From 84e3831640d12cbbb6b7a72c0b930a2075d7e991 Mon Sep 17 00:00:00 2001
From: Annika Merris <annika@adhdgirl.dev>
Date: Fri, 5 Jun 2026 19:51:59 +0000
Subject: [PATCH] Added and configured Forgejo Adjusted Authentik

---
 .../roles/authentik/files/docker-compose.yaml | 26 +++++++++++++++++++
 .../minilab/roles/authentik/templates/env.j2  |  2 +-
 .../roles/forgejo/files/docker-compose.yaml   | 21 +++++++--------
 .../minilab/roles/forgejo/tasks/main.yaml     | 18 +++++++------
 .../roles/forgejo/templates/forgejo.env       |  1 -
 .../roles/forgejo/templates/forgejo.env.j2    |  1 +
 minilab.yaml                                  |  1 +
 7 files changed, 49 insertions(+), 21 deletions(-)
 delete mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/forgejo/templates/forgejo.env
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/forgejo/templates/forgejo.env.j2

diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/authentik/files/docker-compose.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/authentik/files/docker-compose.yaml
index 5c6a599..a2d5c60 100644
--- a/collections/ansible_collections/adhdgirl/minilab/roles/authentik/files/docker-compose.yaml
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/authentik/files/docker-compose.yaml
@@ -17,6 +17,9 @@ services:
       POSTGRES_DB: ${PG_DB:-authentik}
     env_file:
       - .env
+    networks:
+      - authentik
+
   redis:
     image: redis:alpine
     command: --save 60 1 --loglevel warning
@@ -29,6 +32,9 @@ services:
       timeout: 3s
     volumes:
       - redis:/data
+    networks:
+      - authentik
+
   server:
     image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.4.0}
     restart: unless-stopped
@@ -53,6 +59,17 @@ services:
         condition: service_healthy
       redis:
         condition: service_healthy
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.authentik.rule: Host(`authentik.local.cobb.lgbt`)
+      traefik.http.routers.authentik.entryPoints: websecure
+      traefik.http.routers.authentik.tls.certResolver: letsEncrypt
+      traefik.http.routers.authentik.observability.metrics: "true"
+      traefik.http.services.authentik.loadBalancer.server.port: 9000
+    networks:
+      - authentik
+      - traefik
+
   worker:
     image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.4.0}
     restart: unless-stopped
@@ -83,9 +100,18 @@ services:
         condition: service_healthy
       redis:
         condition: service_healthy
+    networks:
+      - authentik
 
 volumes:
   database:
     driver: local
   redis:
     driver: local
+
+networks:
+  authentik:
+    external: false
+  traefik:
+    name: traefik
+    external: true
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/authentik/templates/env.j2 b/collections/ansible_collections/adhdgirl/minilab/roles/authentik/templates/env.j2
index 7615e6d..1340913 100644
--- a/collections/ansible_collections/adhdgirl/minilab/roles/authentik/templates/env.j2
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/authentik/templates/env.j2
@@ -1,5 +1,5 @@
 PG_PASS={{ authentik_pg_pass }}
-AUTHENTIK_TAG=2025.4.0
+AUTHENTIK_TAG=2026.5.2
 AUTHENTIK_SECRET_KEY={{authentik_secret_key}}
 # SMTP Host Emails are sent to
 AUTHENTIK_EMAIL__HOST=smtp.sendgrid.net
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/files/docker-compose.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/files/docker-compose.yaml
index 0f3d6b0..e594e3f 100644
--- a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/files/docker-compose.yaml
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/files/docker-compose.yaml
@@ -1,31 +1,30 @@
 ---
 services:
   server:
-    image: codeberg.org/forgejo/forgejo:${DOPLARR_TAG:-latest}
+    image: codeberg.org/forgejo/forgejo:${FORGEJO_TAG:-latest}
     container_name: forgejo
+    user: 1000:1000
     environment:
       - USER_UID=1000
       - USER_GID=1000
+      - FORGEJO_CUSTOM=/etc/forgejo
+    env_file: .env
     restart: always
     networks:
       - forgejo
       - traefik
     volumes:
-      - /mnt/storage/docker/forgejo/data:/data
-      - /mnt/storage/docker/forgejo/config:/var/lib/gitea
+      - /opt/forgejo/data:/data
+      - /opt/forgejo/config:/etc/forgejo
+      - /opt/forgejo/gitea:/var/lib/gitea/
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     ports:
-      - "3001:3000"
-      - "2222:22"
-    depends_on:
-      db:
-        condition: service_healthy
-        restart: true
-        required: true
+      - "3000:3000"
+      - "2222:2222"
     labels:
       traefik.enable: "true"
-      traefik.http.routers.forgejo.rule: Host(`forgejo.local.merr.is`)
+      traefik.http.routers.forgejo.rule: Host(`forgejo.local.cobb.lgbt`)
       traefik.http.routers.forgejo.entryPoints: websecure
       traefik.http.routers.forgejo.tls.certResolver: letsEncrypt
       traefik.http.routers.forgejo.observability.metrics: "true"
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/tasks/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/tasks/main.yaml
index 4844a53..36355f9 100644
--- a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/tasks/main.yaml
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/tasks/main.yaml
@@ -14,27 +14,29 @@
       ansible.builtin.file:
         path: "/opt/forgejo/{{ item }}"
         state: directory
-        owner: 1001
-        group: 1001
+        owner: 1000
+        group: 1000
         recurse: true
+        mode: u=rwx,g=rwx,o=r
       loop:
+        - data
         - config
-        - workspace
+        - gitea
     - name: Ensure compose file is available on the server
       tags: packages,docker,forgejo
       ansible.builtin.copy:
         src: docker-compose.yaml
         dest: "/opt/forgejo/docker-compose.yaml"
-        owner: 1001
-        group: 1001
+        owner: 1000
+        group: 1000
         mode: u=rw,g=r,o=r
     - name: Ensure environment variables file is available on the server
       tags: packages,docker,forgejo
       ansible.builtin.template:
-        src: env.j2
+        src: forgejo.env.j2
         dest: /opt/forgejo/.env
-        owner: 1001
-        group: 1001
+        owner: 1000
+        group: 1000
         mode: u=rw,g-rwx,o-rwx
     - name: Ensure docker containers are pulled and running
       tags: docker,forgejo
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/templates/forgejo.env b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/templates/forgejo.env
deleted file mode 100644
index a01e54b..0000000
--- a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/templates/forgejo.env
+++ /dev/null
@@ -1 +0,0 @@
-SABNZBD_TAG={{ arr_sabnzbd_tag }}/
\ No newline at end of file
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/templates/forgejo.env.j2 b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/templates/forgejo.env.j2
new file mode 100644
index 0000000..3e30dec
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/templates/forgejo.env.j2
@@ -0,0 +1 @@
+FORGEJO_TAG={{ forgejo_forgejo_tag }}
diff --git a/minilab.yaml b/minilab.yaml
index 14be8fb..973eccd 100644
--- a/minilab.yaml
+++ b/minilab.yaml
@@ -62,6 +62,7 @@
     - adhdgirl.minilab.readeck
     - adhdgirl.minilab.calibre
     - adhdgirl.minilab.valkey
+    - adhdgirl.minilab.forgejo
 - name: Configure frigate
   hosts: curren
   tags: docker,frigate