Backport fixes from version in production

Per file detail: backup.yml - Added role defaults loading with proper precedence (inventory > vars > defaults) - Fixed pg_dump permissions: now dumps to /tmp first, then moves to backup directory update.yml - Added role defaults loading with proper precedence - Fixed docker exec commands to use --user {{ forgejo_user }} - Added monitoring compose file detection and handling restore.yml - Added role defaults loading with proper precedence - Added monitoring compose file detection and handling - Fixed docker exec for doctor command to use --user {{ forgejo_user }} Makefile - Updated .PHONY with new targets - Replaced auto-generated help with structured categorized help - Added backup-cron and backup-cron-s3 targets for non-interactive backups - Added cron job example in help output
2026-01-15 22:26:27 +01:00 · 2026-01-15 22:26:27 +01:00 · c09bf58ea7
commit c09bf58ea7
parent dff39e3d36
4 changed files with 143 additions and 20 deletions
--- a/ansible/playbooks/update.yml
+++ b/ansible/playbooks/update.yml
@ -16,15 +16,27 @@
    skip_backup: false  # Override with --extra-vars "skip_backup=true"
  
  pre_tasks:
+    - name: Load role defaults as fallback
+      ansible.builtin.include_vars:
+        file: ../roles/forgejo/defaults/main.yml
+        name: role_defaults
+
+    - name: Apply all role defaults for undefined variables
+      ansible.builtin.set_fact:
+        "{{ item.key }}": "{{ vars[item.key] | default(item.value) }}"
+      loop: "{{ role_defaults | dict2items }}"
+      loop_control:
+        label: "{{ item.key }}"
+
    - name: Display update information
      ansible.builtin.debug:
        msg: |
          Updating Forgejo from {{ forgejo_version }}
          Backup will be created: {{ backup_before_update and not skip_backup }}
-    
+
    - name: Check current Forgejo version
      ansible.builtin.command:
-        cmd: docker exec forgejo forgejo --version
+        cmd: docker exec --user {{ forgejo_user }} forgejo forgejo --version
      register: current_version
      changed_when: false
      failed_when: false
@ -46,11 +58,17 @@
          ansible.builtin.debug:
            msg: "Backup completed: {{ backup_result.stdout_lines[-1] if backup_result.stdout_lines else 'No output' }}"
    
+    - name: Check if monitoring compose file exists
+      ansible.builtin.stat:
+        path: "{{ forgejo_base_path }}/docker-compose.monitoring.yml"
+      register: monitoring_compose
+
    - name: Stop Forgejo service
      community.docker.docker_compose_v2:
        project_src: "{{ forgejo_base_path }}"
+        files: "{{ ['docker-compose.yml', 'docker-compose.monitoring.yml'] if monitoring_compose.stat.exists else ['docker-compose.yml'] }}"
        state: stopped
-    
+
    - name: Pull latest Forgejo image
      community.docker.docker_image:
        name: "{{ forgejo_docker_image }}:{{ forgejo_version }}"
@ -68,6 +86,7 @@
    - name: Start Forgejo service
      community.docker.docker_compose_v2:
        project_src: "{{ forgejo_base_path }}"
+        files: "{{ ['docker-compose.yml', 'docker-compose.monitoring.yml'] if monitoring_compose.stat.exists else ['docker-compose.yml'] }}"
        state: present
        pull: always
    
@ -82,7 +101,7 @@
    
    - name: Check updated version
      ansible.builtin.command:
-        cmd: docker exec forgejo forgejo --version
+        cmd: docker exec --user {{ forgejo_user }} forgejo forgejo --version
      register: updated_version
      changed_when: false
    
@ -92,7 +111,7 @@
    
    - name: Run database migrations
      ansible.builtin.command:
-        cmd: docker exec forgejo forgejo migrate
+        cmd: docker exec --user {{ forgejo_user }} forgejo forgejo migrate
      register: migrate_result
      changed_when: "'No migration needed' not in migrate_result.stdout"