooks: "false"
Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED
glxforge_gitea_security_only_allow_push_if_gitea_environment_set: "true"
Password Hash algorithm, either “argon2”, “pbkdf2”, “scrypt” or “bcrypt”
glxforge_gitea_security_password_hash_algo: "pbkdf2"
Validate against https://haveibeenpwned.com/Passwords to see if a password has been exposed
glxforge_gitea_security_password_check_pwn: "false"
Enables OAuth2 provider
glxforge_gitea_oauth2_enable: "true"
Algorithm used to sign OAuth2 tokens. Valid values: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, EdDSA
glxforge_gitea_oauth2_jwt_signing_algorithm: "RS256"
Private key file path used to sign OAuth2 tokens. The path is relative to APP_DATA_PATH.
glxforge_gitea_oauth2_jwt_signing_private_key_file: "jwt/private.pem"
OAuth2 authentication secret for access and refresh tokens, change this yourself to a unique string CLI generate option is helpful in this case. https://docs.gitea.io/en-us/command-line/#generate
glxforge_gitea_oauth2_jwt_secret: ""
Lifetime of an OAuth2 access token in seconds
glxforge_gitea_oauth2_access_token_expiration_time: "3600"
Lifetime of an OAuth2 refresh token in hours
glxforge_gitea_oauth2_refresh_token_expiration_time: "730"
Check if refresh token got already used
glxforge_gitea_oauth2_invalidate_refresh_tokens: "false"
Maximum length of oauth2 token/cookie stored on server
glxforge_gitea_oauth2_max_token_length: "32767"
Root path for the log files - defaults to %(GITEA_WORK_DIR)/log
glxforge_gitea_log_root_path: "/data/gitea/log"
Either “console”, “file” or “conn”, default is “console”
glxforge_gitea_log_mode: "console"
Either “Trace”, “Debug”, “Info”, “Warn”, “Error” or “None”, default is “Info”
glxforge_gitea_log_level: "info"
Collect SSH logs (Creates log from ssh git request)
glxforge_gitea_log_enable_ssh_log: "false"
Time limit to confirm account/email registration
glxforge_gitea_srv_active_code_live_minutes: "180"
Time limit to perform the reset of a forgotten password
glxforge_gitea_srv_reset_passwd_code_live_minutes: "180"
Whether a new user needs to confirm their email when registering
glxforge_gitea_srv_register_email_confirm: "false"
Whether a new user needs to be confirmed manually after registration. (Requires REGISTER_EMAIL_CONFIRM to be disabled.)
glxforge_gitea_srv_register_manual_confirm: "false"
List of domain names that are allowed to be used to register on a Gitea instance, wildcard is supported
glxforge_gitea_srv_email_domain_allowlist: ""
Comma-separated list of domain names that are not allowed to be used to register on a Gitea instance, wildcard is supported
glxforge_gitea_srv_email_domain_blocklist: ""
Disallow registration, only allow admins to create accounts
glxforge_gitea_srv_disable_registration: "false"
Allow registration only using gitea itself, it works only when DISABLE_REGISTRATION is false
glxforge_gitea_srv_allow_only_internal_registration: "false"
Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
glxforge_gitea_srv_allow_only_external_registration: "false"
Mail notification
glxforge_gitea_srv_enable_notify_mail: "false"
This setting enables gitea to be signed in with HTTP BASIC Authentication using the user’s password
glxforge_gitea_srv_enable_basic_authentication: "true"
Every new user will have rights set to create organizations depending on this setting
glxforge_gitea_srv_default_allow_create_organization: "true"
Every new user will have restricted permissions depending on this setting
glxforge_gitea_srv_default_user_is_restricted: "false"
Either “public”, “limited” or “private”, default is “public”
glxforge_gitea_srv_default_user_visibility: "public"
Set which visibility modes a user can have
glxforge_gitea_srv_allowed_user_visibility_modes: "public,limited,private"
Either “public”, “limited” or “private”, default is “public”
glxforge_gitea_srv_default_org_visibility: "public"
True will make the membership of the users visible when added to the organisation
glxforge_gitea_srv_default_org_member_visible: "false"
Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)s/gitea-repositories
glxforge_gitea_repository_root: "/data/git/repositories"
Force every new repository to be private
glxforge_gitea_repository_force_private: "false"
Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used
glxforge_gitea_repository_default_private: "last"
Path for local repository copy. Defaults to tmp/local-repo (content gets deleted on gitea restart)
glxforge_gitea_repository_local_copy_path: "/data/gitea/tmp/local-repo"
Path for uploads. Defaults to data/tmp/uploads (content gets deleted on gitea restart)
glxforge_gitea_repository_temp_path: "/data/gitea/uploads"
Set default merge style for repository creating, valid options: merge, rebase, rebase-merge, squash
glxforge_gitea_repository_default_merge_style: "merge"
Sets the default trust model for repositories. Options are: collaborator, committer, collaboratorcommitter
glxforge_gitea_repository_default_trust_model: "committer"
Set the default theme for the Gitea install
glxforge_gitea_ui_default_theme: "auto"
All available themes. Allow users select personalized themes regardless of the value of DEFAULT_THEME.
glxforge_gitea_ui_themes: "auto,gitea,arc-green"
All available reactions users can choose on issues/prs and comments
glxforge_gitea_ui_reactions: "+1, -1, laugh, hooray, confused, heart, rocket, eyes"
Additional Emojis not defined in the utf8 standard
glxforge_gitea_ui_custom_emojis: "gitea, codeberg, gitlab, git, github, gogs"
Whether to search within description at repository search on explore page.
glxforge_gitea_ui_search_repo_description: "true"
Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
glxforge_gitea_indexer_issue_indexer_path: "/data/gitea/indexers/issues.bleve"
Provider config options
glxforge_gitea_session_provider_config: "/data/gitea/sessions"
Either “memory”, “file”, “redis”, “redis-cluster”, “db”, “mysql”, “couchbase”, “memcache” or “postgres”
glxforge_gitea_session_provider: "file"
Whether to allow signin in via OpenID
glxforge_gitea_openid_enable_openid_signin: "true"
Whether to allow registering via OpenID
glxforge_gitea_openid_enable_openid_signup: "true"
Allowed URI patterns (POSIX regexp).
glxforge_gitea_openid_whitelisted_uris: ""
Forbidden URI patterns (POSIX regexp).
glxforge_gitea_openid_blacklisted_uris: ""
Whether a new auto registered oauth2 user needs to confirm their email.
glxforge_gitea_oauth2_client_register_email_confirm: ""
Scopes for the openid connect oauth2 provider (separated by space, the openid scope is implicitly added)
glxforge_gitea_oauth2_client_openid_connect_scopes: ""
Automatically create user accounts for new oauth2 users
glxforge_gitea_oauth2_client_enable_auto_registration: "false"
The source of the username for new oauth2 accounts:
glxforge_gitea_oauth2_client_username: "nickname"
Update avatar if available from oauth2 provider
glxforge_gitea_oauth2_client_update_avatar: "false"
How to handle if an account / email already exists
glxforge_gitea_oauth2_client_account_linking: "login"
Hook task queue length, increase if webhook shooting starts hanging
glxforge_gitea_webhook_queue_length: "1000"
Deliver timeout in seconds
glxforge_gitea_webhook_deliver_timeout: "5"
Webhook can only call allowed hosts for security reasons. Comma separated list, eg: external, 192.168.1.0/24, *.mydomain.com
glxforge_gitea_webhook_allowed_host_list: "external"
Allow insecure certification
glxforge_gitea_webhook_skip_tls_verify: "false"
Number of history information in each page
glxforge_gitea_webhook_paging_num: "10"
Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy
glxforge_gitea_webhook_proxy_url: ""
Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
glxforge_gitea_webhook_proxy_hosts: ""
Enabled or not mailer
glxforge_gitea_mailer_enabled: "false"
Mail server protocol. One of “smtp”, “smtps”, “smtp+starttls”, “smtp+unix”, “sendmail”, “dummy”
glxforge_gitea_mailer_protocol: ""
Mail server address, e.g. smtp.gmail.com
glxforge_gitea_mailer_smtp_addr: ""
Mail server port
glxforge_gitea_mailer_smtp_port: ""
If set to true, completely ignores server certificate validation errors
glxforge_gitea_mailer_force_trust_server_cert: "false"
Use client certificate in connection
glxforge_gitea_mailer_use_client_cert: "false"
Client cert file location
glxforge_gitea_mailer_client_cert_file: ""
Client key file location
glxforge_gitea_mailer_client_key_file: ""
Mail from address, RFC 5322. This can be just an email address, or the "Name" <email@example.com> format
glxforge_gitea_mailer_from: ""
Sometimes it is helpful to use a different address on the envelope. Set this to use ENVELOPE_FROM as the from on the envelope. Set to <> to send an empty address
glxforge_gitea_mailer_envelope_from: ""
Mailer user name and password, if required by provider
glxforge_gitea_mailer_user: ""
Use PASSWD = your password for quoting if you use special characters in the password
glxforge_gitea_mailer_passwd: ""
Timeout for Sendmail
glxforge_gitea_mailer_sendmail_timeout: "5m"
glxforge_gitea_picture_avatar_upload_path: "/data/gitea/avatars"
glxforge_gitea_picture_repository_avatar_upload_path: "/data/gitea/repo-avatars"
Path for attachments. Defaults to data/attachments only available when STORAGE_TYPE is local
glxforge_gitea_attachment_path: "/data/gitea/attachments"
Location the UI time display i.e. Asia/Shanghai
glxforge_gitea_time_default_ui_location: ""
Enable or not cron tasks
glxforge_gitea_cron_enabled: "false"
Setting this to true will run all enabled cron tasks when Gitea starts
glxforge_gitea_cron_run_at_start: "false"
Whether to enable the job
glxforge_gitea_cron_archive_enabled: "true"
Whether to always run at least once at start up time (if ENABLED
glxforge_gitea_cron_archive_run_at_start: "true"
Whether to emit notice on successful execution too
glxforge_gitea_cron_archive_notice_on_success: "false"
Time interval for job to run
glxforge_gitea_cron_archive_schedule: "@midnight"
Archives created more than OLDER_THAN ago are subject to deletion
glxforge_gitea_cron_archive_older_than: "24h"
Storage type
glxforge_gitea_storage_type: "local"
Storage type
glxforge_gitea_lfs_storage_type: "local"
Where your lfs files reside, default is data/lfs.
glxforge_gitea_lfs_path: "/data/git/lfs"