yves
/
home-server
1
0
Fork 0
Code Issues 8 Pull Requests Releases Wiki Activity

ihmgit_back: user “gitea” instead of “git”

master
Y 2019-03-10 18:33:53 +01:00
parent 066781ed17
commit 096a32a7ad
3 changed files with 7 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
group_vars/all
View File

@ -106,6 +106,9 @@ gitea_mime_attach: 'image/jpeg image/png application/zip application/gzip'
# A random salt-string for internal encryption (change it!). # A random salt-string for internal encryption (change it!).
gitea_security_secret: '!#@FDEWREWR&*(' gitea_security_secret: '!#@FDEWREWR&*('
# System user running Gitea
gitea_user: gitea
# Maximum size of HTTP and PHP uploads. # Maximum size of HTTP and PHP uploads.
http_max_upload: 10000M http_max_upload: 10000M

15
roles/ihmgit_back/tasks/main.yml
View File

@ -17,13 +17,6 @@
- gitea - gitea
- asciidoctor - asciidoctor
- name: set git home to Gitea repos
user:
name: git
home: /var/lib/gitea/repos
create_home: true
shell: /bin/sh
### UPSTREAM END ⇒ ### ### UPSTREAM END ⇒ ###
- name: merge upstream - name: merge upstream
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
@ -52,7 +45,7 @@
file: file:
path: '{{item}}' path: '{{item}}'
state: directory state: directory
owner: git owner: '{{gitea_user}}'
recurse: true recurse: true
with_items: with_items:
- /var/lib/gitea - /var/lib/gitea
@ -65,7 +58,7 @@
option: '{{item.o}}' option: '{{item.o}}'
value: '{{item.v}}' value: '{{item.v}}'
with_items: with_items:
- {s: null, o: RUN_USER, v: git} - {s: null, o: RUN_USER, v: '{{gitea_user}}'}
- {s: null, o: RUN_MODE, v: prod} - {s: null, o: RUN_MODE, v: prod}
- {s: repository, o: ROOT, v: /var/lib/gitea/repos} - {s: repository, o: ROOT, v: /var/lib/gitea/repos}
- {s: repository.editor, o: LINE_WRAP_EXTENSIONS, v: '.txt,.md,.markdown,.mdown,.mkd,.adoc,.asciidoc,'} - {s: repository.editor, o: LINE_WRAP_EXTENSIONS, v: '.txt,.md,.markdown,.mdown,.mkd,.adoc,.asciidoc,'}
@ -77,7 +70,7 @@
- {s: server, o: LOCAL_ROOT_URL, v: ''} - {s: server, o: LOCAL_ROOT_URL, v: ''}
- {s: server, o: SSH_DOMAIN, v: '{{net_soa}}'} - {s: server, o: SSH_DOMAIN, v: '{{net_soa}}'}
- {s: server, o: SSH_PORT, v: 2222} - {s: server, o: SSH_PORT, v: 2222}
- {s: server, o: SSH_ROOT_PATH, v: /var/lib/gitea/repos/.ssh} - {s: server, o: SSH_ROOT_PATH, v: /var/lib/gitea/.ssh}
- {s: server, o: MINIMUM_KEY_SIZE_CHECK, v: 'true'} - {s: server, o: MINIMUM_KEY_SIZE_CHECK, v: 'true'}
- {s: server, o: LFS_START_SERVER, v: 'false'} - {s: server, o: LFS_START_SERVER, v: 'false'}
- {s: ssh.minimum_key_sizes, o: ECDSA, v: '-1'} - {s: ssh.minimum_key_sizes, o: ECDSA, v: '-1'}
@ -138,8 +131,6 @@
copy: copy:
content: | content: |
[Service] [Service]
User=git
Environment=USER=git
CapabilityBoundingSet=CAP_AUDIT_WRITE CAP_LEASE CAP_SYS_CHROOT CapabilityBoundingSet=CAP_AUDIT_WRITE CAP_LEASE CAP_SYS_CHROOT
PrivateDevices=true PrivateDevices=true
PrivateTmp=true PrivateTmp=true

2
roles/ssh/tasks/main.yml
View File

@ -225,7 +225,7 @@
Match Address {{(net_trusted_ranges + ' ' + (iodine_net | ipaddr('0'))) | replace(' ', ',')}} Match Address {{(net_trusted_ranges + ' ' + (iodine_net | ipaddr('0'))) | replace(' ', ',')}}
ForceCommand none ForceCommand none
Match LocalPort 2222 Match LocalPort 2222
AllowUsers git AllowUsers {{gitea_user}}
PermitRootLogin no PermitRootLogin no
PasswordAuthentication no PasswordAuthentication no
PermitEmptyPasswords no PermitEmptyPasswords no