--- - import_tasks: ../../../snippets/common-nginx.yaml - name: Install dependencies apt: name: - git - xq state: present - name: Install nginx site template: src: nginx-site.conf dest: /etc/nginx/sites-available/forgejo owner: root group: root mode: 0644 notify: reload nginx - name: Enable nginx site file: src: /etc/nginx/sites-available/forgejo dest: /etc/nginx/sites-enabled/forgejo state: link notify: reload nginx - name: Create user user: name: "{{ git_server_user }}" home: "{{ git_server_working_dir }}" shell: /bin/bash comment: Git server - name: Create logging dir file: state: directory path: /var/log/forgejo owner: "{{ git_server_user }}" group: "{{ git_server_user }}" mode: 0755 # TODO: Install initial config - name: Install service file template: src: forgejo.service dest: /etc/systemd/system/forgejo.service owner: root group: root mode: 0644 notify: reload forgejo - name: Install update script template: src: update.sh dest: "{{ git_server_working_dir }}/update.sh" owner: "{{ git_server_user }}" group: "{{ git_server_user }}" mode: 0755 - name: Perform initial update command: "{{ git_server_working_dir }}/update.sh" args: creates: "{{ git_server_working_dir }}/forgejo" notify: reload forgejo - name: Enable service systemd: name: forgejo enabled: yes daemon_reload: true - name: Start service systemd: name: forgejo state: started daemon_reload: true - name: Install cronjob template: src: cronjob dest: /etc/cron.d/forgejo - name: Allow Git SSH, HTTP and HTTPS iptables: chain: INPUT protocol: tcp destination_port: "{{ item.port }}" ctstate: NEW jump: ACCEPT ip_version: "{{ item.ip }}" action: insert with_items: - { ip: ipv4, port: 80 } - { ip: ipv4, port: 22 } - { ip: ipv4, port: 443 } - { ip: ipv6, port: 80 } - { ip: ipv6, port: 22 } - { ip: ipv6, port: 443 } notify: persist iptables - debug: msg: If Forgejo has not been setup yet, please do so manually.