Initial commit

Signed-off-by: Julien Riou <julien@riou.xyz>

roles/forgejo/tasks/main.yml

@@ -0,0 +1,72 @@
+---
+- name: Check required variables
+  ansible.builtin.assert:
+    that:
+      - forgejo_db_password is defined
+
+- name: Create user
+  ansible.builtin.user:
+    name: "{{ forgejo_user }}"
+    system: true
+    password: '!'
+    home: "{{ forgejo_home_dir }}"
+    create_home: false
+
+- name: Read attributes
+  ansible.builtin.getent:
+    database: passwd
+    key: "{{ forgejo_user }}"
+
+- name: Create directories
+  ansible.builtin.file:
+    state: directory
+    path: "{{ item }}"
+    owner: "{{ forgejo_user }}"
+    group: "{{ forgejo_user }}"
+    mode: "0755"
+  loop: &forgejo_directories
+    - "{{ forgejo_config_dir }}"
+    - "{{ forgejo_home_dir }}"
+    - "{{ forgejo_home_dir }}/server"
+    - "{{ forgejo_home_dir }}/db"
+
+- name: Ensure permissions on the directories
+  ansible.builtin.command:
+    cmd: "chown -v -R {{ forgejo_user }}:{{ forgejo_user }} {{ item }}"
+  loop: *forgejo_directories
+  register: forgejo_chown
+  changed_when: forgejo_chown.stdout_lines | regex_search('^changed ownership of') != None
+
+- name: Create docker-compose configuration
+  ansible.builtin.template:
+    src: "{{ item.name }}.j2"
+    dest: "{{ forgejo_config_dir }}/{{ item.name }}"
+    owner: "{{ forgejo_user }}"
+    group: "{{ forgejo_user }}"
+    mode: "{{ item.mode }}"
+  loop:
+    - name: docker-compose.yml
+      mode: "0644"
+    - name: server.env
+      mode: "0600"
+    - name: db.env
+      mode: "0600"
+
+- name: Start service
+  community.docker.docker_compose_v2:
+    project_src: "{{ forgejo_config_dir }}"
+    files:
+      - docker-compose.yml
+
+- name: Allow with iptables
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    source: "{{ item }}"
+    destination_ports:
+      - "{{ forgejo_web_port }}"
+      - "{{ forgejo_ssh_port }}"
+    jump: ACCEPT
+    comment: forgejo
+  loop: "{{ forgejo_allowed_sources }}"
+  when: forgejo_manage_iptables is truthy