jdaily/forgejo-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
forgejo-config/ansible/forgejo.yml

168 lines
5 KiB
YAML
Raw Blame History

---
- name: Install and configure Forgejo
hosts: all
become: true
vars:
forgejo_domain: "{{ duckdns_subdomain }}.duckdns.org"
forgejo_data_dir: /opt/forgejo
forgejo_user_uid: 1000
forgejo_user_gid: 1000
forgejo_http_port: 3000
forgejo_ssh_port: 222
tasks:
- name: Ensure Forgejo directory exists
file:
path: "{{ forgejo_data_dir }}"
state: directory
owner: "{{ forgejo_user_uid }}"
group: "{{ forgejo_user_gid }}"
mode: '0755'
- name: Create Forgejo docker-compose.yml
template:
src: templates/docker-compose.yml.j2
dest: "{{ forgejo_data_dir }}/docker-compose.yml"
owner: "{{ forgejo_user_uid }}"
group: "{{ forgejo_user_gid }}"
mode: '0644'
- name: Create app.ini configuration file
template:
src: templates/app.ini.j2
dest: "{{ forgejo_data_dir }}/app.ini"
owner: "{{ forgejo_user_uid }}"
group: "{{ forgejo_user_gid }}"
mode: '0644'
- name: Start Forgejo with Docker Compose
community.docker.docker_compose_v2:
project_src: "{{ forgejo_data_dir }}"
state: present
become: true
become_user: debian
- name: Install Nginx
apt:
name: nginx
state: present
update_cache: yes
- name: Configure Nginx for Forgejo
template:
src: templates/nginx.conf.j2
dest: /etc/nginx/sites-available/forgejo
owner: root
group: root
mode: '0644'
- name: Enable Nginx site
file:
src: /etc/nginx/sites-available/forgejo
dest: /etc/nginx/sites-enabled/forgejo
state: link
- name: Remove default Nginx site
file:
path: /etc/nginx/sites-enabled/default
state: absent
- name: Restart Nginx
service:
name: nginx
state: restarted
enabled: yes
- name: Pull Certbot Docker image
community.docker.docker_image:
name: certbot/certbot
source: pull
when: admin_email is defined
- name: Stop Nginx before obtaining SSL certificate
service:
name: nginx
state: stopped
when: admin_email is defined
- name: Obtain SSL certificate with Certbot Docker
block:
- name: Run Certbot Docker to obtain SSL certificate
command: >
docker run --rm -p 80:80 -p 443:443
-v /etc/letsencrypt:/etc/letsencrypt
-v /var/lib/letsencrypt:/var/lib/letsencrypt
certbot/certbot certonly --standalone
-d {{ forgejo_domain }} --non-interactive --agree-tos
-m {{ admin_email }}
args:
creates: /etc/letsencrypt/live/{{ forgejo_domain }}/fullchain.pem
register: certbot_output
failed_when: certbot_output.rc != 0 and certbot_output.stderr is not search("already exists")
- name: Handle certbot errors
debug:
msg: "Certbot error: {{ certbot_output.stderr }}"
when: certbot_output is failed
when: admin_email is defined
ignore_errors: yes
- name: Start Nginx after obtaining SSL certificate
service:
name: nginx
state: started
when: admin_email is defined
- name: Set up SSL certificate renewal
block:
- name: Create SSL certificate renewal script
template:
src: templates/certbot-renew.j2
dest: /etc/cron.weekly/certbot-renew
owner: root
group: root
mode: '0755'
when: admin_email is defined
- name: Set up Forgejo auto-update functionality
block:
- name: Create scripts directory
file:
path: "{{ forgejo_data_dir }}/scripts"
state: directory
owner: "{{ forgejo_user_uid }}"
group: "{{ forgejo_user_gid }}"
mode: '0755'
- name: Create logs directory
file:
path: "{{ forgejo_data_dir }}/logs"
state: directory
owner: "{{ forgejo_user_uid }}"
group: "{{ forgejo_user_gid }}"
mode: '0755'
- name: Create backups directory
file:
path: "{{ forgejo_data_dir }}/backups"
state: directory
owner: "{{ forgejo_user_uid }}"
group: "{{ forgejo_user_gid }}"
mode: '0755'
- name: Copy Forgejo auto-update script
template:
src: templates/update-forgejo.sh.j2
dest: "{{ forgejo_data_dir }}/scripts/update-forgejo.sh"
owner: "{{ forgejo_user_uid }}"
group: "{{ forgejo_user_gid }}"
mode: '0755'
- name: Set up cron job for Forgejo auto-update
cron:
name: "Forgejo auto-update"
weekday: "0"
hour: "3"
minute: "0"
user: "debian"
job: "{{ forgejo_data_dir }}/scripts/update-forgejo.sh >> {{ forgejo_data_dir }}/logs/cron-update.log 2>&1"
cron_file: "forgejo-update"
Reference in a new issue View git blame Copy permalink