From 1ec828763ebdc5b5bf560f00f00b2857216f1cdb Mon Sep 17 00:00:00 2001
From: Sonny Bakker <sonny871@hotmail.com>
Date: Sun, 27 Apr 2025 09:02:17 +0200
Subject: [PATCH] Include forgejo provisioning

---
 host_vars/fudiggity/forgejo.yml     | 19 +++++++++
 playbook.yml                        |  3 ++
 tasks/forgejo.yml                   | 62 +++++++++++++++++++++++++++++
 templates/forgejo/docker-compose.j2 | 45 +++++++++++++++++++++
 4 files changed, 129 insertions(+)
 create mode 100644 host_vars/fudiggity/forgejo.yml
 create mode 100644 tasks/forgejo.yml
 create mode 100644 templates/forgejo/docker-compose.j2

diff --git a/host_vars/fudiggity/forgejo.yml b/host_vars/fudiggity/forgejo.yml
new file mode 100644
index 0000000..f133f38
--- /dev/null
+++ b/host_vars/fudiggity/forgejo.yml
@@ -0,0 +1,19 @@
+forgejo_app_dir: '/srv/docker/forgejo'
+forgejo_data_dir: '/var/lib/vm/forgejo/data'
+forgejo_postgres_dir: '/var/lib/vm/forgejo/postgres'
+
+forgejo_image_tag: 'codeberg.org/forgejo/forgejo:11'
+
+forgejo_postgres_user: forgejo
+forgejo_postgres_name: forgejo
+
+# TODO: write to docker secret
+forgejo_postgres_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30303039313766373966373364346539306661376564613530656565313131623635666435333564
+          6463316365373564383964316635366337376237386134340a353839313761633865646638356165
+          31306666616235336132363232303639303065343436656233366264333236323435393963373062
+          3165326331633438620a323064663435396666316266396135633463653335323534616264383965
+          33383262373831656335363434333938363230373133646436653261346364353463333065303534
+          66383533646636313662376236373931383065386330663438623363336664353832343263323336
+          366531643930326636343466343732373036
diff --git a/playbook.yml b/playbook.yml
index 463b1cf..006e79a 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -50,6 +50,9 @@
       ansible.builtin.import_tasks: 'tasks/jellyfin.yml'
       tags: jellyfin
 
+    - name: Forgejo provisioning
+      ansible.builtin.import_tasks: tasks/forgejo.yml
+      tags: forgejo
   handlers:
     - name: Import handlers
       ansible.builtin.import_tasks: 'handlers.yml'
diff --git a/tasks/forgejo.yml b/tasks/forgejo.yml
new file mode 100644
index 0000000..22efb41
--- /dev/null
+++ b/tasks/forgejo.yml
@@ -0,0 +1,62 @@
+- name: Create git user
+  become: true
+  ansible.builtin.user:
+    name: git
+    uid: 1001
+    group: git
+    create_home: false
+
+- name: Create required directories
+  become: true
+  ansible.builtin.file:
+    path: '{{ item.path }}'
+    state: '{{ item.state }}'
+    mode: '{{ item.mode }}'
+    owner: '{{ item.owner }}'
+    group: '{{ item.group }}'
+  loop:
+    - path: '{{ forgejo_app_dir }}'
+      owner: sonny
+      group: sonny
+      state: directory
+      mode: '0755'
+
+    - path: '{{ forgejo_data_dir }}'
+      owner: sonny
+      group: sonny
+      state: directory
+      mode: '0755'
+
+    - path: '{{ forgejo_postgres_password }}'
+      owner: sonny
+      group: sonny
+      state: directory
+      mode: '0755'
+
+- name: Copy docker-compose file
+  ansible.builtin.template:
+    src: templates/forgejo/docker-compose.j2
+    dest: '{{ forgejo_app_dir }}/docker-compose.yml'
+    mode: '0755'
+
+- name: Stop current containers
+  community.docker.docker_compose_v2:
+    project_src: '{{ forgejo_app_dir }}'
+    state: stopped
+
+- name: Pull missing image
+  community.docker.docker_compose_v2:
+    project_src: '{{ forgejo_app_dir }}'
+    pull: missing
+    state: stopped
+
+- name: Remove dangling containers
+  community.docker.docker_compose_v2:
+    project_src: '{{ forgejo_app_dir }}'
+    remove_orphans: true
+    state: stopped
+
+- name: Start container
+  community.docker.docker_compose_v2:
+    project_src: '{{ forgejo_app_dir }}'
+    state: present
diff --git a/templates/forgejo/docker-compose.j2 b/templates/forgejo/docker-compose.j2
new file mode 100644
index 0000000..d656fe9
--- /dev/null
+++ b/templates/forgejo/docker-compose.j2
@@ -0,0 +1,45 @@
+# {{ ansible_managed }}
+
+networks:
+  forgejo:
+    external: false
+
+services:
+  server:
+    image: '{{ forgejo_image_tag }}'
+    container_name: forgejo
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - FORGEJO__server__DOMAIN={{ forgejo_domain }}
+      - FORGEJO__server__ROOT_URL=https://{{ forgejo_domain }}/
+      - FORGEJO__server__SSH_DOMAIN={{ forgejo_domain }}
+      - FORGEJO__database__DB_TYPE=postgres
+      - FORGEJO__database__HOST=db:5432
+      - FORGEJO__database__NAME={{ forgejo_postgres_name }}
+      - FORGEJO__database__USER={{ forgejo_postgres_user }}
+      - FORGEJO__database__PASSWD={{ forgejo_postgres_password }}
+    restart: always
+    networks:
+      - forgejo
+    volumes:
+      - {{ forgejo_data_dir }}:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - '{{ forgejo_port }}:3000'
+      - '{{ forgejo_ssh_port }}:22'
+    depends_on:
+      - db
+
+  db:
+    image: postgres:14
+    restart: always
+    environment:
+      - POSTGRES_USER={{ forgejo_postgres_user }}
+      - POSTGRES_PASSWORD={{ forgejo_postgres_password }}
+      - POSTGRES_DB={{ forgejo_postgres_name }}
+    networks:
+      - forgejo
+    volumes:
+      - {{ forgejo_postgres_dir }}:/var/lib/postgresql/data