feat: add forgejo

reinthal · Dec 28, 2024 · 1c8f9c3 · 1c8f9c3
1 parent 64d4bf1
commit 1c8f9c3
Show file tree

Hide file tree

Showing 5 changed files with 146 additions and 0 deletions.
diff --git a/apps/base/forgejo/.gitignore b/apps/base/forgejo/.gitignore
@@ -0,0 +1,2 @@
+forgejo.env
+forgejo-secret.yaml
diff --git a/apps/base/forgejo/forgejo-secret-sealed.yaml b/apps/base/forgejo/forgejo-secret-sealed.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: forgejo-secret
+  namespace: default
+spec:
+  encryptedData:
+    FORGEJO__database__PASSWD: AgAO1ZdR1zVL8ELd7LcCsTZ4Jrmaqm5vuRihowxYXsbbHNu8Q435A0fjJ76f+QTm0oSH5WqjMvpWc/RZNKu7mG1UBQ/fkv/v2EOlU0Iz8AYl6U64fnTQNJ2bMi3hXGxH8lpOQ8/SSB3F6r0HJHz6TkiYrbJnBERh2IaMbxT1K5lKBOKEQUepwontF8q/ZJ0oaaBkxXfBZYEAw87bKPL2Q9FBcZYsi3SzsZOvUSxJfMBm8bit0PKQ/jbc4FqtoYeOKZGUhtrt88f5j2fRljFTVUFFNCJrsGQoK1qmX4Z2mM66p2gwgclCHs+3zcJ+5Ph0Ux+dt7+fIdb2htwJZxuwcnfFtqts7UUjwVr45HiR3/TEeA4GAziA6K/OcPMbdb2bOvXFkkS3gHugjNd/GLBHyKKenjpB0fH1aqlGMnE88hecBzKgNxZeZs2OyUMYHpunUZDfXiD2Iivh0Pqgq8j1+1LQjNYGi/ASKxnbfgb8Mh5OBOGUzHv8C9nQLesiyoXgCl+6C1mWQvQ+qf5ZL4KgIznx0+smyXKT50nTn8HyLa1HFeUv49nEqE+/5FjZ2ZW7u2fcsfSDQD5kh3ielopb8fQy/D8SRshXPiyieZ/IJ2k5I9rx3JiRJ4PBIIUURVHZGLYBY5/X9x5xIFK6StiS63yg23W6R2m/UsAB2Hs+hUntAVxjMW9ba2wCbc/ytwVQbGAupBnG2e8Nmc0SVHQ7asg=
+    postgres-password: AgCXchMzknfnc1YCMdNcsCNNiHh/LZQlZMDaQJQt4v5tc1yvotIO1QIQ42wZx2oCq27FeUGKFSiPEdDzq9RGnHMUf0KJBWpxvezUpp1wo/1yUzAJPap7anbxwsyexF57LekulvB/Ip3b06tUc5MAge40iNJOXvu6v6RCmbWFjtK5lJbqp7mMPan+b98mSMT/dfkDsQN7sO405YMI3nWJ410B3+xAeftejH3puOxx4nRFf/N8ou8KOqqttLvrEr7facseoCiq0Rr+7uTcDOQ8BsLhmzMP0HDpfalPnjXaudV7AXwz/l/sVZY21M7vm0n02qujuvzQ0OpMVARHpY0DqKPICxQ8vf93+Y7fnAC87BxhPzGHAflyGMCB5TfH03u7HYklpPQ46R0XEWCYkfPHELgb9Rt5YwY2NQSsNNn/4eXYH7sADWIkjvQiLgOLn+djfzfl5fV4K/TxwzjW/ncPLen00GnWDfnEwD/poUmHcTVu2FscREKdMC/Coov4qABx7JQh/5RCtkCFuXdxU8lGAE4i7k+y697wJ6gOkXRLKxt7vzNp1qN0Qm1l+MC8LXpeUnw1RvWFQ94E+/5IGIWy+E5P7gYQpRKqmqYqwLannEJjgP91UuZm49aKv99yNG8IOCh4Y6yGzfy4V0Y2/9Ia6Ie6UGA4NHkstTbArlKyiGh5jkA2tFNpOcMAKRqyaDLCW7X7MgYVOSvPxbijwoon3Yo=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: forgejo-secret
+      namespace: default
+    type: Opaque
diff --git a/apps/base/forgejo/forgejo.yaml b/apps/base/forgejo/forgejo.yaml
@@ -0,0 +1,100 @@
+# forgejo-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: forgejo-config
+data:
+  USER_UID: "1000"
+  USER_GID: "1000"
+  FORGEJO__database__DB_TYPE: "postgres"
+  FORGEJO__database__HOST: "postgres.reinthal.me:5432"
+  FORGEJO__database__NAME: "forgejo"
+  FORGEJO__database__USER: "forgejo"
+---
+# forgejo-secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: forgejo-secret
+type: Opaque
+data:
+  FORGEJO__database__PASSWD: Zm9yZ2Vqbw== # base64 encoded 'forgejo'
+  postgres-password: Zm9yZ2Vqbw== # base64 encoded 'forgejo'
+
+---
+# forgejo-pvc.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: forgejo-data
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+
+---
+# forgejo-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: forgejo
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: forgejo
+  template:
+    metadata:
+      labels:
+        app: forgejo
+    spec:
+      containers:
+      - name: forgejo
+        image: codeberg.org/forgejo/forgejo:9
+        ports:
+        - containerPort: 3000
+        - containerPort: 22
+        envFrom:
+        - configMapRef:
+            name: forgejo-config
+        - secretRef:
+            name: forgejo-secret
+        volumeMounts:
+        - name: forgejo-data
+          mountPath: /data
+        - name: timezone
+          mountPath: /etc/timezone
+          readOnly: true
+        - name: localtime
+          mountPath: /etc/localtime
+          readOnly: true
+      volumes:
+      - name: forgejo-data
+        persistentVolumeClaim:
+          claimName: forgejo-data
+      - name: timezone
+        hostPath:
+          path: /etc/timezone
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: forgejo
+spec:
+  type: NodePort
+  selector:
+    app: forgejo
+  ports:
+  - name: http
+    port: 3000
+    targetPort: 3000
+  - name: ssh
+    port: 22
+    targetPort: 22
+    nodePort: 30022
+
diff --git a/apps/base/forgejo/ingress.yaml b/apps/base/forgejo/ingress.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: forgejo-frontend
+  namespace: forgejo
+  annotations:
+    kubernetes.io/ingress.class: traefik-external
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`forgejo.local.reinthal.cc`)
+      kind: Rule
+      services:
+        - name: forgejo
+          port: 80
+  tls:
+    secretName: local-reinthal-cc-tls
diff --git a/apps/base/forgejo/kustomization.yaml b/apps/base/forgejo/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: forgejo
+resources:
+  - forgejo.yaml
+  - forgejo-secret-sealed.yaml
+  # frontend
+  - ingress.yaml