lumin/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make forgejo role generic

Browse source
This commit is contained in:
Ivan R. 2024-11-11 15:09:10 +05:00
parent da696836a8
commit a62e5ae9c9
Signed by: lumin
GPG key ID: E0937DC7CD6D3817
5 changed files with 179 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
forgejo.yml
View file

@ -2,10 +2,15 @@
- hosts: webservers - hosts: webservers
roles: roles:
- role: forgejo - role: forgejo
postgresql_password: "{{ postgresql_users.forgejo }}" root_url: https://git.comfycamp.space
domain: git.comfycamp.space
db_password: "{{ postgresql_users.forgejo }}"
smtp_addr: comfycamp.space
smtp_user: forgejo@comfycamp.space
smtp_password: "{{ mail_users['forgejo@comfycamp.space'] }}" smtp_password: "{{ mail_users['forgejo@comfycamp.space'] }}"
oauth2_jwt_secret: "{{ forgejo_oauth2_jwt_secret }}" oauth2_jwt_secret: "{{ forgejo_oauth2_jwt_secret }}"
internal_token: "{{ forgejo_internal_token }}" internal_token: "{{ forgejo_internal_token }}"
secret_key: "{{ forgejo_secret_key }}" secret_key: "{{ forgejo_secret_key }}"
lfs_jwt_secret: "{{ forgejo_lfs_jwt_secret }}" lfs_jwt_secret: "{{ forgejo_lfs_jwt_secret }}"
minio_access_key_id: uTJp8KfKSETa1uYMZnSM
minio_secret_access_key: "{{ forgejo_minio_secret_access_key }}" minio_secret_access_key: "{{ forgejo_minio_secret_access_key }}"

92
roles/forgejo/meta/argument_specs.yml
View file

@ -2,24 +2,90 @@
argument_specs: argument_specs:
main: main:
options: options:
postgresql_password: user_uid:
type: "str" type: int
user_gid:
type: int
tag:
type: str
root_url:
type: str
required: true required: true
domain:
type: str
required: true
http_port:
type: int
start_ssh_server:
type: bool
ssh_port:
type: int
ssh_listen_port:
type: int
repositories_root:
type: str
run_user:
type: str
work_path:
type: str
db_type:
type: str
db_host:
type: str
db_name:
type: str
db_user:
type: str
db_password:
type: str
log_level:
type: str
log_root_path:
type: str
smtp_enabled:
type: bool
smtp_addr:
type: str
smtp_port:
type: int
smtp_user:
type: str
smtp_password: smtp_password:
type: "str" type: str
required: true install_lock:
oauth2_jwt_secret: type: bool
type: "str"
required: true
internal_token: internal_token:
type: "str" type: str
required: true required: true
secret_key: secret_key:
type: "str" type: str
required: true required: true
oauth2_jwt_secret:
type: str
required: true
lfs_start_server:
type: bool
lfs_jwt_secret: lfs_jwt_secret:
type: "str" type: str
required: true storage_type:
type: str
minio_endpoint:
type: str
minio_access_key_id:
type: str
minio_secret_access_key: minio_secret_access_key:
type: "str" type: str
required: true minio_bucket:
type: str
cache_adapter:
type: str
cache_host:
type: str
disable_registration:
type: bool
show_registration_button:
type: bool
cookie_name:
type: str
cookie_secure:
type: bool

12
roles/forgejo/tasks/main.yml
View file

@ -28,12 +28,12 @@
become: true become: true
community.docker.docker_container: community.docker.docker_container:
name: forgejo name: forgejo
image: codeberg.org/forgejo/forgejo:8.0.3 image: codeberg.org/forgejo/forgejo:{{ tag }}
env: env:
USER_UID: "1000" USER_UID: "{{ user_uid | string }}"
USER_GID: "1000" USER_GID: "{{ user_gid | string }}"
FORGEJO_WORK_DIR: "/data" FORGEJO_WORK_DIR: "{{ work_path }}"
FORGEJO_CUSTOM: "/data/custom" FORGEJO_CUSTOM: "{{ work_path }}/custom"
networks: networks:
- name: postgresql - name: postgresql
- name: forgejo - name: forgejo
@ -44,6 +44,6 @@
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
ports: ports:
- "8022:8022" - "{{ ssh_listen_port }}:{{ ssh_listen_port }}"
recreate: "{{ appini.changed }}" recreate: "{{ appini.changed }}"
restart_policy: unless-stopped restart_policy: unless-stopped

64
roles/forgejo/templates/app.ini.j2
View file

@ -1,62 +1,64 @@
[DEFAULT] [DEFAULT]
RUN_MODE=prod RUN_MODE=prod
RUN_USER=forgejo RUN_USER={{ run_user }}
WORK_PATH=/data WORK_PATH={{ work_path }}
[database] [database]
DB_TYPE=postgres DB_TYPE={{ db_type }}
HOST=postgresql:5432 HOST={{ db_host }}
NAME=forgejo NAME={{ db_name }}
USER=forgejo USER={{ db_user }}
PASSWD={{ postgresql_password }} PASSWD={{ db_password }}
[storage] [storage]
STORAGE_TYPE=minio STORAGE_TYPE={{ storage_type }}
MINIO_ENDPOINT=minio:9000 MINIO_ENDPOINT={{ minio_endpoint }}
MINIO_ACCESS_KEY_ID={{ minio_access_key_id }} MINIO_ACCESS_KEY_ID={{ minio_access_key_id }}
MINIO_SECRET_ACCESS_KEY={{ minio_secret_access_key }} MINIO_SECRET_ACCESS_KEY={{ minio_secret_access_key }}
MINIO_BUCKET=forgejo MINIO_BUCKET={{ minio_bucket }}
[log] [log]
LEVEL=warn LEVEL={{ log_level }}
ROOT_PATH=/data/log ROOT_PATH={{ log_root_path }}
[mailer] [mailer]
ENABLED=true ENABLED={{ smtp_enabled | string }}
SMTP_ADDR=comfycamp.space SMTP_ADDR={{ smtp_addr }}
SMTP_PORT=587 SMTP_PORT={{ smtp_port | string }}
USER=forgejo@comfycamp.space USER={{ smtp_user }}
PASSWD={{ smtp_password }} PASSWD={{ smtp_password }}
[oauth2] [oauth2]
JWT_SECRET={{ oauth2_jwt_secret }} JWT_SECRET={{ oauth2_jwt_secret }}
[repository] [repository]
ROOT=/data/repositories ROOT={{ repositories_root }}
[security] [security]
INSTALL_LOCK=true INSTALL_LOCK={{ install_lock | string }}
INTERNAL_TOKEN={{ internal_token }} INTERNAL_TOKEN={{ internal_token }}
SECRET_KEY={{ secret_key }} SECRET_KEY={{ secret_key }}
[server] [server]
DOMAIN=git.comfycamp.space DOMAIN={{ domain }}
ROOT_URL=https://git.comfycamp.space ROOT_URL={{ root_url }}
HTTP_PORT=3000 HTTP_PORT={{ http_port | string }}
LFS_START_SERVER={{ lfs_start_server | string }}
LFS_JWT_SECRET={{ lfs_jwt_secret }} LFS_JWT_SECRET={{ lfs_jwt_secret }}
LFS_START_SERVER=true
START_SSH_SERVER=true START_SSH_SERVER={{ start_ssh_server | string }}
SSH_PORT=8022 SSH_PORT={{ ssh_port | string }}
SSH_LISTEN_PORT=8022 SSH_LISTEN_PORT={{ ssh_listen_port | string }}
[session] [session]
COOKIE_NAME=session COOKIE_NAME={{ cookie_name }}
COOKIE_SECURE=true COOKIE_SECURE={{ cookie_secure | string }}
[service] [service]
DISABLE_REGISTRATION=true DISABLE_REGISTRATION={{ disable_registration | string }}
SHOW_REGISTRATION_BUTTON=false SHOW_REGISTRATION_BUTTON={{ show_registration_button | string }}
[cache] [cache]
ADAPTER=redis ADAPTER={{ cache_adapter }}
HOST=redis://redis-forgejo:6379/0?pool_size=100&idle_timeout=180s HOST={{ cache_host }}

56
roles/forgejo/vars/main.yml
View file

@ -1 +1,55 @@
minio_access_key_id: uTJp8KfKSETa1uYMZnSM user_uid: 1000
user_gid: 1000
tag: 9.0.1
root_url: ""
domain: ""
http_port: 3000
install_lock: true
secret_key: ""
internal_token: ""
oauth2_jwt_secret: ""
start_ssh_server: true
ssh_port: 8022
ssh_listen_port: 8022
run_user: forgejo
work_path: /data
repositories_root: /data/repositories
db_type: postgres
db_host: postgresql:5432
db_name: forgejo
db_user: forgejo
db_password: ""
log_level: warn
log_root_path: /data/log
smtp_enabled: true
smtp_addr: ""
smtp_port: 587
smtp_user: ""
smtp_password: ""
cache_adapter: redis
cache_host: redis://redis-forgejo:6379/0?pool_size=100&idle_timeout=180s
lfs_start_server: true
lfs_jwt_secret: ""
storage_type: minio
minio_endpoint: minio:9000
minio_access_key_id: ""
minio_secret_access_key: ""
minio_bucket: forgejo
cookie_name: session
cookie_secure: true
disable_registration: true
show_registration_button: false