joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bfd6f22f0e2f81d0e027ea55161053eb9db3d403
rick-infra/roles/gitea/templates/app.ini.j2
Joakim 90bbcd97b1 Add Gitea email configuration and document SMTP authentication troubleshooting 
Changes:
- Configure Gitea mailer with Titan Email SMTP settings
- Add SMTP_AUTH = PLAIN for authentication method specification
- Update SMTP password in vault (vault_gitea_smtp_password)

Email Status:
Currently non-functional due to SMTP authentication rejection by Titan Email
servers. Error: 535 5.7.8 authentication failed

Troubleshooting Performed:
- Tested both port 587 (STARTTLS) and 465 (SSL/TLS)
- Verified credentials work in webmail
- Tested AUTH PLAIN and AUTH LOGIN methods
- Removed conflicting TLS settings
- Both authentication methods rejected despite correct credentials

Root Cause:
The issue is NOT a Gitea configuration problem. Titan Email SMTP server
is rejecting all authentication attempts from the VPS (69.62.119.31)
despite credentials being correct and working in webmail.

Possible causes:
- SMTP access may need to be enabled in Hostinger control panel
- VPS IP may require whitelisting
- Account may need additional verification for SMTP access
- Titan Email plan may not include external SMTP access

Documentation:
Created comprehensive troubleshooting guide at:
docs/gitea-email-troubleshooting.md

Files Modified:
- roles/gitea/templates/app.ini.j2 (+1 line: SMTP_AUTH = PLAIN)
- docs/gitea-email-troubleshooting.md (new file, complete troubleshooting log)
- host_vars/arch-vps/vault.yml (updated SMTP password - not committed)

Next Steps:
- Check Hostinger control panel for SMTP/IMAP access toggle
- Test SMTP from different IP to rule out IP blocking
- Contact Hostinger/Titan support for SMTP access verification
- Consider alternative email providers if Titan SMTP unavailable
2025-12-19 21:25:14 +01:00

159 lines
4.8 KiB
Django/Jinja
Raw Blame History

# Gitea Configuration - Rick-Infra
# Generated by Ansible Gitea role
[DEFAULT]
APP_NAME = {{ gitea_app_name }}
RUN_MODE = {{ gitea_run_mode }}
[repository]
# === Repository Storage ===
ROOT = {{ gitea_home }}/repositories
DEFAULT_BRANCH = {{ gitea_default_branch }}
# === Privacy Defaults ===
DEFAULT_PRIVATE = {{ gitea_default_private }}
DEFAULT_PUSH_CREATE_PRIVATE = {{ gitea_default_push_create_private | lower }}
# === Repository Features ===
DISABLED_REPO_UNITS = {{ gitea_disabled_repo_units }}
ENABLE_PUSH_CREATE_USER = {{ gitea_enable_push_create_user | lower }}
ENABLE_PUSH_CREATE_ORG = {{ gitea_enable_push_create_org | lower }}
[server]
PROTOCOL = http
DOMAIN = {{ gitea_http_domain }}
HTTP_PORT = {{ gitea_http_port }}
ROOT_URL = https://{{ gitea_http_domain }}/
DISABLE_SSH = false
# SSH Mode: {{ gitea_ssh_mode }}
START_SSH_SERVER = {{ gitea_start_ssh_server | lower }}
SSH_DOMAIN = {{ gitea_ssh_domain }}
SSH_PORT = {{ gitea_ssh_port }}
{% if gitea_ssh_mode == 'dedicated' %}
SSH_LISTEN_PORT = {{ gitea_ssh_port }}
{% endif %}
LOCAL_ROOT_URL = http://127.0.0.1:{{ gitea_http_port }}/
APP_DATA_PATH = {{ gitea_home }}/data
[database]
DB_TYPE = {{ gitea_db_type }}
{% if gitea_db_host.startswith('/') %}
# Unix socket connection
HOST = {{ gitea_db_host }}
{% else %}
# TCP connection
HOST = {{ gitea_db_host }}:{{ gitea_db_port }}
{% endif %}
NAME = {{ gitea_db_name }}
USER = {{ gitea_db_user }}
PASSWD = {{ gitea_db_password }}
SSL_MODE = disable
CHARSET = utf8
[security]
# === Core Security ===
INSTALL_LOCK = true
SECRET_KEY = {{ ansible_machine_id }}{{ gitea_db_password | hash('sha256') }}
INTERNAL_TOKEN = {{ (ansible_machine_id + gitea_db_password) | hash('sha256') }}
# === Enhanced Security ===
CSRF_COOKIE_HTTP_ONLY = {{ gitea_csrf_cookie_httponly | lower }}
PASSWORD_CHECK_PWN = {{ gitea_password_check_pwn | lower }}
REVERSE_PROXY_LIMIT = {{ gitea_reverse_proxy_limit }}
REVERSE_PROXY_TRUSTED_PROXIES = {{ gitea_reverse_proxy_trusted_proxies }}
[service]
# === Access Control ===
DISABLE_REGISTRATION = {{ gitea_disable_registration | lower }}
REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin | lower }}
SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button | lower }}
# === OAuth Configuration ===
ENABLE_PASSWORD_SIGNIN_FORM = {{ gitea_enable_password_signin | lower }}
ENABLE_BASIC_AUTHENTICATION = {{ gitea_enable_basic_auth | lower }}
# === Defaults ===
DEFAULT_KEEP_EMAIL_PRIVATE = true
DEFAULT_ALLOW_CREATE_ORGANIZATION = {{ gitea_allow_create_org | lower }}
NO_REPLY_ADDRESS = noreply@{{ gitea_http_domain }}
[oauth2_client]
# === Authentik OAuth Integration ===
ENABLE_AUTO_REGISTRATION = {{ gitea_oauth2_auto_registration | lower }}
ACCOUNT_LINKING = {{ gitea_oauth2_account_linking }}
USERNAME = {{ gitea_oauth2_username_source }}
UPDATE_AVATAR = {{ gitea_oauth2_update_avatar | lower }}
OPENID_CONNECT_SCOPES = {{ gitea_oauth2_scopes }}
REGISTER_EMAIL_CONFIRM = {{ gitea_oauth2_register_email_confirm | lower }}
[mailer]
ENABLED = {{ gitea_mailer_enabled | lower }}
{% if gitea_mailer_enabled %}
PROTOCOL = {{ gitea_mailer_protocol }}
SMTP_ADDR = {{ gitea_smtp_addr }}
SMTP_PORT = {{ gitea_smtp_port }}
FROM = {{ gitea_mailer_from }}
USER = {{ gitea_mailer_user }}
PASSWD = {{ gitea_mailer_password }}
SUBJECT_PREFIX = {{ gitea_mailer_subject_prefix }}
SEND_AS_PLAIN_TEXT = false
SMTP_AUTH = PLAIN
{% endif %}
[session]
# === Session Security ===
PROVIDER = {{ gitea_session_provider }}
COOKIE_NAME = {{ gitea_session_cookie_name }}
COOKIE_SECURE = {{ gitea_cookie_secure | lower }}
SESSION_LIFE_TIME = {{ gitea_session_life_time }}
SAME_SITE = {{ gitea_session_same_site }}
[log]
MODE = console
LEVEL = Info
ROOT_PATH = {{ gitea_home }}/log
{% if gitea_enable_lfs %}
[lfs]
START_SERVER = true
CONTENT_PATH = {{ gitea_home }}/data/lfs
{% endif %}
[git]
PATH = /usr/bin/git
[actions]
# === CI/CD Configuration ===
ENABLED = {{ gitea_actions_enabled | lower }}
{% if gitea_actions_enabled %}
DEFAULT_ACTIONS_URL = {{ gitea_actions_default_url }}
LOG_RETENTION_DAYS = {{ gitea_actions_log_retention_days }}
ARTIFACT_RETENTION_DAYS = {{ gitea_actions_artifact_retention_days }}
{% endif %}
[mirror]
# === Repository Mirroring ===
ENABLED = {{ gitea_mirror_enabled | lower }}
DISABLE_NEW_PULL = false
DISABLE_NEW_PUSH = false
DEFAULT_INTERVAL = {{ gitea_mirror_default_interval }}
MIN_INTERVAL = {{ gitea_mirror_min_interval }}
[api]
# === API Configuration ===
ENABLE_SWAGGER = {{ gitea_api_swagger_enabled | lower }}
MAX_RESPONSE_ITEMS = 50
DEFAULT_PAGING_NUM = 30
[webhook]
# === Webhook Security ===
ALLOWED_HOST_LIST = {{ gitea_webhook_allowed_hosts }}
SKIP_TLS_VERIFY = {{ gitea_webhook_skip_tls_verify | lower }}
DELIVER_TIMEOUT = {{ gitea_webhook_deliver_timeout }}
[service.explore]
# === Public Content Exploration ===
REQUIRE_SIGNIN_VIEW = {{ gitea_explore_require_signin | lower }}
# Rick-Infra: Private Gitea configuration with OAuth and email support
Reference in New Issue View Git Blame Copy Permalink