Add Template to deploy forgejo.

This template allows deploying a forgejo en either Scaleway or Hetzner (untested) without much knowledge about them. It DOES require knowledge about Terragrunt and ansible. A wizard of sorts is provided but it will not guarantee success without some knowledge about the underlying technology.
2026-01-09 16:07:44 +01:00 · 2026-01-09 16:07:44 +01:00 · 822e42dbb8
commit 822e42dbb8
parent a9f546f92a
48 changed files with 6846 additions and 2 deletions
--- a/ansible/roles/forgejo/tasks/forgejo.yml
+++ b/ansible/roles/forgejo/tasks/forgejo.yml
@ -0,0 +1,138 @@
+---
+# Forgejo deployment tasks
+
+- name: Ensure Forgejo data directories have correct ownership
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ forgejo_uid }}"
+    group: "{{ forgejo_gid }}"
+    mode: '0755'
+    recurse: yes
+  become: yes
+  loop:
+    - "{{ forgejo_data_path }}"
+    - "{{ forgejo_config_path }}"
+    - "{{ forgejo_custom_path }}"
+
+- name: Create .ssh directory for Forgejo
+  ansible.builtin.file:
+    path: "{{ forgejo_data_path }}/git/.ssh"
+    state: directory
+    owner: "{{ forgejo_uid }}"
+    group: "{{ forgejo_gid }}"
+    mode: '0700'
+  become: yes
+
+- name: Create Forgejo configuration from template
+  ansible.builtin.template:
+    src: app.ini.j2
+    dest: "{{ forgejo_config_path }}/app.ini"
+    owner: "{{ forgejo_user }}"
+    group: "{{ forgejo_group }}"
+    mode: '0640'
+  become: yes
+  notify: Restart Forgejo
+
+- name: Create Docker Compose file
+  ansible.builtin.template:
+    src: docker-compose.yml.j2
+    dest: "{{ forgejo_base_path }}/docker-compose.yml"
+    owner: "{{ forgejo_user }}"
+    group: "{{ forgejo_group }}"
+    mode: '0640'
+  become: yes
+  notify: Restart Forgejo
+
+- name: Pull Forgejo Docker image
+  community.docker.docker_image:
+    name: "{{ forgejo_docker_image }}:{{ forgejo_version }}"
+    source: pull
+  become: yes
+
+- name: Start Forgejo with Docker Compose
+  community.docker.docker_compose_v2:
+    project_src: "{{ forgejo_base_path }}"
+    state: present
+  become: yes
+  register: forgejo_started
+
+- name: Wait for Forgejo to be ready
+  ansible.builtin.uri:
+    url: "http://localhost:{{ forgejo_http_port }}"
+    status_code: 200
+  register: forgejo_health
+  until: forgejo_health.status == 200
+  retries: 30
+  delay: 5
+  ignore_errors: yes
+
+- name: Get Forgejo container logs if startup failed
+  ansible.builtin.command:
+    cmd: docker logs forgejo --tail 50
+  register: forgejo_logs
+  become: yes
+  when: forgejo_health.status is not defined or forgejo_health.status != 200
+
+- name: Show Forgejo container logs
+  ansible.builtin.debug:
+    var: forgejo_logs.stdout_lines
+  when: forgejo_logs is defined and forgejo_logs.stdout_lines is defined
+
+- name: Fail if Forgejo is not ready
+  ansible.builtin.fail:
+    msg: "Forgejo failed to start. Check logs above."
+  when: forgejo_health.status is not defined or forgejo_health.status != 200
+
+- name: Check if admin user exists
+  ansible.builtin.command:
+    cmd: docker exec --user git forgejo forgejo admin user list --admin
+  register: admin_user_check
+  become: yes
+  changed_when: false
+  failed_when: false
+
+- name: Create admin user
+  ansible.builtin.command:
+    cmd: >
+      docker exec --user git forgejo forgejo admin user create
+      --admin
+      --username "{{ forgejo_admin_username }}"
+      --password "{{ forgejo_admin_password }}"
+      --email "{{ forgejo_admin_email }}"
+      --must-change-password=false
+  become: yes
+  when: forgejo_admin_username not in admin_user_check.stdout
+  register: admin_created
+  no_log: yes
+
+- name: Display admin credentials
+  ansible.builtin.debug:
+    msg: |
+      =====================================================
+      ADMIN USER CREATED
+      =====================================================
+      Username: {{ forgejo_admin_username }}
+      Email:    {{ forgejo_admin_email }}
+      Password: (from your secrets.yml vault)
+
+      IMPORTANT: Change this password after first login!
+      =====================================================
+  when: admin_created is defined and admin_created.changed
+
+- name: Create Forgejo systemd service
+  ansible.builtin.template:
+    src: forgejo.service.j2
+    dest: /etc/systemd/system/forgejo.service
+    mode: '0644'
+  become: yes
+  notify:
+    - Reload Systemd
+    - Restart Forgejo
+
+- name: Enable Forgejo service
+  ansible.builtin.systemd:
+    name: forgejo
+    enabled: yes
+    daemon_reload: yes
+  become: yes