forgejo: listen on unix socket
Instead of 0.0.0.0:3000. Skip installation page, and set config values and create admin user manually.
This commit is contained in:
parent
22f363d06a
commit
b3aff08ce3
|
@ -19,5 +19,4 @@
|
|||
|
||||
- name: wait for forgejo
|
||||
wait_for:
|
||||
host: localhost
|
||||
port: 3000
|
||||
path: /var/lib/forgejo/socket
|
||||
|
|
|
@ -13,76 +13,64 @@
|
|||
- forgejo-runner@testing
|
||||
- podman
|
||||
|
||||
- name: Enable forgejo service
|
||||
service:
|
||||
name: forgejo
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: Create nginx site
|
||||
template:
|
||||
dest: /etc/nginx/http.d/forgejo.conf
|
||||
src: forgejo.conf.j2
|
||||
notify: reload nginx
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
- name: Get passwords
|
||||
set_fact:
|
||||
password: '{{ lookup("passwordstore", "vm/"~inventory_hostname, returnall=true) | from_yaml }}'
|
||||
|
||||
- name: Post installation data
|
||||
uri:
|
||||
creates: /var/lib/forgejo/db/forgejo.db
|
||||
url: 'https://{{ fqdns | first }}'
|
||||
method: POST
|
||||
body_format: form-urlencoded
|
||||
body:
|
||||
- [ db_type, sqlite3 ]
|
||||
- [ db_path, /var/lib/forgejo/db/forgejo.db ]
|
||||
- [ app_name, 'FRI git' ]
|
||||
- [ repo_root_path, /var/lib/forgejo/git ]
|
||||
- [ lfs_root_path, /var/lib/forgejo/data/lfs ]
|
||||
- [ run_user, forgejo ]
|
||||
- [ http_port, 3000 ]
|
||||
- [ ssh_port, 22 ]
|
||||
- [ domain, '{{ fqdns | first }}' ]
|
||||
- [ app_url, 'https://{{ fqdns | first }}/' ]
|
||||
- [ log_root_path, /var/lib/forgejo/log ]
|
||||
- [ allow_only_external_registration, on ]
|
||||
- [ default_allow_create_organization, on ]
|
||||
- [ default_enable_timetracking, on ]
|
||||
- [ enable_open_id_sign_up, on ]
|
||||
- [ offline_mode, on ]
|
||||
- [ disable_gravatar, on ]
|
||||
- [ admin_name, '{{ password.admin_user }}' ]
|
||||
- [ admin_email, '{{ password.admin_mail }}' ]
|
||||
- [ admin_passwd, '{{ password.admin_pass }}' ]
|
||||
- [ admin_confirm_passwd, '{{ password.admin_pass }}' ]
|
||||
#- [ no_reply_address, noreply.localhost ]
|
||||
|
||||
- name: Configure forgejo
|
||||
ini_file:
|
||||
path: /etc/forgejo/app.ini
|
||||
section: '{{ item.section }}'
|
||||
section: '{{ item.section | default("") }}'
|
||||
option: '{{ item.option }}'
|
||||
value: '{{ item.value }}'
|
||||
loop:
|
||||
- section: repository
|
||||
option: DEFAULT_BRANCH
|
||||
value: master
|
||||
- section: repository
|
||||
option: ENABLE_PUSH_CREATE_ORG
|
||||
value: true
|
||||
- section: repository
|
||||
option: ENABLE_PUSH_CREATE_USER
|
||||
value: true
|
||||
- { option: APP_NAME, value: 'FRI git' }
|
||||
- { section: security, option: INSTALL_LOCK, value: true }
|
||||
- { section: cron.update_checker, option: ENABLED, value: false }
|
||||
- { section: lfs, option: PATH, value: /var/lib/forgejo/data/lfs }
|
||||
- { section: log, option: ROOT_PATH, value: /var/lib/forgejo/log }
|
||||
- { section: server, option: PROTOCOL, value: http+unix }
|
||||
- { section: server, option: HTTP_ADDR, value: socket }
|
||||
- { section: server, option: UNIX_SOCKET_PERMISSION, value: 660 }
|
||||
- { section: server, option: ROOT_URL, value: 'https://{{ dns_name }}/' }
|
||||
- { section: server, option: LFS_START_SERVER, value: true }
|
||||
- { section: service, option: ALLOW_ONLY_EXTERNAL_REGISTRATION, value: true }
|
||||
- { section: repository, option: DEFAULT_BRANCH, value: master }
|
||||
- { section: repository, option: ENABLE_PUSH_CREATE_ORG, value: true }
|
||||
- { section: repository, option: ENABLE_PUSH_CREATE_USER, value: true }
|
||||
notify: restart forgejo
|
||||
|
||||
- name: Set up SSO
|
||||
- name: Enable forgejo service
|
||||
service:
|
||||
name: forgejo
|
||||
enabled: yes
|
||||
notify: restart forgejo
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
- name: Set up authentication
|
||||
become: yes
|
||||
become_method: su
|
||||
become_user: forgejo
|
||||
block:
|
||||
- name: Get passwords
|
||||
set_fact:
|
||||
password: '{{ lookup("passwordstore", "vm/"~inventory_hostname, returnall=true) | from_yaml }}'
|
||||
|
||||
- name: Create admin user
|
||||
command: |
|
||||
forgejo admin user create --admin
|
||||
--username '{{ password.admin_user }}'
|
||||
--email '{{ password.admin_mail }}'
|
||||
--password '{{ password.admin_pass }}'
|
||||
notify: restart forgejo
|
||||
register: result
|
||||
changed_when: 'result.rc == 0'
|
||||
failed_when: 'result.rc != 0 and "user already exists" not in result.stderr'
|
||||
|
||||
- name: Set up SSO
|
||||
command: |
|
||||
forgejo admin auth add-oauth --provider=openidConnect \
|
||||
--name '{{ password.oidc_name }}'
|
||||
|
@ -90,12 +78,8 @@
|
|||
--key '{{ password.oidc_client_id }}'
|
||||
--secret '{{ password.oidc_client_secret }}'
|
||||
register: result
|
||||
changed_when:
|
||||
- result.rc == 0
|
||||
failed_when:
|
||||
# task fails when both are true
|
||||
- result.rc != 0
|
||||
- '"login source already exists" not in result.stderr'
|
||||
changed_when: 'result.rc == 0'
|
||||
failed_when: 'result.rc != 0 and "login source already exists" not in result.stderr'
|
||||
|
||||
- name: Get forgejo-runner user
|
||||
user:
|
||||
|
|
|
@ -7,7 +7,7 @@ server {
|
|||
ssl_certificate_key /etc/letsencrypt/live/{{ fqdn }}/privkey.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
proxy_pass http://unix:/var/lib/forgejo/socket;
|
||||
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
|
|
Loading…
Reference in a new issue