e364538206
- Add Redis cache support to Forgejo for improved performance - Add AI scrapers blocking with update script and robots.txt - Update Forgejo runner tasks with improved caching support - Add OIDC authentication configuration tasks
95 lines
2.7 KiB
YAML
95 lines
2.7 KiB
YAML
---
|
|
- name: Read OIDC client secret for Forgejo
|
|
set_fact:
|
|
forgejo_oidc_client_secret: "{{ AUTHELIA_OIDC_FORGEJO_CLIENT_SECRET | default(lookup('env', 'AUTHELIA_OIDC_FORGEJO_CLIENT_SECRET')) }}"
|
|
no_log: true
|
|
|
|
- name: Fail if OIDC client secret for Forgejo is missing
|
|
fail:
|
|
msg: "AUTHELIA_OIDC_FORGEJO_CLIENT_SECRET is required"
|
|
when: forgejo_oidc_client_secret | length == 0
|
|
|
|
- name: Create Forgejo directory
|
|
file:
|
|
path: /opt/forgejo
|
|
state: directory
|
|
|
|
- name: Ensure proxy network exists
|
|
command: docker network inspect proxy
|
|
register: proxy_network
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Create proxy network if missing
|
|
command: docker network create proxy
|
|
when: proxy_network.rc != 0
|
|
|
|
- name: Copy update-ai-scrapers script
|
|
copy:
|
|
src: update-ai-scrapers.sh
|
|
dest: /opt/forgejo/update-ai-scrapers.sh
|
|
mode: "0755"
|
|
|
|
- name: Run AI scrapers update script (initial)
|
|
command: /opt/forgejo/update-ai-scrapers.sh
|
|
args:
|
|
chdir: /opt/forgejo
|
|
environment:
|
|
FORGEJO_HOST: "{{ forgejo_hostname }}"
|
|
register: scraper_update
|
|
changed_when: "'updated' in scraper_update.stdout"
|
|
|
|
- name: Set up cron job for periodic AI scrapers update
|
|
cron:
|
|
name: "Update AI scrapers robots.txt"
|
|
minute: "0"
|
|
hour: "2"
|
|
weekday: "6"
|
|
job: "cd /opt/forgejo && FORGEJO_HOST={{ forgejo_hostname }} /opt/forgejo/update-ai-scrapers.sh >> /var/log/forgejo-ai-scrapers-update.log 2>&1"
|
|
user: root
|
|
state: present
|
|
|
|
- name: Copy robots.txt for Forgejo (fallback)
|
|
template:
|
|
src: robots.txt.j2
|
|
dest: /opt/forgejo/robots.txt.backup
|
|
|
|
- name: Copy Docker Compose file for Forgejo
|
|
template:
|
|
src: docker-compose.yml.j2
|
|
dest: /opt/forgejo/docker-compose.yml
|
|
|
|
- name: Deploy Forgejo
|
|
command: docker compose up -d
|
|
args:
|
|
chdir: /opt/forgejo
|
|
|
|
- name: Run Forgejo database migrations
|
|
command: docker exec --user 1000:1000 forgejo-forgejo-1 forgejo migrate
|
|
changed_when: false
|
|
|
|
- name: Configure Forgejo OIDC auth source (Authelia)
|
|
shell: |
|
|
set -euo pipefail
|
|
cid=$(docker ps -q --filter name=forgejo-forgejo-1 | head -n1)
|
|
if [ -z "$cid" ]; then
|
|
exit 1
|
|
fi
|
|
|
|
if docker exec --user 1000:1000 "$cid" forgejo admin auth list | grep -q "authelia"; then
|
|
exit 0
|
|
fi
|
|
|
|
docker exec --user 1000:1000 "$cid" forgejo admin auth add-oauth \
|
|
--provider=openidConnect \
|
|
--name=authelia \
|
|
--key=forgejo \
|
|
--secret="$FORGEJO_OIDC_CLIENT_SECRET" \
|
|
--auto-discover-url=https://{{ auth_hostname }}/.well-known/openid-configuration \
|
|
--scopes='openid email profile groups' \
|
|
--group-claim-name=groups \
|
|
--admin-group=admins
|
|
changed_when: false
|
|
environment:
|
|
FORGEJO_OIDC_CLIENT_SECRET: "{{ forgejo_oidc_client_secret }}"
|
|
no_log: true
|