Initial commit

Signed-off-by: Julien Riou <julien@riou.xyz>
2024-12-21 08:52:45 +01:00 · 2024-12-21 08:52:45 +01:00 · 29b5f93b21
commit 29b5f93b21
parent ad6ca1e4c2
9 changed files with 131 additions and 3 deletions
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 MIT License

-Copyright (c) 2024 jriou
+Copyright (c) 2024 Julien Riou

 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

--- a/README.md
+++ b/README.md
@ -1,3 +1,3 @@
-# ansible-role-forgejo
+# Ansible Role Forgejo

-Ansible role to manage a Forgejo instance
+Ansible role to manage a Forgejo instance.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,10 @@
+---
+forgejo_home_dir: /var/lib/forgejo
+forgejo_config_dir: /etc/forgejo
+forgejo_web_port: 3000
+forgejo_ssh_port: 222
+forgejo_db_username: forgejo
+forgejo_db_password: CHANGEME
+forgejo_db_database: forgejo
+forgejo_manage_iptables: false
+forgejo_allowed_sources: []
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,4 @@
+---
+- name: save iptables
+  ansible.builtin.shell:
+    cmd: netfilter-persistent save
--- a/meta/main.yml
+++ b/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+- role: geerlingguy.docker
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,61 @@
+---
+- name: add forgejo user
+  ansible.builtin.user:
+    name: forgejo
+    system: yes
+    password: '!'
+    home: "{{ forgejo_home_dir }}"
+    create_home: no
+
+- name: read forgejo attributes
+  ansible.builtin.getent:
+    database: passwd
+    key: forgejo
+
+- name: create directories
+  ansible.builtin.file:
+    state: directory
+    path: "{{ item }}"
+    owner: forgejo
+    group: forgejo
+    mode: "0755"
+  loop:
+    - "{{ forgejo_config_dir }}"
+    - "{{ forgejo_home_dir }}"
+    - "{{ forgejo_home_dir }}/server"
+    - "{{ forgejo_home_dir }}/db"
+
+- name: create docker-compose configuration
+  ansible.builtin.template:
+    src: "{{ item.name }}.j2"
+    dest: "{{ forgejo_config_dir }}/{{ item.name }}"
+    owner: root
+    group: root
+    mode: "{{ item.mode }}"
+  loop:
+    - name: docker-compose.yml
+      mode: "0644"
+    - name: server.env
+      mode: "0600"
+    - name: db.env
+      mode: "0600"
+
+- name: start service
+  community.docker.docker_compose_v2:
+    project_src: "{{ forgejo_config_dir }}"
+    files:
+      - docker-compose.yml
+
+- name: allow with iptables
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    source: "{{ item }}"
+    destination_ports:
+      - "{{ forgejo_web_port }}"
+      - "{{ forgejo_ssh_port }}"
+    jump: ACCEPT
+    comment: forgejo
+  loop: "{{ forgejo_allowed_sources }}"
+  notify: Save iptables
+  when: forgejo_manage_iptables
--- a/templates/db.env.j2
+++ b/templates/db.env.j2
@ -0,0 +1,6 @@
+{{ ansible_managed | comment }}
+POSTGRES_USER="{{ forgejo_db_username }}"
+POSTGRES_PASSWORD="{{ forgejo_db_password }}"
+POSTGRES_DB="{{ forgejo_db_database }}"
+POSTGRES_INITDB_ARGS="--data-checksums"
+POSTGRES_HOST_AUTH_METHOD=scram-sha-256
--- a/templates/docker-compose.yml.j2
+++ b/templates/docker-compose.yml.j2
@ -0,0 +1,35 @@
+---
+{{ ansible_managed | comment }}
+services:
+  server:
+    image: codeberg.org/forgejo/forgejo:9
+    container_name: forgejo-server
+    env_file: {{ forgejo_config_dir }}/server.env
+    restart: always
+    networks:
+      - forgejo
+    volumes:
+      - "{{ forgejo_home_dir }}/server:/data"
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "{{ forgejo_web_port }}:3000"
+      - "{{ forgejo_ssh_port }}:22"
+    depends_on:
+      - db
+
+  db:
+    image: postgres:17
+    hostname: db
+    container_name: forgejo-db
+    restart: always
+    env_file: {{ forgejo_config_dir }}/db.env
+    user: "{{ ansible_facts.getent_passwd.forgejo[1] }}:{{ ansible_facts.getent_passwd.forgejo[2] }}"
+    networks:
+      - forgejo
+    volumes:
+      - "{{ forgejo_home_dir }}/db:/var/lib/postgresql/data"
+
+networks:
+  forgejo:
+    external: false
--- a/templates/server.env.j2
+++ b/templates/server.env.j2
@ -0,0 +1,9 @@
+{{ ansible_managed | comment }}
+USER_UID={{ ansible_facts.getent_passwd.forgejo[1] }}
+USER_GID={{ ansible_facts.getent_passwd.forgejo[2] }}
+FORGEJO__server__SSH_PORT={{ forgejo_ssh_port }}
+FORGEJO__database__DB_TYPE=postgres
+FORGEJO__database__HOST=db:5432
+FORGEJO__database__NAME="{{ forgejo_db_database }}"
+FORGEJO__database__USER="{{ forgejo_db_username }}"
+FORGEJO__database__PASSWD="{{ forgejo_db_password }}"