--- # Basic stuff - name: 'Install required software' become: true ansible.builtin.apt: name: 'podman' state: 'present' - name: 'Create forgejo podman network' become: true containers.podman.podman_network: name: '{{ forgejo_network_name }}' state: 'quadlet' notify: - 'Reload forgejo services' - 'Restart forgejo network' - name: 'Create forgejo volumes' become: true containers.podman.podman_volume: name: '{{ item }}' state: 'quadlet' loop: - '{{ forgejo_db_volume_name }}' - '{{ forgejo_app_volume_name }}' notify: - 'Reload forgejo services' - 'Restart forgejo volumes' - name: 'Define forgejo-db image' become: true containers.podman.podman_image: name: '{{ forgejo_db_image_name }}:{{ forgejo_db_image_tag }}' quadlet_filename: 'forgejo-db' state: 'quadlet' notify: - 'Reload forgejo services' - 'Restart forgejo-db image' - name: 'Create forgejo-db container' become: true containers.podman.podman_container: name: 'forgejo-db' image: 'forgejo-db.image' network: '{{ forgejo_network_name }}.network' state: 'quadlet' volume: - '{{ forgejo_db_volume_name }}.volume:/var/lib/postgresql/data/' env: POSTGRES_DB: '{{ forgejo_db_database }}' POSTGRES_USER: '{{ forgejo_db_user }}' POSTGRES_PASSWORD: '{{ forgejo_db_password }}' quadlet_options: | [Install] WantedBy=default.target [Unit] Requires={{ forgejo_network_name }}-network.service Requires={{ forgejo_db_volume_name }}-volume.service After={{ forgejo_network_name }}-network.service After={{ forgejo_db_volume_name }}-volume.service notify: - 'Reload forgejo services' - 'Restart forgejo-db container' # Application - name: 'Prepare config location' become: true ansible.builtin.file: path: '{{ item }}' state: 'directory' owner: 'root' group: 'root' mode: 'u=rwx,g=rx,o=rx' loop: - '/srv/git/conf/' - '/srv/git/custom/templates/user/auth' - name: 'Deploy application config' become: true ansible.builtin.template: src: 'forgejo.ini.j2' dest: '/srv/git/conf/forgejo.ini' owner: 'root' group: 'root' mode: 'u=rw,g=r,o=r' notify: 'Restart forgejo-app container' - name: 'Write customized login page' become: true ansible.builtin.copy: src: 'forgejo/templates/user/auth/signin_inner.tmpl' dest: '/srv/git/custom/templates/user/auth/signin_inner.tmpl' owner: 'root' group: 'root' mode: 'u=rw,g=r,o=r' notify: 'Restart forgejo-app container' - name: 'Define forgejo-app image' become: true containers.podman.podman_image: name: '{{ forgejo_app_image_name }}:{{ forgejo_app_image_tag }}' quadlet_filename: 'forgejo-app' state: 'quadlet' notify: - 'Reload forgejo services' - 'Restart forgejo-app image' - name: 'Create forgejo-app container' become: true containers.podman.podman_container: name: 'forgejo-app' image: 'forgejo-app.image' network: '{{ forgejo_network_name }}.network' state: 'quadlet' volume: - '{{ forgejo_app_volume_name }}.volume:/data/' - '/etc/timezone:/etc/timezone:ro' - '/etc/localtime:/etc/localtime:ro' - '/srv/git/conf/forgejo.ini:/data/gitea/conf/app.ini:ro' - '/srv/git/custom/templates:/data/gitea/templates:ro' env: USER_UID: '1000' USER_GID: '1000' FORGEJO__database__DB_TYPE: 'postgres' FORGEJO__database__HOST: 'forgejo-db:5432' FORGEJO__database__NAME: '{{ forgejo_db_database }}' FORGEJO__database__USER: '{{ forgejo_db_user }}' FORGEJO__database__PASSWD: '{{ forgejo_db_password }}' ports: - '{{ forgejo_ssh_port }}:22/tcp' quadlet_options: | [Install] WantedBy=default.target [Unit] Requires={{ forgejo_network_name }}-network.service Requires={{ forgejo_app_volume_name }}-volume.service Requires=forgejo-db.service After={{ forgejo_network_name }}-network.service After={{ forgejo_app_volume_name }}-volume.service After=forgejo-db.service notify: - 'Reload forgejo services' - 'Restart forgejo-app container' - name: Flush handlers ansible.builtin.meta: flush_handlers # Authentication source - name: 'Configure forgejo authentication source' become: true when: forgejo_sso_create_source enbewe.forgejo.forgejo_oauth: state: 'present' update: '{{ forgejo_sso_update | default(false) }}' name: '{{ forgejo_sso_name }}' provider: '{{ forgejo_sso_provider }}' key: '{{ forgejo_sso_key }}' secret: '{{ forgejo_sso_secret }}' auto_discover_url: '{{ forgejo_sso_auto_discover_url | default("") }}' use_custom_urls: '{{ forgejo_sso_use_custom_urls | default(false) }}' custom_tenant_id: '{{ forgejo_sso_custom_tenant_id | default("") }}' custom_auth_url: '{{ forgejo_sso_custom_auth_url | default("") }}' custom_token_url: '{{ forgejo_sso_custom_token_url | default("") }}' custom_profile_url: '{{ forgejo_sso_custom_profile_url | default("") }}' custom_email_url: '{{ forgejo_sso_custom_email_url | default("") }}' icon_url: '{{ forgejo_sso_icon_url | default("") }}' skip_local_2fa: '{{ forgejo_sso_skip_local_2fa | default(true) }}' scopes: '{{ forgejo_sso_scopes | default("") }}' required_claim_name: '{{ forgejo_sso_required_claim_name | default("") }}' required_claim_value: '{{ forgejo_sso_required_claim_value | default("") }}' group_claim_name: '{{ forgejo_sso_group_claim_name | default("") }}' admin_group: '{{ forgejo_sso_admin_group | default("") }}' restricted_group: '{{ forgejo_sso_restricted_group | default("") }}' group_team_map: '{{ forgejo_sso_group_team_map | default("") }}' group_team_map_removal: '{{ forgejo_sso_group_team_map_removal | default(false) }}' retries: 5 delay: 5