Mathis/dev-cluster
1
0
Fork 0
mirror of https://github.com/lordmathis/dev-cluster.git synced 2025-12-22 08:34:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Migrate from gitea to forgejo

Browse Source
This commit is contained in:
Matúš Námešný
2025-01-28 15:35:18 +01:00
parent e0598de2f0
commit 0b99e5469f
15 changed files with 56 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/base/gitea/kustomization.yaml → apps/base/forgejo/kustomization.yaml
View File

@@ -1,7 +1,7 @@
# /apps/base/gitea/kustomization.yaml # /apps/base/forgejo/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: gitea namespace: forgejo
resources: resources:
- namespace.yaml - namespace.yaml

5
apps/base/forgejo/namespace.yaml Normal file
View File

@@ -0,0 +1,5 @@
# /apps/base/forgejo/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: forgejo

9
apps/base/forgejo/repository.yaml Normal file
View File

@@ -0,0 +1,9 @@
# /apps/base/forgejo/repository.yaml
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: forgejo
namespace: forgejo
spec:
interval: 1h
url: https://code.forgejo.org/forgejo-helm/forgejo

5
apps/base/gitea/namespace.yaml
View File

@@ -1,5 +0,0 @@
# /apps/base/gitea/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: gitea

9
apps/base/gitea/repository.yaml
View File

@@ -1,9 +0,0 @@
# /apps/base/gitea/repository.yaml
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: gitea
namespace: gitea
spec:
interval: 1h
url: https://dl.gitea.io/charts/

10
apps/prod/gitea/ingress.yaml → apps/prod/forgejo/ingress.yaml
View File

@@ -1,15 +1,15 @@
# /apps/prod/gitea/ingress.yaml # /apps/prod/forgejo/ingress.yaml
apiVersion: traefik.io/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: IngressRoute kind: IngressRoute
metadata: metadata:
name: gitea-web-ingress name: forgejo-web-ingress
namespace: gitea namespace: forgejo
spec: spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host(`${GITEA_DOMAIN}`) - match: Host(`${FORGEJO_DOMAIN}`)
kind: Rule kind: Rule
services: services:
- name: gitea-http - name: forgejo-http
port: 3000 port: 3000

10
apps/prod/gitea/kustomization.yaml → apps/prod/forgejo/kustomization.yaml
View File

@@ -1,17 +1,17 @@
# /apps/prod/gitea/kustomization.yaml # /apps/prod/forgejo/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: gitea namespace: forgejo
resources: resources:
- ../../base/gitea - ../../base/forgejo
- secret.enc.yaml - secret.enc.yaml
- release.yaml - release.yaml
- ingress.yaml - ingress.yaml
configMapGenerator: configMapGenerator:
- name: gitea-prod-values - name: forgejo-prod-values
namespace: gitea namespace: forgejo
files: files:
- values.yaml - values.yaml

0
apps/prod/gitea/kustomizeconfig.yaml → apps/prod/forgejo/kustomizeconfig.yaml
View File

16
apps/prod/gitea/release.yaml → apps/prod/forgejo/release.yaml
View File

@@ -1,20 +1,20 @@
# /apps/prod/gitea/release.yaml # /apps/prod/forgejo/release.yaml
apiVersion: helm.toolkit.fluxcd.io/v2 apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease kind: HelmRelease
metadata: metadata:
name: gitea name: forgejo
namespace: gitea namespace: forgejo
spec: spec:
interval: 1h interval: 1h
chart: chart:
spec: spec:
chart: gitea chart: forgejo
version: 10.6.0 version: 11.0.1
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: gitea name: forgejo
namespace: gitea namespace: forgejo
interval: 1h interval: 1h
valuesFrom: valuesFrom:
- kind: ConfigMap - kind: ConfigMap
name: gitea-prod-values name: forgejo-prod-values

6
apps/prod/gitea/secret.enc.yaml → apps/prod/forgejo/secret.enc.yaml
View File

@@ -1,9 +1,9 @@
# /apps/prod/gitea/secret.enc.yaml # /apps/prod/forgejo/secret.enc.yaml
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: gitea-admin-secret name: forgejo-admin-secret
namespace: gitea namespace: forgejo
stringData: stringData:
username: ENC[AES256_GCM,data:1K7hWGJC,iv:SRYfP1NLS633JKNORnsFkBFXo5sP4ejWNj6r4NXbrrQ=,tag:kOfUyxznR8p8VsiYy//Ytg==,type:str] username: ENC[AES256_GCM,data:1K7hWGJC,iv:SRYfP1NLS633JKNORnsFkBFXo5sP4ejWNj6r4NXbrrQ=,tag:kOfUyxznR8p8VsiYy//Ytg==,type:str]
password: ENC[AES256_GCM,data:6GstZlME7jdHkwmyKCp+G72j6yk=,iv:sMunSzr6NZq5QVuibItDJq6n/KM5F9+Ulgc3XLdXuEg=,tag:+/2eBSEJMggo2X1Ft8RIlw==,type:str] password: ENC[AES256_GCM,data:6GstZlME7jdHkwmyKCp+G72j6yk=,iv:sMunSzr6NZq5QVuibItDJq6n/KM5F9+Ulgc3XLdXuEg=,tag:+/2eBSEJMggo2X1Ft8RIlw==,type:str]

12
apps/prod/gitea/values.yaml → apps/prod/forgejo/values.yaml
View File

@@ -1,4 +1,4 @@
# /apps/prod/gitea/values.yaml # /apps/prod/forgejo/values.yaml
redis-cluster: redis-cluster:
enabled: false enabled: false
postgresql-ha: postgresql-ha:
@@ -21,10 +21,10 @@ persistence:
image: image:
rootless: true rootless: true
gitea: forgejo:
admin: admin:
existingSecret: gitea-admin-secret existingSecret: forgejo-admin-secret
email: "${GITEA_ADMIN_EMAIL}" email: "${FORGEJO_ADMIN_EMAIL}"
config: config:
actions: actions:
ENABLED: true ENABLED: true
@@ -40,8 +40,8 @@ gitea:
TYPE: channel TYPE: channel
server: server:
BUILTIN_SSH_SERVER_USER: git BUILTIN_SSH_SERVER_USER: git
ROOT_URL: https://${GITEA_DOMAIN} ROOT_URL: https://${FORGEJO_DOMAIN}
DOMAIN: ${GITEA_DOMAIN} DOMAIN: ${FORGEJO_DOMAIN}
SSH_CREATE_AUTHORIZED_KEYS_FILE: false SSH_CREATE_AUTHORIZED_KEYS_FILE: false
LANDING_PAGE: explore LANDING_PAGE: explore
service: service:

2
apps/prod/kustomization.yaml
View File

@@ -3,6 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- authelia - authelia
- gitea - forgejo
- k9s-web - k9s-web
- lemma - lemma

4
cluster-vars/prod/secret.enc.yaml
View File

@@ -5,13 +5,13 @@ metadata:
namespace: flux-system namespace: flux-system
stringData: stringData:
DOMAIN: ENC[AES256_GCM,data:E5Vu4lZBe8J8,iv:BQ60rtqut0ME3RSiE+Afh5y4XxLEeDhssh7eSBYRvHM=,tag:+cHVuRSpxAjDl05x2pUo/A==,type:str] DOMAIN: ENC[AES256_GCM,data:E5Vu4lZBe8J8,iv:BQ60rtqut0ME3RSiE+Afh5y4XxLEeDhssh7eSBYRvHM=,tag:+cHVuRSpxAjDl05x2pUo/A==,type:str]
GITEA_DOMAIN: ENC[AES256_GCM,data:7GTEM1Me2KN78zWm/g==,iv:dHfYDR4Rk6iXsmpSt0CaCp/MHRD2dLHfQCP3ly4gixM=,tag:r05ueelCxvmwMeg6hBWwBg==,type:str] FORGEJO_DOMAIN: ENC[AES256_GCM,data:7GTEM1Me2KN78zWm/g==,iv:dHfYDR4Rk6iXsmpSt0CaCp/MHRD2dLHfQCP3ly4gixM=,tag:r05ueelCxvmwMeg6hBWwBg==,type:str]
AUTHELIA_DOMAIN: ENC[AES256_GCM,data:R2D9+g59TDNe/jB9Mwo=,iv:5Ai0Mx/CbCotfUsMuRZhSUJlw5QDP5Fx+/lck/aMnhk=,tag:P8geek7CkIEVuK3UP1eZMQ==,type:str] AUTHELIA_DOMAIN: ENC[AES256_GCM,data:R2D9+g59TDNe/jB9Mwo=,iv:5Ai0Mx/CbCotfUsMuRZhSUJlw5QDP5Fx+/lck/aMnhk=,tag:P8geek7CkIEVuK3UP1eZMQ==,type:str]
TRAEFIK_DOMAIN: ENC[AES256_GCM,data:t2SKcY81OKO+2765biNnyfU=,iv:tPlAovgxXp7+qrWWyF0Q67ql+Ey+itgKX+igOLQrXlA=,tag:lL2uP7PtboK12dQ52bZCWw==,type:str] TRAEFIK_DOMAIN: ENC[AES256_GCM,data:t2SKcY81OKO+2765biNnyfU=,iv:tPlAovgxXp7+qrWWyF0Q67ql+Ey+itgKX+igOLQrXlA=,tag:lL2uP7PtboK12dQ52bZCWw==,type:str]
LEMMA_DOMAIN: ENC[AES256_GCM,data:ZXSvD4FDU8jCVExJhPe+,iv:AuHra0K+xV01ZPfF9JqRzdzAhEWbEOXdtaWk08cnWpc=,tag:UXd3a3AvTMlHB3b0WHn7mA==,type:str] LEMMA_DOMAIN: ENC[AES256_GCM,data:ZXSvD4FDU8jCVExJhPe+,iv:AuHra0K+xV01ZPfF9JqRzdzAhEWbEOXdtaWk08cnWpc=,tag:UXd3a3AvTMlHB3b0WHn7mA==,type:str]
K9S_DOMAIN: ENC[AES256_GCM,data:iHGo7NkwbZAoXYV64w==,iv:N10BV/ZSAVDdEBZVZaYKA9TgOzB09YkC1Fwc3Ujs2/M=,tag:iSbE8S/sn3rMUaYEdIADbg==,type:str] K9S_DOMAIN: ENC[AES256_GCM,data:iHGo7NkwbZAoXYV64w==,iv:N10BV/ZSAVDdEBZVZaYKA9TgOzB09YkC1Fwc3Ujs2/M=,tag:iSbE8S/sn3rMUaYEdIADbg==,type:str]
LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:cQi3FMrdySRc6ovINX/rCDYF38SiSjo=,iv:vem+/Mdw6NU1wSZfrR8D5YRV8QcHviA4bsTuyXm6J3o=,tag:ACTYLo0EDxVfMXFnGd5+iA==,type:str] LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:cQi3FMrdySRc6ovINX/rCDYF38SiSjo=,iv:vem+/Mdw6NU1wSZfrR8D5YRV8QcHviA4bsTuyXm6J3o=,tag:ACTYLo0EDxVfMXFnGd5+iA==,type:str]
GITEA_ADMIN_EMAIL: ENC[AES256_GCM,data:Vt7TbkkdfxLmaGbgekvlgjM=,iv:48dqiXfFozpmEGyox/STp0JPC6V79ZdUhMLboZOqN90=,tag:OQ9tKOoBUsWfgFuqwMrFIg==,type:str] FORGEJO_ADMIN_EMAIL: ENC[AES256_GCM,data:Vt7TbkkdfxLmaGbgekvlgjM=,iv:48dqiXfFozpmEGyox/STp0JPC6V79ZdUhMLboZOqN90=,tag:OQ9tKOoBUsWfgFuqwMrFIg==,type:str]
VELERO_BUCKET: ENC[AES256_GCM,data:+1E2KO3Fm4ehw2r3swyVA9+NoFE=,iv:1LEiHiy54GQhQrdkZH7MfjiQkC4BYLVCe+h4gEViO6c=,tag:hwy3vRZlfdpg7LVi4lyrUw==,type:str] VELERO_BUCKET: ENC[AES256_GCM,data:+1E2KO3Fm4ehw2r3swyVA9+NoFE=,iv:1LEiHiy54GQhQrdkZH7MfjiQkC4BYLVCe+h4gEViO6c=,tag:hwy3vRZlfdpg7LVi4lyrUw==,type:str]
sops: sops:
kms: [] kms: []

2
infrastructure/controllers/velero/release.yaml
View File

@@ -43,7 +43,7 @@ spec:
schedule: "0 2 * * *" # Every day at 2 AM schedule: "0 2 * * *" # Every day at 2 AM
template: template:
includedNamespaces: includedNamespaces:
- gitea - forgejo
storageLocation: default storageLocation: default
ttl: "168h" # Keep backups for 1 week ttl: "168h" # Keep backups for 1 week
includedResources: includedResources:

18
provisioning/cloud-init.yaml
View File

@@ -33,21 +33,21 @@ packages:
write_files: write_files:
- content: | - content: |
#!/bin/sh #!/bin/sh
GITEA_POD=$(kubectl --kubeconfig /home/git/.kube/config get po -n gitea -l app=gitea -o name --no-headers=true | cut -d'/' -f2) FORGEJO_POD=$(kubectl --kubeconfig /home/git/.kube/config get po -n forgejo -l app=forgejo -o name --no-headers=true | cut -d'/' -f2)
kubectl --kubeconfig /home/git/.kube/config exec -i -n gitea $GITEA_POD -c gitea -- env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" /bin/sh "$@" kubectl --kubeconfig /home/git/.kube/config exec -i -n forgejo $FORGEJO_POD -c forgejo -- env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" /bin/sh "$@"
path: /usr/local/bin/gitea-shell path: /usr/local/bin/forgejo-shell
permissions: "0755" permissions: "0755"
- content: | - content: |
#!/bin/sh #!/bin/sh
GITEA_POD=$(kubectl --kubeconfig /home/git/.kube/config get po -n gitea -l app=gitea -o name --no-headers=true | cut -d'/' -f2) FORGEJO_POD=$(kubectl --kubeconfig /home/git/.kube/config get po -n forgejo -l app=forgejo -o name --no-headers=true | cut -d'/' -f2)
kubectl --kubeconfig /home/git/.kube/config exec -i -n gitea $GITEA_POD -c gitea -- /usr/local/bin/gitea keys -e git -u $1 -t $2 -k $3 kubectl --kubeconfig /home/git/.kube/config exec -i -n forgejo $FORGEJO_POD -c forgejo -- /usr/local/bin/forgejo keys -e git -u $1 -t $2 -k $3
permissions: "0755" permissions: "0755"
path: /usr/local/bin/gitea-keys path: /usr/local/bin/forgejo-keys
- content: | - content: |
Match User git Match User git
AuthorizedKeysCommandUser git AuthorizedKeysCommandUser git
AuthorizedKeysCommand /usr/local/bin/gitea-keys %u %t %k AuthorizedKeysCommand /usr/local/bin/forgejo-keys %u %t %k
path: /etc/ssh/sshd_config.d/50-gitea.conf path: /etc/ssh/sshd_config.d/50-forgejo.conf
permissions: "0644" permissions: "0644"
ssh: ssh:
@@ -67,7 +67,7 @@ runcmd:
# SSH key for user # SSH key for user
- su ${username} -c 'ssh-keygen -t ed25519 -f /home/${username}/.ssh/id_ed25519 -q -N "" ' - su ${username} -c 'ssh-keygen -t ed25519 -f /home/${username}/.ssh/id_ed25519 -q -N "" '
# SSH Passthrough for user git # SSH Passthrough for user git
- usermod -s /usr/local/bin/gitea-shell git - usermod -s /usr/local/bin/forgejo-shell git
# k3s # k3s
- curl -sfL https://get.k3s.io | sh -s - --disable=traefik - curl -sfL https://get.k3s.io | sh -s - --disable=traefik
# Wait for k3s to be ready # Wait for k3s to be ready