{ lib, config, globals, ... }: { options.forgejo.enable = lib.mkEnableOption "forgejo"; config = lib.mkIf config.forgejo.enable { kubernetes.resources = { secrets.forgejo.stringData.config = lib.generators.toINI {} (import ./config.nix); deployments.server.spec = { selector.matchLabels.app = "forgejo"; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels.app = "forgejo"; spec = { # This disables services from becoming environmental variables # to prevent SSH_PORT clashing with Forgejo config. enableServiceLinks = false; containers.forgejo = { image = globals.images.forgejo; imagePullPolicy = "IfNotPresent"; env = { USER_UID.value = "1000"; USER_GID.value = "1000"; }; ports = { web.containerPort = 3000; ssh.containerPort = 22; }; volumeMounts = [ { name = "data"; mountPath = "/data"; } { name = "config"; mountPath = "/data/gitea/conf/app.ini"; subPath = "config"; } ]; }; volumes = { data.persistentVolumeClaim.claimName = "data"; config.secret.secretName = "forgejo"; }; }; }; }; services = { web.spec = { selector.app = "forgejo"; ports.web = { port = 80; targetPort = "web"; }; }; ssh.spec = { type = "LoadBalancer"; loadBalancerIP = globals.gitIPv4; selector.app = "forgejo"; ports.ssh = { port = 56287; targetPort = "ssh"; }; }; }; }; lab = { ingresses.web = { host = "git.kun.is"; service = { name = "web"; portName = "web"; }; }; longhorn.persistentVolumeClaim.data = { volumeName = "forgejo"; storage = "20Gi"; }; }; }; }