{ myLib, ... }: { kubernetes.resources = { configMaps = { forgejo-config.data = { # TODO: Generate from nix code? config = '' APP_NAME = Forgejo: Beyond coding. We forge. RUN_MODE = prod RUN_USER = git WORK_PATH=/data/gitea [repository] ROOT = /data/git/repositories DEFAULT_BRANCH = master [repository.local] LOCAL_COPY_PATH = /data/gitea/tmp/local-repo [repository.upload] TEMP_PATH = /data/gitea/uploads [server] APP_DATA_PATH = /data/gitea DOMAIN = git.kun.is SSH_DOMAIN = ssh.git.kun.is HTTP_PORT = 3000 ROOT_URL = https://git.kun.is DISABLE_SSH = false SSH_PORT = 56287 SSH_LISTEN_PORT = 22 LFS_START_SERVER = true LFS_JWT_SECRET = ref+sops://secrets/sops.yaml#/forgejo/lfsJwtSecret OFFLINE_MODE = false [database] PATH = /data/gitea/gitea.db DB_TYPE = sqlite3 HOST = localhost:3306 NAME = gitea USER = root PASSWD = LOG_SQL = false SCHEMA = SSL_MODE = disable CHARSET = utf8 [indexer] ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve ISSUE_INDEXER_TYPE = db [session] PROVIDER_CONFIG = /data/gitea/sessions PROVIDER = file [picture] AVATAR_UPLOAD_PATH = /data/gitea/avatars REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars ENABLE_FEDERATED_AVATAR = false [attachment] PATH = /data/gitea/attachments [log] MODE = console LEVEL = info logger.router.MODE = console ROOT_PATH = /data/gitea/log logger.access.MODE=console [security] INSTALL_LOCK = true SECRET_KEY = REVERSE_PROXY_LIMIT = 1 REVERSE_PROXY_TRUSTED_PROXIES = * INTERNAL_TOKEN = ref+sops://secrets/sops.yaml#/forgejo/internalToken PASSWORD_HASH_ALGO = pbkdf2 [service] DISABLE_REGISTRATION = true REQUIRE_SIGNIN_VIEW = false REGISTER_EMAIL_CONFIRM = false ENABLE_NOTIFY_MAIL = false ALLOW_ONLY_EXTERNAL_REGISTRATION = false ENABLE_CAPTCHA = false DEFAULT_KEEP_EMAIL_PRIVATE = true DEFAULT_ALLOW_CREATE_ORGANIZATION = true DEFAULT_ENABLE_TIMETRACKING = true NO_REPLY_ADDRESS = noreply.localhost [lfs] PATH = /data/git/lfs [mailer] ENABLED = false [openid] ENABLE_OPENID_SIGNIN = true ENABLE_OPENID_SIGNUP = false [repository.pull-request] DEFAULT_MERGE_STYLE = merge [repository.signing] DEFAULT_TRUST_MODEL = committer [ui] DEFAULT_THEME = forgejo-light [oauth2] ENABLE=false ''; }; forgejo-env.data = { USER_UID = "1000"; USER_GID = "1000"; }; }; deployments.forgejo = { metadata.labels.app = "forgejo"; spec = { selector.matchLabels.app = "forgejo"; template = { metadata.labels.app = "forgejo"; spec = { containers.forgejo = { image = "codeberg.org/forgejo/forgejo:1.20"; envFrom = [{ configMapRef.name = "forgejo-env"; }]; ports = [ { containerPort = 3000; protocol = "TCP"; } { containerPort = 22; protocol = "TCP"; } ]; volumeMounts = [ { name = "data"; mountPath = "/data"; } { name = "config"; mountPath = "/data/gitea/conf/app.ini"; subPath = "config"; } ]; }; volumes = [ { name = "data"; persistentVolumeClaim.claimName = "forgejo"; } { name = "config"; configMap.name = "forgejo-config"; } ]; }; }; }; }; persistentVolumes.forgejo.spec = { capacity.storage = "1Mi"; accessModes = [ "ReadWriteMany" ]; nfs = { server = "lewis.dmz"; path = "/mnt/data/nfs/forgejo"; }; }; persistentVolumeClaims.forgejo.spec = { accessModes = [ "ReadWriteMany" ]; storageClassName = ""; resources.requests.storage = "1Mi"; volumeName = "forgejo"; }; services = { forgejo-web.spec = { selector.app = "forgejo"; ports = [{ protocol = "TCP"; port = 80; targetPort = 3000; }]; }; forgejo-ssh.spec = { type = "LoadBalancer"; loadBalancerIP = myLib.globals.gitIPv4; selector.app = "forgejo"; ports = [{ port = 56287; targetPort = 22; }]; }; }; ingresses.forgejo = { metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt"; spec = { ingressClassName = "traefik"; rules = [{ host = "git.kun.is"; http.paths = [{ path = "/"; pathType = "Prefix"; backend.service = { name = "forgejo-web"; port.number = 80; }; }]; }]; tls = [{ secretName = "forgejo-tls"; hosts = [ "git.kun.is" ]; }]; }; }; }; }