jriou/ansible-role-forgejo
1
0
Fork 0
Code Issues Pull requests Activity

feat: Deploy server and runners independently

Browse source 
Signed-off-by: Julien Riou <julien@riou.xyz>
This commit is contained in:
Julien Riou 2025-08-25 16:58:33 +02:00
parent 6c7280b213
commit 5f90be4299
Signed by: jriou
GPG key ID: 9A099EDA51316854
5 changed files with 64 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

2
defaults/main.yml
View file

@ -1,4 +1,5 @@
--- ---
forgejo_server: true
forgejo_version: 11 forgejo_version: 11
forgejo_home_dir: /var/lib/forgejo forgejo_home_dir: /var/lib/forgejo
forgejo_config_dir: /etc/forgejo forgejo_config_dir: /etc/forgejo
@ -11,6 +12,7 @@ forgejo_manage_iptables: false
forgejo_allowed_sources: [] forgejo_allowed_sources: []
forgejo_runners_version: 9.1.1 forgejo_runners_version: 9.1.1
forgejo_runners_config_dir: /etc/forgejo-runners forgejo_runners_config_dir: /etc/forgejo-runners
# forgejo_runners_instance:
# forgejo_runners: # forgejo_runners:
# repository: token # repository: token
forgejo_runners: {} forgejo_runners: {}

57
tasks/deploy-server.yml Normal file
View file

@ -0,0 +1,57 @@
---
- name: create directories
ansible.builtin.file:
state: directory
path: "{{ item }}"
owner: forgejo
group: forgejo
mode: "0755"
loop: &forgejo_directories
- "{{ forgejo_config_dir }}"
- "{{ forgejo_home_dir }}"
- "{{ forgejo_home_dir }}/server"
- "{{ forgejo_home_dir }}/db"
- name: ensure permissions on those directories
ansible.builtin.command:
cmd: "chown -R forgejo:forgejo {{ item }}"
loop: *forgejo_directories
- name: create docker-compose configuration
ansible.builtin.template:
src: "{{ item.name }}.j2"
dest: "{{ forgejo_config_dir }}/{{ item.name }}"
owner: root
group: root
mode: "{{ item.mode }}"
loop:
- name: docker-compose.yml
mode: "0644"
- name: server.env
mode: "0600"
- name: db.env
mode: "0600"
- name: start service
community.docker.docker_compose_v2:
project_src: "{{ forgejo_config_dir }}"
files:
- docker-compose.yml
- name: allow with iptables
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
source: "{{ item }}"
destination_ports:
- "{{ forgejo_web_port }}"
- "{{ forgejo_ssh_port }}"
jump: ACCEPT
comment: forgejo
loop: "{{ forgejo_allowed_sources }}"
notify: save iptables
when: forgejo_manage_iptables
- name: deploy runners
ansible.builtin.include_tasks: deploy-runners.yml
when: forgejo_runners

55
tasks/main.yml
View file

@ -12,58 +12,9 @@
database: passwd database: passwd
key: forgejo key: forgejo
- name: create directories - name: deploy server
ansible.builtin.file: ansible.builtin.include_tasks: deploy-server.yml
state: directory when: forgejo_server
path: "{{ item }}"
owner: forgejo
group: forgejo
mode: "0755"
loop: &forgejo_directories
- "{{ forgejo_config_dir }}"
- "{{ forgejo_home_dir }}"
- "{{ forgejo_home_dir }}/server"
- "{{ forgejo_home_dir }}/db"
- name: ensure permissions on those directories
ansible.builtin.command:
cmd: "chown -R forgejo:forgejo {{ item }}"
loop: *forgejo_directories
- name: create docker-compose configuration
ansible.builtin.template:
src: "{{ item.name }}.j2"
dest: "{{ forgejo_config_dir }}/{{ item.name }}"
owner: root
group: root
mode: "{{ item.mode }}"
loop:
- name: docker-compose.yml
mode: "0644"
- name: server.env
mode: "0600"
- name: db.env
mode: "0600"
- name: start service
community.docker.docker_compose_v2:
project_src: "{{ forgejo_config_dir }}"
files:
- docker-compose.yml
- name: allow with iptables
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
source: "{{ item }}"
destination_ports:
- "{{ forgejo_web_port }}"
- "{{ forgejo_ssh_port }}"
jump: ACCEPT
comment: forgejo
loop: "{{ forgejo_allowed_sources }}"
notify: save iptables
when: forgejo_manage_iptables
- name: deploy runners - name: deploy runners
ansible.builtin.include_tasks: deploy-runners.yml ansible.builtin.include_tasks: deploy-runners.yml

5
tasks/register-runner.yml
View file

@ -2,7 +2,7 @@
- name: check variables - name: check variables
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- forgejo_web_port | mandatory - forgejo_runners_instance | mandatory
- forgejo_runners_version | mandatory - forgejo_runners_version | mandatory
- forgejo_runners_config_dir | mandatory - forgejo_runners_config_dir | mandatory
- item.key | mandatory - item.key | mandatory
@ -23,13 +23,12 @@
-v /var/run/docker.sock:/var/run/docker.sock -v /var/run/docker.sock:/var/run/docker.sock
-v {{ forgejo_runners_config_dir }}/{{ item.key }}:/data -v {{ forgejo_runners_config_dir }}/{{ item.key }}:/data
--rm --rm
--network forgejo_forgejo
--user {{ ansible_facts.getent_passwd.forgejo[1] }}:{{ ansible_facts.getent_passwd.forgejo[2] }} --user {{ ansible_facts.getent_passwd.forgejo[1] }}:{{ ansible_facts.getent_passwd.forgejo[2] }}
code.forgejo.org/forgejo/runner:{{ forgejo_runners_version }} code.forgejo.org/forgejo/runner:{{ forgejo_runners_version }}
forgejo-runner register --no-interactive forgejo-runner register --no-interactive
--token {{ item.value }} --token {{ item.value }}
--name {{ item.key }} --name {{ item.key }}
--instance http://forgejo-server:{{ forgejo_web_port }} --instance {{ forgejo_runners_instance }}
creates: "{{ forgejo_runners_config_dir }}/{{ item.key }}/.runner" creates: "{{ forgejo_runners_config_dir }}/{{ item.key }}/.runner"
notify: start runners notify: start runners

11
templates/runners/docker-compose.yml.j2
View file

@ -2,17 +2,13 @@
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
services: services:
docker: docker:
container_name: forgejo-docker
image: docker:dind image: docker:dind
privileged: true privileged: true
volumes: volumes:
- certs:/certs - certs:/certs
networks:
- forgejo
{% for runner in forgejo_runners %} {% for runner in forgejo_runners %}
runner-{{ runner }}: runner-{{ runner }}:
container_name: forgejo-runners-{{ runner }}
image: code.forgejo.org/forgejo/runner:{{ forgejo_runners_version }} image: code.forgejo.org/forgejo/runner:{{ forgejo_runners_version }}
user: {{ ansible_facts.getent_passwd.forgejo[1] }}:{{ ansible_facts.getent_passwd.forgejo[2] }} user: {{ ansible_facts.getent_passwd.forgejo[1] }}:{{ ansible_facts.getent_passwd.forgejo[2] }}
environment: environment:
@ -23,14 +19,7 @@ services:
- {{ forgejo_runners_config_dir }}/{{ runner }}:/data - {{ forgejo_runners_config_dir }}/{{ runner }}:/data
- certs:/certs - certs:/certs
command: 'forgejo-runner --config config.yml daemon' command: 'forgejo-runner --config config.yml daemon'
networks:
- forgejo
{% endfor %} {% endfor %}
volumes: volumes:
certs: certs:
networks:
forgejo:
external: true
name: forgejo_forgejo