Added and configured Forgejo

Adjusted Authentik
2026-06-05 19:51:59 +00:00 · 2026-06-05 19:51:59 +00:00 · 84e3831640
commit 84e3831640
parent ce39d74cc8
7 changed files with 49 additions and 21 deletions
--- a/collections/ansible_collections/adhdgirl/minilab/roles/authentik/files/docker-compose.yaml
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/authentik/files/docker-compose.yaml
@ -17,6 +17,9 @@ services:
      POSTGRES_DB: ${PG_DB:-authentik}
    env_file:
      - .env
+    networks:
+      - authentik
+
  redis:
    image: redis:alpine
    command: --save 60 1 --loglevel warning
@ -29,6 +32,9 @@ services:
      timeout: 3s
    volumes:
      - redis:/data
+    networks:
+      - authentik
+
  server:
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.4.0}
    restart: unless-stopped
@ -53,6 +59,17 @@ services:
        condition: service_healthy
      redis:
        condition: service_healthy
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.authentik.rule: Host(`authentik.local.cobb.lgbt`)
+      traefik.http.routers.authentik.entryPoints: websecure
+      traefik.http.routers.authentik.tls.certResolver: letsEncrypt
+      traefik.http.routers.authentik.observability.metrics: "true"
+      traefik.http.services.authentik.loadBalancer.server.port: 9000
+    networks:
+      - authentik
+      - traefik
+
  worker:
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.4.0}
    restart: unless-stopped
@ -83,9 +100,18 @@ services:
        condition: service_healthy
      redis:
        condition: service_healthy
+    networks:
+      - authentik

 volumes:
  database:
    driver: local
  redis:
    driver: local
+
+networks:
+  authentik:
+    external: false
+  traefik:
+    name: traefik
+    external: true
--- a/collections/ansible_collections/adhdgirl/minilab/roles/authentik/templates/env.j2
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/authentik/templates/env.j2
@ -1,5 +1,5 @@
 PG_PASS={{ authentik_pg_pass }}
-AUTHENTIK_TAG=2025.4.0
+AUTHENTIK_TAG=2026.5.2
 AUTHENTIK_SECRET_KEY={{authentik_secret_key}}
 # SMTP Host Emails are sent to
 AUTHENTIK_EMAIL__HOST=smtp.sendgrid.net
--- a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/files/docker-compose.yaml
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/files/docker-compose.yaml
@ -1,31 +1,30 @@
 ---
 services:
  server:
-    image: codeberg.org/forgejo/forgejo:${DOPLARR_TAG:-latest}
+    image: codeberg.org/forgejo/forgejo:${FORGEJO_TAG:-latest}
    container_name: forgejo
+    user: 1000:1000
    environment:
      - USER_UID=1000
      - USER_GID=1000
+      - FORGEJO_CUSTOM=/etc/forgejo
+    env_file: .env
    restart: always
    networks:
      - forgejo
      - traefik
    volumes:
-      - /mnt/storage/docker/forgejo/data:/data
-      - /mnt/storage/docker/forgejo/config:/var/lib/gitea
+      - /opt/forgejo/data:/data
+      - /opt/forgejo/config:/etc/forgejo
+      - /opt/forgejo/gitea:/var/lib/gitea/
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
-      - "3001:3000"
-      - "2222:22"
-    depends_on:
-      db:
-        condition: service_healthy
-        restart: true
-        required: true
+      - "3000:3000"
+      - "2222:2222"
    labels:
      traefik.enable: "true"
-      traefik.http.routers.forgejo.rule: Host(`forgejo.local.merr.is`)
+      traefik.http.routers.forgejo.rule: Host(`forgejo.local.cobb.lgbt`)
      traefik.http.routers.forgejo.entryPoints: websecure
      traefik.http.routers.forgejo.tls.certResolver: letsEncrypt
      traefik.http.routers.forgejo.observability.metrics: "true"
--- a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/tasks/main.yaml
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/tasks/main.yaml
@ -14,27 +14,29 @@
      ansible.builtin.file:
        path: "/opt/forgejo/{{ item }}"
        state: directory
-        owner: 1001
-        group: 1001
+        owner: 1000
+        group: 1000
        recurse: true
+        mode: u=rwx,g=rwx,o=r
      loop:
+        - data
        - config
-        - workspace
+        - gitea
    - name: Ensure compose file is available on the server
      tags: packages,docker,forgejo
      ansible.builtin.copy:
        src: docker-compose.yaml
        dest: "/opt/forgejo/docker-compose.yaml"
-        owner: 1001
-        group: 1001
+        owner: 1000
+        group: 1000
        mode: u=rw,g=r,o=r
    - name: Ensure environment variables file is available on the server
      tags: packages,docker,forgejo
      ansible.builtin.template:
-        src: env.j2
+        src: forgejo.env.j2
        dest: /opt/forgejo/.env
-        owner: 1001
-        group: 1001
+        owner: 1000
+        group: 1000
        mode: u=rw,g-rwx,o-rwx
    - name: Ensure docker containers are pulled and running
      tags: docker,forgejo
--- a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/templates/forgejo.env
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/templates/forgejo.env
@ -1 +0,0 @@
-SABNZBD_TAG={{ arr_sabnzbd_tag }}/
--- a/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/templates/forgejo.env.j2
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/forgejo/templates/forgejo.env.j2
@ -0,0 +1 @@
+FORGEJO_TAG={{ forgejo_forgejo_tag }}
--- a/minilab.yaml
+++ b/minilab.yaml
@ -62,6 +62,7 @@
    - adhdgirl.minilab.readeck
    - adhdgirl.minilab.calibre
    - adhdgirl.minilab.valkey
+    - adhdgirl.minilab.forgejo
 - name: Configure frigate
  hosts: curren
  tags: docker,frigate