Migrate from gitea to forgejo

It's not just the colour scheme, honest!

Some things still need renaming, but at least the application has moved.

ansible/roles/forgejo/files/app.ini

@@ -0,0 +1,142 @@
+APP_NAME = Gitea: Git with a cup of orange juice
+
+[repository]
+ROOT = /mnt/repositories
+DEFAULT_BRANCH = master
+DISABLE_STARS  = true
+DEFAULT_REPO_UNITS = repo.code
+DEFAULT_FORK_REPO_UNITS = repo.code
+
+
+[server]
+SSH_DOMAIN              = git.theorangeone.net
+ROOT_URL                = https://git.theorangeone.net/
+START_SSH_SERVER        = true
+SSH_PORT                = 22  # Makes the SSH URLs look sane
+SSH_LISTEN_PORT         = 2222
+BUILTIN_SSH_SERVER_USER = git
+LFS_START_SERVER        = true
+DOMAIN                  = git.theorangeone.net
+PROTOCOL                = http  # TLS termination done by Traefik
+ENABLE_GZIP             = true
+OFFLINE_MODE            = true
+LANDING_PAGE            = explore
+LFS_JWT_SECRET          = {{ vault_lfs_jwt_secret }}
+
+[database]
+DB_TYPE  = postgres
+HOST     = db:5432
+NAME     = gitea
+USER     = gitea
+PASSWD   = gitea
+
+[session]
+PROVIDER        = db
+COOKIE_NAME     = forgejo_session
+
+[log]
+LEVEL = warn
+
+[security]
+INSTALL_LOCK                  = true
+SECRET_KEY                    = {{ vault_secret_key }}
+INTERNAL_TOKEN                = {{ vault_internal_token }}
+PASSWORD_HASH_ALGO            = pbkdf2
+COOKIE_USERNAME               = forgejo_username
+COOKIE_REMEMBER_NAME          = forgejo_remember
+LOGIN_REMEMBER_DAYS           = 30
+REVERSE_PROXY_TRUSTED_PROXIES = *
+
+[service]
+DISABLE_REGISTRATION              = true
+ENABLE_CAPTCHA                    = false
+SHOW_MILESTONES_DASHBOARD_PAGE    = false
+ENABLE_TIMETRACKING               = false
+DEFAULT_ORG_MEMBER_VISIBLE = true
+
+[ui.metadata]
+DESCRIPTION = Gitea (Git with a cup of orange juice)
+AUTHOR      = Jake Howard
+
+[ui.user]
+REPO_PAGING_NUM = 100
+
+[ui]
+SITEMAP_PAGING_NUM   = 100
+FEED_PAGING_NUM      = 100
+DEFAULT_THEME        = forgejo-auto
+ISSUE_PAGING_NUM     = 100
+FEED_MAX_COMMIT_NUM  = 30
+SHOW_USER_EMAIL      = false
+EXPLORE_PAGING_NUM   = 100
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[service.explore]
+DISABLE_USERS_PAGE = true
+
+[queue]
+CONN_STR = redis://redis:6379/0
+TYPE     = redis
+
+[cache]
+ADAPTER = redis
+HOST    = redis://redis:6379/1
+ITEM_TTL = 48h
+
+[other]
+SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
+SHOW_FOOTER_VERSION            = false
+
+[mirror]
+DEFAULT_INTERVAL = 1h
+
+[cron]
+ENABLED = true
+
+[indexer]
+REPO_INDEXER_ENABLED = true
+ISSUE_INDEXER_TYPE   = db
+
+[lfs]
+PATH = /mnt/lfs
+
+[federation]
+ENABLED = true
+
+[actions]
+ENABLED = true
+DEFAULT_ACTIONS_URL = github
+
+[migrations]
+ALLOW_LOCALNETWORKS = true
+
+[mailer]
+ENABLED        = true
+SMTP_ADDR      = smtp.eu.mailgun.org
+SMTP_PORT      = 465
+FROM           = "{{ vault_mailer_from_address }}"
+USER           = "{{ vault_mailer_user }}"
+PASSWD         = "{{ vault_mailer_password }}"
+PROTOCOL    = smtps
+
+[packages]
+STORAGE_TYPE = backblaze
+
+[storage.backblaze]
+STORAGE_TYPE = minio
+MINIO_ENDPOINT = s3.eu-central-003.backblazeb2.com
+MINIO_ACCESS_KEY_ID = {{ vault_backblaze_access_key_id }}
+MINIO_SECRET_ACCESS_KEY = {{ vault_backblaze_secret_access_key }}
+MINIO_BUCKET = 0rng-gitea
+MINIO_LOCATION = eu-central-003
+SERVE_DIRECT = true
+MINIO_USE_SSL = true
+
+[storage.repo-archive]
+PATH = /mnt/repo-archive
+
+[oauth2]
+JWT_SECRET = {{ vault_oauth2_jwt_secret }}

ansible/roles/forgejo/files/docker-compose.yml

@@ -0,0 +1,48 @@
+services:
+  forgejo:
+    image: code.forgejo.org/forgejo/forgejo:8-rootless
+    user: "{{ docker_user.id }}:{{ docker_user.id }}"
+    environment:
+      - TZ={{ timezone }}
+    volumes:
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+      - "{{ app_data_dir }}/gitea/data:/var/lib/gitea"
+      - "{{ app_data_dir }}/gitea/config:/etc/gitea"
+      - /mnt/tank/files/gitea-repositories/repositories:/mnt/repositories
+      - /mnt/tank/files/gitea-repositories/lfs:/mnt/lfs
+      - /mnt/tank/files/gitea-repositories/archive:/mnt/repo-archive
+    tmpfs:
+      - /var/lib/gitea/tmp
+    restart: unless-stopped
+    ports:
+      - "{{ pve_hosts.docker.ip }}:2222:2222"
+    depends_on:
+      - db
+      - redis
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.forgejo.rule=Host(`git.theorangeone.net`)
+      - traefik.http.services.forgejo-forgejo.loadbalancer.server.port=3000
+    networks:
+      - default
+      - traefik
+
+  db:
+    image: postgres:14-alpine
+    restart: unless-stopped
+    volumes:
+      - /mnt/speed/dbs/postgres/gitea:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=gitea
+      - POSTGRES_USER=gitea
+
+  redis:
+    image: redis:7-alpine
+    restart: unless-stopped
+    volumes:
+      - /mnt/speed/dbs/redis/gitea:/data
+
+networks:
+  traefik:
+    external: true

ansible/roles/forgejo/files/footer.html

@@ -0,0 +1,3 @@
+{{ if not .IsSigned }}
+  <script defer data-domain="git.theorangeone.net" src="https://elbisualp.theorangeone.net/js/script.js"></script>
+{{ end }}

ansible/roles/forgejo/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart gitea
+  shell:
+    chdir: /opt/gitea
+    cmd: "{{ docker_update_command }}"

ansible/roles/forgejo/tasks/main.yml

@@ -0,0 +1,47 @@
+- name: Include vault
+  include_vars: vault.yml
+
+- name: Create install directory
+  file:
+    path: /opt/gitea
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.yml
+    dest: /opt/gitea/docker-compose.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: docker-compose -f %s config
+  notify: restart gitea
+  become: true
+
+- name: Install config file
+  template:
+    src: files/app.ini
+    dest: "{{ app_data_dir }}/gitea/config/app.ini"
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+  notify: restart gitea
+  become: true
+
+- name: Create custom templates directory
+  file:
+    path: "{{ app_data_dir }}/gitea/data/custom/templates/custom"
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+    recurse: true
+  become: true
+
+- name: Install custom footer
+  copy:
+    src: files/footer.html
+    dest: "{{ app_data_dir }}/gitea/data/custom/templates/custom/footer.tmpl"
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_file_mask }}"
+  notify: restart gitea
+  become: true

ansible/roles/forgejo/vars/vault.yml

@@ -0,0 +1,37 @@
+$ANSIBLE_VAULT;1.1;AES256
+30666464303435376330366632383932623337346330633435353264643164613637376233646466
+3237326337376539396332363161343336393466303439300a343035613837633263353834653764
+64633835653035643436653237613766623265643062313431393938393565323065323035616338
+6663333066663233640a326136333131346565393064303430313033356134303839383338363962
+63356362373035623763616235336165656636383863366632393032303339653161363362373461
+38393536343035633834386337343865356539653937336238656166326339656334656666636532
+32626364326161646565353464393161663134373532386566643539376236333866333039366339
+33363138306465396633323438316239636439666232316333656437343733373037353230613663
+61316232323435646530383439396463383962333732366339386665393265353533336234366534
+64333132663861363432313062663762383939306136633233313438313337326132343437643736
+63376631626533356537393566626164646533313337373965653666316165323362363961383837
+65396633366430373265623438623432353430623666363861336230343861623631643937623135
+30313231623034316262633630656231393838326332393638353231313464376531656638613336
+63356561373030656266383439663835373032316633633234326239366334343738636162373135
+65386665396237343533373135653634313231343634343631373263633430633839636132633930
+66373730653162343562316636616665376438663539396634663166303163323631623936356530
+65396231323639646339353236323465613764333863646633623833666161303265383434353066
+37623462333437343334653736663139313539366563353566356162356239393734303132333734
+37396535376261346532323664353264313738343936353737386335633638636231666538663363
+36626337366163663266336439303330613336366133373938656530343064616535363337633265
+30616464666536663335386263373565363535303434623964626431633465646334623065343735
+34633666326630376639626536616635316636393839636665646262623535383634343866383865
+64623032373237666265376265303731346139336231356166363366363133666635373961373263
+37666363396361653431646635383063333261343337363934656561316365333665303935346639
+65333131393561393961323061653462353363373033373866663032393464616632346238356561
+64633465376632373263386161323731646538656635633637386237376166333866613232383338
+62303935633962343038623336386530313465626435613165653064376535633437373665323266
+34666566376238313861613036313630363735613832326466613565386339616237396331656437
+31393238613433616230663934303933303337663764326630636232636231376565363334623432
+32363864643633653835626338366633373035363038323032653930626531636661306662613831
+61613239316365666437343436636164636364363330356163383862643337326634633236323137
+34636662323061363635623338633139656465616239303664336336393236386433626537653633
+38333761383830363936656533626262626233316663313936346334643664353434353833663238
+38396439326130653138633939393262366231663232653762363263643734613736383837333938
+31383330356565643830643033303139666161326165346164326538313462613764346330333439
+65643464396163316337