From 36a54fef3ddf803e9c68f3780bbc8af848e60a67 Mon Sep 17 00:00:00 2001 From: Tobias Reisinger <tobias@msrg.cc> Date: Wed, 11 Jun 2025 21:09:49 +0200 Subject: [PATCH] Replace forgejo config with explicit ini --- playbooks/roles/forgejo/tasks/main.yml | 8 +- playbooks/roles/forgejo/vars/main.yml | 127 ++++++++++++++----------- 2 files changed, 80 insertions(+), 55 deletions(-) diff --git a/playbooks/roles/forgejo/tasks/main.yml b/playbooks/roles/forgejo/tasks/main.yml index cf1f637..e679711 100644 --- a/playbooks/roles/forgejo/tasks/main.yml +++ b/playbooks/roles/forgejo/tasks/main.yml @@ -5,12 +5,18 @@ - name: Deploy {{ role_name }} vars: svc: "{{ forgejo_svc }}" - env: "{{ forgejo_env }}" compose: "{{ forgejo_compose }}" block: - name: Import prepare tasks for common service ansible.builtin.import_tasks: tasks/prepare-common-service.yml + - name: Create the app.ini file + ansible.builtin.copy: + dest: "{{ (service_path, 'app.ini') | path_join }}" + content: '{{ forgejo_ini | to_ini }}' + mode: "0644" + notify: Restart service {{ role_name }} + - name: Copy the template files ansible.builtin.copy: src: templates/ diff --git a/playbooks/roles/forgejo/vars/main.yml b/playbooks/roles/forgejo/vars/main.yml index 39eff82..4cfdea0 100644 --- a/playbooks/roles/forgejo/vars/main.yml +++ b/playbooks/roles/forgejo/vars/main.yml @@ -10,77 +10,95 @@ forgejo_svc: port: "{{ postgres.port }}" ssh_port: 22 -forgejo_env: - FORGEJO__database__DB_TYPE: postgres - FORGEJO__database__HOST: "{{ svc.db.host }}:{{ svc.db.port }}" - FORGEJO__database__NAME: "{{ opentofu.postgresql_data.forgejo.database }}" - FORGEJO__database__USER: "{{ opentofu.postgresql_data.forgejo.user }}" - FORGEJO__database__PASSWD: "{{ opentofu.postgresql_data.forgejo.pass }}" - FORGEJO__database__SSL_MODE: verify-full +forgejo_ini: + database: + DB_TYPE: postgres + HOST: "{{ svc.db.host }}:{{ svc.db.port }}" + NAME: "{{ opentofu.postgresql_data.forgejo.database }}" + USER: "{{ opentofu.postgresql_data.forgejo.user }}" + PASSWD: "{{ opentofu.postgresql_data.forgejo.pass }}" + SSL_MODE: verify-full - FORGEJO__repository__ENABLE_PUSH_CREATE_USER: true - FORGEJO__repository__ENABLE_PUSH_CREATE_ORG: true - FORGEJO__repository__DEFAULT_BRANCH: main + repository: + ENABLE_PUSH_CREATE_USER: true + ENABLE_PUSH_CREATE_ORG: true + DEFAULT_BRANCH: main - FORGEJO__cors__ENABLED: true - FORGEJO__cors__SCHEME: https + cors: + ENABLED: true + SCHEME: https - FORGEJO__ui__DEFAULT_THEME: forgejo-dark + ui: + DEFAULT_THEME: forgejo-dark - FORGEJO__server__DOMAIN: "{{ svc.domain }}" - FORGEJO__server__SSH_DOMAIN: "{{ svc.domain }}" - FORGEJO__server__SSH_PORT: "{{ svc.ssh_port }}" - FORGEJO__server__ROOT_URL: https://{{ svc.domain }} - FORGEJO__server__OFFLINE_MODE: true - FORGEJO__server__LFS_JWT_SECRET: "{{ vault_forgejo.server_lfs_jwt_secret }}" - FORGEJO__server__LFS_START_SERVER: true + server: + DOMAIN: "{{ svc.domain }}" + SSH_DOMAIN: "{{ svc.domain }}" + SSH_PORT: "{{ svc.ssh_port }}" + ROOT_URL: https://{{ svc.domain }} + OFFLINE_MODE: true + LFS_JWT_SECRET: "{{ vault_forgejo.server_lfs_jwt_secret }}" + LFS_START_SERVER: true - FORGEJO__security__INSTALL_LOCK: true - FORGEJO__security__INTERNAL_TOKEN: "{{ vault_forgejo.security_internal_token }}" - FORGEJO__security__SECRET_KEY: "{{ vault_forgejo.security_secret_key }}" + security: + INSTALL_LOCK: true + INTERNAL_TOKEN: "{{ vault_forgejo.security_internal_token }}" + SECRET_KEY: "{{ vault_forgejo.security_secret_key }}" - FORGEJO__openid__ENABLE_OPENID_SIGNUP: true - FORGEJO__openid__ENABLE_OPENID_SIGNIN: false + openid: + ENABLE_OPENID_SIGNUP: true + ENABLE_OPENID_SIGNIN: false - FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: true - FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: false - FORGEJO__service__DEFAULT_KEEP_EMAIL_PRIVATE: true - FORGEJO__service__NO_REPLY_ADDRESS: discard.msrg.cc + service: + ALLOW_ONLY_EXTERNAL_REGISTRATION: true + ENABLE_BASIC_AUTHENTICATION: false + DEFAULT_KEEP_EMAIL_PRIVATE: true + NO_REPLY_ADDRESS: discard.msrg.cc - FORGEJO__webhook__DELIVER_TIMEOUT: 60 + webhook: + DELIVER_TIMEOUT: 60 - FORGEJO__mailer__ENABLED: true - FORGEJO__mailer__PROTOCOL: smtp+starttls - FORGEJO__mailer__SMTP_ADDR: "{{ mailer.host }}" - FORGEJO__mailer__SMTP_PORT: "{{ mailer.port }}" - FORGEJO__mailer__FROM: "git <{{ opentofu.mailcow_data.forgejo.address }}>" - FORGEJO__mailer__USER: "{{ opentofu.mailcow_data.forgejo.address }}" - FORGEJO__mailer__PASSWD: "{{ opentofu.mailcow_data.forgejo.password }}" - FORGEJO__mailer__SEND_AS_PLAIN_TEXT: true + mailer: + ENABLED: true + PROTOCOL: smtp+starttls + SMTP_ADDR: "{{ mailer.host }}" + SMTP_PORT: "{{ mailer.port }}" + FROM: "git <{{ opentofu.mailcow_data.forgejo.address }}>" + USER: "{{ opentofu.mailcow_data.forgejo.address }}" + PASSWD: "{{ opentofu.mailcow_data.forgejo.password }}" + SEND_AS_PLAIN_TEXT: true - FORGEJO__picture__DISABLE_GRAVATAR: true + picture: + DISABLE_GRAVATAR: true - FORGEJO__attachment__MAX_FILES: 10 + attachment: + MAX_FILES: 10 - FORGEJO__oauth2__JWT_SECRET: "{{ vault_forgejo.oauth2_jwt_secret }}" + oauth2: + JWT_SECRET: "{{ vault_forgejo.oauth2_jwt_secret }}" - FORGEJO__log.console__FLAGS: "level,medfile,shortfuncname" + log.console: + FLAGS: "level,medfile,shortfuncname" - FORGEJO__metrics__ENABLED: true - FORGEJO__metrics__TOKEN: "{{ vault_metrics_token }}" + metrics: + ENABLED: true + TOKEN: "{{ vault_metrics_token }}" - FORGEJO__actions__ENABLED: true + actions: + ENABLED: true - FORGEJO__storage__STORAGE_TYPE: minio - FORGEJO__storage__MINIO_ENDPOINT: "{{ opentofu.scaleway_data.forgejo.api_endpoint | urlsplit('hostname') }}" - FORGEJO__storage__MINIO_ACCESS_KEY_ID: "{{ opentofu.scaleway_data.forgejo.access_key }}" - FORGEJO__storage__MINIO_SECRET_ACCESS_KEY: "{{ opentofu.scaleway_data.forgejo.secret_key }}" - FORGEJO__storage__MINIO_BUCKET: "{{ opentofu.scaleway_data.forgejo.name }}" - FORGEJO__storage__MINIO_LOCATION: "{{ opentofu.scaleway_data.forgejo.region }}" - FORGEJO__storage__MINIO_USE_SSL: true + storage: + STORAGE_TYPE: minio + MINIO_ENDPOINT: "{{ opentofu.scaleway_data.forgejo.api_endpoint | urlsplit('hostname') }}" + MINIO_ACCESS_KEY_ID: "{{ opentofu.scaleway_data.forgejo.access_key }}" + MINIO_SECRET_ACCESS_KEY: "{{ opentofu.scaleway_data.forgejo.secret_key }}" + MINIO_BUCKET: "{{ opentofu.scaleway_data.forgejo.name }}" + MINIO_LOCATION: "{{ opentofu.scaleway_data.forgejo.region }}" + MINIO_USE_SSL: true - FORGEJO__other__SHOW_FOOTER_VERSION: true - FORGEJO__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME: false + other: + SHOW_FOOTER_VERSION: true + SHOW_FOOTER_TEMPLATE_LOAD_TIME: false forgejo_compose: watchtower: update @@ -88,6 +106,7 @@ forgejo_compose: image: codeberg.org/forgejo/forgejo:11 volumes: - data:/data + - ./app.ini:/data/gitea/conf/app.ini - ./templates:/data/gitea/templates - ./public:/data/gitea/public - /etc/timezone:/etc/timezone:ro