- name: Add testing repo lineinfile: path: /etc/apk/repositories line: '@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing' notify: update package cache register: repo - name: Install forgejo package: update_cache: '{{ repo.changed }}' name: - forgejo@testing - forgejo-runner@testing - podman - name: Enable forgejo service service: name: forgejo state: started enabled: yes - name: Create nginx site template: dest: /etc/nginx/http.d/forgejo.conf src: forgejo.conf.j2 notify: reload nginx - meta: flush_handlers - name: Get passwords set_fact: password: '{{ lookup("passwordstore", "vm/"~inventory_hostname, returnall=true) | from_yaml }}' - name: Post installation data uri: creates: /var/lib/forgejo/db/forgejo.db url: 'https://{{ fqdns | first }}' method: POST body_format: form-urlencoded body: - [ db_type, sqlite3 ] - [ db_path, /var/lib/forgejo/db/forgejo.db ] - [ app_name, 'FRI git' ] - [ repo_root_path, /var/lib/forgejo/git ] - [ lfs_root_path, /var/lib/forgejo/data/lfs ] - [ run_user, forgejo ] - [ http_port, 3000 ] - [ ssh_port, 22 ] - [ domain, '{{ fqdns | first }}' ] - [ app_url, 'https://{{ fqdns | first }}/' ] - [ log_root_path, /var/lib/forgejo/log ] - [ allow_only_external_registration, on ] - [ default_allow_create_organization, on ] - [ default_enable_timetracking, on ] - [ enable_open_id_sign_up, on ] - [ offline_mode, on ] - [ disable_gravatar, on ] - [ admin_name, '{{ password.admin_user }}' ] - [ admin_email, '{{ password.admin_mail }}' ] - [ admin_passwd, '{{ password.admin_pass }}' ] - [ admin_confirm_passwd, '{{ password.admin_pass }}' ] #- [ no_reply_address, noreply.localhost ] - name: Configure forgejo ini_file: path: /etc/forgejo/app.ini section: '{{ item.section }}' option: '{{ item.option }}' value: '{{ item.value }}' loop: - section: repository option: DEFAULT_BRANCH value: master - section: repository option: ENABLE_PUSH_CREATE_ORG value: true - section: repository option: ENABLE_PUSH_CREATE_USER value: true notify: restart forgejo - name: Set up SSO become: yes become_method: su become_user: forgejo command: | forgejo admin auth add-oauth --provider=openidConnect \ --name '{{ password.oidc_name }}' --auto-discover-url '{{ password.oidc_endpoint }}' --key '{{ password.oidc_client_id }}' --secret '{{ password.oidc_client_secret }}' register: result changed_when: - result.rc == 0 failed_when: # task fails when both are true - result.rc != 0 - '"login source already exists" not in result.stderr' - name: Get forgejo-runner user user: name: forgejo-runner register: user_info - name: Configure subuid lineinfile: path: /etc/subuid line: '{{ user_info.name }}:{{ user_info.uid }}00000:65536' regexp: '^{{ user_info.name }}:' - name: Configure subgid lineinfile: path: /etc/subgid line: '{{ user_info.name }}:{{ user_info.group }}00000:65536' regexp: '^{{ user_info.name }}:' - name: Create podman service for forgejo-runner file: path: /etc/init.d/podman.forgejo-runner src: podman state: link - name: Configure podman service for forgejo-runner copy: dest: /etc/conf.d/podman.forgejo-runner content: podman_user="forgejo-runner" - name: Configure forgejo-runner template: dest: /etc/forgejo-runner/config.yaml src: config.yaml.j2 owner: forgejo-runner group: forgejo-runner mode: 0600 notify: restart forgejo-runner - name: Check runner registration stat: path: /var/lib/forgejo-runner/.runner register: runner_config - name: Register runner when: not runner_config.stat.exists notify: restart forgejo-runner block: - name: Get runner token become: yes become_method: su become_user: forgejo command: forgejo actions generate-runner-token register: token - name: Register runner become: yes become_method: su become_user: forgejo-runner become_flags: '-s /bin/sh -l' command: | forgejo-runner register --no-interactive --name runner --instance https://git.fri.uni-lj.si --token '{{ token.stdout }}' - name: Enable forgejo-runner services service: name: '{{ item }}' state: started enabled: yes loop: - forgejo-runner - podman.forgejo-runner