--- # ================================================================= # Gitea Git Service Role - Simplified Configuration # ================================================================= # Self-contained Gitea installation that manages its own database # Follows rick-infra patterns for pragmatic service deployment # ================================================================= # Service Configuration # ================================================================= # Service Management gitea_service_enabled: true gitea_service_state: "started" # User and Paths (Arch Linux defaults) gitea_user: "git" gitea_group: "git" gitea_home: "/var/lib/gitea" # Network Configuration gitea_http_port: 3000 # ================================================================= # Domain and Caddy Integration # ================================================================= # Domain setup (follows rick-infra pattern) gitea_http_domain: "git.jnss.me" gitea_ssh_domain: "jnss.me" # Caddy integration caddy_sites_enabled_dir: "/etc/caddy/sites-enabled" # ================================================================= # Database Configuration (Self-Contained) # ================================================================= # Gitea manages its own database (Unix socket connection) # Uses infrastructure variables for consistent socket path reference gitea_db_type: "postgres" gitea_db_host: "{{ postgresql_unix_socket_directories }}" # Unix socket from infrastructure gitea_db_port: "{{ postgresql_port }}" gitea_db_name: "gitea" gitea_db_user: "gitea" gitea_db_password: "{{ vault_gitea_db_password }}" # ================================================================= # Application Settings # ================================================================= # Basic Gitea configuration gitea_app_name: "Gitea: Git with a cup of tea" gitea_run_mode: "prod" # Repository settings gitea_default_branch: "main" gitea_enable_lfs: true # Security settings gitea_disable_registration: false gitea_require_signin: false # ================================================================= # SSH Mode Configuration # ================================================================= # SSH Mode: 'passthrough' or 'dedicated' # - passthrough (default): Use system SSH on port 22 # * More secure (single SSH daemon, smaller attack surface) # * Standard Git URLs (no :2222 port number needed) # * System fail2ban automatically protects Git operations # * Recommended for production use # # - dedicated (fallback): Run Gitea's built-in SSH server on port 2222 # * Complete isolation from system SSH # * Independent configuration and restarts # * Requires opening port 2222 in firewall # * Useful for debugging or when passthrough causes issues gitea_ssh_mode: "passthrough" # Dynamic SSH configuration based on mode gitea_ssh_port: "{{ 22 if gitea_ssh_mode == 'passthrough' else 2222 }}" gitea_start_ssh_server: "{{ false if gitea_ssh_mode == 'passthrough' else true }}" # ================================================================= # Firewall Configuration # ================================================================= # Firewall management (only opens port in dedicated mode) gitea_manage_firewall: "{{ true if gitea_ssh_mode == 'dedicated' else false }}" # ================================================================= # Infrastructure Dependencies (Read-only) # ================================================================= # These variables reference infrastructure services defined by their roles # Applications MUST NOT modify these values - they are provided by infrastructure postgresql_unix_socket_directories: "/var/run/postgresql" postgresql_client_group: "postgres-clients" postgresql_port: 5432 # ================================================================= # Rick-Infra Integration Notes # ================================================================= # This role: # - Depends on PostgreSQL infrastructure role # - Creates its own database and user # - Deploys Caddy configuration to sites-enabled # - Uses native Arch Linux Gitea package # - Follows self-contained service pattern