Add forgejo_setup role

Deploy Forgejo Git service using rootless Podman pods. Forgejo is a
community fork of Gitea, created to preserve open-source governance
and prevent corporate control over a critical development tool.

Features:
- Rootless Podman pod with PostgreSQL backend
- Auto-generated secure passwords for DB and admin user
- Simplified pod networking (no separate network needed)
- Clean task separation
- Comprehensive documentation and argument specs
- Proper UID mapping for rootless container storage

Assisted-by: Claude

Author: tonyskapunk

README.md

@@ -65,6 +65,7 @@ Name | Description
 [redhatci.ocp.etcd_data](https://github.com/redhatci/ansible-collection-redhatci-ocp/blob/main/roles/etcd_data/README.md) | Allows to query, encrypt or decrypt etcd data using the supported encryption types.
 [redhatci.ocp.example_cnf_deploy](https://github.com/redhatci/ansible-collection-redhatci-ocp/blob/main/roles/example_cnf_deploy/README.md) | Deploys the example-cnf workload on top of an OpenShift cluster
 [redhatci.ocp.extract_openshift_installer](https://github.com/redhatci/ansible-collection-redhatci-ocp/blob/main/roles/extract_openshift_installer/README.md) | Extracts openshift_installer binary from the release image.
+[redhatci.ocp.forgejo_setup](https://github.com/redhatci/ansible-collection-redhatci-ocp/blob/main/roles/forgejo_setup/README.md) | A role to deploy and configure Forgejo Git service.
 [redhatci.ocp.generate_agent_iso](https://github.com/redhatci/ansible-collection-redhatci-ocp/blob/main/roles/generate_agent_iso/README.md) | Creates the boot ISO using OpenShift_installer's agent sub-command
 [redhatci.ocp.generate_manifests](https://github.com/redhatci/ansible-collection-redhatci-ocp/blob/main/roles/generate_manifests/README.md) | Generates the manifests required for OpenShift_installer's agent sub-command
 [redhatci.ocp.generate_ssh_key_pair](https://github.com/redhatci/ansible-collection-redhatci-ocp/blob/main/roles/generate_ssh_key_pair/README.md) | Produces an ssh key pair

ansible-collection-redhatci-ocp.spec

@@ -3,7 +3,7 @@
 %global forgeurl https://github.com/%{org}/%{repo}
 
 Name:           %{repo}
-Version:        2.10.EPOCH
+Version:        2.11.EPOCH
 Release:        VERS%{?dist}
 Summary:        Red Hat OCP CI Collection for Ansible
 
@@ -54,6 +54,9 @@ find -type f ! -executable -name '*.py' -print -exec sed -i -e '1{\@^#!.*@d}' '{
 
 
 %changelog
+* Thu Oct 23 2025 Tony Garcia <[email protected]> - 2.11.EPOCH-VERS
+- Add forgejo_setup role
+
 * Fri Sep 19 2025 Tony Garcia <[email protected]> - 2.10.EPOCH-VERS
 - Add redact filter plugin
 

galaxy.yml

@@ -10,7 +10,7 @@ name: ocp
 # Patch version is replaced from commit date in UNIX epoch format
 # Example: 1.3.0 -> 1.3.2147483647
 # Keep in sync with ansible-collection-redhatci-ocp.spec
-version: 2.10.0
+version: 2.11.0
 
 # The path to the Markdown (.md) readme file.
 readme: README.md

roles/forgejo_setup/README.md

@@ -0,0 +1,131 @@
+# forgejo_setup
+
+A role to deploy and configure Forgejo Git service
+
+## Description
+
+This role sets up a complete Forgejo Git service installation with:
+- Pod to host the application and database containers
+- PostgreSQL database backend (containerized)
+- Forgejo application server (containerized)
+- Persistent storage for data and database
+- Health checks for both services
+
+All containers run in rootless mode within a single pod
+
+## Requirements
+
+- [Podman](https://podman.io)
+- Ansible collection: [containers.podman](https://galaxy.ansible.com/containers/podman)
+- Enough disk space for Git repos and DB
+
+## Variables
+
+| Variable                | Default                             | Description
+| ----------------------- | ----------------------------------- | -----------
+| fs_state                | present                             | State of the deployment (present/absent)
+| fs_app_container_name   | forgejo                             | Application container name
+| fs_app_env_vars         | []                                  | Additional environment variables for the application
+| fs_app_image            | codeberg.org/forgejo/forgejo:13     | Forgejo container image
+| fs_app_email            | {{ fs_app_user }}@localhost         | Application admin email
+| fs_app_name             | Forgejo: Beyond coding. We forge.   | Application name
+| fs_app_password         | <auto generated>                    | Application password automatically generated if not set
+| fs_app_user             | forgejo                             | Application admin user
+| fs_base_dir             | {{ ansible_env.HOME }}/forgejo      | Base directory for all Forgejo data
+| fs_data_dir             | {{ fs_base_dir }}/data              | Directory for Forgejo application data
+| fs_db_container_name    | db                                  | DB container name
+| fs_db_dir               | {{ fs_base_dir }}/db                | Directory for DB data
+| fs_db_name              | forgejo                             | DB name
+| fs_db_password          | <auto generated>                    | DB password automatically generated if not set
+| fs_db_user              | forgejo                             | DB user
+| fs_pod_http_port        | 3000                                | Host port for Forgejo HTTP interface
+| fs_pod_name             | forgejo                             | Podman pod name
+| fs_pod_ssh_port         | 2222                                | Host port for Forgejo SSH interface
+| fs_postgres_image       | docker.io/library/postgres:14       | DB container image
+| fs_user                 | {{ ansible_user_id }}               | User to run containers as (rootless mode)
+| fs_user_gid             | {{ ansible_user_gid }}              | GID of the user running containers
+| fs_user_uid             | {{ ansible_user_uid }}              | UID of the user running containers
+| fs_wait_delay           | 10                                  | Delay in seconds between retries
+| fs_wait_retries         | 30                                  | Number of retries when waiting for services
+
+## Dependencies
+
+- containers.podman collection
+
+## Usage Examples
+
+### Basic Deployment
+
+```yaml
+- name: Deploy Forgejo with PostgreSQL
+  ansible.builtin.include_role:
+    name: redhatci.ocp.forgejo_setup
+```
+
+### Custom Configuration
+
+```yaml
+- name: Deploy Forgejo with custom settings
+  ansible.builtin.include_role:
+    name: redhatci.ocp.forgejo_setup
+  vars:
+    fs_pod_http_port: 8080
+    fs_pod_ssh_port: 2222
+    fs_postgres_password: "secure_password_here"
+    fs_base_dir: /opt/forgejo
+    fs_forgejo_env_vars:
+      FORGEJO__server__DOMAIN: git.example.com
+      FORGEJO__server__ROOT_URL: https://git.example.com
+      FORGEJO__server__SSH_DOMAIN: git.example.com
+```
+
+### Remove Forgejo Deployment
+
+```yaml
+- name: Remove Forgejo installation
+  ansible.builtin.include_role:
+    name: redhatci.ocp.forgejo_setup
+  vars:
+    fs_state: absent
+```
+
+## Post-Installation
+
+Access Forgejo at `http://localhost:3000` (or your custom port) with the credentials provided or generated during deployment.
+
+## Troubleshooting
+
+### Check pod and container status
+
+```bash
+podman pod ps
+podman ps -a --pod
+```
+
+### View container logs
+
+```bash
+podman logs forgejo
+podman logs db
+```
+
+### Restart pod
+
+```bash
+podman pod restart forgejo
+```
+
+### Access database files
+
+The database directory is owned by the mapped container UID due to rootless Podman's user namespace mapping.
+To access database files as the container user for backup or management:
+
+```bash
+podman unshare <cmd> /path/to/db
+```
+
+This allows you to interact with files using the same UID mapping that the container uses.
+
+## License
+
+Apache-2.0

roles/forgejo_setup/defaults/main.yml

@@ -0,0 +1,41 @@
+---
+# Forgejo configuration defaults
+fs_state: present
+fs_user: "{{ ansible_user_id }}"
+fs_user_uid: "{{ ansible_user_uid }}"
+fs_user_gid: "{{ ansible_user_gid }}"
+fs_base_dir: "{{ ansible_env.HOME }}/forgejo"
+fs_data_dir: "{{ fs_base_dir }}/data"
+fs_db_dir: "{{ fs_base_dir }}/db"
+
+# Container configuration
+fs_app_image: codeberg.org/forgejo/forgejo:13
+fs_postgres_image: docker.io/library/postgres:14
+
+# Pod configuration
+fs_pod_name: forgejo
+fs_pod_http_port: 3000
+fs_pod_ssh_port: 2222
+
+# Database configuration
+fs_db_user: forgejo
+fs_db_name: forgejo
+fs_db_port: 5432
+fs_db_container_name: db
+
+# Application configuration
+fs_app_user: forgejo
+fs_app_email: "{{ fs_app_user }}@localhost"
+fs_app_container_name: forgejo
+fs_app_name: "Forgejo: Beyond coding. We forge."
+
+# Additional application environment variables
+fs_app_env_vars: {}
+# Example:
+# fs_app_env_vars:
+#   FORGEJO__server__DOMAIN: git.example.com
+#   FORGEJO__server__ROOT_URL: https://git.example.com
+
+# Waiting times
+fs_wait_retries: 30
+fs_wait_delay: 10

roles/forgejo_setup/meta/argument_specs.yml

@@ -0,0 +1,167 @@
+---
+argument_specs:
+  main:
+    short_description: Main entry point for Forgejo deployment
+    description: >
+      Main entry point that dispatches to present or absent tasks based on fs_state.
+    options:
+      fs_state:
+        type: str
+        required: false
+        default: present
+        choices:
+          - present
+          - absent
+        description: State of the Forgejo deployment (present to deploy, absent to remove).
+
+  present:
+    short_description: Deploy Forgejo with PostgreSQL in a Podman pod
+    description: >
+      Deploy Forgejo Git service with PostgreSQL database using rootless Podman containers in a pod.
+      This creates the necessary directories, sets up a Podman pod,
+      and deploys both PostgreSQL and Forgejo containers within the pod for simplified networking.
+    options:
+      fs_user:
+        type: str
+        required: false
+        default: "{{ ansible_user_id }}"
+        description: User to run containers as (rootless mode).
+      fs_user_uid:
+        type: str
+        required: false
+        default: "{{ ansible_user_uid }}"
+        description: UID of the user running containers.
+      fs_user_gid:
+        type: str
+        required: false
+        default: "{{ ansible_user_gid }}"
+        description: GID of the user running containers.
+      fs_base_dir:
+        type: str
+        required: false
+        default: "{{ ansible_env.HOME }}/forgejo"
+        description: Base directory for Forgejo data and configuration.
+      fs_data_dir:
+        type: str
+        required: false
+        default: "{{ fs_base_dir }}/data"
+        description: Directory for Forgejo application data.
+      fs_db_dir:
+        type: str
+        required: false
+        default: "{{ fs_base_dir }}/db"
+        description: Directory for database data.
+      fs_app_image:
+        type: str
+        required: false
+        default: codeberg.org/forgejo/forgejo:13
+        description: Forgejo container image to use.
+      fs_postgres_image:
+        type: str
+        required: false
+        default: docker.io/library/postgres:14
+        description: PostgreSQL container image to use.
+      fs_pod_name:
+        type: str
+        required: false
+        default: forgejo
+        description: Name of the Podman pod.
+      fs_pod_http_port:
+        type: int
+        required: false
+        default: 3000
+        description: Host port to expose Forgejo HTTP interface.
+      fs_pod_ssh_port:
+        type: int
+        required: false
+        default: 2222
+        description: Host port to expose Forgejo SSH interface.
+      fs_db_user:
+        type: str
+        required: false
+        default: forgejo
+        description: Database user.
+      fs_db_password:
+        type: str
+        required: false
+        description: Database password. If not provided, a random 32-character password will be auto-generated.
+      fs_db_name:
+        type: str
+        required: false
+        default: forgejo
+        description: Database name.
+      fs_db_port:
+        type: int
+        required: false
+        default: 5432
+        description: Database port.
+      fs_db_container_name:
+        type: str
+        required: false
+        default: db
+        description: Name of the database container.
+      fs_app_container_name:
+        type: str
+        required: false
+        default: forgejo
+        description: Name of the application container.
+      fs_app_name:
+        type: str
+        required: false
+        default: "Forgejo: Beyond coding. We forge."
+        description: Application name.
+      fs_app_email:
+        type: str
+        required: false
+        default: "{{ fs_app_user }}@localhost"
+        description: Application admin email.
+      fs_app_user:
+        type: str
+        required: false
+        default: forgejo
+        description: Application admin user.
+      fs_app_env_vars:
+        type: dict
+        required: false
+        default: {}
+        description: Additional environment variables for application container.
+      fs_app_password:
+        type: str
+        required: false
+        description: Application password. If not provided, a random 32-character password will be auto-generated.
+      fs_wait_retries:
+        type: int
+        required: false
+        default: 30
+        description: Number of retries when waiting for services to be ready.
+      fs_wait_delay:
+        type: int
+        required: false
+        default: 10
+        description: Delay in seconds between retries.
+
+  absent:
+    short_description: Remove Forgejo deployment
+    description: >
+      Remove Forgejo pod and containers. Data directories are preserved and must be manually deleted if needed.
+    options:
+      fs_pod_name:
+        type: str
+        required: false
+        default: forgejo
+        description: Name of the Podman pod to remove.
+      fs_app_container_name:
+        type: str
+        required: false
+        default: forgejo
+        description: Name of the application container to remove.
+      fs_db_container_name:
+        type: str
+        required: false
+        default: db
+        description: Name of the database container to remove.
+      fs_base_dir:
+        type: str
+        required: false
+        default: "{{ ansible_env.HOME }}/forgejo"
+        description: Base directory path (displayed in removal information).