Coding/ansible-collection-forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-collection-forgejo/roles/forgejo/tasks/main.yml

121 lines
3.8 KiB
YAML
Raw Permalink Normal View History

Initial version of the forgejo collection * Forgejo role for quick deployment in podman * Forgejo_OAuth module to manage authentication source Signed-off-by: Nis Wechselberg <enbewe@enbewe.de>
2024-06-23 15:23:51 +02:00
---
# Basic stuff
- name: 'Install required software'
become: true
ansible.builtin.apt:
name: 'podman'
state: 'present'
- name: 'Create podman network for forgejo deployment'
become: true
containers.podman.podman_network:
name: '{{ forgejo_network_name }}'
state: 'present'
- name: 'Create the volume for database storage'
become: true
containers.podman.podman_volume:
name: '{{ item }}'
state: 'present'
loop:
- '{{ forgejo_db_volume_name }}'
- '{{ forgejo_app_volume_name }}'
# Database
- name: 'Create config for database for forgejo'
become: true
ansible.builtin.template:
src: 'systemd/container-forgejo-db.service.j2'
dest: '/etc/systemd/system/container-forgejo-db.service'
owner: 'root'
group: 'root'
mode: 'u=rw,g=r,o=r'
- name: 'Start and enable forgejo-db service'
become: true
ansible.builtin.systemd:
name: 'container-forgejo-db.service'
state: 'started'
enabled: true
daemon_reload: true
# Application
- name: 'Prepare config location'
become: true
ansible.builtin.file:
path: '{{ item }}'
state: 'directory'
owner: 'root'
group: 'root'
mode: 'u=rwx,g=rx,o=rx'
loop:
- '/srv/git/conf/'
- '/srv/git/custom/templates/user/auth'
- name: 'Deploy application config'
become: true
ansible.builtin.template:
src: 'forgejo/forgejo.ini'
dest: '/srv/git/conf/forgejo.ini'
owner: 'root'
group: 'root'
mode: 'u=rw,g=r,o=r'
notify: 'Restart forgejo container'
- name: 'Write customized login page'
become: true
ansible.builtin.copy:
src: 'forgejo/templates/user/auth/signin_inner.tmpl'
dest: '/srv/git/custom/templates/user/auth/signin_inner.tmpl'
owner: 'root'
group: 'root'
mode: 'u=rw,g=r,o=r'
notify: 'Restart forgejo container'
- name: 'Create service for forgejo'
become: true
ansible.builtin.template:
src: 'systemd/container-forgejo-app.service.j2'
dest: '/etc/systemd/system/container-forgejo-app.service'
owner: 'root'
group: 'root'
mode: 'u=rw,g=r,o=r'
notify: 'Restart forgejo container'
- name: 'Start and enable forgejo-app service'
become: true
ansible.builtin.systemd:
name: 'container-forgejo-app.service'
state: 'started'
enabled: true
daemon_reload: true
# Authentication source
- name: 'Configure forgejo authentication source'
become: true
when: forgejo_sso_create_source
enbewe.forgejo.forgejo_oauth:
state: 'present'
update: '{{ forgejo_sso_update | default(false) }}'
name: '{{ forgejo_sso_name }}'
provider: '{{ forgejo_sso_provider }}'
key: '{{ forgejo_sso_key }}'
secret: '{{ forgejo_sso_secret }}'
auto_discover_url: '{{ forgejo_sso_auto_discover_url | default("") }}'
use_custom_urls: '{{ forgejo_sso_use_custom_urls | default(false) }}'
custom_tenant_id: '{{ forgejo_sso_custom_tenant_id | default("") }}'
custom_auth_url: '{{ forgejo_sso_custom_auth_url | default("") }}'
custom_token_url: '{{ forgejo_sso_custom_token_url | default("") }}'
custom_profile_url: '{{ forgejo_sso_custom_profile_url | default("") }}'
custom_email_url: '{{ forgejo_sso_custom_email_url | default("") }}'
icon_url: '{{ forgejo_sso_icon_url | default("") }}'
skip_local_2fa: '{{ forgejo_sso_skip_local_2fa | default(true) }}'
scopes: '{{ forgejo_sso_scopes | default("") }}'
required_claim_name: '{{ forgejo_sso_required_claim_name | default("") }}'
required_claim_value: '{{ forgejo_sso_required_claim_value | default("") }}'
group_claim_name: '{{ forgejo_sso_group_claim_name | default("") }}'
admin_group: '{{ forgejo_sso_admin_group | default("") }}'
restricted_group: '{{ forgejo_sso_restricted_group | default("") }}'
group_team_map: '{{ forgejo_sso_group_team_map | default("") }}'
group_team_map_removal: '{{ forgejo_sso_group_team_map_removal | default(false) }}'
Reference in a new issue Copy permalink