rc/servers
5
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
servers/roles/forgejo/tasks/main.yml
Timotej Lazar 12ccc9735b forgejo: extend session lifetime to two weeks 
Chosen arbitrarily.
2025-09-10 09:59:43 +02:00

77 lines
3.1 KiB
YAML
Raw Blame History

- name: Install forgejo
package:
name:
- forgejo
- name: Create nginx site
template:
dest: /etc/nginx/http.d/forgejo.conf
src: forgejo.conf.j2
notify: reload nginx
- name: Configure forgejo
ini_file:
path: /etc/forgejo/app.ini
section: '{{ item.section | default("") }}'
option: '{{ item.option }}'
value: '{{ item.value }}'
loop:
- { option: APP_NAME, value: 'FRI git' }
- { section: oauth2_client, option: ENABLE_AUTO_REGISTRATION, value: true }
- { section: oauth2_client, option: USERNAME, value: email }
- { section: service, option: ALLOW_ONLY_EXTERNAL_REGISTRATION, value: true }
- { section: service, option: DEFAULT_USER_VISIBILITY, value: public }
- { section: service.explore, option: DISABLE_USERS_PAGE, value: true }
- { section: session, option: SESSION_LIFE_TIME, value: '{{ 14 * 86400 }}' }
- { section: database, option: SQLITE_JOURNAL_MODE, value: WAL }
- { section: log, option: ROOT_PATH, value: /var/lib/forgejo/log }
- { section: server, option: ROOT_URL, value: 'https://{{ dns_name }}/' }
- { section: server, option: PROTOCOL, value: http+unix }
- { section: server, option: HTTP_ADDR, value: socket }
- { section: server, option: UNIX_SOCKET_PERMISSION, value: 660 }
- { section: server, option: LANDING_PAGE, value: "explore" }
- { section: server, option: LFS_START_SERVER, value: true }
- { section: lfs, option: PATH, value: /var/lib/forgejo/data/lfs }
- { section: repository, option: DEFAULT_BRANCH, value: master }
- { section: repository, option: ENABLE_PUSH_CREATE_ORG, value: true }
- { section: repository, option: ENABLE_PUSH_CREATE_USER, value: true }
- { section: ui, option: AMBIGUOUS_UNICODE_DETECTION, value: false }
- { section: other, option: SHOW_FOOTER_VERSION, value: false }
- { section: other, option: SHOW_FOOTER_TEMPLATE_LOAD_TIME, value: false }
- { section: cron.update_checker, option: ENABLED, value: false }
- { section: security, option: INSTALL_LOCK, value: true }
notify: restart forgejo
- name: Enable forgejo service
service:
name: forgejo
enabled: yes
notify: restart forgejo
- meta: flush_handlers
- name: Set up authentication
become: yes
become_user: forgejo
block:
- name: Create admin user
command: |
forgejo admin user create --admin
--username '{{ password.admin_user }}'
--email '{{ password.admin_mail }}'
--password '{{ password.admin_pass }}'
notify: restart forgejo
register: result
changed_when: 'result.rc == 0'
failed_when: 'result.rc != 0 and "user already exists" not in result.stderr'
- name: Set up SSO
command: |
forgejo admin auth add-oauth --provider=openidConnect \
--name '{{ password.oidc_name }}'
--auto-discover-url '{{ password.oidc_endpoint }}'
--key '{{ password.oidc_client_id }}'
--secret '{{ password.oidc_client_secret }}'
register: result
changed_when: 'result.rc == 0'
failed_when: 'result.rc != 0 and "login source already exists" not in result.stderr'
Reference in a new issue View git blame Copy permalink