jfraeysd/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(forgejo): add AI scrapers blocklist, OIDC config, and UI settings

Browse source 
- Add AI scrapers robots.txt update script with weekly cron job
- Add OIDC group claim and admin group configuration for Authelia
- Add UI settings (SHOW_USER_EMAIL: false)
- Increase memory limit to 512M
This commit is contained in:
Jeremie Fraeys 2026-03-06 10:31:46 -05:00
parent 6ea9c060bd
commit 1a7cde2939
No known key found for this signature in database
2 changed files with 62 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
roles/forgejo/tasks/main.yml
View file

@ -64,10 +64,39 @@
args:
chdir: /opt/forgejo
- name: Run Forgejo database migrations
command: docker exec --user 1000:1000 forgejo-forgejo-1 forgejo migrate
# Note: Redis wait disabled - Redis not deployed on 1GB node
# - name: Wait for Redis to be ready
# shell: |
# for i in {1..30}; do
# if docker compose exec -T redis redis-cli ping 2>/dev/null | grep -q PONG; then
# exit 0
# fi
# sleep 1
# done
# exit 1
# args:
# chdir: /opt/forgejo
# changed_when: false
- name: Wait for Forgejo container to be healthy
command: docker compose ps --format json
args:
chdir: /opt/forgejo
register: forgejo_health
retries: 60
delay: 5
until: "'running' in forgejo_health.stdout or 'healthy' in forgejo_health.stdout"
changed_when: false
# Note: Explicit migration disabled for low-memory (1GB) nodes.
# Forgejo auto-migrates on startup. Run manually if needed:
# docker exec --user 1000:1000 forgejo-forgejo-1 forgejo migrate
# - name: Run Forgejo database migrations
# command: docker exec --user 1000:1000 forgejo-forgejo-1 forgejo migrate
# changed_when: false
# retries: 5
# delay: 15
- name: Configure Forgejo OIDC auth source (Authelia)
shell: |
set -euo pipefail
@ -90,6 +119,7 @@
--group-claim-name=groups \
--admin-group=admins
changed_when: false
retries: 5
delay: 10
environment:
FORGEJO_OIDC_CLIENT_SECRET: "{{ forgejo_oidc_client_secret }}"
no_log: true

43
roles/forgejo/templates/docker-compose.yml.j2
View file

@ -1,12 +1,13 @@
services:
redis:
image: redis:7-alpine
command: ["redis-server", "--appendonly", "yes"]
volumes:
- redis_data:/data
networks:
- forgejo
restart: unless-stopped
# Redis disabled for 1GB node - re-enable on 2GB+ node
# redis:
# image: redis:7-alpine
# command: ["redis-server", "--appendonly", "yes"]
# volumes:
# - redis_data:/data
# networks:
# - forgejo
# restart: unless-stopped
forgejo:
image: codeberg.org/forgejo/forgejo:9
@ -22,8 +23,16 @@ services:
FORGEJO__service__REQUIRE_SIGNIN_VIEW: "false"
FORGEJO__repository__DISABLE_PUBLIC_REPOS: "false"
FORGEJO__database__DB_TYPE: sqlite3
FORGEJO__cache__ADAPTER: redis
FORGEJO__cache__HOST: redis:6379
# FORGEJO__cache__ADAPTER: redis
# FORGEJO__cache__HOST: redis:6379
FORGEJO__auth__OIDC_ISSUER_URL: https://{{ auth_hostname }}/.well-known/openid-configuration
FORGEJO__auth__OIDC_CLIENT_ID: forgejo
FORGEJO__auth__OIDC_CLIENT_SECRET: "{{ forgejo_oidc_client_secret }}"
FORGEJO__auth__OIDC_SCOPES: openid email profile groups
FORGEJO__auth__OIDC_GROUP_CLAIM_NAME: groups
FORGEJO__auth__OIDC_ADMIN_GROUP: admins
FORGEJO__ui__DEFAULT_THEME: "gitea"
FORGEJO__ui__SHOW_USER_EMAIL: "false"
volumes:
- forgejo_data:/data
- ./robots.txt:/data/forgejo/public/robots.txt:ro
@ -31,8 +40,14 @@ services:
- "2222:22"
networks:
- proxy
- forgejo
# - forgejo
restart: unless-stopped
deploy:
resources:
limits:
memory: 512M
reservations:
memory: 256M
labels:
- traefik.enable=true
- traefik.docker.network=proxy
@ -46,10 +61,10 @@ services:
volumes:
forgejo_data:
redis_data:
# redis_data:
networks:
proxy:
external: true
forgejo:
internal: true
# forgejo:
# external: true