From 0ae631bfdee17fa21784ceca2dfacd1cf694569b Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Tue, 2 May 2023 14:25:54 +0200 Subject: [PATCH] add forgejo stack --- ansible/inventory/group_vars/all.yml | 1 + ansible/inventory/host_vars/manager.yml | 4 +- ansible/playbooks/stacks.yml | 1 + ansible/roles/forgejo/app.ini.j2 | 104 ++++++++++++++++++++++ ansible/roles/forgejo/docker-stack.yml.j2 | 42 +++++++++ ansible/roles/forgejo/tasks/main.yml | 20 +++++ ansible/roles/forgejo/vars/main.yml | 23 +++++ 7 files changed, 194 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/forgejo/app.ini.j2 create mode 100644 ansible/roles/forgejo/docker-stack.yml.j2 create mode 100644 ansible/roles/forgejo/tasks/main.yml create mode 100644 ansible/roles/forgejo/vars/main.yml diff --git a/ansible/inventory/group_vars/all.yml b/ansible/inventory/group_vars/all.yml index a2d8d0d..7e0fdf0 100644 --- a/ansible/inventory/group_vars/all.yml +++ b/ansible/inventory/group_vars/all.yml @@ -1 +1,2 @@ data_directory_base: /mnt/data +git_ssh_port: 56287 diff --git a/ansible/inventory/host_vars/manager.yml b/ansible/inventory/host_vars/manager.yml index dd6b196..42ea65c 100644 --- a/ansible/inventory/host_vars/manager.yml +++ b/ansible/inventory/host_vars/manager.yml @@ -2,8 +2,10 @@ docker_node_labels: - hostname: maestro labels: traefik: "true" + forgejo: "true" - hostname: worker1 labels: syncthing: "true" -data_directories: [] +data_directories: + - 'forgejo' diff --git a/ansible/playbooks/stacks.yml b/ansible/playbooks/stacks.yml index c888a34..b05ec39 100644 --- a/ansible/playbooks/stacks.yml +++ b/ansible/playbooks/stacks.yml @@ -4,3 +4,4 @@ roles: - {role: traefik, tags: traefik} - {role: syncthing, tags: syncthing} + - {role: forgejo, tags: forgejo} diff --git a/ansible/roles/forgejo/app.ini.j2 b/ansible/roles/forgejo/app.ini.j2 new file mode 100644 index 0000000..9641715 --- /dev/null +++ b/ansible/roles/forgejo/app.ini.j2 @@ -0,0 +1,104 @@ +APP_NAME = Forgejo: Beyond coding. We forge. +RUN_MODE = prod +RUN_USER = git + +[repository] +ROOT = /data/git/repositories +DEFAULT_BRANCH = master + +[repository.local] +LOCAL_COPY_PATH = /data/gitea/tmp/local-repo + +[repository.upload] +TEMP_PATH = /data/gitea/uploads + +[server] +APP_DATA_PATH = /data/gitea +DOMAIN = {{ git_domain }} +SSH_DOMAIN = {{ git_domain }} +HTTP_PORT = 3000 +ROOT_URL = {{ root_url }} +DISABLE_SSH = false +SSH_PORT = {{ git_ssh_port }} +SSH_LISTEN_PORT = 22 +LFS_START_SERVER = true +LFS_JWT_SECRET = {{ lfs_jwt_secret }} +OFFLINE_MODE = false + +[database] +PATH = /data/gitea/gitea.db +DB_TYPE = sqlite3 +HOST = localhost:3306 +NAME = gitea +USER = root +PASSWD = +LOG_SQL = false +SCHEMA = +SSL_MODE = disable +CHARSET = utf8 + +[indexer] +ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve +ISSUE_INDEXER_TYPE = db + +[session] +PROVIDER_CONFIG = /data/gitea/sessions +PROVIDER = file + +[picture] +AVATAR_UPLOAD_PATH = /data/gitea/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars +ENABLE_FEDERATED_AVATAR = false + +[attachment] +PATH = /data/gitea/attachments + +[log] +MODE = console +LEVEL = info +ROUTER = console +ROOT_PATH = /data/gitea/log + +[security] +INSTALL_LOCK = true +SECRET_KEY = +REVERSE_PROXY_LIMIT = 1 +REVERSE_PROXY_TRUSTED_PROXIES = * +INTERNAL_TOKEN = {{ internal_token }} +PASSWORD_HASH_ALGO = pbkdf2 + +[service] +DISABLE_REGISTRATION = true +REQUIRE_SIGNIN_VIEW = false +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = false +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +DEFAULT_KEEP_EMAIL_PRIVATE = true +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.localhost + +[lfs] +PATH = /data/git/lfs + +[mailer] +ENABLED = true +SMTP_ADDR = {{ mailer_host }} +SMTP_PORT = 587 +FROM = {{ mailer_from }} +USER = +PASSWD = + +[openid] +ENABLE_OPENID_SIGNIN = true +ENABLE_OPENID_SIGNUP = false + +[repository.pull-request] +DEFAULT_MERGE_STYLE = merge + +[repository.signing] +DEFAULT_TRUST_MODEL = committer + +[ui] +DEFAULT_THEME = forgejo-light diff --git a/ansible/roles/forgejo/docker-stack.yml.j2 b/ansible/roles/forgejo/docker-stack.yml.j2 new file mode 100644 index 0000000..8874beb --- /dev/null +++ b/ansible/roles/forgejo/docker-stack.yml.j2 @@ -0,0 +1,42 @@ +# vi: ft=yaml +version: "3" + +networks: + traefik: + external: true + +configs: + config: + file: /srv/forgejo/app.ini + +services: + server: + image: codeberg.org/forgejo/forgejo:1.18 + environment: + - USER_UID=1000 + - USER_GID=1000 + networks: + - traefik + ports: + - "{{ git_ssh_port }}:22" + volumes: + - type: bind + source: /mnt/data/forgejo + target: /data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + deploy: + placement: + constraints: + - "node.labels.forgejo == true" + labels: + - traefik.port=80 + - traefik.enable=true + - traefik.http.routers.forgejo.entrypoints=web + - traefik.http.routers.forgejo.rule=Host(`{{ git_domain }}`) + - traefik.http.routers.forgejo.service=forgejo + - traefik.http.services.forgejo.loadbalancer.server.port=3000 + - traefik.docker.network=traefik + configs: + - source: config + target: /data/gitea/conf/app.ini diff --git a/ansible/roles/forgejo/tasks/main.yml b/ansible/roles/forgejo/tasks/main.yml new file mode 100644 index 0000000..0c8db5c --- /dev/null +++ b/ansible/roles/forgejo/tasks/main.yml @@ -0,0 +1,20 @@ +- name: Create working directory + file: + path: /srv/forgejo + state: directory + +- name: Copy config file + template: + src: "{{ role_path }}/app.ini.j2" + dest: /srv/forgejo/app.ini + +- name: Copy Docker stack file + template: + src: "{{ role_path }}/docker-stack.yml.j2" + dest: /srv/forgejo/docker-stack.yml + +- name: Deploy Docker stack + docker_stack: + name: forgejo + compose: + - /srv/forgejo/docker-stack.yml diff --git a/ansible/roles/forgejo/vars/main.yml b/ansible/roles/forgejo/vars/main.yml new file mode 100644 index 0000000..2bcaa33 --- /dev/null +++ b/ansible/roles/forgejo/vars/main.yml @@ -0,0 +1,23 @@ +git_domain: "git.pim.kunis.nl" +root_url: "https://{{ git_domain }}" +mailer_host: "smtp.tweak.nl" +mailer_from: "git@kunis.nl" +lfs_jwt_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 66613032363837346461326131303839646332646233633736623865346135623739343233396165 + 6530326162323466623939393133623336366466343837620a613532616365646137326138383235 + 32313264653262656564336531646662323039623865393366616536633531306430336137313862 + 3361373539373561390a653236306433393737616561306236343362396438366134313032656233 + 35626364373961613361366138383566353463626136393861383934326263383336393766623063 + 3434656437663165376635326139383065383861386133623765 +internal_token: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62633334656235613035343830326237633637626639363465313861323734393766636464303862 + 3936306561343863316630616164616537323537333262650a336337303232623832636666353038 + 64313134383330646537356432383332386238373835656663313431373939373630373566396339 + 6561643037383666340a643464326531623731303564646464376239613263643761643766623930 + 37623362326561346262306331376663313661633635323435333339396138383134303364306532 + 37353264363737643965643932356336633734316534303262336461313038626538396536333964 + 36353635323731353061393430656166363263366437313434336139616666326335633037663336 + 37353665613938613731316330396461343632643039643864343164303937613263343262623964 + 33366364636339623633653035313736653563363064646233383437373431373232