semaphore-playbooks/debian12-forgejo/playbook.yml
2023-08-06 22:28:13 +02:00

152 lines
No EOL
3.6 KiB
YAML

---
- name: Update web servers
hosts: all
remote_user: root
vars:
forgejo: 1.20.2-0
domain: git.keks.cloud
sslmail: admin@keks.cloud
handlers:
- name: Restart forgejo
ansible.builtin.service:
name: "forgejo"
state: restarted
- name: Restart nginx
ansible.builtin.service:
name: "nginx"
state: restarted
tasks:
- name: Install a list of packages
ansible.builtin.apt:
pkg:
- mariadb-server
- python3-pymysql
- nginx
- certbot
- python3-certbot-nginx
- git
- name: Add the user 'git'
ansible.builtin.user:
name: git
comment: Git Username
home: /home/git
shell: /bin/bash
- name: Create /var/lib/forgejo
ansible.builtin.file:
path: /var/lib/forgejo
state: directory
owner: git
group: git
mode: '0750'
- name: Create /etc/forgejo
ansible.builtin.file:
path: /etc/forgejo
state: directory
owner: git
group: git
mode: '0500'
- name: Create /usr/local/bin/
ansible.builtin.file:
path: /usr/local/bin/
state: directory
owner: git
group: git
mode: '0500'
- name: Download Forgejo
get_url:
url: "https://codeberg.org/forgejo/forgejo/releases/download/v{{ forgejo }}/forgejo-{{ forgejo }}-linux-amd64"
dest: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64"
mode: '0755'
- name: Create a symbolic link
ansible.builtin.file:
src: "/usr/local/bin/forgejo-{{forgejo}}-linux-amd64"
dest: "/usr/local/bin/forgejo"
state: link
notify:
- Restart forgejo
#NGINX + Certbot
- name: NGINX Check that the forgejo.conf exists
stat:
path: /etc/nginx/sites-enabled/forgejo.conf
register: stat_result
- name: NGINX Template forgejo.service
ansible.builtin.template:
src: forgejo.conf
dest: /etc/nginx/sites-enabled/forgejo.conf
when: not stat_result.stat.exists
notify:
- Restart nginx
- name: Allow all access to tcp port 80
community.general.ufw:
rule: allow
port: '80'
proto: tcp
- name: Allow all access to tcp port 443
community.general.ufw:
rule: allow
port: '443'
proto: tcp
- name: NGINX Check that the forgejo.conf exists
stat:
path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
register: ssl_file_result
- name: Return motd to registered var
ansible.builtin.command: certbot -n --nginx --agree-tos -m {{ sslmail }} -d {{ domain }}
when: not ssl_file_result.stat.exists
notify:
- Restart nginx
#Database
- name: Create a new database with name 'forgejo'
community.mysql.mysql_db:
name: forgejo
state: present
login_unix_socket: /run/mysqld/mysqld.sock
- name: Removes anonymous user account for localhost
community.mysql.mysql_user:
name: ''
host: localhost
state: absent
login_unix_socket: /run/mysqld/mysqld.sock
- name: Removes all anonymous user accounts
community.mysql.mysql_user:
name: ''
host_all: true
state: absent
login_unix_socket: /run/mysqld/mysqld.sock
- name: Create database user forgejo
community.mysql.mysql_user:
name: forgejo
password: "{{ mariadbpassword }}"
priv: 'forgejo.*:ALL'
state: present
login_unix_socket: /run/mysqld/mysqld.sock
- name: Template forgejo.service
ansible.builtin.template:
src: forgejo.service
dest: /etc/systemd/system/forgejo.service
- name: Template forgejo.service
ansible.builtin.template:
src: app.ini
dest: /etc/forgejo/app.ini
notify:
- Restart forgejo