Add Template to deploy forgejo.

This template allows deploying a forgejo en either Scaleway or Hetzner (untested) without much knowledge about them. It DOES require knowledge about Terragrunt and ansible. A wizard of sorts is provided but it will not guarantee success without some knowledge about the underlying technology.
2026-01-09 16:07:44 +01:00 · 2026-01-09 16:07:44 +01:00 · 822e42dbb8
commit 822e42dbb8
parent a9f546f92a
48 changed files with 6846 additions and 2 deletions
--- a/ansible/inventory/production/hosts.yml.example
+++ b/ansible/inventory/production/hosts.yml.example
@ -0,0 +1,61 @@
+---
+# Ansible Inventory for Forgejo Production
+# Copy this file to hosts.yml and update with your values:
+#   cp hosts.yml.example hosts.yml
+
+all:
+  children:
+    forgejo:
+      hosts:
+        forgejo-prod:
+          # UPDATE: Your server IP (from terraform output or cloud console)
+          ansible_host: YOUR_SERVER_IP
+          ansible_user: root
+          ansible_port: 22
+          ansible_python_interpreter: /usr/bin/python3
+
+          # =============================================================
+          # DOMAIN CONFIGURATION (REQUIRED!)
+          # =============================================================
+          # UPDATE: Your domain name pointing to the server IP
+          forgejo_domain: git.example.com
+
+          forgejo_version: "9.0.2"
+
+          # Database configuration
+          forgejo_db_type: postgres
+          forgejo_db_name: forgejo
+          forgejo_db_user: forgejo
+
+          # Enable features
+          forgejo_enable_letsencrypt: true
+          forgejo_enable_backups: true
+          forgejo_enable_2fa: true
+          forgejo_use_redis: true
+
+          # Security settings
+          forgejo_disable_registration: true   # Disable public registration
+          forgejo_require_signin_view: false   # Require login to view repos
+
+          # Security: Tailscale VPN + UFW firewall
+          forgejo_enable_tailscale: true
+          forgejo_enable_ufw: true
+
+          # Email configuration (optional)
+          forgejo_enable_email: false
+          # forgejo_email_host: smtp.example.com
+          # forgejo_email_port: 587
+          # forgejo_email_user: noreply@example.com
+
+          # S3 configuration (optional)
+          forgejo_enable_s3: false
+          # forgejo_s3_endpoint: https://s3.example.com
+          # forgejo_s3_bucket: forgejo-lfs
+          # forgejo_s3_region: us-east-1
+
+          # Backup configuration
+          forgejo_backup_retention_days: 30
+          forgejo_backup_to_s3: false
+
+      vars:
+        ansible_ssh_common_args: '-o StrictHostKeyChecking=no'