new “gitea” user; for now, ensure that “git” still runs Gitea
parent
2c4c64a945
commit
066781ed17
|
@ -48,6 +48,16 @@
|
||||||
become: true
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
|
|
||||||
|
- name: make sure the Gitea user owns its work-directories
|
||||||
|
file:
|
||||||
|
path: '{{item}}'
|
||||||
|
state: directory
|
||||||
|
owner: git
|
||||||
|
recurse: true
|
||||||
|
with_items:
|
||||||
|
- /var/lib/gitea
|
||||||
|
- /var/log/gitea
|
||||||
|
|
||||||
- name: configure Gitea
|
- name: configure Gitea
|
||||||
ini_file:
|
ini_file:
|
||||||
path: /etc/gitea/app.ini
|
path: /etc/gitea/app.ini
|
||||||
|
@ -80,6 +90,7 @@
|
||||||
- {s: database, o: LOG_SQL, v: 'false'}
|
- {s: database, o: LOG_SQL, v: 'false'}
|
||||||
- {s: indexer, o: REPO_INDEXER_ENABLED, v: 'true'}
|
- {s: indexer, o: REPO_INDEXER_ENABLED, v: 'true'}
|
||||||
- {s: admin, o: DISABLE_REGULAR_ORG_CREATION, v: '{{gitea_disable_org_creation}}'}
|
- {s: admin, o: DISABLE_REGULAR_ORG_CREATION, v: '{{gitea_disable_org_creation}}'}
|
||||||
|
- {s: security, o: INSTALL_LOCK, v: 'true'}
|
||||||
- {s: security, o: SECRET_KEY, v: '{{gitea_security_secret}}'}
|
- {s: security, o: SECRET_KEY, v: '{{gitea_security_secret}}'}
|
||||||
- {s: security, o: REVERSE_PROXY_AUTHENTICATION_USER, v: Remote-User}
|
- {s: security, o: REVERSE_PROXY_AUTHENTICATION_USER, v: Remote-User}
|
||||||
- {s: service, o: REGISTER_EMAIL_CONFIRM, v: 'true'}
|
- {s: service, o: REGISTER_EMAIL_CONFIRM, v: 'true'}
|
||||||
|
@ -127,6 +138,8 @@
|
||||||
copy:
|
copy:
|
||||||
content: |
|
content: |
|
||||||
[Service]
|
[Service]
|
||||||
|
User=git
|
||||||
|
Environment=USER=git
|
||||||
CapabilityBoundingSet=CAP_AUDIT_WRITE CAP_LEASE CAP_SYS_CHROOT
|
CapabilityBoundingSet=CAP_AUDIT_WRITE CAP_LEASE CAP_SYS_CHROOT
|
||||||
PrivateDevices=true
|
PrivateDevices=true
|
||||||
PrivateTmp=true
|
PrivateTmp=true
|
||||||
|
|
Loading…
Reference in New Issue