Add forgejo role to ansible playbook

Manages installation and service via homebrew. Config at /opt/homebrew/var/forgejo/custom/conf/app.ini contains secrets and is not templated - backed up by borgmatic instead. Includes check that fails with restore instructions if config missing. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-13 23:00:46 -08:00 · 2026-01-13 23:00:46 -08:00 · d1396b1cfb
commit d1396b1cfb
parent d761e61809
3 changed files with 32 additions and 0 deletions
--- a/ansible/roles/forgejo/tasks/main.yml
+++ b/ansible/roles/forgejo/tasks/main.yml
@ -0,0 +1,28 @@
+---
+# Note: forgejo config at /opt/homebrew/var/forgejo/custom/conf/app.ini
+# is not managed here (contains secrets). It is backed up by borgmatic.
+
+- name: Install forgejo via homebrew
+  community.general.homebrew:
+    name: forgejo
+    state: present
+
+- name: Check forgejo config exists
+  ansible.builtin.stat:
+    path: /opt/homebrew/var/forgejo/custom/conf/app.ini
+  register: forgejo_config
+
+- name: Fail if forgejo config is missing
+  ansible.builtin.fail:
+    msg: |
+      Forgejo config not found at /opt/homebrew/var/forgejo/custom/conf/app.ini
+      This file contains secrets and is not managed by ansible.
+      To restore from backup, run:
+        borgmatic --config ~/.config/borgmatic/config.yaml extract --archive latest --path /opt/homebrew/var/forgejo/custom/conf/app.ini
+  when: not forgejo_config.stat.exists
+
+- name: Ensure forgejo service is started
+  ansible.builtin.command: brew services start forgejo
+  register: brew_start
+  changed_when: "'Successfully started' in brew_start.stdout"
+  failed_when: false