From 374bd0d69a2ef38517684414be4e38fb66daf49c Mon Sep 17 00:00:00 2001
From: cuqmbr <me@cuqmbr.xyz>
Date: Wed, 2 Jul 2025 00:40:39 +0300
Subject: [PATCH] change forgejo role variable structure

---
 .../inventories/dev/group_vars/forgejo.yml    | 138 +++++++++---------
 ansible/roles/forgejo/defaults/main.yml       |  55 +++----
 ansible/roles/forgejo/tasks/main.yml          |  15 +-
 ansible/roles/forgejo/templates/app.ini.j2    |  48 +++---
 4 files changed, 133 insertions(+), 123 deletions(-)

diff --git a/ansible/inventories/dev/group_vars/forgejo.yml b/ansible/inventories/dev/group_vars/forgejo.yml
index 153eee2..ab2d674 100644
--- a/ansible/inventories/dev/group_vars/forgejo.yml
+++ b/ansible/inventories/dev/group_vars/forgejo.yml
@@ -29,81 +29,81 @@ users:
     opendoas_settings: "permit nopass ansible"
 
 
+forgejo_settings:
+  clean_binaries: false
+  version: 11.0.2
 
-forgejo_clean_binaries: false
-forgejo_version: 11.0.2
+  app_name: "cuqmbr's Forgejo"
+  app_slogan: ""
+  run_mode: prod
 
-forgejo_app_name: "cuqmbr's Forgejo"
-forgejo_app_slogan: ""
-forgejo_run_mode: prod
+  db_type: postgres
+  db_host: 192.168.0.3:5432
+  db_name: forgejo_db
+  db_username: forgejo
+  db_password: !vault |
+    $ANSIBLE_VAULT;1.1;AES256
+    32373165333932643133666362336336326538646533303763343465336338393538666235616464
+    3065363334323132633161646437366636653462333237350a643161303166376532636562373331
+    39353331613939643639323431653233356161313937616536656363643933643734393032623831
+    3562373130643365630a633836326638666261386330653134333938306162646466393133316335
+    39323030373266393239353633343863313566356533636539666463336538656535613137373634
+    64633934393538336630373233373961613735363838333237356332313461303231323031313630
+    31663564373062306165373238376430653837316139353663313730376339386233633330653234
+    38386138316334376635616532383530663163663666643430666432623633303166376338613761
+    62373866303234613635366432333661393465636335626537353561643035306265666139663238
+    63623835303537626162653564303430383962646531373330323639643635393665633564303237
+    333866366330316466636164326130303031
+  ssl_mode: disable
 
-forgejo_db_type: postgres
-forgejo_db_host: 192.168.0.3:5432
-forgejo_db_name: forgejo_db
-forgejo_db_username: forgejo
-forgejo_db_password: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  32373165333932643133666362336336326538646533303763343465336338393538666235616464
-  3065363334323132633161646437366636653462333237350a643161303166376532636562373331
-  39353331613939643639323431653233356161313937616536656363643933643734393032623831
-  3562373130643365630a633836326638666261386330653134333938306162646466393133316335
-  39323030373266393239353633343863313566356533636539666463336538656535613137373634
-  64633934393538336630373233373961613735363838333237356332313461303231323031313630
-  31663564373062306165373238376430653837316139353663313730376339386233633330653234
-  38386138316334376635616532383530663163663666643430666432623633303166376338613761
-  62373866303234613635366432333661393465636335626537353561643035306265666139663238
-  63623835303537626162653564303430383962646531373330323639643635393665633564303237
-  333866366330316466636164326130303031
-forgejo_ssl_mode: disable
+  server_domain: git.dev.cuqmbr.xyz
+  server_root_url: http://git.dev.cuqmbr.xyz
+  server_http_address: 0.0.0.0
+  server_http_port: 3000
+  server_ssh_port: 22
+  server_lfs_secret: !vault |
+    $ANSIBLE_VAULT;1.1;AES256
+    65316236393837386464643938366564623532303139383765306631643864643363356561643666
+    6335343266313432366136323932306536623261643236640a363738366366303030383537633033
+    62356465313061376464633634333238316466633464626134363932373963373963383262666534
+    3134343137323734660a326638636162636539636663386437643034313661323266633361646461
+    31653534326664393138666237353438393739613565643137653438626462653165366136353039
+    3538653438613964653965303932643062306230383832633639
 
-forgejo_server_domain: git.dev.cuqmbr.xyz
-forgejo_server_root_url: http://git.dev.cuqmbr.xyz
-forgejo_server_http_address: 0.0.0.0
-forgejo_server_http_port: 3000
-forgejo_server_ssh_port: 22
-forgejo_server_lfs_secret: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  65316236393837386464643938366564623532303139383765306631643864643363356561643666
-  6335343266313432366136323932306536623261643236640a363738366366303030383537633033
-  62356465313061376464633634333238316466633464626134363932373963373963383262666534
-  3134343137323734660a326638636162636539636663386437643034313661323266633361646461
-  31653534326664393138666237353438393739613565643137653438626462653165366136353039
-  3538653438613964653965303932643062306230383832633639
+  mailer_from: "\"cuqmbr's Forgejo\" <no-reply@cuqmbr.xyz>"
+  mailer_protocol: smtps
+  mailer_address: mail.cuqmbr.xyz
+  mailer_port: 465
+  mailer_user: no-reply@cuqmbr.xyz
+  mailer_password: !vault |
+    $ANSIBLE_VAULT;1.1;AES256
+    31356466316634336162653164316232653865393539656336356130353764316537633535396433
+    3862343463633864336633373036323364373863613439310a663461636136366532633639313139
+    32336632623631346236336263306633326261393238346632653733343163643737383537393939
+    6263326538363633350a316666323566646638316535333934626638356434353864373566653338
+    37303436626261333863313961386465353831633537636537343166666438326138
 
-forgejo_mailer_from: "\"cuqmbr's Forgejo\" <no-reply@cuqmbr.xyz>"
-forgejo_mailer_protocol: smtps
-forgejo_mailer_address: mail.cuqmbr.xyz
-forgejo_mailer_port: 465
-forgejo_mailer_user: no-reply@cuqmbr.xyz
-forgejo_mailer_password: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  31356466316634336162653164316232653865393539656336356130353764316537633535396433
-  3862343463633864336633373036323364373863613439310a663461636136366532633639313139
-  32336632623631346236336263306633326261393238346632653733343163643737383537393939
-  6263326538363633350a316666323566646638316535333934626638356434353864373566653338
-  37303436626261333863313961386465353831633537636537343166666438326138
+  security_install_lock: true
+  security_internal_token: !vault |
+    $ANSIBLE_VAULT;1.1;AES256
+    37396532353265376134316465336263616562373030663762333165363362313135653434383961
+    6334363937636138383865353639333261376437393839320a333834643939373231623134393865
+    31646263626533326533306136323735313237343437653265393534313739353930316462313765
+    3933643737663934320a363661353761646133366133366539306331396634626162306430346364
+    39313833336264666634393765336232643961393364646664643538396336316364623430343034
+    64643932613961613931336339353462373438333631633533363633656638383235353939313831
+    31313165623130633034613566343461663661323834303930323832343766313661643033626238
+    32613830383031346361343735393535623931356438383539303038343562373264343666373165
+    65333632303535626237373835353665623237353734383436346664663036376538
 
-forgejo_security_install_lock: true
-forgejo_security_internal_token: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  37396532353265376134316465336263616562373030663762333165363362313135653434383961
-  6334363937636138383865353639333261376437393839320a333834643939373231623134393865
-  31646263626533326533306136323735313237343437653265393534313739353930316462313765
-  3933643737663934320a363661353761646133366133366539306331396634626162306430346364
-  39313833336264666634393765336232643961393364646664643538396336316364623430343034
-  64643932613961613931336339353462373438333631633533363633656638383235353939313831
-  31313165623130633034613566343461663661323834303930323832343766313661643033626238
-  32613830383031346361343735393535623931356438383539303038343562373264343666373165
-  65333632303535626237373835353665623237353734383436346664663036376538
-
-forgejo_oauth2_jwt_secret: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  62663534346334366537303037613331396164323637643033383961383165333239313934316661
-  6461323764383861663237323066333132393434386137330a343239346561373139386164626562
-  35653437653762663231643439346139373133303738366139663332376461323531333065333732
-  6466373034346231650a363164373264633432393639323232633565656436663761343634616366
-  37643964383837376630303036363737343464666461336533393362313830376335326530306139
-  6331323465376131656666306361623637643864616665333436
+  oauth2_jwt_secret: !vault |
+    $ANSIBLE_VAULT;1.1;AES256
+    62663534346334366537303037613331396164323637643033383961383165333239313934316661
+    6461323764383861663237323066333132393434386137330a343239346561373139386164626562
+    35653437653762663231643439346139373133303738366139663332376461323531333065333732
+    6466373034346231650a363164373264633432393639323232633565656436663761343634616366
+    37643964383837376630303036363737343464666461336533393362313830376335326530306139
+    6331323465376131656666306361623637643864616665333436
 
 
 fluentbit_settings:
diff --git a/ansible/roles/forgejo/defaults/main.yml b/ansible/roles/forgejo/defaults/main.yml
index 4457c80..eb24a48 100644
--- a/ansible/roles/forgejo/defaults/main.yml
+++ b/ansible/roles/forgejo/defaults/main.yml
@@ -1,34 +1,37 @@
 ---
 
-forgejo_clean_binaries: false
-forgejo_version: 10.0.3
+forgejo_settings:
 
-forgejo_app_name: "cuqmbr's Forgejo"
-forgejo_app_slogan: ""
-forgejo_run_mode: prod
+forgejo_default_settings:
+  clean_binaries: false
+  version: 10.0.3
 
-forgejo_db_type: postgres
-forgejo_db_host: 127.0.0.1:5432
-forgejo_db_name: forgejo_db
-forgejo_db_username: forgejo
-forgejo_db_password: 123
-forgejo_ssl_mode: disable
+  app_name: "cuqmbr's Forgejo"
+  app_slogan: ""
+  run_mode: prod
 
-forgejo_server_domain: git.dev.cuqmbr.xyz
-forgejo_server_root_url: https://git.dev.cuqmbr.xyz
-forgejo_server_http_address: 0.0.0.0
-forgejo_server_http_port: 3000
-forgejo_server_ssh_port: 22
-forgejo_server_lfs_secret: 123
+  db_type: postgres
+  db_host: 127.0.0.1:5432
+  db_name: forgejo_db
+  db_username: forgejo
+  db_password: 123
+  ssl_mode: disable
 
-forgejo_mailer_from: "\"cuqmbr's Forgejo\" <no-reply@cuqmbr.xyz>"
-forgejo_mailer_protocol: smtps
-forgejo_mailer_address: mail.cuqmbr.xyz
-forgejo_mailer_port: 465
-forgejo_mailer_user: no-reply@cuqmbr.xyz
-forgejo_mailer_password: 123
+  server_domain: git.dev.cuqmbr.xyz
+  server_root_url: https://git.dev.cuqmbr.xyz
+  server_http_address: 0.0.0.0
+  server_http_port: 3000
+  server_ssh_port: 22
+  server_lfs_secret: 123
 
-forgejo_security_install_lock: false
-forgejo_security_internal_token: 123
+  mailer_from: "\"cuqmbr's Forgejo\" <no-reply@cuqmbr.xyz>"
+  mailer_protocol: smtps
+  mailer_address: mail.cuqmbr.xyz
+  mailer_port: 465
+  mailer_user: no-reply@cuqmbr.xyz
+  mailer_password: 123
 
-forgejo_oauth2_jwt_secret: 123
+  security_install_lock: false
+  security_internal_token: 123
+
+  oauth2_jwt_secret: 123
diff --git a/ansible/roles/forgejo/tasks/main.yml b/ansible/roles/forgejo/tasks/main.yml
index d58b437..48e1043 100644
--- a/ansible/roles/forgejo/tasks/main.yml
+++ b/ansible/roles/forgejo/tasks/main.yml
@@ -1,5 +1,11 @@
 ---
 
+- name: Combine default and user settings, decrypt vault.
+  ansible.builtin.set_fact:
+    forgejo_settings: "{{ forgejo_default_settings |
+        ansible.builtin.combine(forgejo_settings, recursive=true) }}"
+  no_log: true
+
 - name: Install dependencies.
   ansible.builtin.apt:
     name:
@@ -32,7 +38,7 @@
     state: directory
 
 - name: Clean forgejo binaries.
-  when: forgejo_clean_binaries
+  when: forgejo_settings.clean_binaries
   block:
 
     - name: Get all forgejo binaries.
@@ -51,15 +57,16 @@
 - name: Download forgejo binary.
   ansible.builtin.get_url:
     url: "https://codeberg.org/forgejo/forgejo/releases/download\
-          /v{{ forgejo_version }}/forgejo-{{ forgejo_version }}-linux-amd64"
-    dest: "/usr/local/bin/forgejo-{{ forgejo_version }}"
+          /v{{ forgejo_settings.version }}\
+          /forgejo-{{ forgejo_settings.version }}-linux-amd64"
+    dest: "/usr/local/bin/forgejo-{{ forgejo_settings.version }}"
     owner: root
     group: root
     mode: "0555"
 
 - name: Creaty symlink to forgejo binary.
   ansible.builtin.file:
-    src: "/usr/local/bin/forgejo-{{ forgejo_version }}"
+    src: "/usr/local/bin/forgejo-{{ forgejo_settings.version }}"
     dest: /usr/local/bin/forgejo
     owner: root
     group: root
diff --git a/ansible/roles/forgejo/templates/app.ini.j2 b/ansible/roles/forgejo/templates/app.ini.j2
index 08c6e48..1ea0f2e 100644
--- a/ansible/roles/forgejo/templates/app.ini.j2
+++ b/ansible/roles/forgejo/templates/app.ini.j2
@@ -2,20 +2,20 @@
 
 ; https://codeberg.org/forgejo/forgejo/src/branch/forgejo/custom/conf/app.example.ini
 
-APP_NAME = {{ forgejo_app_name }}
-APP_SLOGAN = {{ forgejo_app_slogan }}
+APP_NAME = {{ forgejo_settings.app_name }}
+APP_SLOGAN = {{ forgejo_settings.app_slogan }}
 RUN_USER = git
 WORK_PATH = /var/lib/forgejo
-RUN_MODE = {{ forgejo_run_mode }}
+RUN_MODE = {{ forgejo_settings.run_mode }}
 
 [database]
-DB_TYPE = {{ forgejo_db_type }}
-HOST = {{ forgejo_db_host }}
-NAME = {{ forgejo_db_name }}
-USER = {{ forgejo_db_username }}
-PASSWD = """{{ forgejo_db_password }}"""
+DB_TYPE = {{ forgejo_settings.db_type }}
+HOST = {{ forgejo_settings.db_host }}
+NAME = {{ forgejo_settings.db_name }}
+USER = {{ forgejo_settings.db_username }}
+PASSWD = """{{ forgejo_settings.db_password }}"""
 SCHEMA = 
-SSL_MODE = {{ forgejo_ssl_mode }}
+SSL_MODE = {{ forgejo_settings.ssl_mode }}
 PATH = /var/lib/forgejo/data/forgejo.db
 LOG_SQL = false
 
@@ -31,15 +31,15 @@ DISABLE_STARS = true
 DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true
 
 [server]
-SSH_DOMAIN = {{ forgejo_server_domain }}
-DOMAIN = {{ forgejo_server_domain }}
-HTTP_PORT = {{ forgejo_server_http_port }}
-ROOT_URL = {{ forgejo_server_root_url }}
+SSH_DOMAIN = {{ forgejo_settings.server_domain }}
+DOMAIN = {{ forgejo_settings.server_domain }}
+HTTP_PORT = {{ forgejo_settings.server_http_port }}
+ROOT_URL = {{ forgejo_settings.server_root_url }}
 APP_DATA_PATH = /var/lib/forgejo/data
 DISABLE_SSH = false
-SSH_PORT = {{ forgejo_server_ssh_port }}
+SSH_PORT = {{ forgejo_settings.server_ssh_port }}
 LFS_START_SERVER = true
-LFS_JWT_SECRET = {{ forgejo_server_lfs_secret }}
+LFS_JWT_SECRET = {{ forgejo_settings.server_lfs_secret }}
 OFFLINE_MODE = true
 
 [lfs]
@@ -47,12 +47,12 @@ PATH = /var/lib/forgejo/data/lfs
 
 [mailer]
 ENABLED = true
-FROM = {{ forgejo_mailer_from }}
-PROTOCOL = {{ forgejo_mailer_protocol }}
-SMTP_ADDR = {{ forgejo_mailer_address }}
-SMTP_PORT = {{ forgejo_mailer_port }}
-USER = {{ forgejo_mailer_user }}
-PASSWD = `{{ forgejo_mailer_password }}`
+FROM = {{ forgejo_settings.mailer_from }}
+PROTOCOL = {{ forgejo_settings.mailer_protocol }}
+SMTP_ADDR = {{ forgejo_settings.mailer_address }}
+SMTP_PORT = {{ forgejo_settings.mailer_port }}
+USER = {{ forgejo_settings.mailer_user }}
+PASSWD = `{{ forgejo_settings.mailer_password }}`
 
 [service]
 REGISTER_EMAIL_CONFIRM = false
@@ -92,12 +92,12 @@ DEFAULT_MERGE_STYLE = merge
 DEFAULT_TRUST_MODEL = committer
 
 [security]
-INSTALL_LOCK = {{ forgejo_security_install_lock }}
-INTERNAL_TOKEN = {{ forgejo_security_internal_token }}
+INSTALL_LOCK = {{ forgejo_settings.security_install_lock }}
+INTERNAL_TOKEN = {{ forgejo_settings.security_internal_token }}
 PASSWORD_HASH_ALGO = pbkdf2_hi
 
 [oauth2]
-JWT_SECRET = {{ forgejo_oauth2_jwt_secret }}
+JWT_SECRET = {{ forgejo_settings.oauth2_jwt_secret }}
 
 [ui]
 AMBIGUOUS_UNICODE_DETECTION = false