Add Template to deploy forgejo.

This template allows deploying a forgejo en either Scaleway or Hetzner (untested) without much knowledge about them. It DOES require knowledge about Terragrunt and ansible. A wizard of sorts is provided but it will not guarantee success without some knowledge about the underlying technology.
2026-01-09 16:07:44 +01:00 · 2026-01-09 16:07:44 +01:00 · 822e42dbb8
commit 822e42dbb8
parent a9f546f92a
48 changed files with 6846 additions and 2 deletions
--- a/ansible/roles/forgejo/templates/Caddyfile.j2
+++ b/ansible/roles/forgejo/templates/Caddyfile.j2
@ -0,0 +1,63 @@
+# Caddyfile for Forgejo
+# Caddy automatically obtains and renews TLS certificates via Let's Encrypt
+
+{% if forgejo_enable_letsencrypt %}
+{{ forgejo_domain }} {
+    # Reverse proxy to Forgejo
+    reverse_proxy localhost:{{ forgejo_http_port }} {
+        # WebSocket support (needed for real-time features)
+        header_up X-Real-IP {remote_host}
+        header_up X-Forwarded-For {remote_host}
+        header_up X-Forwarded-Proto {scheme}
+
+        # Timeouts for large Git operations
+        transport http {
+            read_timeout 600s
+            write_timeout 600s
+        }
+    }
+
+    # Security headers
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        X-Frame-Options "SAMEORIGIN"
+        X-Content-Type-Options "nosniff"
+        X-XSS-Protection "1; mode=block"
+    }
+
+    # Request body size for large uploads (Git push, LFS)
+    request_body {
+        max_size 100MB
+    }
+
+    # Logging
+    log {
+        output file /var/log/caddy/forgejo_access.log {
+            roll_size 100mb
+            roll_keep 5
+        }
+        format json
+    }
+
+    # TLS configuration (automatic via Let's Encrypt)
+    tls {{ letsencrypt_email }}
+}
+{% else %}
+# HTTP-only configuration (not recommended for production)
+:80 {
+    reverse_proxy localhost:{{ forgejo_http_port }} {
+        header_up X-Real-IP {remote_host}
+        header_up X-Forwarded-For {remote_host}
+        header_up X-Forwarded-Proto {scheme}
+    }
+
+    request_body {
+        max_size 100MB
+    }
+
+    log {
+        output file /var/log/caddy/forgejo_access.log
+        format json
+    }
+}
+{% endif %}