Formatting

host_vars/fudiggity/forgejo.yml

@@ -0,0 +1,19 @@
+forgejo_app_dir: '/srv/docker/forgejo'
+forgejo_data_dir: '/var/lib/vm/forgejo/data'
+forgejo_postgres_dir: '/var/lib/vm/forgejo/postgres'
+
+forgejo_image_tag: 'codeberg.org/forgejo/forgejo:11'
+
+forgejo_postgres_user: forgejo
+forgejo_postgres_name: forgejo
+
+# TODO: write to docker secret
+forgejo_postgres_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30303039313766373966373364346539306661376564613530656565313131623635666435333564
+          6463316365373564383964316635366337376237386134340a353839313761633865646638356165
+          31306666616235336132363232303639303065343436656233366264333236323435393963373062
+          3165326331633438620a323064663435396666316266396135633463653335323534616264383965
+          33383262373831656335363434333938363230373133646436653261346364353463333065303534
+          66383533646636313662376236373931383065386330663438623363336664353832343263323336
+          366531643930326636343466343732373036

playbook.yml

@@ -7,49 +7,52 @@
         name: '{{ packages }}'
   tasks:
     - name: Generic provisioning
-      ansible.builtin.import_tasks: 'tasks/setup.yml'
+      ansible.builtin.import_tasks: tasks/setup.yml
       tags: setup
 
     - name: Network provisioning
-      ansible.builtin.import_tasks: 'tasks/network.yml'
+      ansible.builtin.import_tasks: tasks/network.yml
       tags: network
 
     - name: Wireguard provisioning
-      ansible.builtin.import_tasks: 'tasks/wireguard.yml'
+      ansible.builtin.import_tasks: tasks/wireguard.yml
       tags: wireguard
 
     - name: Wireguard media provisioning
-      ansible.builtin.import_tasks: 'tasks/wireguard_media.yml'
+      ansible.builtin.import_tasks: tasks/wireguard_media.yml
       tags: wireguard-media
 
     - name: Docker provisioning
-      ansible.builtin.import_tasks: 'tasks/docker.yml'
+      ansible.builtin.import_tasks: tasks/docker.yml
       tags: docker
 
     - name: Radicale provisioning
-      ansible.builtin.import_tasks: 'tasks/radicale.yml'
+      ansible.builtin.import_tasks: tasks/radicale.yml
       tags: radicale
 
     - name: Syncthing provisioning
-      ansible.builtin.import_tasks: 'tasks/syncthing.yml'
+      ansible.builtin.import_tasks: tasks/syncthing.yml
       tags: syncthing
 
     - name: Transmission provisioning
-      ansible.builtin.import_tasks: 'tasks/transmission.yml'
+      ansible.builtin.import_tasks: tasks/transmission.yml
       tags: transmission
 
     - name: MPD provisioning
-      ansible.builtin.import_tasks: 'tasks/mpd.yml'
+      ansible.builtin.import_tasks: tasks/mpd.yml
       tags: mpd
 
     - name: NGINX provisioning
-      ansible.builtin.import_tasks: 'tasks/nginx.yml'
+      ansible.builtin.import_tasks: tasks/nginx.yml
       tags: nginx
 
     - name: Jellyfin provisioning
-      ansible.builtin.import_tasks: 'tasks/jellyfin.yml'
+      ansible.builtin.import_tasks: tasks/jellyfin.yml
       tags: jellyfin
 
+    - name: Forgejo provisioning
+      ansible.builtin.import_tasks: tasks/forgejo.yml
+      tags: forgejo
   handlers:
     - name: Import handlers
       ansible.builtin.import_tasks: 'handlers.yml'

tasks/forgejo.yml

@@ -0,0 +1,62 @@
+- name: Create git user
+  become: true
+  ansible.builtin.user:
+    name: git
+    uid: 1001
+    group: git
+    create_home: false
+
+- name: Create required directories
+  become: true
+  ansible.builtin.file:
+    path: '{{ item.path }}'
+    state: '{{ item.state }}'
+    mode: '{{ item.mode }}'
+    owner: '{{ item.owner }}'
+    group: '{{ item.group }}'
+  loop:
+    - path: '{{ forgejo_app_dir }}'
+      owner: sonny
+      group: sonny
+      state: directory
+      mode: '0755'
+
+    - path: '{{ forgejo_data_dir }}'
+      owner: sonny
+      group: sonny
+      state: directory
+      mode: '0755'
+
+    - path: '{{ forgejo_postgres_password }}'
+      owner: sonny
+      group: sonny
+      state: directory
+      mode: '0755'
+
+- name: Copy docker-compose file
+  ansible.builtin.template:
+    src: templates/forgejo/docker-compose.j2
+    dest: '{{ forgejo_app_dir }}/docker-compose.yml'
+    mode: '0755'
+
+- name: Stop current containers
+  community.docker.docker_compose_v2:
+    project_src: '{{ forgejo_app_dir }}'
+    state: stopped
+
+- name: Pull missing image
+  community.docker.docker_compose_v2:
+    project_src: '{{ forgejo_app_dir }}'
+    pull: missing
+    state: stopped
+
+- name: Remove dangling containers
+  community.docker.docker_compose_v2:
+    project_src: '{{ forgejo_app_dir }}'
+    remove_orphans: true
+    state: stopped
+
+- name: Start container
+  community.docker.docker_compose_v2:
+    project_src: '{{ forgejo_app_dir }}'
+    state: present

templates/forgejo/docker-compose.j2

@@ -0,0 +1,45 @@
+# {{ ansible_managed }}
+
+networks:
+  forgejo:
+    external: false
+
+services:
+  server:
+    image: '{{ forgejo_image_tag }}'
+    container_name: forgejo
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - FORGEJO__server__DOMAIN={{ forgejo_domain }}
+      - FORGEJO__server__ROOT_URL=https://{{ forgejo_domain }}/
+      - FORGEJO__server__SSH_DOMAIN={{ forgejo_domain }}
+      - FORGEJO__database__DB_TYPE=postgres
+      - FORGEJO__database__HOST=db:5432
+      - FORGEJO__database__NAME={{ forgejo_postgres_name }}
+      - FORGEJO__database__USER={{ forgejo_postgres_user }}
+      - FORGEJO__database__PASSWD={{ forgejo_postgres_password }}
+    restart: always
+    networks:
+      - forgejo
+    volumes:
+      - {{ forgejo_data_dir }}:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - '{{ forgejo_port }}:3000'
+      - '{{ forgejo_ssh_port }}:22'
+    depends_on:
+      - db
+
+  db:
+    image: postgres:14
+    restart: always
+    environment:
+      - POSTGRES_USER={{ forgejo_postgres_user }}
+      - POSTGRES_PASSWORD={{ forgejo_postgres_password }}
+      - POSTGRES_DB={{ forgejo_postgres_name }}
+    networks:
+      - forgejo
+    volumes:
+      - {{ forgejo_postgres_dir }}:/var/lib/postgresql/data