hosting/cloudserve-infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Move from gitea to forgejo

Browse source 
Moved all variables over; moved git passthrough script to new location
and naming scheme; moved settings and mentions of gitea name; switched
ci woodpecker instance to use forgejo instead of gitea.
This commit is contained in:
Marty Oehme 2024-06-24 08:47:43 +02:00
parent b6e30811dc
commit 648f49a847
Signed by: Marty
GPG key ID: EDBF2ED917B2EF6A
8 changed files with 125 additions and 121 deletions
Download patch file Download diff file Expand all files Collapse all files

19
roles/gitea/README.md
View file

@ -1,23 +1,23 @@
# gitea
# forgejo
A relatively light-weight git server hosting.
## Defaults
```
gitea_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
forgejo_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
```
The on-target directory where the proxy configuration file should be stashed.
```
gitea_use_https: true
forgejo_use_https: true
```
Whether the service should be reachable through http (port 80) or through https (port 443) and provision an https certificate. Usually you will want this to stay `true`.
```
gitea_version: latest
forgejo_version: latest
```
The docker image version to be used in stack creation.
@ -28,14 +28,13 @@ subdomain_alias: git
If the deployed container should be served over a uri that is not the stack name.
By default, it will be set to `git.yourdomain.com` -
if this option is not set it will be served on `gitea.yourdomain.com` instead.
if this option is not set it will be served on `forgejo.yourdomain.com` instead.
For now gitea will still need to be initially set up after installation.
For now forgejo will still need to be initially set up after installation.
This could be automated with the help of these commands:
```sh
docker run --name gitea -p 8080:3000 -e GITEA__security__INSTALL_LOCK=true -d gitea/gitea:1.14.2
$ docker exec gitea migrate
$ docker exec gitea gitea admin user create --admin --username root --password admin1234 --email admin@example.com
docker run --name forgejo -p 8080:3000 -e FORGEJO__security__INSTALL_LOCK=true -d codeberg.org/forgejo/forgejo:7
$ docker exec forgejo migrate
$ docker exec forgejo forgejo admin user create --admin --username root --password admin1234 --email admin@example.com
```

43
roles/gitea/defaults/main.yml
View file

@ -1,33 +1,32 @@
---
# never got around to removing the master tag from the images
gitea_version: latest
forgejo_version: 7
gitea_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
forgejo_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
gitea_use_https: true
forgejo_use_https: true
# the subdomain link gitea will be reachable under
# the subdomain link forgejo will be reachable under
subdomain_alias: git
subdomain_ci_alias: ci
gitea_db_database: gitea
gitea_db_username: gitea
gitea_db_password: gitea
forgejo_db_database: forgejo
forgejo_db_username: forgejo
forgejo_db_password: forgejo
gitea_app_admin_username: Mygiteausername # can not be set to admin in Gitea
gitea_app_admin_password: Mygiteapassword
gitea_app_admin_email: myadmin@mydomain.mytld
forgejo_app_admin_username: Myforgejousername # can not be set to admin in Forgejo
forgejo_app_admin_password: Myforgejopassword
forgejo_app_admin_email: myadmin@mydomain.mytld
# gitea_smtp_host: domain.com:port
# gitea_smtp_username: my@username.com
# gitea_smtp_password: <password>
# gitea_smtp_force_tls: false # forces tls if it is on a non-traditional tls port. Overwrites starttls so should generally be off
# forgejo_smtp_host: domain.com:port
# forgejo_smtp_username: my@username.com
# forgejo_smtp_password: <password>
# forgejo_smtp_force_tls: false # forces tls if it is on a non-traditional tls port. Overwrites starttls so should generally be off
gitea_use_ci: false
# gitea_ci_github_client:
# gitea_ci_github_secret:
# gitea_ci_gitlab_client:
# gitea_ci_gitlab_secret:
# gitea_ci_gitea_client:
# gitea_ci_gitea_secret:
forgejo_use_ci: false
# forgejo_ci_github_client:
# forgejo_ci_github_secret:
# forgejo_ci_gitlab_client:
# forgejo_ci_gitlab_secret:
# forgejo_ci_forgejo_client:
# forgejo_ci_forgejo_secret:

0
roles/gitea/files/gitea → roles/gitea/files/forgejo
View file

38
roles/gitea/handlers/main.yml
View file

@ -1,36 +1,36 @@
- name: Add admin user
community.docker.docker_container_exec:
container: "{{ gitea_app_container_name['stdout'] }}"
container: "{{ forgejo_app_container_name['stdout'] }}"
command: >
gitea admin user create --admin --username {{ gitea_app_admin_username }} --password {{ gitea_app_admin_password }} --email {{ gitea_app_admin_email }}
forgejo admin user create --admin --username {{ forgejo_app_admin_username }} --password {{ forgejo_app_admin_password }} --email {{ forgejo_app_admin_email }}
user: git
become: true
listen: "no admin user"
## Register reverse proxy
- name: Ensure upstream directory exists
- name: Upstream directory exists
ansible.builtin.file:
path: "{{ gitea_upstream_file_dir }}"
path: "{{ forgejo_upstream_file_dir }}"
state: directory
mode: "0755"
become: true
listen: "update gitea upstream"
listen: "update forgejo upstream"
- name: Update upstream template
ansible.builtin.template:
src: upstream.json.j2
dest: "{{ gitea_upstream_file_dir }}/upstream.json"
dest: "{{ forgejo_upstream_file_dir }}/upstream.json"
mode: "0600"
become: true
listen: "update gitea upstream"
listen: "update forgejo upstream"
- name: Update ci upstream template
ansible.builtin.template:
src: upstream_ci.json.j2
dest: "{{ gitea_upstream_file_dir }}/upstream_ci.json"
dest: "{{ forgejo_upstream_file_dir }}/upstream_ci.json"
mode: "0600"
become: true
listen: "update gitea upstream"
listen: "update forgejo upstream"
# figure out if upstream id exists
- name: check {{ stack_name }} upstream
@ -41,7 +41,7 @@
changed_when: False
register: result
become: true
listen: "update gitea upstream"
listen: "update forgejo upstream"
# upstream already exists, patch it
- name: remove old {{ stack_name }} upstream
@ -51,16 +51,16 @@
curl -X DELETE localhost:2019/id/{{ stack_name }}_upstream/
become: true
when: (result.stdout | from_json)['error'] is not defined
listen: "update gitea upstream"
listen: "update forgejo upstream"
# upstream has to be created
- name: add {{ stack_name }} upstream
community.docker.docker_container_exec:
container: "{{ caddy_container_id }}"
command: >
curl -X POST -H "Content-Type: application/json" -d @{{ gitea_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (gitea_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/
curl -X POST -H "Content-Type: application/json" -d @{{ forgejo_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (forgejo_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/
become: true
listen: "update gitea upstream"
listen: "update forgejo upstream"
# figure out if upstream id exists
- name: check {{ stack_name }}_ci upstream
@ -71,7 +71,7 @@
changed_when: False
register: result
become: true
listen: "update gitea upstream"
listen: "update forgejo upstream"
# upstream for ci already exists, patch it
- name: remove old {{ stack_name }}_ci upstream
@ -81,20 +81,20 @@
curl -X DELETE localhost:2019/id/{{ stack_name }}_ci_upstream/
become: true
when: (result.stdout | from_json)['error'] is not defined
listen: "update gitea upstream"
listen: "update forgejo upstream"
# upstream for ci has to be created
- name: add {{ stack_name }}_ci upstream
community.docker.docker_container_exec:
container: "{{ caddy_container_id }}"
command: >
curl -X POST -H "Content-Type: application/json" -d @{{ gitea_upstream_file_dir }}/upstream_ci.json localhost:2019/config/apps/http/servers/{{ (gitea_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/
curl -X POST -H "Content-Type: application/json" -d @{{ forgejo_upstream_file_dir }}/upstream_ci.json localhost:2019/config/apps/http/servers/{{ (forgejo_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/
become: true
listen: "update gitea upstream"
listen: "update forgejo upstream"
- name: Ensure upstream directory is gone again
ansible.builtin.file:
path: "{{ gitea_upstream_file_dir }}"
path: "{{ forgejo_upstream_file_dir }}"
state: absent
become: true
listen: "update gitea upstream"
listen: "update forgejo upstream"

1
roles/gitea/meta/main.yml
View file

@ -13,4 +13,3 @@ galaxy_info:
dependencies:
- docker
- docker-swarm
- caddy

59
roles/gitea/tasks/main.yml
View file

@ -8,48 +8,55 @@
- "{{ ansible_os_family }}.yml"
loop_control:
loop_var: distribution
when: gitea_use_ci == True
when: forgejo_use_ci == True
# TODO only generate when no existing (check with docker inspect?)
- name: Generate agent key
ansible.builtin.shell: openssl rand -hex 32
register: gitea_woodpecker_agent_secret
when: gitea_use_ci == True
register: forgejo_woodpecker_agent_secret
when: forgejo_use_ci == True
- name: Set agent key
ansible.builtin.set_fact:
gitea_woodpecker_agent_secret: "{{ gitea_woodpecker_agent_secret.stdout }}"
when: gitea_woodpecker_agent_secret.stdout is not undefined and not None
forgejo_woodpecker_agent_secret: "{{ forgejo_woodpecker_agent_secret.stdout }}"
when: forgejo_woodpecker_agent_secret.stdout is not undefined and not None
## Prepare gitea
## Prepare forgejo
- name: Ensure git user exists with ssh key
ansible.builtin.user:
name: "{{ gitea_git_username }}"
name: "{{ forgejo_git_username }}"
generate_ssh_key: yes
ssh_key_type: rsa
ssh_key_bits: 4096
ssh_key_comment: "Gitea Host Key"
ssh_key_comment: "Forgejo Host Key"
become: true
register: git_user
- name: Ensure git passthrough command directory exists
ansible.builtin.file:
path: "/app/gitea/"
path: "/app/forgejo/"
state: directory
mode: '0770'
owner: "{{ git_user['uid'] }}"
group: "{{ git_user['group'] }}"
become: true
- name: Save git passthrough command in right location
- name: Passthrough git command is in right location
ansible.builtin.copy:
src: gitea
dest: "/app/gitea/gitea"
src: forgejo
dest: "/app/forgejo/forgejo"
owner: "{{ git_user['uid'] }}"
group: "{{ git_user['group'] }}"
mode: '0750'
become: true
- name: Host machine forgejo command points to passthrough command
ansible.builtin.file:
state: link
src: "/app/forgejo/forgejo"
dest: "/usr/local/bin/forgejo"
become: true
- name: Fetch keyfile
fetch:
src: "{{ git_user['home'] }}/.ssh/id_rsa.pub"
@ -70,7 +77,7 @@
state: absent
delegate_to: localhost
## install gitea container
## install forgejo container
- name: Check upstream status
community.docker.docker_container_exec:
container: "{{ caddy_container_id }}"
@ -79,9 +86,9 @@
register: result
changed_when: (result.stdout | from_json) != (lookup('template', 'upstream.json.j2') | from_yaml)
become: true
notify: "update gitea upstream"
notify: "update forgejo upstream"
- name: Deploy gitea to swarm
- name: Deploy forgejo to swarm
community.general.docker_stack:
name: "{{ stack_name }}"
state: present
@ -91,35 +98,35 @@
become: true
tags:
- docker-swarm
register: gitea_deployment
notify: "update gitea upstream"
register: forgejo_deployment
notify: "update forgejo upstream"
- name: Wait a minute for gitea to become healthy
- name: Wait a minute for forgejo to become healthy
wait_for:
timeout: 55
delegate_to: localhost
when: gitea_deployment is changed
when: forgejo_deployment is changed
- name: Get app container info
ansible.builtin.command:
cmd: docker ps -q -f name={{ stack_name }}_app
become: true
until: gitea_app_container_name['rc'] | default('') == 0 and gitea_app_container_name['stdout'] | length >= 1
until: forgejo_app_container_name['rc'] | default('') == 0 and forgejo_app_container_name['stdout'] | length >= 1
retries: 10
delay: 10
changed_when: False
register: gitea_app_container_name
register: forgejo_app_container_name
- name: Look for existing admin user
community.docker.docker_container_exec:
container: "{{ gitea_app_container_name['stdout'] }}"
container: "{{ forgejo_app_container_name['stdout'] }}"
user: git
command: >
gitea admin user list --admin
until: gitea_admin_list is defined and gitea_admin_list['rc'] | default('') == 0
forgejo admin user list --admin
until: forgejo_admin_list is defined and forgejo_admin_list['rc'] | default('') == 0
retries: 15
delay: 20
become: true
register: gitea_admin_list
changed_when: gitea_admin_list['stdout_lines'] | length <= 1 and 'Username' in gitea_admin_list['stdout']
register: forgejo_admin_list
changed_when: forgejo_admin_list['stdout_lines'] | length <= 1 and 'Username' in forgejo_admin_list['stdout']
notify: "no admin user"

80
roles/gitea/templates/docker-stack.yml.j2
View file

@ -2,7 +2,7 @@ version: '3.4'
services:
app:
image: "{{ stack_image }}:{{ gitea_version }}"
image: "{{ stack_image }}:{{ forgejo_version }}"
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "127.0.0.1:3000"]
interval: 1m
@ -17,27 +17,27 @@ services:
environment:
- USER_UID={{ git_user['uid'] }}
- USER_GID={{ git_user['group'] }}
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=db:5432
- GITEA__database__NAME={{ gitea_db_database }}
- GITEA__database__USER={{ gitea_db_username }}
- GITEA__database__PASSWD={{ gitea_db_password }}
- "GITEA__server__ROOT_URL={{ (gitea_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_alias is not undefined and not none) | ternary(subdomain_alias, stack_name) }}.{{server_domain}}"
- "GITEA__server__SSH_DOMAIN={{ server_domain }}"
- GITEA__server__LANDINGPAGE=explore
- GITEA__service__DISABLE_REGISTRATION=true
{% if gitea_app_admin_username is not undefined and not None and gitea_app_admin_password is not undefined and not None %}
- GITEA__security__INSTALL_LOCK=true
- FORGEJO__database__DB_TYPE=postgres
- FORGEJO__database__HOST=db:5432
- "FORGEJO__database__NAME={{ forgejo_db_database }}"
- "FORGEJO__database__USER={{ forgejo_db_username }}"
- "FORGEJO__database__PASSWD={{ forgejo_db_password }}"
- "FORGEJO__server__ROOT_URL={{ (forgejo_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_alias is not undefined and not none) | ternary(subdomain_alias, stack_name) }}.{{server_domain}}"
- "FORGEJO__server__SSH_DOMAIN={{ (subdomain_alias is not undefined and not none) | ternary(subdomain_alias, stack_name) }}.{{server_domain}}"
- FORGEJO__server__LANDINGPAGE=explore
- FORGEJO__service__DISABLE_REGISTRATION=true
{% if forgejo_app_admin_username is not undefined and not None and forgejo_app_admin_password is not undefined and not None %}
- FORGEJO__security__INSTALL_LOCK=true
{% endif %}
{% if gitea_smtp_host is not undefined and not None and gitea_smtp_username is not undefined and not None and gitea_smtp_password is not undefined and not None %}
- GITEA__mailer__ENABLED=true
- GITEA__service__ENABLE_NOTIFY_MAIL=true
- GITEA__mailer__FROM=gitea@{{ server_domain }}
- GITEA__mailer__TYPE=smtp
- GITEA__mailer__HOST={{ gitea_smtp_host }}
- GITEA__mailer__IS_TLS_ENABLED={{ (gitea_smtp_force_tls is not undefined and not None) | ternary(gitea_smtp_force_tls,'false') }}
- GITEA__mailer__USER={{ gitea_smtp_username }}
- GITEA__mailer__PASSWD={{ gitea_smtp_password }}
{% if forgejo_smtp_host is not undefined and not None and forgejo_smtp_username is not undefined and not None and forgejo_smtp_password is not undefined and not None %}
- FORGEJO__mailer__ENABLED=true
- FORGEJO__service__ENABLE_NOTIFY_MAIL=true
- FORGEJO__mailer__FROM=forgejo@{{ server_domain }}
- FORGEJO__mailer__TYPE=smtp
- FORGEJO__mailer__HOST={{ forgejo_smtp_host }}
- FORGEJO__mailer__IS_TLS_ENABLED={{ (forgejo_smtp_force_tls is not undefined and not None) | ternary(forgejo_smtp_force_tls,'false') }}
- FORGEJO__mailer__USER={{ forgejo_smtp_username }}
- FORGEJO__mailer__PASSWD={{ forgejo_smtp_password }}
{% endif %}
networks:
- "{{ docker_swarm_public_network_name }}"
@ -48,7 +48,7 @@ services:
db:
image: postgres:13
healthcheck:
test: ["CMD", "pg_isready", "-q", "-U", "{{ gitea_db_username }}"]
test: ["CMD", "pg_isready", "-q", "-U", "{{ forgejo_db_username }}"]
interval: 1m
timeout: 10s
retries: 3
@ -58,11 +58,11 @@ services:
networks:
- backend
environment:
- POSTGRES_USER={{ gitea_db_username }}
- POSTGRES_PASSWORD={{ gitea_db_password }}
- POSTGRES_DB={{ gitea_db_database }}
- POSTGRES_USER={{ forgejo_db_username }}
- POSTGRES_PASSWORD={{ forgejo_db_password }}
- POSTGRES_DB={{ forgejo_db_database }}
{% if gitea_use_ci %}
{% if forgejo_use_ci %}
wp-server:
image: woodpeckerci/woodpecker-server:latest
networks:
@ -72,23 +72,23 @@ services:
- woodpecker:/var/lib/woodpecker/
environment:
- WOODPECKER_OPEN=true
- "WOODPECKER_HOST={{ (gitea_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_ci_alias is not undefined and not none) | ternary(subdomain_ci_alias, stack_name + '_ci') }}.{{server_domain}}"
- WOODPECKER_AGENT_SECRET={{ gitea_woodpecker_agent_secret }}
{% if gitea_ci_github_client is not undefined and not None and gitea_ci_github_secret is not undefined and not None %}
- "WOODPECKER_HOST={{ (forgejo_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_ci_alias is not undefined and not none) | ternary(subdomain_ci_alias, stack_name + '_ci') }}.{{server_domain}}"
- WOODPECKER_AGENT_SECRET={{ forgejo_woodpecker_agent_secret }}
{% if forgejo_ci_github_client is not undefined and not None and forgejo_ci_github_secret is not undefined and not None %}
- WOODPECKER_GITHUB=true
- WOODPECKER_GITHUB_CLIENT={{ gitea_ci_github_client }}
- WOODPECKER_GITHUB_SECRET={{ gitea_ci_github_secret }}
- WOODPECKER_GITHUB_CLIENT={{ forgejo_ci_github_client }}
- WOODPECKER_GITHUB_SECRET={{ forgejo_ci_github_secret }}
{% endif %}
{% if gitea_ci_gitlab_client is not undefined and not None and gitea_ci_gitlab_secret is not undefined and not None %}
{% if forgejo_ci_gitlab_client is not undefined and not None and forgejo_ci_gitlab_secret is not undefined and not None %}
- WOODPECKER_GITLAB=true
- WOODPECKER_gitlab_CLIENT={{ gitea_ci_gitlab_client }}
- WOODPECKER_gitlab_SECRET={{ gitea_ci_gitlab_secret }}
- WOODPECKER_gitlab_CLIENT={{ forgejo_ci_gitlab_client }}
- WOODPECKER_gitlab_SECRET={{ forgejo_ci_gitlab_secret }}
{% endif %}
{% if gitea_ci_gitea_client is not undefined and not None and gitea_ci_gitea_secret is not undefined and not None %}
- WOODPECKER_GITEA=true
- "WOODPECKER_GITEA_URL={{ (gitea_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_alias is not undefined and not none) | ternary(subdomain_alias, stack_name) }}.{{server_domain}}"
- WOODPECKER_GITEA_CLIENT={{ gitea_ci_gitea_client }}
- WOODPECKER_GITEA_SECRET={{ gitea_ci_gitea_secret }}
{% if forgejo_ci_forgejo_client is not undefined and not None and forgejo_ci_forgejo_secret is not undefined and not None %}
- WOODPECKER_FORGEJO=true
- "WOODPECKER_FORGEJO_URL={{ (forgejo_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_alias is not undefined and not none) | ternary(subdomain_alias, stack_name) }}.{{server_domain}}"
- WOODPECKER_FORGEJO_CLIENT={{ forgejo_ci_forgejo_client }}
- WOODPECKER_FORGEJO_SECRET={{ forgejo_ci_forgejo_secret }}
{% endif %}
wp-agent:
@ -100,7 +100,7 @@ services:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- WOODPECKER_SERVER=wp-server:9000
- WOODPECKER_AGENT_SECRET={{ gitea_woodpecker_agent_secret }}
- WOODPECKER_AGENT_SECRET={{ forgejo_woodpecker_agent_secret }}
{% endif %}
volumes:

6
roles/gitea/vars/main.yml
View file

@ -1,9 +1,9 @@
---
stack_name: gitea
stack_name: forgejo
stack_image: "gitea/gitea"
stack_image: "codeberg.org/forgejo/forgejo"
stack_compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"
gitea_git_username: git
forgejo_git_username: git