Initial commit

roles/forgejo/tasks/deploy-runners.yml

@@ -0,0 +1,20 @@
+---
+- name: register runners
+  ansible.builtin.include_tasks: register-runner.yml
+  loop: "{{ forgejo_runners | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+
+- name: create runners configuration
+  ansible.builtin.template:
+    src: "runners/docker-compose.yml.j2"
+    dest: "{{ forgejo_runners_config_dir }}/docker-compose.yml"
+    owner: root
+    group: root
+    mode: "0644"
+
+- name: start runners service
+  community.docker.docker_compose_v2:
+    project_src: "{{ forgejo_runners_config_dir }}"
+    files:
+      - docker-compose.yml

roles/forgejo/tasks/deploy-server.yml

@@ -0,0 +1,61 @@
+---
+- name: check database password
+  ansible.builtin.assert:
+    that: forgejo_db_password is defined
+
+- name: create directories
+  ansible.builtin.file:
+    state: directory
+    path: "{{ item }}"
+    owner: forgejo
+    group: forgejo
+    mode: "0755"
+  loop: &forgejo_directories
+    - "{{ forgejo_config_dir }}"
+    - "{{ forgejo_home_dir }}"
+    - "{{ forgejo_home_dir }}/server"
+    - "{{ forgejo_home_dir }}/db"
+
+- name: ensure permissions on those directories
+  ansible.builtin.command:
+    cmd: "chown -R forgejo:forgejo {{ item }}"
+  loop: *forgejo_directories
+
+- name: create docker-compose configuration
+  ansible.builtin.template:
+    src: "{{ item.name }}.j2"
+    dest: "{{ forgejo_config_dir }}/{{ item.name }}"
+    owner: root
+    group: root
+    mode: "{{ item.mode }}"
+  loop:
+    - name: docker-compose.yml
+      mode: "0644"
+    - name: server.env
+      mode: "0600"
+    - name: db.env
+      mode: "0600"
+
+- name: start service
+  community.docker.docker_compose_v2:
+    project_src: "{{ forgejo_config_dir }}"
+    files:
+      - docker-compose.yml
+
+- name: allow with iptables
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    source: "{{ item }}"
+    destination_ports:
+      - "{{ forgejo_web_port }}"
+      - "{{ forgejo_ssh_port }}"
+    jump: ACCEPT
+    comment: forgejo
+  loop: "{{ forgejo_allowed_sources }}"
+  notify: save iptables
+  when: forgejo_manage_iptables
+
+- name: deploy runners
+  ansible.builtin.include_tasks: deploy-runners.yml
+  when: forgejo_runners

roles/forgejo/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+- name: add forgejo user
+  ansible.builtin.user:
+    name: forgejo
+    system: yes
+    password: '!'
+    home: "{{ forgejo_home_dir }}"
+    create_home: no
+
+- name: read forgejo attributes
+  ansible.builtin.getent:
+    database: passwd
+    key: forgejo
+
+- name: deploy server
+  ansible.builtin.include_tasks: deploy-server.yml
+  when: forgejo_server
+
+- name: deploy runners
+  ansible.builtin.include_tasks: deploy-runners.yml
+  when: forgejo_runners is defined

roles/forgejo/tasks/register-runner.yml

@@ -0,0 +1,39 @@
+---
+- name: check variables
+  ansible.builtin.assert:
+    that:
+      - forgejo_runners_instance is defined
+      - forgejo_runners_version is defined
+      - forgejo_runners_config_dir is defined
+      - "'key' in item"
+      - "'value' in item"
+
+- name: create runner subdirectory
+  ansible.builtin.file:
+    path: "{{ forgejo_runners_config_dir }}/{{ item.key }}"
+    state: directory
+    mode: "0755"
+    owner: forgejo
+    group: forgejo
+
+- name: register runner
+  ansible.builtin.command:
+    cmd: >-
+      docker run
+        -v /var/run/docker.sock:/var/run/docker.sock
+        -v {{ forgejo_runners_config_dir }}/{{ item.key }}:/data
+        --rm
+        --user {{ ansible_facts.getent_passwd.forgejo[1] }}:{{ ansible_facts.getent_passwd.forgejo[2] }}
+        code.forgejo.org/forgejo/runner:{{ forgejo_runners_version }}
+        forgejo-runner register --no-interactive
+          --token {{ item.value.token }}
+          --name {{ item.key }}
+          --instance {{ forgejo_runners_instance }}
+    creates: "{{ forgejo_runners_config_dir }}/{{ item.key }}/.runner"
+  notify: start runners
+
+- name: create runner configuration
+  ansible.builtin.template:
+    src: runners/config.yml.j2
+    dest: "{{ forgejo_runners_config_dir }}/{{ item.key }}/config.yml"
+  notify: restart runners