add forgejo state

This commit is contained in:
Paul 2025-03-01 09:41:27 +01:00
parent 4e551a6d5e
commit 1b256c5e6d
8 changed files with 233 additions and 0 deletions

15
states/forgejo/config.sls Normal file
View File

@ -0,0 +1,15 @@
# vim: ft=sls
---
{% from "forgejo/map.jinja" import forgejo with context %}
forgejo-config:
file.managed:
- name: {{ forgejo.configfile }}
- source: salt://forgejo/templates/app.ini.j2
- template: jinja
- user: {{ forgejo.user }}
- group: {{ forgejo.group }}
- mode: 600
- makedirs: true
- require:
- git

View File

@ -0,0 +1,107 @@
---
forgejo:
release_url: https://dl.forgejo.io/forgejo
workingdir: /var/lib/forgejo
binfile: /var/lib/forgejo/forgejo
configfile: /var/lib/forgejo/custom/conf/app.ini
user: git
group: git
version: "10.0.0"
os: linux
arch: amd64
config:
global:
app_name: Forgejo - Beyond coding. We forge.
run_user: git
run_mode: prod
work_path: /var/lib/forgejo
database:
db_type: postgres
host: 127.0.0.1:5432
name: forgejo
user: forgejo
passwd: databaseSecretPassword
ssl_mode: enable
path: data/forgejo.db
repository:
root: /var/lib/forgejo/data/forgejo-repositories
default_branch: master
repo-archive:
path: /var/lib/forgejo/data/repo-archive
server:
domain: git.example.com
http_addr: "::"
http_port: 3000
root_url: https://git.example.com/
disable_ssh: "true"
start_ssh_server: "false"
ssh_port: 2222
ssh_listen_port: 2222
offline_mode: "false"
lfs_start_server: "false"
lfs_jwt_secret: createYourOwnJWTSecret
enable_gzip: "false"
landing_page: home
lfs:
path: data/lfs
cache:
enabled: "true"
adapter: redis
host: redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s
mailer:
enable: "true"
hostname: mail.example.com
hostandport: mail.example.com:587
from_address: git@example.com
smtp_user: git@example.com
smtp_password: secretPassword1234
skip_verify: "false"
service:
register_email_confirm: "true"
disable_registration: "true"
require_signin_view: "true"
enable_captcha: "true"
enable_notify_mail: "true"
picture:
disable_gravatar: "false"
attachment:
enabled: "true"
path: data/attachments
allowed_types: image/jpeg|image/png
max_size: 8
max_files: 5
cron:
enabled: "true"
run_at_start: "false"
cron.update_mirrors:
schedule: "0 12 3 * * *"
cron.archive_cleanup:
enabled: "false"
cron.delete_repo_archives:
enabled: "false"
cron.delete_old_actions:
enabled: "true"
run_at_start: "true"
schedule: "0 0 3 * * *"
older_than: "90d"
session:
provider: file
cookie_secure: "true"
cookie_name: i_like_forgejo
log:
root_path: /var/log/forgejo
#disable_router_log: true
mode: file
level: info
security:
install_lock: "false"
secret_key: twogirlsonecup
login_remember_days: 30
cookie_username: forgejouser
cookie_remember_name: forgejousersession
internal_token: motherfuckingtoken
other:
show_footer_branding: "true"
show_footer_version: "true"
oauth2:
jwt_secret: createYourOwnJWTSecret

6
states/forgejo/init.sls Normal file
View File

@ -0,0 +1,6 @@
# vim: ft=sls
---
include:
- .install
- .config
- .service

View File

@ -0,0 +1,35 @@
# vim: ft=sls
---
{% from "forgejo/map.jinja" import forgejo with context %}
git:
group.present:
- system: true
user.present:
- system: true
- home: {{ forgejo.workingdir }}
- shell: /usr/sbin/nologin
- groups:
- {{ forgejo.group }}
- require:
- group: {{ forgejo.group }}
pkg.installed: []
forgejo-bin:
file.managed:
- name: {{ forgejo.workingdir }}/forgejo
- source: "{{ forgejo.release_url }}/{{ forgejo.version }}/forgejo-{{ forgejo.version }}-{{ forgejo.os }}-{{ forgejo.arch }}"
- source_hash: "{{ forgejo.release_url }}/{{ forgejo.version }}/forgejo-{{ forgejo.version }}-{{ forgejo.os }}-{{ forgejo.arch }}.sha256"
- user: {{ forgejo.user }}
- group: {{ forgejo.group }}
- mode: 750
- require:
- git
forgejo-log-dir:
file.directory:
- name: {{ forgejo.config.log.root_path }}
- user: {{ forgejo.user }}
- group: {{ forgejo.group }}
- require:
- file: forgejo-bin

17
states/forgejo/map.jinja Normal file
View File

@ -0,0 +1,17 @@
{%- import_yaml "forgejo/defaults.yaml" as defaults -%}
{%- set os_family_map = salt['grains.filter_by']({
'Debian': {},
'Suse': {},
'Arch': {},
'RedHat': {},
}, grain="os_family", merge=salt['pillar.get']('forgejo:lookup'))
-%}
{%- do defaults.forgejo.update(os_family_map) -%}
{%- set forgejo = salt['pillar.get'](
'forgejo',
default=defaults.forgejo,
merge=True
)
-%}

View File

@ -0,0 +1,21 @@
# vim: ft=sls
---
{%- from "forgejo/map.jinja" import forgejo with context %}
forgejo-service:
file.managed:
- name: /etc/systemd/system/forgejo.service
- source: salt://forgejo/templates/forgejo.service.j2
- user: root
- group: root
- mode: 644
- template: jinja
- makedirs: true
forgejo:
service.running:
- enable: true
- full_restart: true
- watch:
- file: forgejo-bin
- file: forgejo-config

View File

@ -0,0 +1,14 @@
{% from "forgejo/map.jinja" import forgejo with context %}
{%- for k,v in forgejo.config.items() -%}
{%- if k == "global" %}
{%- for subkey,subval in v.items() -%}
{{ subkey|upper() }} = {{ subval }}
{% endfor -%}
{% else -%}
[{{ k }}]
{% for subkey,subval in v.items() -%}
{{ subkey|upper() }} = {{ subval }}
{% endfor -%}
{% endif %}
{%- endfor %}

View File

@ -0,0 +1,18 @@
{%- from "forgejo/map.jinja" import forgejo with context %}
[Unit]
Description=Forgejo ({{ forgejo.config.global.app_name }})
After=syslog.target
After=network.target
After=postgresql.service
[Service]
Type=simple
User={{ forgejo.user }}
Group={{ forgejo.user }}
WorkingDirectory={{ forgejo.workingdir }}
ExecStart={{ forgejo.binfile }} -w {{ forgejo.workingdir }} web
Restart=always
Environment=USER={{ forgejo.user }} HOME={{ forgejo.workingdir }}
[Install]
WantedBy=multi-user.target