--- # This does not use the forgejo collection to install. Instead, we are installing # from our own packages built for EL/Fedora in Copr. - name: Setup Forgejo hosts: all become: true vars_files: - "vars/common.yml" - "vars/db.yml" handlers: - import_tasks: handlers/main.yml pre_tasks: - name: Check if ansible cannot be run here stat: path: /etc/no-ansible register: no_ansible - name: Verify if we can run ansible ansible.builtin.assert: that: - "not no_ansible.stat.exists" success_msg: "We are able to run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node" # name: Enable the proper copr for forgejo # command: "dnf copr enable nalika/forgejo -y" # check_mode: false # changed_when: "1 != 1" roles: # - role: lazyutilitynet.ansible_forgejo.forgejo_install # state: present - role: rockylinux.ipagetcert state: present when: forgejo_web_config_certs_internal|bool tasks: - name: Install and Configure Forgejo import_tasks: "tasks/forgejo.yml" post_tasks: - name: Open firewalld ports ansible.posix.firewalld: service: "{{ item }}" permanent: true immediate: true state: enabled with_items: - http - https - name: Open 22220/tcp ansible.posix.firewalld: port: 22220/tcp permanent: true immediate: true state: enabled - name: Turn on necessary SELinux booleans ansible.posix.seboolean: name: "{{ item }}" state: true persistent: true loop: - httpd_can_network_connect - httpd_can_network_relay - httpd_can_connect_ldap - httpd_read_user_content - name: Touching run file that ansible has ran here ansible.builtin.file: path: /var/log/ansible.run state: touch mode: '0644' owner: root group: root ...