Merge branch 'forgejo' into 'main'

Forgejo instead of gitea

See merge request domaindrivenarchitecture/c4k-forgejo!3
This commit is contained in:
Michael Jerger 2023-04-21 06:56:06 +00:00
commit 8ed0b1c171
37 changed files with 377 additions and 397 deletions

View file

@ -48,7 +48,7 @@ test-schema:
stage: build_and_test stage: build_and_test
script: script:
- lein uberjar - lein uberjar
- java -jar target/uberjar/c4k-gitea-standalone.jar valid-config.edn valid-auth.edn | kubeconform --kubernetes-version 1.19.0 --strict --skip Certificate - - java -jar target/uberjar/c4k-forgejo-standalone.jar src/test/resources/forgejo-test/valid-config.yaml src/test/resources/forgejo-test/valid-auth.yaml | kubeconform --kubernetes-version 1.19.0 --strict --skip Certificate -
artifacts: artifacts:
paths: paths:
- target/uberjar - target/uberjar
@ -69,9 +69,9 @@ package-frontend:
script: script:
- mkdir -p target/frontend-build - mkdir -p target/frontend-build
- shadow-cljs release frontend - shadow-cljs release frontend
- cp public/js/main.js target/frontend-build/c4k-gitea.js - cp public/js/main.js target/frontend-build/c4k-forgejo.js
- sha256sum target/frontend-build/c4k-gitea.js > target/frontend-build/c4k-gitea.js.sha256 - sha256sum target/frontend-build/c4k-forgejo.js > target/frontend-build/c4k-forgejo.js.sha256
- sha512sum target/frontend-build/c4k-gitea.js > target/frontend-build/c4k-gitea.js.sha512 - sha512sum target/frontend-build/c4k-forgejo.js > target/frontend-build/c4k-forgejo.js.sha512
artifacts: artifacts:
paths: paths:
- target/frontend-build - target/frontend-build
@ -81,8 +81,8 @@ package-uberjar:
stage: package stage: package
script: script:
- lein uberjar - lein uberjar
- sha256sum target/uberjar/c4k-gitea-standalone.jar > target/uberjar/c4k-gitea-standalone.jar.sha256 - sha256sum target/uberjar/c4k-forgejo-standalone.jar > target/uberjar/c4k-forgejo-standalone.jar.sha256
- sha512sum target/uberjar/c4k-gitea-standalone.jar > target/uberjar/c4k-gitea-standalone.jar.sha512 - sha512sum target/uberjar/c4k-forgejo-standalone.jar > target/uberjar/c4k-forgejo-standalone.jar.sha512
artifacts: artifacts:
paths: paths:
- target/uberjar - target/uberjar
@ -108,9 +108,9 @@ release:
- apk --no-cache add curl - apk --no-cache add curl
- | - |
release-cli create --name "Release $CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \ release-cli create --name "Release $CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \
--assets-link "{\"name\":\"c4k-gitea-standalone.jar\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-gitea/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-gitea-standalone.jar\"}" \ --assets-link "{\"name\":\"c4k-forgejo-standalone.jar\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-forgejo-standalone.jar\"}" \
--assets-link "{\"name\":\"c4k-gitea-standalone.jar.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-gitea/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-gitea-standalone.jar.sha256\"}" \ --assets-link "{\"name\":\"c4k-forgejo-standalone.jar.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-forgejo-standalone.jar.sha256\"}" \
--assets-link "{\"name\":\"c4k-gitea-standalone.jar.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-gitea/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-gitea-standalone.jar.sha512\"}" \ --assets-link "{\"name\":\"c4k-forgejo-standalone.jar.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-forgejo-standalone.jar.sha512\"}" \
--assets-link "{\"name\":\"c4k-gitea.js\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-gitea/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-gitea.js\"}" \ --assets-link "{\"name\":\"c4k-forgejo.js\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-forgejo.js\"}" \
--assets-link "{\"name\":\"c4k-gitea.js.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-gitea/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-gitea.js.sha256\"}" \ --assets-link "{\"name\":\"c4k-forgejo.js.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-forgejo.js.sha256\"}" \
--assets-link "{\"name\":\"c4k-gitea.js.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-gitea/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-gitea.js.sha512\"}" \ --assets-link "{\"name\":\"c4k-forgejo.js.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-forgejo.js.sha512\"}" \

View file

@ -1,39 +1,39 @@
# convention 4 kubernetes: c4k-gitea # convention 4 kubernetes: c4k-forgejo
[![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-gitea.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-gitea) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-gitea/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-gitea/-/commits/main) [![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-forgejo.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-forgejo) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/commits/main)
[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa-gmbh.de/img/community/Mastodon_Logotype.svg" width=20 alt="team@social.meissa-gmbh.de"> team@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@team) | [Website & Blog](https://domaindrivenarchitecture.org) [<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa-gmbh.de/img/community/Mastodon_Logotype.svg" width=20 alt="team@social.meissa-gmbh.de"> team@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@team) | [Website & Blog](https://domaindrivenarchitecture.org)
## Purpose ## Purpose
c4k-gitea provides a k8s deployment file for Gitea containing: c4k-forgejo provides a k8s deployment file for forgejo containing:
* gitea
* forgejo
* ingress having a letsencrypt managed certificate * ingress having a letsencrypt managed certificate
* postgres database * postgres database
* encrypted backup on S3 & restore
* monitoring on graphana-cloud
## Try out ## Try out
Click on the image to try out live in your browser: Click on the image to try out live in your browser:
[![Try it out](doc/tryItOut.png "Try out yourself")](https://domaindrivenarchitecture.org/pages/dda-provision/c4k-gitea/) [![Try it out](doc/tryItOut.png "Try out yourself")](https://domaindrivenarchitecture.org/pages/dda-provision/c4k-forgejo/)
Your input will stay in your browser. No server interaction is required. Your input will stay in your browser. No server interaction is required.
## Forgejo setup
## Gitea setup After having deployed the yaml-file generated by the c4k-forgejo module you need to complete the setup for forgejo:
After having deployed the yaml-file generated by the c4k-gitea module you need to complete the setup for gitea: * Open the URL of your forgejo-server, and you will be shown a configuration page.
* Open the URL of your gitea-server, and you will be shown a configuration page.
* Adjust the settings according to your needs * Adjust the settings according to your needs
* Add the administrator's data (name, password and email) and submit the page. * Add the administrator's data (name, password and email) and submit the page.
* The required database will be created and the Gitea setup will be completed. * The required database will be created and the forgejo setup will be completed.
* The SSH-URL for a repo has the format: "ssh://git@domain:2222/[username]/[repo].git * The SSH-URL for a repo has the format: "ssh://git@domain:2222/[username]/[repo].git
Example: "git clone ssh://git@repo.test.meissa.de:2222/myuser/c4k-gitea.git" Example: "git clone ssh://git@repo.test.meissa.de:2222/myuser/c4k-forgejo.git"
## License ## License
Copyright © 2022 meissa GmbH Copyright © 2023 meissa GmbH
Licensed under the [Apache License, Version 2.0](LICENSE) (the "License") Licensed under the [Apache License, Version 2.0](LICENSE) (the "License")
Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE) Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE)

View file

@ -10,7 +10,7 @@ set -eo pipefail
srcDir="/home/$USER/" srcDir="/home/$USER/"
srcName="main.js" srcName="main.js"
targetDir="/home/$USER/" targetDir="/home/$USER/"
targetName="c4k-gitea.js" targetName="c4k-forgejo.js"
echo "build" echo "build"
shadow-cljs compile frontend shadow-cljs compile frontend

View file

@ -4,7 +4,7 @@
* we use restic to produce small & encrypted backups * we use restic to produce small & encrypted backups
* backup is scheduled at `schedule: "10 23 * * *"` * backup is scheduled at `schedule: "10 23 * * *"`
* Gitea stores files in `/data/gitea` and `/data/git/repositories`, these files are backed up. * Forgejo stores files in `/data/gitea` and `/data/git/repositories`, these files are backed up.
* The postgres db is also backed up * The postgres db is also backed up
## Manual init the restic repository for the first time ## Manual init the restic repository for the first time
@ -31,11 +31,11 @@
1. apply backup-and-restore pod: 1. apply backup-and-restore pod:
`kubectl scale deployment backup-restore --replicas=1` `kubectl scale deployment backup-restore --replicas=1`
2. Scale down gitea deployment: 2. Scale down forgejo deployment:
`kubectl scale deployment gitea --replicas=0` `kubectl scale deployment forgejo --replicas=0`
3. exec into pod and execute restore pod (press tab to get your exact pod name) 3. exec into pod and execute restore pod (press tab to get your exact pod name)
`kubectl exec -it backup-restore-... -- /usr/local/bin/restore.sh` `kubectl exec -it backup-restore-... -- /usr/local/bin/restore.sh`
4. Start gitea again: 4. Start forgejo again:
`kubectl scale deployment gitea --replicas=1` `kubectl scale deployment forgejo --replicas=1`
5. remove backup-and-restore pod: 5. remove backup-and-restore pod:
`kubectl scale deployment backup-restore --replicas=0` `kubectl scale deployment backup-restore --replicas=0`

View file

@ -2,20 +2,20 @@
## adhoc (on kubernetes cluster) ## adhoc (on kubernetes cluster)
Ssh into your kubernetes cluster running the gitea instance. Ssh into your kubernetes cluster running the forgejo instance.
``` bash ``` bash
kubectl edit configmap gitea-env kubectl edit configmap forgejo-env
# make sure INSTALL_LOCK under security is set to true to disable the installation screen # make sure INSTALL_LOCK under security is set to true to disable the installation screen
# save and exit # save and exit
kubectl edit deployments gitea kubectl edit deployments forgejo
# search for your current gitea version, e.g. 1.17.0 # search for your current forgejo version, e.g. 1.19
# replace with new version # replace with new version
# save and exit # save and exit
kubectl scale deployment gitea --replicas=0 kubectl scale deployment forgejo --replicas=0
kubectl scale deployment gitea --replicas=1 kubectl scale deployment forgejo --replicas=1
``` ```
Logging into the admin account should now show the new version. Logging into the admin account should now show the new version.
You may want to update your c4k-gitea resources to reflect the changes made on the cluster. You may want to update your c4k-forgejo resources to reflect the changes made on the cluster.

View file

@ -3,7 +3,7 @@ from pybuilder.core import task, init
from ddadevops import * from ddadevops import *
import logging import logging
name = 'c4k-gitea-backup' name = 'c4k-forgejo-backup'
MODULE = 'docker' MODULE = 'docker'
PROJECT_ROOT_PATH = '../..' PROJECT_ROOT_PATH = '../..'

View file

@ -1,4 +1,4 @@
FROM c4k-gitea-backup FROM c4k-forgejo-backup
RUN apt update RUN apt update
RUN apt -yqq --no-install-recommends --yes install curl default-jre-headless RUN apt -yqq --no-install-recommends --yes install curl default-jre-headless

View file

@ -1,18 +1,18 @@
{ {
"name": "c4k-gitea", "name": "c4k-forgejo",
"description": "Generate c4k yaml for a gitea deployment.", "description": "Generate c4k yaml for a forgejo deployment.",
"author": "meissa GmbH", "author": "meissa GmbH",
"version": "1.0.1-SNAPSHOT", "version": "2.0.1-SNAPSHOT",
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-gitea#readme", "homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-forgejo#readme",
"repository": "https://www.npmjs.com/package/c4k-gitea", "repository": "https://www.npmjs.com/package/c4k-forgejo",
"license": "APACHE2", "license": "APACHE2",
"main": "c4k-gitea.js", "main": "c4k-forgejo.js",
"bin": { "bin": {
"c4k-gitea": "./c4k-gitea.js" "c4k-forgejo": "./c4k-forgejo.js"
}, },
"keywords": [ "keywords": [
"cljs", "cljs",
"gitea", "forgejo",
"k8s", "k8s",
"c4k", "c4k",
"deployment", "deployment",
@ -20,7 +20,7 @@
"convention4kubernetes" "convention4kubernetes"
], ],
"bugs": { "bugs": {
"url": "https://gitlab.com/domaindrivenarchitecture/c4k-gitea/issues" "url": "https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/issues"
}, },
"dependencies": { "dependencies": {
"js-base64": "^3.6.1", "js-base64": "^3.6.1",

View file

@ -1,12 +1,12 @@
(defproject org.domaindrivenarchitecture/c4k-gitea "1.0.1-SNAPSHOT" (defproject org.domaindrivenarchitecture/c4k-forgejo "2.0.1-SNAPSHOT"
:description "gitea c4k-installation package" :description "forgejo c4k-installation package"
:url "https://domaindrivenarchitecture.org" :url "https://domaindrivenarchitecture.org"
:license {:name "Apache License, Version 2.0" :license {:name "Apache License, Version 2.0"
:url "https://www.apache.org/licenses/LICENSE-2.0.html"} :url "https://www.apache.org/licenses/LICENSE-2.0.html"}
:dependencies [[org.clojure/clojure "1.11.1" :scope "provided"] :dependencies [[org.clojure/clojure "1.11.1" :scope "provided"]
[org.clojure/tools.reader "1.3.6"] [org.clojure/tools.reader "1.3.6"]
[org.domaindrivenarchitecture/c4k-common-clj "3.0.1"] [org.domaindrivenarchitecture/c4k-common-clj "6.0.1"]
[hickory "0.7.1" :exclusions [viebel/codox-klipse-theme]]] [hickory "0.7.1"]]
:target-path "target/%s/" :target-path "target/%s/"
:source-paths ["src/main/cljc" :source-paths ["src/main/cljc"
"src/main/clj"] "src/main/clj"]
@ -20,12 +20,12 @@
:dependencies [[dda/data-test "0.1.1"]]} :dependencies [[dda/data-test "0.1.1"]]}
:dev {:plugins [[lein-shell "0.5.0"]]} :dev {:plugins [[lein-shell "0.5.0"]]}
:uberjar {:aot :all :uberjar {:aot :all
:main dda.c4k-gitea.uberjar :main dda.c4k-forgejo.uberjar
:uberjar-name "c4k-gitea-standalone.jar" :uberjar-name "c4k-forgejo-standalone.jar"
:dependencies [[org.clojure/tools.cli "1.0.214"] :dependencies [[org.clojure/tools.cli "1.0.214"]
[ch.qos.logback/logback-classic "1.4.5" [ch.qos.logback/logback-classic "1.4.6"
:exclusions [com.sun.mail/javax.mail]] :exclusions [com.sun.mail/javax.mail]]
[org.slf4j/jcl-over-slf4j "2.0.6"]]}} [org.slf4j/jcl-over-slf4j "2.0.7"]]}}
:release-tasks [["test"] :release-tasks [["test"]
["vcs" "assert-committed"] ["vcs" "assert-committed"]
["change" "version" "leiningen.release/bump-version" "release"] ["change" "version" "leiningen.release/bump-version" "release"]
@ -36,11 +36,11 @@
"native-image" "native-image"
"--report-unsupported-elements-at-runtime" "--report-unsupported-elements-at-runtime"
"--initialize-at-build-time" "--initialize-at-build-time"
"-jar" "target/uberjar/c4k-gitea-standalone.jar" "-jar" "target/uberjar/c4k-forgejo-standalone.jar"
"-H:ResourceConfigurationFiles=graalvm-resource-config.json" "-H:ResourceConfigurationFiles=graalvm-resource-config.json"
"-H:Log=registerResource" "-H:Log=registerResource"
"-H:Name=target/graalvm/${:name}"] "-H:Name=target/graalvm/${:name}"]
"inst" ["shell" "inst" ["shell"
"sh" "sh"
"-c" "-c"
"lein uberjar && sudo install -m=755 target/uberjar/c4k-gitea-standalone.jar /usr/local/bin/c4k-gitea-standalone.jar"]}) "lein uberjar && sudo install -m=755 target/uberjar/c4k-forgejo-standalone.jar /usr/local/bin/c4k-forgejo-standalone.jar"]})

View file

@ -3,7 +3,7 @@
<head> <head>
<meta charset="utf-8" /> <meta charset="utf-8" />
<title>c4k-gitea</title> <title>c4k-forgejo</title>
<link href="https://domaindrivenarchitecture.org/css/bootstrap.min.css" rel="stylesheet" type="text/css" /> <link href="https://domaindrivenarchitecture.org/css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<link href="https://domaindrivenarchitecture.org/css/fonts/fontawesome/fontawesome.css" rel="stylesheet" <link href="https://domaindrivenarchitecture.org/css/fonts/fontawesome/fontawesome.css" rel="stylesheet"
type="text/css" /> type="text/css" />

View file

@ -4,10 +4,10 @@
"src/test/cljc" "src/test/cljc"
"src/test/cljs" "src/test/cljs"
"src/test/resources"] "src/test/resources"]
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "3.0.1"] :dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "6.0.1"]
[hickory "0.7.1"]] [hickory "0.7.1"]]
:builds {:frontend {:target :browser :builds {:frontend {:target :browser
:modules {:main {:init-fn dda.c4k-gitea.browser/init}} :modules {:main {:init-fn dda.c4k-forgejo.browser/init}}
:release {} :release {}
:compiler-options {:optimizations :advanced}} :compiler-options {:optimizations :advanced}}
:test {:target :node-test :test {:target :node-test

View file

@ -0,0 +1,14 @@
(ns dda.c4k-forgejo.uberjar
(:gen-class)
(:require
[dda.c4k-forgejo.core :as core]
[dda.c4k-common.uberjar :as uberjar]))
(defn -main [& cmd-args]
(uberjar/main-common
"c4k-forgejo"
core/config?
core/auth?
core/config-defaults
core/k8s-objects
cmd-args))

View file

@ -1,8 +0,0 @@
(ns dda.c4k-gitea.uberjar
(:gen-class)
(:require
[dda.c4k-gitea.core :as core]
[dda.c4k-common.uberjar :as uberjar]))
(defn -main [& cmd-args]
(uberjar/main-common "c4k-gitea" core/config? core/auth? core/config-defaults core/k8s-objects cmd-args))

View file

@ -1,4 +1,4 @@
(ns dda.c4k-gitea.backup (ns dda.c4k-forgejo.backup
(:require (:require
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc]) #?(:cljs [shadow.resource :as rc])

View file

@ -0,0 +1,58 @@
(ns dda.c4k-forgejo.core
(:require
[clojure.spec.alpha :as s]
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-common.monitoring :as mon]
[dda.c4k-forgejo.forgejo :as forgejo]
[dda.c4k-forgejo.backup :as backup]
[dda.c4k-common.postgres :as postgres]))
(def config-defaults {:issuer "staging"})
(def config? (s/keys :req-un [::forgejo/fqdn
::forgejo/mailer-from
::forgejo/mailer-host-port
::forgejo/service-noreply-address]
:opt-un [::forgejo/issuer
::forgejo/default-app-name
::forgejo/service-domain-whitelist
::backup/restic-repository
::mon/mon-cfg]))
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password
::forgejo/mailer-user ::forgejo/mailer-pw
::backup/aws-access-key-id ::backup/aws-secret-access-key]
:opt-un [::backup/restic-password ; TODO gec: Is restic password opt or req?
::mon/mon-cfg]))
(def vol? (s/keys :req-un [::forgejo/volume-total-storage-size]))
(defn k8s-objects [config auth]
(let [storage-class (if (contains? config :postgres-data-volume-path) :manual :local-path)]
(map yaml/to-string
(filter #(not (nil? %))
(cm/concat-vec
[(postgres/generate-config {:postgres-size :2gb :db-name "forgejo"})
(postgres/generate-secret auth)
(when (contains? config :postgres-data-volume-path)
(postgres/generate-persistent-volume (select-keys config [:postgres-data-volume-path :pv-storage-size-gb])))
(postgres/generate-pvc {:pv-storage-size-gb 5
:pvc-storage-class-name storage-class})
(postgres/generate-deployment {:postgres-image "postgres:14"
:postgres-size :2gb})
(postgres/generate-service)
(forgejo/generate-deployment)
(forgejo/generate-service)
(forgejo/generate-service-ssh)
(forgejo/generate-data-volume config)
(forgejo/generate-appini-env config)
(forgejo/generate-secrets auth)]
(forgejo/generate-ingress-and-cert config)
(when (contains? config :restic-repository)
[(backup/generate-config config)
(backup/generate-secret auth)
(backup/generate-cron)
(backup/generate-backup-restore-deployment config)])
(when (:contains? config :mon-cfg)
(mon/generate (:mon-cfg config) (:mon-auth auth))))))))

View file

@ -1,4 +1,4 @@
(ns dda.c4k-gitea.gitea (ns dda.c4k-forgejo.forgejo
(:require (:require
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
[clojure.string :as st] [clojure.string :as st]
@ -9,6 +9,7 @@
:cljs [cljs.reader :as edn]) :cljs [cljs.reader :as edn])
[dda.c4k-common.yaml :as yaml] [dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm] [dda.c4k-common.common :as cm]
[dda.c4k-common.ingress :as ing]
[dda.c4k-common.base64 :as b64] [dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as pred] [dda.c4k-common.predicate :as pred]
[dda.c4k-common.postgres :as postgres])) [dda.c4k-common.postgres :as postgres]))
@ -50,22 +51,16 @@
#?(:cljs #?(:cljs
(defmethod yaml/load-resource :gitea [resource-name] (defmethod yaml/load-resource :forgejo [resource-name]
(case resource-name (case resource-name
"gitea/appini-env-configmap.yaml" (rc/inline "gitea/appini-env-configmap.yaml") "forgejo/appini-env-configmap.yaml" (rc/inline "forgejo/appini-env-configmap.yaml")
"gitea/deployment.yaml" (rc/inline "gitea/deployment.yaml") "forgejo/deployment.yaml" (rc/inline "forgejo/deployment.yaml")
"gitea/certificate.yaml" (rc/inline "gitea/certificate.yaml") "forgejo/secrets.yaml" (rc/inline "forgejo/secrets.yaml")
"gitea/ingress.yaml" (rc/inline "gitea/ingress.yaml") "forgejo/service.yaml" (rc/inline "forgejo/service.yaml")
"gitea/secrets.yaml" (rc/inline "gitea/secrets.yaml") "forgejo/service-ssh.yaml" (rc/inline "forgejo/service-ssh.yaml")
"gitea/service.yaml" (rc/inline "gitea/service.yaml") "forgejo/datavolume.yaml" (rc/inline "forgejo/datavolume.yaml")
"gitea/service-ssh.yaml" (rc/inline "gitea/service-ssh.yaml")
"gitea/datavolume.yaml" (rc/inline "gitea/datavolume.yaml")
(throw (js/Error. "Undefined Resource!"))))) (throw (js/Error. "Undefined Resource!")))))
#?(:cljs
(defmethod yaml/load-as-edn :gitea [resource-name]
(yaml/from-string (yaml/load-resource resource-name))))
(defn generate-appini-env (defn generate-appini-env
[config] [config]
(let [{:keys [default-app-name (let [{:keys [default-app-name
@ -74,11 +69,11 @@
mailer-host-port mailer-host-port
service-domain-whitelist service-domain-whitelist
service-noreply-address] service-noreply-address]
:or {default-app-name "Gitea instance" :or {default-app-name "forgejo instance"
service-domain-whitelist fqdn}} service-domain-whitelist fqdn}}
config] config]
(-> (->
(yaml/load-as-edn "gitea/appini-env-configmap.yaml") (yaml/load-as-edn "forgejo/appini-env-configmap.yaml")
(cm/replace-all-matching-values-by-new-value "APPNAME" default-app-name) (cm/replace-all-matching-values-by-new-value "APPNAME" default-app-name)
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn) (cm/replace-all-matching-values-by-new-value "FQDN" fqdn)
(cm/replace-all-matching-values-by-new-value "URL" (str "https://" fqdn)) (cm/replace-all-matching-values-by-new-value "URL" (str "https://" fqdn))
@ -94,45 +89,38 @@
mailer-user mailer-user
mailer-pw]} auth] mailer-pw]} auth]
(-> (->
(yaml/load-as-edn "gitea/secrets.yaml") (yaml/load-as-edn "forgejo/secrets.yaml")
(cm/replace-all-matching-values-by-new-value "DBUSER" (b64/encode postgres-db-user)) (cm/replace-all-matching-values-by-new-value "DBUSER" (b64/encode postgres-db-user))
(cm/replace-all-matching-values-by-new-value "DBPW" (b64/encode postgres-db-password)) (cm/replace-all-matching-values-by-new-value "DBPW" (b64/encode postgres-db-password))
(cm/replace-all-matching-values-by-new-value "MAILERUSER" (b64/encode mailer-user)) (cm/replace-all-matching-values-by-new-value "MAILERUSER" (b64/encode mailer-user))
(cm/replace-all-matching-values-by-new-value "MAILERPW" (b64/encode mailer-pw))))) (cm/replace-all-matching-values-by-new-value "MAILERPW" (b64/encode mailer-pw)))))
(defn generate-ingress (defn generate-ingress-and-cert
[config] [config]
(let [{:keys [fqdn]} config] (let [{:keys [fqdn]} config]
(-> (ing/generate-ingress-and-cert
(yaml/load-as-edn "gitea/ingress.yaml") (merge
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn)))) {:service-name "forgejo-service"
:service-port 3000
(defn generate-certificate :fqdns [fqdn]}
[config] config))))
(let [{:keys [fqdn issuer]
:or {issuer "staging"}} config
letsencrypt-issuer (name issuer)]
(->
(yaml/load-as-edn "gitea/certificate.yaml")
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
(defn-spec generate-data-volume pred/map-or-seq? (defn-spec generate-data-volume pred/map-or-seq?
[config vol?] [config vol?]
(let [{:keys [volume-total-storage-size]} config (let [{:keys [volume-total-storage-size]} config
data-storage-size (data-storage-by-volume-size volume-total-storage-size)] data-storage-size (data-storage-by-volume-size volume-total-storage-size)]
(-> (->
(yaml/load-as-edn "gitea/datavolume.yaml") (yaml/load-as-edn "forgejo/datavolume.yaml")
(cm/replace-all-matching-values-by-new-value "DATASTORAGESIZE" (str (str data-storage-size) "Gi"))))) (cm/replace-all-matching-values-by-new-value "DATASTORAGESIZE" (str (str data-storage-size) "Gi")))))
(defn generate-deployment (defn generate-deployment
[] []
(yaml/load-as-edn "gitea/deployment.yaml")) (yaml/load-as-edn "forgejo/deployment.yaml"))
(defn generate-service (defn generate-service
[] []
(yaml/load-as-edn "gitea/service.yaml")) (yaml/load-as-edn "forgejo/service.yaml"))
(defn generate-service-ssh (defn generate-service-ssh
[] []
(yaml/load-as-edn "gitea/service-ssh.yaml")) (yaml/load-as-edn "forgejo/service-ssh.yaml"))

View file

@ -1,54 +0,0 @@
(ns dda.c4k-gitea.core
(:require
[clojure.spec.alpha :as s]
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-gitea.gitea :as gitea]
[dda.c4k-gitea.backup :as backup]
[dda.c4k-common.postgres :as postgres]))
(def config-defaults {:issuer "staging"})
(def config? (s/keys :req-un [::gitea/fqdn
::gitea/mailer-from
::gitea/mailer-host-port
::gitea/service-noreply-address]
:opt-un [::gitea/issuer
::gitea/default-app-name
::gitea/service-domain-whitelist
::backup/restic-repository]))
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password
::gitea/mailer-user ::gitea/mailer-pw
::backup/aws-access-key-id ::backup/aws-secret-access-key]
:opt-un [::backup/restic-password])) ; TODO gec: Is restic password opt or req?
(def vol? (s/keys :req-un [::gitea/volume-total-storage-size]))
(defn k8s-objects [config]
(let [storage-class (if (contains? config :postgres-data-volume-path) :manual :local-path)]
(map yaml/to-string
(filter #(not (nil? %))
(cm/concat-vec
[(postgres/generate-config {:postgres-size :2gb :db-name "gitea"})
(postgres/generate-secret config)
(when (contains? config :postgres-data-volume-path)
(postgres/generate-persistent-volume (select-keys config [:postgres-data-volume-path :pv-storage-size-gb])))
(postgres/generate-pvc {:pv-storage-size-gb 5
:pvc-storage-class-name storage-class})
(postgres/generate-deployment {:postgres-image "postgres:14"
:postgres-size :2gb})
(postgres/generate-service)
(gitea/generate-deployment)
(gitea/generate-service)
(gitea/generate-service-ssh)
(gitea/generate-data-volume config)
(gitea/generate-appini-env config)
(gitea/generate-secrets config)
(gitea/generate-ingress config)
(gitea/generate-certificate config)]
(when (contains? config :restic-repository)
[(backup/generate-config config)
(backup/generate-secret config)
(backup/generate-cron)
(backup/generate-backup-restore-deployment config)]))))))

View file

@ -1,9 +1,9 @@
(ns dda.c4k-gitea.browser (ns dda.c4k-forgejo.browser
(:require (:require
[clojure.string :as st] [clojure.string :as st]
[clojure.tools.reader.edn :as edn] [clojure.tools.reader.edn :as edn]
[dda.c4k-gitea.core :as core] [dda.c4k-forgejo.core :as core]
[dda.c4k-gitea.gitea :as gitea] [dda.c4k-forgejo.forgejo :as forgejo]
[dda.c4k-common.browser :as br] [dda.c4k-common.browser :as br]
[dda.c4k-common.common :as cm])) [dda.c4k-common.common :as cm]))
@ -39,19 +39,19 @@
(generate-group (generate-group
"provider" "provider"
(cm/concat-vec (cm/concat-vec
(br/generate-input-field "volume-total-storage-size" "Your gitea volume-total-storage-size:" "20"))) (br/generate-input-field "volume-total-storage-size" "Your forgejo volume-total-storage-size:" "20")))
(generate-group (generate-group
"credentials" "credentials"
(br/generate-text-area (br/generate-text-area
"auth" "Your auth.edn:" "auth" "Your auth.edn:"
"{:postgres-db-user \"gitea\" "{:postgres-db-user \"forgejo\"
:postgres-db-password \"gitea-db-password\" :postgres-db-password \"forgejo-db-password\"
:mailer-user \"test@test.de\" :mailer-user \"test@test.de\"
:mailer-pw \"mail-test-password\"}" :mailer-pw \"mail-test-password\"}"
"5")) "5"))
[(br/generate-br)] [(br/generate-br)]
(br/generate-button "generate-button" "Generate c4k yaml")))] (br/generate-button "generate-button" "Generate c4k yaml")))]
(br/generate-output "c4k-gitea-output" "Your c4k deployment.yaml:" "25"))) (br/generate-output "c4k-forgejo-output" "Your c4k deployment.yaml:" "25")))
(defn generate-content-div (defn generate-content-div
[] []
@ -79,15 +79,15 @@
))) )))
(defn validate-all! [] (defn validate-all! []
(br/validate! "fqdn" ::gitea/fqdn) (br/validate! "fqdn" ::forgejo/fqdn)
(br/validate! "mailer-from" ::gitea/mailer-from) (br/validate! "mailer-from" ::forgejo/mailer-from)
(br/validate! "mailer-host-port" ::gitea/mailer-host-port) (br/validate! "mailer-host-port" ::forgejo/mailer-host-port)
(br/validate! "service-noreply-address" ::gitea/service-noreply-address) (br/validate! "service-noreply-address" ::forgejo/service-noreply-address)
(br/validate! "issuer" ::gitea/issuer :optional true) (br/validate! "issuer" ::forgejo/issuer :optional true)
(br/validate! "app-name" ::gitea/default-app-name :optional true) (br/validate! "app-name" ::forgejo/default-app-name :optional true)
(br/validate! "domain-whitelist" ::gitea/service-domain-whitelist :optional true) (br/validate! "domain-whitelist" ::forgejo/service-domain-whitelist :optional true)
(br/validate! "volume-total-storage-size" ::gitea/volume-total-storage-size :deserializer js/parseInt) (br/validate! "volume-total-storage-size" ::forgejo/volume-total-storage-size :deserializer js/parseInt)
(br/validate! "auth" gitea/auth? :deserializer edn/read-string) (br/validate! "auth" forgejo/auth? :deserializer edn/read-string)
(br/set-form-validated!)) (br/set-form-validated!))
(defn add-validate-listener [name] (defn add-validate-listener [name]
@ -104,7 +104,7 @@
(-> (cm/generate-common (-> (cm/generate-common
(config-from-document) (config-from-document)
(br/get-content-from-element "auth" :deserializer edn/read-string) (br/get-content-from-element "auth" :deserializer edn/read-string)
gitea/config-defaults forgejo/config-defaults
core/k8s-objects) core/k8s-objects)
(br/set-output!))))) (br/set-output!)))))
(add-validate-listener "fqdn") (add-validate-listener "fqdn")

View file

@ -14,10 +14,10 @@ spec:
labels: labels:
app: backup-restore app: backup-restore
app.kubernetes.io/name: backup-restore app.kubernetes.io/name: backup-restore
app.kubernetes.io/part-of: gitea app.kubernetes.io/part-of: forgejo
spec: spec:
containers: containers:
- image: domaindrivenarchitecture/c4k-gitea-backup - image: domaindrivenarchitecture/c4k-forgejo-backup
name: backup-app name: backup-app
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["/entrypoint-start-and-wait.sh"] command: ["/entrypoint-start-and-wait.sh"]
@ -59,15 +59,15 @@ spec:
- name: CERTIFICATE_FILE - name: CERTIFICATE_FILE
value: "" value: ""
volumeMounts: volumeMounts:
- name: gitea-data-volume - name: forgejo-data-volume
mountPath: /var/backups mountPath: /var/backups
- name: backup-secret-volume - name: backup-secret-volume
mountPath: /var/run/secrets/backup-secrets mountPath: /var/run/secrets/backup-secrets
readOnly: true readOnly: true
volumes: volumes:
- name: gitea-data-volume - name: forgejo-data-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: gitea-data-pvc claimName: forgejo-data-pvc
- name: backup-secret-volume - name: backup-secret-volume
secret: secret:
secretName: backup-secret secretName: backup-secret

View file

@ -4,6 +4,6 @@ metadata:
name: backup-config name: backup-config
labels: labels:
app.kubernetes.io/name: backup app.kubernetes.io/name: backup
app.kubernetes.io/part-of: gitea app.kubernetes.io/part-of: forgejo
data: data:
restic-repository: restic-repository restic-repository: restic-repository

View file

@ -1,9 +1,9 @@
apiVersion: batch/v1beta1 apiVersion: batch/v1beta1
kind: CronJob kind: CronJob
metadata: metadata:
name: gitea-backup name: forgejo-backup
labels: labels:
app.kubernetes.part-of: gitea app.kubernetes.part-of: forgejo
spec: spec:
schedule: "10 23 * * *" schedule: "10 23 * * *"
successfulJobsHistoryLimit: 1 successfulJobsHistoryLimit: 1
@ -14,7 +14,7 @@ spec:
spec: spec:
containers: containers:
- name: backup-app - name: backup-app
image: domaindrivenarchitecture/c4k-gitea-backup image: domaindrivenarchitecture/c4k-forgejo-backup
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["/entrypoint.sh"] command: ["/entrypoint.sh"]
env: env:
@ -55,15 +55,15 @@ spec:
- name: CERTIFICATE_FILE - name: CERTIFICATE_FILE
value: "" value: ""
volumeMounts: volumeMounts:
- name: gitea-data-volume - name: forgejo-data-volume
mountPath: /var/backups mountPath: /var/backups
- name: backup-secret-volume - name: backup-secret-volume
mountPath: /var/run/secrets/backup-secrets mountPath: /var/run/secrets/backup-secrets
readOnly: true readOnly: true
volumes: volumes:
- name: gitea-data-volume - name: forgejo-data-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: gitea-data-pvc claimName: forgejo-data-pvc
- name: backup-secret-volume - name: backup-secret-volume
secret: secret:
secretName: backup-secret secretName: backup-secret

View file

@ -0,0 +1,90 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: forgejo-env
namespace: default
data:
#[admin]
FORGEJO__admin__DEFAULT_EMAIL_NOTIFICATIONS: "enabled" # Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
#[attachments]
FORGEJO__attachments__PATH: /data/gitea/attachments
#[database]
FORGEJO__database__DB_TYPE: "postgres"
FORGEJO__database__HOST: "postgresql-service:5432"
FORGEJO__database__NAME: forgejo
FORGEJO__database__LOG_SQL: "false"
FORGEJO__database__SSL_MODE: disable
FORGEJO__database__CHARSET: utf8
#[DEFAULT]
APP_NAME: APPNAME
RUN_MODE: prod
RUN_USER: git
#[federation]
FORGEJO__federation__ENABLED: "true"
#[indexer]
FORGEJO__indexer__ISSUE_INDEXER_PATH: /data/gitea/indexers/issues.bleve
#[log]
FORGEJO__log__MODE: "console, file"
FORGEJO__log__LEVEL: Info
FORGEJO__log__ROOT_PATH: /data/gitea/log
#[mailer]
FORGEJO__mailer__ENABLED: "true"
FORGEJO__mailer__FROM: FROM
FORGEJO__mailer__MAILER_TYPE: smtp+startls
# TODO: jem 2022-08-02: outdated with v1.18, use SMTP_ADDR & SMTP_PORT instead
FORGEJO__mailer__HOST: HOSTANDPORT
#[oauth2]
FORGEJO__oauth2__ENABLE: "true"
#[openid]
FORGEJO__openid__ENABLE_OPENID: "true"
FORGEJO__openid__ENABLE_OPENID_SIGNIN: "true"
FORGEJO__openid__ENABLE_OPENID_SIGNUP: "true"
#[picture]
FORGEJO__picture__AVATAR_UPLOAD_PATH: /data/gitea/avatars
FORGEJO__picture__REPOSITORY_AVATAR_UPLOAD_PATH: /data/gitea/repo-avatars
FORGEJO__picture__DISABLE_GRAVATAR: "false"
FORGEJO__picture__ENABLE_FEDERATED_AVATAR: "true" # Enable support for federated avatars (see http://www.libravatar.org).
#[repository]
FORGEJO__repository__ROOT: /data/git/repositories
FORGEJO__repository__DEFAULT_PRIVATE: last
FORGEJO__repository__LOCAL_COPY_PATH: /data/gitea/tmp/local-repo
FORGEJO__repository__TEMP_PATH: /data/gitea/uploads
#[security]
FORGEJO__security__INSTALL_LOCK: "true"
#[server]
FORGEJO__server__DOMAIN: FQDN
FORGEJO__server__SSH_DOMAIN: FQDN
FORGEJO__server__ROOT_URL: URL
FORGEJO__server__HTTP_PORT: "3000" # HTTP listen port of the server (in the pod)
FORGEJO__server__SSH_PORT: "2222" # SSH port displayed in clone URL
#[service]
FORGEJO__service__DISABLE_REGISTRATION: "false"
FORGEJO__service__REQUIRE_SIGNIN_VIEW: "false"
FORGEJO__service__REGISTER_EMAIL_CONFIRM: "true"
FORGEJO__service__ENABLE_NOTIFY_MAIL: "true"
FORGEJO__service__EMAIL_DOMAIN_WHITELIST: WHITELISTDOMAINS
FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "false"
FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: "true"
FORGEJO__service__ENABLE_CAPTCHA: "false"
FORGEJO__service__DEFAULT_KEEP_EMAIL_PRIVATE: "true"
FORGEJO__service__DEFAULT_ALLOW_CREATE_ORGANIZATION: "true"
FORGEJO__service__DEFAULT_ENABLE_TIMETRACKING: "true"
FORGEJO__service__NO_REPLY_ADDRESS: NOREPLY
#[session]
FORGEJO__session__PROVIDER_CONFIG: /data/gitea/sessions
FORGEJO__session__PROVIDER: file

View file

@ -1,10 +1,10 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: gitea-data-pvc name: forgejo-data-pvc
namespace: default namespace: default
labels: labels:
app: gitea app: forgejo
spec: spec:
storageClassName: local-path storageClassName: local-path
accessModes: accessModes:

View file

@ -1,41 +1,41 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: gitea name: forgejo
namespace: default namespace: default
labels: labels:
app: gitea app: forgejo
spec: spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: gitea app: forgejo
template: template:
metadata: metadata:
name: gitea name: forgejo
labels: labels:
app: gitea app: forgejo
spec: spec:
containers: containers:
- name: gitea - name: forgejo
image: gitea/gitea:1.17.3 image: codeberg.org/forgejo/forgejo:1.19
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
# config settings # config settings
envFrom: envFrom:
- configMapRef: - configMapRef:
name: gitea-env name: forgejo-env
- secretRef: - secretRef:
name: gitea-secrets name: forgejo-secrets
volumeMounts: volumeMounts:
- name: gitea-data-volume - name: forgejo-data-volume
mountPath: "/data" mountPath: "/data"
ports: ports:
- containerPort: 22 - containerPort: 22
name: git-ssh name: git-ssh
- containerPort: 3000 - containerPort: 3000
name: gitea name: forgejo
volumes: volumes:
- name: gitea-data-volume - name: forgejo-data-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: gitea-data-pvc claimName: forgejo-data-pvc

View file

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: forgejo-secrets
data:
FORGEJO__database__USER: DBUSER
FORGEJO__database__PASSWD: DBPW
FORGEJO__mailer__USER: MAILERUSER
FORGEJO__mailer__PASSWD: MAILERPW

View file

@ -1,7 +1,7 @@
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: gitea-ssh-service name: forgejo-ssh-service
namespace: default namespace: default
annotations: annotations:
metallb.universe.tf/allow-shared-ip: "shared-ip-service-group" metallb.universe.tf/allow-shared-ip: "shared-ip-service-group"
@ -9,7 +9,7 @@ metadata:
spec: spec:
type: LoadBalancer type: LoadBalancer
selector: selector:
app: gitea app: forgejo
ports: ports:
- port: 2222 - port: 2222
targetPort: 22 targetPort: 22

View file

@ -1,12 +1,12 @@
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: gitea-service name: forgejo-service
namespace: default namespace: default
spec: spec:
selector: selector:
app: gitea app: forgejo
ports: ports:
- name: gitea-http - name: forgejo-http
port: 3000 port: 3000

View file

@ -1,90 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-env
namespace: default
data:
#[admin]
GITEA__admin__DEFAULT_EMAIL_NOTIFICATIONS: "enabled" # Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
#[attachments]
GITEA__attachments__PATH: /data/gitea/attachments
#[database]
GITEA__database__DB_TYPE: "postgres"
GITEA__database__HOST: "postgresql-service:5432"
GITEA__database__NAME: gitea
GITEA__database__LOG_SQL: "false"
GITEA__database__SSL_MODE: disable
GITEA__database__CHARSET: utf8
#[DEFAULT]
APP_NAME: APPNAME
RUN_MODE: prod
RUN_USER: git
#[federation]
GITEA__federation__ENABLED: "true"
#[indexer]
GITEA__indexer__ISSUE_INDEXER_PATH: /data/gitea/indexers/issues.bleve
#[log]
GITEA__log__MODE: "console, file"
GITEA__log__LEVEL: Info
GITEA__log__ROOT_PATH: /data/gitea/log
#[mailer]
GITEA__mailer__ENABLED: "true"
GITEA__mailer__FROM: FROM
GITEA__mailer__MAILER_TYPE: smtp+startls
# TODO: jem 2022-08-02: outdated with v1.18, use SMTP_ADDR & SMTP_PORT instead
GITEA__mailer__HOST: HOSTANDPORT
#[oauth2]
GITEA__oauth2__ENABLE: "true"
#[openid]
GITEA__openid__ENABLE_OPENID: "true"
GITEA__openid__ENABLE_OPENID_SIGNIN: "true"
GITEA__openid__ENABLE_OPENID_SIGNUP: "true"
#[picture]
GITEA__picture__AVATAR_UPLOAD_PATH: /data/gitea/avatars
GITEA__picture__REPOSITORY_AVATAR_UPLOAD_PATH: /data/gitea/repo-avatars
GITEA__picture__DISABLE_GRAVATAR: "false"
GITEA__picture__ENABLE_FEDERATED_AVATAR: "true" # Enable support for federated avatars (see http://www.libravatar.org).
#[repository]
GITEA__repository__ROOT: /data/git/repositories
GITEA__repository__DEFAULT_PRIVATE: last
GITEA__repository__LOCAL_COPY_PATH: /data/gitea/tmp/local-repo
GITEA__repository__TEMP_PATH: /data/gitea/uploads
#[security]
GITEA__security__INSTALL_LOCK: "true"
#[server]
GITEA__server__DOMAIN: FQDN
GITEA__server__SSH_DOMAIN: FQDN
GITEA__server__ROOT_URL: URL
GITEA__server__HTTP_PORT: "3000" # HTTP listen port of the server (in the pod)
GITEA__server__SSH_PORT: "2222" # SSH port displayed in clone URL
#[service]
GITEA__service__DISABLE_REGISTRATION: "false"
GITEA__service__REQUIRE_SIGNIN_VIEW: "false"
GITEA__service__REGISTER_EMAIL_CONFIRM: "true"
GITEA__service__ENABLE_NOTIFY_MAIL: "true"
GITEA__service__EMAIL_DOMAIN_WHITELIST: WHITELISTDOMAINS
GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "false"
GITEA__service__ENABLE_BASIC_AUTHENTICATION: "true"
GITEA__service__ENABLE_CAPTCHA: "false"
GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE: "true"
GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION: "true"
GITEA__service__DEFAULT_ENABLE_TIMETRACKING: "true"
GITEA__service__NO_REPLY_ADDRESS: NOREPLY
#[session]
GITEA__session__PROVIDER_CONFIG: /data/gitea/sessions
GITEA__session__PROVIDER: file

View file

@ -1,15 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: gitea-cert
namespace: default
spec:
secretName: gitea-cert
commonName: FQDN
duration: 2160h # 90d
renewBefore: 360h # 15d
dnsNames:
- FQDN
issuerRef:
name: staging
kind: ClusterIssuer

View file

@ -1,24 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-gitea
namespace: default
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
spec:
tls:
- hosts:
- FQDN
secretName: gitea-cert
rules:
- host: FQDN
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: gitea-service
port:
number: 3000

View file

@ -1,11 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: gitea-secrets
data:
GITEA__database__USER: DBUSER
GITEA__database__PASSWD: DBPW
GITEA__mailer__USER: MAILERUSER
GITEA__mailer__PASSWD: MAILERPW

View file

@ -0,0 +1,19 @@
(ns dda.c4k-forgejo.core-test
(:require
#?(:cljs [shadow.resource :as rc])
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.alpha :as s]
[dda.c4k-common.yaml :as yaml]
[dda.c4k-forgejo.core :as cut]))
#?(:cljs
(defmethod yaml/load-resource :forgejo-test [resource-name]
(case resource-name
"forgejo-test/valid-auth.yaml" (rc/inline "forgejo-test/valid-auth.yaml")
"forgejo-test/valid-config.yaml" (rc/inline "forgejo-test/valid-config.yaml")
(throw (js/Error. "Undefined Resource!")))))
(deftest validate-valid-resources
(is (s/valid? cut/config? (yaml/load-as-edn "forgejo-test/valid-config.yaml")))
(is (s/valid? cut/auth? (yaml/load-as-edn "forgejo-test/valid-auth.yaml"))))

View file

@ -1,11 +1,11 @@
(ns dda.c4k-gitea.gitea-test (ns dda.c4k-forgejo.forgejo-test
(:require (:require
#?(:clj [clojure.test :refer [deftest is are testing run-tests]] #?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]]) :cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.test.alpha :as st] [clojure.spec.test.alpha :as st]
[dda.c4k-common.test-helper :as th] [dda.c4k-common.test-helper :as th]
[dda.c4k-common.base64 :as b64] [dda.c4k-common.base64 :as b64]
[dda.c4k-gitea.gitea :as cut])) [dda.c4k-forgejo.forgejo :as cut]))
(st/instrument `cut/generate-appini-env) (st/instrument `cut/generate-appini-env)
(st/instrument `cut/generate-ingress) (st/instrument `cut/generate-ingress)
@ -13,21 +13,21 @@
(deftest should-generate-appini-env (deftest should-generate-appini-env
(is (= {:APP_NAME-c1 "", (is (= {:APP_NAME-c1 "",
:APP_NAME-c2 "test gitea", :APP_NAME-c2 "test forgejo",
:GITEA__mailer__FROM-c1 "", :FORGEJO__mailer__FROM-c1 "",
:GITEA__mailer__FROM-c2 "test@test.com", :FORGEJO__mailer__FROM-c2 "test@test.com",
:GITEA__mailer__HOST-c1 "m.t.de:123", :FORGEJO__mailer__HOST-c1 "m.t.de:123",
:GITEA__mailer__HOST-c2 "mail.test.com:123", :FORGEJO__mailer__HOST-c2 "mail.test.com:123",
:GITEA__server__DOMAIN-c1 "test.de", :FORGEJO__server__DOMAIN-c1 "test.de",
:GITEA__server__DOMAIN-c2 "test.com", :FORGEJO__server__DOMAIN-c2 "test.com",
:GITEA__server__ROOT_URL-c1 "https://test.de", :FORGEJO__server__ROOT_URL-c1 "https://test.de",
:GITEA__server__ROOT_URL-c2 "https://test.com", :FORGEJO__server__ROOT_URL-c2 "https://test.com",
:GITEA__server__SSH_DOMAIN-c1 "test.de", :FORGEJO__server__SSH_DOMAIN-c1 "test.de",
:GITEA__server__SSH_DOMAIN-c2 "test.com", :FORGEJO__server__SSH_DOMAIN-c2 "test.com",
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c1 "adb.de", :FORGEJO__service__EMAIL_DOMAIN_WHITELIST-c1 "adb.de",
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net", :FORGEJO__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net",
:GITEA__service__NO_REPLY_ADDRESS-c1 "", :FORGEJO__service__NO_REPLY_ADDRESS-c1 "",
:GITEA__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"} :FORGEJO__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"}
(th/map-diff (cut/generate-appini-env {:default-app-name "" (th/map-diff (cut/generate-appini-env {:default-app-name ""
:fqdn "test.de" :fqdn "test.de"
:mailer-from "" :mailer-from ""
@ -35,7 +35,7 @@
:service-domain-whitelist "adb.de" :service-domain-whitelist "adb.de"
:service-noreply-address "" :service-noreply-address ""
}) })
(cut/generate-appini-env {:default-app-name "test gitea" (cut/generate-appini-env {:default-app-name "test forgejo"
:fqdn "test.com" :fqdn "test.com"
:mailer-from "test@test.com" :mailer-from "test@test.com"
:mailer-host-port "mail.test.com:123" :mailer-host-port "mail.test.com:123"
@ -43,20 +43,15 @@
:service-noreply-address "noreply@test.com" :service-noreply-address "noreply@test.com"
}))))) })))))
(deftest should-generate-certificate
(is (= {:name-c2 "prod", :name-c1 "staging"}
(th/map-diff (cut/generate-certificate {})
(cut/generate-certificate {:issuer "prod"})))))
(deftest should-generate-secret (deftest should-generate-secret
(is (= {:GITEA__database__USER-c1 "", (is (= {:FORGEJO__database__USER-c1 "",
:GITEA__database__USER-c2 (b64/encode "pg-user"), :FORGEJO__database__USER-c2 (b64/encode "pg-user"),
:GITEA__database__PASSWD-c1 "", :FORGEJO__database__PASSWD-c1 "",
:GITEA__database__PASSWD-c2 (b64/encode "pg-pw"), :FORGEJO__database__PASSWD-c2 (b64/encode "pg-pw"),
:GITEA__mailer__USER-c1 "", :FORGEJO__mailer__USER-c1 "",
:GITEA__mailer__USER-c2 (b64/encode "maileruser"), :FORGEJO__mailer__USER-c2 (b64/encode "maileruser"),
:GITEA__mailer__PASSWD-c1 "", :FORGEJO__mailer__PASSWD-c1 "",
:GITEA__mailer__PASSWD-c2 (b64/encode "mailerpw")} :FORGEJO__mailer__PASSWD-c2 (b64/encode "mailerpw")}
(th/map-diff (cut/generate-secrets {:postgres-db-user "" (th/map-diff (cut/generate-secrets {:postgres-db-user ""
:postgres-db-password "" :postgres-db-password ""
:mailer-user "" :mailer-user ""

View file

@ -0,0 +1,10 @@
postgres-db-user: "forgejo"
postgres-db-password: "forgejo-db-password"
mailer-user: ""
mailer-pw: ""
aws-access-key-id: "AWS_KEY_ID"
aws-secret-access-key: "AWS_KEY_SECRET"
restic-password: ""
mon-auth:
grafana-cloud-user: "user"
grafana-cloud-password: "password"

View file

@ -0,0 +1,13 @@
default-app-name: "Meissas awesome forgejo"
fqdn: "test.de"
issuer: "staging"
mailer-from: "test@test.de"
mailer-host-port: "test.de:123"
service-whitelist-domains: "test.de"
service-noreply-address: "noreply@test.de"
volume-total-storage-size: 6
restic-repository: "repo-path"
mon-cfg:
grafana-cloud-url: "url-for-your-prom-remote-write-endpoint"
cluster-name: "forgejo"
cluster-stage: "test"

View file

@ -1,7 +0,0 @@
{:postgres-db-user "gitea"
:postgres-db-password "gitea-db-password"
:mailer-user ""
:mailer-pw ""
:aws-access-key-id "AWS_KEY_ID"
:aws-secret-access-key "AWS_KEY_SECRET"
:restic-password ""}

View file

@ -1,9 +0,0 @@
{:default-app-name "Meissas awesome gitea"
:fqdn "test.de"
:issuer "staging"
:mailer-from "test@test.de"
:mailer-host-port "test.de:123"
:service-whitelist-domains "test.de"
:service-noreply-address "noreply@test.de"
:volume-total-storage-size 6
:restic-repository "repo-path"}