openneo-code/setup-forgejo.yml

104 lines
3 KiB
YAML
Raw Normal View History

2024-01-13 21:47:50 -08:00
---
# Adapted from https://forgejo.org/docs/latest/admin/installation-binary/
- name: Install Forgejo
hosts: webserver
become: yes
become_user: root
tasks:
- name: Download Forgejo binary to /usr/local/bin (and verify its checksum)
get_url:
url: https://codeberg.org/forgejo/forgejo/releases/download/v1.21.6-0/forgejo-1.21.6-0-linux-amd64
2024-01-13 21:47:50 -08:00
dest: /usr/local/bin/forgejo
checksum: "sha256:e86f446236a287b9ba2c65f8ff7b0a9ea4f451a5ffc3134f416f751e1eecf97c"
2024-01-13 21:47:50 -08:00
mode: "755"
notify:
- Restart Forgejo
2024-01-13 21:47:50 -08:00
- name: Update apt cache
apt:
update_cache: true
- name: Install git and git-lfs
apt:
name:
- git
- git-lfs
- name: Create git user
user:
name: git
password: "!" # disables password login
home: /home/git
shell: /bin/bash
comment: Git Version Control
- name: Create Forgejo's data directory
file:
path: /var/lib/forgejo
state: directory
mode: "750"
owner: git
group: git
- name: Create Forgejo's config directory
file:
path: /etc/forgejo
state: directory
mode: "750"
2024-01-13 21:47:50 -08:00
owner: root
group: git
2024-01-15 00:38:30 -08:00
# NOTE: Instead of copying a pre-built app.ini, you could also skip this,
# use SSH tunneling to access the server over port 3000, and use their
# built-in setup process. You'd need to temporarily change /etc/forgejo to
# have mode "770", to allow Forgejo to write its own config file. (This is
# what we did for our first-time setup, then we copied app.ini to here!)
- name: Copy app.ini to Forgejo's config directory
copy:
src: files/app.ini
dest: /etc/forgejo/app.ini
mode: "640"
notify:
- Restart Forgejo
2024-01-15 00:38:30 -08:00
# NOTE: Instead of having a separate secrets directory, you could hardcode
# the secrets into app.ini. This extra indirection just lets us share our
# app.ini publicly, while keeping the secret tokens in gitignored files.
# Also, the directory name "secrets" and the file names we chose aren't
# reserved by Forgejo! Forgejo simply ignores any unrecognized files in
# /etc/forgejo, then we reference our secret files by path in app.ini.
- name: Copy secrets directory to Forgejo's config directory
copy:
src: files/secrets
dest: /etc/forgejo
directory_mode: "750"
mode: "640"
owner: root
group: git
notify:
- Restart Forgejo
2024-01-13 21:47:50 -08:00
- name: Install systemd service for Forgejo
copy:
src: files/forgejo.service
dest: /etc/systemd/system/forgejo.service
notify:
- Reload service files
- Restart Forgejo
2024-01-13 21:47:50 -08:00
- name: Enable Forgejo service
2024-01-13 21:47:50 -08:00
systemd_service:
name: forgejo
enabled: true
2024-01-13 21:47:50 -08:00
state: started
handlers:
- name: Reload service files
systemd_service:
daemon_reload: true
- name: Restart Forgejo
2024-01-13 21:47:50 -08:00
systemd_service:
name: forgejo
state: restarted