ansible/roles/git-server/tasks/main.yaml

---

- name: Install dependencies
  ansible.builtin.apt:
    name:
      - git
      - xq
    state: present

- name: Install nginx site
  ansible.builtin.template:
    src: nginx-site.conf
    dest: /etc/nginx/sites-available/forgejo
    owner: root
    group: root
    mode: 0644
  notify: reload nginx

- name: Enable nginx site
  ansible.builtin.file:
    src: /etc/nginx/sites-available/forgejo
    dest: /etc/nginx/sites-enabled/forgejo
    state: link
  notify: reload nginx

- name: Create user
  ansible.builtin.user:
    name: "{{ git_server_user }}"
    home: "{{ git_server_working_dir }}"
    shell: /bin/bash
    comment: Git server

- name: Create logging dir
  ansible.builtin.file:
    state: directory
    path: /var/log/forgejo
    owner: "{{ git_server_user }}"
    group: "{{ git_server_user }}"
    mode: 0755


# TODO: Install initial config

- name: Install service file
  ansible.builtin.template:
    src: forgejo.service
    dest: /etc/systemd/system/forgejo.service
    owner: root
    group: root
    mode: 0644
  notify: reload forgejo

- name: Install update script
  ansible.builtin.template:
    src: update.sh
    dest: "{{ git_server_working_dir }}/update.sh"
    owner: "{{ git_server_user }}"
    group: "{{ git_server_user }}"
    mode: 0755

- name: Perform initial update
  ansible.builtin.command: "{{ git_server_working_dir }}/update.sh"
  args:
    creates: "{{ git_server_working_dir }}/forgejo"
  notify: reload forgejo

- name: Enable service
  ansible.builtin.systemd:
    name: forgejo
    enabled: yes
    daemon_reload: true

- name: Start service
  ansible.builtin.systemd:
    name: forgejo
    state: started
    daemon_reload: true

- name: Install cronjob
  ansible.builtin.template:
    src: cronjob
    dest: /etc/cron.d/forgejo

- name: Allow Git SSH, HTTP and HTTPS
  ansible.builtin.iptables:
    chain: INPUT
    protocol: tcp
    destination_port: "{{ item.port }}"
    ctstate: NEW
    jump: ACCEPT
    ip_version: "{{ item.ip }}"
    action: insert
  with_items:
    - { ip: ipv4, port: 80 }
    - { ip: ipv4, port: 22 }
    - { ip: ipv4, port: 443 }
    - { ip: ipv6, port: 80 }
    - { ip: ipv6, port: 22 }
    - { ip: ipv6, port: 443 }
  notify: persist iptables
  when: not nft | bool

- ansible.builtin.debug:
    msg: If Forgejo has not been setup yet, please do so manually.