ansible-roles/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
2 commits 1 branch 0 tags 33 KiB
  • Jinja 100%
Find a file
Exact
srw f452e53a81 add configs for exposing ssh, disabling the users page, and general 
cleanup
2026-04-06 06:40:24 +00:00
defaults add configs for exposing ssh, disabling the users page, and general 2026-04-06 06:40:24 +00:00
meta initial commit 2026-04-05 19:45:53 +00:00
tasks initial commit 2026-04-05 19:45:53 +00:00
templates initial commit 2026-04-05 19:45:53 +00:00
.gitignore initial commit 2026-04-05 19:45:53 +00:00
README.md initial commit 2026-04-05 19:45:53 +00:00

README.md

ansible-roles-forgejo

This role is designed to deploy uptime kuma as a standalone podman container

Task Configuration

Define forgejo_url, this will useful in conjunction with a proxy role such as traefik or nginx

Define forgejo_path if the container user has a custom homedir such as something under /srv..

There are several other values that should be defined and secured vial ansible vault

  • forgejo_db_pass
  • forgejo_mail_pass

ports

26656/TCP for CometBFT P2P, should be public
26657/TCP for CometBFT RPC, should be private
26660/TCP for CometBFT metrics, should be private
26658/TCP for Penumbra ABCI, should be private

9000/TCP for Penumbra metrics, should be private
8080/TCP for Penumbra gRPC, should be private
443/TCP for Penumbra HTTPS, optional, should be public if enabled

- name: Setup proxy and service
  hosts: somehost
  become: true
  roles:
    - role: forgejo
      forgejo_url: forgejo.somehost.somewhere
      forgejo_enable_openid_signin: true
      forgejo_enable_openid_signup: true
      forgejo_mail_outgoing_enable: true
      forgejo_mail_outgoing_port: 587
      forgejo_mail_outgoing_host: mail.somehost.somewhere
      forgejo_mail_outgoing_user: git@somehost.somewhere
      forgejo_mail_outgoing_pass: "{{ forgejo_mail_pass }}"
      forgejo_mail_incoming_enabled: true
      forgejo_mail_incoming_tls: true
      forgejo_mail_incoming_reply_to: git+%{token}@somehost.somewhere
      forgejo_mail_incoming_host: mail.somehost.somewhere
      forgejo_mail_incoming_port: 143
      forgejo_mail_incoming_user: git@somehost.somewhere
      forgejo_mail_incoming_pass: "{{ forgejo_mail_pass }}"
    - role: traefik
      traefik_routes:
        - name: forgejo
          host: "{{ forgejo_url }}"
          srv: "{{ traefik_host_address }}:3001"
    - role: firewalld
      firewalld_add:
        - name: public
          services:
            - http
            - https
          forwards:
            - port: 80
              to: 8080
            - port: 443
              to: 8443

Deployment and Removal

Sometimes you need to manually stop the running containers to get a clean run when re-deploying Services must be stopped as the respecitve user or another means to aquire the correct user scope for systemd

systemctl --user stop container-traefik.service
systemctl --user stop container-forgejo.service

Deploy

ansible-playbook -i hosts site.yml --tags=firewalld,traefik,forgejo --limit=somehost

Remove

ansible-playbook -i hosts site.yml --tags=firewalld,traefik,forgejo --extra-vars "container_state=absent firewall_action=remove" --limit=somehost