forgejo.dev
/
infrastructure-as-code
2
1
Fork 0
Code Issues 12 Pull Requests Releases Activity
Infrastructure as Code to create and maintain the Forgejo.dev instance
99 Commits 1 Branch 0 Tags 142 KiB
Jinja 57.4%
HCL 31.5%
Shell 8.5%
Smarty 2.6%
Go to file
Maximilian Kratz efad7d1a16 Updates Minio to 2023-12-02 release 2023-12-04 15:30:17 +01:00
inventory Updates Forgejo to v1.21.1-0 2023-11-29 11:21:55 +01:00
roles Updates Minio to 2023-12-02 release 2023-12-04 15:30:17 +01:00
s3-migration Fixes s3 playbook + adds notice to run migration directly on the servers 2023-03-29 07:31:15 +02:00
vars Updates Restic to v0.16.2 2023-11-07 20:55:12 +01:00
.ansible-lint Init from development repo 2023-01-15 16:52:26 +01:00
.gitignore Fixes s3 playbook + adds notice to run migration directly on the servers 2023-03-29 07:31:15 +02:00
LICENSE Init from development repo 2023-01-15 16:52:26 +01:00
README.md Adds doc how to build the staging environment with terraform + ansible 2023-07-07 19:42:33 +02:00
ansible.cfg Init from development repo 2023-01-15 16:52:26 +01:00
backup.yaml Adds restic role to create an automatic daily backup 2023-02-11 15:59:19 +01:00
firewall.tf Introduces the Terraform config for the Hetzner cloud firewall 2023-04-06 11:23:26 +02:00
forgejo-prod.yaml Init from development repo 2023-01-15 16:52:26 +01:00
forgejo-staging.yaml Init from development repo 2023-01-15 16:52:26 +01:00
infra.yaml Enables swap 2023-03-30 09:08:40 +02:00
main.tf Introduces the Terraform config for the Hetzner cloud firewall 2023-04-06 11:23:26 +02:00
monitoring.yaml Init from development repo 2023-01-15 16:52:26 +01:00
playbook.yaml Adds restic role to create an automatic daily backup 2023-02-11 15:59:19 +01:00
requirements.yml Init from development repo 2023-01-15 16:52:26 +01:00
s3-mig.tf Split main Terraform file up into multiple parts 2023-04-06 10:45:09 +02:00
s3-mig.yaml Adds the migration playbook (to only deploy Minio at the temp server) 2023-03-28 17:26:45 +02:00
s3.yaml Fixes s3 playbook + adds notice to run migration directly on the servers 2023-03-29 07:31:15 +02:00
secrets.tfvars.example Init from development repo 2023-01-15 16:52:26 +01:00
ssh.yaml Fixes a typo in SSH playbook 2023-04-06 10:15:24 +02:00
staging.tf Introduces the Terraform config for the Hetzner cloud firewall 2023-04-06 11:23:26 +02:00
user_data.yml.tpl Init from development repo 2023-01-15 16:52:26 +01:00
utils.tf Updates Hetzner's Terraform provider to v1.44.1 2023-10-11 18:03:57 +02:00

README.md

Forgejo DevOps

Automation to create/configure the infrastructure for all services related to forgejo.dev.

Setup (client/workstation)

  • Install all dependencies:
  • Create a Hetzner Cloud project
    • Create an access token
    • Add the SSH fingerprint to the project
  • Copy secrets.tfvars.example to secrets.tfvars
    • Replace the dummy values with the real ones
  • Copy vars/smtp.yml.example to vars/smtp.yml
    • Replace the dummy values with the real ones
  • Copy vars/woodpecker.yml.example to vars/woodpecker_staging.yml and vars/woodpecker_production.yml
    • Replace the dummy values with the real ones (values are only available after the manual creation of an OAuth2 app)
  • Copy vars/minio.yml.example to vars/minio.yml
    • Replace the dummy values with the real ones
  • Copy vars/backup.yml.example to vars/backup.yml
    • Replace the dummy values with the real ones

Terraform

Terraform is used to create the infrastructure (VMs) and run a basic provisioning script to install all dependencies for Ansible.

  • To create the infrastructure, run:
    • $ terraform init
    • $ terraform plan -var-file="secrets.tfvars"
    • $ terraform apply -var-file="secrets.tfvars"
  • To destroy the infrastructure, run:
    • $ terraform destroy -var-file="secrets.tfvars"

Staging

  • To create the infrastructure, run:
    • $ terraform plan -var-file="secrets.tfvars" -target=hcloud_server.staging
    • $ terraform apply -var-file="secrets.tfvars" -target=hcloud_server.staging
  • To destroy the infrastructure, run:
    • $ terraform destroy -var-file="secrets.tfvars" -target=hcloud_server.staging

Ansible

Ansible is used to configure the VMs and create/configure all necessary services.

  • To create/configure/update all services on the VMs, simply run:
    • $ export ANSIBLE_CONFIG=./ansible.cfg
    • $ ansible-galaxy install -r requirements.yml
    • $ ansible-playbook playbook.yml

Staging

  • To create/configure/update all services only on the staging VM, run:
    • $ export ANSIBLE_CONFIG=./ansible.cfg
    • $ ansible-galaxy install -r requirements.yml
    • $ ansible-playbook playbook.yaml --limit staging

Ansible Lint

  • Installation: $ pip3 install ansible-lint
  • Usage: $ ansible-lint --offline -p ./*.yml

Manual Steps

Unfortunately, there are currently some manual steps required to complete the initial configuration.

  • Go to the webpage and finish the Forgejo installation including the creation of a root user.
    • Login as root + change the profile picture.
  • Add an OAuth2 application for Woodpecker CI
    • Register the tokens within the Woodpecker config and run the Ansible playbook again.
  • Create the organisation staging.forgejo.dev/forgejo.dev.
    • Set the correct profile picture.
  • Create the org repository in the organisation.
    • Set the correct profile picture.
  • Create user(s) and invite them to the organization.

License

This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for more details.