cuqmbr/homelab
1
0
Fork 0
Code

change forgejo role variable structure

Browse Source
This commit is contained in:
cuqmbr 2025-07-02 00:40:39 +03:00
parent b141808b78
commit 374bd0d69a
Signed by: cuqmbr
GPG Key ID: 1F62396D020F375C
4 changed files with 133 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
ansible/inventories/dev/group_vars/forgejo.yml
View File

@ -29,19 +29,19 @@ users:
opendoas_settings: "permit nopass ansible" opendoas_settings: "permit nopass ansible"
forgejo_settings:
clean_binaries: false
version: 11.0.2
forgejo_clean_binaries: false app_name: "cuqmbr's Forgejo"
forgejo_version: 11.0.2 app_slogan: ""
run_mode: prod
forgejo_app_name: "cuqmbr's Forgejo" db_type: postgres
forgejo_app_slogan: "" db_host: 192.168.0.3:5432
forgejo_run_mode: prod db_name: forgejo_db
db_username: forgejo
forgejo_db_type: postgres db_password: !vault |
forgejo_db_host: 192.168.0.3:5432
forgejo_db_name: forgejo_db
forgejo_db_username: forgejo
forgejo_db_password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
32373165333932643133666362336336326538646533303763343465336338393538666235616464 32373165333932643133666362336336326538646533303763343465336338393538666235616464
3065363334323132633161646437366636653462333237350a643161303166376532636562373331 3065363334323132633161646437366636653462333237350a643161303166376532636562373331
@ -54,14 +54,14 @@ forgejo_db_password: !vault |
62373866303234613635366432333661393465636335626537353561643035306265666139663238 62373866303234613635366432333661393465636335626537353561643035306265666139663238
63623835303537626162653564303430383962646531373330323639643635393665633564303237 63623835303537626162653564303430383962646531373330323639643635393665633564303237
333866366330316466636164326130303031 333866366330316466636164326130303031
forgejo_ssl_mode: disable ssl_mode: disable
forgejo_server_domain: git.dev.cuqmbr.xyz server_domain: git.dev.cuqmbr.xyz
forgejo_server_root_url: http://git.dev.cuqmbr.xyz server_root_url: http://git.dev.cuqmbr.xyz
forgejo_server_http_address: 0.0.0.0 server_http_address: 0.0.0.0
forgejo_server_http_port: 3000 server_http_port: 3000
forgejo_server_ssh_port: 22 server_ssh_port: 22
forgejo_server_lfs_secret: !vault | server_lfs_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
65316236393837386464643938366564623532303139383765306631643864643363356561643666 65316236393837386464643938366564623532303139383765306631643864643363356561643666
6335343266313432366136323932306536623261643236640a363738366366303030383537633033 6335343266313432366136323932306536623261643236640a363738366366303030383537633033
@ -70,12 +70,12 @@ forgejo_server_lfs_secret: !vault |
31653534326664393138666237353438393739613565643137653438626462653165366136353039 31653534326664393138666237353438393739613565643137653438626462653165366136353039
3538653438613964653965303932643062306230383832633639 3538653438613964653965303932643062306230383832633639
forgejo_mailer_from: "\"cuqmbr's Forgejo\" <no-reply@cuqmbr.xyz>" mailer_from: "\"cuqmbr's Forgejo\" <no-reply@cuqmbr.xyz>"
forgejo_mailer_protocol: smtps mailer_protocol: smtps
forgejo_mailer_address: mail.cuqmbr.xyz mailer_address: mail.cuqmbr.xyz
forgejo_mailer_port: 465 mailer_port: 465
forgejo_mailer_user: no-reply@cuqmbr.xyz mailer_user: no-reply@cuqmbr.xyz
forgejo_mailer_password: !vault | mailer_password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
31356466316634336162653164316232653865393539656336356130353764316537633535396433 31356466316634336162653164316232653865393539656336356130353764316537633535396433
3862343463633864336633373036323364373863613439310a663461636136366532633639313139 3862343463633864336633373036323364373863613439310a663461636136366532633639313139
@ -83,8 +83,8 @@ forgejo_mailer_password: !vault |
6263326538363633350a316666323566646638316535333934626638356434353864373566653338 6263326538363633350a316666323566646638316535333934626638356434353864373566653338
37303436626261333863313961386465353831633537636537343166666438326138 37303436626261333863313961386465353831633537636537343166666438326138
forgejo_security_install_lock: true security_install_lock: true
forgejo_security_internal_token: !vault | security_internal_token: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
37396532353265376134316465336263616562373030663762333165363362313135653434383961 37396532353265376134316465336263616562373030663762333165363362313135653434383961
6334363937636138383865353639333261376437393839320a333834643939373231623134393865 6334363937636138383865353639333261376437393839320a333834643939373231623134393865
@ -96,7 +96,7 @@ forgejo_security_internal_token: !vault |
32613830383031346361343735393535623931356438383539303038343562373264343666373165 32613830383031346361343735393535623931356438383539303038343562373264343666373165
65333632303535626237373835353665623237353734383436346664663036376538 65333632303535626237373835353665623237353734383436346664663036376538
forgejo_oauth2_jwt_secret: !vault | oauth2_jwt_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
62663534346334366537303037613331396164323637643033383961383165333239313934316661 62663534346334366537303037613331396164323637643033383961383165333239313934316661
6461323764383861663237323066333132393434386137330a343239346561373139386164626562 6461323764383861663237323066333132393434386137330a343239346561373139386164626562

55
ansible/roles/forgejo/defaults/main.yml
View File

@ -1,34 +1,37 @@
--- ---
forgejo_clean_binaries: false forgejo_settings:
forgejo_version: 10.0.3
forgejo_app_name: "cuqmbr's Forgejo" forgejo_default_settings:
forgejo_app_slogan: "" clean_binaries: false
forgejo_run_mode: prod version: 10.0.3
forgejo_db_type: postgres app_name: "cuqmbr's Forgejo"
forgejo_db_host: 127.0.0.1:5432 app_slogan: ""
forgejo_db_name: forgejo_db run_mode: prod
forgejo_db_username: forgejo
forgejo_db_password: 123
forgejo_ssl_mode: disable
forgejo_server_domain: git.dev.cuqmbr.xyz db_type: postgres
forgejo_server_root_url: https://git.dev.cuqmbr.xyz db_host: 127.0.0.1:5432
forgejo_server_http_address: 0.0.0.0 db_name: forgejo_db
forgejo_server_http_port: 3000 db_username: forgejo
forgejo_server_ssh_port: 22 db_password: 123
forgejo_server_lfs_secret: 123 ssl_mode: disable
forgejo_mailer_from: "\"cuqmbr's Forgejo\" <no-reply@cuqmbr.xyz>" server_domain: git.dev.cuqmbr.xyz
forgejo_mailer_protocol: smtps server_root_url: https://git.dev.cuqmbr.xyz
forgejo_mailer_address: mail.cuqmbr.xyz server_http_address: 0.0.0.0
forgejo_mailer_port: 465 server_http_port: 3000
forgejo_mailer_user: no-reply@cuqmbr.xyz server_ssh_port: 22
forgejo_mailer_password: 123 server_lfs_secret: 123
forgejo_security_install_lock: false mailer_from: "\"cuqmbr's Forgejo\" <no-reply@cuqmbr.xyz>"
forgejo_security_internal_token: 123 mailer_protocol: smtps
mailer_address: mail.cuqmbr.xyz
mailer_port: 465
mailer_user: no-reply@cuqmbr.xyz
mailer_password: 123
forgejo_oauth2_jwt_secret: 123 security_install_lock: false
security_internal_token: 123
oauth2_jwt_secret: 123

15
ansible/roles/forgejo/tasks/main.yml
View File

@ -1,5 +1,11 @@
--- ---
- name: Combine default and user settings, decrypt vault.
ansible.builtin.set_fact:
forgejo_settings: "{{ forgejo_default_settings |
ansible.builtin.combine(forgejo_settings, recursive=true) }}"
no_log: true
- name: Install dependencies. - name: Install dependencies.
ansible.builtin.apt: ansible.builtin.apt:
name: name:
@ -32,7 +38,7 @@
state: directory state: directory
- name: Clean forgejo binaries. - name: Clean forgejo binaries.
when: forgejo_clean_binaries when: forgejo_settings.clean_binaries
block: block:
- name: Get all forgejo binaries. - name: Get all forgejo binaries.
@ -51,15 +57,16 @@
- name: Download forgejo binary. - name: Download forgejo binary.
ansible.builtin.get_url: ansible.builtin.get_url:
url: "https://codeberg.org/forgejo/forgejo/releases/download\ url: "https://codeberg.org/forgejo/forgejo/releases/download\
/v{{ forgejo_version }}/forgejo-{{ forgejo_version }}-linux-amd64" /v{{ forgejo_settings.version }}\
dest: "/usr/local/bin/forgejo-{{ forgejo_version }}" /forgejo-{{ forgejo_settings.version }}-linux-amd64"
dest: "/usr/local/bin/forgejo-{{ forgejo_settings.version }}"
owner: root owner: root
group: root group: root
mode: "0555" mode: "0555"
- name: Creaty symlink to forgejo binary. - name: Creaty symlink to forgejo binary.
ansible.builtin.file: ansible.builtin.file:
src: "/usr/local/bin/forgejo-{{ forgejo_version }}" src: "/usr/local/bin/forgejo-{{ forgejo_settings.version }}"
dest: /usr/local/bin/forgejo dest: /usr/local/bin/forgejo
owner: root owner: root
group: root group: root

48
ansible/roles/forgejo/templates/app.ini.j2
View File

@ -2,20 +2,20 @@
; https://codeberg.org/forgejo/forgejo/src/branch/forgejo/custom/conf/app.example.ini ; https://codeberg.org/forgejo/forgejo/src/branch/forgejo/custom/conf/app.example.ini
APP_NAME = {{ forgejo_app_name }} APP_NAME = {{ forgejo_settings.app_name }}
APP_SLOGAN = {{ forgejo_app_slogan }} APP_SLOGAN = {{ forgejo_settings.app_slogan }}
RUN_USER = git RUN_USER = git
WORK_PATH = /var/lib/forgejo WORK_PATH = /var/lib/forgejo
RUN_MODE = {{ forgejo_run_mode }} RUN_MODE = {{ forgejo_settings.run_mode }}
[database] [database]
DB_TYPE = {{ forgejo_db_type }} DB_TYPE = {{ forgejo_settings.db_type }}
HOST = {{ forgejo_db_host }} HOST = {{ forgejo_settings.db_host }}
NAME = {{ forgejo_db_name }} NAME = {{ forgejo_settings.db_name }}
USER = {{ forgejo_db_username }} USER = {{ forgejo_settings.db_username }}
PASSWD = """{{ forgejo_db_password }}""" PASSWD = """{{ forgejo_settings.db_password }}"""
SCHEMA = SCHEMA =
SSL_MODE = {{ forgejo_ssl_mode }} SSL_MODE = {{ forgejo_settings.ssl_mode }}
PATH = /var/lib/forgejo/data/forgejo.db PATH = /var/lib/forgejo/data/forgejo.db
LOG_SQL = false LOG_SQL = false
@ -31,15 +31,15 @@ DISABLE_STARS = true
DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true
[server] [server]
SSH_DOMAIN = {{ forgejo_server_domain }} SSH_DOMAIN = {{ forgejo_settings.server_domain }}
DOMAIN = {{ forgejo_server_domain }} DOMAIN = {{ forgejo_settings.server_domain }}
HTTP_PORT = {{ forgejo_server_http_port }} HTTP_PORT = {{ forgejo_settings.server_http_port }}
ROOT_URL = {{ forgejo_server_root_url }} ROOT_URL = {{ forgejo_settings.server_root_url }}
APP_DATA_PATH = /var/lib/forgejo/data APP_DATA_PATH = /var/lib/forgejo/data
DISABLE_SSH = false DISABLE_SSH = false
SSH_PORT = {{ forgejo_server_ssh_port }} SSH_PORT = {{ forgejo_settings.server_ssh_port }}
LFS_START_SERVER = true LFS_START_SERVER = true
LFS_JWT_SECRET = {{ forgejo_server_lfs_secret }} LFS_JWT_SECRET = {{ forgejo_settings.server_lfs_secret }}
OFFLINE_MODE = true OFFLINE_MODE = true
[lfs] [lfs]
@ -47,12 +47,12 @@ PATH = /var/lib/forgejo/data/lfs
[mailer] [mailer]
ENABLED = true ENABLED = true
FROM = {{ forgejo_mailer_from }} FROM = {{ forgejo_settings.mailer_from }}
PROTOCOL = {{ forgejo_mailer_protocol }} PROTOCOL = {{ forgejo_settings.mailer_protocol }}
SMTP_ADDR = {{ forgejo_mailer_address }} SMTP_ADDR = {{ forgejo_settings.mailer_address }}
SMTP_PORT = {{ forgejo_mailer_port }} SMTP_PORT = {{ forgejo_settings.mailer_port }}
USER = {{ forgejo_mailer_user }} USER = {{ forgejo_settings.mailer_user }}
PASSWD = `{{ forgejo_mailer_password }}` PASSWD = `{{ forgejo_settings.mailer_password }}`
[service] [service]
REGISTER_EMAIL_CONFIRM = false REGISTER_EMAIL_CONFIRM = false
@ -92,12 +92,12 @@ DEFAULT_MERGE_STYLE = merge
DEFAULT_TRUST_MODEL = committer DEFAULT_TRUST_MODEL = committer
[security] [security]
INSTALL_LOCK = {{ forgejo_security_install_lock }} INSTALL_LOCK = {{ forgejo_settings.security_install_lock }}
INTERNAL_TOKEN = {{ forgejo_security_internal_token }} INTERNAL_TOKEN = {{ forgejo_settings.security_internal_token }}
PASSWORD_HASH_ALGO = pbkdf2_hi PASSWORD_HASH_ALGO = pbkdf2_hi
[oauth2] [oauth2]
JWT_SECRET = {{ forgejo_oauth2_jwt_secret }} JWT_SECRET = {{ forgejo_settings.oauth2_jwt_secret }}
[ui] [ui]
AMBIGUOUS_UNICODE_DETECTION = false AMBIGUOUS_UNICODE_DETECTION = false