initial commit
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
commit
75891c3271
129 changed files with 8046 additions and 0 deletions
26
roles/forgejo/defaults/main.yml
Normal file
26
roles/forgejo/defaults/main.yml
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
# Display name shown in the UI, emails, and page title
|
||||
forgejo_app_name: "Forgejo"
|
||||
|
||||
# Ports (internal to docker network)
|
||||
forgejo_port: 3000
|
||||
forgejo_ssh_port: 2222
|
||||
|
||||
# Registration and access
|
||||
forgejo_disable_registration: true
|
||||
forgejo_require_signin: false
|
||||
|
||||
# Timezone for the Forgejo UI — defaults to the system timezone
|
||||
forgejo_timezone: "{{ timezone | default('UTC') }}"
|
||||
|
||||
# Email notifications (set to true and configure smtp vars to enable)
|
||||
forgejo_mailer_enabled: false
|
||||
# forgejo_smtp_host: mail.example.com
|
||||
# forgejo_smtp_port: 587
|
||||
# forgejo_smtp_user: notifications@example.com
|
||||
# forgejo_mailer_from: "Forgejo <notifications@example.com>"
|
||||
# forgejo_smtp_password: defined in vault.yml
|
||||
|
||||
# Actions runner
|
||||
forgejo_runner_name: default-runner
|
||||
forgejo_runner_labels: "docker:docker://node:20-bookworm,ubuntu-latest:docker://ubuntu:latest,ubuntu-22.04:docker://ubuntu:22.04"
|
||||
6
roles/forgejo/handlers/main.yml
Normal file
6
roles/forgejo/handlers/main.yml
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
- name: Restart forgejo
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: /srv/forgejo
|
||||
state: restarted
|
||||
build: never
|
||||
128
roles/forgejo/tasks/main.yml
Normal file
128
roles/forgejo/tasks/main.yml
Normal file
|
|
@ -0,0 +1,128 @@
|
|||
---
|
||||
- name: Allow Forgejo SSH traffic
|
||||
ufw:
|
||||
rule: allow
|
||||
port: "{{ forgejo_ssh_port }}"
|
||||
proto: tcp
|
||||
|
||||
- name: Create Forgejo directories
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: '0755'
|
||||
loop:
|
||||
- /srv/forgejo
|
||||
|
||||
- name: Create Forgejo data directory
|
||||
ansible.builtin.file:
|
||||
path: /srv/forgejo/data
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
# stat+chown: avoids UID/GID lookup warnings for container-internal UIDs not present on host
|
||||
- name: Stat Forgejo data directory
|
||||
ansible.builtin.stat:
|
||||
path: /srv/forgejo/data
|
||||
register: forgejo_data_stat
|
||||
|
||||
- name: Set Forgejo data directory ownership
|
||||
ansible.builtin.command: chown 1000:1000 /srv/forgejo/data
|
||||
when: forgejo_data_stat.stat.uid != 1000 or forgejo_data_stat.stat.gid != 1000
|
||||
|
||||
- name: Create runner data directory
|
||||
ansible.builtin.file:
|
||||
path: /srv/forgejo/runner
|
||||
state: directory
|
||||
mode: '0755'
|
||||
when: enable_forgejo_runner | default(true)
|
||||
|
||||
# stat+chown: avoids UID/GID lookup warnings for container-internal UIDs not present on host
|
||||
- name: Stat runner data directory
|
||||
ansible.builtin.stat:
|
||||
path: /srv/forgejo/runner
|
||||
register: forgejo_runner_stat
|
||||
when: enable_forgejo_runner | default(true)
|
||||
|
||||
- name: Set runner data directory ownership
|
||||
ansible.builtin.command: chown 1000:1000 /srv/forgejo/runner
|
||||
when: (enable_forgejo_runner | default(true)) and (forgejo_runner_stat.stat.uid != 1000 or forgejo_runner_stat.stat.gid != 1000)
|
||||
|
||||
- name: Deploy Forgejo docker-compose file
|
||||
ansible.builtin.template:
|
||||
src: compose.yml.j2
|
||||
dest: /srv/forgejo/compose.yml
|
||||
mode: '0644'
|
||||
notify: Restart forgejo
|
||||
|
||||
- name: Deploy Forgejo app.ini configuration
|
||||
ansible.builtin.template:
|
||||
src: app.ini.j2
|
||||
dest: /srv/forgejo/data/gitea/conf/app.ini
|
||||
mode: '0644'
|
||||
notify: Restart forgejo
|
||||
|
||||
- name: Start Forgejo server
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: /srv/forgejo
|
||||
services:
|
||||
- forgejo
|
||||
state: present
|
||||
build: never
|
||||
register: forgejo_output
|
||||
|
||||
- name: Wait for Forgejo to be ready
|
||||
ansible.builtin.uri:
|
||||
url: "http://localhost:{{ forgejo_port }}"
|
||||
status_code: 200
|
||||
retries: 30
|
||||
delay: 2
|
||||
when: forgejo_output.changed
|
||||
|
||||
# Runner registration (one-time)
|
||||
- name: Check if runner is already registered
|
||||
ansible.builtin.stat:
|
||||
path: /srv/forgejo/runner/.runner
|
||||
register: runner_file
|
||||
when: enable_forgejo_runner | default(true)
|
||||
|
||||
- name: Generate runner registration token
|
||||
community.docker.docker_container_exec:
|
||||
container: forgejo
|
||||
command: forgejo forgejo-cli actions generate-runner-token
|
||||
user: git
|
||||
register: runner_token
|
||||
when:
|
||||
- enable_forgejo_runner | default(true)
|
||||
- not runner_file.stat.exists
|
||||
|
||||
- name: Deploy runner config
|
||||
ansible.builtin.template:
|
||||
src: runner-config.yml.j2
|
||||
dest: /srv/forgejo/runner/config.yml
|
||||
mode: '0644'
|
||||
when: enable_forgejo_runner | default(true)
|
||||
notify: Restart forgejo
|
||||
|
||||
- name: Register Forgejo runner
|
||||
ansible.builtin.command:
|
||||
cmd: >-
|
||||
docker run --rm
|
||||
--network git
|
||||
-v /srv/forgejo/runner:/data
|
||||
code.forgejo.org/forgejo/runner:{{ forgejo_runner_version }}
|
||||
forgejo-runner register --no-interactive
|
||||
--instance http://forgejo:3000
|
||||
--token {{ runner_token.stdout | trim }}
|
||||
--name {{ forgejo_runner_name }}
|
||||
--labels {{ forgejo_runner_labels }}
|
||||
when:
|
||||
- enable_forgejo_runner | default(true)
|
||||
- not runner_file.stat.exists
|
||||
notify: Restart forgejo
|
||||
|
||||
- name: Start all Forgejo services
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: /srv/forgejo
|
||||
state: present
|
||||
build: never
|
||||
when: enable_forgejo_runner | default(true)
|
||||
71
roles/forgejo/templates/app.ini.j2
Normal file
71
roles/forgejo/templates/app.ini.j2
Normal file
|
|
@ -0,0 +1,71 @@
|
|||
APP_NAME = {{ forgejo_app_name }}
|
||||
RUN_MODE = prod
|
||||
WORK_PATH = /data/gitea
|
||||
|
||||
[server]
|
||||
DOMAIN = {{ forgejo_domain }}
|
||||
ROOT_URL = https://{{ forgejo_domain }}/
|
||||
HTTP_PORT = 3000
|
||||
SSH_DOMAIN = {{ forgejo_domain }}
|
||||
SSH_PORT = {{ forgejo_ssh_port }}
|
||||
START_SSH_SERVER = true
|
||||
|
||||
[database]
|
||||
DB_TYPE = sqlite3
|
||||
PATH = /data/gitea/gitea.db
|
||||
|
||||
[repository]
|
||||
ROOT = /data/git/repositories
|
||||
|
||||
[log]
|
||||
MODE = console
|
||||
LEVEL = Info
|
||||
|
||||
[security]
|
||||
INSTALL_LOCK = true
|
||||
SECRET_KEY = {{ forgejo_secret_key }}
|
||||
INTERNAL_TOKEN = {{ forgejo_internal_token }}
|
||||
|
||||
[service]
|
||||
DISABLE_REGISTRATION = {{ forgejo_disable_registration }}
|
||||
REQUIRE_SIGNIN_VIEW = {{ forgejo_require_signin }}
|
||||
DEFAULT_KEEP_EMAIL_PRIVATE = true
|
||||
|
||||
[mailer]
|
||||
ENABLED = {{ forgejo_mailer_enabled }}
|
||||
{% if forgejo_mailer_enabled %}
|
||||
FROM = {{ forgejo_mailer_from }}
|
||||
PROTOCOL = smtp
|
||||
SMTP_ADDR = {{ forgejo_smtp_host }}
|
||||
SMTP_PORT = {{ forgejo_smtp_port }}
|
||||
USER = {{ forgejo_smtp_user }}
|
||||
PASSWD = {{ forgejo_smtp_password }}
|
||||
{% endif %}
|
||||
|
||||
[session]
|
||||
PROVIDER = file
|
||||
|
||||
[picture]
|
||||
DISABLE_GRAVATAR = false
|
||||
ENABLE_FEDERATED_AVATAR = true
|
||||
|
||||
[openid]
|
||||
ENABLE_OPENID_SIGNIN = false
|
||||
ENABLE_OPENID_SIGNUP = false
|
||||
|
||||
[oauth2]
|
||||
JWT_SECRET = {{ forgejo_jwt_secret }}
|
||||
|
||||
[attachment]
|
||||
ENABLED = true
|
||||
MAX_SIZE = 50
|
||||
|
||||
[time]
|
||||
DEFAULT_UI_LOCATION = {{ forgejo_timezone }}
|
||||
|
||||
[metrics]
|
||||
ENABLED = true
|
||||
|
||||
[actions]
|
||||
ENABLED = true
|
||||
DEFAULT_ACTIONS_URL = https://code.forgejo.org
|
||||
49
roles/forgejo/templates/compose.yml.j2
Normal file
49
roles/forgejo/templates/compose.yml.j2
Normal file
|
|
@ -0,0 +1,49 @@
|
|||
services:
|
||||
forgejo:
|
||||
image: codeberg.org/forgejo/forgejo:{{ forgejo_version }}
|
||||
container_name: forgejo
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- USER_UID=1000
|
||||
- USER_GID=1000
|
||||
volumes:
|
||||
- /srv/forgejo/data:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
- "{{ forgejo_port }}:3000"
|
||||
- "{{ forgejo_ssh_port }}:2222"
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "wget -q -O /dev/null http://localhost:3000/api/v1/version || exit 1"]
|
||||
interval: 30s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
start_period: 60s
|
||||
networks:
|
||||
- git
|
||||
- monitoring
|
||||
|
||||
{% if enable_forgejo_runner | default(true) %}
|
||||
runner:
|
||||
image: code.forgejo.org/forgejo/runner:{{ forgejo_runner_version }}
|
||||
container_name: forgejo-runner
|
||||
restart: unless-stopped
|
||||
user: "0:0"
|
||||
depends_on:
|
||||
forgejo:
|
||||
condition: service_healthy
|
||||
volumes:
|
||||
- /srv/forgejo/runner:/data
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
environment:
|
||||
DOCKER_HOST: unix:///var/run/docker.sock
|
||||
command: forgejo-runner daemon --config /data/config.yml
|
||||
networks:
|
||||
- git
|
||||
{% endif %}
|
||||
|
||||
networks:
|
||||
git:
|
||||
external: true
|
||||
monitoring:
|
||||
external: true
|
||||
14
roles/forgejo/templates/runner-config.yml.j2
Normal file
14
roles/forgejo/templates/runner-config.yml.j2
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
log:
|
||||
level: info
|
||||
|
||||
runner:
|
||||
file: .runner
|
||||
capacity: 1
|
||||
timeout: 3h
|
||||
|
||||
container:
|
||||
# job containers must be on this network to resolve the forgejo hostname for git operations
|
||||
network: "git"
|
||||
privileged: false
|
||||
valid_volumes:
|
||||
- '**'
|
||||
Loading…
Add table
Add a link
Reference in a new issue