diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/files/app.ini b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/files/app.ini deleted file mode 100644 index 8f5cfe6..0000000 --- a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/files/app.ini +++ /dev/null @@ -1,12 +0,0 @@ -APP_NAME = ; Forgejo: Beyond coding. We Forge. -[database] -DB_TYPE = sqlite3 - -[badges] -ENABLED = true - -[repository] -ROOT = /data -DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages,repo.actions -DEFAULT_FORK_REPO_UNITS = repo.code,repo.pulls -DEFAULT_MIRROR_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.wiki,repo.projects,repo.packages diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/tasks/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/tasks/main.yaml index 36355f9..cdba599 100644 --- a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/tasks/main.yaml +++ b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/tasks/main.yaml @@ -20,7 +20,7 @@ mode: u=rwx,g=rwx,o=r loop: - data - - config + - config/custom/conf - gitea - name: Ensure compose file is available on the server tags: packages,docker,forgejo @@ -30,11 +30,19 @@ owner: 1000 group: 1000 mode: u=rw,g=r,o=r + - name: Ensure forgejo config stuff is available + tags: tags,docker,forgejo + ansible.builtin.template: + src: app.ini.j2 + dest: /opt/forgejo/gitea/custom/conf/app.ini + owner: 1000 + group: 1000 + mode: u=rw,g-rwx,o-rwx - name: Ensure environment variables file is available on the server tags: packages,docker,forgejo ansible.builtin.template: src: forgejo.env.j2 - dest: /opt/forgejo/.env + dest: /opt/forgejo.env owner: 1000 group: 1000 mode: u=rw,g-rwx,o-rwx diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/templates/app.ini.j2 b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/templates/app.ini.j2 new file mode 100644 index 0000000..ce9f16b --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/templates/app.ini.j2 @@ -0,0 +1,113 @@ +APP_NAME = Forgejo +RUN_USER = git +RUN_MODE = prod +APP_SLOGAN = Beyond coding. We Forge. +WORK_PATH = /var/lib/gitea + +[repository] +ROOT = /data/git/repositories +DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages,repo.actions +DEFAULT_FORK_REPO_UNITS = repo.code,repo.pulls +DEFAULT_MIRROR_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.wiki,repo.projects,repo.packages + +[repository.local] +LOCAL_COPY_PATH = /tmp/gitea/local-repo + +[repository.upload] +TEMP_PATH = /tmp/gitea/uploads + +[server] +APP_DATA_PATH = /var/lib/gitea +SSH_DOMAIN = forgejo.local.cobb.lgbt +HTTP_PORT = 3000 +ROOT_URL = https://forgejo.local.cobb.lgbt/ +DISABLE_SSH = false +; In rootless gitea container only internal ssh server is supported +START_SSH_SERVER = true +SSH_PORT = 2222 +SSH_LISTEN_PORT = 2222 +BUILTIN_SSH_SERVER_USER = git +LFS_START_SERVER = true +DOMAIN = forgejo.local.cobb.lgbt +LFS_JWT_SECRET = {{ forgejo_server_lfs_jwt_secret }} +OFFLINE_MODE = true + +[database] +PATH = /var/lib/gitea/data/gitea.db +DB_TYPE = sqlite3 +HOST = localhost:3306 +NAME = gitea +USER = root +PASSWD = +SCHEMA = +SSL_MODE = disable +LOG_SQL = false + +[session] +PROVIDER_CONFIG = /var/lib/gitea/data/sessions +PROVIDER = file + +[picture] +AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = /var/lib/gitea/data/repo-avatars + +[attachment] +PATH = /var/lib/gitea/data/attachments + +[log] +ROOT_PATH = /var/lib/gitea/data/log +MODE = console +LEVEL = info + +[security] +INSTALL_LOCK = true +SECRET_KEY = +REVERSE_PROXY_LIMIT = 1 +REVERSE_PROXY_TRUSTED_PROXIES = * +INTERNAL_TOKEN = {{ forgejo_security_internal_token }} +PASSWORD_HASH_ALGO = pbkdf2_hi + +[service] +DISABLE_REGISTRATION = true +REQUIRE_SIGNIN_VIEW = false +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = false +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.localhost + +[lfs] +PATH = /data/git/lfs + +[mailer] +ENABLED = true +FROM = forgejo@cobb.lgbt +PROTOCOL = smtps +SMTP_ADDR = smtp.purelymail.com +SMTP_PORT = 465 +USER = donotreply@cobb.lgbt +PASSWD = {{ forgejo_smtp_passwd }} + +[openid] +ENABLE_OPENID_SIGNIN = true +ENABLE_OPENID_SIGNUP = true + +[cron.update_checker] +ENABLED = true + +[repository.pull-request] +DEFAULT_MERGE_STYLE = merge + +[repository.signing] +DEFAULT_TRUST_MODEL = committer + +[oauth2] +JWT_SECRET = {{ forgejo_oauth2_jwt_secret }} + +[badges] +ENABLED = true + + diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/vars/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/vars/main.yaml index 0bf11aa..3bc818a 100644 --- a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/vars/main.yaml +++ b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/vars/main.yaml @@ -1 +1,41 @@ forgejo_forgejo_tag: 15.0.2-rootless +forgejo_smtp_passwd: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33353935633138633666316366656130666535306331313734356436343636643434323833393934 + 6133343630363461646166356536383537323063383030660a306361613161393930343837363832 + 66666463353765393538303838313737306536343037646636303434316635643666636138663532 + 3661653933653534660a396166346231643233666163303033326264353930656131633165343465 + 38653135363837613864616435656461393861313430646561343162373530333736666330396262 + 66366238306563623062323762393531656464356165613935613731623864313235653234316531 + 61613735326335366139616639303661616363656138393635653266323334316334373439353661 + 38386638383661643838383335663163653330376331643736656131623831363235373832303932 + 65396134653531336630306363663537363364373062626563646361353138653662663839326430 + 36313139373163643932633561323638373831326331633564383738356133316639663535623633 + 333537393536313333336464613166316531 +forgejo_server_lfs_jwt_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30393066646336386161353563333864316435616137303337653765343233383764323065386663 + 3434336237653665313434643831363331666365343361330a366663363736326332376262653364 + 66656436303633643832376262643161366332656365336562373465393635623031366665626336 + 6439653630633863650a343663363832633962356661383038363962646131363431356666636436 + 30656539643963366636643761626334313164326265646462396139363634633433633534383534 + 6334633536653963383835623662383761623561336534333766 +forgejo_security_internal_token: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62346638633564323666383131363333336139316463336361653564353465366563383363653831 + 3330366334623930336333313038316338663866643861330a663764656565353361633938323864 + 33326331653765346138616431646362313433323432653335323335643938653333626365313333 + 3737366137613362340a373437666461633937306161613832633931633162666637626464313864 + 38343835653731313336636262373533306334613334356532336361653461303362346535353166 + 36376362353365633038313531373765646362356362366561353362643433613132366239313030 + 36643732613031346166623930343662353236363264636530376137363438663333653232396334 + 31376633356234636236316533333838383632636561356236396334316464313634386235303762 + 64626432663362386137353063636238636266333630636131353335666364393232 +forgejo_oauth2_jwt_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38326630313633663539383638373330333031653563616230646262356265383039636565386539 + 3861653933386233343534663137343161356239326237380a643138366566346237353530366131 + 63393330613435376235663039353031353739303836633633653638363361363963656636356430 + 6365396632643561630a666332633062653136313237653961636234383463353039633666393239 + 30336663666265633436353561613935653661363037633330316261393330643937636133663138 + 3566636136616465336335646530303334666433646633343535