From b9b5b85932f02d5b6c96d2cc48df87e841b21531 Mon Sep 17 00:00:00 2001 From: Ivan Reshetnikov Date: Tue, 1 Oct 2024 02:05:54 +0500 Subject: [PATCH] Run forgejo --- README.md | 16 ++-- forgejo.yml | 11 +++ postgresql.yml | 1 + roles/forgejo/files/redis.conf | 5 ++ roles/forgejo/tasks/forgejo.yml | 37 +++++++++ roles/forgejo/tasks/main.yml | 3 + roles/forgejo/tasks/redis.yml | 34 ++++++++ roles/forgejo/templates/app.ini.j2 | 59 +++++++++++++ roles/forgejo/vars/main.yml | 8 ++ roles/haproxy/files/haproxy.cfg | 7 ++ vaulted_vars.yml | 128 +++++++++++++++++------------ 11 files changed, 251 insertions(+), 58 deletions(-) create mode 100644 forgejo.yml create mode 100644 roles/forgejo/files/redis.conf create mode 100644 roles/forgejo/tasks/forgejo.yml create mode 100644 roles/forgejo/tasks/main.yml create mode 100644 roles/forgejo/tasks/redis.yml create mode 100644 roles/forgejo/templates/app.ini.j2 create mode 100644 roles/forgejo/vars/main.yml diff --git a/README.md b/README.md index 4ed6383..f354869 100644 --- a/README.md +++ b/README.md @@ -4,10 +4,12 @@ Available at [comfycamp.space](https://comfycamp.space). ## Ports -| Number | Service | Public URL | -| --- | --- | --- | -| 3000 | Mastodon | [m.comfycamp.space](https://m.comfycamp.space) | -| 3001 | Mastodon streaming | | -| 3002 | Vaultwarden | | -| 3003 | Minio console | | -| 9000 | Minio | | +| Number | Service | Public URL | +| --- | --- | --- | +| 3000 | Mastodon | [m.comfycamp.space](https://m.comfycamp.space) | +| 3001 | Mastodon streaming | | +| 3002 | Vaultwarden | | +| 3003 | Minio console | | +| 3004 | Forgejo | [git.comfycamp.space](https://git.comfycamp.space) | +| 8022 | Forgejo SSH | | +| 9000 | Minio | | diff --git a/forgejo.yml b/forgejo.yml new file mode 100644 index 0000000..289861b --- /dev/null +++ b/forgejo.yml @@ -0,0 +1,11 @@ +--- +- hosts: webservers + roles: + - role: forgejo + postgresql_password: "{{ forgejo_postgresql_password }}" + smtp_password: "{{ forgejo_smtp_password }}" + oauth2_jwt_secret: "{{ forgejo_oauth2_jwt_secret }}" + internal_token: "{{ forgejo_internal_token }}" + secret_key: "{{ forgejo_secret_key }}" + lfs_jwt_secret: "{{ forgejo_lfs_jwt_secret }}" + minio_secret_access_key: "{{ forgejo_minio_secret_access_key }}" diff --git a/postgresql.yml b/postgresql.yml index 040a789..cf764ee 100644 --- a/postgresql.yml +++ b/postgresql.yml @@ -6,3 +6,4 @@ users: mastodon: "{{ mastodon_postgresql_password }}" vaultwarden: "{{ vaultwarden_postgresql_password }}" + forgejo: "{{ forgejo_postgresql_password }}" diff --git a/roles/forgejo/files/redis.conf b/roles/forgejo/files/redis.conf new file mode 100644 index 0000000..43daf82 --- /dev/null +++ b/roles/forgejo/files/redis.conf @@ -0,0 +1,5 @@ +save "" +appendonly no + +maxmemory 32mb +maxmemory-policy allkeys-lru diff --git a/roles/forgejo/tasks/forgejo.yml b/roles/forgejo/tasks/forgejo.yml new file mode 100644 index 0000000..de9a160 --- /dev/null +++ b/roles/forgejo/tasks/forgejo.yml @@ -0,0 +1,37 @@ +--- +- name: Create forgejo volume + become: true + community.docker.docker_volume: + name: forgejo +- name: Copy app.ini + become: true + ansible.builtin.template: + src: app.ini.j2 + dest: /var/lib/docker/volumes/forgejo/_data/custom/conf/app.ini + owner: 1000 + group: 1000 + mode: '0660' + register: appini +- name: Create forgejo container + become: true + community.docker.docker_container: + name: forgejo + image: codeberg.org/forgejo/forgejo:8.0.3 + env: + USER_UID: "1000" + USER_GID: "1000" + FORGEJO_WORK_DIR: "/data" + FORGEJO_CUSTOM: "/data/custom" + networks: + - name: postgresql + - name: redis-forgejo + - name: minio + volumes: + - forgejo:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "127.0.0.1:3004:3000" + - "8022:8022" + restart_policy: unless-stopped + recreate: "{{ appini.changed }}" diff --git a/roles/forgejo/tasks/main.yml b/roles/forgejo/tasks/main.yml new file mode 100644 index 0000000..e40c31c --- /dev/null +++ b/roles/forgejo/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- import_tasks: redis.yml +- import_tasks: forgejo.yml diff --git a/roles/forgejo/tasks/redis.yml b/roles/forgejo/tasks/redis.yml new file mode 100644 index 0000000..a20ca4f --- /dev/null +++ b/roles/forgejo/tasks/redis.yml @@ -0,0 +1,34 @@ +--- +- name: Create redis-forgejo network + become: true + community.docker.docker_network: + name: redis-forgejo +- name: Create redis-forgejo config dir + become: true + ansible.builtin.file: + path: /etc/redis/forgejo + state: directory + mode: '1755' + owner: root + group: root +- name: Copy redis config + become: true + ansible.builtin.copy: + src: redis.conf + dest: /etc/redis/forgejo/redis.conf + mode: '0664' + owner: root + group: root + register: redisconf +- name: Create redis container + become: true + community.docker.docker_container: + name: redis-forgejo + image: redis:7.4-bookworm + command: ["redis-server", "/etc/redis/redis.conf"] + volumes: + - /etc/redis/forgejo:/etc/redis:ro + networks: + - name: redis-forgejo + restart_policy: unless-stopped + recreate: "{{ redisconf.changed }}" diff --git a/roles/forgejo/templates/app.ini.j2 b/roles/forgejo/templates/app.ini.j2 new file mode 100644 index 0000000..83cb90a --- /dev/null +++ b/roles/forgejo/templates/app.ini.j2 @@ -0,0 +1,59 @@ +[DEFAULT] +RUN_MODE=prod +RUN_USER=forgejo +WORK_PATH=/data + +[database] +DB_TYPE=postgres +HOST=postgresql:5432 +NAME=forgejo +USER=forgejo +PASSWD={{ postgresql_password }} + +[storage] +STORAGE_TYPE=minio +MINIO_ENDPOINT=minio:9000 +MINIO_ACCESS_KEY_ID={{ minio_access_key_id }} +MINIO_SECRET_ACCESS_KEY={{ minio_secret_access_key }} +MINIO_BUCKET=forgejo + +[log] +LEVEL=warn +ROOT_PATH=/data/log + +[mailer] +ENABLED=true +PASSWD={{ smtp_password }} +PROTOCOL=smtps +SMTP_ADDR=comfycamp.space +SMTP_PORT=465 +USER=forgejo@comfycamp.space + +[oauth2] +JWT_SECRET={{ oauth2_jwt_secret }} + +[repository] +ROOT=/data/repositories + +[security] +INSTALL_LOCK=true +INTERNAL_TOKEN={{ internal_token }} +SECRET_KEY={{ secret_key }} + +[server] +DOMAIN=git.comfycamp.space +ROOT_URL=https://git.comfycamp.space +HTTP_PORT=3000 +LFS_JWT_SECRET={{ lfs_jwt_secret }} +LFS_START_SERVER=true +START_SSH_SERVER=true +SSH_PORT=8022 +SSH_LISTEN_PORT=8022 + +[session] +COOKIE_NAME=session +COOKIE_SECURE=true + +[cache] +ADAPTER=redis +HOST=redis://redis-forgejo:6379/0?pool_size=100&idle_timeout=180s diff --git a/roles/forgejo/vars/main.yml b/roles/forgejo/vars/main.yml new file mode 100644 index 0000000..c75d4e9 --- /dev/null +++ b/roles/forgejo/vars/main.yml @@ -0,0 +1,8 @@ +postgresql_password: +smtp_password: +oauth2_jwt_secret: +internal_token: +secret_key: +lfs_jwt_secret: +minio_access_key_id: uTJp8KfKSETa1uYMZnSM +minio_secret_access_key: diff --git a/roles/haproxy/files/haproxy.cfg b/roles/haproxy/files/haproxy.cfg index 12823a3..fe60e66 100644 --- a/roles/haproxy/files/haproxy.cfg +++ b/roles/haproxy/files/haproxy.cfg @@ -46,6 +46,7 @@ frontend www acl acl_comfycamp hdr(host) -i comfycamp.space acl acl_vaultwarden hdr(host) -i vault.comfycamp.space acl acl_minio hdr(host) -i minio.comfycamp.space + acl acl_git hdr(host) -i git.comfycamp.space use_backend mastodon_streaming if acl_mastodon { path_beg /api/v1/streaming } use_backend mastodon if acl_mastodon @@ -53,6 +54,7 @@ frontend www use_backend minio_console if acl_minio use_backend vaultwarden if acl_vaultwarden use_backend comfycamp if acl_comfycamp + use_backend forgejo if acl_git backend comfycamp @@ -86,3 +88,8 @@ backend minio http-response set-header Access-Control-Allow-Origin https://m.comfycamp.space option forwardfor server green 127.0.0.1:9000 check + +backend forgejo + mode http + option forwardfor + server green 127.0.0.1:3004 check diff --git a/vaulted_vars.yml b/vaulted_vars.yml index 4aa6ccb..e111b4c 100644 --- a/vaulted_vars.yml +++ b/vaulted_vars.yml @@ -1,52 +1,78 @@ $ANSIBLE_VAULT;1.1;AES256 -36316363396534613033333531386165353335363961316133363862333864656435396137333335 -3431376131663962656632333563373162313066323835620a313961653764303462343563353064 -65393361356530373764396264636235353435363162663865396232333861323064633538306563 -3830356338353433340a383165643938333938623434633839613835313736646633326238363636 -30613838303933333161393236363531613662616638326138613262626631613061346132306663 -38323336363930313834323131303430663866613264356630303133323964353635386635383165 -64386432643930643935343731383131653662353166376434373635343962343139666134613161 -36663261343234396533313662386330363465653164633162386339363461313163316237643566 -39386537656165356330386533643164616633326264313961326166323964316336386662393830 -61616130373466363861623137393530326164383663303237633631303930653633666235396435 -65666535366133333365353233656464663338363763643363656562376131353230333763656462 -34376431656563613964623739623735613931396439343432386131663032386161336461343232 -61336462393931633065393330626230383237666235303266333736333863356630653139313134 -65343463356137363633373839323461626139393163646531613465313037353466636566373839 -62656234386663616461616430353865653834623933333438313463656439316465643762396262 -33363834313938336135323064393331383132613234643837393934616262346536623532666635 -39303337313964666665336562643065653861623866326232323438363164346639613433316235 -39303633383038326661313031613536313265353333653239613138666439343533333934336638 -39656235316662363862326664323035306666646434383539366563643532393762636233653832 -63336131363931386432333764306464303866653064346233613338333636346536626436636438 -33633431386135666138363661353866623966343638316261396132303866383161643538393663 -31343833343462363530633065636561363466333334303730643333316437613963623536623438 -32646530653838653332353635613066613761643161643639383331636332616138623936363139 -34386661303233316439656239356463366130356665366639613031383130626330363531633238 -63343532356635666233393665663832666161353735326337666637303032396434633135323832 -38373563333637386264633430346638376433323234623562643230623564616432653431623135 -32376363353065323230363564353461623162326635323539626237376239643061363035343436 -62333261326131303333643537316162316662303432353162653933373530656432373266326135 -61343235626238353864643630353630303532613031356239353532396338306539333538336639 -66366533666364383837343236333130396265366230376333383231383464383364616233366136 -33316134383430623662363163373538323161333061313562363363663865336131343832666134 -35656563366438363565613439663161323565363330316661353764393533316238323332386364 -30653336616664643565363261613936353831343364393562663933323731313334623038363539 -36333133633035643433396339353931626433363036303135323864323465316565323730343832 -36336362343634656436346131333137613035626434323434663539313131626363373266323236 -31373963663736353833356237643630353837386534306362306138363834633863386434363731 -31366666633661323638613136396133646666643436613232633439346565323036313238663863 -31333231616462396133623839383961623039306363653532303262363532313063396235356362 -33306661313464323738663132663666333630353039656366303534613364376639366563343161 -36333535383532363966323439396666646162313562633462643837643363623137366232383065 -63633265366135613963316536663538346661353832383364653935313236353131653664396663 -64306234663438353233646539343439643462363238323539396136343232303531313837653235 -34343536633430383565356263643730343539346139343935323333636535666461663764373434 -35376239643833343233663933656464623861373961363363616537313861353238396665353366 -63363331663630353966306264386138396434646335386564646233303735323062363135343931 -35393339653934363138646463393034613561333063313235346135386532356331373162366433 -65396330326662653237336431393861613932646233313061373532363364616438626433336463 -33333530303130326361343663613030623262353137366536323062333636393463356434346638 -33383132336431356631303638393964646231626361383638393838623334636338313661316232 -61383131623133376331383239393765346335373530346231353161616433633064316633343533 -376235356632396563306361653663336366 +39663861613135633530373361306532636435336637323331373430316639613935623839363833 +3939656635393861396537363733373737303562323236390a356661383462653134636665386536 +33393231376664363661313839383237366233323561643534633731613762363239323632323433 +3966373337363236360a613737366538656462616362333031353761313062396636663135336438 +36343264303966323233303661663337393965363765386361353263303362613431313132616639 +37343638653238613063313536373464663566623062383731623436346365373832366338313631 +36373163663838643866643166373633376161333334633165646538393935326233656533623338 +34623233636536363436383265363735316434623037363232643264343130376335353966363134 +64333633343663643238373666343430346265383533643437396136363934666566386134323135 +39313238663132323532663464656435616562303162343761623861346563363231356430663134 +35666531306263303861616264353538376362366462333134303433313832623336373732653236 +65643638633063373131616132313762366537383336383639613030356630376430376566663363 +61333737643430666235326439306131636630643666643638643531373637626137356439623534 +35323331323031383361383936316162343361656634343930393361303332316266323935643839 +38336639326237313736623464646631346239353830353633653564363737646334303563386466 +32613762636363346361376364656632363239383663393465396239633431303834633365393261 +37626533346236333663663238303764663562316230386632333833336535366333323730353634 +30343464323534396431636236323336313239626331396338663465366237396231303166306364 +37313338356236356565623836303833663034343232353436323235393033646361623462353836 +37353962366165353234396464353935343665386438356262353161656135636239646633376530 +36653936383361316362373061393964393031656563343961306337383062313434303433333934 +63656131313034396661356231613730623730313232356637333163343665346261376535346634 +33353663346531613431636338656162646637396266616539343638643734663238643736343233 +33383161646237623935616130633935633864663739333934346631373065333635343161626339 +35656638333365623565616261313166323134376361643263336232613636326338373264633264 +64393930623039613465376163356235316334626438626566663735663665396361396162616638 +33613838646538633431333961663135353064653635313137646336363839366164353065653838 +33616262313564343135383538663435353366663061383332373065653839363962376137356330 +65386637646662363036313864333133323064666464363930643331363837303239616234333835 +65623066653238616237626331643339653238363034393030323537643631373263653931633733 +38666164383463653264616433636137376633373261313735303262643330326630373464333166 +61346538666135316665333536383730313062666562383135623338336639343464663332643639 +31633933376532396630313936343438343137393832306165353133663738613165383734396339 +38653265653361633334353239373730393532346132623262313332636239613631363364303331 +66613136633334633137313136366238323634646334633762326138366135643830316536303161 +30613661666239363562653062663763383734356562646334373039363639393435353137373465 +33323431383537363564386364353864623563336636343533653231393961316431386539663433 +35613632396432376137653834663765336531616235643633393937383766653731323962343832 +66643734376535356165363536633934336364653934383730633133613637386230343836343832 +33623932376530616236666437326632656465363330313735663166636538316233373635363537 +63326332343363343032663061666339306366663465636633626430653432666336336366643037 +35326431336465653065363234353435383662663965336239376363323633323933633134313165 +35656666393838363130343461363736336530353334366337333465653963363738393733623237 +32666130656639363937353761643632366531383235356231376638623732623737363239383232 +31343463333833323238326161633933636566383237623239646366346530393335333064373438 +63656462363631323230303333616466643038623566306562353862616134656535393231373833 +39356666633166373437373931326434623738393662323465363362396539363038653432316430 +63346466316536303833646537616366313561656139656233316235663235643137323865613838 +62613035633961646465643533356363353535653265326531346464653938313362386264376430 +37363934373736323739313535306162623736326465326264303530393663306139316335326533 +30613937336462343237396664303761313431356264323634306533623534613065353066313562 +63633335656134366137643265633766663565366239313832323664393661356662613139616462 +34356161316261323139333330316435663233623933343462656338656336356230356537306437 +32356235633166336362343832386335396133636136343666306539326363303363613035636537 +62643435323962333337643437346564326332663138356235653738353538363037346439363366 +62383532346232386461663262373265633430326666353630323565626565623231386632336665 +36316638346261636266356233306337393331373333353832613639346236343065333562363034 +38643464326464356432613164643834373864363163656630353631656264326332613338653136 +37623565306630366362336537656466366634656361616536336139386637633436383766303038 +62316132666530616161376432396464643632626665326461376538656264636534356366363364 +32333530343032376562383463373966333364326363333766343735376130303866333665353531 +33383462376664303261343938383562323736303933656261336539373034376638353665623830 +62396632323664333534313936633438306534356466343538626566366633656366666465636531 +66326565356338646237306661383362363461306238326363653438356161663534646261366338 +62643934386432626432386338333132363235353231333838333532336561636339643932303064 +38636533396537623465396166613131396165363430336461366338383261373836343462643235 +33363133623962323838643838303836383561653439633333626136366531316535363431303331 +37366561373661373030313332383237383431656664633463386363353336373130653239356234 +65363232356465343234653461336636343631616436323362353361353431333439623031343034 +33323930373732356665373766646438336262303366383139396533626662323766353566373933 +32653965303834316335373364643561383039666330646531363030303133326363653730613937 +65356132353136656430306237633165393364346262663432353266316639343436343938383235 +32646232613632653532343065623065653035643134353334613738373231616264393030623934 +36356132383334616636653861336332643338373634316561393663326332363166316438303030 +33323733363230356138396133313064313439333536306338643164383164376632646338373839 +66623837336339303863363632623233323061656134373665303862383937663861653265316166 +3030