k/forgejo: initial WIP commit
This commit is contained in:
parent
2e5a3e0802
commit
baeb4480ca
|
@ -0,0 +1,89 @@
|
|||
RUN_MODE = prod
|
||||
RUN_USER = git
|
||||
|
||||
[repository]
|
||||
ROOT = /data/git/repositories
|
||||
|
||||
[repository.local]
|
||||
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
|
||||
|
||||
[repository.upload]
|
||||
TEMP_PATH = /data/gitea/uploads
|
||||
|
||||
[server]
|
||||
APP_DATA_PATH = /data/gitea
|
||||
HTTP_PORT = 8080
|
||||
DISABLE_SSH = false
|
||||
SSH_PORT = 22
|
||||
SSH_LISTEN_PORT = 22
|
||||
LFS_START_SERVER = true
|
||||
OFFLINE_MODE = false
|
||||
|
||||
[database]
|
||||
DB_TYPE = postgres
|
||||
LOG_SQL = false
|
||||
SCHEMA =
|
||||
SSL_MODE = require
|
||||
CHARSET = utf8
|
||||
|
||||
[indexer]
|
||||
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
|
||||
|
||||
[session]
|
||||
PROVIDER_CONFIG = /data/gitea/sessions
|
||||
PROVIDER = file
|
||||
|
||||
[picture]
|
||||
AVATAR_UPLOAD_PATH = /data/gitea/avatars
|
||||
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
|
||||
|
||||
[attachment]
|
||||
PATH = /data/gitea/attachments
|
||||
|
||||
[log]
|
||||
MODE = console
|
||||
LEVEL = info
|
||||
ROUTER = console
|
||||
ROOT_PATH = /data/gitea/log
|
||||
|
||||
[security]
|
||||
INSTALL_LOCK = true
|
||||
REVERSE_PROXY_LIMIT = 1
|
||||
REVERSE_PROXY_TRUSTED_PROXIES = *
|
||||
PASSWORD_HASH_ALGO = pbkdf2_hi
|
||||
|
||||
[service]
|
||||
DISABLE_REGISTRATION = true
|
||||
REQUIRE_SIGNIN_VIEW = false
|
||||
REGISTER_EMAIL_CONFIRM = false
|
||||
ENABLE_NOTIFY_MAIL = false
|
||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
|
||||
ENABLE_CAPTCHA = false
|
||||
DEFAULT_KEEP_EMAIL_PRIVATE = false
|
||||
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
|
||||
DEFAULT_ENABLE_TIMETRACKING = true
|
||||
|
||||
[lfs]
|
||||
PATH = /data/git/lfs
|
||||
|
||||
[mailer]
|
||||
ENABLED = false
|
||||
|
||||
[openid]
|
||||
ENABLE_OPENID_SIGNIN = false
|
||||
ENABLE_OPENID_SIGNUP = false
|
||||
|
||||
[oauth2]
|
||||
ENABLE = false
|
||||
|
||||
[oauth2_client]
|
||||
ENABLE_AUTO_REGISTRATION = true
|
||||
|
||||
[cron.update_checker]
|
||||
ENABLED = false
|
||||
|
||||
[repository.pull-request]
|
||||
DEFAULT_MERGE_STYLE = merge
|
||||
|
||||
[repository.signing]
|
||||
DEFAULT_TRUST_MODEL = committer
|
|
@ -0,0 +1,79 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: forgejo-config
|
||||
stringData:
|
||||
GITEA__SERVER__LFS_JWT_SECRET: ENC[AES256_GCM,data:PMPjQesE7LMTm9345yiT0te/jD3c4ea/YB2RpAmUBXzWEkOf1xDmTF924g==,iv:4U01ffSZMbd7nbIdJ3galwn9GLfjz1YRzY8O3CiulAs=,tag:gOMuErB4aL32tkf5WVoPFw==,type:str]
|
||||
GITEA__SECURITY__SECRET_KEY: ENC[AES256_GCM,data:9YAR3AfcAnhsrTfKmtGEY/L/RP4lIN+zG3gG9a58qrO7KVp/Awr8Ag8dDat3rZQhjfqZEAweok/PCZk6j8rtbA==,iv:7aVM2ElvBFy8ZWv/wC9Ne4SQ4Jd4VfaTbuSbdqgjirQ=,tag:2nv+oVdVhfnxi82R0vpNXA==,type:str]
|
||||
GITEA__SECURITY__INTERNAL_TOKEN: ENC[AES256_GCM,data:Zo/HXJSy4CMDOD0f9Y9qhnlHWE7LhAH+gJBG6jAxXelqmVnfqBq7EnspNpf8IJmbRpbZs0O0JmRYcaczZUZDs6V+brxnN9dis35CCH9mqqrKUgda4OI0M4EQiCvJEbY3V4kyMRtea+6c,iv:+o5qWVQqZBr5+FyWJ4SQ560eXQ1BygKChZjU9GKoXw4=,tag:oGiSX2hzhBfzOMiZRrjOlg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2023-05-16T01:04:13Z"
|
||||
mac: ENC[AES256_GCM,data:Z4I7wqmTH8sq8BbNUT/yfW8IIChL8eeCFh+aNwDdeVBfhTJke8QatVUsPsq366lDqYcrkNft89hUuYZ0ny69ksqQANQl4547gJrJ9kg25qN7i9M4qON/drlg7iJV+B/MLXouHdY23XQM7s7JZF9o4XOqy4o6X4d/mWf/oLVlZGU=,iv:3IYg7h1DZhM5eBJFhldAauiT9gdERBAlRIGZdMtykwM=,tag:2Xabp+Tn79WasynoMnSfYQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-05-16T01:04:10Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA82rPM2mSf/aAQ//Wyw0+UV0AMqRCM+X27tKwSEt2RGaQb3ELbJW4Op9xraJ
|
||||
lJAdOKqLhTkpR3DLumSjlVU3pukiBoq003FqwizVIbjD1Yp8z42HNL/KqlmGn8eK
|
||||
WB+vz96L34SJP48uK7qSsJ9lxYlSlWZCRPoTKdoxZR3AYClpVWsr9B6WkGkbC8mn
|
||||
/oTu/MVA5tq/POdxDy+K3ZtVLudnwvpOD1VwH97+kJqwJNjMNE33uPr9O+z8JfZ6
|
||||
NIgdljVE67FJM7Dk3wcyRKEJHhFajhTLI4acZGWGASjIXP4j/w2mCX7gv3J8Gerb
|
||||
3shY5oN+cDjO7bQBvvbER4Xkl2oLn/6h7Vu7pQki2ggjIJg5f4wlLz7y9CDLsS4Y
|
||||
BHpBYRljHqzblTG6IeiQE6Oz2GMBibJBEv/MmGriZ+ON9bu6Vmn9QBwzUGOKEc7F
|
||||
F+WF+On2ntGcpMUW14L8KLeK3kHZxJuioOCNOB77Xwg6c04p0nh+VmWtLWrMeEIr
|
||||
1M9p29K1HXQto0NhgNQAMGr1jIlEDKxD7XOaK3w80qZivyYmgGDIM8g4bpDYbaCV
|
||||
gjaHyfLUTwdReiarSK/xjq4/udjAJN+VBWB1dggTqc+a/rhiUOXsdXy2X/+N627g
|
||||
1NEDNkOpmJLz8HMhBZPLTOJJHp9/mwcL5X5viBz824deh4ZQX8CqzrtSZhoPRUnS
|
||||
UQFSD7+NCg1koARk98aoX7pW4OwBjA9pxuLxAmx0nFagj1wMu/MNZLlbdj4H47fF
|
||||
6v3EjZqvJJwjE9GPugjFE4Xxc7Y38j92yY7RFd2qOP08EQ==
|
||||
=I1Lu
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||
- created_at: "2023-05-16T01:04:10Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMAw95Vf08z8oUARAA2CMPzEZxtU/wsobnddpJmZHUzjynaStWN1bnP3uC6RgC
|
||||
/IvzxW7g9sUqGgjVLVqWfvsbUZNFQyJ0LLkXUwAC9rjP+Hj/WJ8C48tf0sKmrI1e
|
||||
k+ebafZFlpTNk3Il/hzUagUhuA/1mPDq3jxhxy3GYmwxn78pt8m9egpdZFsoZZnG
|
||||
bEQiyAeF4QOQsgwXjBCmuzY4Gz5q8gYIgZbvE7YvknsQHVUx0gRieQFgwWuE3jXY
|
||||
nxCf97tmb6pPT4KBbmDXW3y/38SX5Hq9OyJxPN/rF2PlGdXbCcrrzmPqRits3Q/4
|
||||
G1LixHIU2G8R894etl+eewj3KH2uzLMF7iu3dRa83qELdmv6rNW8PaGCceRk77I/
|
||||
HCHqIKhMpAuX4DMCcq2W0b975tDZFdY3V+tPhNuqDbuVsUuKN9BdsXrb/mvOLntS
|
||||
MOSo7ymyDNE0WEmjgz79CftPpX69qkV0LK9oSb7iK2Ro0qaTJI5+so0l8s+XaY8W
|
||||
EjMNMEr92UVQeUUDHTpvkbCfnNZcw0P0Plsg6gbp3FYRlwyVGJ2wLwATbxQaLhW3
|
||||
2zUjohJ0bhHZzL1Nfxs7tRwAv7I0wGUjAdB0r+m2tt0fq4xMcWNsGNA2nYIVw7tk
|
||||
nhJXgoiqTzY542FcbdkT5E1SRgqtliK+WllBQpxiG7hdMd+kE8yVIIBtMDyP3jXS
|
||||
UQEBMk1W1uM8paV6mN/vUo+GywmsIY6YVz1sClGvqWUib3D7TjIC19CpJpsA3mEu
|
||||
71PTUmlyu5Fv110khriLDT7n4wvlCGxcAUedPhfaJ29j7A==
|
||||
=L9c6
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||
- created_at: "2023-05-16T01:04:10Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA0/D4ws+/KPtAQ/8D5FK8KboAoDIR25r+ZGDzvU0B/kKFtdrULfjZ82DWv+2
|
||||
TicQcfzjqoxxJdGppe3MUNliX7E5C03Y0cTYaI8HxAuUpsuj3T5XuQuK+7v6hVP3
|
||||
0MmSOii8OiZMJxHL7RUJfJ7z/VvLxcUw88Vdogu/9DYEtENyFi3eYMik4J6YIpVh
|
||||
23Kn9/jT2qTs0d4wA56wKCRMG71eZj6U38Tfc5XCzJhi929j7qhHbSMNPFVxZWIh
|
||||
6atXx412N+VOx8aaYAAp3TXHNf+8vpSvtNByl5cRRFUuqccO8Erie8rJ4y4rHZna
|
||||
FG0Yj3NDecLo+VC4r7v5v9OIlRECCnS9DfVHCJIpA1lTprXyvrQTH9Z2Ko0pJik6
|
||||
zUCF5wqxd80oVm2P2iOmLLoF9oxo16nua/eLarMPKElhfj/g8Rw16b1/NO1I4qjK
|
||||
/Nh8uE7BXtrMV/BlYRHv8KoHwAyNpQLD8B3tCnBNZAtdhmdCPNl2XU6NifKmsMzj
|
||||
hCGvqUiTycb69T3Nek5aCcHQKyVwOhizHpjCpLAEgBlyFsvYtIQdu9PGoFSCnSMw
|
||||
RM9bCh1l2zzsdi3aH1UaVE9fGIFOUbOvxAH6MKOTYw01xW4tF/+2qSZ3qU4XVU6T
|
||||
zi1SoSzxuCea7Ik/7QUp4LBOq0eXBMKHQSUw2YgVJte1wm5xw12k+RxiikPWfY/S
|
||||
UQEYNVZNXLfICgm8f143jUI3/Uu6I3Xs7SxJSbJMRLh9bl7QuRFpDCI+ymdUBjUN
|
||||
gTRhUQVQEVCFUu+OOYeuBIe/T6BTmrcyvHH3PiJIIoRntA==
|
||||
=vMUS
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
|
@ -0,0 +1,39 @@
|
|||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: forgejo
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: config-templater
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: forgejo-config
|
||||
- secretRef:
|
||||
name: forgejo-config
|
||||
env:
|
||||
- name: GITEA__DATABASE__HOST
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: database-configuration
|
||||
key: address
|
||||
- name: GITEA__DATABASE__NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: database-configuration
|
||||
key: dbname
|
||||
- name: GITEA__DATABASE__USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: database-configuration
|
||||
key: name
|
||||
- name: GITEA__DATABASE__PASSWD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: database-configuration
|
||||
key: password
|
||||
- name: forgejo-oidc
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: keycloak-client-config
|
|
@ -0,0 +1,24 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: forgejo
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
external-dns.alpha.kubernetes.io/hostname: forgejo.distrust.co
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
rules:
|
||||
- host: forgejo.distrust.co
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: forgejo
|
||||
port:
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- forgejo.distrust.co
|
||||
secretName: website-tls
|
|
@ -0,0 +1,80 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: keycloak-client-config
|
||||
stringData:
|
||||
AUTH_PROVIDER_NAME: ENC[AES256_GCM,data:Io2mXly2E3g=,iv:WWskGOsSUUxDAmVj/nMUHVp8yWvuzTmhszG7EY8UGnI=,tag:RYvROXLs+x6az+GMOHpRbQ==,type:str]
|
||||
AUTH_PROVIDER_KEY: ENC[AES256_GCM,data:xj/J1eb8GQ==,iv:lDnD8wQXH+5ELmPQU7feO3nz9VgDQkCIqlk1qaU3AIM=,tag:IzkSEIH2kmu6seALTkMIZQ==,type:str]
|
||||
AUTH_PROVIDER_SECRET: ENC[AES256_GCM,data:zo1+LnYE2l4HgJPuhi+naCqdgnX3Y6+DJBoEpTydDT8=,iv:LCo341HG1khZxfLVCd0WWDKL5Jdr3IliSBI59FUNvVI=,tag:+5JagjfDs9WxbJOPpUIYDA==,type:str]
|
||||
AUTH_PROVIDER_URL: ENC[AES256_GCM,data:mJ0O17EFLLOACryKpfRA1Gi+/PCBm+u6323H7RVhiMbK0G3WXtWgPF1BWPwSXa5V0C7QmvCswIjHaM1zy1k18Qbpi6ciud2+LSLNb3k=,iv:3Y7tQd2thz1PqBU2hfa4fC6sQfiZlfrxLvMKrA7pyTU=,tag:VL/3bj6pekimKuJRkLbMXg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2023-05-16T01:39:54Z"
|
||||
mac: ENC[AES256_GCM,data:0GRi7AsCBvb4g77HRGC+Y84GBtoM/wNJ7+omrNWojH5IleTBEUC039IgSlMjBkYOnE5jnAWYVjywD3l4E5v0+fy4g5+q+iaRDm/fKoNupm6aigdumihuh1KcoM+q+qBmfSi28ZJKvXuLfvmBGf4K/BkDvd57j7v2fiIoB5I1kes=,iv:y9h13Mtce0ylsGu0JvHD3Dn0CwM9I0N+hBKUiDp2dE8=,tag:7vxPXIU41zgrnAfcUfsVwg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-05-16T01:39:37Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA82rPM2mSf/aAQ/+ObNAqozTfRQ3E2WB7wCrn9xgQ4hMPe1XVRQGqgBaDsvk
|
||||
axlOdWH7nbR+7WbJvbBeIWU184OnICfmONpb0XHQMdGUiuyuE7uZFubsQupROui6
|
||||
6CA/4tmRAC26WZMa7CHfbkT8sCiKuGHBR803VQno9Yqh+b76TB0K+jnGatTpbokW
|
||||
9hdz8UcB6eq9Sqa1EPXljj6GxLLE6H5K9gpxXJPHiQYSwUFDdBnaU9ewA2AGoIuu
|
||||
iGX/et36eIHWVuoptFI8t7LDXfkoEFj8MKlPoskkgOAh9e2gX/BhyLQ02xhZMaYj
|
||||
8A5r7anNWoUL1gDhIoB121gVuwD21pei3pK4rLgW8pOw4ZheztiQrWeF8sUmb+WJ
|
||||
4TN/op7owiLJBJokZvLCPgeOkcmhLsp+mhHzWj4AfNcDYcnzBnChpd/6I9Y5s/0a
|
||||
oBsnThSywf2XZG4QX37WYmORWoqkaq6Qjd3IADYsTOY8lcpfl31Z67YOt+C0gwgZ
|
||||
GOYMYdNySzCEXPVhcC50XRj1SWz2hTuOCpjW7vc/vTBhc1AlU+RPI2RnyxuXjxeb
|
||||
zw2wLAZGbwhUcbaKMBJ+LlWH8hlPuvotPXty0JuhkJ3BN+yNEMLlJv9gDhqfam+S
|
||||
jSNl3iWx7k2w01ztqtfq7lwRo2uyu5hctje916yN33poiugjIPP4+mXLHXnL93nS
|
||||
UQHBxSTVnVkJybgAdx7JgK2Liiteq+Yu1QxtAK1C/RQ0RxcbJXT+LgpSP7AIAL0K
|
||||
62J/869NK7y1XX3EV0yPklSKgbN6rybKq/0lyvRoA6WdeA==
|
||||
=DZ0t
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||
- created_at: "2023-05-16T01:39:37Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMAw95Vf08z8oUARAAoiPfLJmhhn6tR76JvB6CMk4WwMVURBN9FPabyujgRUkq
|
||||
opw5IBNu+ou813SK4JHvMrJht1Kk+wMxgoxXr4MJGtBPaepuqO21a5udmeAseGq6
|
||||
QBFeuEWi2D7HMC6i9xr3WrhpaNoGzfFuuYW/zEEpO5p5Z5hYl+37sA/vfkzvDMkX
|
||||
X0+poVVoizjy3EWYF8MzBzaZv+J45BYWAxVnrr0/RI1+IasN5/Mc1F1hzky3n4VP
|
||||
LsgNPiJ722Km0ORytf15l5//n1oVKrtPcmNoCiwb3OIWGy/uKfvPHMvZJwMpO/Rm
|
||||
eFOTLCI8rF91TOT4OJk6NS8xVfRO7b1n8NhJ5uwY4hBREOmjlZ5uPgKN1rTOuVDL
|
||||
5QbH5FlbszO73zyYRBzajyPuC2cD6DbAgb4mnrQ+NpcDR11NLGQY2HcRX+qxJRLS
|
||||
Kkx++/vNDS+dZtQlIFHWX8MPc1k2kIrgphWCY9ztoiZcrM+IMfnatFR0MQGiv4Bg
|
||||
qJaVurV/pkQQe9U1f0UEurnnDWFzt/T16fkr2r+9tlQee0qV+VtlivWYRNBkKb8B
|
||||
jKy4RIBdCYg0fhz7pfjKwEXkHKKPXiKnoOX4kNO0VoIA5N4hHD6xHfpBnFXoil1Z
|
||||
4dnxGHe6OTDqVXiJ9oo3it2reQTWdJZqU/YtND55YAvC+k61xnO4Vucczg6cGRfS
|
||||
UQFLAMkkenHVO7rHYX1io7Ua3t5061h53Lil2BlVVQ2L4N51lVUnkjT26lICqYP4
|
||||
vPZ7/xpTPthlIBPX2cPDvq1pgn1sqIInMSeGdO2P1ixXow==
|
||||
=xXwH
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||
- created_at: "2023-05-16T01:39:37Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA0/D4ws+/KPtAQ/+K4pZscts0jF53I0wX7htbFK3WyE7EOsDs3KKa682Zkgo
|
||||
Vhou8x0iCDMQ3oyp2rM14LTv6feRc/Iy/WMAR9WVHeLlCQwl5puyHmyI+0M2uIM+
|
||||
kTqVrRysGHhbSZaiwcydXwEhxInuXmoxD6zDGaLzkuy9hgwc4Ejyeu/gCF5kPqim
|
||||
v3DgaBBUOl0Tfp0Q73onUfz+cqeRVG27TbE3Izrljho8sTAFOBQHKCuVqh+TnRfl
|
||||
PdPzImv0/HJzFQLnO0p3VTEU36JD9h270ATbTt5pjeYYCtMJAP6tH5Yo3tDU/9XR
|
||||
QDE9hJfJSTJdL6JWuvwKslqgNV6lS3kUSstKO3Y6H/0Jv3iSYzNqlCHoi7c/h6H0
|
||||
fprOfT4ymOmV++BSYlsH5/AqXCMWsB6yFUMvTNGdQjRtYY5NAXwDQUaNIHSX1VMC
|
||||
SXx9qqQOVEfvgDRtzKW8Hexz2EAAG0B5DvQA4C1PrENmYqpcZmDOTvO17LgipWeD
|
||||
MWHLoyIjOcNy7u0XNgagn9pJFM/FYhOpkleq6pUGY3whyA/+UnCoX2YPieuyTatD
|
||||
S8yocJveqIwmGBya7oGQcYRorZGVH02DGMUq0G+aNPnJg43WPsrxGAEm2y8Eg3iI
|
||||
jZCIQPf1bnxRpwS7iFJxh3eRW6ncuSa9DX4GL0u31m7Ophlk/hijfGlzhkNvWWvS
|
||||
UQFmR9wKqXcB47FjY9dwNiydeHmUXJqNVA7ajRXsNe9WXweZ27TVip430it+yurV
|
||||
ulL2yONfKWI6RHiQ/1mS/nZTuQkzIDZzGYu5oe2UhGKkNw==
|
||||
=9V2r
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
|
@ -0,0 +1,27 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: forgejo
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- resources.yaml
|
||||
- ingress.yaml
|
||||
patches:
|
||||
- path: forgejo-env-vars.patch.yaml
|
||||
target:
|
||||
group: apps
|
||||
version: v1
|
||||
kind: StatefulSet
|
||||
name: forgejo
|
||||
generators:
|
||||
- secret-generator.yaml
|
||||
configMapGenerator:
|
||||
- name: forgejo-config
|
||||
literals:
|
||||
- GITEA__DEFAULT__APP_NAME=Forgejo
|
||||
- GITEA__SERVER__DOMAIN=forgejo.distrust.co
|
||||
- GITEA__SERVER__SSH_DOMAIN=forgejo.distrust.co
|
||||
- GITEA__SERVER__ROOT_URL=https://forgejo.distrust.co
|
||||
- GITEA__SERVICE__NO_REPLY_ADDRESS=noreply.distrust.co
|
||||
- name: forgejo-config-template
|
||||
files:
|
||||
- app_template.ini
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: forgejo
|
|
@ -0,0 +1,83 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: database-configuration
|
||||
stringData:
|
||||
address: ENC[AES256_GCM,data:FVtSkk5ti72nc5sgQ2yzCDN6hvWqd17YwpSS8EkqnerxX1iebtS7P+nkQqaNiN5BaTp4xirjEdkMMVYGfAchYsY=,iv:BtysOt0wWM1Q+9SMw2FoQtHd2rXCCjNvDC16dXsaHzY=,tag:7EggMyJJ8TVwQE1c4u18XQ==,type:str]
|
||||
dbname: ENC[AES256_GCM,data:9yBojYPVsw==,iv:yvw5Nbgk73rZuInG+PByq26oGLDe0Sszm+LrVC0W/Uk=,tag:Nt2XJXOg4SHB+py86KX6ig==,type:str]
|
||||
host: ENC[AES256_GCM,data:v/kW45090UONtO3fjE8J2IRr0vz2HbLb2k5inBKPDrVqmIrC/XbBPU6S/ar023bdQb2wHn1mcZU52m0=,iv:99+XaSJmavGkJmkIVyUNCuxM3Dsqme5/dvOXmXgIRUM=,tag:VECgfR80Npazn6daJzdRJA==,type:str]
|
||||
jdbc_url: ENC[AES256_GCM,data:584+73EqTWRc6h1q/fci21SSXhHIAKwsq2zMUrCqxyti2DF9BLvYGhlioIqWUsZ991BWtAv1UdHCU5tzx2/rCoYtI7zGF9WSz/fEU0gN4SqGLUbg5swtUcKg96LGHfTKWqtP6Qcx/CGDfj8=,iv:oFm+sYaim5+a3qmJwYxI8cHC7Ydj40RieRUMwQFe2u4=,tag:RlDqjKY0/RIm3Ps6b3kDtw==,type:str]
|
||||
name: ENC[AES256_GCM,data:yruLsayHYA==,iv:yc10JFsc+1Z94chPrVl1BGFLlML9Ls/2Gn89oYess54=,tag:TodFxbFT5FzHY62pZDp0Hw==,type:str]
|
||||
password: ENC[AES256_GCM,data:Lrz0uDbJ9t8sO1Pq3Lrfy1Cf8Xdf4F2d,iv:qkO2ik2cSxttjJigtqXHlsq3VnmuSiFvL4uc7jZtKyw=,tag:9w9ebhaFUWaHV+/KwSm+6Q==,type:str]
|
||||
port: ENC[AES256_GCM,data:2o0wuVg=,iv:AqxRgfSq1AzhjXlpiNPTkYV7NTUi61brSOcErr/VhtU=,tag:T2tnz80QdwansDcFqCjYHA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2023-05-16T00:07:06Z"
|
||||
mac: ENC[AES256_GCM,data:TJpATzRb1pItqtHpecpfmEt6AwpcP8AJz5cn6Ra/fzEdP8k21lkJkaZHZeIlZzfZ9FK/oynZqydley4pILxvT+I9M2xwTVZOK1HZ+n7wlDxpTodv+jnzLPBMcuDR0SwCK9WbKuUSbUJpEgYszMJ73f7vGc15oCp4qc7ial64SgY=,iv:073Q5MHchlhCXi8/S/nSFf6lQvk3YahQWweNk14cZjc=,tag:cFIjs4d2nVfucU8MsNKawQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-05-16T00:07:02Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA82rPM2mSf/aAQ/+JM09ezDH98a+8K//Le1bk7yjADNJGB6jvtnLXNr7YNoi
|
||||
qdTOTuNwbwErRg9iZK63moryzKBy49xMZb4pKDVE58p2UHb7jkTQ3IHblYZHBW/N
|
||||
OPCZY7sDMl8gLqpJeRkWe7JY5Y6oi8bYYBCmVicDoqrqpK1FAO+ERpgdMPmK/gkG
|
||||
fFfbtTBV2dsE4DkNlL2FxB5pbLjTW3TPu8MNQH3bjrGlXF4FbXklx+OwdOyapt+c
|
||||
VQvh0VY071nFoh2wOCXG+uLIWcYClbxwM1/i639hv0I6jefnjqDTdy0CTaCAbPx5
|
||||
Bjes3gdOIm/yharVAAyWboxX6I/LE6HMM3NwjXh0kJzsHdNiJCrliC9Td6RNlj/i
|
||||
r3Q0kfNmZaSEMCJq/ADFu3l2FTu1iJcGeD+pauzRZUMy2+7dqmwX0OJWYvE3jvNc
|
||||
xv5Tp0j6AvXoMlP0bREitot/GrLNa8FwbCSzCsgBGeP6oZn5+e4qZnj/eRM+x/Ie
|
||||
795Lxz6rMXKUS5lRel/pSDQA4tT9mYo359p1kyNlwTURtbCEXHjCniWTCm8zGqW+
|
||||
6HMVW3GpJkJooy1z5w5mBGyk4DYHnO0jds/Yvb1V99J1iY6ihPRhWyXj0X6QQzN6
|
||||
MUTjcuNbdE6nCiQcpX2I4qdSSFlW1WP3OPLdDoGd4sF1jKSmjDeS4+7HvWjF/g3S
|
||||
UQGIJDmwUsxRZzbvaZS/kDOG9iGmfa050cEQUhdZyrlCbFG/0xxhwAmbUv6uojHb
|
||||
0kmIhW33tlBfpwfSAJZW6na2AEhMIfV6HpG0RveKKCKeVA==
|
||||
=EZL3
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||
- created_at: "2023-05-16T00:07:02Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMAw95Vf08z8oUAQ//SxyVJiGf47+Xpp1TiY2wdTugfGHc2VocNQ9CbLeNAmDE
|
||||
jA/qcxOVSeetqpLNQmg6UFlmmUIFdBnDJ0H5ZBBpu0gXHF8XTxXNk5vUoRM29XXk
|
||||
PjKVgVQCGYVhmWDhYh1+my66xDMKbymOYJGuCj10bBwVScHxPXM9w/EbXx1lcDP3
|
||||
4kYfckbO5b/Xf9J4+JB4sBdEpHcuKdrxAn1cWgN1KpGGec/M5Sos9zBk54ZcA9WV
|
||||
1RYYpkUUALtAdg1VcoPg4GkvKBT93K3xklOAdYoQI0fWR8/YtUN3yRG6BP48QKjd
|
||||
QJnntAyWTEQ1zdfxo6x4W8nWxDf9haySflUdt3o57o56S3GTw17NSbUZNsSpkPz4
|
||||
5TRDUYPvyK/yyeKAVAx4n7pKbEkoDv8SP4cymicAfOWOWjNnj2jbhDuTVCd/Xcht
|
||||
xocPNGegCn7Y2MSpcGgS8scDcfGu8pI5ZkeLxVrS4fLWtmp8jntU253hOSPQ0tl0
|
||||
c1fxIYkrUWh+1YwBH9UnZ2aBaWx0exgbmymK7eKEKRTGgE+oZqIWy/q1Z/mS79mC
|
||||
tNCCtzD4pxkhvuHUFjH+SvLwKLF1Azm+budRbEDc5qITjEWlHSrQBpie5p2dKKBc
|
||||
EnJuMn1HtyEzi5vTDhnjq+hI0OIfRAL+K3pA7QwqvH2m/ElWhk2GsosZ06dJMy/S
|
||||
UQHXJcTkLSK0ktV75bEcDfPiORnpzHgJdOJx20MV4Dzfeagn/v/Y4VKOdxn6pM2K
|
||||
EJ4zjMp7cURoRa4otGRL0myXlJqwyNhLC1OLKv+NjfrlxA==
|
||||
=fP0Y
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||
- created_at: "2023-05-16T00:07:02Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA0/D4ws+/KPtARAAnEl/8yu68nzqGMjeUGNcMHqCm5yseivXx4bdXougk8mz
|
||||
xYUkEneL3uYMdlGhs9C/moTc3qQbjX280+RCGjHyLipGYUjS7sboP4Rx0kWJB3gI
|
||||
6feqDW5uCAyaKfhZihNNEfcFglVdF2LHuJBkaw57jIcxqcK905Be3117a1PtMmJn
|
||||
gXRqHvi+cDliZ7Qm89LCTKHVuDZKYVkkN9JfqkOXNyz1j/S8f2vGID+yxQLCkHv/
|
||||
3+xB7umDONCNviZ4cUqQ9ZCGRB7OhT4VwrNjkFFMbrWr7eLAty+CDwpDq/cmjrV2
|
||||
oFuJJgKqD8+BAXMMlEN2dzrmr+ojBmr7via03Awn13Q0CNXSkdm8aeYZn6o8D7Ok
|
||||
KweR2+RczpKxeN//vBEJdeku+3+0sDqCPRJKYDZyClCSDf3IGGPpNwb6IDJZYb2q
|
||||
Im+p2DXGFfMGnAjMH+oGQ+2zuV/JHu5lnBbbmYn9C3WEZBzstLWIdjNFiiOZcs++
|
||||
npfciP1R6jXQGLnUwYdlg7H6ZpNeKCxtky6yWbrYgh8Dma61/T1WTc+561YYBlLg
|
||||
FOBuCwKd5Qw0o/wObPm6CgUC5i7+qW0MuB/aIVypQA5/qE7zLtksCXSxOl2YYrVP
|
||||
klB/hq/vcl+46YE8Uk9f30WuvEvVe8nboosDlSrrD/NAoulr4B5bu6w+Oi5rmfPS
|
||||
UQGb73b5HiOHD6Y5OMF3AUy+qz1Ga0WQem59v0PbBUbueSX7VgpiNjTobyaQxGwU
|
||||
uBNRWaMrfmelYUbNr05XrB2BGGfro+HzmGe8rD1maNl0JA==
|
||||
=HRlU
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
|
@ -0,0 +1,112 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: forgejo
|
||||
labels:
|
||||
app: forgejo
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
targetPort: 8080
|
||||
selector:
|
||||
app: forgejo
|
||||
type: ClusterIP
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: forgejo
|
||||
labels:
|
||||
app: forgejo
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: forgejo
|
||||
serviceName: forgejo
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: forgejo
|
||||
spec:
|
||||
# To allow ssh and web to coexist
|
||||
shareProcessNamespace: true
|
||||
initContainers:
|
||||
- name: config-templater
|
||||
image: codeberg.org/forgejo/forgejo:1.19.3-0
|
||||
command: ["environment-to-ini"]
|
||||
args:
|
||||
- --config
|
||||
- /input/app_template.ini
|
||||
- --out
|
||||
- /output/app.ini
|
||||
volumeMounts:
|
||||
- name: forgejo-config-template
|
||||
mountPath: /input
|
||||
- name: forgejo-config
|
||||
mountPath: /output
|
||||
- name: forgejo-migrate
|
||||
image: codeberg.org/forgejo/forgejo:1.19.3-0
|
||||
command: ["forgejo"]
|
||||
args:
|
||||
- -c
|
||||
- /etc/forgejo/app.ini
|
||||
- migrate
|
||||
volumeMounts:
|
||||
- name: forgejo-data
|
||||
mountPath: /data
|
||||
- name: forgejo-config
|
||||
mountPath: /etc/forgejo
|
||||
- name: forgejo-oidc
|
||||
image: codeberg.org/forgejo/forgejo:1.19.3-0
|
||||
command: ["sh"]
|
||||
args:
|
||||
- -c
|
||||
- >-
|
||||
forgejo -c /etc/forgejo/app.ini admin auth add-oauth
|
||||
--name $(AUTH_PROVIDER_NAME)
|
||||
--provider openidConnect
|
||||
--key $(AUTH_PROVIDER_KEY)
|
||||
--secret $(AUTH_PROVIDER_SECRET)
|
||||
--auto-discover-url $(AUTH_PROVIDER_URL)
|
||||
|| true
|
||||
volumeMounts:
|
||||
- name: forgejo-data
|
||||
mountPath: /data
|
||||
- name: forgejo-config
|
||||
mountPath: /etc/forgejo
|
||||
containers:
|
||||
- name: forgejo-web
|
||||
image: codeberg.org/forgejo/forgejo:1.19.3-0
|
||||
command: ["forgejo"]
|
||||
args:
|
||||
- -c
|
||||
- /etc/forgejo/app.ini
|
||||
- web
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: http
|
||||
volumeMounts:
|
||||
- name: forgejo-data
|
||||
mountPath: /data
|
||||
- name: forgejo-config
|
||||
mountPath: /etc/forgejo
|
||||
volumes:
|
||||
- name: forgejo-config
|
||||
emptyDir: {}
|
||||
- name: forgejo-config-template
|
||||
configMap:
|
||||
name: forgejo-config-template
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: forgejo-data
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
|
@ -0,0 +1,33 @@
|
|||
#!/bin/sh
|
||||
|
||||
if test -t 1; then
|
||||
# This is not foolproof. Can easily be beat by doing |cat. This is just to
|
||||
# make it less likely that secrets are output to terminal.
|
||||
echo "Error: Not outputting secret to stdout; redirect output to a file or" \
|
||||
"pipe output to \`sops\`." >/dev/stderr
|
||||
exit 1
|
||||
fi
|
||||
|
||||
FORGEJO_VERSION="1.19.3"
|
||||
FORGEJO_TAG="sha256:e1e2a9930afe7e4e6c53b7d250072e5f890894da71df681510b6b513f38d0c36"
|
||||
FORGEJO_SLUG="${FORGEJO_VERSION}@${FORGEJO_TAG}"
|
||||
|
||||
forgejo() {
|
||||
# TODO: make this extract image tag from kustomization?
|
||||
docker run "codeberg.org/forgejo/forgejo:$FORGEJO_SLUG" forgejo "$@"
|
||||
}
|
||||
|
||||
GITEA__SERVER__LFS_JWT_SECRET="$(forgejo generate secret LFS_JWT_SECRET)"
|
||||
GITEA__SECURITY__SECRET_KEY="$(forgejo generate secret SECRET_KEY)"
|
||||
GITEA__SECURITY__INTERNAL_TOKEN="$(forgejo generate secret INTERNAL_TOKEN)"
|
||||
|
||||
cat <<EOF
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: forgejo-config
|
||||
stringData:
|
||||
GITEA__SERVER__LFS_JWT_SECRET: ${GITEA__SERVER__LFS_JWT_SECRET}
|
||||
GITEA__SECURITY__SECRET_KEY: ${GITEA__SECURITY__SECRET_KEY}
|
||||
GITEA__SECURITY__INTERNAL_TOKEN: ${GITEA__SECURITY__INTERNAL_TOKEN}
|
||||
EOF
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: forgejo
|
||||
files:
|
||||
- ./forgejo-config.enc.yaml
|
||||
- ./keycloak-client-config.enc.yaml
|
||||
- ./postgres-auth.enc.yaml
|
Loading…
Reference in New Issue