kimjunte/juntekim.com
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 13
juntekim.com/forgejo/forgejo.yaml
Jun-te Kim 2d0892a7f5
Some checks are pending
Build juntekim.com / Push-to-juntekim-to-docker-hub (push) Waiting to run
Details
Build juntekim.com / run-on-k8s (push) Blocked by required conditions
Details
Build & Deploy stripe-to-invoice (with DB secrets + migrations) / build (push) Waiting to run
Details
Build & Deploy stripe-to-invoice (with DB secrets + migrations) / Deploy Postgres (PV + PVC + Deployment) (push) Blocked by required conditions
Details
Build & Deploy stripe-to-invoice (with DB secrets + migrations) / Apply runtime secrets (push) Blocked by required conditions
Details
Build & Deploy stripe-to-invoice (with DB secrets + migrations) / Run DB migrations (Atlas) (push) Blocked by required conditions
Details
Build & Deploy stripe-to-invoice (with DB secrets + migrations) / deploy (push) Blocked by required conditions
Details
Terraform Plan / Terraform Plan (pull_request) Waiting to run
Details
git things
2026-03-12 07:01:36 +00:00

217 lines
5.1 KiB
YAML
Raw Blame History

# ================================
# FORGEJO - SELF-HOSTED GIT
# https://forgejo.org/
# ================================
---
apiVersion: v1
kind: Secret
metadata:
name: forgejo-db-secret
type: Opaque
stringData:
POSTGRES_USER: forgejo
POSTGRES_PASSWORD: changeMePleaseOtherwiseSomeoneWillKnow
POSTGRES_DB: forgejo
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: forgejo-postgres
labels:
app: forgejo-postgres
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: forgejo-postgres
template:
metadata:
labels:
app: forgejo-postgres
spec:
containers:
- name: postgres
image: postgres:16-alpine
ports:
- containerPort: 5432
env:
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
envFrom:
- secretRef:
name: forgejo-db-secret
volumeMounts:
- name: forgejo-db-data
mountPath: /var/lib/postgresql/data
volumes:
- name: forgejo-db-data
persistentVolumeClaim:
claimName: forgejo-db-pvc
---
apiVersion: v1
kind: Service
metadata:
name: forgejo-postgres
spec:
selector:
app: forgejo-postgres
ports:
- port: 5432
targetPort: 5432
# -------------------------
# FORGEJO APP
# -------------------------
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: forgejo
labels:
app: forgejo
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: forgejo
template:
metadata:
labels:
app: forgejo
spec:
initContainers:
- name: fix-permissions
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /data"]
volumeMounts:
- name: forgejo-data
mountPath: /data
containers:
- name: forgejo
image: codeberg.org/forgejo/forgejo:10
ports:
- containerPort: 3000
name: http
- containerPort: 22
name: ssh
env:
- name: FORGEJO__server__DOMAIN
value: git.juntekim.com
- name: FORGEJO__server__ROOT_URL
value: https://git.juntekim.com
- name: FORGEJO__server__HTTP_PORT
value: "3000"
- name: FORGEJO__server__SSH_PORT
value: "2222"
- name: FORGEJO__server__SSH_DOMAIN
value: git.juntekim.com
- name: FORGEJO__database__DB_TYPE
value: postgres
- name: FORGEJO__database__HOST
value: forgejo-postgres:5432
- name: FORGEJO__database__NAME
valueFrom:
secretKeyRef:
name: forgejo-db-secret
key: POSTGRES_DB
- name: FORGEJO__database__USER
valueFrom:
secretKeyRef:
name: forgejo-db-secret
key: POSTGRES_USER
- name: FORGEJO__database__PASSWD
valueFrom:
secretKeyRef:
name: forgejo-db-secret
key: POSTGRES_PASSWORD
- name: FORGEJO__security__INSTALL_LOCK
value: "true"
volumeMounts:
- name: forgejo-data
mountPath: /data
- name: backup
image: python:3-alpine
env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: forgejo-backup-secret
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: forgejo-backup-secret
key: AWS_SECRET_ACCESS_KEY
- name: AWS_DEFAULT_REGION
value: eu-west-2
command:
- /bin/sh
- -c
- |
apk add --no-cache dcron aws-cli
echo "0 2 * * 0 TIMESTAMP=\$(date +\%Y-\%m-\%d) && tar -czf - /data | aws s3 cp - s3://juntekim-git-backup/repos/forgejo-backup-\${TIMESTAMP}.tar.gz" | crontab -
crond -f -l 2
volumeMounts:
- name: forgejo-data
mountPath: /data
readOnly: true
volumes:
- name: forgejo-data
persistentVolumeClaim:
claimName: forgejo-pvc
---
apiVersion: v1
kind: Service
metadata:
name: forgejo
spec:
selector:
app: forgejo
ports:
- name: http
port: 3000
targetPort: 3000
---
# SSH exposed via LoadBalancer on port 2222 (MetalLB)
apiVersion: v1
kind: Service
metadata:
name: forgejo-ssh
annotations:
metallb.io/allow-shared-ip: traefik
spec:
type: LoadBalancer
selector:
app: forgejo
ports:
- name: ssh
port: 2222
targetPort: 22
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: forgejo-ingressroute
spec:
entryPoints:
- websecure
routes:
- match: Host(`git.juntekim.com`)
kind: Rule
services:
- name: forgejo
port: 3000
tls:
certResolver: myresolver
domains:
- main: git.juntekim.com
Reference in a new issue View git blame Copy permalink