apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: forgejo
spec:
  template:
    spec:
      initContainers:
      - name: forgejo-ssh-key-prep
        image: codeberg.org/forgejo/forgejo:1.19.3-0
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
        command: ["sh"]
        args:
        - -c
        - |-
            cd /in
            for file in *; do
              cp $file /out
              echo >> "/out/$file"
              chmod go-rw "/out/$file"
            done
        volumeMounts:
        - name: forgejo-ssh-keys-secret
          mountPath: /in
        - name: forgejo-ssh-keys
          mountPath: /out
      containers:
      - name: forgejo-ssh
        args:
        - -D
        - -e
        - -p
        - "2222"
        - -o
        - PidFile=/tmp/sshd.pid
        - -h
        - /etc/ssh/keys/ssh_host_ecdsa_key
        - -h
        - /etc/ssh/keys/ssh_host_ed25519_key
        - -h
        - /etc/ssh/keys/ssh_host_rsa_key
        volumeMounts:
        - name: forgejo-ssh-keys
          mountPath: /etc/ssh/keys
      volumes:
      - name: forgejo-ssh-keys-secret
        secret:
          secretName: forgejo-ssh-keys
      - name: forgejo-ssh-keys
        emptyDir: {}