From 79096d942a0627a9e9feaf9f1af606285becfc3f Mon Sep 17 00:00:00 2001
From: trivernis <trivernis@protonmail.com>
Date: Mon, 9 Oct 2023 00:53:46 +0200
Subject: [PATCH] Add forgejo definitions

---
 apps/forgejo/app.yaml                       | 14 +++++++++
 apps/forgejo/app/admin-sealedsecret.yaml    | 17 +++++++++++
 apps/forgejo/app/forgejo-sealedsecret.yaml  | 16 ++++++++++
 apps/forgejo/app/namespace.yaml             |  6 ++++
 apps/forgejo/app/postgres-sealedsecret.yaml | 17 +++++++++++
 apps/forgejo/app/postgres.yaml              | 22 +++++++++++++
 apps/forgejo/app/release.yaml               | 34 +++++++++++++++++++++
 apps/forgejo/app/repository.yaml            |  9 ++++++
 apps/forgejo/app/route.yaml                 | 28 +++++++++++++++++
 cluster/apps.yaml                           | 15 +++++++++
 10 files changed, 178 insertions(+)
 create mode 100644 apps/forgejo/app.yaml
 create mode 100644 apps/forgejo/app/admin-sealedsecret.yaml
 create mode 100644 apps/forgejo/app/forgejo-sealedsecret.yaml
 create mode 100644 apps/forgejo/app/namespace.yaml
 create mode 100644 apps/forgejo/app/postgres-sealedsecret.yaml
 create mode 100644 apps/forgejo/app/postgres.yaml
 create mode 100644 apps/forgejo/app/release.yaml
 create mode 100644 apps/forgejo/app/repository.yaml
 create mode 100644 apps/forgejo/app/route.yaml

diff --git a/apps/forgejo/app.yaml b/apps/forgejo/app.yaml
new file mode 100644
index 0000000..7e730e7
--- /dev/null
+++ b/apps/forgejo/app.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: miniflux
+metadata:
+  name: miniflux
+resources:
+  - app/namespace.yaml
+  - app/forgejo-sealedsecret.yaml
+  - app/admin-sealedsecret.yaml
+  - app/postgres-sealedsecret.yaml
+  - app/postgres.yaml
+  - app/repository.yaml
+  - app/release.yaml
+  - app/route.yaml
diff --git a/apps/forgejo/app/admin-sealedsecret.yaml b/apps/forgejo/app/admin-sealedsecret.yaml
new file mode 100644
index 0000000..797790b
--- /dev/null
+++ b/apps/forgejo/app/admin-sealedsecret.yaml
@@ -0,0 +1,17 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: forgejo-admin-secret
+  namespace: forgejo
+spec:
+  encryptedData:
+    password: AgBN+1xcD19wgIX7MHRdYG/OEBnLMjjXILufSIjUW06MLghc2EWlCrx6+p9zdI2WLTdyS53ZzOPTkXNi9pwA2zLH7jA8VmdZ6Y2mpnQddkzV77NOBQhqAQEzcV3050Z3Owv1hhV/h2nNS10/22U8ObZT5wd4dSqpZvdt7BgU2Hfn1jNw+57CNrA+W2I1iX0M3B6kHrXR/uWs7K1pWeEoAR3ZM+HuljNKIZlLjFMSVPldlB6Y57q3pmKCGE28i2PG4RdFzglc4pJjlZ7j8a1DDHPPWxIXFNGf4aW+jW/3e+jwsloK1qDloLFVIxQrLcWBiomMK6ZvabQchpsG+QK0Mz4lQAQCJOj/e4Pwn4qbcEzs8auK7eWKZ9nOHDVql0FIbB9FRvk5zr5IhCEMNqzynUiG7WsYQVrDbee1wC1VgP6APcdmnT1caCbvxnl9oQIssRr5aimmWneSPL119AVSSJZC6nZI+SGWZ5DgymXcyg4R6Kq6C9wRsHNfUdwr4sQBCjgjFkQB7tGEJOU0lZTXmKkXi9QzFrkC49+/lNqwR7wQBQXw1nwREWkPy9DKIWx22Y6UDE9kKTK/IVGtMeUw5g2mwuNoAp3Sm7cBH03QpMitILx5/BiF+lI/GTPxNTj3LIL5Ra1uRm4+jYCXKJtFMlEqqscEFDedxfwb4RLzICx3YiHY51ZWKScLpUgguwmJZCGMl/WD/c5B6gMu2799agVB
+    username: AgDAku85WN9Qa8CGaXTfaaq964nomk7xBSREtuO4Jd31a496GI4ISky8KwabelWLW08Fy0zG4lMy8kOlLEMZPd52P+mouPzKaRmDfv/pX57itM4QLfXoIszg66ppIjGW6JQj3EJ5PSs9jkKjoG5mEyOSJht2J/X9V93PTq6mjR/p0219ASyrQ7WoU13ULZi6A0ONIaLN9lT3q9Zd8yMq+fGYkAeRHWWAjtD7lLQi6ALS+IDN0X2iaKaW7g6K0YHTI7J+3TZmSA0j4fYuInQl1xp5NwurWcPm+THw+Koz/rheVId8i4wiksuuC7rL+M7OoCzngid03wIqzAJyh12zAhSAjEwtA5B6wzWFxUdyIp4JAXBh3nvRVXSy/kEuutVa71oAuAoGC+f8ov/j44cbyFAJ+yxlaZqAj8Ari9lSvpR6IIZJfMDB1MvNkIiwNfhKrxZWNP+wFkDl9TAwHCjm61MVUJMrqVWAMs3aEPybaN+RJnzbMOuUb13NeOSj8UDoKp1JRvluxnDfQIAi0PD5+3z0jp85dIewjBPKXPYHuWdRsW6J24q63v2rq0zLCpO3xn4cHxITqhtUZVZQbrme58fKqJL9rbDYrcCtv1rIfHg5sCs8I+pCx1L7CwbL5Ro/WZ2yUwUaGXVnfSC0XiIndHD71wS39aNMkmfDckCeJwwCgfnxIYBTQhrVnJpH6LT35irFjetgZyP4DjM=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: forgejo-admin-secret
+      namespace: forgejo
+    type: Opaque
+
diff --git a/apps/forgejo/app/forgejo-sealedsecret.yaml b/apps/forgejo/app/forgejo-sealedsecret.yaml
new file mode 100644
index 0000000..dac7ef3
--- /dev/null
+++ b/apps/forgejo/app/forgejo-sealedsecret.yaml
@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: forgejo-secret
+  namespace: forgejo
+spec:
+  encryptedData:
+    database: AgDbUHZcALsdkIMHs6wTdKpUzma4ugEuGxeV2zIwhqsMrEyMk0Ud6f020/Hdr2zB+kz1Zj+zot7hItSEcIHS9Olxbqyr3drBii4n9+kMHB/cMQ4CBSuGSaylqI66I8zDWtLxRESi6JKcwH/p1/4VyYiVA9oqzqklki0UZGucB2flEAKRbTfuxHmXxCo8JQYGEMBBpYaIjVsGEgJ6QyWGJkUKaopSyZtCInf//D/Nt8X38HU1UQVrlXbeKwnnExk9Zg80hNV0uFZaBNPfaSSn8fiLU9ck4aZf+s2qJX3uYemvZuaieOcrX89gVcYsN9zbk9ADSLbak7eeuSwFdzK1rteEqHdHcNC3L8N7ssemRX9gCKUEuE/gmW7YdfbevjyUlArAcEillrCatZ92IXZFr5YQL2rhLraCUI7Pq58Qrza3Yz7/+8bhVvAl8ocTUggua6qwPpEbxDW7w4f/j8VpJMeLQ9Y/L1ASHmw+71tdGwuWsif42gqOUW0kS/nZwiLDae1xY3p+gRv9oN0zCZYhX8+MuRq4zPrj9zYoq2+5Iee2390jm55/qPd6K3nmmOGjR93Up5Y37jWP0Is9mLIX0xjvrym9DwUQFDLQZy5iIYRBmoTR4jJxhQp4BDiWZwAIUvW2gPWcujiQCwAQcXRf239xL/Lpcolh/eSNUp7zsdCJ4Xq5NSi4p7S2dAd2zg1Z5hC6NItTnNoWh/MpR3dvPAX3a3SzZ1JtLNuwjYyd+EPlRpwhIK4YXFcW1RwPilH3+euzD6O8o8FkOGuw5I2a9RMSEURmk5wUQkeUqBotIFTYzIcTLJk26DivYlnA2NBOK7ZXpZ8=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: forgejo-secret
+      namespace: forgejo
+    type: Opaque
+
diff --git a/apps/forgejo/app/namespace.yaml b/apps/forgejo/app/namespace.yaml
new file mode 100644
index 0000000..d6d6a59
--- /dev/null
+++ b/apps/forgejo/app/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: forgejo
+  labels:
+    name: forgejo
diff --git a/apps/forgejo/app/postgres-sealedsecret.yaml b/apps/forgejo/app/postgres-sealedsecret.yaml
new file mode 100644
index 0000000..97aafb7
--- /dev/null
+++ b/apps/forgejo/app/postgres-sealedsecret.yaml
@@ -0,0 +1,17 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: postgres-secret
+  namespace: forgejo
+spec:
+  encryptedData:
+    replicationUserPassword: AgBg3d2CHxZPtbOb61OKFJIf8pOA0xkJdWGlWaUigss1ESZBBaycqP0EHo2E1tuX+YOuOnodQ2qPSDyF8qlAa40bVtmTH1guZffCGELsA3iUY7hzN/mxExWbZbzZle5RaQvKoNtUXiMuNkZbqV3mQUCaK+ilj26b0CWmyDnRL5ls2ZqdqNPNTVZv5oWENjRIxyH6BGwc9cjrUQr9+tEHqHoy67QvD07nGDfyBydYVi74NvefDW+LEG8DtTuJYG4dzJkNsEYgXWErfCRxRUTFD9O8HXLsJHuxW4P48QYBWIzpCHilvIk2dIHD8PYsIcp+5d0qMty2A4o1nHT7xSqR2ufQMGQTke5LcJ27nAbnOigbxbtTbKDaOKhNQGfXo87JPKyDu7GQCevolaLnaalyTkPvZ2I+9/vPvO9xJ+iXsNkiu/4ZZnoZkLfdm2k5a1VPZxK1jnXhkRr+G1rCwbRP6XUQjCFCXpPXnwJixRp/rGnsVu3WnL89dEutXxu2+yyeP6xhSCYKH8voxbSnp+DqH9WWf32/qRZG7OMKc7W69j6BMfp3twYosyJaboVxFEWaxRELsoxIznFS5azumT738z2S3jeRw8ewdCmg9QJv2SraDtkYeqoLhEv+CaTVFwMKKbdVsxYYHL09/PzxvNFC4F8GxXuk8ok1/aKuRYhqDGbSHnc4g1W7G6D2a8UMZPMYsYRhd6vty+mo4EDBGNdHuggm
+    superUserPassword: AgAQlm8rpIaHTu7D9n4kt5iVlS/XLHK7Msf4Ox/64hpZuzKrm5dPqeUrbT5e+JjdVvQUmMloTozH4C/iuAJvobLRrJ0A0CLMi+DQBsw/Rs/NUtyjsuLybVf3hdDFKEUApetSsyIQBEtWiDRXnJwevyclMhrzAMQeAaTCXffA3p8HHz0PIlvLu51ZGkewXROwWLP1QQyl/eeR3lnWdEVsWlPADhD1EzivInekC0YT2O+xRYLFnNtaAyam8YS8oGXaCkmXRL86dKNQskniVsO7Y7hU6FS5YWTlyNaQOSeA1P+tf3gQy/mTp/T6uV8HvffLkUlIRzsH5XI3qit5bGjq5m0/2H5gOU26m2RiV1RLxhcGcpeg2VNSJlllDEW7QVCHpwnJ0AlLYS36Wd9f/HAjPq5NkDYuGGgOILCvfYikYXGYKmYFCFybzyDzexhM0wkEjRNZFkXYzAu2dvt6k6iCxr8uRAJOtGUKDeGBAr48d5Kdh97zXHFdhPRog6r7dk8VGlaKV0wX0UhLZ/SlQCXaw5vr/m+pdlWuaWx6jCCBUb6jIlvmQNOQzbpSOCb2bpfK4K4BcOgA10jXEW18Nv+ih1an8g1Jb1tgJ0ohn6V6yYDTAUQYZjfy/RrOYIwhddwYNO7ddqgtjmhTsSDroHhVX7ov9L+QX2tMw328Ulaxy0DYthN/kPleX+8+F4sCsGQrA8kgvyJRa2F3uqHHaPe0Z4+R
+  template:
+    metadata:
+      creationTimestamp: null
+      name: postgres-secret
+      namespace: forgejo
+    type: Opaque
+
diff --git a/apps/forgejo/app/postgres.yaml b/apps/forgejo/app/postgres.yaml
new file mode 100644
index 0000000..b7ff72c
--- /dev/null
+++ b/apps/forgejo/app/postgres.yaml
@@ -0,0 +1,22 @@
+apiVersion: kubegres.reactive-tech.io/v1
+kind: Kubegres
+metadata:
+  name: forgejo-db
+  namespace: forgejo
+spec:
+   replicas: 1
+   image: postgres:16-alpine
+   database:
+      size: 10Gi
+   env:
+      - name: POSTGRES_PASSWORD
+        valueFrom:
+           secretKeyRef:
+              name: postgres-secret
+              key: superUserPassword
+
+      - name: POSTGRES_REPLICATION_PASSWORD
+        valueFrom:
+           secretKeyRef:
+              name: postgres-secret
+              key: replicationUserPassword
diff --git a/apps/forgejo/app/release.yaml b/apps/forgejo/app/release.yaml
new file mode 100644
index 0000000..8eeb1df
--- /dev/null
+++ b/apps/forgejo/app/release.yaml
@@ -0,0 +1,34 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: forgejo
+  namespace: forgejo
+spec:
+  releaseName: forgejo
+  chart:
+    spec:
+      chart: forgejo
+      sourceRef:
+        kind: HelmRepository
+        name: forgejo
+  interval: 60m
+  install:
+    remediation:
+      retries: 3
+  values:
+    gitea:
+      admin:
+        existingSecret: forgejo-admin-secret
+      additionalConfigSources:
+        - secret:
+            secretName: forgejo-secret
+      config:
+        APP_NAME: 'Forgejo: My super awesome Git Server.'      
+        server:
+          DOMAIN: git.trivernis.dev
+          SSH_DOMAIN: git.trivernis.dev
+          ROOT_URL: https://git.trivernis.dev
+    memcached:
+      enabled: true
+    postgresql:
+      enabled: false
\ No newline at end of file
diff --git a/apps/forgejo/app/repository.yaml b/apps/forgejo/app/repository.yaml
new file mode 100644
index 0000000..4ad4e82
--- /dev/null
+++ b/apps/forgejo/app/repository.yaml
@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: forgejo
+  namespace: forgejo
+spec:
+  type: oci
+  interval: 60m
+  url: oci://codeberg.org/forgejo-contrib
\ No newline at end of file
diff --git a/apps/forgejo/app/route.yaml b/apps/forgejo/app/route.yaml
new file mode 100644
index 0000000..a89a9ad
--- /dev/null
+++ b/apps/forgejo/app/route.yaml
@@ -0,0 +1,28 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: forgejo-route-http
+  namespace: forgejo
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: Host(`git.trivernis.dev`)
+    kind: Rule
+    services:
+    - name: forgejo-http
+      port: 3000
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: forgejo-route-ssh
+  namespace: forgejo
+spec:
+  entryPoints:
+    - ssh
+  routes:
+  - match: HostSNI(`*`)
+    services:
+    - name: forgejo-ssh
+      port: 22
diff --git a/cluster/apps.yaml b/cluster/apps.yaml
index 16fd12f..8d1d4d3 100644
--- a/cluster/apps.yaml
+++ b/cluster/apps.yaml
@@ -15,6 +15,21 @@ spec:
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
+metadata:
+  name: apps-forgejo
+  namespace: flux-system
+spec:
+  interval: 5m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./apps/forgejo
+  prune: true
+  wait: true
+  timeout: 5m0s
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
 metadata:
   name: apps-longhorn
   namespace: flux-system