Forgejo Configuration

The main play installs and sets up Forgejo (the Gitea fork) as a code forge.

Login with the admin user and password you set in your host_vars.

The functionality Momod provides to host web sites relies on Forgejo, you’ll need to generate an API key. Log in to Forgejo and go to settings > applications, under the ‘Manage Access Tokens’ section generate a token and copy it to your host_vars (websites section, variable is named ‘forgejo_api_key’).

Forgejo Security Note

The momod_forgejo role enables the git-hooks functionality of Forgejo, this has serious security implications, a Forgejo user can use a git-hook script to elevate privileges.

However this role only creates a Forgejo account for the Admin and user registration is turned off.

Additional user accounts need to be created by the Admin and should only be granted to trusted individuals.

The planned fix for this would be to use containerized CI/CD as per issue #7. Or to replace our git post commit script with the recently enabled Forgejo Actions.

Forgejo, CORS and Static CMS

It’s possible to use Static CMS or Decap CMS with with Hugo and Forgejo on Momod. For them to work you’ll need to enable CORS in Forgejo.

Edit your host_vars for the respective server and set forgejo_cors_enabled to true. Then run the Forgejo role either by running play/updates.yml or editing play/dev.yml and running only the Forgejo role. eg.

ansible-playbook --limit YOURSERVER play/updates.yml

Further configuration for Static CMS or Decap CMS is done in their own config file (use the Gitea backend), Hugo’s config files and Forgejo settings. Refer to those projects own documentation for details.