wetgit/meta
1
0
Fork 0
Code Issues 18 Pull requests Projects Releases Packages Wiki Activity Actions
meta/ansible/roles/wetgit-forgejo/tasks/main.yml
Coornhert c481ebf9e7 feat: ansible deployment setup voor dt-prod-01 
- Forgejo + Redis Docker stack (wetgit-forgejo role)
- FastAPI + Celery systemd services (wetgit-app role)
- Nginx vhosts voor git.wetgit.nl en api.wetgit.nl (wetgit-nginx role)
- SSL via Let's Encrypt (certbot webroot)
- Backup script (forgejo dump, geen downtime)
- Codeberg mirror script
- Cron jobs voor backup/mirror/log cleanup
- Ansible vault voor secrets (encrypted)

Geïsoleerd van dt-platform: eigen poorten, users, directories.
2026-03-29 21:24:47 +02:00

148 lines
4.1 KiB
YAML
Raw Blame History

---
# WetGIT Forgejo (self-hosted Git) + Redis
#
# Deploys Forgejo and Redis as Docker containers.
# Forgejo serves git.wetgit.nl (HTTPS-only, no SSH — blocked by firewall).
# Redis provides Celery broker for the WetGIT pipeline.
#
# IMPORTANT: Does NOT touch dt-platform's Docker services (grimoire).
# All containers use the 'wetgit-network' Docker network.
# --- System user ---
- name: Create wetgit system user
user:
name: wetgit
system: yes
home: /opt/wetgit
shell: /bin/bash
create_home: no
- name: Get wetgit user UID
command: id -u wetgit
register: wetgit_uid_result
changed_when: false
check_mode: false
- name: Get wetgit user GID
command: id -g wetgit
register: wetgit_gid_result
changed_when: false
check_mode: false
- name: Store wetgit UID/GID as facts
set_fact:
wetgit_uid: "{{ wetgit_uid_result.stdout }}"
wetgit_gid: "{{ wetgit_gid_result.stdout }}"
# --- Directories ---
- name: Create WetGIT directories
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "0755"
loop:
# Forgejo directories (owned by wetgit user)
- { path: "{{ app_dir }}/docker", owner: wetgit, group: wetgit }
- { path: "{{ forgejo_data_dir }}", owner: wetgit, group: wetgit }
- { path: "{{ forgejo_data_dir }}/gitea/conf", owner: wetgit, group: wetgit }
- { path: "{{ data_dir }}/redis", owner: wetgit, group: wetgit }
- { path: "{{ app_dir }}/scripts", owner: wetgit, group: wetgit }
- { path: "{{ app_dir }}/backups", owner: wetgit, group: wetgit }
- { path: "{{ app_dir }}/logs", owner: wetgit, group: wetgit }
- { path: "{{ app_dir }}/mirrors", owner: wetgit, group: wetgit }
# Application directories (owned by www-data for FastAPI/Celery)
- { path: "{{ app_dir }}", owner: root, group: root }
- { path: "{{ app_dir }}/backend", owner: www-data, group: www-data }
- { path: "{{ data_dir }}", owner: root, group: root }
- { path: "{{ data_dir }}/git-repos", owner: www-data, group: www-data }
# --- Forgejo config ---
- name: Deploy Forgejo app.ini (initial seed)
template:
src: app.ini.j2
dest: "{{ forgejo_data_dir }}/gitea/conf/app.ini"
owner: wetgit
group: wetgit
mode: "0644"
# Don't overwrite if Forgejo has already modified it
force: no
notify: restart forgejo
# --- Docker Compose ---
- name: Deploy Docker Compose stack
template:
src: docker-compose.yml.j2
dest: "{{ app_dir }}/docker/docker-compose.yml"
owner: wetgit
group: wetgit
mode: "0644"
notify: restart forgejo
- name: Start WetGIT Docker stack
community.docker.docker_compose_v2:
project_src: "{{ app_dir }}/docker"
state: present
# --- Backup script ---
- name: Deploy backup script
template:
src: backup.sh.j2
dest: "{{ app_dir }}/scripts/backup.sh"
owner: wetgit
group: wetgit
mode: "0755"
# --- Mirror script ---
- name: Deploy Codeberg mirror script
template:
src: mirror-to-codeberg.sh.j2
dest: "{{ app_dir }}/scripts/mirror-to-codeberg.sh"
owner: wetgit
group: wetgit
mode: "0755"
- name: Deploy Codeberg token
copy:
content: "{{ codeberg_api_token }}"
dest: "{{ app_dir }}/.codeberg-token"
owner: wetgit
group: wetgit
mode: "0600"
when: codeberg_api_token is defined and codeberg_api_token | length > 0
# --- Cron jobs ---
- name: Configure backup cron (weekly Sunday 02:00)
cron:
name: "wetgit-backup"
user: root
weekday: "0"
hour: "2"
minute: "0"
job: "{{ app_dir }}/scripts/backup.sh >> {{ app_dir }}/logs/backup.log 2>&1"
- name: Configure Codeberg mirror cron (daily 04:00)
cron:
name: "wetgit-codeberg-mirror"
user: wetgit
hour: "4"
minute: "0"
job: "{{ app_dir }}/scripts/mirror-to-codeberg.sh >> {{ app_dir }}/logs/mirror.log 2>&1"
when: codeberg_api_token is defined and codeberg_api_token | length > 0
- name: Configure log cleanup cron (monthly)
cron:
name: "wetgit-log-cleanup"
user: wetgit
day: "1"
hour: "5"
minute: "0"
job: "find {{ app_dir }}/logs -name '*.log' -mtime +30 -delete"
Reference in a new issue View git blame Copy permalink