home/nixos-servers
home/nixos-servers
Archived
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

mount forgejo runner data on NFS

Browse source 
convert forgejo config from nix to ini
This commit is contained in:
Pim Kunis 2024-04-20 13:00:41 +02:00
parent e196077ea1
commit 44013d3a78
4 changed files with 123 additions and 124 deletions
Download patch file Download diff file Expand all files Collapse all files

101
kubenix-modules/forgejo/config.nix Normal file
View file

@ -0,0 +1,101 @@
{
"repository.local".LOCAL_COPY_PATH = "/data/gitea/tmp/local-repo";
"repository.upload".TEMP_PATH = "/data/gitea/uploads";
attachment.PATH = "/data/gitea/attachments";
lfs.PATH = "/data/git/lfs";
mailer.ENABLED = false;
"repository.pull-request".DEFAULT_MERGE_STYLE = "merge";
"repository.signing".DEFAULT_TRUST_MODEL = "committer";
ui.DEFAULT_THEME = "forgejo-light";
oauth2.ENABLE = false;
DEFAULT = {
APP_NAME = "Forgejo: Beyond coding. We forge.";
RUN_MODE = "prod";
RUN_USER = "git";
WORK_PATH = "/data/gitea";
};
repository = {
ROOT = "/data/git/repositories";
DEFAULT_BRANCH = "master";
};
server = {
APP_DATA_PATH = "/data/gitea";
DOMAIN = "git.kun.is";
SSH_DOMAIN = "ssh.git.kun.is";
HTTP_PORT = 3000;
ROOT_URL = "https://git.kun.is";
DISABLE_SSH = false;
SSH_PORT = 56287;
SSH_LISTEN_PORT = 22;
LFS_START_SERVER = true;
LFS_JWT_SECRET = "ref+sops://secrets/sops.yaml#/forgejo/lfsJwtSecret";
OFFLINE_MODE = false;
};
database = {
PATH = "/data/gitea/gitea.db";
DB_TYPE = "sqlite3";
HOST = "localhost:3306";
NAME = "gitea";
USER = "root";
PASSWD = "";
LOG_SQL = false;
SCHEMA = "";
SSL_MODE = "disable";
CHARSET = "utf8";
};
indexer = {
ISSUE_INDEXER_PATH = "/data/gitea/indexers/issues.bleve";
ISSUE_INDEXER_TYPE = "db";
};
session = {
PROVIDER_CONFIG = "/data/gitea/sessions";
PROVIDER = "file";
};
picture = {
AVATAR_UPLOAD_PATH = "/data/gitea/avatars";
REPOSITORY_AVATAR_UPLOAD_PATH = "/data/gitea/repo-avatars";
ENABLE_FEDERATED_AVATAR = false;
};
log = {
MODE = "console";
LEVEL = "info";
"logger.router.MODE" = "console";
ROOT_PATH = "/data/gitea/log";
"logger.access.MODE" = "console";
};
security = {
INSTALL_LOCK = true;
SECRET_KEY = "";
REVERSE_PROXY_LIMIT = 1;
REVERSE_PROXY_TRUSTED_PROXIES = "*";
INTERNAL_TOKEN = "ref+sops://secrets/sops.yaml#/forgejo/internalToken";
PASSWORD_HASH_ALGO = "pbkdf2";
};
service = {
DISABLE_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = false;
REGISTER_EMAIL_CONFIRM = false;
ENABLE_NOTIFY_MAIL = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
ENABLE_CAPTCHA = false;
DEFAULT_KEEP_EMAIL_PRIVATE = true;
DEFAULT_ALLOW_CREATE_ORGANIZATION = true;
DEFAULT_ENABLE_TIMETRACKING = true;
NO_REPLY_ADDRESS = "noreply.localhost";
};
openid = {
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = false;
};
}

199
kubenix-modules/forgejo/default.nix Normal file
View file

@ -0,0 +1,199 @@
{ lib, myLib, ... }: {
kubernetes.resources = {
secrets.runner-secret.stringData.token = "ref+sops://secrets/sops.yaml#/forgejo/runnerToken";
configMaps = {
forgejo-config.data.config = lib.generators.toINI { } (import ./config.nix);
forgejo-env.data = {
USER_UID = "1000";
USER_GID = "1000";
};
};
deployments = {
forgejo = {
metadata.labels = {
app = "forgejo";
component = "forgejo";
};
spec = {
selector.matchLabels = {
app = "forgejo";
component = "forgejo";
};
template = {
metadata.labels = {
app = "forgejo";
component = "forgejo";
};
spec = {
containers.forgejo = {
image = "codeberg.org/forgejo/forgejo:1.21";
envFrom = [{ configMapRef.name = "forgejo-env"; }];
ports = {
web.containerPort = 3000;
ssh.containerPort = 22;
};
volumeMounts = [
{
name = "data";
mountPath = "/data";
}
{
name = "config";
mountPath = "/data/gitea/conf/app.ini";
subPath = "config";
}
];
};
volumes = {
data.persistentVolumeClaim.claimName = "forgejo";
config.configMap.name = "forgejo-config";
};
};
};
};
};
# Forgejo-runner for docker in docker (dind) on Kubernetes:
# https://code.forgejo.org/forgejo/runner/src/branch/main/examples/kubernetes/dind-docker.yaml
forgejo-runner = {
metadata.labels = {
app = "forgejo";
component = "runner";
};
spec = {
selector.matchLabels = {
app = "forgejo";
component = "runner";
};
template = {
metadata.labels = {
app = "forgejo";
component = "runner";
};
spec = {
restartPolicy = "Always";
initContainers.runner-register = {
image = "code.forgejo.org/forgejo/runner:3.2.0";
command = [ "forgejo-runner" "register" "--no-interactive" "--token" "$(RUNNER_SECRET)" "--name" "$(RUNNER_NAME)" "--instance" "$(FORGEJO_INSTANCE_URL)" ];
env = {
RUNNER_NAME.value = "runner";
FORGEJO_INSTANCE_URL.value = "https://git.kun.is";
RUNNER_SECRET.valueFrom.secretKeyRef = {
name = "runner-secret";
key = "token";
};
};
resources.limits = {
cpu = "0.50";
memory = "64Mi";
};
volumeMounts = [{
name = "data";
mountPath = "/data";
}];
};
containers = {
runner = {
image = "code.forgejo.org/forgejo/runner:3.0.0";
command = [ "sh" "-c" "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon" ];
env = {
DOCKER_HOST.value = "tcp://localhost:2376";
DOCKER_CERT_PATH.value = "/certs/client";
DOCKER_TLS_VERIFY.value = "1";
};
volumeMounts = [
{
name = "data";
mountPath = "/data";
}
{
name = "certs";
mountPath = "/certs";
}
];
};
daemon = {
image = "docker:23.0.6-dind";
securityContext.privileged = true;
env.DOCKER_TLS_CERTDIR.value = "/certs";
volumeMounts = [{
name = "certs";
mountPath = "/certs";
}];
};
};
volumes = {
data.persistentVolumeClaim.claimName = "forgejo-runner-data";
certs.persistentVolumeClaim.claimName = "forgejo-runner-certs";
};
};
};
};
};
};
services = {
forgejo-web.spec = {
selector = {
app = "forgejo";
component = "forgejo";
};
ports.web = {
port = 80;
targetPort = "web";
};
};
forgejo-ssh.spec = {
type = "LoadBalancer";
loadBalancerIP = myLib.globals.gitIPv4;
selector.app = "forgejo";
ports.ssh = {
port = 56287;
targetPort = "ssh";
};
};
};
};
lab = {
nfsVolumes = {
forgejo.path = "forgejo/data";
forgejo-runner-data.path = "forgejo/runner/data";
forgejo-runner-certs.path = "forgejo/runner/certs";
};
ingresses.forgejo = {
host = "git.kun.is";
service = {
name = "forgejo-web";
portName = "web";
};
};
};
}