k/forgejo: add SSH support

This commit is contained in:
ryan-distrust.co 2023-05-16 00:03:01 -04:00
parent baeb4480ca
commit b6f32b61a4
Signed by untrusted user who does not match committer: ryan
GPG Key ID: 8E401478A3FBEF72
6 changed files with 190 additions and 4 deletions

View File

@ -0,0 +1,84 @@
apiVersion: v1
kind: Secret
metadata:
name: forgejo-ssh-keys
data:
ssh_host_ecdsa_key.pub: ENC[AES256_GCM,data:ItIdgBQ2OLhUuQhhTzedAkOCtwxHsFf9dMU4R6RXAE0GWaLu5gIRAWyA36h9TtnZ6PzeaEuPc/661XPzieZQeXdzm7E9pDylyR1PLLm5jfiOf+LyMwetGSWRZABw/AtUeHefRwqe5b0B/328Y78+76uofCOW+LhgEJelq5V/0XIqHLPDOrGKH6gEzpy8e33Q3eBzyrGBvkvo0rfE4Q1NbSw0OZa+f874BRuSMH+JZV+ni9LSUjqhp06gc/b/ZeSWoTNfGTTxtVV8zu9SA2Dbbkn3hmx5DwAV4bEyPkJjTBDtF8StM6WhlMIw0tk=,iv:i6tkqM49Mh/FjZ0N/KFEtUqwM3bhvekbdG3G+w0BEzM=,tag:wW25FduVGhFMYLwQbVejtg==,type:str]
ssh_host_dsa_key.pub: ENC[AES256_GCM,data:umcdUMUjLQ/KN2/hG2Xy1+pmPjcT3wMjz6DLZoh8R4Ec4MXSdo08gPnFzxqnJW7D+Tadb6xSXZXTM02AqGgFLOnlFRpyb63Ozb+yqUSWGCaP+UEd6ocgvYzmp81u6zjZ4jCOUICVxVyahA3s4jqwxCdWStF52wUpI2EOIoygBDhYinUlgDw9OVnzdymXgsIEfQiExEUOuydf6EEwmDKKGW2KjFbJYwwANWX4zT+NW7c3/6EgCO4CfG1uEWiIvzuiX+flxCFPGXdIIhdKMGvwPePiBlASx1sWPOIyOzPry3W/n+oanTdxbleLfv9E1GGkgIz5+9UyD/8LumbqAAH/ytcoFYxGrLRIaMgJucGfl/3H3NmywXbNCcaxHDlQMwiwI+hHFZWcPoCMtt7BZWsDzQhbAX+5ZmcZBBpYHKyYlvGjuqAFzfR4Pl5xCGF/xwWdgFf8G5nGZQm3NLS+o4WUL0it/ppjOB/9ruACA/vX4j9W8cLifPW1Zfs4HVhQwuNT7PFyUJUBi39RYGJd+FkGz5fyixEd2EQ9CP8aaLmgG7cGoMDtOr10dx0cxofAuL1vgnQ6X2/0zEeqkiP8PDAE1idfMAgq2pMWo147YqlrMpB9tD5gJVZ2u4tZ3iyu9S5ls55Okz0E1+wv+UgaBoh8BgEmXqWWUrDDoENiSWH+2nXYbQ7qowK36NsX35tK50tshs5eI8sWQt+UmmeopyEXpNBdNJX1E+8+x/Nl+mEi8qo9UMip4EtTVRGoCiugpSIChbEA/Vp3nI97+q+Z4uEBNNdNZMRLNkich1GTCA8O2Vkwe9QZoGfz2TuBLVXUsG3sc91RrAiY1mNjY41eKgtEjSuU+DE0pmYYHNd4OPTaU4ZD9d2wGrqitEjwDRuCKQNlRd1ESDoEPHVc+NFhswDYiJgU3CjX90TVP9/J2n5ama3aG88m/AkpiKlNibXC/DVnfHKnBvpKK25ZWEOhqAmet+R4w1a/XV+EN/lw5EZqbw5JrEnDNMVMbgqpomJkxqBJwB9+5aMcaFNsiJioUxIoWyQTtIuTeIiRugIVITJrEXfBESIA,iv:5z1pRJLM0jqv3jle1/2aLrFWlRMVrTqwW+tP9OYKQh8=,tag:6t3LskcUhQKDP3yUEQL8Ww==,type:str]
ssh_host_rsa_key: ENC[AES256_GCM,data:lb6/cQBMBzs078j9rgj3o81D26zAaigoQbgQFnw41RhpqM+eR3sPRJG93NHDYdaOjKqTwNodcabTcCYyZ/lcgFoVJr8Q3hxtx/ggROSW1fIMja4lybhaSjRkOY31VC7fi3/BEqcbf4Q8GbL81/xWQBiAp/DVncar6ApNL7L++RZy6bxXdKexTTSUido5fbeSfwBt6JRdLLbMNZTA5Ex6TPEnKGDD5jfUSZmk6qR/r4FGvOSgDLzg8iYMNX5o5sfR8gNgu9xzkYdXgWn3I79WhCTR8d+ZnyaTx5E7d68TrH6kXgNUt+D3JxYEuF79Sd80ALCZfk15Nt/yduKoC+3yxBj5yrD2aOjfcyn1cj+x6YS/Swk2iPS3Eo4b8LL2oBv0ORHsb6topwGU3k6Wh2DmthUpJtLRO0eth13ii7Ip2vcknZpod2Uh5uvl7BPH1KM0U6McRYg4UNAghSMjlLexjZSNDcxPvpycpZ20E12rHehO3pda2YXCO095LFpq6p43DBg4gVFA2B04qtAh28SBewX4gUf0KL9yO1RGP16ihsUznZ9UyJEnEx7KWvCPghyot/o7MbMuMr/eIACFabrBmBdHA/k4qSLRPDRDKdZDq/4evklbGSEJZmW9MQ14D2SZMW0ThDEL9JyywLVYiBLP1kxWthLRBAkZuDZNG52P/P1JxnmA2U7nAPJ/DXOiCHo9OK79bonb04OYxhW+f/eFY2dFZMMMKgu+SwPSc2v+lhH5CYaYkubeCiJhe2z+sMFlL/tTfzzoJwxlUnxgYf661epE2cYrAP2pDiX6h/yoMkLjp0jZHn04aiUjLkGqjih7N3QWdvx0qzhE7oiBiI7jHX31yPLteklMdhFjHoglbBQPeIu+rt+GINkV+Tkl0IfiXAtfDeL1IFHClcLxWOHm5+WxHQZAse7TIxD7MeJ5RZbTKGMNqcgDdDXDkN09qiOBLX5TGwNFQ7rXP7N27zbC0KjEO2fLttqJGhiWUX+J8p6aOUz+GjXHIXJPCRghCe2elZnEUcC+V7g20Is+rsED6qmj7ReG1QaGy5F7VZ8sxzgxrsJJr4m36VZY63Gk+ljh2wp7yeqAlGdPuX+EtMlbCC/CoHOxykkeS38BRO4LXDW7d6XxJi2HfvxQxbUEzysLmTdhMuAgpQwwasDwNSKfy7EFqG7Q9/MUhBNpkwyC1mCCHHIgfN/x/i+KqHstve088UpkqbO0MJsdyL4QwVXwT8hBKP7KR5AxwPT3oreK2us7vn5ANkZv5/ibdUbShggk3ye1g5yAS+QDhhDzNfdI4BbANehiqx5QvLc0F9QTZq6Uy3g/tLN9REwUKvCRVw8fIlezyVAlJrMfQmivnWIYXqC1SKVW6VKjUBxYCFSpxa8Fy1umMEc3wO0UtcU+k1fYctIRtPwkAk2dlCLJb9wSvuKZzaSLK4T7Cs2MuhHiwVnXQuy1yS/CA1sKsDSVwASu5D0SVDTIRVMQSs+O4Do4yKJaojN1JwXg3QNzh2TBbGChY+X1GR0Bs1pKrzfS14Y0pkEhcRS76KkeJnqZLH7J3wt35C5gbTYLfsk76XAc9Ry5/UfduuCccJP9/+rnh7etJN9yALhGn0ZKpuWOlIpFEur77aI7EyxI3p2QpMDfrQHvyPzlQ83sipc2hSIDCVn0imIP8CJvCwJE5ZpDhqBHAQ+q3F9TETtDkEESwZkrNaweptpjL/zXwpm1ri7JuyIMXtZHFTAa4c6mv4Gs7rrTdgVtZyj2HzcM88tPPeqvTIk6I/ffjfCShc238Goae1UgLX12ePrLaZUhjAKAIjasHwfyufZMd1IQC14ovm5SkJi9Nv/y/pt5u35bJZF09iS4++znuWHQ0EKv9xNQD94/dgDNzlOTRK5V2PMUAnf1r6f76ZFHzZ0Qe+Ev8Yc7KiJtCRDp0Q1uzvtF2RQCFkoeXBXrgzttYY3aa8VPU+6Yf+1guKxxVY0vHdEJ5rkB8Lj3zvpXwMqPQcdDUFgR5cc/lSJgDNjYirp2PrnkjRq+9oM8aiXSEE/v/dJ7u0VSkOi3Xb8pvkFxKmdl7l7eUqjnZCzNwKfl2rpK8PsmIFowXVRWjcrdPZpI+tNFZFE5WKp209BLVn+XOzWXbO8OXtZIsZYTc4c8639hYIh+jHIR1KsiCMd8OTUUjM2+ONfgqDY7mPHaoapNTJRIu2JU0ChgbYIJPhSeqO6DPt9eGPw+xpTxDnHHlQ5bgeHrTa4YdmFEbUIuDc/l1DB3fi0vDP2DOUOX32l1DkJkKbkyWeCReH69Usuq0YIChVds2aWsSt0Uquj12pXR4upgYTdZKFYn2K46ot4O6/tJRhabkxIrk7ojrhqMNV30nB6cEvQkc6oXCSCrFuOt4pFUsFUyBBMzcNapPCBxj1X5N+XdUTmxqHN5vhIej0CJa5w076sJUmbTE2M8P9mmOjuki9NfsO6OPR4QIQiXZawNACwTt9iNRvIQiFDM19f58+4N6neHv4iKqWLCttYlCUj4Al+D9/G3H9PMxBupQK+Y5Nc1K1jJn7jip75IIEu+chvX5+wZloFRQuh4xpjHOVDLOZloEfkZgU1YBAsIFRQ/s4PUP40NXrv8Yb/kCwaUXmatQmPtn8Rihg8sfbpBroYkRXQIVY1TRpZYKSkyUF1oDLHnEkUUb9ExiJG7wepZcp48H82lemKyDb9gsSSGvVyUAg8YY7+9evMLWnAk8GQyb/XcyY/RPpzESu+YZ/QSd//E2gT5TXtTg4obImE6sPV1xK2Jgdsfe8dqNJRW2GsVJcSBXIiNCDJg6Y8b4SyxAN1gbVIO95hAnaDKjQcJ76lX19zRfGpcYc6e6UM2lOEBgO+kDVcWMJVGFMoSHeCDkzCMhjLrH8yIaqh91fMlme5u1FweFFMVAbcu2yqJwHGsFCD4hIfpn5fz/FOZlr77O9xEkuI398Cp9b7jMazwpgFmdAIgG3yP0/oU15RKMH8gmUfhECFib8ivybcyfSXibDm1YJ0sa4Y3C2iVbeA4awoTVypPkR7RdNBjsvWE577XBgJxYiaLbGLvP82DqcKhrfcVy4O355vAN5HHtScF5ukepyhjbF3SWrNNGRrkE5qpNJDPr0Rmrg5EW10SpBDkAFnLlw+J93SEWMe0X5vyWi7UUe4O8FHd9zOawzGsD2SFNp6+YKcnpHXFf8mx6WYf9bAzZTgRv9Ifx3gv+VJon54h5Wa3gPJ9kTb4Id74vKG5pqSiuj3RhXY+JhE8czt7JNk7s5kRwf0euTsKLI8CASEtQBP9mBmEF//OX+l+3xrsfyQuqyP6mLofofQ6j6n+ECfhmTjW+1Q6ccuGbhsKz2PLXhHEwzqK1Ml9QoB+ESDZy9LJX1iK0Mvt/5tj5thqMgy+bhYZ0VDQXgnNPzWkkcp910+mgwOj7r69DGtBo/FVPRoZcHmtOSzmEVszvVroG269AeWLI5Dp8c/LMh81r1vXSEHfc28fSX+574M+UYLt7ye252lMr9gM9Ky6WcNHPDP8uSTf80UQfS5pSIhEBLrh13u28wufYJNbpgCBseQqxUIPb1s7ZCW5TgvpIoD/NfezBD9dfJWZjLVbxiqtm1mS4aLWlnFgbrGYdjULNFzI2Sudcg8uP2cs689tv4/JUeFlIqaJ+R3HKJu9L/UX84gXRZCqWN85qwrngA0dOAJlV0rKAzm/rPgUE/BDxhoyAj8SG+o8x4GHogPtG881OEa1at6m/03C9d++T6bgfykARvE5dXjtvzFw1picudyfAVYGCU2QOlogucV4hLlBMkgPaIuZbtgihHsE+G7bnGGmiJm3QCIVZFnjbaSOJW4cu1SJEa3z+M6yEUS6B5eYVgoxOREmkpowZMLHYIdk7sNkE09oSu5tEJg2gLSF8QOD26kuPhSdQ6Ro8JWu62vIfcYR8Mt/XviTCS6j2LOyEKka9nv/HfDLYi+ql7MmPdEJn4J7XeJpfzvVtDSWW5Nga9pFmnRsyPqgUX2xHoTx66jHL0YcjfKIISvMWpvxvUJ7qqv5/28VjLrm+jJL9fgfjUPRwFeV2siH4eiImLQFz4IOGXvM5fTq1aKVhiXDicqMTSERkMy2WZp54mEfdqCQvI5vR0HKZM2eP/Tz3ZAn+ild0rdYEcvve6rZMIM+tOwIgGS3vCOqSbgVVneneN2YmCPwjYoYTlgIofez0K1SHctvE6I1cgTXh7ZsrtSTjoxeAjt7AUJQ3qkK5XnEmx68H5oehgIF2fMDBdnJeFR/XzMVAlGxoAqZrEtmIqKejVbi0YoVOoeq6AWK0N7hZvvYqnRG4Bl4PKdVeDPpGtCgTfbHFB6HaZSwqQoqPCi/SiVngD01E83YXUAD/rwh3TDZRCnO8DEqdGsi1bAhX7+obQv4p4QqSuOipMf2lxSNlGhV90X0AqGIGgdK7sYaJ6OXjoQrG3RQpV6X4Q9v/2RzlulViXiQB7GY3aUGBLywg843Ks/ax6vPzmaOqP8ChNQKRY3ruHoflQWA5K9KE4BElrN4Td5IBiN5GPPzB58NoZyv/X5UlvrPZn3P+ohRKkIq+Uxm3TRUyTisC/GTQz17njdxd9oplDNBIoR4kKJq0XUjY7AFTVoG7VpkBx9BASsmdKnAj80qTAM0OQ==,iv:wEczRehVG+r/N8YBANTJwHzszLtUu50/0+kYRuzbwiA=,tag:0nYeR8XUKgHUwI5cgYjGbA==,type:str]
ssh_host_ed25519_key: ENC[AES256_GCM,data:Ahu+gvtv5SNvSA3TZFXvTZr4EZZb80vw6Pr/QuZ76Cyc/4BXvdW5hWIzUK51WQyRtouAo84hjfBP66mTmN2Js3pDQoPy82sOgVA+Fc80SHE9RMjE3ePHgfStWlKOTABHAXZBd1S+hcjptgPS5DJKVxQBaT2cAmFkNaI3+KWZ3oswcjuxfCbQ8vFeAygysJiOPMA/OQmoAqBz7pDyasr7tP4mkD33CiDthn8jQGmEZOtuVL2DOlp0nnWYTuL7UsRaFKaaU8kYA4OVUL8IoR/bAvc85I/KxVDs5Rxl4hStygzV7MDgVxGPX2txFAnelt9KicoTOBgaNRiXWP+NK2E58zeUwPkt4Bs1okvr/XGdBz/TLqVSzZ0bXw0x0U05eXlvFDz3Dj3iDW2UTJOZVqTzCd8a9fKTZfB7ebsEij66q9mrncaCfh0OJ2Eko6UNxEZxhKeUuuUXhgo2MovEWA+TvYK2VxCpL0bfQDwg2MrRiA0zOmB9bV8sd0Q+YqMc86DgEQnICj/FXUCmBTOH/sTv8njmX3IqBhcVuNn6e4Tn6wwxqTVDSGTjj6qY9ywWGMDk3T9HoxDmQsyhpX7fsuJBxhUEWyHB6Vq71hjNrrKq8njLfkQpnbSntt52jyZGHnIjtYNTcQI03mnl/QuhztxOkryGwZbZTqcL6PLmZR8BS0zxg6J76MxrJ8PzmBLEeZoBgqJJMA==,iv:aC6SKP2k9LsE/a2+1G38NC29va+5aNSf35hn5VjaB9k=,tag:OrZQrxa6/JS7WwC4OrMPCw==,type:str]
ssh_host_ecdsa_key: ENC[AES256_GCM,data:AWh+QiIegBYJmxUHN1XqbI8AGWTQZQvbB2SET1YphyA4xKSAI96emQ30vIZLzE9/iNmLZQl/NcrJS4iv7JLAy2hpZrA3IZYQ/rk5bYiBLZNT6wgjpskjS/bFJhtS90E215A4C+FMmGPUCURjQ70cuuOJ5SgpFnwEQFTtcIRvMe51qX4pNDjaiMHNl6pA5pEAcoVamdU8fC5QCtykxdC28bbVwTMfObPpkQ0Q/r+InHZGNPwA0u6Bv985Uby/aKb4SF8c+svof5KKcZBLFLtNPQwIxdbp9MXKLlEevzekcG8SikFC6jWrqZj6bQ0Uvvl7pwn4V9ICXVhze1ufifkubLD60FETJQIZhbHsKX64kAL04AlNKdSeBSXGIn2AutSGpRUCmr/lQ6qfCFRJpQiv0dMG2cVSmmomRg32BAAswufUU9bUwtggRfYnJaS9EUKVB0vMI8R2zO7yCDSgTEHbiYxdbdMQGsKQ689iyQa/o51bLdK8uahZwig/oNXT5jNko/FxJoKcqxd5si9yBG7niddIURs9v73A3ccV+OMnK6bs/QZDhAbr+RMw2bRjtluqMgsHF/+KOC0RlxGrbsQ9tytMkhruEnLdasUGx0RFGTJhZwLHEf1WaQ0zLJzTtc9vbPpEmUwPg9wKeJ4nxo4E+rAN1EM+QPzno5d+kOWwTBaH77Urclh1GRtS3cJpK2J7xLnUbsz6EPetznfBZNIj28P8kwF3WViQCSqcmmEzKrKnoZ8bQJ33nWl8kpBkonvP+QzRUUdFk6TrC0kJ7A+jnl/v/yt5HVvQX5Re77AqPI0rVliEn8GkMNENyFH/TA0jBEK1Q98xQMHX/MlB9eJ0z3PEn+lxXzdaF7rPnWPn22uY1L1YIeJ5T/RMadAa45aLDe+8Ng==,iv:jnLJgfAbQ1DPSyu5IQ9u49mQU6nsYsVNKe5J2lw+u3c=,tag:+Gn8ivVAcSdoeXcuMx0NHg==,type:str]
ssh_host_ed25519_key.pub: ENC[AES256_GCM,data:KDQ+VWgqcqgJ8whWaoykmqugQNEWriwVSi4IewyRV5juNKLwiePMhjYtvLU/lGL0BJOzUp+fm3Uv/9bDGxEaT9uDGUHzsXRCLTP6Ws5PIOIileBEI89s65vY9jfnbwOslB4WMpJiASldKuy6edri6pAMGjs/JAVq0twbLRMTtQQ=,iv:qg85GAZlqyYCjwNJtbpUJSD0GN62e3WbGtcJWWdYUDo=,tag:QOK8Ha4OQPpsb66HQl9U4g==,type:str]
ssh_host_dsa_key: ENC[AES256_GCM,data:yZhf0GxtE9k8cJAlCgxOhr2HEcL8f447e4zzdPcmL87PqITAYEX/bnDYYEjMOcItkPIx+R+wIhkI2SdVl1hSGdxuaqIDClNqA+Ksd4M2p/dELwtVH/0uCmcMC1fJR0iAZZPrUqOhGbHJdgeszi0b6Dl+WIym307s3rU2dj/Z//8gK96DZqIm/ymNvQ42tdUmD4FyvO+0V3Qnm6sfMrw1VhfOf8XnjeY+ivb7k5/punt8jA48G6PiaeRJ2w511DmW8nQJlucPb6RvFyZMwKE0JPFms0nKe0vle6lZA2ULQGbCF9elWNNWDMcJueX2w/WA6xP/5EHzdq+RwJmy6nSTB8nMsIS8jshSNRF7qx1v06LoG6Zdo53xYxh88nDYgsbdAMTj6dcNUF7HxRn8eHEIx6DQczdASwJ/tTeVUng/q9uPN5QSap2gmKwnPPekIh8qTxCiNFqDGcGaGj41hzhq1XfQgci6SRxDSizV/errQ10rSjvYZeEkfzWoOTomQdxWVe+4e1CV51kx6L6y7wk5e1wccabmOH0MQuTHKp45QvujLgBT1JAjHv9csO2hJgGCNYXWArIRFTKlZPkVzHlb90Xr7wlTdQshMKhEo10bNvqrFNp0osJu1wb9/m5LQY1PJM60Hrb+4jDUaeXdYXtwESVzVxol564vf+em/nqilB26M51ni8g6Fh9rkwodj4i3jSgoA3wzv8r9yFuXjuXjHtODLMy0EQUFCnbgzyz6GsKpZWL3Esd7OPAUXfNXW9/DuoS3j1pJqXvL6wrVva+FJotA2V7nJBrGQgTSkqJ6SSVffBPV/wUkDOhRhe1J1tXMtaAy1swiznzB0OuRmpG1zL71+pMisbh3oQux+pjxvMa9TcbWNLtYhNsK2hblgGQFeCnSE6ROzrCP3owpsVuVe/qfo+jUbRN6Ekv4gh7J2+9IKpxbeBqW2bEsn994s1fGjfSYv0kbRxr02V0kUJVtaMjSM8bypCEKOazIb0iGbtmSAlPMUijsosr1gMaYNeZ6OvdmDpaBYUb9T5AasGHmZAWqqtc4ayonQ0MYs29YInmn8OWEFQOMDlDYrRD8V0idEQG0sXCWXIjfRUf6wiEK5MF2xIGonkRKHGa906V+Jf3xLENXUamrVevGPb1bAsANNnhWOHz+9sKtBhwRnmBzR5X9zQ5M+Y3xCm/PtN6vaPOrOTuMxCxDui9I+2S+73OUswKUdAu8KOyWRbEUQ7/8CKAXSoyiWbcFUMfsiuDn8r9n5+N9Ji3TnnTRzaANNEGwEF8jY0P6W254/f3r7Z0aKoDCjFKsvyZwEdQitp5BILzjclhELH3pVNQr3yS4GQXfFWPxmAmrUl+S0m8YNPIej6h1nc1cjQMLNbp4kQ2nc9BxLrwmSH0R4UX9Ywp/2+OMelsr2xkxC49xEaV9G1RMwyRXkAumcxVKQo4WkA5KknewV1LhRjYDGW02naOH+D691fUaXZIVvdlS89OWbmfEuWEjgT8qz6W+eiIogTjKal8U8TY36XGEipL3NntNZ9nK06kHFqiZZYYX5ai2fiDevt7/1gMHprO1dURkl61IoBxmiDk0yLZcPhX/PvxqCN16K0It8K/R/QUpuBdy0uzJ4Lo2AQfId+QrnpE6sVBnLCTZ+CnAX8uZvC95F7Ik3iHIQhtAJsLpP4jZdGK0UlE8SW22Aix7qVd49mMhFtOdzW3PGa/+QfZB0FAvJPmsmCzfw5yefQcAqPbs7PQUS4ukdDEJVPHxRVDxdTuBcIoQTJ6T+AX3VXL+7JirqpHKrOSFZTsIlo8UQBy+BueKZdAJRXoEU0/eDg0KzM+8wIERngiLEt6j9zF+JBBdVu/MWlag5Zn9775CdZVxMZ/Vg59zc93fpUzkWxVOZB4wIkLvL32yyyhycTFNOZPb9f8OylAesVBVCWeSPXs/EqQVn2VXtLEwP21LPeOQ6EB4/bDIr9eSHVeJo/JwZWN3Wn5qMeMXCR3Yr26G4F8dvbZ72TafkwpsdkQ31pcbhUL5PDXcJgMGfQrT3ME3njdOVzmlrqmjSx57K42wXTQjD6UJEQud3Fx1h9Ji6Fz4eY6OUDjoKsM3OvDjTPrzPMJugAYMhF57zfGSPrDBda4jUYwIOlbThD2Jq7x8lMFdDHYL+NmaGGuedgXvqDoRa7vmZePFJv3ez/2vjQyakDvYBVd9RL5/KYnGrcle1fMVvjpq6aNMPmzlgJxMT267PQQHu90BgsZlW/pv083TRqjecNrdwgkekS5kQL4ekTrfs+fknYDEUyUS9ev8Yf9/SfTNaexmhjbwBboKPrGXu3LXXnmwgGJM9XeVgB2KIsbUwFdoQ8Kz2WXnhTz5MmLhbP8Jj60bY/NhkDnySZa/WuRbPc3plcnByw85YCgX+xjoOCSRvt33zRbLys1/bxyUU/gDQEGM/SSPYsp/BpJBttB2FMABiX+N5fJAsY9B9u5I,iv:cZ3Iyl0itwVfKYmImzuJ5Lp2e3+m53kID2UgQ0P2L88=,tag:8z20+dQ+fAd4vf1HuWmsvw==,type:str]
ssh_host_rsa_key.pub: ENC[AES256_GCM,data:A5VBf5vL7C3UsqZ+41TmCYkiAcXKFLs0nfrXEmvcgFNAYMsCh5bHlcf748Jt/151HHac2uEPNJJaIIm6+gwL+lqWaVsbGcMBW9sqJ/GHr44CBCXTGxabXLxOWuZ39xYlENa9ebQ8CmX7ttbDyE4XWaxyLm/q4zqokw5iDUnC1Vzegvp1z5u2AILuVZOEcXX3qthfPhqsCTV8rCNOMWoC8arhPEQJ6qbE6WH0GajzXHUXngkMNfsfWa9ZgpgXEefpCmoIb1sYdtg0ToXn6Gk6LU0ToUnTC/MRfS3+s2GxDqLHjbBtPvJ6blx6rhMO3xH9ZY+yhoFjlXfQzK8Gp/3pkP+XhC9k3SNz77zT+brQqPFgPLlTxYgFEbSDst+iO7WI7WjZWHWagQsXP8d8dhE8FGxw8T+qkT4LnWsZbkXhIFSn+MSLgmYM32UUSIAGYz0EbmwivSsDE92uVVYVgUP7ZWRLm+xb8ANy9XfH/N+EARo2WLnWUuVWQ55RTnn9u2UTJlKwXj3z9+tCmlF1t7VPNWsYihDumqZWT7978U0mbcxrRy1aSuW0rhgNACtamKBIv40fnVwgvFjsPQQVLxHIAlt2gLT4psEpZCbPyx+RpjxGy8fPaEfZSr6J0TCyIWolUv+XzXzYoV+Af/kIOstxFJH4G1NlXSs3RGgrrfD5pcOhunHRavFt1OMCZsgR+nGp9bPOocKv9XkB4q5BEjE059SMKRPJ5S4AiBdqvskq6Gx60fIl5USEOtaptYmatk7+rdbvsnMVWuyVUIAu8JoGLv9PF65mJXw36ZhfY/aip8krW9Ysj4BPyCrSzQzhiMYTL+2sw3V74UwwLlhM+IsBzl0LQRboa1n4gMcRIpvVyHxUjWTiOXhcNK5qzTrvWW/KzpVylS0mITl0jn1X002NJjPVRZCw/BQrdlqcjCLp5edLfllYJkT873bvXNBeaRX9uKbVWBS/t0ixQDgM9kFAjv0Q07evuERBuHfaY7h98ujX48Wt,iv:axLBXsBFwQNcmKh4YeFcOtwLG/gIyJUj1dsZkjIR02A=,tag:cP9DaIegAfyXbwVRvdhNKA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-05-16T03:02:13Z"
mac: ENC[AES256_GCM,data:RMZJWZzEpceTdLC+EX6SBba/fy0rnT0W8srXsduG1/c5ZxWgqwtUxUH33Y9rNRfF4xWB9/jFXnbBpEFoZDWvs8kBjP90T8GTxaW6NPksYMBlCJmzG3OVQA4cLJMRzLT8WU7O65xX3ByW74FS3ueBMFYLiOFuxcXq6xWFR9rlTbU=,iv:DmSzb1Lb5Y4dk2/w5sWUOlvLcS/ikoHd6rD2PTijVbY=,tag:z2yQwhH1W6E4fL/K6bLaYw==,type:str]
pgp:
- created_at: "2023-05-16T03:02:11Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA82rPM2mSf/aARAAgsoCpfxfMon1jxrjt3OHRY/l7ZXPAA5gOt5EgPKM97tF
RpnVczoXe12AxMTbhkAojUNq2NAkCeY1x9WhSz4vVw6ImgIznpXqEM1JiKLPHTCG
UuJhYb/Lr6ehlGJP2YjICMu0KeeAMt/pu8h7n1+HuINxtYOwofxEe6hgAPS312T9
LLa9NNW42kNWp/huszVSDVqibSBxFly6Ca13xIQ7O0BauTgsHSfFKkB/o0XavIG/
H9jMUTj/HMr6R/OhS5oWJW0ZHk9QRVm8Q6bZLX5ZPBTfuHlFyb0Z0bIKl03cbUtk
EnHMO40Qd1MF0Q1hiGFphAtbPPATGyKM3XVF8bVaw/utLzMYqZK4bLZnVQrkrRPC
n9L6wd0PK3LYIEg1JCySV/HYpSkMrwRjbCO07XPlmkRSbRfHIld5tneZ73ICnzby
7S3mxb3ZRYpZnmwQtNN9NnhYRYchyq4DB2Cuz3Tuz+9lJAobSESzNYx7EnKSq0ub
ivmpDt8JED6ydNrtX1mUZO/rTiC5hBtUL0+eAg64v3/v3GDaKnkPlSxspnmGNvzh
wpr1zQugytJTo92mqX4+CQlJZmGQPtrDjX0bD8F1nobw3MrP1ZLhRp6Kgwl0A5s+
BPcyWkQT7KFAi9FB29hcan61UFYTkNT0jW+zv8f8Zsk58smOv/N1MhthMnGk1o/S
UQHyNMZbw9U24M6z4Ut0eXJkp+GAX4BoDt/eVltlvnAginhdSTdvJE5wSsHNt0CJ
pVDe5n4ps4u1xodl9r9nuPPr8WJfKbNjeQn+VZQ0qScvTA==
=E3ap
-----END PGP MESSAGE-----
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
- created_at: "2023-05-16T03:02:11Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMAw95Vf08z8oUAQ/8DYchX81IWgcj502S7clcN5IXx/si1OUo3RU3Fc+bdcl6
JguLGkdA9SGpPAxoQbEY6H6g5rJO6ciN5chJQPiIEEf6ChW+P4uwWJHvz6PnN8dm
EYlxDrSrsUpDEKPvDV9aAQLTdlHxVIerBjtb8BMUPDs0muSNtx3cElxNSpvwbi1e
pNafNIY3eRuxGHueG1Rzd09TsgcsupIL3MAtPp1OILXJDdJJ+LH+4qWkxJDKU9DE
VvTTtu0633rlWdU4Fus8lPcb4ZwUZCM3/LuKmjqEalfeW6KCQ44gxrmAoKUXAIjO
S4Yn3nbnZu54mv0Bt/Z39HNNv5ScA+OqqINYN9fEKSF/r0DJqVU+buFulxypvEMq
KeVaz0lOw34T33/fTMFJaLorSTC7yAYsZfuK90+Mv6Jb34HIHY2LFjgRZyzEub1V
cKzb8sS06jYZZ0csFAgoWbJPK2fgxmG4LR7xd9trDb4AssPcknG2g77vipD2vnJQ
hZYt+f4MWwF8qrCvUQ2N3QrEBpNvi1KTrHFa+6ZUjE4PDlnGyo084efRN2NLIeLQ
JH2oxKNaXLgms/B3cOGYDNxihmUMFvZXriJkuJWimTl8ik/3GU6rS+9BsDNY6EMF
SlqX8URaKgA0e7jVb+Yt7EDloqyHjH0Y204u8e95KKUsUrUd9kTw9Sq36L3ogzXS
UQE+pIwWCeaDxcXZTMh2ncvZ1Np5ITXHilx2iTS+0H19X4kn9QzuAlDKj6Lv2A9L
2pU1RfgstN5Y7kkdWqQRlv387ATYpFrF6ktEl7K/xySjsg==
=DEEM
-----END PGP MESSAGE-----
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
- created_at: "2023-05-16T03:02:11Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA0/D4ws+/KPtAQ//d4kupW5D9iBrS9FkRZWC5xx1gBudSd5fG9jw+2FFJKVB
I54nbbzMOtZdMr6arldSc48pAi6PVW0VbqA0s28Nxdo1nrPj3ZRCGiz+FKbIup/H
KKNXTOWns9KO+yAQbrVtHQ8OnQHViksa48mDzmZwmaQJdWvJguSf+GLPc67lpu/1
HYJSiMKHjI3t6/v75SoYo8zbaSd7tyZBE+FdbwUxouvvxaoWnr1DDR4SVfXqwvQ0
mPzD6eBSjs8Ccxi0GlVkX573gz2mk4hLEcmqWOCRDHTupbjvvV0AkF9AfgF83lXJ
/HfxpMn7dsg+O0R7ozrvNTOiBElOn4KUI6rtatnj/1O8q9e6Zn4abbbiDsEdPWXJ
nrhhfP0iJCZ1GggcKEcwN18SpdFCfOGzm9l36mOR7e9FtpdefcBX79ytnXvE6b1i
4MNZ6F+Hje/9H7VqIXonZVVDuyjAvo5DjkRu4kHM/5tNHflVQnWOAj3zOyyMipdu
Pinn2Ru8j2vvFtCx5jSXXVnvCqG51B+atFeyEAovyfsJChHDH0qE3Ey7AzmIcpP6
122MyRfYYkrH0CFSSj+J9/IQ7LMn9IN2R6xb1PC4XyQ4qCeMztuuwn/stD5UDjxW
IzYFdgp3Ae2zTaVlTHrgIGYPTONUvbT23q8Wa8u2oxPW0WJqLE9Wt7twOA7OKJbS
UQHLkfzi9dCacuBMJHf3cpRCBSDmEvt4v41myf3/KFZzMaO9/TkPQhaM6L7eMg4A
joD5qiDyNB+itYbx5FveX+Ckpk3BGUgxkiBFAw55b8rw7g==
=VkDK
-----END PGP MESSAGE-----
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
encrypted_regex: ^(data|stringData)$
version: 3.7.3

View File

@ -0,0 +1,49 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: forgejo
spec:
template:
spec:
initContainers:
- name: forgejo-ssh-key-prep
image: codeberg.org/forgejo/forgejo:1.19.3-0
command: ["sh"]
args:
- -c
- |-
cd /in
for file in *; do
cp $file /out
echo >> "/out/$file"
chmod go-rw "/out/$file"
done
volumeMounts:
- name: forgejo-ssh-keys-secret
mountPath: /in
- name: forgejo-ssh-keys
mountPath: /out
containers:
- name: forgejo-ssh
args:
- -D
- -e
- -p
- "2222"
- -o
- PidFile=/tmp/sshd.pid
- -h
- /etc/ssh/keys/ssh_host_ecdsa_key
- -h
- /etc/ssh/keys/ssh_host_ed25519_key
- -h
- /etc/ssh/keys/ssh_host_rsa_key
volumeMounts:
- name: forgejo-ssh-keys
mountPath: /etc/ssh/keys
volumes:
- name: forgejo-ssh-keys-secret
secret:
secretName: forgejo-ssh-keys
- name: forgejo-ssh-keys
emptyDir: {}

View File

@ -12,6 +12,12 @@ patches:
version: v1
kind: StatefulSet
name: forgejo
- path: forgejo-ssh-keys.patch.yaml
target:
group: apps
version: v1
kind: StatefulSet
name: forgejo
generators:
- secret-generator.yaml
configMapGenerator:

View File

@ -8,7 +8,10 @@ spec:
ports:
- name: http
port: 80
targetPort: 8080
targetPort: http
- name: ssh
port: 22
targetPort: ssh
selector:
app: forgejo
type: ClusterIP
@ -30,8 +33,7 @@ spec:
labels:
app: forgejo
spec:
# To allow ssh and web to coexist
shareProcessNamespace: true
# shareProcessNamespace: true
initContainers:
- name: config-templater
image: codeberg.org/forgejo/forgejo:1.19.3-0
@ -92,6 +94,24 @@ spec:
mountPath: /data
- name: forgejo-config
mountPath: /etc/forgejo
- name: forgejo-ssh
image: codeberg.org/forgejo/forgejo:1.19.3-0
command: ["/usr/sbin/sshd"]
args:
- -D
- -e
- -p
- "2222"
- -o
- PidFile=/tmp/sshd.pid
ports:
- containerPort: 2222
name: ssh
volumeMounts:
- name: forgejo-data
mountPath: /data
- name: forgejo-config
mountPath: /etc/forgejo
volumes:
- name: forgejo-config
emptyDir: {}
@ -101,7 +121,6 @@ spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
volumeClaimTemplates:
- metadata:
name: forgejo-data

View File

@ -0,0 +1,27 @@
#!/bin/sh
if test -t 1; then
# This is not foolproof. Can easily be beat by doing |cat. This is just to
# make it less likely that secrets are output to terminal.
echo "Error: Not outputting secret to stdout; redirect output to a file or" \
"pipe output to \`sops\`." >/dev/stderr
exit 1
fi
tmpdir="$(mktemp -d)"
mkdir -p "$tmpdir/etc/ssh"
ssh-keygen -Af "$tmpdir" 1>&2
cat <<EOF
apiVersion: v1
kind: Secret
metadata:
name: forgejo-ssh-keys
data:
EOF
for file in $(find "$tmpdir"); do
if test -f "$file"; then
echo " $(basename $file): $(base64 -w 0 $file)"
fi
done

View File

@ -4,5 +4,6 @@ metadata:
name: forgejo
files:
- ./forgejo-config.enc.yaml
- ./forgejo-ssh-keys.enc.yaml
- ./keycloak-client-config.enc.yaml
- ./postgres-auth.enc.yaml