Add Template to deploy forgejo.

This template allows deploying a forgejo en either Scaleway or Hetzner (untested) without much knowledge about them. It DOES require knowledge about Terragrunt and ansible. A wizard of sorts is provided but it will not guarantee success without some knowledge about the underlying technology.
2026-01-09 16:07:44 +01:00 · 2026-01-09 16:07:44 +01:00 · 822e42dbb8
commit 822e42dbb8
parent a9f546f92a
48 changed files with 6846 additions and 2 deletions
--- a/ansible/roles/forgejo/tasks/monitoring.yml
+++ b/ansible/roles/forgejo/tasks/monitoring.yml
@ -0,0 +1,66 @@
+---
+# Prometheus monitoring setup for Forgejo
+# This is INTERNAL monitoring - metrics are only accessible locally or via authenticated endpoint
+
+- name: Create monitoring directory
+  ansible.builtin.file:
+    path: "{{ forgejo_base_path }}/monitoring"
+    state: directory
+    owner: "{{ forgejo_user }}"
+    group: "{{ forgejo_group }}"
+    mode: '0755'
+  become: yes
+
+- name: Create Prometheus configuration
+  ansible.builtin.template:
+    src: prometheus.yml.j2
+    dest: "{{ forgejo_base_path }}/monitoring/prometheus.yml"
+    owner: "{{ forgejo_user }}"
+    group: "{{ forgejo_group }}"
+    mode: '0644'
+  become: yes
+  notify: Restart Prometheus
+
+- name: Create Prometheus Docker Compose override
+  ansible.builtin.template:
+    src: docker-compose.monitoring.yml.j2
+    dest: "{{ forgejo_base_path }}/docker-compose.monitoring.yml"
+    owner: "{{ forgejo_user }}"
+    group: "{{ forgejo_group }}"
+    mode: '0644'
+  become: yes
+  notify: Restart Prometheus
+
+- name: Create Prometheus data directory
+  ansible.builtin.file:
+    path: "{{ forgejo_base_path }}/monitoring/data"
+    state: directory
+    owner: "65534"  # nobody user in Prometheus container
+    group: "65534"
+    mode: '0755'
+  become: yes
+
+- name: Start Prometheus container
+  community.docker.docker_compose_v2:
+    project_src: "{{ forgejo_base_path }}"
+    files:
+      - docker-compose.yml
+      - docker-compose.monitoring.yml
+    state: present
+  become: yes
+
+- name: Display monitoring access information
+  ansible.builtin.debug:
+    msg: |
+      Prometheus monitoring is now enabled!
+
+      Internal access (from server):
+        - Prometheus UI: http://localhost:9090
+        - Forgejo metrics: http://localhost:3000/metrics (requires token)
+
+      The metrics endpoint is protected by a token configured in your secrets.yml
+      (vault_forgejo_metrics_token). Use this token in the Authorization header
+      or as a query parameter: /metrics?token=YOUR_TOKEN
+
+      Prometheus scrapes Forgejo metrics every 15 seconds.
+      Data is retained for 15 days by default.