diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml
index 2144fef7a..a0eff2ca3 100644
--- a/roles/6-generic-apps/tasks/main.yml
+++ b/roles/6-generic-apps/tasks/main.yml
@@ -15,17 +15,23 @@
when: mediawiki_install
tags: mediawiki
+- name: EJABBERD
+ include_role:
+ name: ejabberd
+ when: ejabberd_install
+ tags: ejabberd
+
- name: ELGG
include_role:
name: elgg
when: elgg_install
tags: elgg
-- name: EJABBERD
+- name: GITEA
include_role:
- name: ejabberd
- when: ejabberd_install
- tags: ejabberd
+ name: gitea
+ when: gitea_install
+ tags: gitea
- name: LOKOLE
include_role:
diff --git a/roles/gitea/README.rst b/roles/gitea/README.rst
new file mode 100644
index 000000000..d1ca14dc3
--- /dev/null
+++ b/roles/gitea/README.rst
@@ -0,0 +1,30 @@
+=============
+Gitea README
+=============
+
+This Ansible role installs Gitea - a self-hosted Git service written in Go.
+
+Using It
+--------
+
+Gitea should be accessible at http://box/gitea
+
+Configuration
+-------------
+
+Gitea has been configured to work with MySQL; it can also be used with SQLite or
+Postgres. If you want to use it with a different database, change the
+``DB_TYPE`` property in ``/etc/gitea/app.ini`` [1] and change the line ``After=mysqld.service``
+in ``/etc/systemd/system/gitea.service`` [2] to one of the following:
+
+* SQLite: comment it out.
+* Postgres: ``After=postgresql.service``
+
+[1] Prior to installing Gitea, instead edit ``/opt/iiab/iiab/roles/gitea/templates/app.ini.j2``
+
+[2] Prior to installing Gitea, instead edit ``/opt/iiab/iiab/roles/gitea/templates/gitea.service.j2``
+
+Documentation
+-------------
+
+Further info on configuring: `https://docs.gitea.io `_
diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml
new file mode 100644
index 000000000..b48f3c631
--- /dev/null
+++ b/roles/gitea/defaults/main.yml
@@ -0,0 +1,59 @@
+# gitea_install: True
+# gitea_enabled: True
+
+# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
+# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
+
+# Using @coolaj86's script as a template
+# https://git.coolaj86.com/coolaj86/gitea-installer.sh
+
+# Information needed to install Gitea
+gitea_version: "1.7.3"
+iset_suffixes:
+ i386: "386"
+ x86_64: "amd64"
+ armv6l: "arm-6"
+ armv7l: "arm-7"
+
+gitea_iset_suffix: "{{ iset_suffixes[ansible_architecture] | default('unknown') }}"
+
+gitea_download_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_iset_suffix }}"
+gitea_integrity_url: "{{ gitea_download_url }}.asc"
+
+gitea_root_directory: "/library/gitea"
+gitea_subdirectories:
+ - bin
+ - custom
+ - data
+ - indexers
+ - public
+ - log
+gitea_install_path: "{{ gitea_root_directory }}/bin/gitea-{{ gitea_version }}"
+gitea_checksum_path: "{{ gitea_root_directory }}/bin/gitea-{{ gitea_version }}.asc"
+
+gitea_link_path: "{{ gitea_root_directory }}/gitea"
+
+# Information needed to verify Gitea
+gitea_gpg_key: 7C9E68152594688862D62AF62D9AE806EC1592E2
+
+# Information needed to run Gitea
+gitea_user: gitea
+gitea_home: "/home/{{ gitea_user }}" # SSH credentials stored here
+gitea_run_directory: "{{ gitea_root_directory }}"
+
+gitea_url: /gitea
+gitea_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ gitea_url }}"
+
+gitea_port: 61734 # leet for GITEA
+
+# Data locations
+gitea_db_path: "{{ gitea_root_directory }}/data/gitea.db"
+gitea_repo_root: "{{ gitea_root_directory }}/data/repositories"
+gitea_lfs_root: "{{ gitea_root_directory }}/data/lfs"
+
+# Log file location
+gitea_log_root: "{{ gitea_root_directory }}/log"
+
+# Extra configuration
+gitea_display_name: Internet-in-a-Box Gitea
+skip_install_screen: true
diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml
new file mode 100644
index 000000000..71514da6c
--- /dev/null
+++ b/roles/gitea/tasks/install.yml
@@ -0,0 +1,190 @@
+# Prepare to install Gitea: create user and directory structure
+
+- name: Shut down existing Gitea instance (if we're reinstalling)
+ systemd:
+ name: gitea
+ state: stopped
+ tags:
+ - pre-install
+ ignore_errors: yes
+
+- name: Ensure group gitea exists
+ group:
+ name: gitea
+ state: present
+ tags:
+ - pre-install
+
+- name: Create user gitea
+ user:
+ name: gitea
+ comment: Gitea daemon account
+ groups: gitea
+ home: "{{ gitea_home }}"
+ tags:
+ - pre-install
+
+- name: Create Gitea directory structure
+ file:
+ path: "{{ gitea_root_directory }}/{{ item }}"
+ state: directory
+ owner: gitea
+ group: gitea
+ with_items: "{{ gitea_subdirectories }}"
+ tags:
+ - pre-install
+
+- name: Make directories data, indexers, and log writable
+ file:
+ path: "{{ gitea_root_directory }}/{{ item }}"
+ mode: 0750
+ with_items:
+ - data
+ - indexers
+ - log
+ tags:
+ - pre-install
+
+# Download, verify, and link Gitea binary
+
+- name: Fail if we detect unknown architecture
+ fail:
+ msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\""
+ when: gitea_iset_suffix == "unknown"
+
+- name: Download Gitea binary
+ get_url:
+ url: "{{ gitea_download_url }}"
+ dest: "{{ gitea_install_path }}"
+ mode: 0775
+ tags:
+ - install
+ when: internet_available
+
+- name: Download Gitea GPG signature
+ get_url:
+ url: "{{ gitea_integrity_url }}"
+ dest: "{{ gitea_checksum_path }}"
+ tags:
+ - never
+ - verify
+ when: internet_available
+
+- name: Verify Gitea binary with GPG signature
+ shell: |
+ gpg --keyserver pgp.mit.edu --recv {{ gitea_gpg_key }}
+ gpg --verify {{ gitea_checksum_path }} {{ gitea_install_path }}
+ tags:
+ - never
+ - verify
+ ignore_errors: yes
+
+- name: Link Gitea
+ file:
+ src: "{{ gitea_install_path }}"
+ dest: "{{ gitea_link_path }}"
+ owner: gitea
+ group: gitea
+ state: link
+ tags:
+ - install
+
+# Configure Gitea
+
+# For security reasons, the Gitea developers recommend removing group write
+# permissions from /etc/gitea/ and /etc/gitea/app.ini after the first run of
+# Gitea. User gitea needs write permissions during the first run but not
+# subsequent runs.
+
+- name: Create Gitea config directory
+ file:
+ path: /etc/gitea
+ state: directory
+ owner: root
+ group: gitea
+ mode: 0770
+ tags:
+ - config
+
+- name: Create app.ini
+ template:
+ src: app.ini.j2
+ dest: /etc/gitea/app.ini
+ owner: root
+ group: gitea
+ mode: 0664
+ tags:
+ - config
+
+# Create systemd service
+
+- name: Create 'gitea' service
+ template:
+ src: gitea.service.j2
+ dest: "/etc/systemd/system/gitea.service"
+ tags:
+ - systemd
+
+- name: Enable 'gitea' service
+ systemd:
+ daemon_reload: yes
+ name: gitea
+ enabled: yes
+ state: restarted
+ when: gitea_enabled
+
+- name: Disable 'gitea' service
+ systemd:
+ name: gitea
+ enabled: no
+ state: stopped
+ when: not gitea_enabled
+
+# Configure HTTPD
+
+- name: Copy gitea httpd conf file
+ template:
+ src: gitea.conf.j2
+ dest: "/etc/{{ apache_config_dir }}/gitea.conf"
+
+- name: Enable httpd conf file (debuntu)
+ file:
+ src: /etc/{{ apache_config_dir }}/gitea.conf
+ dest: /etc/apache2/sites-enabled/gitea.conf
+ state: link
+ when: gitea_enabled and is_debuntu
+
+- name: Remove httpd conf file (OS's other than debuntu)
+ file:
+ path: /etc/apache2/sites-enabled/gitea.conf
+ state: absent
+ when: not gitea_enabled and is_debuntu
+
+- name: >-
+ Restart Apache ({{ apache_service }}) to {% if gitea_enabled %}enable{%
+ else %}disable{% endif %} http://box/gitea
+ service:
+ name: "{{ apache_service }}"
+ state: restarted
+
+# Add Gitea to registry
+
+- name: Add 'gitea' to list of services at {{ iiab_ini_file }}
+ ini_file:
+ dest: "{{ iiab_ini_file }}"
+ section: gitea
+ option: "{{ item.option }}"
+ value: "{{ item.value }}"
+ with_items:
+ - option: name
+ value: gitea
+ - option: description
+ value: '"Gitea: Git with a cup of tea"'
+ - option: gitea_run_directory
+ value: "{{ gitea_run_directory }}"
+ - option: gitea_url
+ value: "{{ gitea_url }}"
+ - option: gitea_full_url
+ value: "{{ gitea_full_url }}"
+ - option: gitea_enabled
+ value: "{{ gitea_enabled }}"
diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
new file mode 100644
index 000000000..e75a9f12a
--- /dev/null
+++ b/roles/gitea/tasks/main.yml
@@ -0,0 +1,3 @@
+- name: Install Gitea {{ gitea_version }} if gitea_install
+ include_tasks: install.yml
+ when: gitea_install
diff --git a/roles/gitea/templates/app.ini.j2 b/roles/gitea/templates/app.ini.j2
new file mode 100644
index 000000000..ddae9b7e1
--- /dev/null
+++ b/roles/gitea/templates/app.ini.j2
@@ -0,0 +1,656 @@
+; This file lists the default values used by Gitea
+; Copy required sections to your own app.ini (default is custom/conf/app.ini)
+; and modify as needed.
+
+; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
+
+; App name that shows in every page title
+APP_NAME = {{ gitea_display_name }}
+; Change it if you run locally
+RUN_USER = {{ gitea_user }}
+; Either "dev", "prod" or "test", default is "dev"
+RUN_MODE = dev
+
+[repository]
+ROOT = {{ gitea_repo_root }}
+SCRIPT_TYPE = bash
+; Default ANSI charset
+ANSI_CHARSET =
+; Force every new repository to be private
+FORCE_PRIVATE = false
+; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used.
+DEFAULT_PRIVATE = last
+; Global limit of repositories per user, applied at creation time. -1 means no limit
+MAX_CREATION_LIMIT = -1
+; Mirror sync queue length, increase if mirror syncing starts hanging
+MIRROR_QUEUE_LENGTH = 1000
+; Patch test queue length, increase if pull request patch testing starts hanging
+PULL_REQUEST_QUEUE_LENGTH = 1000
+; Preferred Licenses to place at the top of the List
+; The name here must match the filename in conf/license or custom/conf/license
+PREFERRED_LICENSES = Apache License 2.0,MIT License
+; Disable the ability to interact with repositories using the HTTP protocol
+DISABLE_HTTP_GIT = false
+; Force ssh:// clone url instead of scp-style uri when default SSH port is used
+USE_COMPAT_SSH_URI = false
+
+[repository.editor]
+; List of file extensions for which lines should be wrapped in the CodeMirror editor
+; Separate extensions with a comma. To line wrap files without an extension, just put a comma
+LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
+; Valid file modes that have a preview API associated with them, such as api/v1/markdown
+; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match
+PREVIEWABLE_FILE_MODES = markdown
+
+[repository.local]
+; Path for local repository copy. Defaults to `tmp/local-repo`
+LOCAL_COPY_PATH = tmp/local-repo
+; Path for local wiki copy. Defaults to `tmp/local-wiki`
+LOCAL_WIKI_PATH = tmp/local-wiki
+
+[repository.upload]
+; Whether repository file uploads are enabled. Defaults to `true`
+ENABLED = true
+; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart)
+TEMP_PATH = data/tmp/uploads
+; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type
+ALLOWED_TYPES =
+; Max size of each file in megabytes. Defaults to 3MB
+FILE_MAX_SIZE = 3
+; Max number of files per upload. Defaults to 5
+MAX_FILES = 5
+
+[repository.pull-request]
+; List of prefixes used in Pull Request title to mark them as Work In Progress
+WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
+
+[ui]
+; Number of repositories that are displayed on one explore page
+EXPLORE_PAGING_NUM = 20
+; Number of issues that are displayed on one page
+ISSUE_PAGING_NUM = 10
+; Number of maximum commits displayed in one activity feed
+FEED_MAX_COMMIT_NUM = 5
+; Number of maximum commits displayed in commit graph.
+GRAPH_MAX_COMMIT_NUM = 100
+; Number of line of codes shown for a code comment
+CODE_COMMENT_LINES = 4
+; Value of `theme-color` meta tag, used by Android >= 5.0
+; An invalid color like "none" or "disable" will have the default style
+; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
+THEME_COLOR_META_TAG = `#6cc644`
+; Max size of files to be displayed (default is 8MiB)
+MAX_DISPLAY_FILE_SIZE = 8388608
+; Whether the email of the user should be shown in the Explore Users page
+SHOW_USER_EMAIL = true
+; Set the default theme for the Gitea install
+DEFAULT_THEME = gitea
+
+[ui.admin]
+; Number of users that are displayed on one page
+USER_PAGING_NUM = 50
+; Number of repos that are displayed on one page
+REPO_PAGING_NUM = 50
+; Number of notices that are displayed on one page
+NOTICE_PAGING_NUM = 25
+; Number of organizations that are displayed on one page
+ORG_PAGING_NUM = 50
+
+[ui.user]
+; Number of repos that are displayed on one page
+REPO_PAGING_NUM = 15
+
+[ui.meta]
+AUTHOR = Gitea - Git with a cup of tea
+DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go
+KEYWORDS = go,git,self-hosted,gitea
+
+[markdown]
+; Enable hard line break extension
+ENABLE_HARD_LINE_BREAK = false
+; List of custom URL-Schemes that are allowed as links when rendering Markdown
+; for example git,magnet
+CUSTOM_URL_SCHEMES =
+; List of file extensions that should be rendered/edited as Markdown
+; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
+FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
+
+[server]
+; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'.
+PROTOCOL = http
+DOMAIN = localhost
+ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s{{ gitea_url }}/
+; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
+HTTP_ADDR = 0.0.0.0
+HTTP_PORT = {{ gitea_port }}
+; If REDIRECT_OTHER_PORT is true, and PROTOCOL is set to https an http server
+; will be started on PORT_TO_REDIRECT and it will redirect plain, non-secure http requests to the main
+; ROOT_URL. Defaults are false for REDIRECT_OTHER_PORT and 80 for
+; PORT_TO_REDIRECT.
+REDIRECT_OTHER_PORT = false
+PORT_TO_REDIRECT = 80
+; Permission for unix socket
+UNIX_SOCKET_PERMISSION = 666
+; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
+; In most cases you do not need to change the default value.
+; Alter it only if your SSH server node is not the same as HTTP node.
+; Do not set this variable if PROTOCOL is set to 'unix'.
+LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
+; Disable SSH feature when not available
+DISABLE_SSH = false
+; Whether to use the builtin SSH server or not.
+START_SSH_SERVER = false
+; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
+BUILTIN_SSH_SERVER_USER =
+; Domain name to be exposed in clone URL
+SSH_DOMAIN = %(DOMAIN)s
+; THe network interface the builtin SSH server should listen on
+SSH_LISTEN_HOST =
+; Port number to be exposed in clone URL
+SSH_PORT = 22
+; The port number the builtin SSH server should listen on
+SSH_LISTEN_PORT = %(SSH_PORT)s
+; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
+SSH_ROOT_PATH =
+; For the built-in SSH server, choose the ciphers to support for SSH connections,
+; for system SSH this setting has no effect
+SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
+; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections,
+; for system SSH this setting has no effect
+SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
+; For the built-in SSH server, choose the MACs to support for SSH connections,
+; for system SSH this setting has no effect
+SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
+; Directory to create temporary files in when testing public keys using ssh-keygen,
+; default is the system temporary directory.
+SSH_KEY_TEST_PATH =
+; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
+SSH_KEYGEN_PATH = ssh-keygen
+; Enable SSH Authorized Key Backup when rewriting all keys, default is true
+SSH_BACKUP_AUTHORIZED_KEYS = true
+; Enable exposure of SSH clone URL to anonymous visitors, default is false
+SSH_EXPOSE_ANONYMOUS = false
+; Indicate whether to check minimum key size with corresponding type
+MINIMUM_KEY_SIZE_CHECK = false
+; Disable CDN even in "prod" mode
+OFFLINE_MODE = true
+DISABLE_ROUTER_LOG = false
+; Generate steps:
+; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
+;
+; Or from a .pfx file exported from the Windows certificate store (do
+; not forget to export the private key):
+; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
+; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
+CERT_FILE = custom/https/cert.pem
+KEY_FILE = custom/https/key.pem
+; Root directory containing templates and static files.
+; default is the path where Gitea is executed
+STATIC_ROOT_PATH =
+; Default path for App data
+APP_DATA_PATH = data
+; Application level GZIP support
+ENABLE_GZIP = false
+; Application profiling (memory and cpu)
+; For "web" command it listens on localhost:6060
+; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)__
+ENABLE_PPROF = false
+; PPROF_DATA_PATH, use an absolute path when you start gitea as service
+PPROF_DATA_PATH = data/tmp/pprof
+; Landing page, can be "home", "explore", or "organizations"
+LANDING_PAGE = home
+; Enables git-lfs support. true or false, default is false.
+LFS_START_SERVER = false
+; Where your lfs files reside, default is data/lfs.
+LFS_CONTENT_PATH = {{ gitea_lfs_root }}
+; LFS authentication secret, change this yourself
+LFS_JWT_SECRET =
+; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
+LFS_HTTP_AUTH_EXPIRY = 20m
+
+; Define allowed algorithms and their minimum key length (use -1 to disable a type)
+[ssh.minimum_key_sizes]
+ED25519 = 256
+ECDSA = 256
+RSA = 2048
+DSA = 1024
+
+[database]
+; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
+DB_TYPE = sqlite3
+HOST = 127.0.0.1:3306
+NAME = gitea
+USER = root
+; Use PASSWD = `your password` for quoting if you use special characters in the password.
+PASSWD =
+; For Postgres, either "disable" (default), "require", or "verify-full"
+; For MySQL, either "false" (default), "true", or "skip-verify"
+SSL_MODE = disable
+; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
+PATH = {{ gitea_db_path }}
+; For "sqlite3" only. Query timeout
+SQLITE_TIMEOUT = 500
+; For iterate buffer, default is 50
+ITERATE_BUFFER_SIZE = 50
+; Show the database generated SQL
+LOG_SQL = true
+
+[indexer]
+ISSUE_INDEXER_PATH = indexers/issues.bleve
+; repo indexer by default disabled, since it uses a lot of disk space
+REPO_INDEXER_ENABLED = false
+REPO_INDEXER_PATH = indexers/repos.bleve
+UPDATE_BUFFER_LEN = 20
+MAX_FILE_SIZE = 1048576
+
+[admin]
+; Disallow regular (non-admin) users from creating organizations.
+DISABLE_REGULAR_ORG_CREATION = false
+
+[security]
+; Whether the installer is disabled
+INSTALL_LOCK = {{ skip_install_screen | lower }}
+; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
+SECRET_KEY = !#@FDEWREWR&*(
+; How long to remember that an user is logged in before requiring relogin (in days)
+LOGIN_REMEMBER_DAYS = 7
+COOKIE_USERNAME = gitea_awesome
+COOKIE_REMEMBER_NAME = gitea_incredible
+; Reverse proxy authentication header name of user name
+REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
+; The minimum password length for new Users
+MIN_PASSWORD_LENGTH = 6
+; True when users are allowed to import local server paths
+IMPORT_LOCAL_PATHS = false
+; Prevent all users (including admin) from creating custom git hooks
+DISABLE_GIT_HOOKS = false
+
+[openid]
+;
+; OpenID is an open, standard and decentralized authentication protocol.
+; Your identity is the address of a webpage you provide, which describes
+; how to prove you are in control of that page.
+;
+; For more info: https://en.wikipedia.org/wiki/OpenID
+;
+; Current implementation supports OpenID-2.0
+;
+; Tested to work providers at the time of writing:
+; - Any GNUSocial node (your.hostname.tld/username)
+; - Any SimpleID provider (http://simpleid.koinic.net)
+; - http://openid.org.cn/
+; - openid.stackexchange.com
+; - login.launchpad.net
+; - .livejournal.com
+;
+; Whether to allow signin in via OpenID
+ENABLE_OPENID_SIGNIN = true
+; Whether to allow registering via OpenID
+; Do not include to rely on rhw DISABLE_REGISTRATION setting
+;ENABLE_OPENID_SIGNUP = true
+; Allowed URI patterns (POSIX regexp).
+; Space separated.
+; Only these would be allowed if non-blank.
+; Example value: trusted.domain.org trusted.domain.net
+WHITELISTED_URIS =
+; Forbidden URI patterns (POSIX regexp).
+; Space separated.
+; Only used if WHITELISTED_URIS is blank.
+; Example value: loadaverage.org/badguy stackexchange.com/.*spammer
+BLACKLISTED_URIS =
+
+[service]
+; Time limit to confirm account/email registration
+ACTIVE_CODE_LIVE_MINUTES = 180
+; Time limit to perform the reset of a forgotten password
+RESET_PASSWD_CODE_LIVE_MINUTES = 180
+; Whether a new user needs to confirm their email when registering.
+REGISTER_EMAIL_CONFIRM = false
+; Disallow registration, only allow admins to create accounts.
+DISABLE_REGISTRATION = false
+; Allow registration only using third part services, it works only when DISABLE_REGISTRATION is false
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+; User must sign in to view anything.
+REQUIRE_SIGNIN_VIEW = false
+; Mail notification
+ENABLE_NOTIFY_MAIL = false
+; More detail: https://github.com/gogits/gogs/issues/165
+ENABLE_REVERSE_PROXY_AUTHENTICATION = false
+ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
+; Enable captcha validation for registration
+ENABLE_CAPTCHA = false
+; Type of captcha you want to use. Options: image, recaptcha
+CAPTCHA_TYPE = image
+; Enable recaptcha to use Google's recaptcha service
+; Go to https://www.google.com/recaptcha/admin to sign up for a key
+RECAPTCHA_SECRET =
+RECAPTCHA_SITEKEY =
+; Default value for KeepEmailPrivate
+; Each new user will get the value of this setting copied into their profile
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+; Default value for AllowCreateOrganization
+; Every new user will have rights set to create organizations depending on this setting
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+; Default value for EnableDependencies
+; Repositories will use depencies by default depending on this setting
+DEFAULT_ENABLE_DEPENDENCIES = true
+; Enable Timetracking
+ENABLE_TIMETRACKING = true
+; Default value for EnableTimetracking
+; Repositories will use timetracking by default depending on this setting
+DEFAULT_ENABLE_TIMETRACKING = true
+; Default value for AllowOnlyContributorsToTrackTime
+; Only users with write permissions can track time if this is true
+DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true
+; Default value for the domain part of the user's email address in the git log
+; if he has set KeepEmailPrivate to true. The user's email will be replaced with a
+; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
+NO_REPLY_ADDRESS = noreply.example.org
+
+[webhook]
+; Hook task queue length, increase if webhook shooting starts hanging
+QUEUE_LENGTH = 1000
+; Deliver timeout in seconds
+DELIVER_TIMEOUT = 5
+; Allow insecure certification
+SKIP_TLS_VERIFY = false
+; Number of history information in each page
+PAGING_NUM = 10
+
+[mailer]
+ENABLED = false
+; Buffer length of channel, keep it as it is if you don't know what it is.
+SEND_BUFFER_LEN = 100
+; Name displayed in mail title
+SUBJECT = %(APP_NAME)s
+; Mail server
+; Gmail: smtp.gmail.com:587
+; QQ: smtp.qq.com:465
+; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used.
+HOST =
+; Disable HELO operation when hostnames are different.
+DISABLE_HELO =
+; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
+HELO_HOSTNAME =
+; Do not verify the certificate of the server. Only use this for self-signed certificates
+SKIP_VERIFY =
+; Use client certificate
+USE_CERTIFICATE = false
+CERT_FILE = custom/mailer/cert.pem
+KEY_FILE = custom/mailer/key.pem
+; Mail from address, RFC 5322. This can be just an email address, or the `"Name" ` format
+FROM =
+; Mailer user name and password
+USER =
+; Use PASSWD = `your password` for quoting if you use special characters in the password.
+PASSWD =
+; Send mails as plain text
+SEND_AS_PLAIN_TEXT = false
+; Enable sendmail (override SMTP)
+USE_SENDMAIL = false
+; Specify an alternative sendmail binary
+SENDMAIL_PATH = sendmail
+; Specify any extra sendmail arguments
+SENDMAIL_ARGS =
+
+[cache]
+; Either "memory", "redis", or "memcache", default is "memory"
+ADAPTER = memory
+; For "memory" only, GC interval in seconds, default is 60
+INTERVAL = 60
+; For "redis" and "memcache", connection host address
+; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+; memcache: `127.0.0.1:11211`
+HOST =
+; Time to keep items in cache if not used, default is 16 hours.
+; Setting it to 0 disables caching
+ITEM_TTL = 16h
+
+[session]
+; Either "memory", "file", or "redis", default is "memory"
+PROVIDER = memory
+; Provider config options
+; memory: doesn't have any config yet
+; file: session file path, e.g. `data/sessions`
+; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
+PROVIDER_CONFIG = data/sessions
+; Session cookie name
+COOKIE_NAME = i_like_gitea
+; If you use session in https only, default is false
+COOKIE_SECURE = false
+; Enable set cookie, default is true
+ENABLE_SET_COOKIE = true
+; Session GC time interval in seconds, default is 86400 (1 day)
+GC_INTERVAL_TIME = 86400
+; Session life time in seconds, default is 86400 (1 day)
+SESSION_LIFE_TIME = 86400
+
+[picture]
+AVATAR_UPLOAD_PATH = data/avatars
+; Max Width and Height of uploaded avatars. This is to limit the amount of RAM
+; used when resizing the image.
+AVATAR_MAX_WIDTH = 4096
+AVATAR_MAX_HEIGHT = 3072
+; Chinese users can choose "duoshuo"
+; or a custom avatar source, like: http://cn.gravatar.com/avatar/
+GRAVATAR_SOURCE = gravatar
+; This value will always be true in offline mode.
+DISABLE_GRAVATAR = false
+; Federated avatar lookup uses DNS to discover avatar associated
+; with emails, see https://www.libravatar.org
+; This value will always be false in offline mode or when Gravatar is disabled.
+ENABLE_FEDERATED_AVATAR = false
+
+[attachment]
+; Whether attachments are enabled. Defaults to `true`
+ENABLED = true
+; Path for attachments. Defaults to `data/attachments`
+PATH = data/attachments
+; One or more allowed types, e.g. image/jpeg|image/png
+ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip
+; Max size of each file. Defaults to 4MB
+MAX_SIZE = 4
+; Max number of files per upload. Defaults to 5
+MAX_FILES = 5
+
+[time]
+; Specifies the format for fully outputted dates. Defaults to RFC1123
+; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano
+; For more information about the format see http://golang.org/pkg/time/#pkg-constants
+FORMAT =
+
+[log]
+ROOT_PATH = {{ gitea_log_root }}
+; Either "console", "file", "conn", "smtp" or "database", default is "console"
+; Use comma to separate multiple modes, e.g. "console, file"
+MODE = console
+; Buffer length of the channel, keep it as it is if you don't know what it is.
+BUFFER_LEN = 10000
+; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
+LEVEL = Trace
+
+; For "console" mode only
+[log.console]
+LEVEL =
+
+; For "file" mode only
+[log.file]
+LEVEL =
+; This enables automated log rotate(switch of following options), default is true
+LOG_ROTATE = true
+; Max number of lines in a single file, default is 1000000
+MAX_LINES = 1000000
+; Max size shift of a single file, default is 28 means 1 << 28, 256MB
+MAX_SIZE_SHIFT = 28
+; Segment log daily, default is true
+DAILY_ROTATE = true
+; delete the log file after n days, default is 7
+MAX_DAYS = 7
+
+; For "conn" mode only
+[log.conn]
+LEVEL =
+; Reconnect host for every single message, default is false
+RECONNECT_ON_MSG = false
+; Try to reconnect when connection is lost, default is false
+RECONNECT = false
+; Either "tcp", "unix" or "udp", default is "tcp"
+PROTOCOL = tcp
+; Host address
+ADDR =
+
+; For "smtp" mode only
+[log.smtp]
+LEVEL =
+; Name displayed in mail title, default is "Diagnostic message from server"
+SUBJECT = Diagnostic message from server
+; Mail server
+HOST =
+; Mailer user name and password
+USER =
+; Use PASSWD = `your password` for quoting if you use special characters in the password.
+PASSWD =
+; Receivers, can be one or more, e.g. 1@example.com,2@example.com
+RECEIVERS =
+
+; For "database" mode only
+[log.database]
+LEVEL =
+; Either "mysql" or "postgres"
+DRIVER =
+; Based on xorm, e.g.: root:root@localhost/gitea?charset=utf8
+CONN =
+
+[cron]
+; Enable running cron tasks periodically.
+ENABLED = true
+; Run cron tasks when Gitea starts.
+RUN_AT_START = false
+
+; Update mirrors
+[cron.update_mirrors]
+SCHEDULE = @every 10m
+
+; Repository health check
+[cron.repo_health_check]
+SCHEDULE = @every 24h
+TIMEOUT = 60s
+; Arguments for command 'git fsck', e.g. "--unreachable --tags"
+; see more on http://git-scm.com/docs/git-fsck/1.7.5
+ARGS =
+
+; Check repository statistics
+[cron.check_repo_stats]
+RUN_AT_START = true
+SCHEDULE = @every 24h
+
+; Clean up old repository archives
+[cron.archive_cleanup]
+; Whether to enable the job
+ENABLED = true
+; Whether to always run at least once at start up time (if ENABLED)
+RUN_AT_START = true
+; Time interval for job to run
+SCHEDULE = @every 24h
+; Archives created more than OLDER_THAN ago are subject to deletion
+OLDER_THAN = 24h
+
+; Synchronize external user data (only LDAP user synchronization is supported)
+[cron.sync_external_users]
+; Synchronize external user data when starting server (default false)
+RUN_AT_START = false
+; Interval as a duration between each synchronization (default every 24h)
+SCHEDULE = @every 24h
+; Create new users, update existing user data and disable users that are not in external source anymore (default)
+; or only create new users if UPDATE_EXISTING is set to false
+UPDATE_EXISTING = true
+
+[git]
+; Disables highlight of added and removed changes
+DISABLE_DIFF_HIGHLIGHT = false
+; Max number of lines allowed in a single file in diff view
+MAX_GIT_DIFF_LINES = 1000
+; Max number of allowed characters in a line in diff view
+MAX_GIT_DIFF_LINE_CHARACTERS = 5000
+; Max number of files shown in diff view
+MAX_GIT_DIFF_FILES = 100
+; Arguments for command 'git gc', e.g. "--aggressive --auto"
+; see more on http://git-scm.com/docs/git-gc/1.7.5
+GC_ARGS =
+
+; Operation timeout in seconds
+[git.timeout]
+MIGRATE = 600
+MIRROR = 300
+CLONE = 300
+PULL = 300
+GC = 60
+
+[mirror]
+; Default interval as a duration between each check
+DEFAULT_INTERVAL = 8h
+; Min interval as a duration must be > 1m
+MIN_INTERVAL = 10m
+
+[api]
+; Enables Swagger. True or false; default is true.
+ENABLE_SWAGGER = true
+; Max number of items in a page
+MAX_RESPONSE_ITEMS = 50
+
+[i18n]
+LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
+NAMES = English,简体中文,繁體中文(香港),繁體中文(台灣),Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어
+
+; Used for datetimepicker
+[i18n.datelang]
+en-US = en
+zh-CN = zh
+zh-HK = zh-HK
+zh-TW = zh-TW
+de-DE = de
+fr-FR = fr
+nl-NL = nl
+lv-LV = lv
+ru-RU = ru
+uk-UA = uk
+ja-JP = ja
+es-ES = es
+pt-BR = pt-BR
+pl-PL = pl
+bg-BG = bg
+it-IT = it
+fi-FI = fi
+tr-TR = tr
+cs-CZ = cs-CZ
+sr-SP = sr
+sv-SE = sv
+ko-KR = ko
+
+[U2F]
+; Two Factor authentication with security keys
+; https://developers.yubico.com/U2F/App_ID.html
+;APP_ID = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
+; Comma seperated list of truisted facets
+;TRUSTED_FACETS = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
+
+; Extension mapping to highlight class
+; e.g. .toml=ini
+[highlight.mapping]
+
+[other]
+SHOW_FOOTER_BRANDING = false
+; Show version information about Gitea and Go in the footer
+SHOW_FOOTER_VERSION = true
+; Show template execution time in the footer
+SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
+
+[markup.asciidoc]
+ENABLED = false
+; List of file extensions that should be rendered by an external command
+FILE_EXTENSIONS = .adoc,.asciidoc
+; External command to render all matching extensions
+RENDER_COMMAND = "asciidoc --out-file=- -"
+; Don't pass the file on STDIN, pass the filename as argument instead.
+IS_INPUT_FILE = false
diff --git a/roles/gitea/templates/gitea.conf.j2 b/roles/gitea/templates/gitea.conf.j2
new file mode 100644
index 000000000..96c810147
--- /dev/null
+++ b/roles/gitea/templates/gitea.conf.j2
@@ -0,0 +1,21 @@
+# All URLs go to Gitea web server. Static content is bundled in the executable.
+ProxyPreserveHost On
+ProxyRequests off
+
+
+ Order allow,deny
+ Allow from all
+
+
+# Note: no trailing slash after either {{ gitea_url }} or port
+ProxyPass {{ gitea_url }} http://localhost:{{ gitea_port }}
+ProxyPassReverse {{ gitea_url}} http://localhost:{{ gitea_port }}
+
+
+ RequestHeader unset Accept-Encoding
+
+
+RedirectMatch ^{{ gitea_url }}$ {{ gitea_url }}/
+
+# Disable TRACE to prevent cross-site tracing
+TraceEnable off
diff --git a/roles/gitea/templates/gitea.service.j2 b/roles/gitea/templates/gitea.service.j2
new file mode 100644
index 000000000..4c2aa237e
--- /dev/null
+++ b/roles/gitea/templates/gitea.service.j2
@@ -0,0 +1,29 @@
+[Unit]
+Description=Gitea (Git with a cup of tea)
+After=syslog.target
+After=network.target
+After=mysqld.service
+
+[Service]
+# Modify these two values and uncomment them if you have
+# repos with lots of files and get an HTTP error 500 because
+# of that
+###
+#LimitMEMLOCK=infinity
+#LimitNOFILE=65535
+RestartSec=2s
+Type=simple
+User={{gitea_user}}
+Group={{gitea_user}}
+WorkingDirectory={{gitea_run_directory}}
+ExecStart={{gitea_install_path}} web -c /etc/gitea/app.ini
+Restart=always
+Environment=USER={{gitea_user}} HOME={{gitea_home}} GITEA_WORK_DIR={{gitea_run_directory}}
+# If you want to bind Gitea to a port below 1024 uncomment
+# the two values below
+###
+#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
diff --git a/vars/default_vars.yml b/vars/default_vars.yml
index a74a56cdd..b223ed73e 100644
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@@ -269,13 +269,17 @@ dokuwiki_enabled: False
mediawiki_install: False
mediawiki_enabled: False
+ejabberd_install: False
+ejabberd_enabled: False
+
elgg_install: False
elgg_enabled: False
# elgg_mysql_password: $6$iiab51$jeTwnATcbaa92xo0QBTgjLBU.5aVDDrbKeNyyC99R/TAWz6pvfzj.L7lfnOVVjD78nxqT.gkNn6XZmuRV0W3o1
elgg_mysql_password: elgg4kids
-ejabberd_install: False
-ejabberd_enabled: False
+# Gitea (lightweight self-hosted "GitHub") from https://gitea.io
+gitea_install: False
+gitea_enabled: False
# Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: False
diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml
index 37c818730..932462912 100644
--- a/vars/local_vars_big.yml
+++ b/vars/local_vars_big.yml
@@ -174,11 +174,15 @@ dokuwiki_enabled: True
mediawiki_install: True
mediawiki_enabled: True
+ejabberd_install: False
+ejabberd_enabled: False
+
elgg_install: True
elgg_enabled: True
-ejabberd_install: False
-ejabberd_enabled: False
+# Gitea (lightweight self-hosted "GitHub") from https://gitea.io
+gitea_install: True
+gitea_enabled: True
# Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: True
diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml
index f8a6199aa..8d30982f4 100644
--- a/vars/local_vars_medium.yml
+++ b/vars/local_vars_medium.yml
@@ -174,11 +174,15 @@ dokuwiki_enabled: False
mediawiki_install: False
mediawiki_enabled: False
+ejabberd_install: False
+ejabberd_enabled: False
+
elgg_install: True
elgg_enabled: True
-ejabberd_install: False
-ejabberd_enabled: False
+# Gitea (lightweight self-hosted "GitHub") from https://gitea.io
+gitea_install: False
+gitea_enabled: False
# Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: False
diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml
index f246f8424..83691f262 100644
--- a/vars/local_vars_min.yml
+++ b/vars/local_vars_min.yml
@@ -174,11 +174,15 @@ dokuwiki_enabled: False
mediawiki_install: False
mediawiki_enabled: False
+ejabberd_install: False
+ejabberd_enabled: False
+
elgg_install: False
elgg_enabled: False
-ejabberd_install: False
-ejabberd_enabled: False
+# Gitea (lightweight self-hosted "GitHub") from https://gitea.io
+gitea_install: False
+gitea_enabled: False
# Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: False