role-gitea/README.md

Gitea Role
=========

A role to install gitea.
Strongly orientated from https://github.com/thomas-maurice/ansible-role-gitea


## Config
### General

* `gitea_version_check`: Check if installed version != `gitea_version` before initiating binary download
* `gitea_version`: The Gitea-Version you want to install
* `gitea_user`: UNIX user used by Gitea
* `gitea_group`: UNIX group used by Gitea
* `gitea_home`: Base directory to work
* `gitea_dl_url`: The URL, the compiled gitea-binary will be downloaded from
* `gitea_systemd_cap_net_bind_service`: Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` and `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file
* `gitea_extra_config`: Additional configuration

### Look and feel

* `gitea_app_name`: Displayed application name
* `gitea_show_user_email`: Do you want to display email addresses ? (true/false)
* `gitea_disable_gravatar`: Do you want to disable Gravatar ? (privacy and so on) (true/false)
* `gitea_offline_mode`: Do you want to disabling CDNs for frontend assets (true/false)
* `gitea_disable_registration`: Do you want to disable user registration ? (true/false)
* `gitea_only_allow_external_registration`: Do you want to force registration only using third-party services ? (true/false)
* `gitea_show_registration_button`: Do you want to show the registration button? (true/false)
* `gitea_require_signin`: Do you require a signin to see repo's (even public ones) ? (true/false)
* `gitea_enable_captcha`: Do you want to enable captcha's ? (true/false)
* `gitea_themes`: List of enabled themes
* `gitea_theme_default`: Default theme

### Security
* `gitea_secret_key`: Cookie secret key
* `gitea_internal_token`: Internal API token
* `gitea_disable_git_hooks`: Do you want to disable the interface to add git hooks? If enabled it could be a security bug as it can be used for RCE. Defaults to true (true/false)

### Limits

* `gitea_user_repo_limit`: Limit how many repos a user can have (-1 for unlimited)
* `gitea_force_private`: Force every new repository to be private (true/false)

### HTTP configuration

* `gitea_http_domain`: HTTP domain (displayed in your clone URLs, just the domain like git.foo.fr)
* `gitea_root_url`: Root URL used to access your web app (full URL)
* `gitea_protocol`: Listening protocol (http/https)
* `gitea_http_listen`: Bind address
* `gitea_http_port`: Bind port
* `gitea_disable_http_git`: Disable the use of Git over HTTP ? (true/false)

### SSH configuration

* `gitea_ssh_listen`: Bind address for the SSH server
* `gitea_ssh_domain`: SSH domain (displayed in your clone URLs)
* `gitea_start_ssh`: Do you want to start a built-in SSH server ? (true/false)
* `gitea_ssh_port`: SSH bind port

### Database configuration

* `gitea_db_type`: Database type, can be `mysql`, `postgres` or `sqlite3`
* `gitea_db_host`: Database host string `host:port` or `/run/postgresql/` when connectiong to postgres via local unix socket (peer authentication)
* `gitea_db_name`: Database name
* `gitea_db_user`: Database username
* `gitea_db_password`: Database password
* `gitea_db_ssl`: Use SSL ? (postgres only!). Can be `require`, `disable`, `verify-ca` or `verify-full`
* `gitea_db_path`: DB path, if you use `sqlite3`. The default is good enough to work though.

### Mailer configuration

* `gitea_mailer_enabled`: Whether to enable the mailer. Default: `false`
* `gitea_mailer_type`: Type of Mailer (smtp)
* `gitea_mailer_skip_verify`: Skip SMTP TLS certificate verification (true/false)
* `gitea_mailer_tls_enabled`: Enable TLS for SMTP connections (true/false)
* `gitea_mailer_host`: SMTP server hostname and port
* `gitea_mailer_user`: SMTP server username
* `gitea_mailer_password`: SMTP server password
* `gitea_mailer_from`: Sender mail address
* `gitea_enable_notify_mail`:  Whether e-mail should be send to watchers of a repository when something happens. Default: `false`
* `gitea_mail_default`: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disable  (Default: `onmention` )
* `gitea_autowatch_new_repo`: Enable this to let all organisation users watch new repos when they are created (Default: `false`)
* `gitea_autowatch_on_change`: Enable this to make users watch a repository after their first commit to it (Default: `true`)
* `gitea_show_mailstones_dashboard`: Enable this to show the milestones dashboard page - a view of all the user’s milestones (Default: `true`)

### Oauth2 provider configuration

* `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false)
* `gitea_oauth2_jwt_secret`: Oauth2 JWT secret. Can be generated with ``gitea generate secret JWT_SECRET``

### GIT LFS configuration
* `gitea_lfs_server_enabled`: Enable GIT LFS (large filesystem)
* `gitea_lfs_secret`: JWT secret for remote LFS usage

### Metrics endpoint configuration

* `gitea_metrics_enabled`: Enable the metrics endpoint
* `gitea_metrics_token`: Bearer token for the Prometheus scrape job

## Log configuration

* `gitea_log_level`; Log Level. Can be `Trace`, `Debug`, `Info`, `Warn`, `Èrror`, `Critical` (Default: `Info`)

### Repository Indexer configuration

* `gitea_repo_indexer_enabled`: Whether to enable the repository indexer (code search). Default: `false`
* `gitea_repo_indexer_include`: Glob patterns to include in the index (comma-separated list). Default: `""` (all files)
* `gitea_repo_indexer_exclude`: Glob patterns to exclude from the index (comma-separated list). Default: `""` (no files)
* `gitea_repo_exclude_vendored`: Exclude vendored files from the index. Default: `true`
* `gitea_repo_indexer_max_file_size`: Maximum size of files to be indexed (in bytes). Default: `1048576` (1 MB)

### backup on upgrade
* `gitea_backup_on_upgrade`: Optionally a backup can be created with every update of gitea. Default: `false`
* `gitea_backup_location`: Where to store the gitea backup if one is created with this role. Default: `{{ gitea_home }}/backups/`