Merge pull request #96 from MealCraft/feature/git

Feature/git
2026-03-11 23:27:58 +00:00 · 2026-03-11 23:27:58 +00:00 · 461f5b5f8d
commit 461f5b5f8d
parent f8172e36ea dcd0d6a589
4 changed files with 232 additions and 2 deletions
--- a/TODO.md
+++ b/TODO.md
@ -1,3 +1,19 @@
 figure out how to do a back up for a small pvc and pv using traefik as the example
 how would i back everything in ceph storage to aws like i used to do in mist cron job when i it was just the local host
-un mount the storage class once i got rid of everything
+un mount the storage class once i got rid of everything
+
+## Services still using mist local storage (need to migrate to Ceph)
+- Uptime Kuma (uptime-kuma-pvc, 500Mi)
+- n8n (n8n-pvc, 5Gi)
+- Home Assistant (homeassistant-pvc, 10Gi)
+- DBeaver (dbeaver-pvc, 5Gi)
+- Postgres Prod (postgres-prod-pvc, 20Gi)
+- Postgres Dev (postgres-dev-pvc, 20Gi)
+- Monica (monica-storage-pvc 1Gi + monica-db-pvc 2Gi)
+- Tandoor (tandoor-media-pvc 5Gi + tandoor-postgres-pvc 2Gi)
+- Donetick (donetick-pvc, 1Gi)
+- Papra (papra-pvc, 10Gi)
+- Databasus (databasus-pvc, 500Mi)
+- wger (wger-media-pvc 5Gi + wger-postgres-pvc 2Gi + wger-static-pvc 2Gi)
+- Certs (certs-pvc, 1Mi)
+- Pihole (pihole-pv, 5Gi - Released/unused)
--- a/forgejo/forgejo.yaml
+++ b/forgejo/forgejo.yaml
@ -0,0 +1,211 @@
+# ================================
+# FORGEJO - SELF-HOSTED GIT
+# https://forgejo.org/
+# ================================
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: forgejo-db-secret
+type: Opaque
+stringData:
+  POSTGRES_USER: forgejo
+  POSTGRES_PASSWORD: changeMePleaseOtherwiseSomeoneWillKnow
+  POSTGRES_DB: forgejo
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: forgejo-db-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: rook-ceph-block
+  resources:
+    requests:
+      storage: 10Gi
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: forgejo-postgres
+  labels:
+    app: forgejo-postgres
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: forgejo-postgres
+  template:
+    metadata:
+      labels:
+        app: forgejo-postgres
+    spec:
+      containers:
+        - name: postgres
+          image: postgres:16-alpine
+          ports:
+            - containerPort: 5432
+          env:
+            - name: PGDATA
+              value: /var/lib/postgresql/data/pgdata
+          envFrom:
+            - secretRef:
+                name: forgejo-db-secret
+          volumeMounts:
+            - name: forgejo-db-data
+              mountPath: /var/lib/postgresql/data
+      volumes:
+        - name: forgejo-db-data
+          persistentVolumeClaim:
+            claimName: forgejo-db-pvc
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: forgejo-postgres
+spec:
+  selector:
+    app: forgejo-postgres
+  ports:
+    - port: 5432
+      targetPort: 5432
+
+# -------------------------
+# FORGEJO APP
+# -------------------------
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: forgejo-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: rook-ceph-block
+  resources:
+    requests:
+      storage: 20Gi
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: forgejo
+  labels:
+    app: forgejo
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: forgejo
+  template:
+    metadata:
+      labels:
+        app: forgejo
+    spec:
+      initContainers:
+        - name: fix-permissions
+          image: busybox
+          command: ["sh", "-c", "chown -R 1000:1000 /data"]
+          volumeMounts:
+            - name: forgejo-data
+              mountPath: /data
+      containers:
+        - name: forgejo
+          image: codeberg.org/forgejo/forgejo:10
+          ports:
+            - containerPort: 3000
+              name: http
+            - containerPort: 22
+              name: ssh
+          env:
+            - name: FORGEJO__server__DOMAIN
+              value: git.juntekim.com
+            - name: FORGEJO__server__ROOT_URL
+              value: https://git.juntekim.com
+            - name: FORGEJO__server__HTTP_PORT
+              value: "3000"
+            - name: FORGEJO__server__SSH_PORT
+              value: "2222"
+            - name: FORGEJO__server__SSH_DOMAIN
+              value: git.juntekim.com
+            - name: FORGEJO__database__DB_TYPE
+              value: postgres
+            - name: FORGEJO__database__HOST
+              value: forgejo-postgres:5432
+            - name: FORGEJO__database__NAME
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-db-secret
+                  key: POSTGRES_DB
+            - name: FORGEJO__database__USER
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-db-secret
+                  key: POSTGRES_USER
+            - name: FORGEJO__database__PASSWD
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-db-secret
+                  key: POSTGRES_PASSWORD
+            - name: FORGEJO__security__INSTALL_LOCK
+              value: "true"
+          volumeMounts:
+            - name: forgejo-data
+              mountPath: /data
+      volumes:
+        - name: forgejo-data
+          persistentVolumeClaim:
+            claimName: forgejo-pvc
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: forgejo
+spec:
+  selector:
+    app: forgejo
+  ports:
+    - name: http
+      port: 3000
+      targetPort: 3000
+
+---
+# SSH exposed via LoadBalancer on port 2222 (MetalLB)
+apiVersion: v1
+kind: Service
+metadata:
+  name: forgejo-ssh
+spec:
+  type: LoadBalancer
+  selector:
+    app: forgejo
+  ports:
+    - name: ssh
+      port: 2222
+      targetPort: 22
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: forgejo-ingressroute
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`git.juntekim.com`)
+      kind: Rule
+      services:
+        - name: forgejo
+          port: 3000
+  tls:
+    certResolver: myresolver
+    domains:
+      - main: git.juntekim.com
--- a/rook/after_setup/02-storage-class.yaml
+++ b/rook/after_setup/02-storage-class.yaml
@ -25,5 +25,5 @@ parameters:
  csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
  csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node
  csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
-reclaimPolicy: Delete
+reclaimPolicy: Retain
 allowVolumeExpansion: true
--- a/rook/operator.yaml
+++ b/rook/operator.yaml
@ -25,6 +25,9 @@ data:
  # The logging level for the operator: ERROR | WARNING | INFO | DEBUG
  ROOK_LOG_LEVEL: "INFO"

+  # MicroK8s uses a non-standard kubelet path — required for CSI mounts to work
+  ROOK_CSI_KUBELET_DIR_PATH: "/var/snap/microk8s/common/var/lib/kubelet"
+
  # The address for the operator's controller-runtime metrics. 0 is disabled. :8080 serves metrics on port 8080.
  ROOK_OPERATOR_METRICS_BIND_ADDRESS: "0"