Add Template to deploy forgejo.

This template allows deploying a forgejo en either Scaleway or Hetzner
(untested) without much knowledge about them.
It DOES require knowledge about Terragrunt and ansible. A wizard of
sorts is provided but it will not guarantee success without some
knowledge about the underlying technology.

ansible/roles/forgejo/templates/app.ini.j2

@@ -0,0 +1,219 @@
+; Forgejo Configuration File
+; Generated by Ansible
+
+APP_NAME = Forgejo: {{ forgejo_domain }}
+RUN_MODE = prod
+RUN_USER = {{ forgejo_user }}
+WORK_PATH = /data/gitea
+
+[repository]
+ROOT = /data/git/repositories
+SCRIPT_TYPE = bash
+DEFAULT_BRANCH = main
+DEFAULT_PRIVATE = last
+MAX_CREATION_LIMIT = -1
+ENABLE_PUSH_CREATE_USER = true
+ENABLE_PUSH_CREATE_ORG = true
+DISABLE_HTTP_GIT = {{ forgejo_disable_http_git | lower }}
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+ENABLED = true
+TEMP_PATH = /data/gitea/uploads
+FILE_MAX_SIZE = 100
+MAX_FILES = 10
+
+[lfs]
+ENABLED = {{ forgejo_enable_lfs | lower }}
+PATH = /data/lfs
+MAX_FILE_SIZE = {{ forgejo_lfs_max_file_size }}
+
+[server]
+; Forgejo listens on HTTP internally; Caddy handles TLS termination
+PROTOCOL = http
+DOMAIN = {{ forgejo_domain }}
+ROOT_URL = {{ forgejo_protocol }}://{{ forgejo_domain }}/
+HTTP_ADDR = 0.0.0.0
+HTTP_PORT = 3000
+DISABLE_SSH = false
+SSH_DOMAIN = {{ forgejo_domain }}
+SSH_PORT = {{ forgejo_ssh_port }}
+SSH_LISTEN_PORT = 22
+OFFLINE_MODE = false
+APP_DATA_PATH = /data/gitea
+LANDING_PAGE = explore
+LFS_START_SERVER = {{ forgejo_enable_lfs | lower }}
+
+[database]
+DB_TYPE = {{ forgejo_db_type }}
+; Use host.docker.internal to reach host PostgreSQL from container
+HOST = host.docker.internal:{{ forgejo_db_port }}
+NAME = {{ forgejo_db_name }}
+USER = {{ forgejo_db_user }}
+PASSWD = {{ forgejo_db_password }}
+SCHEMA =
+SSL_MODE = disable
+CHARSET = utf8mb4
+LOG_SQL = false
+MAX_IDLE_CONNS = 30
+MAX_OPEN_CONNS = 100
+CONN_MAX_LIFETIME = 3600
+
+[security]
+INSTALL_LOCK = true
+SECRET_KEY = {{ vault_forgejo_secret_key | default('') }}
+INTERNAL_TOKEN = {{ vault_forgejo_internal_token | default('') }}
+PASSWORD_COMPLEXITY = lower,upper,digit,spec
+MIN_PASSWORD_LENGTH = 10
+PASSWORD_HASH_ALGO = argon2
+
+[service]
+DISABLE_REGISTRATION = {{ forgejo_disable_registration | lower }}
+REQUIRE_SIGNIN_VIEW = {{ forgejo_require_signin_view | lower }}
+REGISTER_EMAIL_CONFIRM = {{ forgejo_enable_email | lower }}
+ENABLE_NOTIFY_MAIL = {{ forgejo_enable_email | lower }}
+DEFAULT_KEEP_EMAIL_PRIVATE = true
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ORG_VISIBILITY = private
+ENABLE_CAPTCHA = true
+ENABLE_TIMETRACKING = true
+DEFAULT_ENABLE_TIMETRACKING = true
+ENABLE_USER_HEATMAP = true
+
+[service.explore]
+REQUIRE_SIGNIN_VIEW = {{ forgejo_require_signin_view | lower }}
+DISABLE_USERS_PAGE = false
+
+{% if forgejo_enable_email %}
+[mailer]
+ENABLED = true
+SMTP_ADDR = {{ forgejo_email_host }}
+SMTP_PORT = {{ forgejo_email_port }}
+FROM = {{ forgejo_email_from }}
+USER = {{ forgejo_email_user }}
+PASSWD = {{ forgejo_email_password }}
+SUBJECT_PREFIX = [{{ forgejo_domain }}]
+MAILER_TYPE = smtp
+IS_TLS_ENABLED = true
+{% endif %}
+
+[session]
+PROVIDER = file
+PROVIDER_CONFIG = /data/gitea/sessions
+COOKIE_SECURE = {{ (forgejo_protocol == 'https') | lower }}
+COOKIE_NAME = i_like_forgejo
+COOKIE_DOMAIN = {{ forgejo_domain }}
+GC_INTERVAL_TIME = 86400
+SESSION_LIFE_TIME = 86400
+
+[picture]
+DISABLE_GRAVATAR = {{ forgejo_disable_gravatar | lower }}
+ENABLE_FEDERATED_AVATAR = false
+
+[attachment]
+ENABLED = true
+PATH = /data/attachments
+MAX_SIZE = 100
+MAX_FILES = 10
+
+[time]
+DEFAULT_UI_LOCATION = UTC
+
+[log]
+MODE = console, file
+LEVEL = {{ forgejo_log_level }}
+ROOT_PATH = /data/gitea/log
+ENABLE_XORM_LOG = false
+
+[log.console]
+LEVEL = {{ forgejo_log_level }}
+COLORIZE = false
+
+[log.file]
+LEVEL = {{ forgejo_log_level }}
+FILE_NAME = forgejo.log
+MAX_SIZE_SHIFT = 28
+DAILY_ROTATE = true
+MAX_DAYS = 7
+
+[git]
+MAX_GIT_DIFF_LINES = 1000
+MAX_GIT_DIFF_LINE_CHARACTERS = 5000
+MAX_GIT_DIFF_FILES = 100
+GC_ARGS = 
+
+[git.timeout]
+DEFAULT = 360
+MIGRATE = 600
+MIRROR = 300
+CLONE = 300
+PULL = 300
+GC = 60
+
+{% if forgejo_enable_2fa %}
+[two_factor]
+ENABLED = true
+{% endif %}
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[cron]
+ENABLED = true
+RUN_AT_START = false
+
+[cron.update_mirrors]
+SCHEDULE = @every 10m
+
+[cron.repo_health_check]
+SCHEDULE = @every 24h
+TIMEOUT = 60s
+
+[cron.check_repo_stats]
+SCHEDULE = @every 24h
+
+[cron.cleanup_hook_task_table]
+SCHEDULE = @every 24h
+CLEANUP_TYPE = OlderThan
+OLDER_THAN = 168h
+
+[cron.update_migration_poster_id]
+SCHEDULE = @every 24h
+
+[cron.sync_external_users]
+SCHEDULE = @every 24h
+UPDATE_EXISTING = true
+
+[api]
+ENABLE_SWAGGER = false
+MAX_RESPONSE_ITEMS = 50
+DEFAULT_PAGING_NUM = 30
+DEFAULT_GIT_TREES_PER_PAGE = 1000
+DEFAULT_MAX_BLOB_SIZE = 10485760
+
+[oauth2]
+ENABLED = true
+JWT_SECRET = {{ vault_forgejo_jwt_secret | default('') }}
+
+[webhook]
+QUEUE_LENGTH = 1000
+DELIVER_TIMEOUT = 15
+SKIP_TLS_VERIFY = false
+PAGING_NUM = 10
+
+[metrics]
+ENABLED = {{ forgejo_enable_prometheus | lower }}
+TOKEN = {{ vault_forgejo_metrics_token | default('') }}
+
+[task]
+QUEUE_TYPE = channel
+QUEUE_LENGTH = 10000
+QUEUE_CONN_STR = 
+QUEUE_BATCH_NUMBER = 20
+
+[indexer]
+ISSUE_INDEXER_TYPE = db
+REPO_INDEXER_ENABLED = true