From 9235c2011e020b9e34f84c89ee9261ba33f36493 Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@holzmarkt.com>
Date: Thu, 9 Jan 2025 20:39:34 +0100
Subject: [PATCH] Initial commit

---
 defaults/main.yml            | 43 +++++++++++++++++++++++++++++++
 files/forgejo.service        | 18 +++++++++++++
 handlers/main.yml            |  5 ++++
 tasks/main.yml               | 50 ++++++++++++++++++++++++++++++++++++
 templates/forgejo_app.ini.j2 |  9 +++++++
 5 files changed, 125 insertions(+)
 create mode 100644 defaults/main.yml
 create mode 100644 files/forgejo.service
 create mode 100644 handlers/main.yml
 create mode 100644 tasks/main.yml
 create mode 100644 templates/forgejo_app.ini.j2

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..f381e57
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,43 @@
+forgejo_version: "7.0.12"
+
+# See https://forgejo.org/docs/latest/admin/config-cheat-sheet/
+forgejo_config:
+  DEFAULT:
+    WORK_PATH: /var/lib/forgejo
+  server:
+    # DOMAIN: localhost # Set this to your domain!
+    # ROOT_URL: https://localhost/ # Set this to your root url!
+    # SSH_DOMAIN: localhost
+    # LFS_JWT_SECRET: ... # Generate with `forgejo generate secret JWT_SECRET`
+    PROTOCOL: http
+    HTTP_ADDR: 127.0.0.1
+    HTTP_PORT: 3000
+    UNIX_SOCKET_PERMISSION: "660"
+  repository:
+    ROOT: /var/lib/forgejo/data/repos
+    DEFAULT_PRIVATE: "true"
+  database:
+    DB_TYPE: sqlite3
+  openid:
+    ENABLE_OPENID_SIGNIN: "false"
+    ENABLE_OPENID_SIGNUP: "false"
+  oauth2:
+    # JWT_SECRET: ... # Generate with `forgejo generate secret JWT_SECRET`
+  security:
+    INSTALL_LOCK: "true"
+    # SECRET_KEY: ... # Generate with `forgejo generate secret SECRET_KEY`
+    # INTERNAL_TOKEN: ... # Generate with `forgejo generate secret INTERNAL_TOKEN`
+    PASSWORD_HASH_ALGO: argon2
+  service:
+    # First registered user become admin, so we disable registration per default (at least initially)
+    # Create first user via CLI:
+    #   sudo -u git forgejo --config /etc/forgejo/app.ini admin user create --admin --username forgejo-admin --password ... --email admin@localhost
+    DISABLE_REGISTRATION: "true"
+    DEFAULT_KEEP_EMAIL_PRIVATE: "true"
+    DEFAULT_USER_VISIBILITY: "limited"
+    DEFAULT_ORG_VISIBILITY: "limited"
+  ui:
+    SHOW_USER_EMAIL: "false"
+  other:
+    SHOW_FOOTER_VERSION: "false"
+    SHOW_FOOTER_TEMPLATE_LOAD_TIME: "false"
diff --git a/files/forgejo.service b/files/forgejo.service
new file mode 100644
index 0000000..712aa2d
--- /dev/null
+++ b/files/forgejo.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=Forgejo
+
+After=syslog.target
+After=network.target
+# TODO: After=DB/redis/...
+
+[Service]
+RestartSec=2s
+Type=simple
+User=git
+Group=git
+WorkingDirectory=~
+ExecStart=/usr/local/sbin/forgejo web --config /etc/forgejo/app.ini
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..e9de171
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: Restart forgejo
+  ansible.builtin.systemd_service:
+    name: forgejo
+    daemon_reload: true
+    state: restarted
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..46eb6e1
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,50 @@
+- name: Download forgejo binary
+  ansible.builtin.get_url:
+    url: "https://codeberg.org/forgejo/forgejo/releases/download/v{{ forgejo_version }}/forgejo-{{ forgejo_version }}-linux-amd64"
+    dest: "/usr/local/sbin/forgejo"
+    mode: "0755"
+  notify: Restart forgejo
+
+- name: Create git group
+  ansible.builtin.group:
+    name: git
+    system: true
+
+- name: Create git user
+  ansible.builtin.user:
+    name: git
+    group: git
+    home: /var/lib/forgejo
+    create_home: false
+    system: true
+
+- name: Create data directory
+  ansible.builtin.file:
+    path: /var/lib/forgejo
+    owner: git
+    group: git
+    state: directory
+    mode: "0750"
+
+- name: Create config directory
+  ansible.builtin.file:
+    path: /etc/forgejo
+    owner: root
+    group: git
+    state: directory
+    mode: "0750"
+
+- name: Update config
+  ansible.builtin.template:
+    src: forgejo_app.ini.j2
+    dest: /etc/forgejo/app.ini
+    owner: root
+    group: git
+    mode: "0640"
+  notify: Restart forgejo
+
+- name: Create systemd unit
+  ansible.builtin.copy:
+    src: forgejo.service
+    dest: /etc/systemd/system/forgejo.service
+  notify: Restart forgejo
diff --git a/templates/forgejo_app.ini.j2 b/templates/forgejo_app.ini.j2
new file mode 100644
index 0000000..38ba7c2
--- /dev/null
+++ b/templates/forgejo_app.ini.j2
@@ -0,0 +1,9 @@
+{% for section_name, section in forgejo_config.items() %}
+{% if section_name != 'DEFAULT' %}
+[{{section_name}}]
+{% endif %}
+{% for key, value in section.items() %}
+{{key}} = {{value}}
+{% endfor %}
+
+{% endfor %}