kimjunte/juntekim.com
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 13

git things #1

Merged
kimjunte merged 1 commit from feature/back_up into main 2026-03-12 07:08:11 +00:00
Conversation 0 Commits 1 Files changed 5 +80 -28
5 changed files with 80 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
aws_infra/main.tf
View file

@ -3,5 +3,14 @@
module "forgejo_backup" { module "forgejo_backup" {
source = "./modules/forgejo_backup" source = "./modules/forgejo_backup"
bucket_name = "juntekim-forgejo-backup" bucket_name = "juntekim-git-backup"
}
output "forgejo_backup_access_key_id" {
value = module.forgejo_backup.iam_access_key_id
}
output "forgejo_backup_secret_access_key" {
value = module.forgejo_backup.iam_secret_access_key
sensitive = true
} }

3
aws_infra/provider.tf
View file

@ -17,5 +17,6 @@ terraform {
} }
provider "aws" { provider "aws" {
region = var.aws_region region = var.aws_region
profile = "personal"
} }

9
forgejo/forgejo-backup-secret.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: forgejo-backup-secret
namespace: default
type: Opaque
stringData:
AWS_ACCESS_KEY_ID: AKIAQL67W6HIV6WTECSQ
AWS_SECRET_ACCESS_KEY: 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

29
forgejo/forgejo-storage.yaml Normal file
View file

@ -0,0 +1,29 @@
# ================================
# FORGEJO PERSISTENT STORAGE
# Apply once — do NOT delete
# ================================
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: forgejo-db-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: rook-ceph-block
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: forgejo-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: rook-ceph-block
resources:
requests:
storage: 20Gi

56
forgejo/forgejo.yaml
View file

@ -13,19 +13,6 @@ stringData:
POSTGRES_PASSWORD: changeMePleaseOtherwiseSomeoneWillKnow POSTGRES_PASSWORD: changeMePleaseOtherwiseSomeoneWillKnow
POSTGRES_DB: forgejo POSTGRES_DB: forgejo
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: forgejo-db-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: rook-ceph-block
resources:
requests:
storage: 10Gi
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
@ -35,6 +22,8 @@ metadata:
app: forgejo-postgres app: forgejo-postgres
spec: spec:
replicas: 1 replicas: 1
strategy:
type: Recreate
selector: selector:
matchLabels: matchLabels:
app: forgejo-postgres app: forgejo-postgres
@ -78,19 +67,6 @@ spec:
# FORGEJO APP # FORGEJO APP
# ------------------------- # -------------------------
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: forgejo-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: rook-ceph-block
resources:
requests:
storage: 20Gi
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
@ -100,6 +76,8 @@ metadata:
app: forgejo app: forgejo
spec: spec:
replicas: 1 replicas: 1
strategy:
type: Recreate
selector: selector:
matchLabels: matchLabels:
app: forgejo app: forgejo
@ -158,6 +136,32 @@ spec:
volumeMounts: volumeMounts:
- name: forgejo-data - name: forgejo-data
mountPath: /data mountPath: /data
- name: backup
image: python:3-alpine
env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: forgejo-backup-secret
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: forgejo-backup-secret
key: AWS_SECRET_ACCESS_KEY
- name: AWS_DEFAULT_REGION
value: eu-west-2
command:
- /bin/sh
- -c
- |
apk add --no-cache dcron aws-cli
echo "0 2 * * 0 TIMESTAMP=\$(date +\%Y-\%m-\%d) && tar -czf - /data | aws s3 cp - s3://juntekim-git-backup/repos/forgejo-backup-\${TIMESTAMP}.tar.gz" | crontab -
crond -f -l 2
volumeMounts:
- name: forgejo-data
mountPath: /data
readOnly: true
volumes: volumes:
- name: forgejo-data - name: forgejo-data
persistentVolumeClaim: persistentVolumeClaim: