Revert forgejo migration

apps/base/forgejo/namespace.yaml

@@ -1,5 +0,0 @@
-# /apps/base/forgejo/namespace.yaml
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: forgejo

apps/base/forgejo/repository.yaml

@@ -1,10 +0,0 @@
-# /apps/base/forgejo/repository.yaml
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: forgejo
-  namespace: forgejo
-spec:
-  type: oci
-  interval: 1h
-  url: oci://code.forgejo.org/forgejo-helm

apps/base/gitea/kustomization.yaml

@@ -1,7 +1,7 @@
-# /apps/base/forgejo/kustomization.yaml
+# /apps/base/gitea/kustomization.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: forgejo
+namespace: gitea
 
 resources:
   - namespace.yaml

apps/base/gitea/namespace.yaml

@@ -0,0 +1,5 @@
+# /apps/base/gitea/namespace.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea

apps/base/gitea/repository.yaml

@@ -0,0 +1,9 @@
+# /apps/base/gitea/repository.yaml
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  interval: 1h
+  url: https://dl.gitea.io/charts/

apps/prod/forgejo/secret.enc.yaml

@@ -1,29 +0,0 @@
-# /apps/prod/forgejo/secret.enc.yaml
-apiVersion: v1
-kind: Secret
-metadata:
-    name: forgejo-admin-secret
-    namespace: forgejo
-stringData:
-    username: ENC[AES256_GCM,data:1K7hWGJC,iv:SRYfP1NLS633JKNORnsFkBFXo5sP4ejWNj6r4NXbrrQ=,tag:kOfUyxznR8p8VsiYy//Ytg==,type:str]
-    password: ENC[AES256_GCM,data:6GstZlME7jdHkwmyKCp+G72j6yk=,iv:sMunSzr6NZq5QVuibItDJq6n/KM5F9+Ulgc3XLdXuEg=,tag:+/2eBSEJMggo2X1Ft8RIlw==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzQXVTa2hVaTAvbzU3aUxS
-            OHNUZm40RXlXa1dzRE5tMndKU015RVNYY1hjCjY5WDFYOFBrOXcyZm4vMkhWc0c4
-            UkhSYkhyVEJ2V1c1UytOZUxOTUJQWjgKLS0tIER2OFNsQUdHdkxTdEpObFFJcUxP
-            MVZUOGNJOC9QMU9WSWY2eTJjdEZsK2cKvdCXFw0LGc2Fqcnjla8SON0Oonsnrzfc
-            4GS1TFZ6bv4djodgn2wl43HmrrEvdHal2+HBDKv4McJv4x/jKBFbnw==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-24T17:35:23Z"
-    mac: ENC[AES256_GCM,data:MCbFvTfxsp1jEQngBp1dVZBHBagfogq4kUgpvHUG7xmzvSipicxnPdJe1bLdR/Ei8VWvU6O+PYn2jGBKxof8aYvEKUbMngq2fT26lhi/910pDMyEnp+HV4wJIdnIOwR3p8DMzw386ejlOxk+Q57/JvDoDuu1p7vWv9g+/6fxu2g=,iv:t8WGOMajR88BbW1M7NOigYnSFhZs+yW00Plq4dq57b0=,tag:Pvg6MdWhGslRTFI7XAseHw==,type:str]
-    pgp: []
-    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
-    version: 3.9.0

apps/prod/gitea/ingress.yaml

@@ -1,15 +1,15 @@
-# /apps/prod/forgejo/ingress.yaml
+# /apps/prod/gitea/ingress.yaml
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
-  name: forgejo-web-ingress
-  namespace: forgejo
+  name: gitea-web-ingress
+  namespace: gitea
 spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`${FORGEJO_DOMAIN}`)
+  - match: Host(`${GITEA_DOMAIN}`)
     kind: Rule
     services:
-    - name: forgejo-http
+    - name: gitea-http
       port: 3000

apps/prod/gitea/kustomization.yaml

@@ -1,17 +1,17 @@
-# /apps/prod/forgejo/kustomization.yaml
+# /apps/prod/gitea/kustomization.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: forgejo
+namespace: gitea
 
 resources:
-  - ../../base/forgejo
+  - ../../base/gitea
   - secret.enc.yaml
   - release.yaml
   - ingress.yaml
 
 configMapGenerator:
-  - name: forgejo-prod-values
-    namespace: forgejo
+  - name: gitea-prod-values
+    namespace: gitea
     files:
       - values.yaml
 

apps/prod/gitea/kustomizeconfig.yaml

@@ -1,4 +1,4 @@
-# /apps/prod/authelia/kustomizeconfig.yaml
+# /apps/prod/gitea/kustomizeconfig.yaml
 nameReference:
 - kind: ConfigMap
   version: v1

apps/prod/gitea/release.yaml

@@ -1,20 +1,20 @@
-# /apps/prod/forgejo/release.yaml
+# /apps/prod/gitea/release.yaml
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
-  name: forgejo
-  namespace: forgejo
+  name: gitea
+  namespace: gitea
 spec:
   interval: 1h
   chart:
     spec:
-      chart: forgejo
-      version: 11.0.1
+      chart: gitea
+      version: 10.6.0
       sourceRef:
         kind: HelmRepository
-        name: forgejo
-        namespace: forgejo
+        name: gitea
+        namespace: gitea
       interval: 1h
   valuesFrom:
     - kind: ConfigMap
-      name: forgejo-prod-values
+      name: gitea-prod-values

apps/prod/gitea/secret.enc.yaml

@@ -0,0 +1,29 @@
+#ENC[AES256_GCM,data:qc0a9pEqZy+CSiZBSRDdqQIuvIZvI9xQwKtM2J1a6P2s,iv:TVeB+seBchMpuor8l1hxnj3Kv9FfADgL5G927Jtvk+0=,tag:PwNysdB1TlyIvVqtJW+ntw==,type:comment]
+apiVersion: v1
+kind: Secret
+metadata:
+    name: gitea-admin-secret
+    namespace: gitea
+stringData:
+    username: ENC[AES256_GCM,data:ZjFHZbQX,iv:ZeUFu0OpXuooA6ZoRCO4yUNi1PCB6H0FAI7+1c9YLGk=,tag:+QFpdQ/7MjxEuFkfkAHqBQ==,type:str]
+    password: ENC[AES256_GCM,data:lChzETDJOvaB97g2BCeLAW0+eWs=,iv:Pc20LS84UpQzz68bjauDAGmpPH2+pSfIUE/NXmmwlqI=,tag:ojI8smGTNp+GyaZMEB3UIA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMT1h2S1UyTlZDaHJTUFZU
+            MitnbEV4UHF0Q3B1QmhFMzZIQjBvUG90TTBjCkcrZ2ZISmdWK1JzMEVrOEVhdFlZ
+            SXJ0OGhMUG0rc1U2NHFaQkZxNnJMM2MKLS0tIEFRVDNNcVBjYnJYOFY3M1hlSXV3
+            aTF0R0RZUHZWNDNWU1dZb3IyVnBEcncKATaL5sPeFTk0lqjENM4y1xBp+h/uN8hH
+            pQLQkOAwytW5xcQQOLAiNW54KK6TyeUMDzYLP+4Eq6wnQM+gymFY9A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-02-16T12:44:22Z"
+    mac: ENC[AES256_GCM,data:0gytbbuY/8FyHPKmLLSKPbEIfmrQXy/KtdvMVdun6VcHK+8csjOdPPYpoTo3FfbTbdl9LMbJ3Hs4L0hY8RZ9bV0xCcnE8MOIOyErfoS2MGQ3BdiBSbwBPN362VlQZCYqYri+8NMtbneGESSCM5yWNmd+68MZMr06pfU4m+bDxuo=,iv:9nboSOtS3/AMJT9xqgoqELpNyjS2S8FG/NLmt1Y74eI=,tag:1EyAZJ1Y4cuqCKBlaY8Msg==,type:str]
+    pgp: []
+    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
+    version: 3.9.1

apps/prod/gitea/values.yaml

@@ -1,4 +1,4 @@
-# /apps/prod/forgejo/values.yaml
+# /apps/prod/gitea/values.yaml
 redis-cluster:
   enabled: false
 postgresql-ha:
@@ -23,8 +23,8 @@ image:
 
 gitea:
   admin:
-    existingSecret: forgejo-admin-secret
-    email: "${FORGEJO_ADMIN_EMAIL}"
+    existingSecret: gitea-admin-secret
+    email: "${GITEA_ADMIN_EMAIL}"
   config:
     actions:
       ENABLED: true
@@ -40,8 +40,8 @@ gitea:
       TYPE: channel
     server:
       BUILTIN_SSH_SERVER_USER: git
-      ROOT_URL: https://${FORGEJO_DOMAIN}
-      DOMAIN: ${FORGEJO_DOMAIN}
+      ROOT_URL: https://${GITEA_DOMAIN}
+      DOMAIN: ${GITEA_DOMAIN}
       SSH_CREATE_AUTHORIZED_KEYS_FILE: false
       LANDING_PAGE: explore
     service:

apps/prod/kustomization.yaml

@@ -3,6 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - authelia
-  - forgejo
+  - gitea
   - k9s-web
   - lemma

cluster-vars/prod/secret.enc.yaml

@@ -4,15 +4,15 @@ metadata:
     name: cluster-vars-prod
     namespace: flux-system
 stringData:
-    DOMAIN: ENC[AES256_GCM,data:hspqE3KTyQ2S,iv:h2cOsvCQSLFYStMBQZofgcT9QY+g7zYxzQdmx0Td4TU=,tag:jIMkm2M8CBDXGw+QzIrkHA==,type:str]
-    FORGEJO_DOMAIN: ENC[AES256_GCM,data:6Ot9loYFMonEHDjAqQ==,iv:EoCdUIgiz5apUZFGkLos/BagK/f2ovqpkYh0SY4+gqw=,tag:y3DLvQaI1i8DYpHRc6Z8LA==,type:str]
-    AUTHELIA_DOMAIN: ENC[AES256_GCM,data:wjOQOkHWhtX8E1uuj3A=,iv:25Pq1aynEoMyJDvGHND9CtMk5X5SlqgZwdyr0bF2DbY=,tag:iPv5Iq+6sXJd8NNCXpin7Q==,type:str]
-    TRAEFIK_DOMAIN: ENC[AES256_GCM,data:m9gJab5smUhtSjN0WItcN50=,iv:w3mPkUqXuhGsEwqhmlqjHPBPkn/m5J8MMJdo7LCgmPk=,tag:4hquarjVPd8FHbhlfexQgw==,type:str]
-    LEMMA_DOMAIN: ENC[AES256_GCM,data:8RqUkFjDiJvWZfdIRw9o,iv:kKzX2oNKokbRXKg3LtniPggmn0bcxXVgUae3IhCUgUY=,tag:qsq+qc1CtC7YnLBdxoGuRA==,type:str]
-    K9S_DOMAIN: ENC[AES256_GCM,data:tkT2keAX5GKMZUQwgQ==,iv:JtYFVAcLfW4/qKMq33sTY1LrG1OKXf7AiSHlEG6ubW8=,tag:PUwXeOihGU+2fB3JuCGkPA==,type:str]
-    LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:Wg3O4ft3Yft25hGPWwFF5QT1hQuQOiw=,iv:dQ7Z5yM7XiMTR22WulH55zhRiuvsbPnDZhwijb/d80w=,tag:a4SsQWStYDfWmlG3u0rX1Q==,type:str]
-    FORGEJO_ADMIN_EMAIL: ENC[AES256_GCM,data:C/g6o/CMgG+VwF4HQq3/rWM=,iv:Pn78C96OCSS5DiDqHi0lKqqe+aCqp1GUq+d7GpNiXYk=,tag:rtH9XmaUaB89tTB/4nK1Dg==,type:str]
-    VELERO_BUCKET: ENC[AES256_GCM,data:S28dwG9RUFNO9zR7kmrsyoyMHQ==,iv:D7ePZOeHCeGJ5tX3WN0krYbOaS2wwuljsLjCdkZ4wNM=,tag:dxVVZbhhg8fnyNq2hdSM/g==,type:str]
+    DOMAIN: ENC[AES256_GCM,data:XAU0Zl1zN/8a,iv:abMSwOsgDOKpNyW+Cuo4YNRotx0wDt6M4yJtt/+XPXQ=,tag:0xQoC/TyuSqWAgRDj2Q8yg==,type:str]
+    GITEA_DOMAIN: ENC[AES256_GCM,data:nayNI+YOkZild2/qvA==,iv:LJpH3Xr1x/k5z1rm7EJQ7+T4RlyhvsVx8y4TQDLfu54=,tag:VQRrMidDBHm0XIFBhDLcGQ==,type:str]
+    AUTHELIA_DOMAIN: ENC[AES256_GCM,data:FfNhj9GkZ5kqV6CxAk4=,iv:sCM9qFK4YY+AfdU1UC9ClrRMoE9XmE7K+uNnGw9/aZw=,tag:ovTuHXotTECEISWJaHeZzA==,type:str]
+    TRAEFIK_DOMAIN: ENC[AES256_GCM,data:fdN4AuPGVeQ51LscNlVKZmY=,iv:JW/AYwvnzIJ830eP0g9Lij67fu6GKsPtPA0TDNuE7XI=,tag:8cg3r06SEDPGu836cShuKw==,type:str]
+    LEMMA_DOMAIN: ENC[AES256_GCM,data:p6NsXxc5Awn07clDHsXp,iv:HtuFSrue8khIYWQCHsKx70JWsQQC2cdS/GDgl8hHLdg=,tag:nm9MHdzm+4pjmBKAhYEl6g==,type:str]
+    K9S_DOMAIN: ENC[AES256_GCM,data:RwYdfK7zK1l1rbx6kg==,iv:XMPYUnx6+W1ed9xLu43lULEyjEPR4UCoomuKwRZL7PY=,tag:4wW+lg3k20lK5x22ftIznQ==,type:str]
+    LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:CVWoD6flZWT7PitDivNM7DasMHdjnAQ=,iv:6CxG0WGVtMlLnf6kfPPFQf68tLBcA2QJtkVFucqKWAg=,tag:i64RnDgPPp3arRsJYZyIwQ==,type:str]
+    GITEA_ADMIN_EMAIL: ENC[AES256_GCM,data:I3YuBVKaGfG13FDw2pqMnSI=,iv:aVTy7h4M3sttQf+mW/d+D0kTciU/y2orwxCazXtnFnA=,tag:k0dj6m7BihR6p0eoTNRF9Q==,type:str]
+    VELERO_BUCKET: ENC[AES256_GCM,data:fSlyliB5A/rJV5TJP9DGdSvRkQ==,iv:KkBd/qwnc1w/uYdxIFscXUzfvJMIOeByIp1TVNo1YBQ=,tag:DRRDr+a7XiZGHbeLnuDRdA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -22,14 +22,14 @@ sops:
         - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBabi9EZlNCWGxkd21tYldH
-            RzNnc0xpcndRSnNXcnkyMUNZM2RzYjl1VkNrCnRJcXBKS1RIRGIwZ2loa1daOU40
-            dmkrcEtaWUtpVGFoSGZtNXdrQi9WM2sKLS0tIGoxSmdESWdqNit5QnRUdEREOUtj
-            eDBTQ0lkNEhQL212bUx5eC9FOHB5aTgK6wST/JmNOEDz7B+Mu6mYJwVu8ikn+es9
-            ppB3GYBik4TTKqoKljoO0o3RjhkUPumY4eVvpD6DhiaCZdKn5M15Lg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6cGZFWEhrVmZEaEl4S0ZQ
+            V2Rsd0JjNWxqT21IL2JHQWVrbW9jUmZNL0FJCkVyL3h4akZTbzBPVU5WbzE0QTNx
+            VkJFTVFFV3pZZE4xaDNOMDhmK0gxVnMKLS0tIC94bGtnUzM4SERXT3ZpOGxuOU1h
+            dGw2L1BXVUc1eTRBemxvVE1QaURZWWsK5w6rlYiBh3gGFy9L3jvcbYyuOWQDSdmx
+            xzt11l+agiw2zmo5nNe5quO7wOJUXc8kWoy7tAb2eLwbQBFqPzNi0w==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-29T12:08:59Z"
-    mac: ENC[AES256_GCM,data:A8aWMegv5tMo/VXdV9X6Y9NjCvpHdOLe8YCbdHCemg6oEDedkl0Ydj+oXGfAcjftsglVJpHf9w/nfSQwyUaQSFcxDmiQGIbIrHLOPoRixz04jkpzmY+PiExaZQg/fgorpuAl187VtA9zSuBiUDOEM3GCjJqa70uATZiCSHcWYV4=,iv:mk3HkjT6970bop90R13c0C/0r+W5dEWABEFugp8xlWo=,tag:04KQUXNGOEYhMcg5TcKSTg==,type:str]
+    lastmodified: "2025-02-16T12:46:15Z"
+    mac: ENC[AES256_GCM,data:WJ6W7P9XKlpxanmdJ5X8rNI/W6kXVDKzmYpV/uV4BFftokBNs14xIta1VSFSoEqf9ATcNIty5tbio8o/ahid3PmhJWMFF++vW7U6RyFqEbbDAMu36hkbyZrJuMbWKeLJKuep0gU4+mrHAK4oDX8YnTCcMeCWMKi8wdhtKcH5pMY=,iv:KCG1ZtJe32D3y8czGoXfoNCIpZC+db/SEePL/DHDrWU=,tag:BGSi0a6plzvnWdovpxGOzA==,type:str]
     pgp: []
     unencrypted_regex: ^(apiVersion|metadata|kind|type)$
     version: 3.9.1

infrastructure/controllers/velero/release.yaml

@@ -34,7 +34,7 @@ spec:
         schedule: "0 2 * * *"
         template:
           includedNamespaces:
-            - forgejo
+            - gitea
           storageLocation: default
           ttl: "168h"
           includedResources:

provisioning/cloud-init.yaml

@@ -33,21 +33,21 @@ packages:
 write_files:
   - content: |
       #!/bin/sh
-      FORGEJO_POD=$(kubectl --kubeconfig /home/git/.kube/config get po -n forgejo -l app=forgejo -o name --no-headers=true | cut -d'/' -f2)
-      kubectl --kubeconfig /home/git/.kube/config exec -i -n forgejo $FORGEJO_POD -c forgejo -- env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" /bin/sh "$@"
-    path: /usr/local/bin/forgejo-shell
+      GITEA_POD=$(kubectl --kubeconfig /home/git/.kube/config get po -n gitea -l app=gitea -o name --no-headers=true | cut -d'/' -f2)
+      kubectl --kubeconfig /home/git/.kube/config exec -i -n gitea $GITEA_POD -c gitea -- env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" /bin/sh "$@"
+    path: /usr/local/bin/gitea-shell
     permissions: "0755"
   - content: |
       #!/bin/sh
-      FORGEJO_POD=$(kubectl --kubeconfig /home/git/.kube/config get po -n forgejo -l app=forgejo -o name --no-headers=true | cut -d'/' -f2)
-      kubectl --kubeconfig /home/git/.kube/config exec -i -n forgejo $FORGEJO_POD -c forgejo -- /usr/local/bin/forgejo keys -e git -u $1 -t $2 -k $3
+      GITEA_POD=$(kubectl --kubeconfig /home/git/.kube/config get po -n gitea -l app=gitea -o name --no-headers=true | cut -d'/' -f2)
+      kubectl --kubeconfig /home/git/.kube/config exec -i -n gitea $GITEA_POD -c gitea -- /usr/local/bin/gitea keys -e git -u $1 -t $2 -k $3
     permissions: "0755"
-    path: /usr/local/bin/forgejo-keys
+    path: /usr/local/bin/gitea-keys
   - content: |
       Match User git
         AuthorizedKeysCommandUser git
-        AuthorizedKeysCommand /usr/local/bin/forgejo-keys %u %t %k
-    path: /etc/ssh/sshd_config.d/50-forgejo.conf
+        AuthorizedKeysCommand /usr/local/bin/gitea-keys %u %t %k
+    path: /etc/ssh/sshd_config.d/50-gitea.conf
     permissions: "0644"
 
 ssh:
@@ -67,7 +67,7 @@ runcmd:
   # SSH key for user
   - su ${username} -c 'ssh-keygen -t ed25519 -f /home/${username}/.ssh/id_ed25519 -q -N "" '
   # SSH Passthrough for user git
-  - usermod -s /usr/local/bin/forgejo-shell git
+  - usermod -s /usr/local/bin/gitea-shell git
   # k3s
   - curl -sfL https://get.k3s.io | sh -s - --disable=traefik
   # Wait for k3s to be ready