From a4b390a2cc1c18dcf9f68cc20fb9daeb3f3665a1 Mon Sep 17 00:00:00 2001 From: Patryk Hegenberg Date: Mon, 26 May 2025 13:53:17 +0200 Subject: [PATCH] ci: redeploy forgejo via flux cd (git.patanix.de, 40GiB PVC, SOPS) --- .../{forgejo_old => forgejo}/certificate.yaml | 0 apps/forgejo/forgejo-admin-secret.yaml | 37 +++++++++++++++++++ .../{forgejo_old => forgejo}/helmrelease.yaml | 13 +------ .../kustomization.yaml | 2 - apps/{forgejo_old => forgejo}/namespace.yaml | 0 apps/forgejo_old/forgejo-admin-secret.yaml | 37 ------------------- apps/forgejo_old/forgejo-postgres-secret.yaml | 37 ------------------- apps/forgejo_old/pvc.yaml | 12 ------ apps/kustomization.yaml | 3 +- clusters/production/kustomization.yaml | 4 +- .../ocirepositories/forgejo.yaml | 6 ++- 11 files changed, 46 insertions(+), 105 deletions(-) rename apps/{forgejo_old => forgejo}/certificate.yaml (100%) create mode 100644 apps/forgejo/forgejo-admin-secret.yaml rename apps/{forgejo_old => forgejo}/helmrelease.yaml (75%) rename apps/{forgejo_old => forgejo}/kustomization.yaml (78%) rename apps/{forgejo_old => forgejo}/namespace.yaml (100%) delete mode 100644 apps/forgejo_old/forgejo-admin-secret.yaml delete mode 100644 apps/forgejo_old/forgejo-postgres-secret.yaml delete mode 100644 apps/forgejo_old/pvc.yaml rename apps/forgejo_old/helmrepository.yaml => infrastructure/ocirepositories/forgejo.yaml (53%) diff --git a/apps/forgejo_old/certificate.yaml b/apps/forgejo/certificate.yaml similarity index 100% rename from apps/forgejo_old/certificate.yaml rename to apps/forgejo/certificate.yaml diff --git a/apps/forgejo/forgejo-admin-secret.yaml b/apps/forgejo/forgejo-admin-secret.yaml new file mode 100644 index 0000000..5555a93 --- /dev/null +++ b/apps/forgejo/forgejo-admin-secret.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Secret +metadata: + name: forgejo-admin + namespace: forgejo +type: Opaque +stringData: + username: ENC[AES256_GCM,data:5U+NQFI=,iv:Hy4WQ1iSSDGY1/hZeqvUlUmbH2DzrFaIMRXHhPFFNao=,tag:ssIQ38hN5dqBamzKfqOntA==,type:str] + email: ENC[AES256_GCM,data:TkA4de0xPhpa6vNh8yqgUDxpTiFnQjbVcg==,iv:BCrKyx52wvCdXXKPDqQpCEt5LL3pe13MAb0SBx4cU2E=,tag:lnjjPIxSOMgqrhAeFCqI/w==,type:str] + password: ENC[AES256_GCM,data:m+UcNRE/KjJuZn4=,iv:FHE0gAQo+jJluWyjhDcxqKfxKsh2+MNCnU0oCBZJ15M=,tag:3TBBB9N4l1CkQPovPGzXNw==,type:str] +sops: + lastmodified: "2025-05-26T11:50:42Z" + mac: ENC[AES256_GCM,data:QCmUknliiOFBXfVNzYNjdtHMG+ZNC9WyQT7Q6+zhJAeFr2CbpsMmlqHFuKj68c7zlty6ZZpc58ZVMnp6l29n9YTPNKjNlIbtkVYcd3SPnAEOiiYXyxymJdPjWmRwi1XxsfVPkG8Vb0psWtRuHgJxpDsGWEPFMDw9B2pyRITBPEw=,iv:YsX7bSb5Exzb1fs/ZfVQiz5yFUkL1YDTag+1zHSYUk8=,tag:PR3/N9QdJ1X++6Og6FLWLQ==,type:str] + pgp: + - created_at: "2025-05-26T11:50:42Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxd/Yh1BfDklARAAk/2MvtyJYevYh6DMMdOlj+KwjAifju/T1a9/yEdVZEOA + 8EC+zq49NIIkrpw3vy18TMSg0Sp4jDUatIjN06zrmPZp6p5x26VDjOcuNiyZIgp+ + 6IFs2yvPk7rqExC/4eOK3BS7YWcBPTrhFCMBLaeWOi+Ku1qmTmPNufogUp7/RcHF + Sk9lqtiGcGvV7nQs+SXakgxnI019AJ5y3DBkACJwLaTBZaCc8ebCVJpuBhQpBuql + ArtL7l8FEf5Yy8WZny9agK+sRZc3LugFS+XVlVKzfY53tPIanwYqdFQbXCAcKXXp + zAqR6f15+lpCIKjoPbBgrmun+OtyGHfFelaQFnLQwefAUFiS2lGlukgHdC8B9yjk + iw6uCM3NPAdtzDoHlE5AdkauXF2vfW0yvnaCOzh3ogsMsQG9VbcRXQUXx2SUW+2r + BNJUaiGnRMoMFjsms6TSY7EMFT7dnyRGOlhFZLocEDBzfjsCvvuvuOoyrw1gTiJw + tgT685+Su80qbtTrfWGx7tewhFn/ERklgLFWa3WrJxXmfajpI4ksardtB5EclnMb + b9uV95WroK5C3IbE2q8y2qpt51tizUZCMYHNOr0XdBGgkwkMtPRAdTnXABaiBgfk + dNOHL1sMngT7tfVuazPPV5KuCYJ47aKFNjTq7PyDkU+Y/5xqa2yOGn43wSjJXJ7U + aAEJAhDXjJgiE9z5Fms0y1Q6PJzZB40EKyOYidhV64YqOeNMb4rEwsr41t+jo5EY + x0HAkWPxAtcLGHn31jZtwGN0sMyHQ8wMjNFaGzIOFaLYHGB5mHWKcKPgItMp3rDR + 5DZ8W+sMt4Df + =OK0Y + -----END PGP MESSAGE----- + fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/apps/forgejo_old/helmrelease.yaml b/apps/forgejo/helmrelease.yaml similarity index 75% rename from apps/forgejo_old/helmrelease.yaml rename to apps/forgejo/helmrelease.yaml index 9dcab82..13ee71d 100644 --- a/apps/forgejo_old/helmrelease.yaml +++ b/apps/forgejo/helmrelease.yaml @@ -12,7 +12,8 @@ spec: values: persistence: enabled: true - claimName: forgejo-data + size: 40Gi + storageClass: local-path ingress: enabled: true className: traefik @@ -40,13 +41,3 @@ spec: enabled: false postgresql: enabled: true - auth: - existingSecret: forgejo-postgres - usernameKey: username - passwordKey: password - databaseKey: database - primary: - persistence: - enabled: true - storageClass: local-path - size: 8Gi diff --git a/apps/forgejo_old/kustomization.yaml b/apps/forgejo/kustomization.yaml similarity index 78% rename from apps/forgejo_old/kustomization.yaml rename to apps/forgejo/kustomization.yaml index 4497ef3..9d94b3d 100644 --- a/apps/forgejo_old/kustomization.yaml +++ b/apps/forgejo/kustomization.yaml @@ -2,8 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yaml - - pvc.yaml - forgejo-admin-secret.yaml - - forgejo-postgres-secret.yaml - helmrelease.yaml - certificate.yaml diff --git a/apps/forgejo_old/namespace.yaml b/apps/forgejo/namespace.yaml similarity index 100% rename from apps/forgejo_old/namespace.yaml rename to apps/forgejo/namespace.yaml diff --git a/apps/forgejo_old/forgejo-admin-secret.yaml b/apps/forgejo_old/forgejo-admin-secret.yaml deleted file mode 100644 index eaff096..0000000 --- a/apps/forgejo_old/forgejo-admin-secret.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: forgejo-admin - namespace: forgejo -type: Opaque -stringData: - username: ENC[AES256_GCM,data:fMYot9k=,iv:pYWAXZJwbeGkVYqkkCwy+mt2+C/nV0htJTLElbCsC9w=,tag:uHCY5wXI2Hw5evHmLvjGGA==,type:str] - email: ENC[AES256_GCM,data:qmtRbInJDiFatiZ9/+UfqzLThgEAZHXG+g==,iv:jLL8HQOlp26DucUd6926FiddgdXAgPlRg0Bh/TYSFGg=,tag:jFwn/W4yim/FAS8Inh0/fw==,type:str] - password: ENC[AES256_GCM,data:/H3kA+soznxZAME=,iv:pCtsO6HWYXYu7hbhQw+8dnHbBztmsQc2jDfMztZMY/g=,tag:4eUxzfwuBOF3fG3dUqMPkw==,type:str] -sops: - lastmodified: "2025-05-26T05:35:31Z" - mac: ENC[AES256_GCM,data:P1dvbZRm3YtrV1Xj8WuvTVWbmyaj3Grejlrs8QqmNawFyetAQo0by0iGsYvWzPhTbLbrK6GS/WOfc+hW85asRuresXDaJCzfuYcJX0wav5z4P5hrTDZDV/Mi1jgZ3v75ZVHqTqV7m0kCY0tgRCDyGL0FKi9gqLO2SPjPgMUKCHM=,iv:BARvvC59BgmghzunnihyVIiNenA+hd0k8XRh5H7QL9c=,tag:E05gPL7F+RfMyFX1qUrpog==,type:str] - pgp: - - created_at: "2025-05-26T05:35:31Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMAxd/Yh1BfDklAQ//QOjSRd8bXDBaiCel1n5BnudTkPcZuHNeR0HQtAVG4eHh - FT32Zq18mdaIDyLFuDHbyERICBZFs4d/JuXOblbmg2FvIUhR4a/egiaAGSdu6kqZ - VUYmDZyVkE2pdHb47wKazzQ6/QVQ3LTWDBMOMCS2svMrVcMskw6qAVT3nqTXWTT0 - P6qwCCbNF+SMtn6K8QR8ihbF0nbjvVgafyKVFU/jmagu4P9th2nhpeePpc0HXAii - +PnTi88TJ/OH0qPtZsqP90WICQkJ9IbHKH7cNf/Q4qn2K2KtfgUZJJJLDuqDwsKL - 4h34T3U+QOZUVgmEeyfGAvgVN95sIvnXjcab0TTtZCajjTy4RvjJ19x3iRYKEMwW - vAsuztDUFb7PYk2xOxCQHUf8eZVKL4immIIkQ5+ERKGGjV3lWakeiVfIGjqHy3U3 - I1tEpQ+fT/aQGx7UyIeu1Aa/s9yhBWwpcwddXG5P52f2CagzjqvIE+qFKtrDyyUm - PR1/dIi1lhbCkMMr9q93y06xOLvxgvWedV4prtOCQnsadbZoCFOgGJFrAXZ3nQmo - iu5UG4cZU29kuN4GLItXpowusLXXquGH9lXF0MKrDIyOhf3k9b1DNoF1Vir2K7jg - +XkN+T2n+GfOswp4WJx7am2P/jK0/4WuwWhCq+t/I80u/jKuttytKqXrZ+nHBanU - aAEJAhDihxbI/EkSjsK7yMXrF2oA/s8eRSrh9t3FtdbkSLPPjp2pNR80CrcBW1+5 - 74S1hKyv637XyIDdG61ELiJ0Rz6YolshZo2g37+Y7udX0F9exVZX5GcosEpWzjzE - UCRfv3bJp/E4 - =oQ/p - -----END PGP MESSAGE----- - fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 - encrypted_regex: ^(data|stringData)$ - version: 3.10.2 diff --git a/apps/forgejo_old/forgejo-postgres-secret.yaml b/apps/forgejo_old/forgejo-postgres-secret.yaml deleted file mode 100644 index f7944ce..0000000 --- a/apps/forgejo_old/forgejo-postgres-secret.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: forgejo-postgres - namespace: forgejo -type: Opaque -stringData: - username: ENC[AES256_GCM,data:SrsQroRI4Q==,iv:60++AtrrZQg276MWhkMNSRvUKZt9sSNdEsN4XLxYs9A=,tag:wEaLWyRuzubtwIL8nREMag==,type:str] - password: ENC[AES256_GCM,data:1sztMSfu3eUHGrgd7e1y/J43iA==,iv:03exRVv/gtUtT7LhtFddABcfqcAPzq5dp+BjMdhkcNw=,tag:kOfD4z2RZ8He+M7qTTolbA==,type:str] - database: ENC[AES256_GCM,data:sfHkbJou7g==,iv:8lAo1twQaK49im+aPf6MUCkO1b9dhEK2fqV36nUl4pA=,tag:Dio2jAtTN6tr22GB6SmsjA==,type:str] -sops: - lastmodified: "2025-05-26T06:41:42Z" - mac: ENC[AES256_GCM,data:SbXg8wCo/FYUF+yZyq5L27ZdKwlT9B1KlJF7ZDGZw3X2IEJ6LaEba7ZD02Vz51x9Ii9l1pUjk5dkn3R63tnd0NLvvN3VbVgGU26C25VBV5wETQLHmiPnNhyhfWV1IKJ1DheN4b16QaEaRx1Ul2PFzeRMoVHnHVc/tJE1CDZfcqE=,iv:CjJAqZIj5xVOMZxsSL/JfiiJyU9Ho5dNilseQtvr5fM=,tag:21sK5zO6z8uEP8LyDmyWbw==,type:str] - pgp: - - created_at: "2025-05-26T06:41:42Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMAxd/Yh1BfDklAQ/8CCD+vpiYa48qNhWsBOwRvxaXYjbR7UC2vKvZmWKpLm4i - v30/t2MsPMcbxzYuvzNJPvuyz5ItHahimdnYGfBPx3RK0I77s5pRHCnMi/tArdjF - gidZEhk4XtGIvpqiMgrjKLmJrGxINeBXjoAW0WQJdaiFFfVZkTnm5iKQfd+AYXZ3 - DHQw5prU8xQPLpMz7BqOxw9XtsVWdlDJ258Kv3+rTW7ddUB2seawA/PiLCr2sMEV - iruz69ivHQvX+vc5EKOlzWUIQBeVrP5qYdisx6LBspxcxOXTil/mN4bXNsjSolJ4 - iR3z4B+bM2APgrri8UT3Lmg44TmhfvTtZ9YGl7OqMmY0e7hPHFsWCF1WMNo7XQ6q - tJtgHNTu0+HPWF21a5u0ZqqDEaqU6vvZUnVvSv7f5RvqP6TGUI71uP3C4SddE+kJ - do+g2KxHy63Orc30eReja9aDiBFaJwhfFtZAT2/1+y1sFG2FMS+2d50O+OdEBE1j - RRHV+bXgCk9eLaXSGFlbLF/Ck/jRrg+USRg9/wr5sy7JugVaVMBdmtqw1Ndf6ALj - ozrJ9VaDlL4tiICnFY9rKF7dRfodcZjlmvjsoc8wU5tE0TTSQsmk0i+d09q23C8C - Cd26E6NzaxZYPsD7NFYhxoSTggfsjwGxxKhvdtkpkfoe8wn7YhrKQqFXViipSXTU - aAEJAhC7KIYN6CQ2Gsppjk4z5JwtPQ1dWbMX02vXjKA4xiThOP3nw5mXYmODY8l7 - 3DYGMrNyixXnRsxhCRg8B+68h/wq6yoR6MhPogJBEthRY+ABnUI1fOI5Ba1/akSU - 83ka8/BfPZdu - =LoCO - -----END PGP MESSAGE----- - fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764 - encrypted_regex: ^(data|stringData)$ - version: 3.10.2 diff --git a/apps/forgejo_old/pvc.yaml b/apps/forgejo_old/pvc.yaml deleted file mode 100644 index 8f8f506..0000000 --- a/apps/forgejo_old/pvc.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: forgejo-data - namespace: forgejo -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 40Gi - storageClassName: local-path diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index 99becfd..1bed5d0 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -3,5 +3,4 @@ kind: Kustomization resources: - home-assistant/ - kitchenowl/ - # - gitea/ - # - forgejo/ + - forgejo/ diff --git a/clusters/production/kustomization.yaml b/clusters/production/kustomization.yaml index 6e4adb3..2488197 100644 --- a/clusters/production/kustomization.yaml +++ b/clusters/production/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization resources: - cert-manager.yaml - kitchenowl.yaml - # - gitea.yaml - # - ocirepository.yaml + - forgejo.yaml + - ocirepository.yaml - ../../infrastructure - ../../apps diff --git a/apps/forgejo_old/helmrepository.yaml b/infrastructure/ocirepositories/forgejo.yaml similarity index 53% rename from apps/forgejo_old/helmrepository.yaml rename to infrastructure/ocirepositories/forgejo.yaml index 12a7f23..cf40613 100644 --- a/apps/forgejo_old/helmrepository.yaml +++ b/infrastructure/ocirepositories/forgejo.yaml @@ -1,8 +1,10 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository +kind: OCIRepository metadata: name: forgejo namespace: flux-system spec: interval: 30m - url: https://codeberg.org/forgejo-contrib/forgejo-helm/raw/branch/main/charts/ + url: oci://code.forgejo.org/forgejo-helm/forgejo + ref: + tag: "12.5.1"