--- - name: Update web servers hosts: all remote_user: root vars: forgejo: 1.20.4-0 domain: git.keks.cloud sslmail: admin@keks.cloud handlers: - name: Restart forgejo ansible.builtin.service: name: "forgejo" state: restarted - name: Restart nginx ansible.builtin.service: name: "nginx" state: restarted tasks: - name: Install a list of packages ansible.builtin.apt: pkg: - mariadb-server - python3-pymysql - nginx - certbot - python3-certbot-nginx - git - name: Add the user 'git' ansible.builtin.user: name: git comment: Git Username home: /home/git shell: /bin/bash - name: Create /var/lib/forgejo ansible.builtin.file: path: /var/lib/forgejo state: directory owner: git group: git mode: '0750' - name: Create /etc/forgejo ansible.builtin.file: path: /etc/forgejo state: directory owner: git group: git mode: '0500' - name: Create /usr/local/bin/ ansible.builtin.file: path: /usr/local/bin/ state: directory owner: git group: git mode: '0500' - name: Check if forgejo version is already downloaded stat: path: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64" register: forgejo_result - name: Download Forgejo get_url: url: "https://codeberg.org/forgejo/forgejo/releases/download/v{{ forgejo }}/forgejo-{{ forgejo }}-linux-amd64" dest: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64" mode: '0755' when: not forgejo_result.stat.exists - name: Create a symbolic link ansible.builtin.file: src: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64" dest: "/usr/local/bin/forgejo" state: link notify: - Restart forgejo #NGINX + Certbot - name: NGINX Check that the forgejo.conf exists stat: path: /etc/nginx/sites-enabled/forgejo.conf register: stat_result - name: NGINX Template forgejo.service ansible.builtin.template: src: forgejo.conf dest: /etc/nginx/sites-enabled/forgejo.conf when: not stat_result.stat.exists notify: - Restart nginx - name: Allow all access to tcp port 80 community.general.ufw: rule: allow port: '80' proto: tcp - name: Allow all access to tcp port 443 community.general.ufw: rule: allow port: '443' proto: tcp - name: NGINX Check that the forgejo.conf exists stat: path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem" register: ssl_file_result - name: Return motd to registered var ansible.builtin.command: certbot -n --nginx --agree-tos -m {{ sslmail }} -d {{ domain }} when: not ssl_file_result.stat.exists notify: - Restart nginx #Database - name: Create a new database with name 'forgejo' community.mysql.mysql_db: name: forgejo state: present login_unix_socket: /run/mysqld/mysqld.sock - name: Removes anonymous user account for localhost community.mysql.mysql_user: name: '' host: localhost state: absent login_unix_socket: /run/mysqld/mysqld.sock - name: Removes all anonymous user accounts community.mysql.mysql_user: name: '' host_all: true state: absent login_unix_socket: /run/mysqld/mysqld.sock - name: Create database user forgejo community.mysql.mysql_user: name: forgejo password: "{{ mariadbpassword }}" priv: 'forgejo.*:ALL' state: present login_unix_socket: /run/mysqld/mysqld.sock - name: Template forgejo.service ansible.builtin.template: src: forgejo.service dest: /etc/systemd/system/forgejo.service - name: Template forgejo.service ansible.builtin.template: src: app.ini dest: /etc/forgejo/app.ini notify: - Restart forgejo #Backup - name: backup script ansible.builtin.template: src: backup.sh dest: /usr/local/bin/backup.sh mode: '0770' - name: Backup ansible.builtin.cron: name: "backup" minute: "0" hour: "3" job: "/usr/local/bin/backup.sh > /dev/null"