defaults = { 'backups': { 'paths': { '/var/lib/forgejo', }, }, 'forgejo': { 'app_name': 'Forgejo', 'database': { 'username': 'forgejo', 'password': repo.vault.password_for('{} postgresql forgejo'.format(node.name)), 'database': 'forgejo', }, 'disable_registration': True, 'email_domain_blocklist': set(), 'enable_git_hooks': False, 'internal_token': repo.vault.password_for('{} forgejo internal_token'.format(node.name)), 'lfs_secret_key': repo.vault.password_for('{} forgejo lfs_secret_key'.format(node.name)), 'oauth_secret_key': repo.vault.password_for('{} forgejo oauth_secret_key'.format(node.name)), 'security_secret_key': repo.vault.password_for('{} forgejo security_secret_key'.format(node.name)), }, 'icinga2_api': { 'forgejo': { 'services': { 'FORGEJO PROCESS': { 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit forgejo', }, 'FORGEJO UPDATE': { 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_forgejo_for_new_release codeberg.org forgejo/forgejo v$(forgejo --version | cut -d" " -f3)', 'vars.notification.mail': True, 'check_interval': '60m', }, }, }, }, 'openssh': { 'allowed_users': { 'git', }, }, 'postgresql': { 'roles': { 'forgejo': { 'password': repo.vault.password_for('{} postgresql forgejo'.format(node.name)), }, }, 'databases': { 'forgejo': { 'owner': 'forgejo', }, }, }, 'zfs': { 'datasets': { 'tank/forgejo': { 'mountpoint': '/var/lib/forgejo', 'needed_by': { 'directory:/var/lib/forgejo', }, }, }, }, } @metadata_reactor.provides( 'nginx/vhosts/forgejo', ) def nginx(metadata): if not node.has_bundle('nginx'): raise DoNotRunAgain return { 'nginx': { 'vhosts': { 'forgejo': { 'domain': metadata.get('forgejo/domain'), 'locations': { '/': { 'target': 'http://127.0.0.1:22000', }, '/debug': { 'return': 403, }, }, 'website_check_path': '/user/login', 'website_check_string': 'Sign In', }, }, }, }