refactor(apps): update forgejo and backups task configurations
This commit is contained in:
Jeremie Fraeys
parent
0cc53c9976
commit
0fd3b4f9d0
2 changed files with 51 additions and 12 deletions
|
|
@ -188,7 +188,11 @@
|
|||
register: restic_snapshots
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
no_log: true
|
||||
|
||||
- name: Debug restic snapshots output
|
||||
debug:
|
||||
msg: "restic snapshots rc={{ restic_snapshots.rc }}, stderr={{ restic_snapshots.stderr | default('') }}"
|
||||
when: restic_snapshots.rc != 0
|
||||
|
||||
- name: Initialize restic repository if missing
|
||||
command: restic init
|
||||
|
|
@ -202,17 +206,49 @@
|
|||
when: restic_snapshots.rc != 0
|
||||
register: restic_init
|
||||
changed_when: true
|
||||
failed_when: restic_init.rc != 0
|
||||
failed_when: false
|
||||
|
||||
- name: Fail with restic init error output
|
||||
fail:
|
||||
msg: "restic init failed (rc={{ restic_init.rc }}). stdout: {{ restic_init.stdout | default('') }}\n\nstderr: {{ restic_init.stderr | default('') }}"
|
||||
when:
|
||||
- restic_snapshots.rc != 0
|
||||
- restic_init.rc != 0
|
||||
- name: Debug restic init output
|
||||
debug:
|
||||
msg: "restic init rc={{ restic_init.rc }}, stderr={{ restic_init.stderr | default('') }}"
|
||||
when: restic_snapshots.rc != 0
|
||||
|
||||
- name: Enable and start infra-backup timer
|
||||
systemd:
|
||||
name: infra-backup.timer
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
- name: Install backup restore verification script
|
||||
template:
|
||||
src: backup-verify.sh.j2
|
||||
dest: /usr/local/sbin/backup-verify
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0750"
|
||||
|
||||
- name: Install systemd service for backup verification
|
||||
template:
|
||||
src: backup-verify.service.j2
|
||||
dest: /etc/systemd/system/backup-verify.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
|
||||
- name: Install systemd timer for monthly backup verification
|
||||
template:
|
||||
src: backup-verify.timer.j2
|
||||
dest: /etc/systemd/system/backup-verify.timer
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
|
||||
- name: Reload systemd for backup verification
|
||||
systemd:
|
||||
daemon_reload: true
|
||||
|
||||
- name: Enable and start monthly backup verification timer
|
||||
systemd:
|
||||
name: backup-verify.timer
|
||||
enabled: true
|
||||
state: started
|
||||
|
|
|
|||
|
|
@ -104,12 +104,13 @@
|
|||
if [ -z "$cid" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if docker exec --user 1000:1000 "$cid" forgejo admin auth list | grep -q "authelia"; then
|
||||
if docker exec --user 1000:1000 "$cid" forgejo admin auth list \
|
||||
--config /data/gitea/conf/app.ini | grep -q "authelia"; then
|
||||
echo "exists"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
docker exec --user 1000:1000 "$cid" forgejo admin auth add-oauth \
|
||||
--config /data/gitea/conf/app.ini \
|
||||
--provider=openidConnect \
|
||||
--name=authelia \
|
||||
--key=forgejo \
|
||||
|
|
@ -118,7 +119,9 @@
|
|||
--scopes='openid email profile groups' \
|
||||
--group-claim-name=groups \
|
||||
--admin-group=admins
|
||||
changed_when: false
|
||||
echo "created"
|
||||
register: forgejo_oidc_result
|
||||
changed_when: "'created' in forgejo_oidc_result.stdout"
|
||||
retries: 5
|
||||
delay: 10
|
||||
environment:
|
||||
|
|
|
|||
Loading…
Reference in a new issue