104 lines
2.3 KiB
YAML
104 lines
2.3 KiB
YAML
---
|
|
|
|
- name: Install dependencies
|
|
ansible.builtin.apt:
|
|
name:
|
|
- git
|
|
- xq
|
|
state: present
|
|
|
|
- name: Install nginx site
|
|
ansible.builtin.template:
|
|
src: nginx-site.conf
|
|
dest: /etc/nginx/sites-available/forgejo
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: reload nginx
|
|
|
|
- name: Enable nginx site
|
|
ansible.builtin.file:
|
|
src: /etc/nginx/sites-available/forgejo
|
|
dest: /etc/nginx/sites-enabled/forgejo
|
|
state: link
|
|
notify: reload nginx
|
|
|
|
- name: Create user
|
|
ansible.builtin.user:
|
|
name: "{{ git_server_user }}"
|
|
home: "{{ git_server_working_dir }}"
|
|
shell: /bin/bash
|
|
comment: Git server
|
|
|
|
- name: Create logging dir
|
|
ansible.builtin.file:
|
|
state: directory
|
|
path: /var/log/forgejo
|
|
owner: "{{ git_server_user }}"
|
|
group: "{{ git_server_user }}"
|
|
mode: 0755
|
|
|
|
|
|
# TODO: Install initial config
|
|
|
|
- name: Install service file
|
|
ansible.builtin.template:
|
|
src: forgejo.service
|
|
dest: /etc/systemd/system/forgejo.service
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: reload forgejo
|
|
|
|
- name: Install update script
|
|
ansible.builtin.template:
|
|
src: update.sh
|
|
dest: "{{ git_server_working_dir }}/update.sh"
|
|
owner: "{{ git_server_user }}"
|
|
group: "{{ git_server_user }}"
|
|
mode: 0755
|
|
|
|
- name: Perform initial update
|
|
ansible.builtin.command: "{{ git_server_working_dir }}/update.sh"
|
|
args:
|
|
creates: "{{ git_server_working_dir }}/forgejo"
|
|
notify: reload forgejo
|
|
|
|
- name: Enable service
|
|
ansible.builtin.systemd:
|
|
name: forgejo
|
|
enabled: yes
|
|
daemon_reload: true
|
|
|
|
- name: Start service
|
|
ansible.builtin.systemd:
|
|
name: forgejo
|
|
state: started
|
|
daemon_reload: true
|
|
|
|
- name: Install cronjob
|
|
ansible.builtin.template:
|
|
src: cronjob
|
|
dest: /etc/cron.d/forgejo
|
|
|
|
- name: Allow Git SSH, HTTP and HTTPS
|
|
ansible.builtin.iptables:
|
|
chain: INPUT
|
|
protocol: tcp
|
|
destination_port: "{{ item.port }}"
|
|
ctstate: NEW
|
|
jump: ACCEPT
|
|
ip_version: "{{ item.ip }}"
|
|
action: insert
|
|
with_items:
|
|
- { ip: ipv4, port: 80 }
|
|
- { ip: ipv4, port: 22 }
|
|
- { ip: ipv4, port: 443 }
|
|
- { ip: ipv6, port: 80 }
|
|
- { ip: ipv6, port: 22 }
|
|
- { ip: ipv6, port: 443 }
|
|
notify: persist iptables
|
|
when: not nft | bool
|
|
|
|
- ansible.builtin.debug:
|
|
msg: If Forgejo has not been setup yet, please do so manually.
|