From dff11e742b6f24ba9bc8de959ce4b8c6076550f0 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Fri, 12 Jul 2024 14:00:11 +0200 Subject: [PATCH] chore(forgejo): Update to 7.0.5 --- kubenix-modules/forgejo/config.nix | 5 +- kubenix-modules/forgejo/default.nix | 88 ++++++++++++++--------------- secrets/kubernetes.yaml | 5 +- 3 files changed, 50 insertions(+), 48 deletions(-) diff --git a/kubenix-modules/forgejo/config.nix b/kubenix-modules/forgejo/config.nix index 8bebdba..7247cf2 100644 --- a/kubenix-modules/forgejo/config.nix +++ b/kubenix-modules/forgejo/config.nix @@ -7,7 +7,10 @@ "repository.pull-request".DEFAULT_MERGE_STYLE = "merge"; "repository.signing".DEFAULT_TRUST_MODEL = "committer"; ui.DEFAULT_THEME = "forgejo-light"; - oauth2.ENABLED = false; + oauth2 = { + ENABLED = false; + JWT_SECRET = "ref+sops://secrets/kubernetes.yaml#/forgejo/jwtSecret"; + }; DEFAULT = { APP_NAME = "Forgejo: Beyond coding. We forge."; diff --git a/kubenix-modules/forgejo/default.nix b/kubenix-modules/forgejo/default.nix index 6b25875..0fca6d7 100644 --- a/kubenix-modules/forgejo/default.nix +++ b/kubenix-modules/forgejo/default.nix @@ -11,52 +11,53 @@ }; }; - deployments = { - forgejo = { - metadata.labels = { - app = "forgejo"; - component = "forgejo"; + deployments.forgejo = { + metadata.labels = { + app = "forgejo"; + component = "forgejo"; + }; + + spec = { + selector.matchLabels.app = "forgejo"; + + strategy = { + type = "RollingUpdate"; + + rollingUpdate = { + maxSurge = 0; + maxUnavailable = 1; + }; }; - spec = { - selector.matchLabels = { - app = "forgejo"; - component = "forgejo"; - }; + template = { + metadata.labels.app = "forgejo"; - template = { - metadata.labels = { - app = "forgejo"; - component = "forgejo"; + spec = { + containers.forgejo = { + image = "codeberg.org/forgejo/forgejo:7.0.5"; + envFrom = [{ configMapRef.name = "forgejo-env"; }]; + + ports = { + web.containerPort = 3000; + ssh.containerPort = 22; + }; + + volumeMounts = [ + { + name = "data"; + mountPath = "/data"; + } + { + name = "config"; + mountPath = "/data/gitea/conf/app.ini"; + subPath = "config"; + } + ]; }; - spec = { - containers.forgejo = { - image = "codeberg.org/forgejo/forgejo:7.0.1"; - envFrom = [{ configMapRef.name = "forgejo-env"; }]; - - ports = { - web.containerPort = 3000; - ssh.containerPort = 22; - }; - - volumeMounts = [ - { - name = "data"; - mountPath = "/data"; - } - { - name = "config"; - mountPath = "/data/gitea/conf/app.ini"; - subPath = "config"; - } - ]; - }; - - volumes = { - data.persistentVolumeClaim.claimName = "forgejo"; - config.configMap.name = "forgejo-config"; - }; + volumes = { + data.persistentVolumeClaim.claimName = "forgejo"; + config.configMap.name = "forgejo-config"; }; }; }; @@ -65,10 +66,7 @@ services = { forgejo-web.spec = { - selector = { - app = "forgejo"; - component = "forgejo"; - }; + selector.app = "forgejo"; ports.web = { port = 80; diff --git a/secrets/kubernetes.yaml b/secrets/kubernetes.yaml index 21c0773..43d6d90 100644 --- a/secrets/kubernetes.yaml +++ b/secrets/kubernetes.yaml @@ -16,6 +16,7 @@ kitchenowl: forgejo: lfsJwtSecret: ENC[AES256_GCM,data:VWyUDUKZ6km0YPZLejnISBI3wkmOi26CS55NZm+eWbiymGDN9Z9xUQ4FTA==,iv:gGhNGtEEOJnsmq9GMIAImkVOPWMwYq+kDQeWoHVU860=,tag:63z/7PJKI0ePXbJ94radpw==,type:str] internalToken: ENC[AES256_GCM,data:nKLE/Ir8Ewm3GuRzUNZZTShnMMx6avxYu40PvMEti14Be0YmQhJ0IZruRdpktyW1Jj4n5ksXhk+qsO/vEIzQaJmPU1RxN6vsGGk6EBIwMP0kuUNmp25lPefafoJvxoQpXdJvkLy8f8MC,iv:dUki8hCTOF1O5fmwDqZAkaE1OCH3IL/SFPBDSJ/GMiU=,tag:HUpkVqJg53H8uEmHFqJ7+w==,type:str] + jwtSecret: ENC[AES256_GCM,data:ZIGOR53XCE1kGPQIpaY6ImbLMISbTpmC8R1oRFbjQGxHDG9dQuBigyjs5w==,iv:14WHd/RwniA7+YFGGrs+oyHx5Cc9G+D/IV9aBqn3KOI=,tag:+3LiFnV3Emx4i4efSRmthw==,type:str] attic: jwtToken: ENC[AES256_GCM,data:nAuryLY1xD9ur3qDcsJXPJPLFcPwssPKv+/BoivZ4aO6ec6rmOaYAkSRsBjgANyKhssbn0fhGsdyhMBwdHTXDnnIo67amFdxxSe+jJlGtcBXcekaOfD0Ug==,iv:h+h7CD8oI8u2ItzD/KKM16FKaG2xuVqIKh4r1TGjYtw=,tag:Er141FCK8usfzRRtrawHOw==,type:str] databaseURL: ENC[AES256_GCM,data:F2XyCgXRuebQgvkHGz8DVM2z53sC0/8GzVN6P6iJjrVxB522BJnGlw0YdFBg5K9xMWRhuzxRgDJ+ySfIb8HTtFvlF8Ifx41vFZV1zSpmDMzo4/0=,iv:wp3sg+Y9kgGH5GZZDxAE2CpzDvJeV1mH8mfHRPB17Ys=,tag:IhGRIq/qPT0vSbv/L1ODYg==,type:str] @@ -49,8 +50,8 @@ sops: aHpYZ2VtdVBVTkxZbGFOYzRpbGltZHMKJs4E+CsthuzQZqA0Yip4G/1XK4SuoiRP Lo65L33lfNibdSOeIygqnyo6GBwjD52TcNQpvzkVbr3M3hWlJs8wCA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-16T14:30:15Z" - mac: ENC[AES256_GCM,data:dGFqNLSfoWvQ88l9ZEchJkRGmKyE0Ullactg+45t6gT9qzS9Y6crV1VOZEkfv6CabDrXWsq8cgadW9bD1z+vmpnRGdnsFIzYycw36y+ibiJ7ItCkT5KO86W8EsalzSxdy+Ac89Jp3Fv1xWzWcxKAO6jz0zluv6CrUl3kk5wTfBI=,iv:tdWY4pjE6ux5rbsYG5qTqnRDjspsIXAuWXqEnR6j4qI=,tag:Sw6fdDVKB8L1Me6Sa67O6Q==,type:str] + lastmodified: "2024-07-12T11:55:18Z" + mac: ENC[AES256_GCM,data:X2uCQfFmVkRq2OSClVlLO9zzmY/jj/B8Qo4dln93KJLRr4g2wdTQVbJWBtLDUMotlHs6b27nJc8T1wTR9/4Q1xqh92DjGeWZQmA5VbBgWuOmCB1xOE8eAFY1rVCT7e2uAFuHknxKhOS2KfOxZyGc4AJ7weXs9bLJWe5i0PSesvA=,iv:KWii9fvWUECng8Nb82nV87HR+BPIyYEfJKZHOrGPjiw=,tag:89xRQre8WahRSt1I6AweYg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1