diff --git a/roles/gitea/README.md b/roles/gitea/README.md index 60a0b99..63fbbb8 100644 --- a/roles/gitea/README.md +++ b/roles/gitea/README.md @@ -1,23 +1,23 @@ -# gitea +# forgejo A relatively light-weight git server hosting. ## Defaults ``` -gitea_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}" +forgejo_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}" ``` The on-target directory where the proxy configuration file should be stashed. ``` -gitea_use_https: true +forgejo_use_https: true ``` Whether the service should be reachable through http (port 80) or through https (port 443) and provision an https certificate. Usually you will want this to stay `true`. ``` -gitea_version: latest +forgejo_version: latest ``` The docker image version to be used in stack creation. @@ -28,14 +28,13 @@ subdomain_alias: git If the deployed container should be served over a uri that is not the stack name. By default, it will be set to `git.yourdomain.com` - -if this option is not set it will be served on `gitea.yourdomain.com` instead. +if this option is not set it will be served on `forgejo.yourdomain.com` instead. -For now gitea will still need to be initially set up after installation. +For now forgejo will still need to be initially set up after installation. This could be automated with the help of these commands: ```sh -docker run --name gitea -p 8080:3000 -e GITEA__security__INSTALL_LOCK=true -d gitea/gitea:1.14.2 - -$ docker exec gitea migrate -$ docker exec gitea gitea admin user create --admin --username root --password admin1234 --email admin@example.com +docker run --name forgejo -p 8080:3000 -e FORGEJO__security__INSTALL_LOCK=true -d codeberg.org/forgejo/forgejo:7 +$ docker exec forgejo migrate +$ docker exec forgejo forgejo admin user create --admin --username root --password admin1234 --email admin@example.com ``` diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 1bace83..4eb6702 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -1,33 +1,32 @@ --- -# never got around to removing the master tag from the images -gitea_version: latest +forgejo_version: 7 -gitea_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}" +forgejo_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}" -gitea_use_https: true +forgejo_use_https: true -# the subdomain link gitea will be reachable under +# the subdomain link forgejo will be reachable under subdomain_alias: git subdomain_ci_alias: ci -gitea_db_database: gitea -gitea_db_username: gitea -gitea_db_password: gitea +forgejo_db_database: forgejo +forgejo_db_username: forgejo +forgejo_db_password: forgejo -gitea_app_admin_username: Mygiteausername # can not be set to admin in Gitea -gitea_app_admin_password: Mygiteapassword -gitea_app_admin_email: myadmin@mydomain.mytld +forgejo_app_admin_username: Myforgejousername # can not be set to admin in Forgejo +forgejo_app_admin_password: Myforgejopassword +forgejo_app_admin_email: myadmin@mydomain.mytld -# gitea_smtp_host: domain.com:port -# gitea_smtp_username: my@username.com -# gitea_smtp_password: -# gitea_smtp_force_tls: false # forces tls if it is on a non-traditional tls port. Overwrites starttls so should generally be off +# forgejo_smtp_host: domain.com:port +# forgejo_smtp_username: my@username.com +# forgejo_smtp_password: +# forgejo_smtp_force_tls: false # forces tls if it is on a non-traditional tls port. Overwrites starttls so should generally be off -gitea_use_ci: false -# gitea_ci_github_client: -# gitea_ci_github_secret: -# gitea_ci_gitlab_client: -# gitea_ci_gitlab_secret: -# gitea_ci_gitea_client: -# gitea_ci_gitea_secret: +forgejo_use_ci: false +# forgejo_ci_github_client: +# forgejo_ci_github_secret: +# forgejo_ci_gitlab_client: +# forgejo_ci_gitlab_secret: +# forgejo_ci_forgejo_client: +# forgejo_ci_forgejo_secret: diff --git a/roles/gitea/files/gitea b/roles/gitea/files/forgejo similarity index 100% rename from roles/gitea/files/gitea rename to roles/gitea/files/forgejo diff --git a/roles/gitea/handlers/main.yml b/roles/gitea/handlers/main.yml index 1c82409..d3e8b18 100644 --- a/roles/gitea/handlers/main.yml +++ b/roles/gitea/handlers/main.yml @@ -1,36 +1,36 @@ - name: Add admin user community.docker.docker_container_exec: - container: "{{ gitea_app_container_name['stdout'] }}" + container: "{{ forgejo_app_container_name['stdout'] }}" command: > - gitea admin user create --admin --username {{ gitea_app_admin_username }} --password {{ gitea_app_admin_password }} --email {{ gitea_app_admin_email }} + forgejo admin user create --admin --username {{ forgejo_app_admin_username }} --password {{ forgejo_app_admin_password }} --email {{ forgejo_app_admin_email }} user: git become: true listen: "no admin user" ## Register reverse proxy -- name: Ensure upstream directory exists +- name: Upstream directory exists ansible.builtin.file: - path: "{{ gitea_upstream_file_dir }}" + path: "{{ forgejo_upstream_file_dir }}" state: directory mode: "0755" become: true - listen: "update gitea upstream" + listen: "update forgejo upstream" - name: Update upstream template ansible.builtin.template: src: upstream.json.j2 - dest: "{{ gitea_upstream_file_dir }}/upstream.json" + dest: "{{ forgejo_upstream_file_dir }}/upstream.json" mode: "0600" become: true - listen: "update gitea upstream" + listen: "update forgejo upstream" - name: Update ci upstream template ansible.builtin.template: src: upstream_ci.json.j2 - dest: "{{ gitea_upstream_file_dir }}/upstream_ci.json" + dest: "{{ forgejo_upstream_file_dir }}/upstream_ci.json" mode: "0600" become: true - listen: "update gitea upstream" + listen: "update forgejo upstream" # figure out if upstream id exists - name: check {{ stack_name }} upstream @@ -41,7 +41,7 @@ changed_when: False register: result become: true - listen: "update gitea upstream" + listen: "update forgejo upstream" # upstream already exists, patch it - name: remove old {{ stack_name }} upstream @@ -51,16 +51,16 @@ curl -X DELETE localhost:2019/id/{{ stack_name }}_upstream/ become: true when: (result.stdout | from_json)['error'] is not defined - listen: "update gitea upstream" + listen: "update forgejo upstream" # upstream has to be created - name: add {{ stack_name }} upstream community.docker.docker_container_exec: container: "{{ caddy_container_id }}" command: > - curl -X POST -H "Content-Type: application/json" -d @{{ gitea_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (gitea_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ + curl -X POST -H "Content-Type: application/json" -d @{{ forgejo_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (forgejo_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ become: true - listen: "update gitea upstream" + listen: "update forgejo upstream" # figure out if upstream id exists - name: check {{ stack_name }}_ci upstream @@ -71,7 +71,7 @@ changed_when: False register: result become: true - listen: "update gitea upstream" + listen: "update forgejo upstream" # upstream for ci already exists, patch it - name: remove old {{ stack_name }}_ci upstream @@ -81,20 +81,20 @@ curl -X DELETE localhost:2019/id/{{ stack_name }}_ci_upstream/ become: true when: (result.stdout | from_json)['error'] is not defined - listen: "update gitea upstream" + listen: "update forgejo upstream" # upstream for ci has to be created - name: add {{ stack_name }}_ci upstream community.docker.docker_container_exec: container: "{{ caddy_container_id }}" command: > - curl -X POST -H "Content-Type: application/json" -d @{{ gitea_upstream_file_dir }}/upstream_ci.json localhost:2019/config/apps/http/servers/{{ (gitea_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ + curl -X POST -H "Content-Type: application/json" -d @{{ forgejo_upstream_file_dir }}/upstream_ci.json localhost:2019/config/apps/http/servers/{{ (forgejo_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ become: true - listen: "update gitea upstream" + listen: "update forgejo upstream" - name: Ensure upstream directory is gone again ansible.builtin.file: - path: "{{ gitea_upstream_file_dir }}" + path: "{{ forgejo_upstream_file_dir }}" state: absent become: true - listen: "update gitea upstream" + listen: "update forgejo upstream" diff --git a/roles/gitea/meta/main.yml b/roles/gitea/meta/main.yml index da07f4a..727f63b 100644 --- a/roles/gitea/meta/main.yml +++ b/roles/gitea/meta/main.yml @@ -13,4 +13,3 @@ galaxy_info: dependencies: - docker - docker-swarm - - caddy diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index e0fce1d..3c85e01 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -8,48 +8,55 @@ - "{{ ansible_os_family }}.yml" loop_control: loop_var: distribution - when: gitea_use_ci == True + when: forgejo_use_ci == True # TODO only generate when no existing (check with docker inspect?) - name: Generate agent key ansible.builtin.shell: openssl rand -hex 32 - register: gitea_woodpecker_agent_secret - when: gitea_use_ci == True + register: forgejo_woodpecker_agent_secret + when: forgejo_use_ci == True - name: Set agent key ansible.builtin.set_fact: - gitea_woodpecker_agent_secret: "{{ gitea_woodpecker_agent_secret.stdout }}" - when: gitea_woodpecker_agent_secret.stdout is not undefined and not None + forgejo_woodpecker_agent_secret: "{{ forgejo_woodpecker_agent_secret.stdout }}" + when: forgejo_woodpecker_agent_secret.stdout is not undefined and not None -## Prepare gitea +## Prepare forgejo - name: Ensure git user exists with ssh key ansible.builtin.user: - name: "{{ gitea_git_username }}" + name: "{{ forgejo_git_username }}" generate_ssh_key: yes ssh_key_type: rsa ssh_key_bits: 4096 - ssh_key_comment: "Gitea Host Key" + ssh_key_comment: "Forgejo Host Key" become: true register: git_user - name: Ensure git passthrough command directory exists ansible.builtin.file: - path: "/app/gitea/" + path: "/app/forgejo/" state: directory mode: '0770' owner: "{{ git_user['uid'] }}" group: "{{ git_user['group'] }}" become: true -- name: Save git passthrough command in right location +- name: Passthrough git command is in right location ansible.builtin.copy: - src: gitea - dest: "/app/gitea/gitea" + src: forgejo + dest: "/app/forgejo/forgejo" owner: "{{ git_user['uid'] }}" group: "{{ git_user['group'] }}" mode: '0750' become: true +- name: Host machine forgejo command points to passthrough command + ansible.builtin.file: + state: link + src: "/app/forgejo/forgejo" + dest: "/usr/local/bin/forgejo" + become: true + - name: Fetch keyfile fetch: src: "{{ git_user['home'] }}/.ssh/id_rsa.pub" @@ -70,7 +77,7 @@ state: absent delegate_to: localhost -## install gitea container +## install forgejo container - name: Check upstream status community.docker.docker_container_exec: container: "{{ caddy_container_id }}" @@ -79,9 +86,9 @@ register: result changed_when: (result.stdout | from_json) != (lookup('template', 'upstream.json.j2') | from_yaml) become: true - notify: "update gitea upstream" + notify: "update forgejo upstream" -- name: Deploy gitea to swarm +- name: Deploy forgejo to swarm community.general.docker_stack: name: "{{ stack_name }}" state: present @@ -91,35 +98,35 @@ become: true tags: - docker-swarm - register: gitea_deployment - notify: "update gitea upstream" + register: forgejo_deployment + notify: "update forgejo upstream" -- name: Wait a minute for gitea to become healthy +- name: Wait a minute for forgejo to become healthy wait_for: timeout: 55 delegate_to: localhost - when: gitea_deployment is changed + when: forgejo_deployment is changed - name: Get app container info ansible.builtin.command: cmd: docker ps -q -f name={{ stack_name }}_app become: true - until: gitea_app_container_name['rc'] | default('') == 0 and gitea_app_container_name['stdout'] | length >= 1 + until: forgejo_app_container_name['rc'] | default('') == 0 and forgejo_app_container_name['stdout'] | length >= 1 retries: 10 delay: 10 changed_when: False - register: gitea_app_container_name + register: forgejo_app_container_name - name: Look for existing admin user community.docker.docker_container_exec: - container: "{{ gitea_app_container_name['stdout'] }}" + container: "{{ forgejo_app_container_name['stdout'] }}" user: git command: > - gitea admin user list --admin - until: gitea_admin_list is defined and gitea_admin_list['rc'] | default('') == 0 + forgejo admin user list --admin + until: forgejo_admin_list is defined and forgejo_admin_list['rc'] | default('') == 0 retries: 15 delay: 20 become: true - register: gitea_admin_list - changed_when: gitea_admin_list['stdout_lines'] | length <= 1 and 'Username' in gitea_admin_list['stdout'] + register: forgejo_admin_list + changed_when: forgejo_admin_list['stdout_lines'] | length <= 1 and 'Username' in forgejo_admin_list['stdout'] notify: "no admin user" diff --git a/roles/gitea/templates/docker-stack.yml.j2 b/roles/gitea/templates/docker-stack.yml.j2 index fff54a8..5352930 100644 --- a/roles/gitea/templates/docker-stack.yml.j2 +++ b/roles/gitea/templates/docker-stack.yml.j2 @@ -2,7 +2,7 @@ version: '3.4' services: app: - image: "{{ stack_image }}:{{ gitea_version }}" + image: "{{ stack_image }}:{{ forgejo_version }}" healthcheck: test: ["CMD", "wget", "--spider", "-q", "127.0.0.1:3000"] interval: 1m @@ -17,27 +17,27 @@ services: environment: - USER_UID={{ git_user['uid'] }} - USER_GID={{ git_user['group'] }} - - GITEA__database__DB_TYPE=postgres - - GITEA__database__HOST=db:5432 - - GITEA__database__NAME={{ gitea_db_database }} - - GITEA__database__USER={{ gitea_db_username }} - - GITEA__database__PASSWD={{ gitea_db_password }} - - "GITEA__server__ROOT_URL={{ (gitea_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_alias is not undefined and not none) | ternary(subdomain_alias, stack_name) }}.{{server_domain}}" - - "GITEA__server__SSH_DOMAIN={{ server_domain }}" - - GITEA__server__LANDINGPAGE=explore - - GITEA__service__DISABLE_REGISTRATION=true -{% if gitea_app_admin_username is not undefined and not None and gitea_app_admin_password is not undefined and not None %} - - GITEA__security__INSTALL_LOCK=true + - FORGEJO__database__DB_TYPE=postgres + - FORGEJO__database__HOST=db:5432 + - "FORGEJO__database__NAME={{ forgejo_db_database }}" + - "FORGEJO__database__USER={{ forgejo_db_username }}" + - "FORGEJO__database__PASSWD={{ forgejo_db_password }}" + - "FORGEJO__server__ROOT_URL={{ (forgejo_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_alias is not undefined and not none) | ternary(subdomain_alias, stack_name) }}.{{server_domain}}" + - "FORGEJO__server__SSH_DOMAIN={{ (subdomain_alias is not undefined and not none) | ternary(subdomain_alias, stack_name) }}.{{server_domain}}" + - FORGEJO__server__LANDINGPAGE=explore + - FORGEJO__service__DISABLE_REGISTRATION=true +{% if forgejo_app_admin_username is not undefined and not None and forgejo_app_admin_password is not undefined and not None %} + - FORGEJO__security__INSTALL_LOCK=true {% endif %} -{% if gitea_smtp_host is not undefined and not None and gitea_smtp_username is not undefined and not None and gitea_smtp_password is not undefined and not None %} - - GITEA__mailer__ENABLED=true - - GITEA__service__ENABLE_NOTIFY_MAIL=true - - GITEA__mailer__FROM=gitea@{{ server_domain }} - - GITEA__mailer__TYPE=smtp - - GITEA__mailer__HOST={{ gitea_smtp_host }} - - GITEA__mailer__IS_TLS_ENABLED={{ (gitea_smtp_force_tls is not undefined and not None) | ternary(gitea_smtp_force_tls,'false') }} - - GITEA__mailer__USER={{ gitea_smtp_username }} - - GITEA__mailer__PASSWD={{ gitea_smtp_password }} +{% if forgejo_smtp_host is not undefined and not None and forgejo_smtp_username is not undefined and not None and forgejo_smtp_password is not undefined and not None %} + - FORGEJO__mailer__ENABLED=true + - FORGEJO__service__ENABLE_NOTIFY_MAIL=true + - FORGEJO__mailer__FROM=forgejo@{{ server_domain }} + - FORGEJO__mailer__TYPE=smtp + - FORGEJO__mailer__HOST={{ forgejo_smtp_host }} + - FORGEJO__mailer__IS_TLS_ENABLED={{ (forgejo_smtp_force_tls is not undefined and not None) | ternary(forgejo_smtp_force_tls,'false') }} + - FORGEJO__mailer__USER={{ forgejo_smtp_username }} + - FORGEJO__mailer__PASSWD={{ forgejo_smtp_password }} {% endif %} networks: - "{{ docker_swarm_public_network_name }}" @@ -48,7 +48,7 @@ services: db: image: postgres:13 healthcheck: - test: ["CMD", "pg_isready", "-q", "-U", "{{ gitea_db_username }}"] + test: ["CMD", "pg_isready", "-q", "-U", "{{ forgejo_db_username }}"] interval: 1m timeout: 10s retries: 3 @@ -58,11 +58,11 @@ services: networks: - backend environment: - - POSTGRES_USER={{ gitea_db_username }} - - POSTGRES_PASSWORD={{ gitea_db_password }} - - POSTGRES_DB={{ gitea_db_database }} + - POSTGRES_USER={{ forgejo_db_username }} + - POSTGRES_PASSWORD={{ forgejo_db_password }} + - POSTGRES_DB={{ forgejo_db_database }} -{% if gitea_use_ci %} +{% if forgejo_use_ci %} wp-server: image: woodpeckerci/woodpecker-server:latest networks: @@ -72,23 +72,23 @@ services: - woodpecker:/var/lib/woodpecker/ environment: - WOODPECKER_OPEN=true - - "WOODPECKER_HOST={{ (gitea_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_ci_alias is not undefined and not none) | ternary(subdomain_ci_alias, stack_name + '_ci') }}.{{server_domain}}" - - WOODPECKER_AGENT_SECRET={{ gitea_woodpecker_agent_secret }} -{% if gitea_ci_github_client is not undefined and not None and gitea_ci_github_secret is not undefined and not None %} + - "WOODPECKER_HOST={{ (forgejo_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_ci_alias is not undefined and not none) | ternary(subdomain_ci_alias, stack_name + '_ci') }}.{{server_domain}}" + - WOODPECKER_AGENT_SECRET={{ forgejo_woodpecker_agent_secret }} +{% if forgejo_ci_github_client is not undefined and not None and forgejo_ci_github_secret is not undefined and not None %} - WOODPECKER_GITHUB=true - - WOODPECKER_GITHUB_CLIENT={{ gitea_ci_github_client }} - - WOODPECKER_GITHUB_SECRET={{ gitea_ci_github_secret }} + - WOODPECKER_GITHUB_CLIENT={{ forgejo_ci_github_client }} + - WOODPECKER_GITHUB_SECRET={{ forgejo_ci_github_secret }} {% endif %} -{% if gitea_ci_gitlab_client is not undefined and not None and gitea_ci_gitlab_secret is not undefined and not None %} +{% if forgejo_ci_gitlab_client is not undefined and not None and forgejo_ci_gitlab_secret is not undefined and not None %} - WOODPECKER_GITLAB=true - - WOODPECKER_gitlab_CLIENT={{ gitea_ci_gitlab_client }} - - WOODPECKER_gitlab_SECRET={{ gitea_ci_gitlab_secret }} + - WOODPECKER_gitlab_CLIENT={{ forgejo_ci_gitlab_client }} + - WOODPECKER_gitlab_SECRET={{ forgejo_ci_gitlab_secret }} {% endif %} -{% if gitea_ci_gitea_client is not undefined and not None and gitea_ci_gitea_secret is not undefined and not None %} - - WOODPECKER_GITEA=true - - "WOODPECKER_GITEA_URL={{ (gitea_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_alias is not undefined and not none) | ternary(subdomain_alias, stack_name) }}.{{server_domain}}" - - WOODPECKER_GITEA_CLIENT={{ gitea_ci_gitea_client }} - - WOODPECKER_GITEA_SECRET={{ gitea_ci_gitea_secret }} +{% if forgejo_ci_forgejo_client is not undefined and not None and forgejo_ci_forgejo_secret is not undefined and not None %} + - WOODPECKER_FORGEJO=true + - "WOODPECKER_FORGEJO_URL={{ (forgejo_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_alias is not undefined and not none) | ternary(subdomain_alias, stack_name) }}.{{server_domain}}" + - WOODPECKER_FORGEJO_CLIENT={{ forgejo_ci_forgejo_client }} + - WOODPECKER_FORGEJO_SECRET={{ forgejo_ci_forgejo_secret }} {% endif %} wp-agent: @@ -100,7 +100,7 @@ services: - /var/run/docker.sock:/var/run/docker.sock environment: - WOODPECKER_SERVER=wp-server:9000 - - WOODPECKER_AGENT_SECRET={{ gitea_woodpecker_agent_secret }} + - WOODPECKER_AGENT_SECRET={{ forgejo_woodpecker_agent_secret }} {% endif %} volumes: diff --git a/roles/gitea/vars/main.yml b/roles/gitea/vars/main.yml index 8fd0ae4..66bd2c3 100644 --- a/roles/gitea/vars/main.yml +++ b/roles/gitea/vars/main.yml @@ -1,9 +1,9 @@ --- -stack_name: gitea +stack_name: forgejo -stack_image: "gitea/gitea" +stack_image: "codeberg.org/forgejo/forgejo" stack_compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}" -gitea_git_username: git +forgejo_git_username: git