Joakim
ddbdefd27f
- Implements complete Gitea Git service following rick-infra self-contained architecture - Uses PostgreSQL infrastructure role as dependency and manages own database/user - Native Arch Linux installation via pacman packages - Automatic database setup (gitea database and user creation) - SystemD service with security hardening and proper dependency management - Caddy reverse proxy integration deployed to sites-enabled directory - SSH server on port 2222 with automatic host key generation - Production-ready with LFS support, security headers, and HTTPS via Caddy - Follows simplified configuration approach with essential variables only - Self-contained pattern: service manages complete setup independently
33 lines
718 B
Django/Jinja
33 lines
718 B
Django/Jinja
# Gitea SystemD Service - Rick-Infra
|
|
# Generated by Ansible Gitea role
|
|
|
|
[Unit]
|
|
Description=Gitea Git with a cup of tea
|
|
After=network.target postgresql.service
|
|
Wants=postgresql.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
User={{ gitea_user }}
|
|
Group={{ gitea_group }}
|
|
WorkingDirectory={{ gitea_home }}
|
|
ExecStart=/usr/bin/gitea web --config /etc/gitea/app.ini
|
|
Restart=always
|
|
RestartSec=10
|
|
|
|
# Security hardening
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
ProtectHome=true
|
|
ProtectSystem=strict
|
|
ReadWritePaths={{ gitea_home }}
|
|
ReadWritePaths=/etc/gitea
|
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
|
|
|
# Process limits
|
|
LimitNOFILE=65536
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|
|
# Rick-Infra: Self-contained Gitea service with security hardening |