Compare commits

...

34 commits
1.16.6 ... main

Author SHA1 Message Date
bd4c5af5bb 9.0.2 (#61)
- Updated to version 9.0.2
-  Improved and simplified download url
-  Applied style guide

Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: #61
Reviewed-by: meaz <meaz@no-reply@disroot.org>
Co-authored-by: muppeth <muppeth@disroot.org>
Co-committed-by: muppeth <muppeth@disroot.org>
2024-12-03 21:14:24 +01:00
4e2d8007bb Version 8.0.3 (#58)
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: #58
Reviewed-by: meaz <meaz@no-reply@disroot.org>
Co-authored-by: muppeth <muppeth@disroot.org>
Co-committed-by: muppeth <muppeth@disroot.org>
2024-10-08 20:56:43 +02:00
041aa75a0d 8.0.2 (#57)
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: #57
Reviewed-by: meaz <meaz@no-reply@disroot.org>
Co-authored-by: muppeth <muppeth@disroot.org>
Co-committed-by: muppeth <muppeth@disroot.org>
2024-09-03 21:01:13 +02:00
19d296b9d7 staging to main - 8.0.1' (#54)
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: #54
Co-authored-by: muppeth <muppeth@disroot.org>
Co-committed-by: muppeth <muppeth@disroot.org>
2024-08-27 23:13:19 +02:00
5bd74bd11b improve upgrade and update to 7.0.5 (#51)
To be merged when deploying to prod.

Co-authored-by: muppeth <muppeth@disroot.org>
Reviewed-on: #51
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
Co-authored-by: meaz <meaz@disroot.org>
Co-committed-by: meaz <meaz@disroot.org>
2024-08-06 21:23:22 +02:00
3f50a9f3ba Update to 7.0.4 (#50)
Co-authored-by: muppeth <muppeth@disroot.org>
Reviewed-on: #50
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
Co-authored-by: meaz <meaz@disroot.org>
Co-committed-by: meaz <meaz@disroot.org>
2024-07-12 09:03:24 +02:00
56782e146d V7.0.2 (#45) (#46)
- Upgrade to version 7.0.3
- Added extra check tasks to upgrade process

Reviewed-on: #45
Reviewed-by: meaz <meaz@no-reply@disroot.org>
Co-authored-by: muppeth <muppeth@disroot.org>
Co-committed-by: muppeth <muppeth@disroot.org>

Reviewed-on: #46
Reviewed-by: meaz <meaz@no-reply@disroot.org>
Co-authored-by: muppeth <muppeth@disroot.org>
Co-committed-by: muppeth <muppeth@disroot.org>
2024-06-13 21:48:30 +02:00
faf1fb5895 Update to 1.21.7-0 (#43)
Reviewed-on: #43
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
Co-authored-by: meaz <meaz@disroot.org>
Co-committed-by: meaz <meaz@disroot.org>
2024-03-12 19:38:44 +00:00
58b4b3d74e Bump to 1.21.5-0 (#42)
Reviewed-on: #42
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
Co-authored-by: meaz <meaz@disroot.org>
Co-committed-by: meaz <meaz@disroot.org>
2024-02-11 09:07:56 +00:00
edf2d1721d bump to 1.21.3-0 (#40)
Co-authored-by: muppeth <muppeth@disroot.org>
Reviewed-on: #40
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
Co-authored-by: meaz <meaz@disroot.org>
Co-committed-by: meaz <meaz@disroot.org>
2024-01-09 19:55:44 +00:00
a2b34421b3 v1.21.2-0 (#39)
Reviewed-on: #39
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
Co-authored-by: meaz <meaz@disroot.org>
Co-committed-by: meaz <meaz@disroot.org>
2023-12-13 20:12:37 +00:00
2ac865ad85 1.20.6 0 (#38)
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: #38
Reviewed-by: meaz <meaz@no-reply@disroot.org>
Co-authored-by: muppeth <muppeth@disroot.org>
Co-committed-by: muppeth <muppeth@disroot.org>
2023-11-28 20:14:24 +00:00
776d8682ea bump to 1.20.5-0 (#37)
Reviewed-on: #37
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
Co-authored-by: meaz <meaz@disroot.org>
Co-committed-by: meaz <meaz@disroot.org>
2023-10-31 07:22:48 +00:00
17d93c2341 add incoming emails (#36)
Reviewed-on: #36
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
Co-authored-by: meaz <meaz@disroot.org>
Co-committed-by: meaz <meaz@disroot.org>
2023-10-03 14:24:20 +00:00
c0a39a213b v1.20.4 (#35)
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: #35
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
2023-09-15 13:27:27 +00:00
745d5740d0 add FORGEJO_WORK_DIR when running forgejo (#34)
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: #34
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
2023-09-10 05:58:45 +00:00
a5c2c1b890 1.19.4-0 (#33)
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: #33
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
2023-09-06 18:33:34 +00:00
cf9fdd51b3 upgrade to 1.19.4-0 (#32)
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: #32
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
2023-07-11 09:33:48 +00:00
53e11a8b98 change from gitea to forgejo (#31)
I just haven't changed the path

Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: #31
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
2023-05-16 12:32:34 +00:00
35bdc8f062 clone repo as git user (#30)
and fix missing css folder

Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: Disroot-Ansible/gitea#30
2023-05-06 04:52:52 +00:00
170bc3dcf2 update to 19.0-2 and fix issue on vagrant (#29)
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: Disroot-Ansible/gitea#29
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
2023-04-04 19:09:40 +00:00
52b136833b add themes and external renderers (#27)
I completely rewrote the way we deploy themes because the way I did it before couldn't work for other repos than the forgejo-beetroot theme repo.

I've checked lots of differents gitea theme repos, and they're all set differently. So now, this role clones repos, check if they're css files in them, copy those files in the right place and update the app.ini THEMES var. I've tried it with 10-15 different repos, it works with all of them.

Co-authored-by: meaz <meaz@disroot.org>
Co-authored-by: muppeth <muppeth@disroot.org>
Reviewed-on: Disroot-Ansible/gitea#27
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
2023-02-24 05:56:42 +00:00
3359b9de89 remove mention of beetroot for theme (#26)
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: Disroot-Ansible/gitea#26
2023-02-22 10:05:53 +00:00
35276dc6f3 gitea_custom_theme (#24)
Allows the possibility to deploy custom theme with forgejo. You can test it with this https://git.disroot.org/Disroot-themes/forgejo-beetroot for example.

Co-authored-by: meaz <meaz@disroot.org>
Co-authored-by: muppeth <muppeth@disroot.org>
Reviewed-on: Disroot-Ansible/gitea#24
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
2023-02-21 12:58:30 +00:00
b33011ed8c bump to 1.18.3-2 (#25)
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: Disroot-Ansible/gitea#25
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
2023-02-21 12:57:39 +00:00
a3f9c2efc1 update to 1.18.3-0 (#23)
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: Disroot-Ansible/gitea#23
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
2023-02-07 19:47:35 +00:00
2558786ef3 add possibility to choose between forgejo or gitea (#22)
Co-authored-by: meaz <meaz@disroot.org>
Co-authored-by: muppeth <muppeth@disroot.org>
Reviewed-on: Disroot-Ansible/gitea#22
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
Co-authored-by: meaz <meaz@no-reply@disroot.org>
Co-committed-by: meaz <meaz@no-reply@disroot.org>
2023-01-24 08:45:17 +00:00
9862d76824 change include to include_tasks (#21)
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: Disroot-Ansible/gitea#21
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
2023-01-17 20:22:30 +00:00
4dff6e75bd bump to 1.18.0 (#20)
Co-authored-by: meaz <meaz@disroot.org>
Co-authored-by: muppeth <muppeth@disroot.org>
Reviewed-on: Disroot-Ansible/gitea#20
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
2023-01-17 13:28:43 +00:00
75d7138c82 update to 1.17.3 (#19)
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: Disroot-Ansible/gitea#19
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
2022-11-08 19:42:31 +00:00
d50021d9f2 upgrade to 1.17.2 and fix error on vagrant (#18)
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: Disroot-Ansible/gitea#18
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
2022-09-27 19:25:26 +00:00
c291788219 Bump to 1.17.1 + couple of fixes for vagrant (#17)
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: Disroot-Ansible/gitea#17
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
2022-09-06 14:55:03 +00:00
7b9e2bcc04 Merge pull request 'bump version to 1.16.8' (#16) from 1.16.8 into main
Reviewed-on: Disroot-Ansible/gitea#16
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
2022-06-21 04:19:46 +00:00
0a9f425857
bump version to 1.16.8 2022-06-12 08:11:05 +02:00
18 changed files with 735 additions and 272 deletions

6
.ansible-lint Normal file
View file

@ -0,0 +1,6 @@
skip_list:
- fqcn-builtins
- fqcn[action]
- fqcn[action-core]
- fqcn[canonical]
- name[casing]

60
Playbooks/forgejo.yml Normal file
View file

@ -0,0 +1,60 @@
---
- name: 'Create backup directories'
hosts: forgejo
tasks:
- name: '[BACKUP] - Create backup dir'
file:
path: '{{ forgejo_dump_path }}'
state: directory
mode: '0775'
- name: '[BACKUP] - Create db backup dir'
file:
path: '{{ forgejo_dump_path }}/db'
state: directory
mode: '0755'
- name: '[BACKUP] - Create code backup dir'
file:
path: '{{ forgejo_dump_path }}/code'
state: directory
owner: '{{ forgejo_user }}'
mode: '0755'
- name: 'Create db backup for forgejo'
hosts: forgejo
tasks:
- name: '[BACKUP] - Run db backup for forgejo'
shell:
cmd: 'sudo -u postgres pg_dump {{ forgejo_db_name }} | gzip -c > {{ forgejo_dump_path }}/db/{{ forgejo_db_name }}-{{ ansible_date_time.iso8601_basic_short }}.sql.gz'
- name: '[BACKUP] - Remove all but two latest backup files'
shell:
cmd: 'ls -t |tail -n +3 | xargs --no-run-if-empty rm'
chdir: '{{ forgejo_dump_path }}/db'
vars_files:
- ../defaults/main.yml
- name: 'Make backup of forgejo'
hosts: 'forgejo'
tasks:
- name: '[BACKUP] - Remove all but two latest backup files'
shell:
cmd: 'ls -t |tail -n +2 | xargs --no-run-if-empty rm'
chdir: '{{ forgejo_dump_path }}/code'
- name: '[BACKUP] - Make backup of forgejo'
shell:
cmd: 'sudo -u {{ forgejo_user }} {{ forgejo_bindir }}/forgejo dump -c {{ forgejo_confdir }}'
chdir: '{{ forgejo_dump_path}}/code'
vars_files:
- ../defaults/main.yml
- name: 'Run Forgejo role'
hosts: forgejo
roles:
- postgresql
- forgejo
vars_files:
- ../defaults/main.yml
vars:
- ansible_python_interpreter: '/usr/bin/python3'

View file

@ -1,9 +0,0 @@
---
- hosts: gitea
roles:
- postgresql
- gitea
vars_files:
- ../defaults/main.yml

View file

@ -1,14 +1,35 @@
# Gitea - Ansible Role
# Forgejo - Ansible Role
This role covers deployment, configuration and software updates of Gitea. This role is released under MIT Licence and we give no warranty for this piece of software. Currently supported OS - Debian.
This role covers deployment, configuration and software updates of Forgejo. This role is released under MIT Licence and we give no warranty for this piece of software. Currently supported OS - Debian.
You can deploy test instance using `Vagrantfile` attached to the role.
`vagrant up`
`ansible-playbook -b Playbooks/gitea.yml`
`ansible-playbook -b Playbooks/forgejo.yml`
Then you can then access gitea from your computer on `http://192.168.33.14:3000`
Then you can then access forgejo from your computer on `http://192.168.33.14:3000`
The first user you create becomes the admin.
# Gitea or Forgejo
This role allows for deployment of gitea and forgejo. By default the role deploys forgejo and this is the flavor that is supported and maintained. Installing Gitea using the role is possible however starting from version 1.18.2 is no longer maintained by Disroot team.
To switch to gitea, update following variables in your Playbook/host_vars:
```
forgejo_flavour: 'gitea'
forgejo_version: '1.18.2'
forgejo_arch: 'linux-amd64'
forgejo_download_url: 'https://github.com/go-gitea/gitea/releases/download/v{{ forgejo_version }}/gitea-{{ forgejo_version }}-{{ forgejo_arch }}'
```
## Playbook
The playbook includes postgresql role and deploys entire stack needed to run Gitea. Additional roles are also available in the Ansible roles repos in git.
The playbook includes postgresql role and deploys entire stack needed to run Forgejo. Additional roles are also available in the Ansible roles repos in git.
## Customization
You can deploy custom themes with this role. To do so, uncomment `forgejo_theme_dir` and `forgejo_custom_themes` from `defaults/main.yml`. Add the theme repos' address and name there, enable them and then deploy with `ansible-playbook -b Playbooks/forgejo.yml --tags theme`.
You can also add you own images like favicon, icons, etc. See https://forgejo.org/docs/v1.21/developer/customization/ to see how to prepare your images.
Then, copy them in the `img` folder of this role and uncomment `forgejo_extra_files_path` and `forgejo_theme_dir` from `defaults/main.yml`. You can then deploy with `ansible-playbook -b Playbooks/forgejo.yml --tags config`.
For more information about customizaton, check https://forgejo.org/docs/v1.21/developer/customization/

14
Vagrantfile vendored
View file

@ -7,14 +7,14 @@
# you're doing.
Vagrant.configure("2") do |config|
#config.ssh.insert_key = false
config.vm.define "gitea" do |gitea|
gitea.vm.box = "generic/debian11"
gitea.vm.provider :libvirt do |libvirt|
config.vm.define "forgejo" do |forgejo|
forgejo.vm.box = "generic/debian12"
forgejo.vm.provider :libvirt do |libvirt|
libvirt.memory = 256
end
gitea.vm.network "forwarded_port", guest: 80, host: 8888, host_ip: "192.168.33.14"
gitea.vm.network "forwarded_port", guest: 443, host: 4443, host_ip: "192.168.33.14"
gitea.vm.network "private_network", ip: "192.168.33.14"
forgejo.vm.network "forwarded_port", guest: 80, host: 8888, host_ip: "192.168.33.14"
forgejo.vm.network "forwarded_port", guest: 443, host: 4443, host_ip: "192.168.33.14"
forgejo.vm.network "private_network", ip: "192.168.33.14"
config.vm.provision "shell", inline: "apt install acl"
end
end

View file

@ -1,67 +1,89 @@
---
gitea_bindir: "/usr/local/bin/gitea"
gitea_lib_dir: "/var/lib/gitea"
gitea_user: 'git'
gitea_group: 'git'
gitea_confdir: '/etc/gitea/app.ini'
gitea_version: '1.16.6'
forgejo_bindir: "/usr/local/bin/forgejo"
forgejo_lib_dir: "/var/lib/forgejo"
forgejo_user: 'git'
forgejo_group: 'git'
forgejo_confdir: '/etc/forgejo/app.ini'
forgejo_dump_path: '/srv/forgejo-dump'
forgejo_flavor: 'forgejo'
forgejo_version: '9.0.2'
forgejo_arch: 'linux-amd64'
forgejo_download_url: 'https://codeberg.org/forgejo/forgejo/releases/download/v{{ forgejo_version }}/forgejo-{{ forgejo_version }}-{{ forgejo_arch }}'
# Uncomment below if you want to add custom themes or images
# forgejo_extra_files_path: '../img' # the folder name where you have the images you want to deploy
forgejo_theme_dir: '{{ forgejo_lib_dir }}/custom'
# forgejo_custom_themes:
# - name: '' # add name of the theme
# repo: '' # add git repository of the theme
# version: '' # add git branch
# enable: 'true' # set it to false to remove it
#[CONFIG]
# [CONFIG]
# App.ini file variables
gitea_base_config:
- 'APP_NAME = Gitea: Git with a cup of tea'
forgejo_base_config:
- 'APP_NAME = Forgejo: Beyond coding. We forge.'
- 'RUN_USER = git'
- 'RUN_MODE = prod'
- 'WORK_PATH = {{ forgejo_lib_dir }}'
gitea_oauth2_config:
- 'JWT_SECRET = ' #41 random chars
forgejo_oauth2_config:
- 'JWT_SECRET = ' # 41 random chars
gitea_ui_config:
- 'DEFAULT_THEME = arc-green'
forgejo_oauth2_client_config:
- 'ENABLE_AUTO_REGISTRATION = false'
- 'REGISTER_EMAIL_CONFIRM = false'
- 'ACCOUNT_LINKING = login'
- 'UPDATE_AVATAR = false'
gitea_security_config:
- 'INTERNAL_TOKEN = ' #106 random chars
forgejo_ui_config:
- 'THEMES = gitea-auto,gitea-light,gitea-dark,forgejo-auto,forgejo-light,forgejo-dark' # add only the default ones, not themes ones
- 'DEFAULT_THEME = gitea-dark'
forgejo_security_config:
- 'INTERNAL_TOKEN = ' # 106 random chars
- 'INSTALL_LOCK = true'
- 'SECRET_KEY = ' #64 random chars
- 'SECRET_KEY = ' # 64 random chars
gitea_database_config:
forgejo_database_config:
- 'DB_TYPE = postgres'
- 'HOST = localhost:5432'
- 'NAME = gitea'
- 'NAME = forgejo'
- 'USER = admin'
- 'PASSWD = changeme'
- 'SSL_MODE = disable'
- 'PATH = /home/git/data/gitea.db'
gitea_repository_config:
- 'ROOT = /home/git/gitea-repositories'
forgejo_repository_config:
- 'ROOT = {{ forgejo_lib_dir }}/gitea-repositories'
gitea_server_config:
forgejo_server_config:
- 'SSH_DOMAIN = git.example.org'
- 'DOMAIN = git.example.org'
- 'DOMAIN = 192.168.33.14'
- 'HTTP_PORT = 3000'
- 'ROOT_URL = https://git.example.org'
- 'ROOT_URL = http://192.168.33.14:3000'
- 'DISABLE_SSH = false'
- 'SSH_PORT = 22'
- 'LFS_START_SERVER = true'
- 'LFS_CONTENT_PATH = /home/git/data/lfs'
- 'LFS_JWT_SECRET = ' #40 random chars
- 'LFS_JWT_SECRET = ' # 40 random chars
- 'OFFLINE_MODE = false'
- 'APP_DATA_PATH = {{ forgejo_lib_dir }}/data/'
gitea_mailer_config:
forgejo_lfs_config:
- 'PATH = /home/git/data/lfs'
forgejo_mailer_config:
- 'ENABLED = true'
- 'HOST = mail.example.org:587'
- 'SMTP_ADDR = mail.example.org'
- 'SMTP_PORT = 587'
- 'FROM = noreply@example.org'
- 'USER = noreply@example.org'
- 'PASSWD = CHANGEME' #PASSWD
- 'IS_TLS_ENABLED = true'
- 'PASSWD = CHANGEME' # PASSWORD
- 'PROTOCOL = smtp+starttls'
gitea_service_config:
- 'REGISTER_EMAIL_CONFIRM = true'
- 'ENABLE_NOTIFY_MAIL = true'
forgejo_service_config:
- 'REGISTER_EMAIL_CONFIRM = false'
- 'ENABLE_NOTIFY_MAIL = false'
- 'DISABLE_REGISTRATION = false'
- 'ALLOW_ONLY_EXTERNAL_REGISTRATION = false'
- 'ENABLE_CAPTCHA = false'
@ -71,56 +93,89 @@ gitea_service_config:
- 'DEFAULT_ENABLE_TIMETRACKING = true'
- 'NO_REPLY_ADDRESS = noreply@example.org'
gitea_mirror_config:
forgejo_mirror_config:
- 'ENABLED = true'
gitea_picture_config:
forgejo_picture_config:
- 'DISABLE_GRAVATAR = true'
- 'ENABLE_FEDERATED_AVATAR = true'
gitea_openid_config:
forgejo_openid_config:
- 'ENABLE_OPENID_SIGNIN = false'
- 'ENABLE_OPENID_SIGNUP = false'
gitea_session_config:
forgejo_session_config:
- 'PROVIDER = file'
gitea_log_config:
forgejo_log_config:
- 'MODE = file'
- 'LEVEL = Info'
- 'ROOT_PATH = /home/git/log'
# External renderers
# See https://docs.gitea.io/en-us/external-renderers/
forgejo_markup_config:
- name: 'asciidoc'
apt: 'asciidoc'
enable: 'false'
- name: 'jupyter'
apt: 'jupyter'
enable: 'false'
- name: 'html'
apt: ''
enable: 'false'
#apt
gitea_apt_list:
# Incoming emails
# See https://forgejo.org/docs/latest/admin/incoming-email/
forgejo_email_incoming:
- 'ENABLED = true'
- 'REPLY_TO_ADDRESS = incoming+%{token}@example.org'
- 'HOST = example.org'
- 'PORT = 993'
- 'USERNAME = incoming'
- 'PASSWORD = changeme'
- 'USE_TLS = true'
- 'MAILBOX = INBOX'
- 'DELETE_HANDLED_MESSAGE = true'
- 'MAXIMUM_MESSAGE_SIZE = 0'
# Systemd
# forgejo_dbservice: 'postgresql.service' # uncomment to enable this. You can cnange to mysql, mariadb, redis, memcached
# forgejo_websocket: 'true' # uncomment to enable this
# forgejo_limitnofile: '524288:524288' # Uncomment if you have repos with lots of files and get a HTTP 500 error because of that
# forgejo_custom_path: 'Environment=PATH={{ forgejo_custom_path }}:/bin:/sbin:/usr/bin:/usr/sbin' # Uncomment if you install Git to directory prefix other than default PATH and add that prefix to PATH
# forgejo_cap_net_bind_service: 'CAP_NET_BIND_SERVICE' # Uncomment if you want to bind Forgejo to a port below 1024, or use socket activation to pass Forgejo its ports as above
# forgejo_privateusers: 'false' # Uncomment, when using forgejo_cap_net_bind_service option, to allow capabilities to be applied on Forgejo process. If set to true sandboxes Forgejo service and prevent any processes from running with privileges in the host user namespace
# apt
forgejo_apt_list:
- git
# POSTGRES
postgresql_version: 12
postgresql_version: 15
postgresql_listen_addresses:
- "127.0.0.1"
- "127.0.0.1"
postgresql_pg_hba_default:
- { type: local, database: all, user: '{{ postgresql_admin_user }}', address: '', method: '{{ postgresql_default_auth_method }}', comment: '' }
- { type: local, database: all, user: all, address: '', method: '{{ postgresql_default_auth_method }}', comment: '"local" is for Unix domain socket connections only' }
- { type: host, database: all, user: all, address: '127.0.0.1/32', method: '{{ postgresql_default_auth_method_hosts }}', comment: 'IPv4 local connections:' }
- { type: local, database: all, user: '{{ postgresql_admin_user }}', address: '', method: '{{ postgresql_default_auth_method }}', comment: ''}
- { type: local, database: all, user: all, address: '', method: '{{ postgresql_default_auth_method }}', comment: '"local" is for Unix domain socket connections only'}
- { type: host, database: all, user: all, address: '127.0.0.1/32', method: '{{ postgresql_default_auth_method_hosts }}', comment: 'IPv4 local connections:'}
postgresql_databases:
- name: gitea
owner: admin # optional; specify the owner of the database
hstore: no # flag to install the hstore extension on this database (yes/no)
uuid_ossp: no # flag to install the uuid-ossp extension on this database (yes/no)
citext: no # flag to install the citext extension on this database (yes/no)
- name: 'forgejo'
owner: 'admin' # optional; specify the owner of the database
hstore: 'no' # flag to install the hstore extension on this database (yes/no)
uuid_ossp: 'no' # flag to install the uuid-ossp extension on this database (yes/no)
citext: 'no' # flag to install the citext extension on this database (yes/no)
postgresql_users:
- name: admin
pass: changeme
encrypted: yes # denotes if the password is already encrypted.
- name: 'admin'
pass: 'changeme'
encrypted: 'yes' # denotes if the password is already encrypted.
postgresql_user_privileges:
- name: admin # user name
db: gitea # database
priv: "ALL" # privilege string format: example: INSERT,UPDATE/table:SELECT/anothertable:ALL
role_attr_flags: "" # role attribute flags
- name: 'admin' # user name
db: 'forgejo' # database
priv: 'ALL' # privilege string format: example: INSERT,UPDATE/table:SELECT/anothertable:ALL
role_attr_flags: '' # role attribute flags

View file

@ -1,6 +1,11 @@
---
- name: 'Restart gitea'
- name: 'Restart forgejo'
systemd:
name: gitea
state: restarted
name: 'forgejo'
state: 'restarted'
- name: 'Stop forgejo'
systemd:
name: 'forgejo'
state: 'stopped'

View file

@ -2,27 +2,27 @@
- name: '[DIR] - Create bin dir'
file:
path: '{{ gitea_bindir }}'
state: directory
owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
path: '{{ forgejo_bindir }}'
state: 'directory'
owner: '{{ forgejo_user }}'
group: '{{ forgejo_group }}'
mode: '0750'
- name: '[DIR] - Create lib dir'
file:
path: '{{ gitea_lib_dir }}'
state: directory
path: '{{ forgejo_lib_dir }}'
state: 'directory'
mode: '0750'
owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
owner: '{{ forgejo_user }}'
group: '{{ forgejo_group }}'
- name: '[DIR] - Create lib dirs'
file:
path: "{{ gitea_lib_dir }}/{{ item }}"
state: directory
path: '{{ forgejo_lib_dir }}/{{ item }}'
state: 'directory'
mode: '0750'
owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
owner: '{{ forgejo_user }}'
group: '{{ forgejo_group }}'
with_items:
- 'custom'
- 'data'
@ -30,15 +30,62 @@
- name: '[DIR] - Create etc dir'
file:
path: /etc/gitea
state: directory
path: '/etc/forgejo'
state: 'directory'
mode: '0770'
owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
owner: '{{ forgejo_user }}'
group: '{{ forgejo_group }}'
- name: '[CONF] - Deploy gitea config'
- name: '[CONF] - Deploy forgejo config'
template:
src: etc/gitea/app.ini.j2
dest: "{{ gitea_confdir }}"
owner: "{{ gitea_user }}"
group: "{{ gitea_group }}"
src: 'etc/forgejo/app.ini.j2'
dest: '{{ forgejo_confdir }}'
owner: '{{ forgejo_user }}'
group: '{{ forgejo_group }}'
mode: '0744'
notify:
- 'Restart forgejo'
tags:
- 'config'
- name: '[CONF] - Create assets dir'
file:
path: '{{ forgejo_theme_dir }}/public/assets/'
state: 'directory'
owner: '{{ forgejo_user }}'
group: '{{ forgejo_group }}'
mode: '0744'
when: forgejo_extra_files_path is defined
tags:
- 'config'
- name: '[CONF] - Create img folder'
file:
path: '{{ forgejo_theme_dir }}/public/assets/img/'
state: 'directory'
owner: '{{ forgejo_user }}'
group: '{{ forgejo_group }}'
mode: '0744'
when: forgejo_extra_files_path is defined
tags:
- 'config'
- name: '[CONF] - Deploy img folder'
copy:
src: '{{ forgejo_extra_files_path }}/'
dest: '{{ forgejo_theme_dir }}/public/assets/img/'
owner: '{{ forgejo_user }}'
group: '{{ forgejo_group }}'
mode: '0744'
when: forgejo_extra_files_path is defined
tags:
- 'config'
- name: '[CONF] - Install dependencies for renderers'
apt:
name: '{{ item.apt }}'
update_cache: true
loop: '{{ forgejo_markup_config }}'
when: item.enable == 'true' and item.apt != ''
tags:
- 'config'

91
tasks/custom_themes.yml Normal file
View file

@ -0,0 +1,91 @@
---
- name: '[THEME] - Create css dir'
file:
path: '{{ forgejo_theme_dir }}/public/assets/css'
state: 'directory'
owner: '{{ forgejo_user }}'
group: '{{ forgejo_group }}'
mode: '0744'
tags:
- 'theme'
# First, remove the css files from public folder, then theme repos
- name: '[THEME] - Remove css files from the css folder'
command:
cmd: bash -c 'find "{{ forgejo_theme_dir }}/{{ item.name }}" -type f -name "*.css" -printf "%f\n" | xargs -I{} rm public/assets/css/{}'
# find "{{ forgejo_theme_dir }}/{{ item.name }}" -type f -name "*.css" -printf "%f\n" | xargs -I{} rm public/assets/css/{}
chdir: '{{ forgejo_theme_dir }}'
loop: '{{ forgejo_custom_themes }}'
when: item.enable == 'false'
tags:
- 'theme'
- name: '[THEME] - Remove theme repo'
file:
path: '{{ forgejo_theme_dir }}/{{ item.name }}'
state: 'absent'
owner: '{{ forgejo_user }}'
group: '{{ forgejo_group }}'
loop: '{{ forgejo_custom_themes }}'
when: item.enable == 'false'
tags:
- 'theme'
# Second, get theme repos and deploy css files in public folder
- name: '[THEME] - Get repo'
git:
repo: '{{ item.repo }}'
dest: '{{ forgejo_theme_dir }}/{{ item.name }}'
version: '{{ item.version }}'
force: true
loop: '{{ forgejo_custom_themes }}'
when: item.enable == 'true'
become: true
become_user: '{{ forgejo_user }}'
tags:
- 'theme'
- name: '[THEME] - Find css files from different repos'
find:
paths: '{{ forgejo_theme_dir }}'
patterns: ".*(?<!\\.min)\\.css$"
recurse: true
use_regex: true
register: 'css_files'
tags:
- 'theme'
- name: '[THEME] - Copy css files to the public folder'
copy:
src: '{{ item.path }}'
dest: '{{ forgejo_theme_dir }}/public/assets/css/'
remote_src: true
force: true
mode: '0644'
with_items: '{{ css_files.files }}'
when: "'/public/' not in item.path"
become: true
become_user: '{{ forgejo_user }}'
tags:
- 'theme'
# Lastly, update app.ini by adding the theme's name list.
- name: '[THEME] - Get and prepare a list for app.ini of css files in public folder, register it'
command:
cmd: bash -c "ls '{{ forgejo_theme_dir }}/public/assets/css' | awk '{ if ($0 ~ /^theme-/) { gsub(/^theme-/, \"\", $0) }; gsub(/.css$/, \"\", $0); print }' | paste -s -d,"
chdir: "{{ forgejo_theme_dir }}"
register: 'theme_name'
tags:
- 'theme'
- name: '[THEME] - Add list of themes in app.ini'
lineinfile:
path: '{{ forgejo_confdir }}'
regexp: '^THEMES'
line: '{{ forgejo_ui_config[0] }},{{ theme_name.stdout }}'
notify:
- 'Restart forgejo'
tags:
- 'theme'

View file

@ -1,28 +0,0 @@
---
- name: '[INSTALL] - Install dependencies'
apt:
name: "{{ gitea_apt_list }}"
update_cache: yes
- name: '[INSTALL] - Download gitea binary'
get_url:
url: 'https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64'
dest: '{{ gitea_bindir }}/gitea'
mode: '0750'
owner: '{{ gitea_user }}'
group: '{{ gitea_group }}'
force: 'yes'
notify: 'Restart gitea'
- name: '[INSTALL] - Set rights to read-only'
file:
path: '/etc/gitea'
mode: '0750'
- name: '[INSTALL] - Set rights to read-only'
file:
path: '/etc/gitea/app.ini'
mode: '0640'

103
tasks/install_upgrade.yml Normal file
View file

@ -0,0 +1,103 @@
---
- name: '[INSTALL] - Install dependencies'
apt:
name: '{{ forgejo_apt_list }}'
update_cache: true
- name: '[INSTALL] - Check if forgejo is already installed'
shell:
cmd: '{{ forgejo_bindir }}/forgejo --version -c {{ forgejo_confdir }}'
register: 'forgejo_is_installed'
ignore_errors: true # needed when forgejo is not yet installed
# The following task is needed for the doctor check task, as `gitea-repositories` needs to exist,
# but is created only when the first user creates a repo # so doctor gives an error on first installation
# and on other installation if no user has created any repo yet.
# It also allows to make sure forgejo was installed and used.
- name: '[INSTALL] - Check gitea-repositories exists'
stat:
path: '{{ forgejo_lib_dir }}/gitea-repositories'
register: 'gitea_repositories'
- name: '[UPGRADE] - Check forgejo health with doctor before updating'
shell:
cmd: '{{ forgejo_bindir }}/forgejo doctor check --all -c {{ forgejo_confdir }}'
become: true
become_user: '{{ forgejo_user }}'
register: 'forgejo_health'
when:
- forgejo_is_installed.rc == 0
- gitea_repositories.stat.exists
- name: '[UPGRADE] - Restart forgejo'
systemd:
name: 'forgejo'
state: 'restarted'
when:
- forgejo_is_installed.rc == 0
- forgejo_health is defined and forgejo_health.rc is defined and forgejo_health.rc == 0
- name: '[UPGRADE] - Wait for forgejo to be back online'
pause:
seconds: 10
when:
- forgejo_is_installed.rc == 0
- forgejo_health is defined and forgejo_health.rc is defined and forgejo_health.rc == 0
- name: '[UPGRADE] - Flush all queues'
shell:
cmd: '{{ forgejo_bindir }}/forgejo manager flush-queues -c {{ forgejo_confdir }}'
become: true
become_user: '{{ forgejo_user }}'
when:
- forgejo_is_installed.rc == 0
- forgejo_health is defined and forgejo_health.rc is defined and forgejo_health.rc == 0
- name: '[UPGRADE] - Stop forgejo'
systemd:
name: 'forgejo'
state: 'stopped'
when:
- forgejo_is_installed.rc == 0
- forgejo_health is defined and forgejo_health.rc is defined and forgejo_health.rc == 0
- name: '[INSTALL] - Download forgejo binary'
get_url:
url: '{{ forgejo_download_url }}'
dest: '{{ forgejo_bindir }}/forgejo'
mode: '0750'
owner: '{{ forgejo_user }}'
group: '{{ forgejo_group }}'
force: true
notify:
- 'Restart forgejo'
- name: '[INSTALL] - Set /etc/forgejo rights to read-only'
file:
path: '/etc/forgejo'
mode: '0750'
- name: '[INSTALL] - Set app.ini rights to read-only'
file:
path: '/etc/forgejo/app.ini'
mode: '0640'
- name: '[UPGRADE] - Check forgejo health after upgrading'
command:
cmd: '{{ forgejo_bindir }}/forgejo doctor check --all -c {{ forgejo_confdir }}'
become: true
become_user: '{{ forgejo_user }}'
register: 'forgejo_health'
when:
- forgejo_is_installed.rc == 0
- gitea_repositories.stat.exists
- name: '[UPGRADE] - Display problem message'
fail:
msg: 'Forgejo doctor detected issues after upgrade task. Please check the instance manually and fix issues before continuing'
when:
- forgejo_is_installed.rc == 0
- forgejo_health is defined and forgejo_health.rc is defined and forgejo_health.rc != 0
notify:
- 'Stop forgejo'

View file

@ -1,13 +1,21 @@
---
- name: "[GITEA]- Create user"
include: user.yml
- name: '[FORGEJO]- Create user'
include_tasks: 'user.yml'
- name: "[GITEA] - configure"
include: configure.yml
- name: '[FORGEJO] - configure'
include_tasks: 'configure.yml'
tags:
- 'config'
- name: "[GITEA] - systemd"
include: systemd.yml
- name: '[FORGEJO] - install or upgrade'
include_tasks: 'install_upgrade.yml'
- name: "[GITEA] - install"
include: install.yml
- name: '[FORGEJO] - theme'
include_tasks: 'custom_themes.yml'
when: forgejo_custom_themes is defined
tags:
- 'theme'
- name: '[FORGEJO] - systemd'
include_tasks: 'systemd.yml'

View file

@ -2,23 +2,24 @@
- name: '[SYSTEMD] - Deploy Systemd config'
template:
src: etc/systemd/system/gitea.service.j2
dest: /etc/systemd/system/gitea.service
owner: root
group: root
mode: 0644
register: gitea_systemd
src: 'etc/systemd/system/forgejo.service.j2'
dest: '/etc/systemd/system/forgejo.service'
owner: 'root'
group: 'root'
mode: '0644'
register: 'forgejo_systemd'
- name: '[SYSTEMD] - Enable systemd'
systemd:
name: gitea
enabled: yes
state: started
daemon_reload: yes
notify: Restart gitea
name: 'forgejo'
enabled: true
state: 'started'
daemon_reload: true
notify:
- 'Restart forgejo'
- name: "[SYSTEMD] - Daemon-reload"
- name: '[SYSTEMD] - Daemon-reload'
systemd:
daemon_reload: yes
name: gitea
when: gitea_systemd.changed
daemon_reload: true
name: 'forgejo'
when: forgejo_systemd.changed

View file

@ -1,12 +1,12 @@
---
- name: Add group
- name: '[User] - Add group'
group:
name: '{{ gitea_group }}'
state: present
name: '{{ forgejo_group }}'
state: 'present'
- name: Add user
- name: '[User] - Add user'
user:
name: '{{ gitea_user }}'
shell: /bin/bash
group: '{{ gitea_group }}'
name: '{{ forgejo_user }}'
shell: '/bin/bash'
group: '{{ forgejo_group }}'

View file

@ -0,0 +1,115 @@
# {{ ansible_managed }}
{% for item in forgejo_base_config %}
{{ item }}
{% endfor %}
[oauth2]
{% for item in forgejo_oauth2_config %}
{{ item }}
{% endfor %}
[oauth2_client]
{% for item in forgejo_oauth2_client_config %}
{{ item }}
{% endfor %}
[ui]
{% for item in forgejo_ui_config %}
{{ item }}
{% endfor %}
[security]
{% for item in forgejo_security_config %}
{{ item }}
{% endfor %}
[database]
{% for item in forgejo_database_config %}
{{ item }}
{% endfor %}
[repository]
{% for item in forgejo_repository_config %}
{{ item }}
{% endfor %}
[server]
{% for item in forgejo_server_config %}
{{ item }}
{% endfor %}
[lfs]
{% for item in forgejo_lfs_config %}
{{ item }}
{% endfor %}
[mailer]
{% for item in forgejo_mailer_config %}
{{ item }}
{% endfor %}
[service]
{% for item in forgejo_service_config %}
{{ item }}
{% endfor %}
[mirror]
{% for item in forgejo_mirror_config %}
{{ item }}
{% endfor %}
[picture]
{% for item in forgejo_picture_config %}
{{ item }}
{% endfor %}
[openid]
{% for item in forgejo_openid_config %}
{{ item }}
{% endfor %}
[session]
{% for item in forgejo_session_config %}
{{ item }}
{% endfor %}
[log]
{% for item in forgejo_log_config %}
{{ item }}
{% endfor %}
[markup]
{% for item in forgejo_markup_config %}
{% if item.name == 'asciidoc' and item.enable == 'true' %}
[markup.asciidoc]
ENABLED = true
NEED_POSTPROCESS = true
FILE_EXTENSIONS = .adoc,.asciidoc
RENDER_COMMAND = "asciidoctor -s -a showtitle --out-file=- -"
IS_INPUT_FILE = false
RENDER_CONTENT_MODE = sanitized
{% endif %}
{% if item.name == 'jupyter' and item.enable == 'true' %}
[markup.jupyter]
ENABLED = true
FILE_EXTENSIONS = .ipynb
RENDER_COMMAND = "jupyter nbconvert --stdin --stdout --to html --template basic"
IS_INPUT_FILE = false
RENDER_CONTENT_MODE = sanitized
{% endif %}
{% if item.name == 'html' and item.enable == 'true' %}
[markup.html]
ENABLED = true
FILE_EXTENSIONS = .html,.htm
RENDER_COMMAND = cat
IS_INPUT_FILE = true
RENDER_CONTENT_MODE = sanitized
{% endif %}
{% endfor %}
[email.incoming]
{% for item in forgejo_email_incoming %}
{{ item }}
{% endfor %}

View file

@ -1,75 +0,0 @@
# {{ ansible_managed }}
{% for item in gitea_base_config %}
{{ item }}
{% endfor %}
[oauth2]
{% for item in gitea_oauth2_config %}
{{ item }}
{% endfor %}
[ui]
{% for item in gitea_ui_config %}
{{ item }}
{% endfor %}
[security]
{% for item in gitea_security_config %}
{{ item }}
{% endfor %}
[database]
{% for item in gitea_database_config %}
{{ item }}
{% endfor %}
[repository]
{% for item in gitea_repository_config %}
{{ item }}
{% endfor %}
[server]
{% for item in gitea_server_config %}
{{ item }}
{% endfor %}
[mailer]
{% for item in gitea_mailer_config %}
{{ item }}
{% endfor %}
[service]
{% for item in gitea_service_config %}
{{ item }}
{% endfor %}
[mirror]
{% for item in gitea_mirror_config %}
{{ item }}
{% endfor %}
[picture]
{% for item in gitea_picture_config %}
{{ item }}
{% endfor %}
[openid]
{% for item in gitea_openid_config %}
{{ item }}
{% endfor %}
[session]
{% for item in gitea_session_config %}
{{ item }}
{% endfor %}
[log]
{% for item in gitea_log_config %}
{{ item }}
{% endfor %}

View file

@ -0,0 +1,97 @@
[Unit]
Description=Forgejo (Beyond coding. We forge.)
After=syslog.target
After=network.target
###
# Don't forget to add the database service dependencies
###
{% if forgejo_dbservice is defined %}
Wants={{ forgejo_dbservice }}
After={{ forgejo_dbservice }}
{% endif %}
###
# If using socket activation for main http/s
###
{% if forgejo_websocket is defined %}
After=forgejo.main.socket
Requires=forgejo.main.socket
###
# (You can also provide forgejo an http fallback and/or ssh socket too)
#
# An example of /etc/systemd/system/forgejo.main.socket
###
[Unit]
Description=Forgejo Web Socket
PartOf=forgejo.service
[Socket]
Service=forgejo.service
ListenStream=<some_port>
NoDelay=true
[Install]
WantedBy=sockets.target
{% endif %}
[Service]
# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
{% if forgejo_limitnofile is defined %}
LimitNOFILE={{ forgejo_limitnofile }}
{% else %}
# LimitNOFILE=524288:524288
{% endif %}
RestartSec=2s
Type=simple
User={{ forgejo_user }}
Group={{ forgejo_group }}
WorkingDirectory={{ forgejo_lib_dir }}
# If using Unix socket: tells systemd to create the /run/forgejo folder, which will contain the forgejo.sock file
# (manually creating /run/forgejo doesn't work, because it would not persist across reboots)
{% if forgejo_websocket is defined %}
RuntimeDirectory=forgejo
{% else %}
#RuntimeDirectory=forgejo
{% endif %}
ExecStart={{ forgejo_bindir }}/forgejo web -c {{ forgejo_confdir }}
Restart=always
RestartSec=3
Environment=USER={{ forgejo_user }} HOME=/home/{{ forgejo_user }} FORGEJO_WORK_DIR={{ forgejo_lib_dir }} FORGEJO_CUSTOM={{ forgejo_theme_dir }}
# If you install Git to directory prefix other than default PATH (which happens
# for example if you install other versions of Git side-to-side with
# distribution version), uncomment below line and add that prefix to PATH
# Don't forget to place git-lfs binary on the PATH below if you want to enable
# Git LFS support
{% if forgejo_custom_path is defined %}
Environment=PATH={{ forgejo_custom_path }}:/bin:/sbin:/usr/bin:/usr/sbin
{% else %}
#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
{% endif %}
# If you want to bind Forgejo to a port below 1024, uncomment
# the two values below, or use socket activation to pass Forgejo its ports as above
###
{% if forgejo_cap_net_bind_service is defined %}
CapabilityBoundingSet={{ forgejo_cap_net_bind_service }}
AmbientCapabilities={{ forgejo_cap_net_bind_service }}
{% else %}
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
{% endif %}
###
# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
# set the following value to false to allow capabilities to be applied on Forgejo process. The following
# value if set to true sandboxes Forgejo service and prevent any processes from running with privileges
# in the host user namespace.
###
{% if forgejo_privateusers is defined %}
PrivateUsers={{ forgejo_privateusers }}
{% else %}
#PrivateUsers=false
{% endif %}
###
[Install]
WantedBy=multi-user.target

View file

@ -1,34 +0,0 @@
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
#Requires=mysql.service
#Requires=mariadb.service
#Requires=postgresql.service
#Requires=memcached.service
#Requires=redis.service
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=2s
Type=simple
User={{ gitea_user }}
Group={{ gitea_group }}
WorkingDirectory=/var/lib/gitea/
ExecStart={{ gitea_bindir }}/gitea web -c {{ gitea_confdir }}
Restart=always
RestartSec=3
Environment=USER={{ gitea_user }} HOME=/home/{{ gitea_user }} GITEA_WORK_DIR=/var/lib/gitea
# If you want to bind Gitea to a port below 1024 uncomment
# the two values below
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target