8a8c643e14
* Forgejo role for quick deployment in podman * Forgejo_OAuth module to manage authentication source Signed-off-by: Nis Wechselberg <enbewe@enbewe.de>
120 lines
3.8 KiB
YAML
120 lines
3.8 KiB
YAML
---
|
|
# Basic stuff
|
|
- name: 'Install required software'
|
|
become: true
|
|
ansible.builtin.apt:
|
|
name: 'podman'
|
|
state: 'present'
|
|
|
|
- name: 'Create podman network for forgejo deployment'
|
|
become: true
|
|
containers.podman.podman_network:
|
|
name: '{{ forgejo_network_name }}'
|
|
state: 'present'
|
|
|
|
- name: 'Create the volume for database storage'
|
|
become: true
|
|
containers.podman.podman_volume:
|
|
name: '{{ item }}'
|
|
state: 'present'
|
|
loop:
|
|
- '{{ forgejo_db_volume_name }}'
|
|
- '{{ forgejo_app_volume_name }}'
|
|
|
|
# Database
|
|
- name: 'Create config for database for forgejo'
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: 'systemd/container-forgejo-db.service.j2'
|
|
dest: '/etc/systemd/system/container-forgejo-db.service'
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: 'u=rw,g=r,o=r'
|
|
|
|
- name: 'Start and enable forgejo-db service'
|
|
become: true
|
|
ansible.builtin.systemd:
|
|
name: 'container-forgejo-db.service'
|
|
state: 'started'
|
|
enabled: true
|
|
daemon_reload: true
|
|
|
|
# Application
|
|
- name: 'Prepare config location'
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: '{{ item }}'
|
|
state: 'directory'
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: 'u=rwx,g=rx,o=rx'
|
|
loop:
|
|
- '/srv/git/conf/'
|
|
- '/srv/git/custom/templates/user/auth'
|
|
|
|
- name: 'Deploy application config'
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: 'forgejo/forgejo.ini'
|
|
dest: '/srv/git/conf/forgejo.ini'
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: 'u=rw,g=r,o=r'
|
|
notify: 'Restart forgejo container'
|
|
|
|
- name: 'Write customized login page'
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: 'forgejo/templates/user/auth/signin_inner.tmpl'
|
|
dest: '/srv/git/custom/templates/user/auth/signin_inner.tmpl'
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: 'u=rw,g=r,o=r'
|
|
notify: 'Restart forgejo container'
|
|
|
|
- name: 'Create service for forgejo'
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: 'systemd/container-forgejo-app.service.j2'
|
|
dest: '/etc/systemd/system/container-forgejo-app.service'
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: 'u=rw,g=r,o=r'
|
|
notify: 'Restart forgejo container'
|
|
|
|
- name: 'Start and enable forgejo-app service'
|
|
become: true
|
|
ansible.builtin.systemd:
|
|
name: 'container-forgejo-app.service'
|
|
state: 'started'
|
|
enabled: true
|
|
daemon_reload: true
|
|
|
|
# Authentication source
|
|
- name: 'Configure forgejo authentication source'
|
|
become: true
|
|
when: forgejo_sso_create_source
|
|
enbewe.forgejo.forgejo_oauth:
|
|
state: 'present'
|
|
update: '{{ forgejo_sso_update | default(false) }}'
|
|
name: '{{ forgejo_sso_name }}'
|
|
provider: '{{ forgejo_sso_provider }}'
|
|
key: '{{ forgejo_sso_key }}'
|
|
secret: '{{ forgejo_sso_secret }}'
|
|
auto_discover_url: '{{ forgejo_sso_auto_discover_url | default("") }}'
|
|
use_custom_urls: '{{ forgejo_sso_use_custom_urls | default(false) }}'
|
|
custom_tenant_id: '{{ forgejo_sso_custom_tenant_id | default("") }}'
|
|
custom_auth_url: '{{ forgejo_sso_custom_auth_url | default("") }}'
|
|
custom_token_url: '{{ forgejo_sso_custom_token_url | default("") }}'
|
|
custom_profile_url: '{{ forgejo_sso_custom_profile_url | default("") }}'
|
|
custom_email_url: '{{ forgejo_sso_custom_email_url | default("") }}'
|
|
icon_url: '{{ forgejo_sso_icon_url | default("") }}'
|
|
skip_local_2fa: '{{ forgejo_sso_skip_local_2fa | default(true) }}'
|
|
scopes: '{{ forgejo_sso_scopes | default("") }}'
|
|
required_claim_name: '{{ forgejo_sso_required_claim_name | default("") }}'
|
|
required_claim_value: '{{ forgejo_sso_required_claim_value | default("") }}'
|
|
group_claim_name: '{{ forgejo_sso_group_claim_name | default("") }}'
|
|
admin_group: '{{ forgejo_sso_admin_group | default("") }}'
|
|
restricted_group: '{{ forgejo_sso_restricted_group | default("") }}'
|
|
group_team_map: '{{ forgejo_sso_group_team_map | default("") }}'
|
|
group_team_map_removal: '{{ forgejo_sso_group_team_map_removal | default(false) }}'
|