semaphore-playbooks/debian12-forgejo/playbook.yml

---
- name: Update web servers
  hosts: all
  remote_user: root
  vars:
    forgejo: 10.0.1
    domain: git.keks.cloud
    sslmail: admin@keks.cloud
  handlers:
  - name: Restart forgejo
    ansible.builtin.service:
      name: "forgejo"
      state: restarted
  - name: Restart nginx
    ansible.builtin.service:
      name: "nginx"
      state: restarted
  tasks:
  - name: Install a list of packages
    ansible.builtin.apt:
      pkg:
      - mariadb-server
      - python3-pymysql
      - nginx
      - certbot
      - python3-certbot-nginx
      - git
      
  - name: Add the user 'git'
    ansible.builtin.user:
      name: git
      comment: Git Username
      home: /home/git
      shell: /bin/bash
  - name: Create /var/lib/forgejo
    ansible.builtin.file:
      path: /var/lib/forgejo
      state: directory
      owner: git
      group: git
      mode: '0750'
  - name: Create /etc/forgejo
    ansible.builtin.file:
      path: /etc/forgejo
      state: directory
      owner: git
      group: git
      mode: '0500'

  - name: Create /usr/local/bin/
    ansible.builtin.file:
      path: /usr/local/bin/
      state: directory
      owner: git
      group: git
      mode: '0500'
  
  - name: Check if forgejo version is already downloaded
    stat:
      path: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64"
    register: forgejo_result

  - name: Download Forgejo
    get_url: 
      url: "https://codeberg.org/forgejo/forgejo/releases/download/v{{ forgejo }}/forgejo-{{ forgejo }}-linux-amd64"
      dest: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64"
      mode: '0755'
    when: not forgejo_result.stat.exists

  - name: Create a symbolic link
    ansible.builtin.file:
      src: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64"
      dest: "/usr/local/bin/forgejo"
      state: link
    notify:
      - Restart forgejo

  #NGINX + Certbot
  - name: NGINX Check that the forgejo.conf exists
    stat:
      path: /etc/nginx/sites-enabled/forgejo.conf
    register: stat_result

  - name: NGINX Template forgejo.service 
    ansible.builtin.template:
      src: forgejo.conf
      dest: /etc/nginx/sites-enabled/forgejo.conf
    when: not stat_result.stat.exists
    notify:
      - Restart nginx
  
  - name: Allow all access to tcp port 80
    community.general.ufw:
      rule: allow
      port: '80'
      proto: tcp

  - name: Allow all access to tcp port 443
    community.general.ufw:
      rule: allow
      port: '443'
      proto: tcp


  - name: NGINX Check that the forgejo.conf exists
    stat:
      path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
    register: ssl_file_result
  
  - name: Return motd to registered var
    ansible.builtin.command: certbot -n --nginx --agree-tos -m {{ sslmail }} -d {{ domain }} 
    when: not ssl_file_result.stat.exists
    notify:
      - Restart nginx


  #Database
  - name: Create a new database with name 'forgejo'
    community.mysql.mysql_db:
      name: forgejo
      state: present
      login_unix_socket: /run/mysqld/mysqld.sock

  - name: Removes anonymous user account for localhost
    community.mysql.mysql_user:
      name: ''
      host: localhost
      state: absent
      login_unix_socket: /run/mysqld/mysqld.sock

  - name: Removes all anonymous user accounts
    community.mysql.mysql_user:
      name: ''
      host_all: true
      state: absent
      login_unix_socket: /run/mysqld/mysqld.sock


  - name: Create database user forgejo
    community.mysql.mysql_user:
      name: forgejo
      password: "{{ mariadbpassword }}"
      priv: 'forgejo.*:ALL'
      state: present
      login_unix_socket: /run/mysqld/mysqld.sock

  - name: Template forgejo.service 
    ansible.builtin.template:
      src: forgejo.service
      dest: /etc/systemd/system/forgejo.service

  - name: Template forgejo.service 
    ansible.builtin.template:
      src: app.ini
      dest: /etc/forgejo/app.ini
    notify:
      - Restart forgejo
  
  #Backup
  - name: backup script
    ansible.builtin.template:
      src: backup.sh
      dest: /usr/local/bin/backup.sh
      mode: '0770'
  - name: Backup
    ansible.builtin.cron:
      name: "backup"
      minute: "0"
      hour: "3"
      job: "/usr/local/bin/backup.sh > /dev/null"
test: forgjeo 2023-08-05 19:11:17 +02:00			`---`
			`- name: Update web servers`
			`hosts: all`
			`remote_user: root`
test: forgjeo 2023-08-05 19:46:41 +02:00			`vars:`
Update debian12-forgejo/playbook.yml 2025-03-12 15:34:40 +00:00			`forgejo: 10.0.1`
stuff 2023-08-06 22:28:13 +02:00			`domain: git.keks.cloud`
stuff 2023-08-05 20:06:35 +02:00			`sslmail: admin@keks.cloud`
stuff 2023-08-05 19:51:01 +02:00			`handlers:`
			`- name: Restart forgejo`
			`ansible.builtin.service:`
			`name: "forgejo"`
			`state: restarted`
test: forgjeo 2023-08-05 20:15:52 +02:00			`- name: Restart nginx`
			`ansible.builtin.service:`
			`name: "nginx"`
			`state: restarted`
test: forgjeo 2023-08-05 19:11:17 +02:00			`tasks:`
			`- name: Install a list of packages`
test: forgjeo 2023-08-05 19:27:30 +02:00			`ansible.builtin.apt:`
			`pkg:`
			`- mariadb-server`
test: forgjeo 2023-08-05 19:34:22 +02:00			`- python3-pymysql`
stuff 2023-08-05 20:06:35 +02:00			`- nginx`
			`- certbot`
			`- python3-certbot-nginx`
Stuff 2023-08-06 19:49:09 +02:00			`- git`
test: forgjeo 2023-08-05 19:27:30 +02:00
test: forgjeo 2023-08-05 19:11:17 +02:00			`- name: Add the user 'git'`
			`ansible.builtin.user:`
			`name: git`
			`comment: Git Username`
			`home: /home/git`
			`shell: /bin/bash`
			`- name: Create /var/lib/forgejo`
			`ansible.builtin.file:`
			`path: /var/lib/forgejo`
			`state: directory`
test: forgjeo 2023-08-05 19:28:50 +02:00			`owner: git`
test: forgjeo 2023-08-05 19:11:17 +02:00			`group: git`
			`mode: '0750'`
			`- name: Create /etc/forgejo`
			`ansible.builtin.file:`
			`path: /etc/forgejo`
			`state: directory`
test: forgjeo 2023-08-05 19:28:50 +02:00			`owner: git`
test: forgjeo 2023-08-05 19:11:17 +02:00			`group: git`
test: forgjeo 2023-08-05 19:33:14 +02:00			`mode: '0500'`
test: forgjeo 2023-08-05 19:46:41 +02:00
			`- name: Create /usr/local/bin/`
			`ansible.builtin.file:`
			`path: /usr/local/bin/`
			`state: directory`
			`owner: git`
			`group: git`
			`mode: '0500'`

download just if neeeded 2023-08-07 00:04:32 +02:00			`- name: Check if forgejo version is already downloaded`
			`stat:`
			`path: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64"`
			`register: forgejo_result`

stuff 2023-08-05 19:53:24 +02:00			`- name: Download Forgejo`
test: forgjeo 2023-08-05 19:46:41 +02:00			`get_url:`
			`url: "https://codeberg.org/forgejo/forgejo/releases/download/v{{ forgejo }}/forgejo-{{ forgejo }}-linux-amd64"`
			`dest: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64"`
			`mode: '0755'`
download just if neeeded 2023-08-07 00:04:32 +02:00			`when: not forgejo_result.stat.exists`
test: forgjeo 2023-08-05 19:46:41 +02:00
			`- name: Create a symbolic link`
			`ansible.builtin.file:`
			`src: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64"`
stuff 2023-08-05 19:53:24 +02:00			`dest: "/usr/local/bin/forgejo"`
test: forgjeo 2023-08-05 19:46:41 +02:00			`state: link`
stuff 2023-08-05 19:47:48 +02:00			`notify:`
			`- Restart forgejo`
test: forgjeo 2023-08-05 19:46:41 +02:00
stuff 2023-08-05 20:06:35 +02:00			`#NGINX + Certbot`
			`- name: NGINX Check that the forgejo.conf exists`
			`stat:`
			`path: /etc/nginx/sites-enabled/forgejo.conf`
			`register: stat_result`

			`- name: NGINX Template forgejo.service`
			`ansible.builtin.template:`
			`src: forgejo.conf`
			`dest: /etc/nginx/sites-enabled/forgejo.conf`
			`when: not stat_result.stat.exists`
test: forgjeo 2023-08-05 20:15:52 +02:00			`notify:`
			`- Restart nginx`

test: forgjeo 2023-08-05 20:16:27 +02:00			`- name: Allow all access to tcp port 80`
test: forgjeo 2023-08-05 20:15:52 +02:00			`community.general.ufw:`
			`rule: allow`
			`port: '80'`
			`proto: tcp`

			`- name: Allow all access to tcp port 443`
			`community.general.ufw:`
			`rule: allow`
			`port: '443'`
			`proto: tcp`

stuff 2023-08-05 20:06:35 +02:00
			`- name: NGINX Check that the forgejo.conf exists`
			`stat:`
			`path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"`
			`register: ssl_file_result`

			`- name: Return motd to registered var`
stuff 2023-08-06 22:28:13 +02:00			`ansible.builtin.command: certbot -n --nginx --agree-tos -m {{ sslmail }} -d {{ domain }}`
stuff 2023-08-05 20:06:35 +02:00			`when: not ssl_file_result.stat.exists`
test: forgjeo 2023-08-05 20:20:04 +02:00			`notify:`
			`- Restart nginx`
stuff 2023-08-05 20:06:35 +02:00

test: forgjeo 2023-08-05 19:33:14 +02:00
			`#Database`
			`- name: Create a new database with name 'forgejo'`
			`community.mysql.mysql_db:`
			`name: forgejo`
			`state: present`
			`login_unix_socket: /run/mysqld/mysqld.sock`

			`- name: Removes anonymous user account for localhost`
			`community.mysql.mysql_user:`
			`name: ''`
			`host: localhost`
			`state: absent`
			`login_unix_socket: /run/mysqld/mysqld.sock`

			`- name: Removes all anonymous user accounts`
			`community.mysql.mysql_user:`
			`name: ''`
			`host_all: true`
			`state: absent`
test: forgjeo 2023-08-05 19:35:21 +02:00			`login_unix_socket: /run/mysqld/mysqld.sock`

test: forgjeo 2023-08-05 19:33:14 +02:00
			`- name: Create database user forgejo`
			`community.mysql.mysql_user:`
			`name: forgejo`
Stuff 2023-08-06 19:49:09 +02:00			`password: "{{ mariadbpassword }}"`
test: forgjeo 2023-08-05 19:33:14 +02:00			`priv: 'forgejo.*:ALL'`
test: forgjeo 2023-08-05 19:35:21 +02:00			`state: present`
			`login_unix_socket: /run/mysqld/mysqld.sock`
test: forgjeo 2023-08-05 19:46:41 +02:00
			`- name: Template forgejo.service`
			`ansible.builtin.template:`
			`src: forgejo.service`
			`dest: /etc/systemd/system/forgejo.service`
forgejo app ini 2023-08-06 20:23:51 +02:00
stuff 2023-08-06 22:11:57 +02:00			`- name: Template forgejo.service`
forgejo app ini 2023-08-06 20:23:51 +02:00			`ansible.builtin.template:`
			`src: app.ini`
			`dest: /etc/forgejo/app.ini`
			`notify:`
stuff 2023-08-07 01:03:59 +02:00			`- Restart forgejo`

			`#Backup`
			`- name: backup script`
			`ansible.builtin.template:`
			`src: backup.sh`
			`dest: /usr/local/bin/backup.sh`
			`mode: '0770'`
			`- name: Backup`
			`ansible.builtin.cron:`
			`name: "backup"`
			`minute: "0"`
			`hour: "3"`
version 1.23.3 2023-08-21 21:23:20 +02:00			`job: "/usr/local/bin/backup.sh > /dev/null"`
No results found.