82 lines
2.9 KiB
YAML
82 lines
2.9 KiB
YAML
---
|
|
- name: Ensure netcat-openbsd is installed for ssh shell
|
|
ansible.builtin.apt:
|
|
name: netcat-openbsd
|
|
|
|
- name: Create git system user on host for forgejo ssh
|
|
ansible.builtin.user:
|
|
name: git
|
|
group: git
|
|
system: true
|
|
home: /srv/forgejo/git
|
|
generate_ssh_key: true
|
|
ssh_key_type: ed25519
|
|
shell: /srv/forgejo/git/ssh-shell
|
|
register: _forgejo_git_user
|
|
|
|
- name: Add git user's own ssh key to its authorized keys
|
|
ansible.posix.authorized_key:
|
|
user: git
|
|
key: "{{ _forgejo_git_user.ssh_public_key }}"
|
|
|
|
- name: Install ssh forwarding shell for forgejo
|
|
ansible.builtin.template:
|
|
src: ssh-shell.j2
|
|
dest: /srv/forgejo/git/ssh-shell
|
|
mode: "0755"
|
|
|
|
- name: Forgejo service
|
|
ansible.builtin.import_role:
|
|
name: service
|
|
vars:
|
|
service_name: forgejo
|
|
service_container_image: codeberg.org/forgejo/forgejo:{{ forgejo_tag }}
|
|
service_container_mounts:
|
|
- type: volume
|
|
source: data
|
|
destination: /data
|
|
- type: bind
|
|
source: /etc/localtime
|
|
destination: /etc/localtime
|
|
readonly: true
|
|
- type: bind
|
|
source: /srv/forgejo/git/.ssh
|
|
destination: /data/git/.ssh
|
|
service_container_secrets:
|
|
- name: secret-key
|
|
value: "{{ forgejo_secret_key }}"
|
|
service_domains:
|
|
- "{{ forgejo_domain }}"
|
|
service_database_type: postgres
|
|
service_postgres_tag: 18-alpine
|
|
service_container_publish_ports:
|
|
- name: ssh
|
|
type: socket
|
|
container_port: 22
|
|
service_container_env:
|
|
USER_UID: "{{ _forgejo_git_user.uid }}"
|
|
USER_GID: "{{ _forgejo_git_user.group }}"
|
|
FORGEJO__security__SECRET_KEY_URI: file:/run/secrets/secret-key
|
|
FORGEJO__database__DB_TYPE: postgres
|
|
FORGEJO__database__USER: forgejo
|
|
FORGEJO__database__NAME: forgejo
|
|
FORGEJO__database__HOST: postgres
|
|
FORGEJO__database__PASSWD__FILE: /run/secrets/postgres
|
|
FORGEJO__server__PROTOCOL: http+unix
|
|
FORGEJO__server__HTTP_ADDR: /run/forgejo.sock
|
|
FORGEJO__server__DOMAIN: "{{ forgejo_domain }}"
|
|
FORGEJO__server__ROOT_URL: https://{{ forgejo_domain }}
|
|
FORGEJO__server__SSH_ALLOW_UNEXPECTED_AUTHORIZED_KEYS: "true"
|
|
FORGEJO__mailer__ENABLED: "true"
|
|
FORGEJO__mailer__PROTOCOL: smtp
|
|
FORGEJO__mailer__SMTP_ADDR: "{{ forgejo_smtp_server }}"
|
|
FORGEJO__mailer__SMTP_PORT: "587"
|
|
FORGEJO__mailer__FROM: "{{ forgejo_smtp_from }}"
|
|
FORGEJO__mailer__USER: "{{ forgejo_smtp_user }}"
|
|
FORGEJO__mailer__PASSWD: "{{ forgejo_smtp_password }}"
|
|
FORGEJO__service__DISABLE_REGISTRATION: "true"
|
|
FORGEJO__service__REQUIRE_SIGNIN_VIEW: "{{ 'true' if forgejo_require_signin_view else 'false' }}"
|
|
FORGEJO__service__ENABLE_INTERNAL_SIGNIN: "{{ 'true' if forgejo_enable_internal_signin else 'false' }}"
|
|
FORGEJO__oauth2_client__ENABLE_AUTO_REGISTRATION: "true"
|
|
FORGEJO__openid__ENABLE_OPENID_SIGNIN: "false"
|