39be9fafe7
- Move group_vars into inventory/ so playbooks can find them (was only visible to ad-hoc commands via CWD) - Add Ansible Vault for sensitive variables (gitea/grafana passwords, tokens, db credentials) with vault_password_file outside the repo - Enable Gitea Actions and deploy act_runner with Docker backend on the gitea VM - Add .gitea/workflows/lint.yml to run ansible-lint on every push - Set up Gitea → GitHub push mirror (sync_on_commit) - Fix ansible.cfg stdout_callback for ansible-core 2.20 compatibility - Add python-psycopg2 to gitea role (required for postgresql modules) - Add docker to gitea_runner role (required by act_runner at startup) - Exclude password hashes and VM images from git Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
54 lines
1.0 KiB
Django/Jinja
54 lines
1.0 KiB
Django/Jinja
[DEFAULT]
|
|
RUN_USER = gitea
|
|
RUN_MODE = prod
|
|
|
|
[server]
|
|
DOMAIN = {{ gitea_domain }}
|
|
HTTP_ADDR = 0.0.0.0
|
|
HTTP_PORT = {{ gitea_http_port }}
|
|
ROOT_URL = http://{{ gitea_domain }}:{{ gitea_http_port }}/
|
|
SSH_DOMAIN = {{ gitea_domain }}
|
|
SSH_PORT = 22
|
|
START_SSH_SERVER = false
|
|
DISABLE_SSH = false
|
|
|
|
[database]
|
|
DB_TYPE = postgres
|
|
HOST = 127.0.0.1:5432
|
|
NAME = {{ gitea_db_name }}
|
|
USER = {{ gitea_db_user }}
|
|
PASSWD = {{ gitea_db_password }}
|
|
SSL_MODE = disable
|
|
|
|
[repository]
|
|
ROOT = /var/lib/gitea/data/repositories
|
|
|
|
[security]
|
|
SECRET_KEY = {{ gitea_secret_key }}
|
|
INTERNAL_TOKEN = {{ gitea_internal_token }}
|
|
INSTALL_LOCK = true
|
|
PASSWORD_HASH_ALGO = argon2
|
|
|
|
[service]
|
|
DISABLE_REGISTRATION = false
|
|
REQUIRE_SIGNIN_VIEW = false
|
|
DEFAULT_KEEP_EMAIL_PRIVATE = true
|
|
|
|
[log]
|
|
MODE = console
|
|
LEVEL = info
|
|
ROOT_PATH = /var/log/gitea
|
|
|
|
[session]
|
|
PROVIDER = db
|
|
|
|
[cache]
|
|
ADAPTER = memory
|
|
|
|
[actions]
|
|
ENABLED = true
|
|
|
|
[indexer]
|
|
ISSUE_INDEXER_TYPE = bleve
|
|
REPO_INDEXER_ENABLED = true
|