--- - name: Install and configure Forgejo hosts: all become: true vars: forgejo_domain: "{{ duckdns_subdomain }}.duckdns.org" forgejo_data_dir: /opt/forgejo forgejo_user_uid: 1000 forgejo_user_gid: 1000 forgejo_http_port: 3000 forgejo_ssh_port: 222 tasks: - name: Ensure Forgejo directory exists file: path: "{{ forgejo_data_dir }}" state: directory owner: "{{ forgejo_user_uid }}" group: "{{ forgejo_user_gid }}" mode: '0755' - name: Create Forgejo docker-compose.yml template: src: templates/docker-compose.yml.j2 dest: "{{ forgejo_data_dir }}/docker-compose.yml" owner: "{{ forgejo_user_uid }}" group: "{{ forgejo_user_gid }}" mode: '0644' - name: Create app.ini configuration file template: src: templates/app.ini.j2 dest: "{{ forgejo_data_dir }}/app.ini" owner: "{{ forgejo_user_uid }}" group: "{{ forgejo_user_gid }}" mode: '0644' - name: Start Forgejo with Docker Compose community.docker.docker_compose_v2: project_src: "{{ forgejo_data_dir }}" state: present become: true become_user: debian - name: Install Nginx apt: name: nginx state: present update_cache: yes - name: Configure Nginx for Forgejo template: src: templates/nginx.conf.j2 dest: /etc/nginx/sites-available/forgejo owner: root group: root mode: '0644' - name: Enable Nginx site file: src: /etc/nginx/sites-available/forgejo dest: /etc/nginx/sites-enabled/forgejo state: link - name: Remove default Nginx site file: path: /etc/nginx/sites-enabled/default state: absent - name: Restart Nginx service: name: nginx state: restarted enabled: yes - name: Pull Certbot Docker image community.docker.docker_image: name: certbot/certbot source: pull when: admin_email is defined - name: Stop Nginx before obtaining SSL certificate service: name: nginx state: stopped when: admin_email is defined - name: Obtain SSL certificate with Certbot Docker block: - name: Run Certbot Docker to obtain SSL certificate command: > docker run --rm -p 80:80 -p 443:443 -v /etc/letsencrypt:/etc/letsencrypt -v /var/lib/letsencrypt:/var/lib/letsencrypt certbot/certbot certonly --standalone -d {{ forgejo_domain }} --non-interactive --agree-tos -m {{ admin_email }} args: creates: /etc/letsencrypt/live/{{ forgejo_domain }}/fullchain.pem register: certbot_output failed_when: certbot_output.rc != 0 and certbot_output.stderr is not search("already exists") - name: Handle certbot errors debug: msg: "Certbot error: {{ certbot_output.stderr }}" when: certbot_output is failed when: admin_email is defined ignore_errors: yes - name: Start Nginx after obtaining SSL certificate service: name: nginx state: started when: admin_email is defined - name: Set up SSL certificate renewal block: - name: Create SSL certificate renewal script template: src: templates/certbot-renew.j2 dest: /etc/cron.weekly/certbot-renew owner: root group: root mode: '0755' when: admin_email is defined - name: Set up Forgejo auto-update functionality block: - name: Create scripts directory file: path: "{{ forgejo_data_dir }}/scripts" state: directory owner: "{{ forgejo_user_uid }}" group: "{{ forgejo_user_gid }}" mode: '0755' - name: Create logs directory file: path: "{{ forgejo_data_dir }}/logs" state: directory owner: "{{ forgejo_user_uid }}" group: "{{ forgejo_user_gid }}" mode: '0755' - name: Create backups directory file: path: "{{ forgejo_data_dir }}/backups" state: directory owner: "{{ forgejo_user_uid }}" group: "{{ forgejo_user_gid }}" mode: '0755' - name: Copy Forgejo auto-update script template: src: templates/update-forgejo.sh.j2 dest: "{{ forgejo_data_dir }}/scripts/update-forgejo.sh" owner: "{{ forgejo_user_uid }}" group: "{{ forgejo_user_gid }}" mode: '0755' tags: - update_script - name: Set up cron job for Forgejo auto-update cron: name: "Forgejo auto-update" weekday: "0" hour: "3" minute: "0" user: "debian" job: "{{ forgejo_data_dir }}/scripts/update-forgejo.sh >> {{ forgejo_data_dir }}/logs/cron-update.log 2>&1" cron_file: "forgejo-update"