k/forgejo: initial WIP commit
This commit is contained in:
parent
2e5a3e0802
commit
baeb4480ca
|
@ -0,0 +1,89 @@
|
||||||
|
RUN_MODE = prod
|
||||||
|
RUN_USER = git
|
||||||
|
|
||||||
|
[repository]
|
||||||
|
ROOT = /data/git/repositories
|
||||||
|
|
||||||
|
[repository.local]
|
||||||
|
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
|
||||||
|
|
||||||
|
[repository.upload]
|
||||||
|
TEMP_PATH = /data/gitea/uploads
|
||||||
|
|
||||||
|
[server]
|
||||||
|
APP_DATA_PATH = /data/gitea
|
||||||
|
HTTP_PORT = 8080
|
||||||
|
DISABLE_SSH = false
|
||||||
|
SSH_PORT = 22
|
||||||
|
SSH_LISTEN_PORT = 22
|
||||||
|
LFS_START_SERVER = true
|
||||||
|
OFFLINE_MODE = false
|
||||||
|
|
||||||
|
[database]
|
||||||
|
DB_TYPE = postgres
|
||||||
|
LOG_SQL = false
|
||||||
|
SCHEMA =
|
||||||
|
SSL_MODE = require
|
||||||
|
CHARSET = utf8
|
||||||
|
|
||||||
|
[indexer]
|
||||||
|
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
|
||||||
|
|
||||||
|
[session]
|
||||||
|
PROVIDER_CONFIG = /data/gitea/sessions
|
||||||
|
PROVIDER = file
|
||||||
|
|
||||||
|
[picture]
|
||||||
|
AVATAR_UPLOAD_PATH = /data/gitea/avatars
|
||||||
|
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
|
||||||
|
|
||||||
|
[attachment]
|
||||||
|
PATH = /data/gitea/attachments
|
||||||
|
|
||||||
|
[log]
|
||||||
|
MODE = console
|
||||||
|
LEVEL = info
|
||||||
|
ROUTER = console
|
||||||
|
ROOT_PATH = /data/gitea/log
|
||||||
|
|
||||||
|
[security]
|
||||||
|
INSTALL_LOCK = true
|
||||||
|
REVERSE_PROXY_LIMIT = 1
|
||||||
|
REVERSE_PROXY_TRUSTED_PROXIES = *
|
||||||
|
PASSWORD_HASH_ALGO = pbkdf2_hi
|
||||||
|
|
||||||
|
[service]
|
||||||
|
DISABLE_REGISTRATION = true
|
||||||
|
REQUIRE_SIGNIN_VIEW = false
|
||||||
|
REGISTER_EMAIL_CONFIRM = false
|
||||||
|
ENABLE_NOTIFY_MAIL = false
|
||||||
|
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
|
||||||
|
ENABLE_CAPTCHA = false
|
||||||
|
DEFAULT_KEEP_EMAIL_PRIVATE = false
|
||||||
|
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
|
||||||
|
DEFAULT_ENABLE_TIMETRACKING = true
|
||||||
|
|
||||||
|
[lfs]
|
||||||
|
PATH = /data/git/lfs
|
||||||
|
|
||||||
|
[mailer]
|
||||||
|
ENABLED = false
|
||||||
|
|
||||||
|
[openid]
|
||||||
|
ENABLE_OPENID_SIGNIN = false
|
||||||
|
ENABLE_OPENID_SIGNUP = false
|
||||||
|
|
||||||
|
[oauth2]
|
||||||
|
ENABLE = false
|
||||||
|
|
||||||
|
[oauth2_client]
|
||||||
|
ENABLE_AUTO_REGISTRATION = true
|
||||||
|
|
||||||
|
[cron.update_checker]
|
||||||
|
ENABLED = false
|
||||||
|
|
||||||
|
[repository.pull-request]
|
||||||
|
DEFAULT_MERGE_STYLE = merge
|
||||||
|
|
||||||
|
[repository.signing]
|
||||||
|
DEFAULT_TRUST_MODEL = committer
|
|
@ -0,0 +1,79 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: forgejo-config
|
||||||
|
stringData:
|
||||||
|
GITEA__SERVER__LFS_JWT_SECRET: ENC[AES256_GCM,data:PMPjQesE7LMTm9345yiT0te/jD3c4ea/YB2RpAmUBXzWEkOf1xDmTF924g==,iv:4U01ffSZMbd7nbIdJ3galwn9GLfjz1YRzY8O3CiulAs=,tag:gOMuErB4aL32tkf5WVoPFw==,type:str]
|
||||||
|
GITEA__SECURITY__SECRET_KEY: ENC[AES256_GCM,data:9YAR3AfcAnhsrTfKmtGEY/L/RP4lIN+zG3gG9a58qrO7KVp/Awr8Ag8dDat3rZQhjfqZEAweok/PCZk6j8rtbA==,iv:7aVM2ElvBFy8ZWv/wC9Ne4SQ4Jd4VfaTbuSbdqgjirQ=,tag:2nv+oVdVhfnxi82R0vpNXA==,type:str]
|
||||||
|
GITEA__SECURITY__INTERNAL_TOKEN: ENC[AES256_GCM,data:Zo/HXJSy4CMDOD0f9Y9qhnlHWE7LhAH+gJBG6jAxXelqmVnfqBq7EnspNpf8IJmbRpbZs0O0JmRYcaczZUZDs6V+brxnN9dis35CCH9mqqrKUgda4OI0M4EQiCvJEbY3V4kyMRtea+6c,iv:+o5qWVQqZBr5+FyWJ4SQ560eXQ1BygKChZjU9GKoXw4=,tag:oGiSX2hzhBfzOMiZRrjOlg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-05-16T01:04:13Z"
|
||||||
|
mac: ENC[AES256_GCM,data:Z4I7wqmTH8sq8BbNUT/yfW8IIChL8eeCFh+aNwDdeVBfhTJke8QatVUsPsq366lDqYcrkNft89hUuYZ0ny69ksqQANQl4547gJrJ9kg25qN7i9M4qON/drlg7iJV+B/MLXouHdY23XQM7s7JZF9o4XOqy4o6X4d/mWf/oLVlZGU=,iv:3IYg7h1DZhM5eBJFhldAauiT9gdERBAlRIGZdMtykwM=,tag:2Xabp+Tn79WasynoMnSfYQ==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-05-16T01:04:10Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA82rPM2mSf/aAQ//Wyw0+UV0AMqRCM+X27tKwSEt2RGaQb3ELbJW4Op9xraJ
|
||||||
|
lJAdOKqLhTkpR3DLumSjlVU3pukiBoq003FqwizVIbjD1Yp8z42HNL/KqlmGn8eK
|
||||||
|
WB+vz96L34SJP48uK7qSsJ9lxYlSlWZCRPoTKdoxZR3AYClpVWsr9B6WkGkbC8mn
|
||||||
|
/oTu/MVA5tq/POdxDy+K3ZtVLudnwvpOD1VwH97+kJqwJNjMNE33uPr9O+z8JfZ6
|
||||||
|
NIgdljVE67FJM7Dk3wcyRKEJHhFajhTLI4acZGWGASjIXP4j/w2mCX7gv3J8Gerb
|
||||||
|
3shY5oN+cDjO7bQBvvbER4Xkl2oLn/6h7Vu7pQki2ggjIJg5f4wlLz7y9CDLsS4Y
|
||||||
|
BHpBYRljHqzblTG6IeiQE6Oz2GMBibJBEv/MmGriZ+ON9bu6Vmn9QBwzUGOKEc7F
|
||||||
|
F+WF+On2ntGcpMUW14L8KLeK3kHZxJuioOCNOB77Xwg6c04p0nh+VmWtLWrMeEIr
|
||||||
|
1M9p29K1HXQto0NhgNQAMGr1jIlEDKxD7XOaK3w80qZivyYmgGDIM8g4bpDYbaCV
|
||||||
|
gjaHyfLUTwdReiarSK/xjq4/udjAJN+VBWB1dggTqc+a/rhiUOXsdXy2X/+N627g
|
||||||
|
1NEDNkOpmJLz8HMhBZPLTOJJHp9/mwcL5X5viBz824deh4ZQX8CqzrtSZhoPRUnS
|
||||||
|
UQFSD7+NCg1koARk98aoX7pW4OwBjA9pxuLxAmx0nFagj1wMu/MNZLlbdj4H47fF
|
||||||
|
6v3EjZqvJJwjE9GPugjFE4Xxc7Y38j92yY7RFd2qOP08EQ==
|
||||||
|
=I1Lu
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||||
|
- created_at: "2023-05-16T01:04:10Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMAw95Vf08z8oUARAA2CMPzEZxtU/wsobnddpJmZHUzjynaStWN1bnP3uC6RgC
|
||||||
|
/IvzxW7g9sUqGgjVLVqWfvsbUZNFQyJ0LLkXUwAC9rjP+Hj/WJ8C48tf0sKmrI1e
|
||||||
|
k+ebafZFlpTNk3Il/hzUagUhuA/1mPDq3jxhxy3GYmwxn78pt8m9egpdZFsoZZnG
|
||||||
|
bEQiyAeF4QOQsgwXjBCmuzY4Gz5q8gYIgZbvE7YvknsQHVUx0gRieQFgwWuE3jXY
|
||||||
|
nxCf97tmb6pPT4KBbmDXW3y/38SX5Hq9OyJxPN/rF2PlGdXbCcrrzmPqRits3Q/4
|
||||||
|
G1LixHIU2G8R894etl+eewj3KH2uzLMF7iu3dRa83qELdmv6rNW8PaGCceRk77I/
|
||||||
|
HCHqIKhMpAuX4DMCcq2W0b975tDZFdY3V+tPhNuqDbuVsUuKN9BdsXrb/mvOLntS
|
||||||
|
MOSo7ymyDNE0WEmjgz79CftPpX69qkV0LK9oSb7iK2Ro0qaTJI5+so0l8s+XaY8W
|
||||||
|
EjMNMEr92UVQeUUDHTpvkbCfnNZcw0P0Plsg6gbp3FYRlwyVGJ2wLwATbxQaLhW3
|
||||||
|
2zUjohJ0bhHZzL1Nfxs7tRwAv7I0wGUjAdB0r+m2tt0fq4xMcWNsGNA2nYIVw7tk
|
||||||
|
nhJXgoiqTzY542FcbdkT5E1SRgqtliK+WllBQpxiG7hdMd+kE8yVIIBtMDyP3jXS
|
||||||
|
UQEBMk1W1uM8paV6mN/vUo+GywmsIY6YVz1sClGvqWUib3D7TjIC19CpJpsA3mEu
|
||||||
|
71PTUmlyu5Fv110khriLDT7n4wvlCGxcAUedPhfaJ29j7A==
|
||||||
|
=L9c6
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||||
|
- created_at: "2023-05-16T01:04:10Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA0/D4ws+/KPtAQ/8D5FK8KboAoDIR25r+ZGDzvU0B/kKFtdrULfjZ82DWv+2
|
||||||
|
TicQcfzjqoxxJdGppe3MUNliX7E5C03Y0cTYaI8HxAuUpsuj3T5XuQuK+7v6hVP3
|
||||||
|
0MmSOii8OiZMJxHL7RUJfJ7z/VvLxcUw88Vdogu/9DYEtENyFi3eYMik4J6YIpVh
|
||||||
|
23Kn9/jT2qTs0d4wA56wKCRMG71eZj6U38Tfc5XCzJhi929j7qhHbSMNPFVxZWIh
|
||||||
|
6atXx412N+VOx8aaYAAp3TXHNf+8vpSvtNByl5cRRFUuqccO8Erie8rJ4y4rHZna
|
||||||
|
FG0Yj3NDecLo+VC4r7v5v9OIlRECCnS9DfVHCJIpA1lTprXyvrQTH9Z2Ko0pJik6
|
||||||
|
zUCF5wqxd80oVm2P2iOmLLoF9oxo16nua/eLarMPKElhfj/g8Rw16b1/NO1I4qjK
|
||||||
|
/Nh8uE7BXtrMV/BlYRHv8KoHwAyNpQLD8B3tCnBNZAtdhmdCPNl2XU6NifKmsMzj
|
||||||
|
hCGvqUiTycb69T3Nek5aCcHQKyVwOhizHpjCpLAEgBlyFsvYtIQdu9PGoFSCnSMw
|
||||||
|
RM9bCh1l2zzsdi3aH1UaVE9fGIFOUbOvxAH6MKOTYw01xW4tF/+2qSZ3qU4XVU6T
|
||||||
|
zi1SoSzxuCea7Ik/7QUp4LBOq0eXBMKHQSUw2YgVJte1wm5xw12k+RxiikPWfY/S
|
||||||
|
UQEYNVZNXLfICgm8f143jUI3/Uu6I3Xs7SxJSbJMRLh9bl7QuRFpDCI+ymdUBjUN
|
||||||
|
gTRhUQVQEVCFUu+OOYeuBIe/T6BTmrcyvHH3PiJIIoRntA==
|
||||||
|
=vMUS
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.7.3
|
|
@ -0,0 +1,39 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: StatefulSet
|
||||||
|
metadata:
|
||||||
|
name: forgejo
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
initContainers:
|
||||||
|
- name: config-templater
|
||||||
|
envFrom:
|
||||||
|
- configMapRef:
|
||||||
|
name: forgejo-config
|
||||||
|
- secretRef:
|
||||||
|
name: forgejo-config
|
||||||
|
env:
|
||||||
|
- name: GITEA__DATABASE__HOST
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: database-configuration
|
||||||
|
key: address
|
||||||
|
- name: GITEA__DATABASE__NAME
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: database-configuration
|
||||||
|
key: dbname
|
||||||
|
- name: GITEA__DATABASE__USER
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: database-configuration
|
||||||
|
key: name
|
||||||
|
- name: GITEA__DATABASE__PASSWD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: database-configuration
|
||||||
|
key: password
|
||||||
|
- name: forgejo-oidc
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: keycloak-client-config
|
|
@ -0,0 +1,24 @@
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: forgejo
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt
|
||||||
|
external-dns.alpha.kubernetes.io/hostname: forgejo.distrust.co
|
||||||
|
spec:
|
||||||
|
ingressClassName: nginx
|
||||||
|
rules:
|
||||||
|
- host: forgejo.distrust.co
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: forgejo
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- forgejo.distrust.co
|
||||||
|
secretName: website-tls
|
|
@ -0,0 +1,80 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: keycloak-client-config
|
||||||
|
stringData:
|
||||||
|
AUTH_PROVIDER_NAME: ENC[AES256_GCM,data:Io2mXly2E3g=,iv:WWskGOsSUUxDAmVj/nMUHVp8yWvuzTmhszG7EY8UGnI=,tag:RYvROXLs+x6az+GMOHpRbQ==,type:str]
|
||||||
|
AUTH_PROVIDER_KEY: ENC[AES256_GCM,data:xj/J1eb8GQ==,iv:lDnD8wQXH+5ELmPQU7feO3nz9VgDQkCIqlk1qaU3AIM=,tag:IzkSEIH2kmu6seALTkMIZQ==,type:str]
|
||||||
|
AUTH_PROVIDER_SECRET: ENC[AES256_GCM,data:zo1+LnYE2l4HgJPuhi+naCqdgnX3Y6+DJBoEpTydDT8=,iv:LCo341HG1khZxfLVCd0WWDKL5Jdr3IliSBI59FUNvVI=,tag:+5JagjfDs9WxbJOPpUIYDA==,type:str]
|
||||||
|
AUTH_PROVIDER_URL: ENC[AES256_GCM,data:mJ0O17EFLLOACryKpfRA1Gi+/PCBm+u6323H7RVhiMbK0G3WXtWgPF1BWPwSXa5V0C7QmvCswIjHaM1zy1k18Qbpi6ciud2+LSLNb3k=,iv:3Y7tQd2thz1PqBU2hfa4fC6sQfiZlfrxLvMKrA7pyTU=,tag:VL/3bj6pekimKuJRkLbMXg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-05-16T01:39:54Z"
|
||||||
|
mac: ENC[AES256_GCM,data:0GRi7AsCBvb4g77HRGC+Y84GBtoM/wNJ7+omrNWojH5IleTBEUC039IgSlMjBkYOnE5jnAWYVjywD3l4E5v0+fy4g5+q+iaRDm/fKoNupm6aigdumihuh1KcoM+q+qBmfSi28ZJKvXuLfvmBGf4K/BkDvd57j7v2fiIoB5I1kes=,iv:y9h13Mtce0ylsGu0JvHD3Dn0CwM9I0N+hBKUiDp2dE8=,tag:7vxPXIU41zgrnAfcUfsVwg==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-05-16T01:39:37Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA82rPM2mSf/aAQ/+ObNAqozTfRQ3E2WB7wCrn9xgQ4hMPe1XVRQGqgBaDsvk
|
||||||
|
axlOdWH7nbR+7WbJvbBeIWU184OnICfmONpb0XHQMdGUiuyuE7uZFubsQupROui6
|
||||||
|
6CA/4tmRAC26WZMa7CHfbkT8sCiKuGHBR803VQno9Yqh+b76TB0K+jnGatTpbokW
|
||||||
|
9hdz8UcB6eq9Sqa1EPXljj6GxLLE6H5K9gpxXJPHiQYSwUFDdBnaU9ewA2AGoIuu
|
||||||
|
iGX/et36eIHWVuoptFI8t7LDXfkoEFj8MKlPoskkgOAh9e2gX/BhyLQ02xhZMaYj
|
||||||
|
8A5r7anNWoUL1gDhIoB121gVuwD21pei3pK4rLgW8pOw4ZheztiQrWeF8sUmb+WJ
|
||||||
|
4TN/op7owiLJBJokZvLCPgeOkcmhLsp+mhHzWj4AfNcDYcnzBnChpd/6I9Y5s/0a
|
||||||
|
oBsnThSywf2XZG4QX37WYmORWoqkaq6Qjd3IADYsTOY8lcpfl31Z67YOt+C0gwgZ
|
||||||
|
GOYMYdNySzCEXPVhcC50XRj1SWz2hTuOCpjW7vc/vTBhc1AlU+RPI2RnyxuXjxeb
|
||||||
|
zw2wLAZGbwhUcbaKMBJ+LlWH8hlPuvotPXty0JuhkJ3BN+yNEMLlJv9gDhqfam+S
|
||||||
|
jSNl3iWx7k2w01ztqtfq7lwRo2uyu5hctje916yN33poiugjIPP4+mXLHXnL93nS
|
||||||
|
UQHBxSTVnVkJybgAdx7JgK2Liiteq+Yu1QxtAK1C/RQ0RxcbJXT+LgpSP7AIAL0K
|
||||||
|
62J/869NK7y1XX3EV0yPklSKgbN6rybKq/0lyvRoA6WdeA==
|
||||||
|
=DZ0t
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||||
|
- created_at: "2023-05-16T01:39:37Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMAw95Vf08z8oUARAAoiPfLJmhhn6tR76JvB6CMk4WwMVURBN9FPabyujgRUkq
|
||||||
|
opw5IBNu+ou813SK4JHvMrJht1Kk+wMxgoxXr4MJGtBPaepuqO21a5udmeAseGq6
|
||||||
|
QBFeuEWi2D7HMC6i9xr3WrhpaNoGzfFuuYW/zEEpO5p5Z5hYl+37sA/vfkzvDMkX
|
||||||
|
X0+poVVoizjy3EWYF8MzBzaZv+J45BYWAxVnrr0/RI1+IasN5/Mc1F1hzky3n4VP
|
||||||
|
LsgNPiJ722Km0ORytf15l5//n1oVKrtPcmNoCiwb3OIWGy/uKfvPHMvZJwMpO/Rm
|
||||||
|
eFOTLCI8rF91TOT4OJk6NS8xVfRO7b1n8NhJ5uwY4hBREOmjlZ5uPgKN1rTOuVDL
|
||||||
|
5QbH5FlbszO73zyYRBzajyPuC2cD6DbAgb4mnrQ+NpcDR11NLGQY2HcRX+qxJRLS
|
||||||
|
Kkx++/vNDS+dZtQlIFHWX8MPc1k2kIrgphWCY9ztoiZcrM+IMfnatFR0MQGiv4Bg
|
||||||
|
qJaVurV/pkQQe9U1f0UEurnnDWFzt/T16fkr2r+9tlQee0qV+VtlivWYRNBkKb8B
|
||||||
|
jKy4RIBdCYg0fhz7pfjKwEXkHKKPXiKnoOX4kNO0VoIA5N4hHD6xHfpBnFXoil1Z
|
||||||
|
4dnxGHe6OTDqVXiJ9oo3it2reQTWdJZqU/YtND55YAvC+k61xnO4Vucczg6cGRfS
|
||||||
|
UQFLAMkkenHVO7rHYX1io7Ua3t5061h53Lil2BlVVQ2L4N51lVUnkjT26lICqYP4
|
||||||
|
vPZ7/xpTPthlIBPX2cPDvq1pgn1sqIInMSeGdO2P1ixXow==
|
||||||
|
=xXwH
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||||
|
- created_at: "2023-05-16T01:39:37Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA0/D4ws+/KPtAQ/+K4pZscts0jF53I0wX7htbFK3WyE7EOsDs3KKa682Zkgo
|
||||||
|
Vhou8x0iCDMQ3oyp2rM14LTv6feRc/Iy/WMAR9WVHeLlCQwl5puyHmyI+0M2uIM+
|
||||||
|
kTqVrRysGHhbSZaiwcydXwEhxInuXmoxD6zDGaLzkuy9hgwc4Ejyeu/gCF5kPqim
|
||||||
|
v3DgaBBUOl0Tfp0Q73onUfz+cqeRVG27TbE3Izrljho8sTAFOBQHKCuVqh+TnRfl
|
||||||
|
PdPzImv0/HJzFQLnO0p3VTEU36JD9h270ATbTt5pjeYYCtMJAP6tH5Yo3tDU/9XR
|
||||||
|
QDE9hJfJSTJdL6JWuvwKslqgNV6lS3kUSstKO3Y6H/0Jv3iSYzNqlCHoi7c/h6H0
|
||||||
|
fprOfT4ymOmV++BSYlsH5/AqXCMWsB6yFUMvTNGdQjRtYY5NAXwDQUaNIHSX1VMC
|
||||||
|
SXx9qqQOVEfvgDRtzKW8Hexz2EAAG0B5DvQA4C1PrENmYqpcZmDOTvO17LgipWeD
|
||||||
|
MWHLoyIjOcNy7u0XNgagn9pJFM/FYhOpkleq6pUGY3whyA/+UnCoX2YPieuyTatD
|
||||||
|
S8yocJveqIwmGBya7oGQcYRorZGVH02DGMUq0G+aNPnJg43WPsrxGAEm2y8Eg3iI
|
||||||
|
jZCIQPf1bnxRpwS7iFJxh3eRW6ncuSa9DX4GL0u31m7Ophlk/hijfGlzhkNvWWvS
|
||||||
|
UQFmR9wKqXcB47FjY9dwNiydeHmUXJqNVA7ajRXsNe9WXweZ27TVip430it+yurV
|
||||||
|
ulL2yONfKWI6RHiQ/1mS/nZTuQkzIDZzGYu5oe2UhGKkNw==
|
||||||
|
=9V2r
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.7.3
|
|
@ -0,0 +1,27 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: forgejo
|
||||||
|
resources:
|
||||||
|
- namespace.yaml
|
||||||
|
- resources.yaml
|
||||||
|
- ingress.yaml
|
||||||
|
patches:
|
||||||
|
- path: forgejo-env-vars.patch.yaml
|
||||||
|
target:
|
||||||
|
group: apps
|
||||||
|
version: v1
|
||||||
|
kind: StatefulSet
|
||||||
|
name: forgejo
|
||||||
|
generators:
|
||||||
|
- secret-generator.yaml
|
||||||
|
configMapGenerator:
|
||||||
|
- name: forgejo-config
|
||||||
|
literals:
|
||||||
|
- GITEA__DEFAULT__APP_NAME=Forgejo
|
||||||
|
- GITEA__SERVER__DOMAIN=forgejo.distrust.co
|
||||||
|
- GITEA__SERVER__SSH_DOMAIN=forgejo.distrust.co
|
||||||
|
- GITEA__SERVER__ROOT_URL=https://forgejo.distrust.co
|
||||||
|
- GITEA__SERVICE__NO_REPLY_ADDRESS=noreply.distrust.co
|
||||||
|
- name: forgejo-config-template
|
||||||
|
files:
|
||||||
|
- app_template.ini
|
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: forgejo
|
|
@ -0,0 +1,83 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: database-configuration
|
||||||
|
stringData:
|
||||||
|
address: ENC[AES256_GCM,data:FVtSkk5ti72nc5sgQ2yzCDN6hvWqd17YwpSS8EkqnerxX1iebtS7P+nkQqaNiN5BaTp4xirjEdkMMVYGfAchYsY=,iv:BtysOt0wWM1Q+9SMw2FoQtHd2rXCCjNvDC16dXsaHzY=,tag:7EggMyJJ8TVwQE1c4u18XQ==,type:str]
|
||||||
|
dbname: ENC[AES256_GCM,data:9yBojYPVsw==,iv:yvw5Nbgk73rZuInG+PByq26oGLDe0Sszm+LrVC0W/Uk=,tag:Nt2XJXOg4SHB+py86KX6ig==,type:str]
|
||||||
|
host: ENC[AES256_GCM,data:v/kW45090UONtO3fjE8J2IRr0vz2HbLb2k5inBKPDrVqmIrC/XbBPU6S/ar023bdQb2wHn1mcZU52m0=,iv:99+XaSJmavGkJmkIVyUNCuxM3Dsqme5/dvOXmXgIRUM=,tag:VECgfR80Npazn6daJzdRJA==,type:str]
|
||||||
|
jdbc_url: ENC[AES256_GCM,data:584+73EqTWRc6h1q/fci21SSXhHIAKwsq2zMUrCqxyti2DF9BLvYGhlioIqWUsZ991BWtAv1UdHCU5tzx2/rCoYtI7zGF9WSz/fEU0gN4SqGLUbg5swtUcKg96LGHfTKWqtP6Qcx/CGDfj8=,iv:oFm+sYaim5+a3qmJwYxI8cHC7Ydj40RieRUMwQFe2u4=,tag:RlDqjKY0/RIm3Ps6b3kDtw==,type:str]
|
||||||
|
name: ENC[AES256_GCM,data:yruLsayHYA==,iv:yc10JFsc+1Z94chPrVl1BGFLlML9Ls/2Gn89oYess54=,tag:TodFxbFT5FzHY62pZDp0Hw==,type:str]
|
||||||
|
password: ENC[AES256_GCM,data:Lrz0uDbJ9t8sO1Pq3Lrfy1Cf8Xdf4F2d,iv:qkO2ik2cSxttjJigtqXHlsq3VnmuSiFvL4uc7jZtKyw=,tag:9w9ebhaFUWaHV+/KwSm+6Q==,type:str]
|
||||||
|
port: ENC[AES256_GCM,data:2o0wuVg=,iv:AqxRgfSq1AzhjXlpiNPTkYV7NTUi61brSOcErr/VhtU=,tag:T2tnz80QdwansDcFqCjYHA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-05-16T00:07:06Z"
|
||||||
|
mac: ENC[AES256_GCM,data:TJpATzRb1pItqtHpecpfmEt6AwpcP8AJz5cn6Ra/fzEdP8k21lkJkaZHZeIlZzfZ9FK/oynZqydley4pILxvT+I9M2xwTVZOK1HZ+n7wlDxpTodv+jnzLPBMcuDR0SwCK9WbKuUSbUJpEgYszMJ73f7vGc15oCp4qc7ial64SgY=,iv:073Q5MHchlhCXi8/S/nSFf6lQvk3YahQWweNk14cZjc=,tag:cFIjs4d2nVfucU8MsNKawQ==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-05-16T00:07:02Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA82rPM2mSf/aAQ/+JM09ezDH98a+8K//Le1bk7yjADNJGB6jvtnLXNr7YNoi
|
||||||
|
qdTOTuNwbwErRg9iZK63moryzKBy49xMZb4pKDVE58p2UHb7jkTQ3IHblYZHBW/N
|
||||||
|
OPCZY7sDMl8gLqpJeRkWe7JY5Y6oi8bYYBCmVicDoqrqpK1FAO+ERpgdMPmK/gkG
|
||||||
|
fFfbtTBV2dsE4DkNlL2FxB5pbLjTW3TPu8MNQH3bjrGlXF4FbXklx+OwdOyapt+c
|
||||||
|
VQvh0VY071nFoh2wOCXG+uLIWcYClbxwM1/i639hv0I6jefnjqDTdy0CTaCAbPx5
|
||||||
|
Bjes3gdOIm/yharVAAyWboxX6I/LE6HMM3NwjXh0kJzsHdNiJCrliC9Td6RNlj/i
|
||||||
|
r3Q0kfNmZaSEMCJq/ADFu3l2FTu1iJcGeD+pauzRZUMy2+7dqmwX0OJWYvE3jvNc
|
||||||
|
xv5Tp0j6AvXoMlP0bREitot/GrLNa8FwbCSzCsgBGeP6oZn5+e4qZnj/eRM+x/Ie
|
||||||
|
795Lxz6rMXKUS5lRel/pSDQA4tT9mYo359p1kyNlwTURtbCEXHjCniWTCm8zGqW+
|
||||||
|
6HMVW3GpJkJooy1z5w5mBGyk4DYHnO0jds/Yvb1V99J1iY6ihPRhWyXj0X6QQzN6
|
||||||
|
MUTjcuNbdE6nCiQcpX2I4qdSSFlW1WP3OPLdDoGd4sF1jKSmjDeS4+7HvWjF/g3S
|
||||||
|
UQGIJDmwUsxRZzbvaZS/kDOG9iGmfa050cEQUhdZyrlCbFG/0xxhwAmbUv6uojHb
|
||||||
|
0kmIhW33tlBfpwfSAJZW6na2AEhMIfV6HpG0RveKKCKeVA==
|
||||||
|
=EZL3
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||||
|
- created_at: "2023-05-16T00:07:02Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMAw95Vf08z8oUAQ//SxyVJiGf47+Xpp1TiY2wdTugfGHc2VocNQ9CbLeNAmDE
|
||||||
|
jA/qcxOVSeetqpLNQmg6UFlmmUIFdBnDJ0H5ZBBpu0gXHF8XTxXNk5vUoRM29XXk
|
||||||
|
PjKVgVQCGYVhmWDhYh1+my66xDMKbymOYJGuCj10bBwVScHxPXM9w/EbXx1lcDP3
|
||||||
|
4kYfckbO5b/Xf9J4+JB4sBdEpHcuKdrxAn1cWgN1KpGGec/M5Sos9zBk54ZcA9WV
|
||||||
|
1RYYpkUUALtAdg1VcoPg4GkvKBT93K3xklOAdYoQI0fWR8/YtUN3yRG6BP48QKjd
|
||||||
|
QJnntAyWTEQ1zdfxo6x4W8nWxDf9haySflUdt3o57o56S3GTw17NSbUZNsSpkPz4
|
||||||
|
5TRDUYPvyK/yyeKAVAx4n7pKbEkoDv8SP4cymicAfOWOWjNnj2jbhDuTVCd/Xcht
|
||||||
|
xocPNGegCn7Y2MSpcGgS8scDcfGu8pI5ZkeLxVrS4fLWtmp8jntU253hOSPQ0tl0
|
||||||
|
c1fxIYkrUWh+1YwBH9UnZ2aBaWx0exgbmymK7eKEKRTGgE+oZqIWy/q1Z/mS79mC
|
||||||
|
tNCCtzD4pxkhvuHUFjH+SvLwKLF1Azm+budRbEDc5qITjEWlHSrQBpie5p2dKKBc
|
||||||
|
EnJuMn1HtyEzi5vTDhnjq+hI0OIfRAL+K3pA7QwqvH2m/ElWhk2GsosZ06dJMy/S
|
||||||
|
UQHXJcTkLSK0ktV75bEcDfPiORnpzHgJdOJx20MV4Dzfeagn/v/Y4VKOdxn6pM2K
|
||||||
|
EJ4zjMp7cURoRa4otGRL0myXlJqwyNhLC1OLKv+NjfrlxA==
|
||||||
|
=fP0Y
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||||
|
- created_at: "2023-05-16T00:07:02Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA0/D4ws+/KPtARAAnEl/8yu68nzqGMjeUGNcMHqCm5yseivXx4bdXougk8mz
|
||||||
|
xYUkEneL3uYMdlGhs9C/moTc3qQbjX280+RCGjHyLipGYUjS7sboP4Rx0kWJB3gI
|
||||||
|
6feqDW5uCAyaKfhZihNNEfcFglVdF2LHuJBkaw57jIcxqcK905Be3117a1PtMmJn
|
||||||
|
gXRqHvi+cDliZ7Qm89LCTKHVuDZKYVkkN9JfqkOXNyz1j/S8f2vGID+yxQLCkHv/
|
||||||
|
3+xB7umDONCNviZ4cUqQ9ZCGRB7OhT4VwrNjkFFMbrWr7eLAty+CDwpDq/cmjrV2
|
||||||
|
oFuJJgKqD8+BAXMMlEN2dzrmr+ojBmr7via03Awn13Q0CNXSkdm8aeYZn6o8D7Ok
|
||||||
|
KweR2+RczpKxeN//vBEJdeku+3+0sDqCPRJKYDZyClCSDf3IGGPpNwb6IDJZYb2q
|
||||||
|
Im+p2DXGFfMGnAjMH+oGQ+2zuV/JHu5lnBbbmYn9C3WEZBzstLWIdjNFiiOZcs++
|
||||||
|
npfciP1R6jXQGLnUwYdlg7H6ZpNeKCxtky6yWbrYgh8Dma61/T1WTc+561YYBlLg
|
||||||
|
FOBuCwKd5Qw0o/wObPm6CgUC5i7+qW0MuB/aIVypQA5/qE7zLtksCXSxOl2YYrVP
|
||||||
|
klB/hq/vcl+46YE8Uk9f30WuvEvVe8nboosDlSrrD/NAoulr4B5bu6w+Oi5rmfPS
|
||||||
|
UQGb73b5HiOHD6Y5OMF3AUy+qz1Ga0WQem59v0PbBUbueSX7VgpiNjTobyaQxGwU
|
||||||
|
uBNRWaMrfmelYUbNr05XrB2BGGfro+HzmGe8rD1maNl0JA==
|
||||||
|
=HRlU
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.7.3
|
|
@ -0,0 +1,112 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: forgejo
|
||||||
|
labels:
|
||||||
|
app: forgejo
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
port: 80
|
||||||
|
targetPort: 8080
|
||||||
|
selector:
|
||||||
|
app: forgejo
|
||||||
|
type: ClusterIP
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: StatefulSet
|
||||||
|
metadata:
|
||||||
|
name: forgejo
|
||||||
|
labels:
|
||||||
|
app: forgejo
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: forgejo
|
||||||
|
serviceName: forgejo
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: forgejo
|
||||||
|
spec:
|
||||||
|
# To allow ssh and web to coexist
|
||||||
|
shareProcessNamespace: true
|
||||||
|
initContainers:
|
||||||
|
- name: config-templater
|
||||||
|
image: codeberg.org/forgejo/forgejo:1.19.3-0
|
||||||
|
command: ["environment-to-ini"]
|
||||||
|
args:
|
||||||
|
- --config
|
||||||
|
- /input/app_template.ini
|
||||||
|
- --out
|
||||||
|
- /output/app.ini
|
||||||
|
volumeMounts:
|
||||||
|
- name: forgejo-config-template
|
||||||
|
mountPath: /input
|
||||||
|
- name: forgejo-config
|
||||||
|
mountPath: /output
|
||||||
|
- name: forgejo-migrate
|
||||||
|
image: codeberg.org/forgejo/forgejo:1.19.3-0
|
||||||
|
command: ["forgejo"]
|
||||||
|
args:
|
||||||
|
- -c
|
||||||
|
- /etc/forgejo/app.ini
|
||||||
|
- migrate
|
||||||
|
volumeMounts:
|
||||||
|
- name: forgejo-data
|
||||||
|
mountPath: /data
|
||||||
|
- name: forgejo-config
|
||||||
|
mountPath: /etc/forgejo
|
||||||
|
- name: forgejo-oidc
|
||||||
|
image: codeberg.org/forgejo/forgejo:1.19.3-0
|
||||||
|
command: ["sh"]
|
||||||
|
args:
|
||||||
|
- -c
|
||||||
|
- >-
|
||||||
|
forgejo -c /etc/forgejo/app.ini admin auth add-oauth
|
||||||
|
--name $(AUTH_PROVIDER_NAME)
|
||||||
|
--provider openidConnect
|
||||||
|
--key $(AUTH_PROVIDER_KEY)
|
||||||
|
--secret $(AUTH_PROVIDER_SECRET)
|
||||||
|
--auto-discover-url $(AUTH_PROVIDER_URL)
|
||||||
|
|| true
|
||||||
|
volumeMounts:
|
||||||
|
- name: forgejo-data
|
||||||
|
mountPath: /data
|
||||||
|
- name: forgejo-config
|
||||||
|
mountPath: /etc/forgejo
|
||||||
|
containers:
|
||||||
|
- name: forgejo-web
|
||||||
|
image: codeberg.org/forgejo/forgejo:1.19.3-0
|
||||||
|
command: ["forgejo"]
|
||||||
|
args:
|
||||||
|
- -c
|
||||||
|
- /etc/forgejo/app.ini
|
||||||
|
- web
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
name: http
|
||||||
|
volumeMounts:
|
||||||
|
- name: forgejo-data
|
||||||
|
mountPath: /data
|
||||||
|
- name: forgejo-config
|
||||||
|
mountPath: /etc/forgejo
|
||||||
|
volumes:
|
||||||
|
- name: forgejo-config
|
||||||
|
emptyDir: {}
|
||||||
|
- name: forgejo-config-template
|
||||||
|
configMap:
|
||||||
|
name: forgejo-config-template
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
fsGroup: 1000
|
||||||
|
volumeClaimTemplates:
|
||||||
|
- metadata:
|
||||||
|
name: forgejo-data
|
||||||
|
spec:
|
||||||
|
accessModes: ["ReadWriteOnce"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 10Gi
|
|
@ -0,0 +1,33 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
if test -t 1; then
|
||||||
|
# This is not foolproof. Can easily be beat by doing |cat. This is just to
|
||||||
|
# make it less likely that secrets are output to terminal.
|
||||||
|
echo "Error: Not outputting secret to stdout; redirect output to a file or" \
|
||||||
|
"pipe output to \`sops\`." >/dev/stderr
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
FORGEJO_VERSION="1.19.3"
|
||||||
|
FORGEJO_TAG="sha256:e1e2a9930afe7e4e6c53b7d250072e5f890894da71df681510b6b513f38d0c36"
|
||||||
|
FORGEJO_SLUG="${FORGEJO_VERSION}@${FORGEJO_TAG}"
|
||||||
|
|
||||||
|
forgejo() {
|
||||||
|
# TODO: make this extract image tag from kustomization?
|
||||||
|
docker run "codeberg.org/forgejo/forgejo:$FORGEJO_SLUG" forgejo "$@"
|
||||||
|
}
|
||||||
|
|
||||||
|
GITEA__SERVER__LFS_JWT_SECRET="$(forgejo generate secret LFS_JWT_SECRET)"
|
||||||
|
GITEA__SECURITY__SECRET_KEY="$(forgejo generate secret SECRET_KEY)"
|
||||||
|
GITEA__SECURITY__INTERNAL_TOKEN="$(forgejo generate secret INTERNAL_TOKEN)"
|
||||||
|
|
||||||
|
cat <<EOF
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: forgejo-config
|
||||||
|
stringData:
|
||||||
|
GITEA__SERVER__LFS_JWT_SECRET: ${GITEA__SERVER__LFS_JWT_SECRET}
|
||||||
|
GITEA__SECURITY__SECRET_KEY: ${GITEA__SECURITY__SECRET_KEY}
|
||||||
|
GITEA__SECURITY__INTERNAL_TOKEN: ${GITEA__SECURITY__INTERNAL_TOKEN}
|
||||||
|
EOF
|
|
@ -0,0 +1,8 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
name: forgejo
|
||||||
|
files:
|
||||||
|
- ./forgejo-config.enc.yaml
|
||||||
|
- ./keycloak-client-config.enc.yaml
|
||||||
|
- ./postgres-auth.enc.yaml
|
Loading…
Reference in New Issue