From 560a764afd35ed04e23e062182ed5315f2746b11 Mon Sep 17 00:00:00 2001 From: xeruf <27jf@pm.me> Date: Tue, 23 Jan 2024 20:12:00 +0100 Subject: [PATCH] forge: add forgejo from gitea --- basic/apps/forge/forgejo-data-pvc.yaml | 15 ++++ basic/apps/forge/forgejo-oauth-client.yaml | 21 ++++++ basic/apps/forge/forgejo-postgres-pvc.yaml | 15 ++++ basic/apps/forge/forgejo-release.yaml | 28 ++++++++ .../apps/forge/forgejo-values-configmap.yaml | 68 +++++++++++++++++++ 5 files changed, 147 insertions(+) create mode 100644 basic/apps/forge/forgejo-data-pvc.yaml create mode 100644 basic/apps/forge/forgejo-oauth-client.yaml create mode 100644 basic/apps/forge/forgejo-postgres-pvc.yaml create mode 100644 basic/apps/forge/forgejo-release.yaml create mode 100644 basic/apps/forge/forgejo-values-configmap.yaml diff --git a/basic/apps/forge/forgejo-data-pvc.yaml b/basic/apps/forge/forgejo-data-pvc.yaml new file mode 100644 index 0000000..35d1e6c --- /dev/null +++ b/basic/apps/forge/forgejo-data-pvc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: forgejo-data + namespace: stackspout + labels: + stackspin.net/backupSet: "forgejo" +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 2Gi + storageClassName: local-path diff --git a/basic/apps/forge/forgejo-oauth-client.yaml b/basic/apps/forge/forgejo-oauth-client.yaml new file mode 100644 index 0000000..5300184 --- /dev/null +++ b/basic/apps/forge/forgejo-oauth-client.yaml @@ -0,0 +1,21 @@ +apiVersion: hydra.ory.sh/v1alpha1 +kind: OAuth2Client +metadata: + name: forgejo-oauth-client + # Has to live in the same namespace as the stackspin-*-oauth-variables secret + namespace: flux-system +spec: + # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak + grantTypes: + - authorization_code + - refresh_token + - client_credentials + - implicit + responseTypes: + - id_token + - code + scope: "openid profile email stackspin_roles" + secretName: stackspin-forgejo-oauth-variables + redirectUris: + - https://forge.${domain}/user/oauth2/Stackspin/callback + tokenEndpointAuthMethod: client_secret_post diff --git a/basic/apps/forge/forgejo-postgres-pvc.yaml b/basic/apps/forge/forgejo-postgres-pvc.yaml new file mode 100644 index 0000000..3b33b46 --- /dev/null +++ b/basic/apps/forge/forgejo-postgres-pvc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: forgejo-postgres + namespace: stackspout + labels: + stackspin.net/backupSet: "forgejo" +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 2Gi + storageClassName: local-path diff --git a/basic/apps/forge/forgejo-release.yaml b/basic/apps/forge/forgejo-release.yaml new file mode 100644 index 0000000..eccf607 --- /dev/null +++ b/basic/apps/forge/forgejo-release.yaml @@ -0,0 +1,28 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: forgejo + namespace: stackspout +spec: + releaseName: forgejo + chart: + spec: + # https://codeberg.org/forgejo-contrib/-/packages/container/forgejo + chart: forgejo + version: 1.1.5 + sourceRef: + kind: HelmRepository + name: forgejo + namespace: flux-system + interval: 5m + valuesFrom: + - kind: ConfigMap + name: stackspin-forgejo-values + optional: false + # Allow overriding values by ConfigMap or Secret + - kind: ConfigMap + name: stackspin-forgejo-override + optional: true + - kind: Secret + name: stackspin-forgejo-override + optional: true diff --git a/basic/apps/forge/forgejo-values-configmap.yaml b/basic/apps/forge/forgejo-values-configmap.yaml new file mode 100644 index 0000000..94f31f6 --- /dev/null +++ b/basic/apps/forge/forgejo-values-configmap.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stackspin-forgejo-values + namespace: stackspout +data: + values.yaml: | + ingress: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "50m" + hosts: + - host: "forge.${domain}" + paths: + - path: / + pathType: Prefix + tls: + - secretName: forgejo-tls + hosts: + - "forge.${domain}" + gitea: + admin: + username: "forgejo" + email: "${admin_email}" + password: "${password}" + # https://codeberg.org/forgejo-contrib/forgejo-helm#oauth2-settings + oauth: + - name: Stackspin + provider: "openidConnect" + key: "${client_id}" + secret: "${client_secret}" + autoDiscoverUrl: "https://sso.${domain}/.well-known/openid-configuration" + iconUrl: "https://dashboard.${domain}/favicon-32x32.png" + # https://forgejo.org/docs/latest/admin/config-cheat-sheet/ + config: + APP_NAME: "Forge for ${company_name}" + repository: + DEFAULT_PUSH_CREATE_PRIVATE: false + ENABLE_PUSH_CREATE_USER: true + ENABLE_PUSH_CREATE_ORG: true + DEFAULT_REPO_UNITS: [repo.code,repo.releases,repo.issues,repo.pulls] + MAX_CREATION_LIMIT: 99 + server: + ROOT_URL: "https://forge.${domain}" + LANDING_PAGE: login + openid: + ENABLE_OPENID_SIGNUP: true + service: + DISABLE_REGISTRATION: false + ALLOW_ONLY_EXTERNAL_REGISTRATION: true + log: + LEVEL: "Debug" + persistence: + enabled: true + existingClaim: forgejo-data + postgresql: + persistence: + enabled: true + existingClaim: forgejo-postgres + service: + ssh: + type: LoadBalancer + loadBalancerIP: "${ip_address}" + hostPort: 22 + externalTrafficPolicy: "Local" + annotations: + metallb.universe.tf/allow-shared-ip: "share-ipv4"