From 6346336dbce23ca3521164300b362b4182d00a22 Mon Sep 17 00:00:00 2001 From: genofire Date: Fri, 18 Sep 2020 12:41:54 +0200 Subject: [PATCH 1/4] improve https support --- README.md | 3 ++- defaults/main.yml | 1 + templates/gitea.ini.j2 | 12 ++++++++++-- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d28a54e..4286330 100644 --- a/README.md +++ b/README.md @@ -93,8 +93,9 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we * `gitea_root_url`: Root URL used to access your web app (full URL) * `gitea_protocol`: Listening protocol (http/https) * `gitea_http_listen`: Bind address -* `gitea_http_port`: Bind port +* `gitea_http_port`: Bind port (redirect from `80` will be activated if value is `443` - Default: `3000`) * `gitea_disable_http_git`: Disable the use of Git over HTTP ? (true/false) +* `gitea_http_letsencrypt_mail` Enable Let`s Encrypt if a email address is given ### SSH configuration diff --git a/defaults/main.yml b/defaults/main.yml index b2f00b4..c35b4d9 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -20,6 +20,7 @@ gitea_root_url: http://localhost:3000 gitea_protocol: http gitea_http_listen: 127.0.0.1 gitea_http_port: 3000 +# gitea_http_letsencrypt_mail: - required gitea_disable_http_git: false gitea_offline_mode: true diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index 11e06c0..a10939d 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -35,8 +35,16 @@ PROTOCOL = {{ gitea_protocol }} DOMAIN = {{ gitea_http_domain }} ROOT_URL = {{ gitea_root_url }} ; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket. -HTTP_ADDR = {{ gitea_http_listen }} -HTTP_PORT = {{ gitea_http_port }} +HTTP_ADDR = {{ gitea_http_listen }} +HTTP_PORT = {{ gitea_http_port }} +{% if gitea_http_port == 443 %} +PORT_TO_REDIRECT = 80 +{% endif %} +{% if gitea_http_letsencrypt_mail is defined %} +ENABLE_LETSENCRYPT = true +LETSENCRYPT_ACCEPTTOS = true +LETSENCRYPT_EMAIL = {{ gitea_http_letsencrypt_mail }} +{% endif %} ; Disable SSH feature when not available DISABLE_SSH = false ; Whether to use the builtin SSH server or not. From cad28f9e9445c40ed944bc6594bf445c53101e93 Mon Sep 17 00:00:00 2001 From: genofire Date: Fri, 18 Sep 2020 14:02:41 +0200 Subject: [PATCH 2/4] improve logging support --- README.md | 4 ++++ defaults/main.yml | 3 +++ templates/gitea.ini.j2 | 13 +++++++++++-- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4286330..5567511 100644 --- a/README.md +++ b/README.md @@ -129,6 +129,10 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we * `gitea_autowatch_on_change`: Enable this to make users watch a repository after their first commit to it (Default: `true`) * `gitea_show_mailstones_dashboard`: Enable this to show the milestones dashboard page - a view of all the user’s milestones (Default: `true`) +### Log configuration +* `gitea_log_systemd` Disable logging into `file`, use systemd-journald +* `gitea_log_only_warning` Log only warnings or above, no http access or sql logging (Default: `true`) + ### Fail2Ban configuration If enabled, this will deploy a fail2ban filter and jail config for Gitea as described in the [Gitea Documentation](https://docs.gitea.io/en-us/fail2ban-setup/). diff --git a/defaults/main.yml b/defaults/main.yml index c35b4d9..7757cb4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -72,6 +72,9 @@ gitea_mailer_user: "" gitea_mailer_password: "" gitea_mailer_type: smtp +gitea_log_systemd: false +gitea_log_only_warning: true + gitea_fail2ban_enabled: false gitea_fail2ban_jail_maxretry: 10 gitea_fail2ban_jail_findtime: 3600 diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index a10939d..81ed75e 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -188,12 +188,21 @@ PATH = {{ gitea_home }}/data/attachments ROOT_PATH = {{ gitea_home }}/log ; Either "console", "file", "conn", "smtp" or "database", default is "console" ; Use comma to separate multiple modes, e.g. "console, file" -MODE = file +{% if gitea_log_systemd %} +MODE = console +{% else %} +MODE = file +{% endif %} ; Buffer length of the channel, keep it as it is if you don't know what it is. BUFFER_LEN = 10000 ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace" -LEVEL = {{ gitea_log_level }} +{% if gitea_log_only_warning %} +LEVEL = Warn +REDIRECT_MACARON_LOG = true +{% else %} +LEVEL = Info REDIRECT_MACARON_LOG = false +{% endif %} [oauth2] ENABLE = {{ gitea_oauth2_enabled }} From c26e13aa1d183a1d1cf2b8d58a91a07b8354fdd5 Mon Sep 17 00:00:00 2001 From: genofire Date: Fri, 18 Sep 2020 15:07:34 +0000 Subject: [PATCH 3/4] improve mailing configuration --- README.md | 2 ++ defaults/main.yml | 2 ++ templates/gitea.ini.j2 | 4 +++- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5567511..752713b 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we * `gitea_disable_gravatar`: Do you want to disable Gravatar ? (privacy and so on) (true/false) * `gitea_offline_mode`: Same but for disabling CDNs for frontend assets (true/false) * `gitea_disable_registration`: Do you want to disable user registration ? (true/false) +* `gitea_register_email_confirm`: Enable this to ask for mail confirmation of registration. Requires `gitea_mailer_enabled` to be enabled (Default: `false`) * `gitea_only_allow_external_registration`: Do you want to force registration only using third-party services ? (true/false) * `gitea_show_registration_button`: Do you want to show the registration button? (true/false) * `gitea_require_signin`: Do you require a signin to see repo's (even public ones) ? (true/false) @@ -123,6 +124,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we * `gitea_mailer_user`: SMTP server username * `gitea_mailer_password`: SMTP server password * `gitea_mailer_from`: Sender mail address +* `gitea_subject_prefix`: Prefix to be placed before e-mail subject lines (Default: ``) * `gitea_enable_notify_mail`: Whether e-mail should be send to watchers of a repository when something happens. Default: `false` * `gitea_mail_default`: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disable (Default: `onmention` ) * `gitea_autowatch_new_repo`: Enable this to let all organisation users watch new repos when they are created (Default: `false`) diff --git a/defaults/main.yml b/defaults/main.yml index 7757cb4..17e26a5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -51,6 +51,7 @@ gitea_disable_git_hooks: true gitea_show_user_email: false gitea_disable_gravatar: true gitea_disable_registration: false +gitea_register_email_confirm: false gitea_show_registration_button: true gitea_require_signin: true gitea_enable_captcha: true @@ -70,6 +71,7 @@ gitea_mailer_host: localhost:25 gitea_mailer_from: noreply@your.domain gitea_mailer_user: "" gitea_mailer_password: "" +gitea_subject_prefix: "" gitea_mailer_type: smtp gitea_log_systemd: false diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index 81ed75e..a39aa00 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -115,7 +115,8 @@ DISABLE_GIT_HOOKS = {{ gitea_disable_git_hooks | ternary('true', 'false') }} [service] ; Disallow registration, only allow admins to create accounts. -DISABLE_REGISTRATION = {{ gitea_disable_registration }} +DISABLE_REGISTRATION = {{ gitea_disable_registration }} +REGISTER_EMAIL_CONFIRM = {{ gitea_register_email_confirm }} ; User must sign in to view anything. REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin | ternary('true', 'false') }} ; Enable captcha validation for registration @@ -158,6 +159,7 @@ USER = {{ gitea_mailer_user }} PASSWD = {{ gitea_mailer_password }} ; Send mails as plain text SEND_AS_PLAIN_TEXT = false +SUBJECT_PREFIX = {{ gitea_subject_prefix }} ; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log) MAILER_TYPE = {{ gitea_mailer_type }} ; Specify an alternative sendmail binary From 6927a18962272ef65151ba570f040ee9aef96f9d Mon Sep 17 00:00:00 2001 From: genofire Date: Fri, 18 Sep 2020 15:13:46 +0000 Subject: [PATCH 4/4] improve logging --- templates/gitea.ini.j2 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/templates/gitea.ini.j2 b/templates/gitea.ini.j2 index a39aa00..c1f5f85 100644 --- a/templates/gitea.ini.j2 +++ b/templates/gitea.ini.j2 @@ -85,7 +85,10 @@ PASSWD = {{ gitea_db_password }} ; For MySQL, either "false" (default), "true", or "skip-verify" SSL_MODE = {{ gitea_db_ssl }} ; For "sqlite3" and "tidb", use an absolute path when you start gitea as service -PATH = {{ gitea_db_path }} +PATH = {{ gitea_db_path }} +{% if gitea_log_only_warning %} +LOG_SQL = false +{% endif %} [indexer] ; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve @@ -192,6 +195,7 @@ ROOT_PATH = {{ gitea_home }}/log ; Use comma to separate multiple modes, e.g. "console, file" {% if gitea_log_systemd %} MODE = console +MACARON = console {% else %} MODE = file {% endif %}