initial installation of forgejo

2024-01-29 20:23:33 +01:00 · 2024-01-29 20:23:33 +01:00 · b67321c44b
parent ea7b723f67
commit b67321c44b
6 changed files with 143 additions and 0 deletions
--- a/apps/zurrli/forgejo/configmap.yaml
+++ b/apps/zurrli/forgejo/configmap.yaml
@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: forgejo-app-ini
+data:
+  session: |
+    SAME_SITE=strict    
+  cron.archive_cleanup: |
+    ENABLED=true
--- a/apps/zurrli/forgejo/kustomization.yaml
+++ b/apps/zurrli/forgejo/kustomization.yaml
@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - configmap.yaml
+generators:
+  - secret-generator.yaml
--- a/apps/zurrli/forgejo/secret-admin-user.sops.yaml
+++ b/apps/zurrli/forgejo/secret-admin-user.sops.yaml
@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+    name: forgejo-admin-secret
+stringData:
+    username: ENC[AES256_GCM,data:lDqVAq9ljbMQQg==,iv:Q24F14CFgbcpb7uVERbUOWt+uAjt4/LgzrxmHcPZiPA=,tag:uaO+YseYsJdm1UZgEAk/sw==,type:str]
+    password: ENC[AES256_GCM,data:wum4id+XB6pWh3wrHrbwLpIdltRDJWimXhLVgiXFdSPua4RoRWeBD6ypDyA=,iv:U/cmBfJL/DZQH5dJMjpqIkqUbPbpYkdCcLwAfbb47Qg=,tag:G3WnuBeESgA+lPMNydWVhQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlbFN3Yi9SbHZVNzRWUXhB
+            cDh1Q1R4MmJMdFVmR1p0NEM4WWNFdzBxT0hzCnlibzN1cDJjeFJ1cjUrQzlWSC9s
+            WGg2S0hvc3lCME9kdW9LdlZVZ0JvZ00KLS0tIEFOMzkxcWdCcmtNK0YwaTFlTWdk
+            ZkhMeS84Wlh6dlkrMVlKU0xMNlBHUXMK+MfIYb9O4DtattlQUWzY041N7aiPZG57
+            FJXLnIJnCzE9LLzwRbPRdHn+9VBp4v8T0Gno2Vlr7FAKrka6S14fxA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-01-29T19:15:12Z"
+    mac: ENC[AES256_GCM,data:wZEOGX30tdlz+uRT73oWuaI1GQsuAXyewQv2/iUZoneLBRZUZlbQDNjBr5wi5qAA7svwrh/txV5s1pzohkY/Fep+quTSUuZrsL5obuW8GTgb3IlCKd7JoDTUOWhnUClN9pBfnxp/fDwJQxbA+aqWRUGqcJMlPQFeT4C7BkA0MdE=,iv:F4sPLuvtNmV/KlJFYaw1NejtSJwsovRcD4KAD8H4K3E=,tag:8M40ZERWJI0a06naNsXNZA==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1
--- a/apps/zurrli/forgejo/secret-generator.yaml
+++ b/apps/zurrli/forgejo/secret-generator.yaml
@ -0,0 +1,7 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  name: secret-generator
+files:
+  - secret-oauth.sops.yaml
+  - secret-admin-user.sops.yaml
--- a/apps/zurrli/forgejo/secret-oauth.sops.yaml
+++ b/apps/zurrli/forgejo/secret-oauth.sops.yaml
@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+    name: foregjo-oauth-secret
+stringData:
+    key: ENC[AES256_GCM,data:RB0j5Qc=,iv:/krpnTgqgR0pIF/o0WbwL5lrjfpWJyiPSJ3rUAAFc6c=,tag:aTIoUaO/MYMuWVu/ldExTg==,type:str]
+    secret: ENC[AES256_GCM,data:moDK9ms=,iv:NcSCjIyzlUcBQfVkE1yqMg0zT2lcf+zIDcPyhHOG9Fs=,tag:qzH9kLOfUk6qHoQeHGEDKg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhbmxSVE9FejN6N2JTbXFn
+            V0tMTTNBUDcyQWJOMHBMZDIzVkV5SVJ6djNnClV3WS9xazZlQ3BwSUdXWm1mQ3Z1
+            UC9tMFE0c2Rpamo4eEhJbjZ6TnZQQ00KLS0tIE9QYlp3M0NuZVB4M1FuUzRSaFRy
+            cmZHZDdDOXljN1d1VHB3N3I3UnpkUDgKb52IMEIUlF7O098WYrsFKz5Vcb95WrKO
+            gQ7No+2rDGppkw1Wj7Pkp98UDI+gP0lgQBtdqSmafbhJddVN+H7fdQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-01-29T19:14:19Z"
+    mac: ENC[AES256_GCM,data:mEYAUWP3uJetXf9Ha99egHL40MLqbvLM8GXb4hTlb44VwJJvqRrBB0Ez2/3IULq0mNw2ot7+Zda7c4g0H3Y+1dgcAoyf0wHUn/N2PD6tEl8WrqqTwRW86ITrhPPgsBMXiq/ovci8Z3zMkAr0DbVQuJSOxZRzWO0H9jkyu3b7OXs=,iv:hooqxH3IoKMeSG2gRXfj2aK+rl2SopeCBzaKZ3EhLjo=,tag:0Ap4Z0fVCVCnm1v952SHJQ==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1
--- a/argoapps/zurrli/forgejo.yaml
+++ b/argoapps/zurrli/forgejo.yaml
@ -0,0 +1,65 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: forgejo
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: apps
+  sources:
+    - chart: forgejo
+      repoURL: oci://codeberg.org/forgejo-contrib/forgejo
+      targetRevision: 1.1.6
+      helm:
+        values: |
+          redis-cluster:
+            enabled: false
+          postgresql:
+            enabled: true
+            persistence:
+              enabled: true
+              storageClass: local-path
+          postgresql-ha:
+            enabled: false
+
+          persistence:
+            enabled: true
+            storageClass: local-path
+
+          gitea:
+            admin:
+              existingSecret: forgejo-admin-secret
+            oauth:
+              - name: 'tbrnt ID'
+                provider: 'openidConnect'
+                autoDiscoverUrl: https://id.tobru.ch/
+                existingSecret: forgejo-oauth-secret
+            config:
+              database:
+                DB_TYPE: postgres
+              session:
+                PROVIDER: db
+              cache:
+                ADAPTER: memory
+              queue:
+                TYPE: level
+              indexer:
+                ISSUE_INDEXER_TYPE: bleve
+                REPO_INDEXER_ENABLED: true
+            additionalConfigSources:
+              - secret:
+                  secretName: forgejo-app-ini-secret
+              - configMap:
+                  name: forgejo-app-ini
+    - path: apps/zurrli/forgejo
+      repoURL: https://git.tbrnt.ch/tobru/gitops-zurrli.git
+      targetRevision: HEAD
+  destination:
+    namespace: forgejo
+    server: https://kubernetes.default.svc
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true