Replace forgejo config with explicit ini

This commit is contained in:
Tobias Reisinger 2025-06-11 21:09:49 +02:00
parent c7fc3f3ef7
commit 36a54fef3d
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
2 changed files with 80 additions and 55 deletions
playbooks/roles/forgejo

View file

@ -5,12 +5,18 @@
- name: Deploy {{ role_name }} - name: Deploy {{ role_name }}
vars: vars:
svc: "{{ forgejo_svc }}" svc: "{{ forgejo_svc }}"
env: "{{ forgejo_env }}"
compose: "{{ forgejo_compose }}" compose: "{{ forgejo_compose }}"
block: block:
- name: Import prepare tasks for common service - name: Import prepare tasks for common service
ansible.builtin.import_tasks: tasks/prepare-common-service.yml ansible.builtin.import_tasks: tasks/prepare-common-service.yml
- name: Create the app.ini file
ansible.builtin.copy:
dest: "{{ (service_path, 'app.ini') | path_join }}"
content: '{{ forgejo_ini | to_ini }}'
mode: "0644"
notify: Restart service {{ role_name }}
- name: Copy the template files - name: Copy the template files
ansible.builtin.copy: ansible.builtin.copy:
src: templates/ src: templates/

View file

@ -10,77 +10,95 @@ forgejo_svc:
port: "{{ postgres.port }}" port: "{{ postgres.port }}"
ssh_port: 22 ssh_port: 22
forgejo_env: forgejo_ini:
FORGEJO__database__DB_TYPE: postgres database:
FORGEJO__database__HOST: "{{ svc.db.host }}:{{ svc.db.port }}" DB_TYPE: postgres
FORGEJO__database__NAME: "{{ opentofu.postgresql_data.forgejo.database }}" HOST: "{{ svc.db.host }}:{{ svc.db.port }}"
FORGEJO__database__USER: "{{ opentofu.postgresql_data.forgejo.user }}" NAME: "{{ opentofu.postgresql_data.forgejo.database }}"
FORGEJO__database__PASSWD: "{{ opentofu.postgresql_data.forgejo.pass }}" USER: "{{ opentofu.postgresql_data.forgejo.user }}"
FORGEJO__database__SSL_MODE: verify-full PASSWD: "{{ opentofu.postgresql_data.forgejo.pass }}"
SSL_MODE: verify-full
FORGEJO__repository__ENABLE_PUSH_CREATE_USER: true repository:
FORGEJO__repository__ENABLE_PUSH_CREATE_ORG: true ENABLE_PUSH_CREATE_USER: true
FORGEJO__repository__DEFAULT_BRANCH: main ENABLE_PUSH_CREATE_ORG: true
DEFAULT_BRANCH: main
FORGEJO__cors__ENABLED: true cors:
FORGEJO__cors__SCHEME: https ENABLED: true
SCHEME: https
FORGEJO__ui__DEFAULT_THEME: forgejo-dark ui:
DEFAULT_THEME: forgejo-dark
FORGEJO__server__DOMAIN: "{{ svc.domain }}" server:
FORGEJO__server__SSH_DOMAIN: "{{ svc.domain }}" DOMAIN: "{{ svc.domain }}"
FORGEJO__server__SSH_PORT: "{{ svc.ssh_port }}" SSH_DOMAIN: "{{ svc.domain }}"
FORGEJO__server__ROOT_URL: https://{{ svc.domain }} SSH_PORT: "{{ svc.ssh_port }}"
FORGEJO__server__OFFLINE_MODE: true ROOT_URL: https://{{ svc.domain }}
FORGEJO__server__LFS_JWT_SECRET: "{{ vault_forgejo.server_lfs_jwt_secret }}" OFFLINE_MODE: true
FORGEJO__server__LFS_START_SERVER: true LFS_JWT_SECRET: "{{ vault_forgejo.server_lfs_jwt_secret }}"
LFS_START_SERVER: true
FORGEJO__security__INSTALL_LOCK: true security:
FORGEJO__security__INTERNAL_TOKEN: "{{ vault_forgejo.security_internal_token }}" INSTALL_LOCK: true
FORGEJO__security__SECRET_KEY: "{{ vault_forgejo.security_secret_key }}" INTERNAL_TOKEN: "{{ vault_forgejo.security_internal_token }}"
SECRET_KEY: "{{ vault_forgejo.security_secret_key }}"
FORGEJO__openid__ENABLE_OPENID_SIGNUP: true openid:
FORGEJO__openid__ENABLE_OPENID_SIGNIN: false ENABLE_OPENID_SIGNUP: true
ENABLE_OPENID_SIGNIN: false
FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: true service:
FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: false ALLOW_ONLY_EXTERNAL_REGISTRATION: true
FORGEJO__service__DEFAULT_KEEP_EMAIL_PRIVATE: true ENABLE_BASIC_AUTHENTICATION: false
FORGEJO__service__NO_REPLY_ADDRESS: discard.msrg.cc DEFAULT_KEEP_EMAIL_PRIVATE: true
NO_REPLY_ADDRESS: discard.msrg.cc
FORGEJO__webhook__DELIVER_TIMEOUT: 60 webhook:
DELIVER_TIMEOUT: 60
FORGEJO__mailer__ENABLED: true mailer:
FORGEJO__mailer__PROTOCOL: smtp+starttls ENABLED: true
FORGEJO__mailer__SMTP_ADDR: "{{ mailer.host }}" PROTOCOL: smtp+starttls
FORGEJO__mailer__SMTP_PORT: "{{ mailer.port }}" SMTP_ADDR: "{{ mailer.host }}"
FORGEJO__mailer__FROM: "git <{{ opentofu.mailcow_data.forgejo.address }}>" SMTP_PORT: "{{ mailer.port }}"
FORGEJO__mailer__USER: "{{ opentofu.mailcow_data.forgejo.address }}" FROM: "git <{{ opentofu.mailcow_data.forgejo.address }}>"
FORGEJO__mailer__PASSWD: "{{ opentofu.mailcow_data.forgejo.password }}" USER: "{{ opentofu.mailcow_data.forgejo.address }}"
FORGEJO__mailer__SEND_AS_PLAIN_TEXT: true PASSWD: "{{ opentofu.mailcow_data.forgejo.password }}"
SEND_AS_PLAIN_TEXT: true
FORGEJO__picture__DISABLE_GRAVATAR: true picture:
DISABLE_GRAVATAR: true
FORGEJO__attachment__MAX_FILES: 10 attachment:
MAX_FILES: 10
FORGEJO__oauth2__JWT_SECRET: "{{ vault_forgejo.oauth2_jwt_secret }}" oauth2:
JWT_SECRET: "{{ vault_forgejo.oauth2_jwt_secret }}"
FORGEJO__log.console__FLAGS: "level,medfile,shortfuncname" log.console:
FLAGS: "level,medfile,shortfuncname"
FORGEJO__metrics__ENABLED: true metrics:
FORGEJO__metrics__TOKEN: "{{ vault_metrics_token }}" ENABLED: true
TOKEN: "{{ vault_metrics_token }}"
FORGEJO__actions__ENABLED: true actions:
ENABLED: true
FORGEJO__storage__STORAGE_TYPE: minio storage:
FORGEJO__storage__MINIO_ENDPOINT: "{{ opentofu.scaleway_data.forgejo.api_endpoint | urlsplit('hostname') }}" STORAGE_TYPE: minio
FORGEJO__storage__MINIO_ACCESS_KEY_ID: "{{ opentofu.scaleway_data.forgejo.access_key }}" MINIO_ENDPOINT: "{{ opentofu.scaleway_data.forgejo.api_endpoint | urlsplit('hostname') }}"
FORGEJO__storage__MINIO_SECRET_ACCESS_KEY: "{{ opentofu.scaleway_data.forgejo.secret_key }}" MINIO_ACCESS_KEY_ID: "{{ opentofu.scaleway_data.forgejo.access_key }}"
FORGEJO__storage__MINIO_BUCKET: "{{ opentofu.scaleway_data.forgejo.name }}" MINIO_SECRET_ACCESS_KEY: "{{ opentofu.scaleway_data.forgejo.secret_key }}"
FORGEJO__storage__MINIO_LOCATION: "{{ opentofu.scaleway_data.forgejo.region }}" MINIO_BUCKET: "{{ opentofu.scaleway_data.forgejo.name }}"
FORGEJO__storage__MINIO_USE_SSL: true MINIO_LOCATION: "{{ opentofu.scaleway_data.forgejo.region }}"
MINIO_USE_SSL: true
FORGEJO__other__SHOW_FOOTER_VERSION: true other:
FORGEJO__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME: false SHOW_FOOTER_VERSION: true
SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
forgejo_compose: forgejo_compose:
watchtower: update watchtower: update
@ -88,6 +106,7 @@ forgejo_compose:
image: codeberg.org/forgejo/forgejo:11 image: codeberg.org/forgejo/forgejo:11
volumes: volumes:
- data:/data - data:/data
- ./app.ini:/data/gitea/conf/app.ini
- ./templates:/data/gitea/templates - ./templates:/data/gitea/templates
- ./public:/data/gitea/public - ./public:/data/gitea/public
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro