misc/ansible-base
0
0
Fork 0
Code Issues Pull requests 1 Actions Packages Projects Releases Wiki Activity

[fix] role:gitea:authelia

Browse source
This commit is contained in:
Christian Fraß 2024-07-09 17:10:54 +02:00
parent ce5ab8e38a
commit 24ec20fb5b
5 changed files with 32 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/gitea/defaults/main.json
View file

@ -16,7 +16,9 @@
"var_gitea_database_data_postgresql_password": "REPLACE_ME", "var_gitea_database_data_postgresql_password": "REPLACE_ME",
"var_gitea_database_data_postgresql_scheme": "gitea", "var_gitea_database_data_postgresql_scheme": "gitea",
"var_gitea_authentication_kind": "internal", "var_gitea_authentication_kind": "internal",
"var_gitea_authentication_data_authelia_url": "authelia.example.org", "var_gitea_authentication_data_authelia_url_base": "https://authelia.example.org",
"var_gitea_authentication_data_authelia_client_id": "gitea",
"var_gitea_authentication_data_authelia_client_secret": "REPLACE_ME",
"var_gitea_smtp_host": "smtp.example.org", "var_gitea_smtp_host": "smtp.example.org",
"var_gitea_smtp_port": 465, "var_gitea_smtp_port": 465,
"var_gitea_smtp_username": "REPLACE_ME", "var_gitea_smtp_username": "REPLACE_ME",

14
roles/gitea/tasks/main.json
View file

@ -52,12 +52,22 @@
} }
}, },
{ {
"name": "config", "name": "config | base",
"become": true, "become": true,
"become_user": "{{var_gitea_user}}", "become_user": "{{var_gitea_user}}",
"ansible.builtin.template": { "ansible.builtin.template": {
"src": "config.ini.j2", "src": "config.ini.j2",
"dest": "{{var_gitea_directory}}/custom/config/app.ini" "dest": "{{var_gitea_directory}}/custom/conf/app.ini"
}
},
{
"config | authelia",
"when": "var_gitea_authentication_kind == 'authelia'",
"become": true,
"become_user": "{{var_gitea_user}}",
"ansible.builtin.command": {
"chdir": "{{var_gitea_directory}}",
"cmd": "./gitea admin auth add-oauth --provider=6 --name='authelia' --key={{var_gitea_authentication_data_authelia_client_id}} --secret={{var_gitea_authentication_data_authelia_client_secret}} --auto-discover-url={{var_gitea_authentication_data_authelia_url_base}}/.well-known/openid-configuration --scopes='openid email profile'"
} }
}, },
{ {

14
roles/gitea/templates/config.ini.j2
View file

@ -4,7 +4,7 @@ RUN_MODE = prod
[server] [server]
DOMAIN = {{var_gitea_domain}} DOMAIN = {{var_gitea_domain}}
;ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/ ROOT_URL = https://{{var_gitea_domain}}
;HTTP_ADDR = {{var_gitea_listen_address}} ;HTTP_ADDR = {{var_gitea_listen_address}}
HTTP_PORT = {{var_gitea_listen_port | string}} HTTP_PORT = {{var_gitea_listen_port | string}}
;LANDING_PAGE = home ;LANDING_PAGE = home
@ -16,7 +16,7 @@ PATH = {{var_gitea_database_data_sqlite_path}}
{% endif %} {% endif %}
{% if var_gitea_database_kind == 'postgresql' %} {% if var_gitea_database_kind == 'postgresql' %}
DB_TYPE = postgres DB_TYPE = postgres
HOST = {{var_gitea_database_data_postgresql_host}}:{{var_gitea_database_data_postgresql_host | string}} HOST = {{var_gitea_database_data_postgresql_host}}:{{var_gitea_database_data_postgresql_port | string}}
USER = {{var_gitea_database_data_postgresql_username}} USER = {{var_gitea_database_data_postgresql_username}}
PASSWD = {{var_gitea_database_data_postgresql_password}} PASSWD = {{var_gitea_database_data_postgresql_password}}
NAME = {{var_gitea_database_data_postgresql_scheme}} NAME = {{var_gitea_database_data_postgresql_scheme}}
@ -45,10 +45,12 @@ REGISTER_EMAIL_CONFIRM = false
DISABLE_REGISTRATION = false DISABLE_REGISTRATION = false
ALLOW_ONLY_INTERNAL_REGISTRATION = true ALLOW_ONLY_INTERNAL_REGISTRATION = true
ALLOW_ONLY_EXTERNAL_REGISTRATION = false ALLOW_ONLY_EXTERNAL_REGISTRATION = false
SHOW_REGISTRATION_BUTTON = true
{% else %} {% else %}
DISABLE_REGISTRATION = true DISABLE_REGISTRATION = false
ALLOW_ONLY_INTERNAL_REGISTRATION = false ALLOW_ONLY_INTERNAL_REGISTRATION = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = true ALLOW_ONLY_EXTERNAL_REGISTRATION = true
SHOW_REGISTRATION_BUTTON = false
{% endif %} {% endif %}
;REQUIRE_SIGNIN_VIEW = false ;REQUIRE_SIGNIN_VIEW = false
@ -87,13 +89,11 @@ AUTO_WATCH_ON_CHANGES = false
[openid] [openid]
ENABLE_OPENID_SIGNIN = false ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false ENABLE_OPENID_SIGNUP = false
{% endif %} {% else %}
{% if var_gitea_authentication_kind == 'authelia' %}
[openid] [openid]
ENABLE_OPENID_SIGNIN = false ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = true ENABLE_OPENID_SIGNUP = true
WHITELISTED_URIS = {{var_gitea_authentication_data_authelia_url}} WHITELISTED_URIS = {{var_gitea_authentication_data_authelia_url_base}}
[oauth2_client] [oauth2_client]
REGISTER_EMAIL_CONFIRM = false REGISTER_EMAIL_CONFIRM = false

2
roles/gitea/templates/systemd-unit.j2
View file

@ -12,7 +12,7 @@ Type=simple
User={{var_gitea_user}} User={{var_gitea_user}}
Group={{var_gitea_user}} Group={{var_gitea_user}}
WorkingDirectory={{var_gitea_directory}} WorkingDirectory={{var_gitea_directory}}
ExecStart={{var_gitea_directory}}/gitea web --config {{var_gitea_directory}}/custom/config/app.ini ExecStart={{var_gitea_directory}}/gitea web --config {{var_gitea_directory}}/custom/conf/app.ini
Restart=always Restart=always
# Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea # Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
# Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin # Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin

10
roles/gitea/vardef.json
View file

@ -75,7 +75,15 @@
"authelia" "authelia"
] ]
}, },
"authentication_data_authelia_url": { "authentication_data_authelia_url_base": {
"mandatory": false,
"type": "string"
},
"authentication_data_authelia_client_id": {
"mandatory": false,
"type": "string"
},
"authentication_data_authelia_client_secret": {
"mandatory": false, "mandatory": false,
"type": "string" "type": "string"
}, },