From 57458b975f5686331bd553a770ee58c61f7f12ef Mon Sep 17 00:00:00 2001
From: Simon Cornet <simon@simoncor.net>
Date: Sun, 10 May 2026 14:10:22 +0200
Subject: [PATCH] feat: initial forgejo role setup

---
 .ansible-lint            | 23 ++++++++++++++
 .gitignore               |  1 +
 .gitlab-ci.yml           | 13 ++++++++
 .markdownlint-cli2.jsonc | 12 ++++++++
 .yamllint                | 30 +++++++++++++++++++
 meta/main.yaml           |  8 +++++
 playbook.yaml            | 31 +++++++++++++++++++
 readme.md                |  3 ++
 renovate.json            |  4 +++
 roles/requirements.yml   | 12 ++++++++
 tasks/cleanup.yaml       | 14 +++++++++
 tasks/forgejo.yaml       | 65 ++++++++++++++++++++++++++++++++++++++++
 tasks/main.yaml          |  9 ++++++
 13 files changed, 225 insertions(+)
 create mode 100644 .ansible-lint
 create mode 100644 .gitignore
 create mode 100644 .gitlab-ci.yml
 create mode 100644 .markdownlint-cli2.jsonc
 create mode 100644 .yamllint
 create mode 100644 meta/main.yaml
 create mode 100644 playbook.yaml
 create mode 100644 readme.md
 create mode 100644 renovate.json
 create mode 100644 roles/requirements.yml
 create mode 100644 tasks/cleanup.yaml
 create mode 100644 tasks/forgejo.yaml
 create mode 100644 tasks/main.yaml

diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000..9b9b52a
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,23 @@
+---
+
+exclude_paths:
+  - ".gitlab/*"
+  - ".gitlab-ci.yml"
+  - "defaults/main.yaml"
+  - "meta/main.yaml"
+  - "vars/*"
+
+kinds:
+  - playbook: "**/*.{yml,yaml}"
+
+skip_list:
+  - "command-shell"
+  - "experimental"
+  - "git-latest"
+  - "no-changed-when"
+  - "no-handler"
+  - "name[casing]"
+  - "name[template]"
+  - "risky-file-permissions"
+  - "schema[playbook]"
+  - "var-naming[no-role-prefix]"
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..904cae8
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.ansible
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..7ec2c37
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,13 @@
+---
+
+# gitlab stages
+stages:
+  - "gitleaks"
+  - "linting"
+
+# include components
+include:
+  - component: "$CI_SERVER_FQDN/components/ansible/linting@v3.0.3"
+  - component: "$CI_SERVER_FQDN/components/gitleaks/gitleaks@v1.0.0"
+  - component: "$CI_SERVER_FQDN/components/markdownlint/markdownlint@1.0.0"
+  - component: "$CI_SERVER_FQDN/components/yamllint/yamllint@1.0.2"
diff --git a/.markdownlint-cli2.jsonc b/.markdownlint-cli2.jsonc
new file mode 100644
index 0000000..56cd87c
--- /dev/null
+++ b/.markdownlint-cli2.jsonc
@@ -0,0 +1,12 @@
+{
+  // files to lint
+  "globs": [
+    "readme.md"
+  ],
+  // linting rules
+  "config": {
+    "MD013": {
+      "line_length": 120
+    }
+  }
+}
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..f11bd84
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,30 @@
+---
+extends: 'default'
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    forbid: true
+  comments:
+    min-spaces-from-content: 1
+  comments-indentation: false
+  empty-lines:
+    max: 2
+  indentation:
+    spaces: 2
+    check-multi-line-strings: true
+  line-length:
+    max: 120
+    allow-non-breakable-words: true
+    allow-non-breakable-inline-mappings: true
+  new-line-at-end-of-file: 'enable'
+  octal-values:
+    forbid-implicit-octal: true
+    forbid-explicit-octal: true
+  truthy:
+    allowed-values:
+      - 'true'
+      - 'false'
+  quoted-strings:
+    quote-type: 'any'
+    required: true
diff --git a/meta/main.yaml b/meta/main.yaml
new file mode 100644
index 0000000..8d739e2
--- /dev/null
+++ b/meta/main.yaml
@@ -0,0 +1,8 @@
+---
+
+galaxy_info:
+  author: "siempie"
+  description: "install and configure forgejo git server"
+  license: "MIT"
+  role_name: "forgejo"
+dependencies: []
diff --git a/playbook.yaml b/playbook.yaml
new file mode 100644
index 0000000..3da8653
--- /dev/null
+++ b/playbook.yaml
@@ -0,0 +1,31 @@
+---
+
+# execute this role
+- name: "install and configure forgejo"
+  hosts: "all"
+  become: true
+  tasks:
+
+    # due to semaphore bug we need to do this ourselves
+    - name: "force-update requirements"
+      ansible.builtin.command:
+        cmd: "ansible-galaxy install -f -r roles/requirements.yml"
+      become: false
+      delegate_to: "localhost"
+      changed_when: false
+      failed_when: false
+
+    # execute the role
+    - name: "execute role: docker"
+      ansible.builtin.include_role:
+        name: "docker"
+
+    # execute the role
+    - name: "execute role: traefik"
+      ansible.builtin.include_role:
+        name: "traefik"
+
+    # execute the role
+    - name: "execute role: forgejo"
+      ansible.builtin.include_role:
+        name: "forgejo"
diff --git a/readme.md b/readme.md
new file mode 100644
index 0000000..c4c7602
--- /dev/null
+++ b/readme.md
@@ -0,0 +1,3 @@
+# Ansible Role: Forgejo
+
+Install and configure [Forgejo](https://forgejo.org) - a self-hosted lightweight software forge.
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..91260cb
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,4 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [ "local>cicd/renovate:ansible" ]
+}
diff --git a/roles/requirements.yml b/roles/requirements.yml
new file mode 100644
index 0000000..bb74489
--- /dev/null
+++ b/roles/requirements.yml
@@ -0,0 +1,12 @@
+---
+
+roles:
+  - name: "docker"
+    src: "https://gitlab.simoncor.net/ansible/ans-docker.git"
+    scm: "git"
+  - name: "traefik"
+    src: "https://gitlab.simoncor.net/ansible/ans-traefik.git"
+    scm: "git"
+  - name: "forgejo"
+    src: "https://gitlab.simoncor.net/ansible/ans-forgejo.git"
+    scm: "git"
diff --git a/tasks/cleanup.yaml b/tasks/cleanup.yaml
new file mode 100644
index 0000000..d2d89f5
--- /dev/null
+++ b/tasks/cleanup.yaml
@@ -0,0 +1,14 @@
+---
+
+# cleanup
+- name: "docker - prune all"
+  community.docker.docker_prune:
+    containers: true
+    images: true
+    networks: true
+    volumes: true
+    builder_cache: true
+
+- name: "docker - force prune"
+  ansible.builtin.command: "docker system prune --all --force --volumes"
+  changed_when: false
diff --git a/tasks/forgejo.yaml b/tasks/forgejo.yaml
new file mode 100644
index 0000000..5d3e196
--- /dev/null
+++ b/tasks/forgejo.yaml
@@ -0,0 +1,65 @@
+---
+
+# create directories
+- name: "create forgejo directories"
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: "directory"
+    owner: "1000"
+    group: "1000"
+    mode: "0755"
+  loop:
+    - "/mnt/forgejo/data"
+
+# run forgejo
+- name: "run forgejo"
+  community.docker.docker_container:
+
+    # docker defaults
+    auto_remove: "no"
+    container_default_behavior: "no_defaults"
+    detach: "yes"
+    init: "no"
+    interactive: "no"
+    log_driver: "json-file"
+    log_options:
+      max-size: "10m"
+      max-file: "3"
+    memory: "0"
+    paused: "no"
+    privileged: "no"
+    pull: "always"
+    read_only: "no"
+    state: "started"
+    tty: "no"
+
+    # forgejo
+    name: "forgejo"
+    image: "cr.simoncor.net/dockerhub/codeberg/forgejo:v11.0.13"
+    image_name_mismatch: "recreate"
+    restart_policy: "unless-stopped"
+    network_mode: "host"
+    volumes:
+      - "/mnt/forgejo/data:/data"
+
+    ports:
+      - "3000:3000/tcp"
+
+    env:
+
+      # global
+      TZ: "{{ timezone }}"
+
+      # server
+      FORGEJO__server__DOMAIN: "git.simoncor.net"
+      FORGEJO__server__ROOT_URL: "https://git.simoncor.net"
+      FORGEJO__server__HTTP_PORT: "3000"
+      FORGEJO__server__DISABLE_SSH: "true"
+
+      # database
+      FORGEJO__database__DB_TYPE: "sqlite3"
+      FORGEJO__database__PATH: "/data/gitea/forgejo.db"
+      FORGEJO__database__SQLITE_JOURNAL_MODE: "WAL"
+
+      # mailer
+      FORGEJO__mailer__ENABLED: "false"
diff --git a/tasks/main.yaml b/tasks/main.yaml
new file mode 100644
index 0000000..04a6ad4
--- /dev/null
+++ b/tasks/main.yaml
@@ -0,0 +1,9 @@
+---
+
+# install forgejo
+- name: "install forgejo"
+  ansible.builtin.import_tasks: "forgejo.yaml"
+
+# cleanup docker
+- name: "cleanup docker"
+  ansible.builtin.import_tasks: "cleanup.yaml"