Infrastructure as Code to create and maintain the Forgejo.dev instance
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
Maximilian Kratz 01b592ff64 Updates Minio to 2023-05-27 release 4 days ago
inventory Updates Forgejo to v1.19.3-0 4 weeks ago
roles Updates Minio to 2023-05-27 release 4 days ago
s3-migration Fixes s3 playbook + adds notice to run migration directly on the servers 2 months ago
vars Adapts restic backend in examples + updates restic + adds a check script 1 week ago
.ansible-lint Init from development repo 5 months ago
.gitignore Fixes s3 playbook + adds notice to run migration directly on the servers 2 months ago
LICENSE Init from development repo 5 months ago
README.md Adds restic role to create an automatic daily backup 4 months ago
ansible.cfg Init from development repo 5 months ago
backup.yaml Adds restic role to create an automatic daily backup 4 months ago
firewall.tf Introduces the Terraform config for the Hetzner cloud firewall 2 months ago
forgejo-prod.yaml Init from development repo 5 months ago
forgejo-staging.yaml Init from development repo 5 months ago
infra.yaml Enables swap 2 months ago
main.tf Introduces the Terraform config for the Hetzner cloud firewall 2 months ago
monitoring.yaml Init from development repo 5 months ago
playbook.yaml Adds restic role to create an automatic daily backup 4 months ago
requirements.yml Init from development repo 5 months ago
s3-mig.tf Split main Terraform file up into multiple parts 2 months ago
s3-mig.yaml Adds the migration playbook (to only deploy Minio at the temp server) 2 months ago
s3.yaml Fixes s3 playbook + adds notice to run migration directly on the servers 2 months ago
secrets.tfvars.example Init from development repo 5 months ago
ssh.yaml Fixes a typo in SSH playbook 2 months ago
staging.tf Introduces the Terraform config for the Hetzner cloud firewall 2 months ago
user_data.yml.tpl Init from development repo 5 months ago
utils.tf Updates the Terraform provider to v1.38.0 to fix the prov bug 2 months ago

README.md

Forgejo DevOps

Automation to create/configure the infrastructure for all services related to forgejo.dev.

Setup (client/workstation)

  • Install all dependencies:
  • Create a Hetzner Cloud project
    • Create an access token
    • Add the SSH fingerprint to the project
  • Copy secrets.tfvars.example to secrets.tfvars
    • Replace the dummy values with the real ones
  • Copy vars/smtp.yml.example to vars/smtp.yml
    • Replace the dummy values with the real ones
  • Copy vars/woodpecker.yml.example to vars/woodpecker_staging.yml and vars/woodpecker_production.yml
    • Replace the dummy values with the real ones (values are only available after the manual creation of an OAuth2 app)
  • Copy vars/minio.yml.example to vars/minio.yml
    • Replace the dummy values with the real ones
  • Copy vars/backup.yml.example to vars/backup.yml
    • Replace the dummy values with the real ones

Terraform

Terraform is used to create the infrastructure (VMs) and run a basic provisioning script to install all dependencies for Ansible.

  • To create the infrastructure, run:
    • $ terraform init
    • $ terraform plan -var-file="secrets.tfvars"
    • $ terraform apply -var-file="secrets.tfvars"
  • To destroy the infrastructure, run:
    • $ terraform destroy -var-file="secrets.tfvars"

Ansible

Ansible is used to configure the VMs and create/configure all necessary services.

  • To create/configure/update all services on the VMs, simply run:
    • $ export ANSIBLE_CONFIG=./ansible.cfg
    • $ ansible-galaxy install -r requirements.yml
    • $ ansible-playbook playbook.yml

Ansible Lint

  • Installation: $ pip3 install ansible-lint
  • Usage: $ ansible-lint --offline -p ./*.yml

Manual Steps

Unfortunately, there are currently some manual steps required to complete the initial configuration.

  • Go to the webpage and finish the Forgejo installation including the creation of a root user.
    • Login as root + change the profile picture.
  • Add an OAuth2 application for Woodpecker CI
    • Register the tokens within the Woodpecker config and run the Ansible playbook again.
  • Create the organisation staging.forgejo.dev/forgejo.dev.
    • Set the correct profile picture.
  • Create the org repository in the organisation.
    • Set the correct profile picture.
  • Create user(s) and invite them to the organization.

License

This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for more details.