Fix pre-commit hooks and move directories

roles/ and inventory/ are now in playbooks/
also fixed issues reported by ansible-lint

playbooks/roles/forgejo/files/templates/custom/extra_links_footer.tmpl

@@ -0,0 +1 @@
+<a class="item" href="https://www.serguzim.me/imprint/">Impressum</a>

playbooks/roles/forgejo/tasks/main.yml

@@ -0,0 +1,39 @@
+---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
+- name: Deploy {{ role_name }}
+  vars:
+    svc: "{{ forgejo_svc }}"
+    env: "{{ forgejo_env }}"
+    compose: "{{ forgejo_compose }}"
+  block:
+    - name: Import prepare tasks for common service
+      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
+
+    - name: Copy the template files
+      ansible.builtin.copy:
+        src: templates/
+        dest: "{{ (service_path, 'templates') | path_join }}"
+        mode: "0644"
+      register: cmd_result
+
+    - name: Set the docker force-recreate flag
+      ansible.builtin.set_fact:
+        docker_force_recreate: --force-recreate
+      when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables.
+
+    - name: Template the custom footer
+      ansible.builtin.template:
+        src: footer.tmpl.j2
+        dest: "{{ (service_path, 'templates', 'custom', 'footer.tmpl') | path_join }}"
+        mode: "0644"
+      register: cmd_result
+
+    - name: Set the docker force-recreate flag
+      ansible.builtin.set_fact:
+        docker_force_recreate: --force-recreate
+      when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables.
+
+    - name: Import start tasks for common service
+      ansible.builtin.import_tasks: tasks/start-common-service.yml

playbooks/roles/forgejo/templates/footer.tmpl.j2

@@ -0,0 +1 @@
+<script async src="/_a/script.js" data-website-id="{{ vault_forgejo.umami }}"></script>

playbooks/roles/forgejo/vars/main.yml

@@ -0,0 +1,97 @@
+---
+forgejo_svc:
+  domain: git.serguzim.me
+  port: 3000
+  caddy_extra: |
+    import analytics
+    header /attachments/* Access-Control-Allow-Origin *
+  db:
+    host: "{{ postgres.host }}"
+    port: "{{ postgres.port }}"
+  ssh_port: 22
+
+forgejo_env:
+  FORGEJO__database__DB_TYPE: postgres
+  FORGEJO__database__HOST: "{{ svc.db.host }}:{{ svc.db.port }}"
+  FORGEJO__database__NAME: "{{ opentofu.postgresql_service_roles.forgejo.database }}"
+  FORGEJO__database__USER: "{{ opentofu.postgresql_service_roles.forgejo.user }}"
+  FORGEJO__database__PASSWD: "{{ opentofu.postgresql_service_roles.forgejo.pass }}"
+  FORGEJO__database__SSL_MODE: verify-full
+
+  FORGEJO__repository__ENABLE_PUSH_CREATE_USER: true
+  FORGEJO__repository__ENABLE_PUSH_CREATE_ORG: true
+  FORGEJO__repository__DEFAULT_BRANCH: main
+
+  FORGEJO__cors__ENABLED: true
+  FORGEJO__cors__SCHEME: https
+
+  FORGEJO__ui__DEFAULT_THEME: forgejo-dark
+
+  FORGEJO__server__DOMAIN: "{{ svc.domain }}"
+  FORGEJO__server__SSH_DOMAIN: "{{ svc.domain }}"
+  FORGEJO__server__SSH_PORT: "{{ svc.ssh_port }}"
+  FORGEJO__server__ROOT_URL: https://{{ svc.domain }}
+  FORGEJO__server__OFFLINE_MODE: true
+  FORGEJO__server__LFS_JWT_SECRET: "{{ vault_forgejo.server_lfs_jwt_secret }}"
+  FORGEJO__server__LFS_START_SERVER: true
+
+  FORGEJO__security__INSTALL_LOCK: true
+  FORGEJO__security__INTERNAL_TOKEN: "{{ vault_forgejo.security_internal_token }}"
+  FORGEJO__security__SECRET_KEY: "{{ vault_forgejo.security_secret_key }}"
+
+  FORGEJO__openid__ENABLE_OPENID_SIGNUP: true
+  FORGEJO__openid__ENABLE_OPENID_SIGNIN: false
+
+  FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: true
+  FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: false
+  FORGEJO__service__DEFAULT_KEEP_EMAIL_PRIVATE: true
+  FORGEJO__service__NO_REPLY_ADDRESS: discard.msrg.cc
+
+  FORGEJO__webhook__DELIVER_TIMEOUT: 60
+
+  FORGEJO__mailer__ENABLED: true
+  FORGEJO__mailer__PROTOCOL: smtp+starttls
+  FORGEJO__mailer__SMTP_ADDR: mail.serguzim.me
+  FORGEJO__mailer__SMTP_PORT: 587
+  FORGEJO__mailer__FROM: Forgejo <git@serguzim.me>
+  FORGEJO__mailer__USER: git@serguzim.me
+  FORGEJO__mailer__PASSWD: "{{ vault_forgejo.mailer_passwd }}"
+  FORGEJO__mailer__SEND_AS_PLAIN_TEXT: true
+
+  FORGEJO__picture__DISABLE_GRAVATAR: true
+
+  FORGEJO__attachment__MAX_FILES: 10
+
+  FORGEJO__oauth2__JWT_SECRET: "{{ vault_forgejo.oauth2_jwt_secret }}"
+
+  FORGEJO__metrics__ENABLED: true
+  FORGEJO__metrics__TOKEN: "{{ vault_metrics_token }}"
+
+  FORGEJO__actions__ENABLED: true
+
+  FORGEJO__storage__STORAGE_TYPE: minio
+  FORGEJO__storage__MINIO_ENDPOINT: "{{ opentofu.scaleway_data.forgejo.api_endpoint | urlsplit('hostname') }}"
+  FORGEJO__storage__MINIO_ACCESS_KEY_ID: "{{ opentofu.scaleway_data.forgejo.access_key }}"
+  FORGEJO__storage__MINIO_SECRET_ACCESS_KEY: "{{ opentofu.scaleway_data.forgejo.secret_key }}"
+  FORGEJO__storage__MINIO_BUCKET: "{{ opentofu.scaleway_data.forgejo.name }}"
+  FORGEJO__storage__MINIO_LOCATION: "{{ opentofu.scaleway_data.forgejo.region }}"
+  FORGEJO__storage__MINIO_USE_SSL: true
+
+  FORGEJO__other__SHOW_FOOTER_VERSION: true
+  FORGEJO__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
+
+forgejo_compose:
+  watchtower: true
+  image: codeberg.org/forgejo/forgejo:7.0
+  volumes:
+    - data:/data
+    - ./templates:/data/gitea/templates
+    - /etc/timezone:/etc/timezone:ro
+    - /etc/localtime:/etc/localtime:ro
+  file:
+    services:
+      app:
+        ports:
+          - "{{ svc.ssh_port }}:{{ svc.ssh_port }}"
+    volumes:
+      data: