diff --git a/README.md b/README.md new file mode 100644 index 0000000..2e0fa1d --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +WARNING: `files/app.ini` contains secrets! Do not deploy without hiding them! diff --git a/files/app.ini b/files/app.ini new file mode 100644 index 0000000..2c8117e --- /dev/null +++ b/files/app.ini @@ -0,0 +1,86 @@ +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; WARNING: This file contains secrets!! ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +APP_NAME = OpenNeo Code +RUN_USER = git +WORK_PATH = /var/lib/forgejo +RUN_MODE = prod + +[database] +DB_TYPE = sqlite3 +HOST = 127.0.0.1:3306 +NAME = forgejo +USER = forgejo +PASSWD = +SCHEMA = +SSL_MODE = disable +PATH = /var/lib/forgejo/data/forgejo.db +LOG_SQL = false + +[repository] +ROOT = /var/lib/forgejo/data/forgejo-repositories + +[server] +SSH_DOMAIN = code.openneo.net +DOMAIN = code.openneo.net +PROTOCOL = https +HTTP_PORT = 443 +REDIRECT_OTHER_PORT = true +ENABLE_ACME = true +ACME_ACCEPTTOS = true +ACME_EMAIL = emi@matchu.dev +ROOT_URL = https://code.openneo.net/ +APP_DATA_PATH = /var/lib/forgejo/data +DISABLE_SSH = false +SSH_PORT = 22 +LFS_START_SERVER = true +LFS_JWT_SECRET = +OFFLINE_MODE = true + +[lfs] +PATH = /var/lib/forgejo/data/lfs + +[mailer] +ENABLED = false + +[service] +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = false +DISABLE_REGISTRATION = true +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +REQUIRE_SIGNIN_VIEW = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = false +DEFAULT_ENABLE_TIMETRACKING = false +NO_REPLY_ADDRESS = noreply.openneo.net + +[openid] +ENABLE_OPENID_SIGNIN = false +ENABLE_OPENID_SIGNUP = false + +[cron.update_checker] +ENABLED = true + +[session] +PROVIDER = file + +[log] +MODE = console +LEVEL = info +ROOT_PATH = /var/lib/forgejo/log + +[repository.pull-request] +DEFAULT_MERGE_STYLE = merge + +[repository.signing] +DEFAULT_TRUST_MODEL = committer + +[security] +INSTALL_LOCK = true +INTERNAL_TOKEN = +PASSWORD_HASH_ALGO = pbkdf2_hi + +[oauth2] +JWT_SECRET = diff --git a/setup-forgejo.yml b/setup-forgejo.yml index 24d3905..1495d47 100644 --- a/setup-forgejo.yml +++ b/setup-forgejo.yml @@ -42,32 +42,33 @@ file: path: /etc/forgejo state: directory - mode: "770" + mode: "750" owner: root group: git + - name: Copy app.ini to Forgejo's config directory + copy: + src: files/app.ini + dest: /etc/forgejo/app.ini + mode: "640" + notify: + - Restart Forgejo + - name: Install systemd service for Forgejo copy: src: files/forgejo.service dest: /etc/systemd/system/forgejo.service notify: - - Reload Forgejo's service file and restart Forgejo + - Restart Forgejo - name: Start Forgejo service systemd_service: name: forgejo state: started - - name: Print hint to go configure - debug: - msg: > - Forgejo is now running on port 3000! Run `ssh -L 3000:localhost:3000 - code.openneo.net` to be able to open `localhost:3000` in your local - browser and have it redirect to Forgejo's setup page! - handlers: - - name: Reload Forgejo's service file and restart Forgejo + - name: Restart Forgejo systemd_service: name: forgejo state: restarted - daemon_reload: true + daemon_reload: true # For the case where the service file changes!