From 2c9a70f0fd59d08193e29ee25f42d0151251865e Mon Sep 17 00:00:00 2001
From: counterweight <counterweightoperator@protonmail.com>
Date: Sun, 20 Jul 2025 00:07:13 +0200
Subject: [PATCH] forgejo working

---
 02_vps_core_services_setup.md                 | 21 +++++++++++++++++++
 .../forgejo/deploy_forgejo_playbook.yml       | 17 ++++++++++++++-
 ansible/services/forgejo/forgejo_vars.yml     |  4 ----
 3 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/02_vps_core_services_setup.md b/02_vps_core_services_setup.md
index 9843cdb..f9d01c8 100644
--- a/02_vps_core_services_setup.md
+++ b/02_vps_core_services_setup.md
@@ -102,3 +102,24 @@ Vaultwarden is a credentials manager.
 * Stop Vaultwarden.
 * Overwrite the data folder with one of the backups.
 * Start it up again.
+
+## Forgejo
+
+Forgejo is a git server.
+
+### Deploy
+
+* Decide what subdomain you want to serve Forgejo on and add it to `services/forgejo/forgejo_vars.yml` on the `forgejo_subdomain`.
+    * Note that you will have to add a DNS entry to point to the VPS public IP.
+* Run the deployment playbook: `ansible-playbook -i inventory.ini services/forgejo/deploy_forgejo_playbook.yml`.
+
+### Configure
+
+* Forgejo will be available for you to create a user on first start. Do that and store the creds safely.
+* Default behaviour after that is not allow for registrations.
+* You can tweak more settings from that point on.
+* SSH cloning should work out of the box (after you've set up your SSH pub key in Forgejo, that is).
+
+### Backups
+
+No explicit backups. It's assumed that important repos will be in Lapy, and that perhaps you might even backup lapy as well.
diff --git a/ansible/services/forgejo/deploy_forgejo_playbook.yml b/ansible/services/forgejo/deploy_forgejo_playbook.yml
index 00be1c3..4fb9a90 100644
--- a/ansible/services/forgejo/deploy_forgejo_playbook.yml
+++ b/ansible/services/forgejo/deploy_forgejo_playbook.yml
@@ -1,6 +1,9 @@
 - name: Install Forgejo on Debian 12 with Caddy reverse proxy
   hosts: vipy
   become: yes
+  vars_files:
+    - ../../infra_vars.yml
+    - ./forgejo_vars.yml
   vars:
     forgejo_domain: "{{ forgejo_subdomain }}.{{ root_domain }}"
 
@@ -48,10 +51,22 @@
       file:
         path: "{{ forgejo_config_dir }}"
         state: directory
-        owner: "root"
+        owner: "{{ forgejo_user }}"
         group: "{{ forgejo_user }}"
         mode: '0770'
 
+    - name: Create Forgejo config file
+      ansible.builtin.copy:
+        dest: "{{ forgejo_config_dir }}/app.ini"
+        content: |
+          APP_NAME = ; Countergit
+
+          [server]
+          HTTP_PORT = {{ forgejo_port }}
+        owner: "{{ forgejo_user }}"
+        group: "{{ forgejo_user }}"
+        mode: '0644'
+  
     - name: Download Forgejo systemd service file
       get_url:
         url: "{{ forgejo_service_url }}"
diff --git a/ansible/services/forgejo/forgejo_vars.yml b/ansible/services/forgejo/forgejo_vars.yml
index f15a67c..c5154d1 100644
--- a/ansible/services/forgejo/forgejo_vars.yml
+++ b/ansible/services/forgejo/forgejo_vars.yml
@@ -17,7 +17,3 @@ forgejo_subdomain: forgejo
 remote_host: "{{ groups['vipy'][0] }}"
 remote_user: "{{ hostvars[remote_host]['ansible_user'] }}"
 remote_key_file: "{{ hostvars[remote_host]['ansible_ssh_private_key_file'] | default('') }}"
-
-# Local backup
-local_backup_dir: "{{ lookup('env', 'HOME') }}/forgejo-backups"
-backup_script_path: "{{ lookup('env', 'HOME') }}/.local/bin/forgejo_backup.sh"