improve nearly everthing

README.md

@@ -71,6 +71,7 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
 * `gitea_disable_gravatar`: Do you want to disable Gravatar ? (privacy and so on) (true/false)
 * `gitea_offline_mode`: Same but for disabling CDNs for frontend assets (true/false)
 * `gitea_disable_registration`: Do you want to disable user registration ? (true/false)
+* `gitea_register_email_confirm`: Enable this to ask for mail confirmation of registration. Requires `gitea_mailer_enabled` to be enabled (Default: `false`)
 * `gitea_only_allow_external_registration`: Do you want to force registration only using third-party services ? (true/false)
 * `gitea_show_registration_button`: Do you want to show the registration button? (true/false)
 * `gitea_require_signin`: Do you require a signin to see repo's (even public ones) ? (true/false)
@@ -93,8 +94,9 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
 * `gitea_root_url`: Root URL used to access your web app (full URL)
 * `gitea_protocol`: Listening protocol (http/https)
 * `gitea_http_listen`: Bind address
-* `gitea_http_port`: Bind port
+* `gitea_http_port`: Bind port (redirect from `80` will be activated if value is `443` - Default: `3000`)
 * `gitea_disable_http_git`: Disable the use of Git over HTTP ? (true/false)
+* `gitea_http_letsencrypt_mail` Enable Let`s Encrypt if a email address is given
 
 ### SSH configuration
 
@@ -122,12 +124,17 @@ The following code has been tested with Debian 8, it should work on Ubuntu as we
 * `gitea_mailer_user`: SMTP server username
 * `gitea_mailer_password`: SMTP server password
 * `gitea_mailer_from`: Sender mail address
+* `gitea_subject_prefix`: Prefix to be placed before e-mail subject lines (Default: ``)
 * `gitea_enable_notify_mail`:  Whether e-mail should be send to watchers of a repository when something happens. Default: `false`
 * `gitea_mail_default`: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disable  (Default: `onmention` )
 * `gitea_autowatch_new_repo`: Enable this to let all organisation users watch new repos when they are created (Default: `false`)
 * `gitea_autowatch_on_change`: Enable this to make users watch a repository after their first commit to it (Default: `true`)
 * `gitea_show_mailstones_dashboard`: Enable this to show the milestones dashboard page - a view of all the user’s milestones (Default: `true`)
 
+### Log configuration
+* `gitea_log_systemd` Disable logging into `file`, use systemd-journald
+* `gitea_log_only_warning` Log only warnings or above, no http access or sql logging (Default: `true`)
+
 ### Fail2Ban configuration
 
 If enabled, this will deploy a fail2ban filter and jail config for Gitea as described in the [Gitea Documentation](https://docs.gitea.io/en-us/fail2ban-setup/).

defaults/main.yml

@@ -20,6 +20,7 @@ gitea_root_url: http://localhost:3000
 gitea_protocol: http
 gitea_http_listen: 127.0.0.1
 gitea_http_port: 3000
+# gitea_http_letsencrypt_mail:  - required
 gitea_disable_http_git: false
 gitea_offline_mode: true
 
@@ -50,6 +51,7 @@ gitea_disable_git_hooks: true
 gitea_show_user_email: false
 gitea_disable_gravatar: true
 gitea_disable_registration: false
+gitea_register_email_confirm: false
 gitea_show_registration_button: true
 gitea_require_signin: true
 gitea_enable_captcha: true
@@ -69,8 +71,12 @@ gitea_mailer_host: localhost:25
 gitea_mailer_from: [email protected]
 gitea_mailer_user: ""
 gitea_mailer_password: ""
+gitea_subject_prefix: ""
 gitea_mailer_type: smtp
 
+gitea_log_systemd: false
+gitea_log_only_warning: true
+
 gitea_fail2ban_enabled: false
 gitea_fail2ban_jail_maxretry: 10
 gitea_fail2ban_jail_findtime: 3600

templates/gitea.ini.j2

@@ -35,8 +35,16 @@ PROTOCOL         = {{ gitea_protocol }}
 DOMAIN           = {{ gitea_http_domain }}
 ROOT_URL         = {{ gitea_root_url }}
 ; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
-HTTP_ADDR        = {{ gitea_http_listen }}
-HTTP_PORT        = {{ gitea_http_port }}
+HTTP_ADDR             = {{ gitea_http_listen }}
+HTTP_PORT             = {{ gitea_http_port }}
+{% if gitea_http_port == 443 %}
+PORT_TO_REDIRECT      = 80
+{% endif %}
+{% if gitea_http_letsencrypt_mail is defined %}
+ENABLE_LETSENCRYPT    = true
+LETSENCRYPT_ACCEPTTOS = true
+LETSENCRYPT_EMAIL     = {{ gitea_http_letsencrypt_mail }}
+{% endif %}
 ; Disable SSH feature when not available
 DISABLE_SSH      = false
 ; Whether to use the builtin SSH server or not.
@@ -77,7 +85,10 @@ PASSWD   = {{ gitea_db_password }}
 ; For MySQL, either "false" (default), "true", or "skip-verify"
 SSL_MODE = {{ gitea_db_ssl }}
 ; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
-PATH     = {{ gitea_db_path }}
+PATH                  = {{ gitea_db_path }}
+{% if gitea_log_only_warning %}
+LOG_SQL               = false
+{% endif %}
 
 [indexer]
 ; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
@@ -107,7 +118,8 @@ DISABLE_GIT_HOOKS   = {{ gitea_disable_git_hooks | ternary('true', 'false') }}
 
 [service]
 ; Disallow registration, only allow admins to create accounts.
-DISABLE_REGISTRATION             = {{ gitea_disable_registration }}
+DISABLE_REGISTRATION    = {{ gitea_disable_registration }}
+REGISTER_EMAIL_CONFIRM  = {{ gitea_register_email_confirm }}
 ; User must sign in to view anything.
 REQUIRE_SIGNIN_VIEW              = {{ gitea_require_signin | ternary('true', 'false') }}
 ; Enable captcha validation for registration
@@ -150,6 +162,7 @@ USER               = {{ gitea_mailer_user }}
 PASSWD             = {{ gitea_mailer_password }}
 ; Send mails as plain text
 SEND_AS_PLAIN_TEXT = false
+SUBJECT_PREFIX = {{ gitea_subject_prefix }}
 ; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
 MAILER_TYPE        = {{ gitea_mailer_type }}
 ; Specify an alternative sendmail binary
@@ -180,12 +193,22 @@ PATH    = {{ gitea_home }}/data/attachments
 ROOT_PATH            = {{ gitea_home }}/log
 ; Either "console", "file", "conn", "smtp" or "database", default is "console"
 ; Use comma to separate multiple modes, e.g. "console, file"
-MODE                 = file
+{% if gitea_log_systemd %}
+MODE       = console
+MACARON    = console
+{% else %}
+MODE       = file
+{% endif %}
 ; Buffer length of the channel, keep it as it is if you don't know what it is.
 BUFFER_LEN           = 10000
 ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
-LEVEL                = {{ gitea_log_level }}
+{% if gitea_log_only_warning %}
+LEVEL      = Warn
+REDIRECT_MACARON_LOG = true
+{% else %}
+LEVEL      = Info
 REDIRECT_MACARON_LOG = false
+{% endif %}
 
 [oauth2]
 ENABLE     = {{ gitea_oauth2_enabled }}