Initial commit

Signed-off-by: Julien Riou <julien@riou.xyz>
This commit is contained in:
Julien Riou 2024-12-21 08:52:45 +01:00
parent ad6ca1e4c2
commit 29b5f93b21
Signed by: jriou
GPG key ID: 9A099EDA51316854
9 changed files with 131 additions and 3 deletions

View file

@ -1,6 +1,6 @@
MIT License MIT License
Copyright (c) 2024 jriou Copyright (c) 2024 Julien Riou
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

View file

@ -1,3 +1,3 @@
# ansible-role-forgejo # Ansible Role Forgejo
Ansible role to manage a Forgejo instance Ansible role to manage a Forgejo instance.

10
defaults/main.yml Normal file
View file

@ -0,0 +1,10 @@
---
forgejo_home_dir: /var/lib/forgejo
forgejo_config_dir: /etc/forgejo
forgejo_web_port: 3000
forgejo_ssh_port: 222
forgejo_db_username: forgejo
forgejo_db_password: CHANGEME
forgejo_db_database: forgejo
forgejo_manage_iptables: false
forgejo_allowed_sources: []

4
handlers/main.yml Normal file
View file

@ -0,0 +1,4 @@
---
- name: save iptables
ansible.builtin.shell:
cmd: netfilter-persistent save

3
meta/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
dependencies:
- role: geerlingguy.docker

61
tasks/main.yml Normal file
View file

@ -0,0 +1,61 @@
---
- name: add forgejo user
ansible.builtin.user:
name: forgejo
system: yes
password: '!'
home: "{{ forgejo_home_dir }}"
create_home: no
- name: read forgejo attributes
ansible.builtin.getent:
database: passwd
key: forgejo
- name: create directories
ansible.builtin.file:
state: directory
path: "{{ item }}"
owner: forgejo
group: forgejo
mode: "0755"
loop:
- "{{ forgejo_config_dir }}"
- "{{ forgejo_home_dir }}"
- "{{ forgejo_home_dir }}/server"
- "{{ forgejo_home_dir }}/db"
- name: create docker-compose configuration
ansible.builtin.template:
src: "{{ item.name }}.j2"
dest: "{{ forgejo_config_dir }}/{{ item.name }}"
owner: root
group: root
mode: "{{ item.mode }}"
loop:
- name: docker-compose.yml
mode: "0644"
- name: server.env
mode: "0600"
- name: db.env
mode: "0600"
- name: start service
community.docker.docker_compose_v2:
project_src: "{{ forgejo_config_dir }}"
files:
- docker-compose.yml
- name: allow with iptables
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
source: "{{ item }}"
destination_ports:
- "{{ forgejo_web_port }}"
- "{{ forgejo_ssh_port }}"
jump: ACCEPT
comment: forgejo
loop: "{{ forgejo_allowed_sources }}"
notify: Save iptables
when: forgejo_manage_iptables

6
templates/db.env.j2 Normal file
View file

@ -0,0 +1,6 @@
{{ ansible_managed | comment }}
POSTGRES_USER="{{ forgejo_db_username }}"
POSTGRES_PASSWORD="{{ forgejo_db_password }}"
POSTGRES_DB="{{ forgejo_db_database }}"
POSTGRES_INITDB_ARGS="--data-checksums"
POSTGRES_HOST_AUTH_METHOD=scram-sha-256

View file

@ -0,0 +1,35 @@
---
{{ ansible_managed | comment }}
services:
server:
image: codeberg.org/forgejo/forgejo:9
container_name: forgejo-server
env_file: {{ forgejo_config_dir }}/server.env
restart: always
networks:
- forgejo
volumes:
- "{{ forgejo_home_dir }}/server:/data"
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "{{ forgejo_web_port }}:3000"
- "{{ forgejo_ssh_port }}:22"
depends_on:
- db
db:
image: postgres:17
hostname: db
container_name: forgejo-db
restart: always
env_file: {{ forgejo_config_dir }}/db.env
user: "{{ ansible_facts.getent_passwd.forgejo[1] }}:{{ ansible_facts.getent_passwd.forgejo[2] }}"
networks:
- forgejo
volumes:
- "{{ forgejo_home_dir }}/db:/var/lib/postgresql/data"
networks:
forgejo:
external: false

9
templates/server.env.j2 Normal file
View file

@ -0,0 +1,9 @@
{{ ansible_managed | comment }}
USER_UID={{ ansible_facts.getent_passwd.forgejo[1] }}
USER_GID={{ ansible_facts.getent_passwd.forgejo[2] }}
FORGEJO__server__SSH_PORT={{ forgejo_ssh_port }}
FORGEJO__database__DB_TYPE=postgres
FORGEJO__database__HOST=db:5432
FORGEJO__database__NAME="{{ forgejo_db_database }}"
FORGEJO__database__USER="{{ forgejo_db_username }}"
FORGEJO__database__PASSWD="{{ forgejo_db_password }}"