--- - name: Install dependencies ansible.builtin.package: name: git-lfs state: installed - name: Download binary ansible.builtin.get_url: url: "{{ forgejo_url }}" checksum: "sha256:{{ forgejo_url }}.sha256" dest: /usr/local/bin/forgejo mode: "0755" owner: root group: "{{ ansible_wheel }}" notify: Restart forgejo - name: Create group ansible.builtin.group: name: forgejo gid: 303 - name: Create user ansible.builtin.user: name: forgejo comment: Service Forgejo createhome: false group: forgejo home: /var/empty shell: /sbin/nologin uid: 303 - name: Create config directory ansible.builtin.file: path: /etc/forgejo state: directory mode: "0750" owner: root group: forgejo - name: Create config ansible.builtin.template: dest: /etc/forgejo/app.ini src: app.ini.j2 mode: "0640" owner: root group: forgejo notify: Restart forgejo - name: Create data directory ansible.builtin.file: path: /export/forgejo state: directory mode: "0750" owner: forgejo group: forgejo - name: Link data directory ansible.builtin.file: path: /srv/forgejo state: link src: /export/forgejo owner: root group: "{{ ansible_wheel }}" follow: false - name: Create service file ansible.builtin.copy: dest: /etc/systemd/system/forgejo.service src: forgejo.service mode: "0644" owner: root group: "{{ ansible_wheel }}" notify: Restart forgejo - name: Enable service ansible.builtin.service: name: forgejo state: started enabled: true - name: Allow nginx to connect forgejo ansible.posix.seboolean: name: httpd_can_network_connect state: true persistent: true - name: Copy nginx config ansible.builtin.copy: dest: "/etc/nginx/conf.d/{{ inventory_hostname }}/forgejo.conf" content: | client_max_body_size 100m; location / { proxy_pass http://127.0.0.1:3000; } mode: "0644" owner: root group: "{{ ansible_wheel }}" notify: Restart nginx - name: Add forgejo alias for root ansible.builtin.blockinfile: path: /root/.bashrc block: | # run forgejo as forgejo user alias forgejo='sudo -u forgejo HOME=/srv/forgejo \ GITEA_WORK_DIR=/srv/forgejo \ /usr/local/bin/forgejo -c /etc/forgejo/app.ini'