From e3927801e0a73af7a7203db33fb9651a1d494346 Mon Sep 17 00:00:00 2001 From: LE BERRE Mickael Date: Mon, 18 May 2026 16:16:23 +0200 Subject: [PATCH] fix: add restart handler on forgejo config changes, document intentional choices MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - forgejo.yml : handler restart forgejo manquant, notify sur copy et template - base.yml : commentaire sur state: latest (patching initial, tag [update]) - main.tf : commentaire sur insecure = true (cert auto-signé Proxmox LAN) Co-Authored-By: Claude Sonnet 4.6 --- ansible/playbooks/base.yml | 3 +++ ansible/playbooks/forgejo.yml | 7 +++++++ terraform/proxmox/main.tf | 2 ++ 3 files changed, 12 insertions(+) diff --git a/ansible/playbooks/base.yml b/ansible/playbooks/base.yml index a83faf3..cbec6a8 100644 --- a/ansible/playbooks/base.yml +++ b/ansible/playbooks/base.yml @@ -12,6 +12,9 @@ tasks: # -- Mise a jour systeme -- + # state: latest intentionnel — cette tâche patche l'intégralité du système + # au premier provisionnement. Contrôlée par le tag [update] : ne tourne + # que si explicitement demandé, pas à chaque re-jeu du playbook. - name: Mise a jour des paquets ansible.builtin.dnf: name: "*" diff --git a/ansible/playbooks/forgejo.yml b/ansible/playbooks/forgejo.yml index 6d7e3dd..a07c498 100644 --- a/ansible/playbooks/forgejo.yml +++ b/ansible/playbooks/forgejo.yml @@ -27,6 +27,7 @@ owner: "{{ admin_user }}" group: "{{ admin_user }}" mode: "0644" + notify: restart forgejo tags: [forgejo] - name: Deploiement .env Forgejo @@ -36,6 +37,7 @@ owner: "{{ admin_user }}" group: "{{ admin_user }}" mode: "0600" + notify: restart forgejo tags: [forgejo] - name: Demarrage Forgejo @@ -57,6 +59,11 @@ tags: [forgejo, firewall] handlers: + - name: restart forgejo + community.docker.docker_compose_v2: + project_src: /opt/forgejo + state: restarted + - name: reload firewalld ansible.builtin.systemd: name: firewalld diff --git a/terraform/proxmox/main.tf b/terraform/proxmox/main.tf index 44aa05d..70a307b 100644 --- a/terraform/proxmox/main.tf +++ b/terraform/proxmox/main.tf @@ -11,6 +11,8 @@ terraform { provider "proxmox" { endpoint = var.proxmox_url api_token = var.proxmox_api_token + # insecure = true : Proxmox expose un certificat auto-signé sur le LAN. + # Pas de CA interne ni de cert Let's Encrypt sur IP privée — vérification TLS impossible. insecure = true ssh {