--- # WetGIT Forgejo (self-hosted Git) + Redis # # Deploys Forgejo and Redis as Docker containers. # Forgejo serves git.wetgit.nl (HTTPS-only, no SSH — blocked by firewall). # Redis provides Celery broker for the WetGIT pipeline. # # IMPORTANT: Does NOT touch dt-platform's Docker services (grimoire). # All containers use the 'wetgit-network' Docker network. # --- System user --- - name: Create wetgit system user user: name: wetgit system: yes home: /opt/wetgit shell: /bin/bash create_home: no - name: Get wetgit user UID command: id -u wetgit register: wetgit_uid_result changed_when: false check_mode: false - name: Get wetgit user GID command: id -g wetgit register: wetgit_gid_result changed_when: false check_mode: false - name: Store wetgit UID/GID as facts set_fact: wetgit_uid: "{{ wetgit_uid_result.stdout }}" wetgit_gid: "{{ wetgit_gid_result.stdout }}" # --- Directories --- - name: Create WetGIT directories file: path: "{{ item.path }}" state: directory owner: "{{ item.owner }}" group: "{{ item.group }}" mode: "0755" loop: # Forgejo directories (owned by wetgit user) - { path: "{{ app_dir }}/docker", owner: wetgit, group: wetgit } - { path: "{{ forgejo_data_dir }}", owner: wetgit, group: wetgit } - { path: "{{ forgejo_data_dir }}/gitea/conf", owner: wetgit, group: wetgit } - { path: "{{ data_dir }}/redis", owner: wetgit, group: wetgit } - { path: "{{ app_dir }}/scripts", owner: wetgit, group: wetgit } - { path: "{{ app_dir }}/backups", owner: wetgit, group: wetgit } - { path: "{{ app_dir }}/logs", owner: wetgit, group: wetgit } - { path: "{{ app_dir }}/mirrors", owner: wetgit, group: wetgit } # Application directories (owned by www-data for FastAPI/Celery) - { path: "{{ app_dir }}", owner: root, group: root } - { path: "{{ app_dir }}/backend", owner: www-data, group: www-data } - { path: "{{ data_dir }}", owner: root, group: root } - { path: "{{ data_dir }}/git-repos", owner: www-data, group: www-data } # --- Forgejo config --- - name: Deploy Forgejo app.ini (initial seed) template: src: app.ini.j2 dest: "{{ forgejo_data_dir }}/gitea/conf/app.ini" owner: wetgit group: wetgit mode: "0644" # Don't overwrite if Forgejo has already modified it force: no notify: restart forgejo # --- Docker Compose --- - name: Deploy Docker Compose stack template: src: docker-compose.yml.j2 dest: "{{ app_dir }}/docker/docker-compose.yml" owner: wetgit group: wetgit mode: "0644" notify: restart forgejo - name: Start WetGIT Docker stack community.docker.docker_compose_v2: project_src: "{{ app_dir }}/docker" state: present # --- Backup script --- - name: Deploy backup script template: src: backup.sh.j2 dest: "{{ app_dir }}/scripts/backup.sh" owner: wetgit group: wetgit mode: "0755" # --- Daily sync script --- - name: Deploy daily sync script template: src: daily-sync.sh.j2 dest: "{{ app_dir }}/scripts/daily-sync.sh" owner: wetgit group: wetgit mode: "0755" # --- Mirror script --- - name: Deploy Codeberg mirror script template: src: mirror-to-codeberg.sh.j2 dest: "{{ app_dir }}/scripts/mirror-to-codeberg.sh" owner: wetgit group: wetgit mode: "0755" - name: Deploy Codeberg token copy: content: "{{ codeberg_api_token }}" dest: "{{ app_dir }}/.codeberg-token" owner: wetgit group: wetgit mode: "0600" when: codeberg_api_token is defined and codeberg_api_token | length > 0 # --- Cron jobs --- - name: Configure daily sync cron (03:00) cron: name: "wetgit-daily-sync" user: wetgit hour: "3" minute: "0" job: "{{ app_dir }}/scripts/daily-sync.sh >> {{ app_dir }}/logs/sync.log 2>&1" - name: Configure backup cron (weekly Sunday 02:00) cron: name: "wetgit-backup" user: root weekday: "0" hour: "2" minute: "0" job: "{{ app_dir }}/scripts/backup.sh >> {{ app_dir }}/logs/backup.log 2>&1" - name: Configure Codeberg mirror cron (daily 04:00) cron: name: "wetgit-codeberg-mirror" user: wetgit hour: "4" minute: "0" job: "{{ app_dir }}/scripts/mirror-to-codeberg.sh >> {{ app_dir }}/logs/mirror.log 2>&1" when: codeberg_api_token is defined and codeberg_api_token | length > 0 - name: Configure log cleanup cron (monthly) cron: name: "wetgit-log-cleanup" user: wetgit day: "1" hour: "5" minute: "0" job: "find {{ app_dir }}/logs -name '*.log' -mtime +30 -delete"