Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

2025-08-29 15:06:26 +02:00 · 2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
--- a/roles/web-app-gitea/vars/configuration.yml
+++ b/roles/web-app-gitea/vars/configuration.yml
@@ -0,0 +1,43 @@
+title:                            "CyMaIS Code Hub"
+images:
+  gitea:                          "gitea/gitea:latest"
+configuration:
+  repository:
+    enable_push_create_user:      True      # Allow users to push local repositories to Gitea and have them automatically created for a user.
+    default_private:              last      # Default private when creating a new repository: last, private, public
+    default_push_create_private:  True      # Default private when creating a new repository with push-to-create.
+features:
+  matomo:                         true
+  css:                            false
+  portfolio_iframe:               true
+  central_database:               true
+  ldap:                           true
+  oauth2:                         true
+  oidc:                           false # Deactivated because users aren't auto-created. 
+oauth2_proxy:
+  application:                    "application"
+  port:                           "3000"
+  acl:
+    blacklist:
+      - "/user/login"
+csp:
+  flags:
+    script-src-elem:
+      unsafe-inline:              true
+    style-src:
+      unsafe-inline:              true
+  whitelist:
+    font-src:
+      - "data:"
+      - "blob:"
+    worker-src:
+      - "blob:"
+    manifest-src:
+      - "data:"
+domains:
+  aliases:
+    - "git.{{ primary_domain }}"
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/web-app-gitea/vars/main.yml
+++ b/roles/web-app-gitea/vars/main.yml
@@ -0,0 +1,18 @@
+application_id:     "gitea"
+container_port:   3000
+database_type:      "mariadb"
+gitea_ldap_auth_args:
+  - '--name "LDAP ({{ primary_domain }})"'
+  - '--host "{{ ldap.server.domain }}"'
+  - '--port {{ ldap.server.port }}'
+  - '--security-protocol "{{ ldap.server.security | trim or "unencrypted" }}"'
+  - '--bind-dn "{{ ldap.dn.administrator.data }}"'
+  - '--bind-password "{{ ldap.bind_credential }}"'
+  - '--user-search-base "{{ ldap.dn.ou.users }}"'
+  - '--user-filter  "(&(objectClass=inetOrgPerson)(uid=%s))"'
+  - '--username-attribute "{{ ldap.user.attributes.id }}"'
+  - '--firstname-attribute "{{ ldap.user.attributes.firstname }}"'
+  - '--surname-attribute "{{ ldap.user.attributes.surname }}"'
+  - '--email-attribute "{{ ldap.user.attributes.mail }}"'
+  - '--public-ssh-key-attribute "{{ ldap.user.attributes.ssh_public_key }}"'
+  - '--synchronize-users'