ansible/ansible-role-gitea-docker
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial role commit

Browse Source
This commit is contained in:
hiperman
2025-11-28 20:50:50 -05:00
parent be507897df
commit fdd0c909bd
15 changed files with 1655 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
templates/actions/config.yaml.j2 Normal file
View File

@@ -0,0 +1,111 @@
# Example configuration file, it's safe to copy this as the default config file without any modification.
# https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
# You don't have to copy this file to your instance,
# just run `./act_runner generate-config > config.yaml` to generate a config file.
log:
# The level of logging, can be trace, debug, info, warn, error, fatal
level: info
runner:
# Where to store the registration result.
file: .runner
# Execute how many tasks concurrently at the same time.
capacity: 1
# Extra environment variables to run jobs.
envs:
# A_TEST_ENV_NAME_1: a_test_env_value_1
# A_TEST_ENV_NAME_2: a_test_env_value_2
# Extra environment variables to run jobs from a file.
# It will be ignored if it's empty or the file doesn't exist.
env_file: .env
# The timeout for a job to be finished.
# Please note that the Gitea instance also has a timeout (3h by default) for the job.
# So the job could be stopped by the Gitea instance if its timeout is shorter than this.
timeout: 3h
# The timeout for the runner to wait for running jobs to finish when shutting down.
# Any running jobs that haven't finished after this timeout will be cancelled.
shutdown_timeout: 0s
# Whether skip verifying the TLS certificate of the Gitea instance.
insecure: false
# The timeout for fetching the job from the Gitea instance.
fetch_timeout: 5s
# The interval for fetching the job from the Gitea instance.
fetch_interval: 2s
# The github_mirror of a runner is used to specify the mirror address of the github that pulls the action repository.
# It works when something like `uses: actions/checkout@v4` is used and DEFAULT_ACTIONS_URL is set to github,
# and github_mirror is not empty. In this case,
# it replaces https://github.com with the value here, which is useful for some special network environments.
github_mirror: ''
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
# Like: "macos-arm64:host" or "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest"
# Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
# If it's empty when registering, it will ask for inputting labels.
# If it's empty when execute `daemon`, will use labels in `.runner` file.
labels:
- "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest"
- "ubuntu-24.04:docker://docker.gitea.com/runner-images:ubuntu-24.04"
- "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04"
cache:
# Enable cache server to use actions/cache.
enabled: {{ item.cache_enabled | bool | lower }}
# The directory to store the cache data.
# If it's empty, the cache data will be stored in $HOME/.cache/actcache.
dir: ""
# The host of the cache server.
# It's not for the address to listen, but the address to connect from job containers.
# So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
host: {{ gitea_host_ip }}
# The port of the cache server.
# 0 means to use a random available port.
port: {{ item.cache_port }}
# The external cache server URL. Valid only when enable is true.
# If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
# The URL should generally end with "/".
external_server: ""
container:
# Specifies the network to which the container will connect.
# Could be host, bridge or the name of a custom network.
# If it's empty, act_runner will create a network automatically.
network: ""
# Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
privileged: false
# Any other options to be used when the container is started (e.g., --add-host=my.gitea.url:host-gateway).
options:
# The parent directory of a job's working directory.
# NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically.
# If the path starts with '/', the '/' will be trimmed.
# For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
# If it's empty, /workspace will be used.
workdir_parent:
# Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
# You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
# For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
# valid_volumes:
# - data
# - /src/*.json
# If you want to allow any volume, please use the following configuration:
# valid_volumes:
# - '**'
valid_volumes: []
# Overrides the docker client host with the specified one.
# If it's empty, act_runner will find an available docker host automatically.
# If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
# If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
docker_host: ""
# Pull docker image(s) even if already present
force_pull: true
# Rebuild docker image(s) even if already present
force_rebuild: false
# Always require a reachable docker daemon, even if not required by act_runner
require_docker: false
# Timeout to wait for the docker daemon to be reachable, if docker is required by require_docker or act_runner
docker_timeout: 0s
host:
# The parent directory of a job's working directory.
# If it's empty, $HOME/.cache/act/ will be used.
workdir_parent:

37
templates/docker-compose.yaml.j2 Normal file
View File

@@ -0,0 +1,37 @@
---
services:
gitea:
image: docker.gitea.com/gitea:{{ gitea_container_tag }}
restart: always
env_file:
- .env
volumes:
- {{ gitea_data_mount }}:/var/lib/gitea
- {{ gitea_config_mount }}:/etc/gitea
- {{ gitea_log_mount }}:{{ gitea_log_root_path }}
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- 127.0.0.1:{{ gitea_web_port }}:3000
- 0.0.0.0:{{ gitea_ssh_port }}:2222
{% for runner in gitea_runners %}
{{ runner.name }}:
image: gitea/act_runner:latest-dind-rootless
restart: always
privileged: true
depends_on:
- gitea
volumes:
- {{ runner.config_file_mount }}:/config.yaml
- {{ runner.data_mount }}:/data
{% if runner.cache_enabled %}
ports:
- 127.0.0.1:{{ runner.cache_port }}:{{ runner.cache_port }}
{% endif %}
environment:
CONFIG_FILE: /config.yaml
GITEA_RUNNER_NAME: {{ runner.name }}
GITEA_INSTANCE_URL: {{ gitea_root_url }}
DOCKER_HOST: "unix:///var/run/user/1000/docker.sock"
GITEA_RUNNER_REGISTRATION_TOKEN: {{ gitea_runner_global_registration_token | default(runner.registration_token) | default('') }}
{% endfor %}

429
templates/env.j2 Normal file
View File

@@ -0,0 +1,429 @@
# ============================================
# Default Configuration
# ============================================
GITEA__DEFAULT__APP_NAME={{ gitea_app_name }}
GITEA__DEFAULT__RUN_MODE={{ gitea_run_mode }}
GITEA__DEFAULT__RUN_USER={{ gitea_user }}
# ============================================
# Server Configuration
# ============================================
GITEA__server__PROTOCOL={{ gitea_protocol }}
GITEA__server__DOMAIN={{ gitea_http_domain }}
GITEA__server__ROOT_URL={{ gitea_root_url }}
GITEA__server__HTTP_ADDR={{ gitea_http_listen }}
GITEA__server__HTTP_PORT={{ gitea_internal_http_port }}
GITEA__server__SSH_PORT={{ gitea_internal_ssh_port }}
GITEA__server__SSH_LISTEN_HOST={{ gitea_ssh_listen }}
GITEA__server__START_SSH_SERVER={{ gitea_start_ssh | bool | lower }}
GITEA__server__SSH_DOMAIN={{ gitea_ssh_domain }}
GITEA__server__LANDING_PAGE={{ gitea_landing_page }}
{% if gitea_server_extra_config %}
# Additional Server Configuration
{% for item in gitea_server_extra_config | dict2items %}
GITEA__server__{{ item.key }}={{ item.value }}
{% endfor %}
{% endif %}
# ============================================
# Service Configuration
# ============================================
GITEA__service__DISABLE_REGISTRATION={{ gitea_disable_registration | bool | lower }}
GITEA__service__REGISTER_EMAIL_CONFIRM={{ gitea_register_email_confirm | bool | lower }}
GITEA__service__REGISTER_MANUAL_CONFIRM={{ gitea_register_manual_confirm | bool | lower }}
GITEA__service__REQUIRE_SIGNIN_VIEW={{ gitea_require_signin_view | bool | lower }}
GITEA__service__ENABLE_NOTIFY_MAIL={{ gitea_enable_notify_mail | bool | lower }}
GITEA__service__ENABLE_CAPTCHA={{ gitea_enable_captcha | bool | lower }}
{% if gitea_enable_captcha %}
GITEA__service__REQUIRE_CAPTCHA_FOR_LOGIN={{ gitea_require_captcha_for_login }}
GITEA__service__CAPTCHA_TYPE={{ gitea_captcha_type }}
{% endif %}
GITEA__service__SHOW_REGISTRATION_BUTTON={{ gitea_show_registration_button | bool | lower }}
GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE={{ gitea_default_keep_email_private | bool | lower }}
GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION={{ gitea_default_allow_create_organization | bool | lower }}
GITEA__service__DEFAULT_USER_IS_RESTRICTED={{ gitea_default_user_is_restricted | bool | lower }}
GITEA__service__DEFAULT_USER_VISIBILITY={{ gitea_default_user_visibility }}
GITEA__service__DEFAULT_ORG_VISIBILITY={{ gitea_default_org_visibility }}
GITEA__service__DEFAULT_ORG_MEMBER_VISIBLE={{ gitea_default_org_member_visible | bool | lower }}
GITEA__service__ALLOW_ONLY_INTERNAL_REGISTRATION={{ gitea_allow_only_internal_registration | bool | lower }}
GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION={{ gitea_allow_only_external_registration | bool | lower }}
{% if gitea_email_domain_allowlist %}
GITEA__service__EMAIL_DOMAIN_ALLOWLIST={{ gitea_email_domain_allowlist }}
{% endif %}
{% if gitea_email_domain_blocklist %}
GITEA__service__EMAIL_DOMAIN_BLOCKLIST={{ gitea_email_domain_blocklist }}
{% endif %}
{% if gitea_no_reply_address %}
GITEA__service__NO_REPLY_ADDRESS={{ gitea_no_reply_address }}
{% endif %}
GITEA__service__ENABLE_USER_HEATMAP={{ gitea_enable_user_heatmap | bool | lower }}
GITEA__service__ENABLE_TIMETRACKING={{ gitea_enable_timetracking | bool | lower }}
GITEA__service__AUTO_WATCH_NEW_REPOS={{ gitea_auto_watch_new_repos | bool | lower }}
GITEA__service__AUTO_WATCH_ON_CHANGES={{ gitea_auto_watch_on_changes | bool | lower }}
GITEA__service__SHOW_MILESTONES_DASHBOARD_PAGE={{ gitea_show_milestones_dashboard_page | bool | lower }}
{% if gitea_service_extra_config %}
# Additional Service Configuration
{% for item in gitea_service_extra_config | dict2items %}
{% if item.value is boolean %}
GITEA__service__{{ item.key }}={{ item.value | bool | lower }}
{% else %}
GITEA__service__{{ item.key }}={{ item.value }}
{% endif %}
{% endfor %}
{% endif %}
# ============================================
# Security Configuration
# ============================================
{% if gitea_secret_key %}
GITEA__security__SECRET_KEY={{ gitea_secret_key }}
{% endif %}
{% if gitea_internal_token %}
GITEA__security__INTERNAL_TOKEN={{ gitea_internal_token }}
{% endif %}
GITEA__security__INSTALL_LOCK={{ gitea_install_lock | bool | lower }}
GITEA__security__DISABLE_GIT_HOOKS={{ gitea_disable_git_hooks | bool | lower }}
GITEA__security__DISABLE_WEBHOOKS={{ gitea_disable_webhooks | bool | lower }}
GITEA__security__PASSWORD_COMPLEXITY={{ gitea_password_complexity }}
GITEA__security__PASSWORD_MIN_LENGTH={{ gitea_password_min_length }}
GITEA__security__PASSWORD_CHECK_PWN={{ gitea_password_check_pwn | bool | lower }}
{% if gitea_2fa %}
GITEA__security__TWO_FACTOR_AUTH={{ gitea_2fa }}
{% endif %}
GITEA__security__LOGIN_REMEMBER_DAYS={{ gitea_login_remember_days }}
GITEA__security__COOKIE_REMEMBER_NAME={{ gitea_cookie_remember_name }}
{% if gitea_security_extra_config %}
# Additional Security Configuration
{% for item in gitea_security_extra_config | dict2items %}
GITEA__security__{{ item.key }}={{ item.value if item.value is not boolean else (item.value | bool | lower) }}
{% endfor %}
{% endif %}
# ============================================
# Repository Configuration
# ============================================
GITEA__repository__FORCE_PRIVATE={{ gitea_repo_force_private }}
GITEA__repository__DEFAULT_PRIVATE={{ gitea_repo_default_private }}
GITEA__repository__DEFAULT_PUSH_CREATE_PRIVATE={{ gitea_repo_default_push_create_private }}
GITEA__repository__PREFERRED_LICENSES={{ gitea_repo_preferred_licenses }}
GITEA__repository__DISABLE_HTTP_GIT={{ gitea_repo_disable_http_git }}
GITEA__repository__DEFAULT_BRANCH={{ gitea_repo_default_branch }}
GITEA__repository__DISABLE_STARS={{ gitea_repo_disable_stars }}
GITEA__repository__DISABLE_MIGRATIONS={{ gitea_repo_disable_migrations }}
{% if gitea_repository_extra_config %}
# Additional Repository Configuration
{% for item in gitea_repository_extra_config | dict2items %}
{% if item.value is boolean %}
GITEA__repository__{{ item.key }}={{ item.value | bool | lower }}
{% else %}
GITEA__repository__{{ item.key }}={{ item.value }}
{% endif %}
{% endfor %}
{% endif %}
# ============================================
# CORS Configuration
# ============================================
GITEA__cors__ENABLED={{ gitea_cors_enabled }}
GITEA__cors__ALLOW_DOMAIN={{ gitea_cors_allowed_domains }}
GITEA__cors__METHODS={{ gitea_cors_allowed_methods }}
GITEA__cors__MAX_AGE={{ gitea_cors_max_age }}
GITEA__cors__ALLOW_CREDENTIALS={{ gitea_cors_allowed_credentials | bool | lower }}
GITEA__cors__HEADERS={{ gitea_cors_headers }}
GITEA__cors__X_FRAME_OPTIONS={{ gitea_cors_x_frame_options }}
# ============================================
# UI Configuration
# ============================================
GITEA__ui__DEFAULT_THEME={{ gitea_ui_default_theme }}
GITEA__ui__THEMES={{ gitea_ui_themes }}
GITEA__ui__SHOW_USER_EMAIL={{ gitea_ui_show_user_email }}
GITEA__ui__DEFAULT_SHOW_FULL_NAME={{ gitea_ui_show_full_name }}
{% if gitea_ui_extra_config %}
# Additional UI Configuration
{% for item in gitea_ui_extra_config | dict2items %}
{% if item.value is boolean %}
GITEA__ui__{{ item.key }}={{ item.value | bool | lower }}
{% else %}
GITEA__ui__{{ item.key }}={{ item.value }}
{% endif %}
{% endfor %}
{% endif %}
# ============================================
# UI.meta Configuration
# ============================================
GITEA__ui.meta__AUTHOR={{ gitea_ui_meta_author }}
GITEA__ui.meta__DESCRIPTION={{ gitea_ui_meta_description }}
GITEA__ui.meta__KEYWORDS={{ gitea_ui_meta_keywords }}
# ============================================
# Indexer Configuration
# ============================================
# Issue Indexer
GITEA__indexer__ISSUE_INDEXER_TYPE={{ gitea_issue_indexer_type }}
{% if gitea_issue_indexer_type in ['elasticsearch', 'meilisearch'] and gitea_issue_indexer_connection_string %}
GITEA__indexer__ISSUE_INDEXER_CONN_STR={{ gitea_issue_indexer_connection_string }}
{% endif %}
{% if gitea_issue_indexer_type in ['elasticsearch', 'meilisearch'] and gitea_issue_indexer_name %}
GITEA__indexer__ISSUE_INDEXER_NAME={{ gitea_issue_indexer_name }}
{% endif %}
{% if gitea_issue_indexer_type == 'bleve' and gitea_issue_indexer_path %}
GITEA__indexer__ISSUE_INDEXER_PATH={{ gitea_issue_indexer_path }}
{% endif %}
# Repository Indexer
GITEA__indexer__REPO_INDEXER_ENABLED={{ gitea_repo_indexer_enabled | bool | lower }}
{% if gitea_repo_indexer_enabled %}
{% if gitea_repo_indexer_repo_types %}
GITEA__indexer__REPO_INDEXER_REPO_TYPES={{ gitea_repo_indexer_repo_types }}
{% endif %}
GITEA__indexer__REPO_INDEXER_TYPE={{ gitea_repo_indexer_type }}
{% if gitea_repo_indexer_type == 'bleve' and gitea_repo_indexer_path %}
GITEA__indexer__REPO_INDEXER_PATH={{ gitea_repo_indexer_path }}
{% endif %}
{% if gitea_repo_indexer_type == 'elasticsearch' and gitea_repo_indexer_connection_string %}
GITEA__indexer__REPO_INDEXER_CONN_STR={{ gitea_repo_indexer_connection_string }}
{% endif %}
{% if gitea_repo_indexer_type == 'elasticsearch' and gitea_repo_indexer_name %}
GITEA__indexer__REPO_INDEXER_NAME={{ gitea_repo_indexer_name }}
{% endif %}
{% if gitea_repo_indexer_include %}
GITEA__indexer__REPO_INDEXER_INCLUDE={{ gitea_repo_indexer_include }}
{% endif %}
{% if gitea_repo_indexer_exclude %}
GITEA__indexer__REPO_INDEXER_EXCLUDE={{ gitea_repo_indexer_exclude }}
{% endif %}
GITEA__indexer__REPO_INDEXER_EXCLUDE_VENDORED={{ gitea_repo_indexer_exclude_vendored | bool | lower }}
GITEA__indexer__MAX_FILE_SIZE={{ gitea_repo_indexer_max_file_size }}
{% endif %}
{% if gitea_indexer_startup_timeout %}
GITEA__indexer__STARTUP_TIMEOUT={{ gitea_indexer_startup_timeout }}
{% endif %}
{% if gitea_indexer_extra_config %}
# Additional Indexer Configuration
{% for item in gitea_indexer_extra_config | dict2items %}
{% if item.value is boolean %}
GITEA__indexer__{{ item.key }}={{ item.value | bool | lower }}
{% else %}
GITEA__indexer__{{ item.key }}={{ item.value }}
{% endif %}
{% endfor %}
{% endif %}
# ============================================
# Packages Configuration
# ============================================
GITEA__packages__ENABLED={{ gitea_packages_enabled | bool | lower }}
{% if gitea_packages_extra_config %}
# Additional Packages Configuration
{% for item in gitea_packages_extra_config | dict2items %}
GITEA__packages__{{ item.key }}={{ item.value if item.value is not boolean else (item.value | bool | lower) }}
{% endfor %}
{% endif %}
# ============================================
# Actions Configuration
# ============================================
GITEA__actions__ENABLED={{ gitea_actions_enabled | bool | lower }}
{% if gitea_actions_enabled %}
GITEA__actions__DEFAULT_ACTIONS_URL={{ gitea_actions_default_actions_url }}
{% endif %}
{% if gitea_runner_global_registration_token %}
GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea_runner_global_registration_token }}
{% endif %}
{% if gitea_actions_extra_config %}
# Additional Actions Configuration
{% for item in gitea_actions_extra_config | dict2items %}
GITEA__actions__{{ item.key }}={{ item.value if item.value is not boolean else (item.value | bool | lower) }}
{% endfor %}
{% endif %}
# ============================================
# Log Configuration
# ============================================
{% if gitea_log_root_path %}
GITEA__log__ROOT_PATH={{ gitea_log_root_path }}
{% endif %}
GITEA__log__MODE={{ gitea_log_mode }}
GITEA__log__LEVEL={{ gitea_log_level }}
{% if gitea_log_extra_config %}
# Additional Log Configuration
{% for item in gitea_log_extra_config | dict2items %}
{% if item.value is boolean %}
GITEA__log__{{ item.key }}={{ item.value | bool | lower }}
{% else %}
GITEA__log__{{ item.key }}={{ item.value }}
{% endif %}
{% endfor %}
{% endif %}
# ============================================
# Mailer Configuration
# ============================================
GITEA__mailer__ENABLED={{ gitea_mailer_enabled | bool | lower }}
{% if gitea_mailer_enabled %}
{% if gitea_mailer_protocol %}
GITEA__mailer__PROTOCOL={{ gitea_mailer_protocol }}
{% endif %}
{% if gitea_mailer_smtp_addr %}
GITEA__mailer__SMTP_ADDR={{ gitea_mailer_smtp_addr }}
{% endif %}
{% if gitea_mailer_smtp_port %}
GITEA__mailer__SMTP_PORT={{ gitea_mailer_smtp_port }}
{% endif %}
{% if gitea_mailer_user %}
GITEA__mailer__USER={{ gitea_mailer_user }}
{% endif %}
{% if gitea_mailer_password %}
GITEA__mailer__PASSWD={{ gitea_mailer_password }}
{% endif %}
{% if gitea_mailer_from %}
GITEA__mailer__FROM={{ gitea_mailer_from }}
{% endif %}
{% if gitea_mailer_subject_prefix %}
GITEA__mailer__SUBJECT_PREFIX={{ gitea_mailer_subject_prefix }}
{% endif %}
GITEA__mailer__SEND_AS_PLAIN_TEXT={{ gitea_mailer_send_as_plain_text | bool | lower }}
{% endif %}
{% if gitea_mailer_extra_config %}
# Additional Mailer Configuration
{% for item in gitea_mailer_extra_config | dict2items %}
{% if item.value is boolean %}
GITEA__mailer__{{ item.key }}={{ item.value | bool | lower }}
{% else %}
GITEA__mailer__{{ item.key }}={{ item.value }}
{% endif %}
{% endfor %}
{% endif %}
# ============================================
# Mirror Configuration
# ============================================
GITEA__mirror__ENABLED={{ gitea_mirror_enabled | bool | lower }}
GITEA__mirror__DISABLE_NEW_PULL={{ gitea_mirror_disable_new_pull | bool | lower }}
GITEA__mirror__DISABLE_NEW_PUSH={{ gitea_mirror_disable_new_push | bool | lower }}
GITEA__mirror__DEFAULT_INTERVAL={{ gitea_mirror_default_interval }}
GITEA__mirror__MIN_INTERVAL={{ gitea_mirror_min_interval }}
{% if gitea_mirror_extra_config %}
# Additional Mirror Configuration
{% for item in gitea_mirror_extra_config | dict2items %}
{% if item.value is boolean %}
GITEA__mirror__{{ item.key }}={{ item.value | bool | lower }}
{% else %}
GITEA__mirror__{{ item.key }}={{ item.value }}
{% endif %}
{% endfor %}
{% endif %}
# ============================================
# Metrics Configuration
# ============================================
GITEA__metrics__ENABLED={{ gitea_metrics_enabled | bool | lower }}
{% if gitea_metrics_enabled and gitea_metrics_token %}
GITEA__metrics__TOKEN={{ gitea_metrics_token }}
{% endif %}
{% if gitea_metrics_extra_config %}
# Additional Metrics Configuration
{% for item in gitea_metrics_extra_config | dict2items %}
{% if item.value is boolean %}
GITEA__metrics__{{ item.key }}={{ item.value | bool | lower }}
{% else %}
GITEA__metrics__{{ item.key }}={{ item.value }}
{% endif %}
{% endfor %}
{% endif %}
# ============================================
# API Configuration
# ============================================
GITEA__api__ENABLE_SWAGGER={{ gitea_api_enable_swagger | bool | lower }}
GITEA__api__MAX_RESPONSE_ITEMS={{ gitea_api_max_response_items }}
GITEA__api__DEFAULT_PAGING_NUM={{ gitea_api_default_paging_num }}
{% if gitea_api_extra_config %}
# Additional API Configuration
{% for item in gitea_api_extra_config | dict2items %}
{% if item.value is boolean %}
GITEA__api__{{ item.key }}={{ item.value | bool | lower }}
{% else %}
GITEA__api__{{ item.key }}={{ item.value }}
{% endif %}
{% endfor %}
{% endif %}
# ============================================
# OAuth2 Configuration
# ============================================
GITEA__oauth2__ENABLED={{ gitea_oauth2_enabled | bool | lower }}
{% if gitea_oauth2_enabled %}
GITEA__oauth2__ACCESS_TOKEN_EXPIRATION_TIME={{ gitea_oauth2_access_token_expiration_time }}
GITEA__oauth2__REFRESH_TOKEN_EXPIRATION_TIME={{ gitea_oauth2_refresh_token_expiration_time }}
GITEA__oauth2__JWT_SIGNING_ALGORITHM={{ gitea_oauth2_jwt_signing_algorithm }}
{% if gitea_oauth2_jwt_secret %}
GITEA__oauth2__JWT_SECRET={{ gitea_oauth2_jwt_secret }}
{% endif %}
{% endif %}
{% if gitea_oauth2_extra_config %}
# Additional OAuth2 Configuration
{% for item in gitea_oauth2_extra_config | dict2items %}
{% if item.value is boolean %}
GITEA__oauth2__{{ item.key }}={{ item.value | bool | lower }}
{% else %}
GITEA__oauth2__{{ item.key }}={{ item.value }}
{% endif %}
{% endfor %}
{% endif %}
# ============================================
# Other Configuration
# ============================================
GITEA__other__SHOW_FOOTER_VERSION={{ gitea_show_footer_version | bool | lower }}
GITEA__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME={{ gitea_show_footer_template_load_time | bool | lower }}
GITEA__other__ENABLE_SITEMAP={{ gitea_enable_sitemap | bool | lower }}
GITEA__other__ENABLE_FEED={{ gitea_enable_feed | bool | lower }}
{% if gitea_other_extra_config %}
# Additional Other Configuration
{% for item in gitea_other_extra_config | dict2items %}
{% if item.value is boolean %}
GITEA__other__{{ item.key }}={{ item.value | bool | lower }}
{% else %}
GITEA__other__{{ item.key }}={{ item.value }}
{% endif %}
{% endfor %}
{% endif %}
# ============================================
# Additonal environment variables
# ============================================
{% for item in gitea_extra_config | dict2items %}
{% if item.value is boolean %}
{{ item.key }}={{ item.value | bool | lower }}
{% else %}
{{ item.key }}={{ item.value }}
{% endif %}
{% endfor %}

4
templates/fail2ban/filter.conf.j2 Normal file
View File

@@ -0,0 +1,4 @@
# gitea.local
[Definition]
failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
ignoreregex =

11
templates/fail2ban/jail.conf.j2 Normal file
View File

@@ -0,0 +1,11 @@
{# https://docs.gitea.com/administration/fail2ban-setup #}
[{{ gitea_fail2ban_jail_name }}]
enabled = true
filter = {{ gitea_fail2ban_filter }}
port = {{ gitea_fail2ban_port }}
logpath = {{ gitea_mounted_log_path }}
maxretry = {{ gitea_fail2ban_jail_maxretry }}
findtime = {{ gitea_fail2ban_jail_findtime }}
bantime = {{ gitea_fail2ban_jail_bantime }}
action = {{ gitea_fail2ban_jail_action }}