semaphore-playbooks/debian12-forgejo/playbook.yml

---
- name: Update web servers
  hosts: all
  remote_user: root
  vars:
    forgejo: 1.20.2-0
    domain: git.keks.cloud
    sslmail: admin@keks.cloud
  handlers:
  - name: Restart forgejo
    ansible.builtin.service:
      name: "forgejo"
      state: restarted
  - name: Restart nginx
    ansible.builtin.service:
      name: "nginx"
      state: restarted
  tasks:
  - name: Install a list of packages
    ansible.builtin.apt:
      pkg:
      - mariadb-server
      - python3-pymysql
      - nginx
      - certbot
      - python3-certbot-nginx
      - git
      
  - name: Add the user 'git'
    ansible.builtin.user:
      name: git
      comment: Git Username
      home: /home/git
      shell: /bin/bash
  - name: Create /var/lib/forgejo
    ansible.builtin.file:
      path: /var/lib/forgejo
      state: directory
      owner: git
      group: git
      mode: '0750'
  - name: Create /etc/forgejo
    ansible.builtin.file:
      path: /etc/forgejo
      state: directory
      owner: git
      group: git
      mode: '0500'

  - name: Create /usr/local/bin/
    ansible.builtin.file:
      path: /usr/local/bin/
      state: directory
      owner: git
      group: git
      mode: '0500'
  
  - name: Check if forgejo version is already downloaded
    stat:
      path: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64"
    register: forgejo_result

  - name: Download Forgejo
    get_url: 
      url: "https://codeberg.org/forgejo/forgejo/releases/download/v{{ forgejo }}/forgejo-{{ forgejo }}-linux-amd64"
      dest: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64"
      mode: '0755'
    when: not forgejo_result.stat.exists

  - name: Create a symbolic link
    ansible.builtin.file:
      src: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64"
      dest: "/usr/local/bin/forgejo"
      state: link
    notify:
      - Restart forgejo

  #NGINX + Certbot
  - name: NGINX Check that the forgejo.conf exists
    stat:
      path: /etc/nginx/sites-enabled/forgejo.conf
    register: stat_result

  - name: NGINX Template forgejo.service 
    ansible.builtin.template:
      src: forgejo.conf
      dest: /etc/nginx/sites-enabled/forgejo.conf
    when: not stat_result.stat.exists
    notify:
      - Restart nginx
  
  - name: Allow all access to tcp port 80
    community.general.ufw:
      rule: allow
      port: '80'
      proto: tcp

  - name: Allow all access to tcp port 443
    community.general.ufw:
      rule: allow
      port: '443'
      proto: tcp


  - name: NGINX Check that the forgejo.conf exists
    stat:
      path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
    register: ssl_file_result
  
  - name: Return motd to registered var
    ansible.builtin.command: certbot -n --nginx --agree-tos -m {{ sslmail }} -d {{ domain }} 
    when: not ssl_file_result.stat.exists
    notify:
      - Restart nginx


  #Database
  - name: Create a new database with name 'forgejo'
    community.mysql.mysql_db:
      name: forgejo
      state: present
      login_unix_socket: /run/mysqld/mysqld.sock

  - name: Removes anonymous user account for localhost
    community.mysql.mysql_user:
      name: ''
      host: localhost
      state: absent
      login_unix_socket: /run/mysqld/mysqld.sock

  - name: Removes all anonymous user accounts
    community.mysql.mysql_user:
      name: ''
      host_all: true
      state: absent
      login_unix_socket: /run/mysqld/mysqld.sock


  - name: Create database user forgejo
    community.mysql.mysql_user:
      name: forgejo
      password: "{{ mariadbpassword }}"
      priv: 'forgejo.*:ALL'
      state: present
      login_unix_socket: /run/mysqld/mysqld.sock

  - name: Template forgejo.service 
    ansible.builtin.template:
      src: forgejo.service
      dest: /etc/systemd/system/forgejo.service

  - name: Template forgejo.service 
    ansible.builtin.template:
      src: app.ini
      dest: /etc/forgejo/app.ini
    notify:
      - Restart forgejo
test: forgjeo 2023-08-05 17:11:17 +00:00			`---`
			`- name: Update web servers`
			`hosts: all`
			`remote_user: root`
test: forgjeo 2023-08-05 17:46:41 +00:00			`vars:`
			`forgejo: 1.20.2-0`
stuff 2023-08-06 20:28:13 +00:00			`domain: git.keks.cloud`
stuff 2023-08-05 18:06:35 +00:00			`sslmail: admin@keks.cloud`
stuff 2023-08-05 17:51:01 +00:00			`handlers:`
			`- name: Restart forgejo`
			`ansible.builtin.service:`
			`name: "forgejo"`
			`state: restarted`
test: forgjeo 2023-08-05 18:15:52 +00:00			`- name: Restart nginx`
			`ansible.builtin.service:`
			`name: "nginx"`
			`state: restarted`
test: forgjeo 2023-08-05 17:11:17 +00:00			`tasks:`
			`- name: Install a list of packages`
test: forgjeo 2023-08-05 17:27:30 +00:00			`ansible.builtin.apt:`
			`pkg:`
			`- mariadb-server`
test: forgjeo 2023-08-05 17:34:22 +00:00			`- python3-pymysql`
stuff 2023-08-05 18:06:35 +00:00			`- nginx`
			`- certbot`
			`- python3-certbot-nginx`
Stuff 2023-08-06 17:49:09 +00:00			`- git`
test: forgjeo 2023-08-05 17:27:30 +00:00
test: forgjeo 2023-08-05 17:11:17 +00:00			`- name: Add the user 'git'`
			`ansible.builtin.user:`
			`name: git`
			`comment: Git Username`
			`home: /home/git`
			`shell: /bin/bash`
			`- name: Create /var/lib/forgejo`
			`ansible.builtin.file:`
			`path: /var/lib/forgejo`
			`state: directory`
test: forgjeo 2023-08-05 17:28:50 +00:00			`owner: git`
test: forgjeo 2023-08-05 17:11:17 +00:00			`group: git`
			`mode: '0750'`
			`- name: Create /etc/forgejo`
			`ansible.builtin.file:`
			`path: /etc/forgejo`
			`state: directory`
test: forgjeo 2023-08-05 17:28:50 +00:00			`owner: git`
test: forgjeo 2023-08-05 17:11:17 +00:00			`group: git`
test: forgjeo 2023-08-05 17:33:14 +00:00			`mode: '0500'`
test: forgjeo 2023-08-05 17:46:41 +00:00
			`- name: Create /usr/local/bin/`
			`ansible.builtin.file:`
			`path: /usr/local/bin/`
			`state: directory`
			`owner: git`
			`group: git`
			`mode: '0500'`

download just if neeeded 2023-08-06 22:04:32 +00:00			`- name: Check if forgejo version is already downloaded`
			`stat:`
			`path: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64"`
			`register: forgejo_result`

stuff 2023-08-05 17:53:24 +00:00			`- name: Download Forgejo`
test: forgjeo 2023-08-05 17:46:41 +00:00			`get_url:`
			`url: "https://codeberg.org/forgejo/forgejo/releases/download/v{{ forgejo }}/forgejo-{{ forgejo }}-linux-amd64"`
			`dest: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64"`
			`mode: '0755'`
download just if neeeded 2023-08-06 22:04:32 +00:00			`when: not forgejo_result.stat.exists`
test: forgjeo 2023-08-05 17:46:41 +00:00
			`- name: Create a symbolic link`
			`ansible.builtin.file:`
			`src: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64"`
stuff 2023-08-05 17:53:24 +00:00			`dest: "/usr/local/bin/forgejo"`
test: forgjeo 2023-08-05 17:46:41 +00:00			`state: link`
stuff 2023-08-05 17:47:48 +00:00			`notify:`
			`- Restart forgejo`
test: forgjeo 2023-08-05 17:46:41 +00:00
stuff 2023-08-05 18:06:35 +00:00			`#NGINX + Certbot`
			`- name: NGINX Check that the forgejo.conf exists`
			`stat:`
			`path: /etc/nginx/sites-enabled/forgejo.conf`
			`register: stat_result`

			`- name: NGINX Template forgejo.service`
			`ansible.builtin.template:`
			`src: forgejo.conf`
			`dest: /etc/nginx/sites-enabled/forgejo.conf`
			`when: not stat_result.stat.exists`
test: forgjeo 2023-08-05 18:15:52 +00:00			`notify:`
			`- Restart nginx`

test: forgjeo 2023-08-05 18:16:27 +00:00			`- name: Allow all access to tcp port 80`
test: forgjeo 2023-08-05 18:15:52 +00:00			`community.general.ufw:`
			`rule: allow`
			`port: '80'`
			`proto: tcp`

			`- name: Allow all access to tcp port 443`
			`community.general.ufw:`
			`rule: allow`
			`port: '443'`
			`proto: tcp`

stuff 2023-08-05 18:06:35 +00:00
			`- name: NGINX Check that the forgejo.conf exists`
			`stat:`
			`path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"`
			`register: ssl_file_result`

			`- name: Return motd to registered var`
stuff 2023-08-06 20:28:13 +00:00			`ansible.builtin.command: certbot -n --nginx --agree-tos -m {{ sslmail }} -d {{ domain }}`
stuff 2023-08-05 18:06:35 +00:00			`when: not ssl_file_result.stat.exists`
test: forgjeo 2023-08-05 18:20:04 +00:00			`notify:`
			`- Restart nginx`
stuff 2023-08-05 18:06:35 +00:00

test: forgjeo 2023-08-05 17:33:14 +00:00
			`#Database`
			`- name: Create a new database with name 'forgejo'`
			`community.mysql.mysql_db:`
			`name: forgejo`
			`state: present`
			`login_unix_socket: /run/mysqld/mysqld.sock`

			`- name: Removes anonymous user account for localhost`
			`community.mysql.mysql_user:`
			`name: ''`
			`host: localhost`
			`state: absent`
			`login_unix_socket: /run/mysqld/mysqld.sock`

			`- name: Removes all anonymous user accounts`
			`community.mysql.mysql_user:`
			`name: ''`
			`host_all: true`
			`state: absent`
test: forgjeo 2023-08-05 17:35:21 +00:00			`login_unix_socket: /run/mysqld/mysqld.sock`

test: forgjeo 2023-08-05 17:33:14 +00:00
			`- name: Create database user forgejo`
			`community.mysql.mysql_user:`
			`name: forgejo`
Stuff 2023-08-06 17:49:09 +00:00			`password: "{{ mariadbpassword }}"`
test: forgjeo 2023-08-05 17:33:14 +00:00			`priv: 'forgejo.*:ALL'`
test: forgjeo 2023-08-05 17:35:21 +00:00			`state: present`
			`login_unix_socket: /run/mysqld/mysqld.sock`
test: forgjeo 2023-08-05 17:46:41 +00:00
			`- name: Template forgejo.service`
			`ansible.builtin.template:`
			`src: forgejo.service`
			`dest: /etc/systemd/system/forgejo.service`
forgejo app ini 2023-08-06 18:23:51 +00:00
stuff 2023-08-06 20:11:57 +00:00			`- name: Template forgejo.service`
forgejo app ini 2023-08-06 18:23:51 +00:00			`ansible.builtin.template:`
			`src: app.ini`
			`dest: /etc/forgejo/app.ini`
			`notify:`
			`- Restart forgejo`