new “gitea” user; for now, ensure that “git” still runs Gitea
parent
2c4c64a945
commit
066781ed17
|
@ -48,6 +48,16 @@
|
|||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: make sure the Gitea user owns its work-directories
|
||||
file:
|
||||
path: '{{item}}'
|
||||
state: directory
|
||||
owner: git
|
||||
recurse: true
|
||||
with_items:
|
||||
- /var/lib/gitea
|
||||
- /var/log/gitea
|
||||
|
||||
- name: configure Gitea
|
||||
ini_file:
|
||||
path: /etc/gitea/app.ini
|
||||
|
@ -80,6 +90,7 @@
|
|||
- {s: database, o: LOG_SQL, v: 'false'}
|
||||
- {s: indexer, o: REPO_INDEXER_ENABLED, v: 'true'}
|
||||
- {s: admin, o: DISABLE_REGULAR_ORG_CREATION, v: '{{gitea_disable_org_creation}}'}
|
||||
- {s: security, o: INSTALL_LOCK, v: 'true'}
|
||||
- {s: security, o: SECRET_KEY, v: '{{gitea_security_secret}}'}
|
||||
- {s: security, o: REVERSE_PROXY_AUTHENTICATION_USER, v: Remote-User}
|
||||
- {s: service, o: REGISTER_EMAIL_CONFIRM, v: 'true'}
|
||||
|
@ -127,6 +138,8 @@
|
|||
copy:
|
||||
content: |
|
||||
[Service]
|
||||
User=git
|
||||
Environment=USER=git
|
||||
CapabilityBoundingSet=CAP_AUDIT_WRITE CAP_LEASE CAP_SYS_CHROOT
|
||||
PrivateDevices=true
|
||||
PrivateTmp=true
|
||||
|
|
Loading…
Reference in New Issue