From 560a764afd35ed04e23e062182ed5315f2746b11 Mon Sep 17 00:00:00 2001
From: xeruf <27jf@pm.me>
Date: Tue, 23 Jan 2024 20:12:00 +0100
Subject: [PATCH] forge: add forgejo from gitea
---
basic/apps/forge/forgejo-data-pvc.yaml | 15 ++++
basic/apps/forge/forgejo-oauth-client.yaml | 21 ++++++
basic/apps/forge/forgejo-postgres-pvc.yaml | 15 ++++
basic/apps/forge/forgejo-release.yaml | 28 ++++++++
.../apps/forge/forgejo-values-configmap.yaml | 68 +++++++++++++++++++
5 files changed, 147 insertions(+)
create mode 100644 basic/apps/forge/forgejo-data-pvc.yaml
create mode 100644 basic/apps/forge/forgejo-oauth-client.yaml
create mode 100644 basic/apps/forge/forgejo-postgres-pvc.yaml
create mode 100644 basic/apps/forge/forgejo-release.yaml
create mode 100644 basic/apps/forge/forgejo-values-configmap.yaml
diff --git a/basic/apps/forge/forgejo-data-pvc.yaml b/basic/apps/forge/forgejo-data-pvc.yaml
new file mode 100644
index 0000000..35d1e6c
--- /dev/null
+++ b/basic/apps/forge/forgejo-data-pvc.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: forgejo-data
+ namespace: stackspout
+ labels:
+ stackspin.net/backupSet: "forgejo"
+spec:
+ accessModes:
+ - ReadWriteOnce
+ volumeMode: Filesystem
+ resources:
+ requests:
+ storage: 2Gi
+ storageClassName: local-path
diff --git a/basic/apps/forge/forgejo-oauth-client.yaml b/basic/apps/forge/forgejo-oauth-client.yaml
new file mode 100644
index 0000000..5300184
--- /dev/null
+++ b/basic/apps/forge/forgejo-oauth-client.yaml
@@ -0,0 +1,21 @@
+apiVersion: hydra.ory.sh/v1alpha1
+kind: OAuth2Client
+metadata:
+ name: forgejo-oauth-client
+ # Has to live in the same namespace as the stackspin-*-oauth-variables secret
+ namespace: flux-system
+spec:
+ # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
+ grantTypes:
+ - authorization_code
+ - refresh_token
+ - client_credentials
+ - implicit
+ responseTypes:
+ - id_token
+ - code
+ scope: "openid profile email stackspin_roles"
+ secretName: stackspin-forgejo-oauth-variables
+ redirectUris:
+ - https://forge.${domain}/user/oauth2/Stackspin/callback
+ tokenEndpointAuthMethod: client_secret_post
diff --git a/basic/apps/forge/forgejo-postgres-pvc.yaml b/basic/apps/forge/forgejo-postgres-pvc.yaml
new file mode 100644
index 0000000..3b33b46
--- /dev/null
+++ b/basic/apps/forge/forgejo-postgres-pvc.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: forgejo-postgres
+ namespace: stackspout
+ labels:
+ stackspin.net/backupSet: "forgejo"
+spec:
+ accessModes:
+ - ReadWriteOnce
+ volumeMode: Filesystem
+ resources:
+ requests:
+ storage: 2Gi
+ storageClassName: local-path
diff --git a/basic/apps/forge/forgejo-release.yaml b/basic/apps/forge/forgejo-release.yaml
new file mode 100644
index 0000000..eccf607
--- /dev/null
+++ b/basic/apps/forge/forgejo-release.yaml
@@ -0,0 +1,28 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: forgejo
+ namespace: stackspout
+spec:
+ releaseName: forgejo
+ chart:
+ spec:
+ # https://codeberg.org/forgejo-contrib/-/packages/container/forgejo
+ chart: forgejo
+ version: 1.1.5
+ sourceRef:
+ kind: HelmRepository
+ name: forgejo
+ namespace: flux-system
+ interval: 5m
+ valuesFrom:
+ - kind: ConfigMap
+ name: stackspin-forgejo-values
+ optional: false
+ # Allow overriding values by ConfigMap or Secret
+ - kind: ConfigMap
+ name: stackspin-forgejo-override
+ optional: true
+ - kind: Secret
+ name: stackspin-forgejo-override
+ optional: true
diff --git a/basic/apps/forge/forgejo-values-configmap.yaml b/basic/apps/forge/forgejo-values-configmap.yaml
new file mode 100644
index 0000000..94f31f6
--- /dev/null
+++ b/basic/apps/forge/forgejo-values-configmap.yaml
@@ -0,0 +1,68 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: stackspin-forgejo-values
+ namespace: stackspout
+data:
+ values.yaml: |
+ ingress:
+ enabled: true
+ annotations:
+ kubernetes.io/tls-acme: "true"
+ nginx.ingress.kubernetes.io/proxy-body-size: "50m"
+ hosts:
+ - host: "forge.${domain}"
+ paths:
+ - path: /
+ pathType: Prefix
+ tls:
+ - secretName: forgejo-tls
+ hosts:
+ - "forge.${domain}"
+ gitea:
+ admin:
+ username: "forgejo"
+ email: "${admin_email}"
+ password: "${password}"
+ # https://codeberg.org/forgejo-contrib/forgejo-helm#oauth2-settings
+ oauth:
+ - name: Stackspin
+ provider: "openidConnect"
+ key: "${client_id}"
+ secret: "${client_secret}"
+ autoDiscoverUrl: "https://sso.${domain}/.well-known/openid-configuration"
+ iconUrl: "https://dashboard.${domain}/favicon-32x32.png"
+ # https://forgejo.org/docs/latest/admin/config-cheat-sheet/
+ config:
+ APP_NAME: "Forge for ${company_name}"
+ repository:
+ DEFAULT_PUSH_CREATE_PRIVATE: false
+ ENABLE_PUSH_CREATE_USER: true
+ ENABLE_PUSH_CREATE_ORG: true
+ DEFAULT_REPO_UNITS: [repo.code,repo.releases,repo.issues,repo.pulls]
+ MAX_CREATION_LIMIT: 99
+ server:
+ ROOT_URL: "https://forge.${domain}"
+ LANDING_PAGE: login
+ openid:
+ ENABLE_OPENID_SIGNUP: true
+ service:
+ DISABLE_REGISTRATION: false
+ ALLOW_ONLY_EXTERNAL_REGISTRATION: true
+ log:
+ LEVEL: "Debug"
+ persistence:
+ enabled: true
+ existingClaim: forgejo-data
+ postgresql:
+ persistence:
+ enabled: true
+ existingClaim: forgejo-postgres
+ service:
+ ssh:
+ type: LoadBalancer
+ loadBalancerIP: "${ip_address}"
+ hostPort: 22
+ externalTrafficPolicy: "Local"
+ annotations:
+ metallb.universe.tf/allow-shared-ip: "share-ipv4"
--
GitLab