wetgit/meta
1
0
Fork 0
Code Issues 18 Pull requests Projects Releases Packages Wiki Activity Actions
meta/ansible/roles/wetgit-forgejo/tasks/main.yml
Coornhert d3536c74a4 chore(ansible): Meilisearch/Qdrant stack, web vhost, module-paden 
- Meilisearch v1.12 + Qdrant v1.13 toegevoegd aan docker-compose
- Env vars voor MEILI_URL/QDRANT_URL/MISTRAL_API_KEY/FORGEJO_API_TOKEN
- Nieuwe web vhost (wetgit.nl) via wetgit-web.conf.j2
- Systemd service-paden:
  - wetgit.service → uvicorn wetgit.api.app:app
  - wetgit-celery.service → celery -A wetgit.tasks
- WETGIT_GIT_REPOS_DIR verplaatst naar {{ app_dir }}/app
  (data leeft op /opt/wetgit/app/rijk/)
- Nieuwe vault-secrets: meili_master_key, qdrant_api_key, mistral_api_key
2026-04-21 20:58:38 +02:00

182 lines
5 KiB
YAML
Raw Blame History

---
# WetGIT Forgejo (self-hosted Git) + Redis
#
# Deploys Forgejo and Redis as Docker containers.
# Forgejo serves git.wetgit.nl (HTTPS-only, no SSH — blocked by firewall).
# Redis provides Celery broker for the WetGIT pipeline.
#
# IMPORTANT: Does NOT touch dt-platform's Docker services (grimoire).
# All containers use the 'wetgit-network' Docker network.
# --- System user ---
- name: Create wetgit system user
user:
name: wetgit
system: yes
home: /opt/wetgit
shell: /bin/bash
create_home: no
- name: Get wetgit user UID
command: id -u wetgit
register: wetgit_uid_result
changed_when: false
check_mode: false
- name: Get wetgit user GID
command: id -g wetgit
register: wetgit_gid_result
changed_when: false
check_mode: false
- name: Store wetgit UID/GID as facts
set_fact:
wetgit_uid: "{{ wetgit_uid_result.stdout }}"
wetgit_gid: "{{ wetgit_gid_result.stdout }}"
# --- Directories ---
- name: Create WetGIT directories
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "0755"
loop:
# Parents first (owned by root)
- { path: "{{ app_dir }}", owner: root, group: root }
- { path: "{{ data_dir }}", owner: root, group: root }
# Forgejo directories (owned by wetgit user)
- { path: "{{ app_dir }}/docker", owner: wetgit, group: wetgit }
- { path: "{{ forgejo_data_dir }}", owner: wetgit, group: wetgit }
- { path: "{{ forgejo_data_dir }}/gitea/conf", owner: wetgit, group: wetgit }
- { path: "{{ data_dir }}/redis", owner: wetgit, group: wetgit }
- { path: "{{ data_dir }}/meilisearch", owner: wetgit, group: wetgit }
- { path: "{{ data_dir }}/qdrant", owner: wetgit, group: wetgit }
- { path: "{{ app_dir }}/scripts", owner: wetgit, group: wetgit }
- { path: "{{ app_dir }}/backups", owner: wetgit, group: wetgit }
- { path: "{{ app_dir }}/logs", owner: wetgit, group: wetgit }
- { path: "{{ app_dir }}/mirrors", owner: wetgit, group: wetgit }
# Application directories (owned by www-data for FastAPI/Celery)
- { path: "{{ app_dir }}/backend", owner: www-data, group: www-data }
- { path: "{{ data_dir }}/git-repos", owner: www-data, group: www-data }
# --- Forgejo config ---
- name: Deploy Forgejo app.ini (initial seed)
template:
src: app.ini.j2
dest: "{{ forgejo_data_dir }}/gitea/conf/app.ini"
owner: wetgit
group: wetgit
mode: "0644"
# Don't overwrite if Forgejo has already modified it
force: no
notify: restart forgejo
# --- Docker Compose ---
- name: Deploy Docker Compose stack
template:
src: docker-compose.yml.j2
dest: "{{ app_dir }}/docker/docker-compose.yml"
owner: wetgit
group: wetgit
mode: "0640"
notify: restart docker stack
- name: Start WetGIT Docker stack
community.docker.docker_compose_v2:
project_src: "{{ app_dir }}/docker"
state: present
# --- Backup script ---
- name: Deploy backup script
template:
src: backup.sh.j2
dest: "{{ app_dir }}/scripts/backup.sh"
owner: wetgit
group: wetgit
mode: "0755"
# --- Daily sync script ---
- name: Deploy daily sync script
template:
src: daily-sync.sh.j2
dest: "{{ app_dir }}/scripts/daily-sync.sh"
owner: wetgit
group: wetgit
mode: "0755"
# --- Mirror script ---
- name: Deploy Codeberg mirror script
template:
src: mirror-to-codeberg.sh.j2
dest: "{{ app_dir }}/scripts/mirror-to-codeberg.sh"
owner: wetgit
group: wetgit
mode: "0755"
- name: Deploy Codeberg token
copy:
content: "{{ codeberg_api_token }}"
dest: "{{ app_dir }}/.codeberg-token"
owner: wetgit
group: wetgit
mode: "0600"
when: codeberg_api_token is defined and codeberg_api_token | length > 0
# --- Cron jobs ---
- name: Configure daily sync cron (03:00)
cron:
name: "wetgit-daily-sync"
user: wetgit
hour: "3"
minute: "0"
job: "{{ app_dir }}/scripts/daily-sync.sh >> {{ app_dir }}/logs/sync.log 2>&1"
- name: Configure backup cron (weekly Sunday 02:00)
cron:
name: "wetgit-backup"
user: wetgit
weekday: "0"
hour: "2"
minute: "0"
job: "{{ app_dir }}/scripts/backup.sh >> {{ app_dir }}/logs/backup.log 2>&1"
- name: Configure Codeberg mirror cron (daily 04:00)
cron:
name: "wetgit-codeberg-mirror"
user: wetgit
hour: "4"
minute: "0"
job: "{{ app_dir }}/scripts/mirror-to-codeberg.sh >> {{ app_dir }}/logs/mirror.log 2>&1"
when: codeberg_api_token is defined and codeberg_api_token | length > 0
- name: Configure log cleanup cron (monthly)
cron:
name: "wetgit-log-cleanup"
user: wetgit
day: "1"
hour: "5"
minute: "0"
job: "find {{ app_dir }}/logs -name '*.log' -mtime +30 -delete"
# --- IPv4 preference (Hetzner IPv6 causes timeouts to external APIs) ---
# TODO: migrate to dt-platform's server role when appropriate
- name: Ensure IPv4 precedence in gai.conf
lineinfile:
path: /etc/gai.conf
regexp: '^precedence\s+::ffff:0:0/96'
line: "precedence ::ffff:0:0/96 100"
create: yes
owner: root
group: root
mode: "0644"
Reference in a new issue View git blame Copy permalink