124 lines
3.5 KiB
YAML
124 lines
3.5 KiB
YAML
---
|
|
- name: Install and configure Forgejo
|
|
hosts: all
|
|
become: true
|
|
vars:
|
|
forgejo_domain: "{{ duckdns_subdomain }}.duckdns.org"
|
|
forgejo_data_dir: /opt/forgejo
|
|
forgejo_user_uid: 1000
|
|
forgejo_user_gid: 1000
|
|
forgejo_http_port: 3000
|
|
forgejo_ssh_port: 222
|
|
|
|
tasks:
|
|
- name: Ensure Forgejo directory exists
|
|
file:
|
|
path: "{{ forgejo_data_dir }}"
|
|
state: directory
|
|
owner: "{{ forgejo_user_uid }}"
|
|
group: "{{ forgejo_user_gid }}"
|
|
mode: '0755'
|
|
|
|
- name: Create Forgejo docker-compose.yml
|
|
template:
|
|
src: templates/docker-compose.yml.j2
|
|
dest: "{{ forgejo_data_dir }}/docker-compose.yml"
|
|
owner: "{{ forgejo_user_uid }}"
|
|
group: "{{ forgejo_user_gid }}"
|
|
mode: '0644'
|
|
|
|
- name: Create app.ini configuration file
|
|
template:
|
|
src: templates/app.ini.j2
|
|
dest: "{{ forgejo_data_dir }}/app.ini"
|
|
owner: "{{ forgejo_user_uid }}"
|
|
group: "{{ forgejo_user_gid }}"
|
|
mode: '0644'
|
|
|
|
- name: Start Forgejo with Docker Compose
|
|
community.docker.docker_compose_v2:
|
|
project_src: "{{ forgejo_data_dir }}"
|
|
state: present
|
|
become: true
|
|
become_user: debian
|
|
|
|
- name: Install Nginx
|
|
apt:
|
|
name: nginx
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Configure Nginx for Forgejo
|
|
template:
|
|
src: templates/nginx.conf.j2
|
|
dest: /etc/nginx/sites-available/forgejo
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Enable Nginx site
|
|
file:
|
|
src: /etc/nginx/sites-available/forgejo
|
|
dest: /etc/nginx/sites-enabled/forgejo
|
|
state: link
|
|
|
|
- name: Remove default Nginx site
|
|
file:
|
|
path: /etc/nginx/sites-enabled/default
|
|
state: absent
|
|
|
|
- name: Restart Nginx
|
|
service:
|
|
name: nginx
|
|
state: restarted
|
|
enabled: yes
|
|
|
|
- name: Pull Certbot Docker image
|
|
community.docker.docker_image:
|
|
name: certbot/certbot
|
|
source: pull
|
|
when: admin_email is defined
|
|
|
|
- name: Stop Nginx before obtaining SSL certificate
|
|
service:
|
|
name: nginx
|
|
state: stopped
|
|
when: admin_email is defined
|
|
|
|
- name: Obtain SSL certificate with Certbot Docker
|
|
block:
|
|
- name: Run Certbot Docker to obtain SSL certificate
|
|
command: >
|
|
docker run --rm -p 80:80 -p 443:443
|
|
-v /etc/letsencrypt:/etc/letsencrypt
|
|
-v /var/lib/letsencrypt:/var/lib/letsencrypt
|
|
certbot/certbot certonly --standalone
|
|
-d {{ forgejo_domain }} --non-interactive --agree-tos
|
|
-m {{ admin_email }}
|
|
args:
|
|
creates: /etc/letsencrypt/live/{{ forgejo_domain }}/fullchain.pem
|
|
register: certbot_output
|
|
failed_when: certbot_output.rc != 0 and certbot_output.stderr is not search("already exists")
|
|
- name: Handle certbot errors
|
|
debug:
|
|
msg: "Certbot error: {{ certbot_output.stderr }}"
|
|
when: certbot_output is failed
|
|
when: admin_email is defined
|
|
ignore_errors: yes
|
|
|
|
- name: Start Nginx after obtaining SSL certificate
|
|
service:
|
|
name: nginx
|
|
state: started
|
|
when: admin_email is defined
|
|
|
|
- name: Set up SSL certificate renewal
|
|
block:
|
|
- name: Create SSL certificate renewal script
|
|
template:
|
|
src: templates/certbot-renew.j2
|
|
dest: /etc/cron.weekly/certbot-renew
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
when: admin_email is defined
|