From aa112572a38e9984f00739c27f9686d0d620cc2f Mon Sep 17 00:00:00 2001
From: Jun-te Kim <juntekim@googlemail.com>
Date: Wed, 11 Mar 2026 07:16:56 +0000
Subject: [PATCH 1/2] lets update storage together

---
 TODO.md | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/TODO.md b/TODO.md
index 02b863f..8f48506 100644
--- a/TODO.md
+++ b/TODO.md
@@ -1,3 +1,19 @@
 figure out how to do a back up for a small pvc and pv using traefik as the example
 how would i back everything in ceph storage to aws like i used to do in mist cron job when i it was just the local host
-un mount the storage class once i got rid of everything
\ No newline at end of file
+un mount the storage class once i got rid of everything
+
+## Services still using mist local storage (need to migrate to Ceph)
+- Uptime Kuma (uptime-kuma-pvc, 500Mi)
+- n8n (n8n-pvc, 5Gi)
+- Home Assistant (homeassistant-pvc, 10Gi)
+- DBeaver (dbeaver-pvc, 5Gi)
+- Postgres Prod (postgres-prod-pvc, 20Gi)
+- Postgres Dev (postgres-dev-pvc, 20Gi)
+- Monica (monica-storage-pvc 1Gi + monica-db-pvc 2Gi)
+- Tandoor (tandoor-media-pvc 5Gi + tandoor-postgres-pvc 2Gi)
+- Donetick (donetick-pvc, 1Gi)
+- Papra (papra-pvc, 10Gi)
+- Databasus (databasus-pvc, 500Mi)
+- wger (wger-media-pvc 5Gi + wger-postgres-pvc 2Gi + wger-static-pvc 2Gi)
+- Certs (certs-pvc, 1Mi)
+- Pihole (pihole-pv, 5Gi - Released/unused)
\ No newline at end of file

From dcd0d6a589f8f33381d0a2cccf66373883e7e010 Mon Sep 17 00:00:00 2001
From: Jun-te Kim <juntekim@googlemail.com>
Date: Wed, 11 Mar 2026 23:27:13 +0000
Subject: [PATCH 2/2] added rook and git

---
 forgejo/forgejo.yaml                   | 211 +++++++++++++++++++++++++
 rook/after_setup/02-storage-class.yaml |   2 +-
 rook/operator.yaml                     |   3 +
 3 files changed, 215 insertions(+), 1 deletion(-)
 create mode 100644 forgejo/forgejo.yaml

diff --git a/forgejo/forgejo.yaml b/forgejo/forgejo.yaml
new file mode 100644
index 0000000..5245bb2
--- /dev/null
+++ b/forgejo/forgejo.yaml
@@ -0,0 +1,211 @@
+# ================================
+# FORGEJO - SELF-HOSTED GIT
+# https://forgejo.org/
+# ================================
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: forgejo-db-secret
+type: Opaque
+stringData:
+  POSTGRES_USER: forgejo
+  POSTGRES_PASSWORD: changeMePleaseOtherwiseSomeoneWillKnow
+  POSTGRES_DB: forgejo
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: forgejo-db-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: rook-ceph-block
+  resources:
+    requests:
+      storage: 10Gi
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: forgejo-postgres
+  labels:
+    app: forgejo-postgres
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: forgejo-postgres
+  template:
+    metadata:
+      labels:
+        app: forgejo-postgres
+    spec:
+      containers:
+        - name: postgres
+          image: postgres:16-alpine
+          ports:
+            - containerPort: 5432
+          env:
+            - name: PGDATA
+              value: /var/lib/postgresql/data/pgdata
+          envFrom:
+            - secretRef:
+                name: forgejo-db-secret
+          volumeMounts:
+            - name: forgejo-db-data
+              mountPath: /var/lib/postgresql/data
+      volumes:
+        - name: forgejo-db-data
+          persistentVolumeClaim:
+            claimName: forgejo-db-pvc
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: forgejo-postgres
+spec:
+  selector:
+    app: forgejo-postgres
+  ports:
+    - port: 5432
+      targetPort: 5432
+
+# -------------------------
+# FORGEJO APP
+# -------------------------
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: forgejo-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: rook-ceph-block
+  resources:
+    requests:
+      storage: 20Gi
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: forgejo
+  labels:
+    app: forgejo
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: forgejo
+  template:
+    metadata:
+      labels:
+        app: forgejo
+    spec:
+      initContainers:
+        - name: fix-permissions
+          image: busybox
+          command: ["sh", "-c", "chown -R 1000:1000 /data"]
+          volumeMounts:
+            - name: forgejo-data
+              mountPath: /data
+      containers:
+        - name: forgejo
+          image: codeberg.org/forgejo/forgejo:10
+          ports:
+            - containerPort: 3000
+              name: http
+            - containerPort: 22
+              name: ssh
+          env:
+            - name: FORGEJO__server__DOMAIN
+              value: git.juntekim.com
+            - name: FORGEJO__server__ROOT_URL
+              value: https://git.juntekim.com
+            - name: FORGEJO__server__HTTP_PORT
+              value: "3000"
+            - name: FORGEJO__server__SSH_PORT
+              value: "2222"
+            - name: FORGEJO__server__SSH_DOMAIN
+              value: git.juntekim.com
+            - name: FORGEJO__database__DB_TYPE
+              value: postgres
+            - name: FORGEJO__database__HOST
+              value: forgejo-postgres:5432
+            - name: FORGEJO__database__NAME
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-db-secret
+                  key: POSTGRES_DB
+            - name: FORGEJO__database__USER
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-db-secret
+                  key: POSTGRES_USER
+            - name: FORGEJO__database__PASSWD
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-db-secret
+                  key: POSTGRES_PASSWORD
+            - name: FORGEJO__security__INSTALL_LOCK
+              value: "true"
+          volumeMounts:
+            - name: forgejo-data
+              mountPath: /data
+      volumes:
+        - name: forgejo-data
+          persistentVolumeClaim:
+            claimName: forgejo-pvc
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: forgejo
+spec:
+  selector:
+    app: forgejo
+  ports:
+    - name: http
+      port: 3000
+      targetPort: 3000
+
+---
+# SSH exposed via LoadBalancer on port 2222 (MetalLB)
+apiVersion: v1
+kind: Service
+metadata:
+  name: forgejo-ssh
+spec:
+  type: LoadBalancer
+  selector:
+    app: forgejo
+  ports:
+    - name: ssh
+      port: 2222
+      targetPort: 22
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: forgejo-ingressroute
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`git.juntekim.com`)
+      kind: Rule
+      services:
+        - name: forgejo
+          port: 3000
+  tls:
+    certResolver: myresolver
+    domains:
+      - main: git.juntekim.com
diff --git a/rook/after_setup/02-storage-class.yaml b/rook/after_setup/02-storage-class.yaml
index ec35e84..3156d4c 100644
--- a/rook/after_setup/02-storage-class.yaml
+++ b/rook/after_setup/02-storage-class.yaml
@@ -25,5 +25,5 @@ parameters:
   csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
   csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node
   csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
-reclaimPolicy: Delete
+reclaimPolicy: Retain
 allowVolumeExpansion: true
diff --git a/rook/operator.yaml b/rook/operator.yaml
index 2cd6fea..1849edb 100644
--- a/rook/operator.yaml
+++ b/rook/operator.yaml
@@ -25,6 +25,9 @@ data:
   # The logging level for the operator: ERROR | WARNING | INFO | DEBUG
   ROOK_LOG_LEVEL: "INFO"
 
+  # MicroK8s uses a non-standard kubelet path — required for CSI mounts to work
+  ROOK_CSI_KUBELET_DIR_PATH: "/var/snap/microk8s/common/var/lib/kubelet"
+
   # The address for the operator's controller-runtime metrics. 0 is disabled. :8080 serves metrics on port 8080.
   ROOK_OPERATOR_METRICS_BIND_ADDRESS: "0"