Compare commits

..

67 commits
3.4.1 ... main

Author SHA1 Message Date
9f978748e1 fix name 2024-11-04 08:50:53 +01:00
08b965b3a4 Merge branch 'main' of ssh://repo.prod.meissa.de:2222/meissa/c4k-forgejo 2024-10-15 10:09:27 +02:00
b35121ced2 [Skip-CI] Update steps from 1.21 to 7.0 2024-10-15 10:09:02 +02:00
9fefac0868 [skip ci] fix test 2024-09-20 13:41:08 +02:00
ad5fbfd173 [skip ci] update to 8.0.3; backup&restore cmd's use bb now 2024-09-20 12:12:28 +02:00
85107e23ad bump version to: 4.0.1-SNAPSHOT 2024-08-29 13:43:57 +02:00
5141b5ee77 release: 4.0.0 2024-08-29 13:43:57 +02:00
ce98afe445 upgrade dependencies 2024-08-29 13:41:19 +02:00
440456baa4 update runbook 2024-08-27 08:39:34 +02:00
581b50bf13 fix restore 2024-08-23 17:47:52 +02:00
22199ba2ac Merge branch 'main' of ssh://repo.prod.meissa.de:2222/meissa/c4k-forgejo 2024-08-23 15:44:54 +02:00
9352107720 set backup execution dir 2024-08-23 15:44:40 +02:00
bom
034a9bc83c Add aws credentials to prepare 2024-08-23 13:51:03 +02:00
2f46d330e1 test more stright forward 2024-08-23 13:25:13 +02:00
23ec2c6106 test the integration 2024-08-23 11:39:59 +02:00
a12a421bbf prepare first backup test 2024-08-23 08:45:43 +02:00
c0a5539d19 integration test now works 2024-08-16 19:13:58 +02:00
848b03c6ce use backup in integration test 2024-08-16 18:11:22 +02:00
2416e26f70 test the backup 2024-08-16 16:29:34 +02:00
90260b3ea4 no namespace in old versions 2024-08-14 19:19:00 +02:00
jem
fd3ead20f5 Merge pull request 'forgejo-upgrade' (#7) from forgejo-upgrade into main
Reviewed-on: #7
2024-08-09 15:10:27 +00:00
a7c298a824 Merge branch 'main' into forgejo-upgrade 2024-08-09 17:08:06 +02:00
65958b52f8 [Skip-CI] Add website to contact info 2024-08-06 13:03:04 +02:00
2b8de6b907 Merge branch 'main' of ssh://repo.prod.meissa.de:2222/meissa/c4k-forgejo 2024-08-05 08:58:47 +02:00
2d6f64b248 update federation 2024-08-05 08:58:14 +02:00
dbb96f1781 Merge branch 'forgejo-upgrade-new' 2024-08-01 10:08:39 +02:00
be80628785 [Skip-CI] Added "enable federation" to runbook 2024-07-31 11:59:37 +02:00
b133f89ea4 fix tests 2024-07-31 11:37:23 +02:00
c9f6d54ce1 update forgejo image version to 8.0 2024-07-31 11:30:57 +02:00
ba2b5157d4 [Skip-CI] added c4k-forgejo base version for upgrade to runbook 2024-07-31 11:29:00 +02:00
b21317268c bump version to: 3.5.1-SNAPSHOT 2024-07-31 11:22:13 +02:00
6bab8fcc39 release: 3.5.0 2024-07-31 11:22:13 +02:00
e1e032697d Added cmd for pod logs to Runbook 2024-07-31 10:16:47 +02:00
Clemens
26dba0b756 added namespace to runbook commands 2024-07-31 10:14:47 +02:00
5c521e2877 Added v8.0.0 upgrade to runbook 2024-07-31 10:02:36 +02:00
Clemens
6a291d962a added namespace to runbook commands 2024-07-31 09:40:16 +02:00
Clemens
3f0ce02da3 Added option for dedicated federation-enables and fixed tests 2024-07-31 09:39:06 +02:00
Clemens
a66f398d71 updated to forgejo version 7.0 2024-07-31 09:38:43 +02:00
670a45966d [Skip-CI] Add Analytics doc 2024-07-31 08:57:02 +02:00
gec
a9d1c57a64 Merge pull request 'Split generation of config- and auth-objects' (#5) from split-config-auth into main
Reviewed-on: #5
2024-07-19 09:29:31 +00:00
Clemens
97dace2030 updated deps 2024-07-19 11:27:03 +02:00
Clemens
c5fcec4985 adjust postgres function call 2024-07-19 10:59:32 +02:00
Clemens
3b10016fae added todo 2024-07-18 09:58:35 +02:00
Clemens
0d13edc8d3 fix auth calls 2024-07-18 09:31:42 +02:00
Clemens
2c3a031081 adjust auth-objects signature 2024-07-18 08:55:00 +02:00
Clemens
0055eb3435 adjusted configs 2024-07-17 15:33:30 +02:00
Clemens
d3dd3ca5ef split auth and config 2024-07-17 14:18:08 +02:00
Clemens
d5d4dd5b43 fix -v option 2024-07-17 08:29:14 +02:00
3a7c868f36 [Skip-CI] Add Analytics doc 2024-07-10 14:00:41 +02:00
Clemens
c8ad539a25 added namespace to runbook commands 2024-07-10 11:39:46 +02:00
Clemens
bf89f3c5a9 Merge branch 'main' into forgejo-upgrade 2024-07-10 10:03:38 +02:00
Clemens
11123e253f bump version to: 3.4.5-SNAPSHOT 2024-07-10 10:02:16 +02:00
Clemens
786c06cc0a release: 3.4.4 2024-07-10 10:02:16 +02:00
ba649f4c28 Use ratelimit from common 2024-07-10 09:51:32 +02:00
ecbe0feae4 [Skip-CI] Add todos 2024-07-09 16:22:45 +02:00
78beb0c099 Merge branch 'main' into forgejo-upgrade 2024-07-09 15:30:48 +02:00
01914f8d16 bump version to: 3.4.4-SNAPSHOT 2024-07-09 14:51:47 +02:00
7ccdf13af8 release: 3.4.3 2024-07-09 14:51:47 +02:00
6122e9139b Lift postgres config from k8s-objects
Add merge namespace in let.
2024-07-09 14:48:52 +02:00
076bfd4d72 bump version to: 3.4.3-SNAPSHOT 2024-07-09 12:07:26 +02:00
665008c1aa release: 3.4.2 2024-07-09 12:07:26 +02:00
574cc0f76b Use non deprecated functions 2024-07-09 12:05:29 +02:00
b5b45f8c1c Add missing namespace kw 2024-07-09 12:05:29 +02:00
Clemens
85d3070eb8 Merge branch 'main' into forgejo-upgrade 2024-07-09 11:47:55 +02:00
b618da8bed bump version to: 3.4.2-SNAPSHOT 2024-07-09 11:45:38 +02:00
Clemens
07eb505d53 Added option for dedicated federation-enables and fixed tests 2024-07-09 11:26:39 +02:00
Clemens
24bf119589 updated to forgejo version 7.0 2024-07-09 11:10:40 +02:00
39 changed files with 502 additions and 619 deletions

View file

@ -1,7 +1,7 @@
# convention 4 kubernetes: c4k-forgejo # convention 4 kubernetes: c4k-forgejo
[![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-forgejo.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-forgejo) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/commits/main) [![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-forgejo.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-forgejo) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/commits/main)
[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa-gmbh.de/img/community/Mastodon_Logotype.svg" width=20 alt="team@social.meissa-gmbh.de"> team@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@team) | [Website & Blog](https://domaindrivenarchitecture.org) [<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa.de/images/parts/contact/mastodon36_hue9b2464f10b18e134322af482b9c915e_5501_filter_14705073121015236177.png" width=20 alt="M"> meissa@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@meissa) | [Blog](https://domaindrivenarchitecture.org) | [Website](https://meissa.de)
## Purpose ## Purpose
@ -46,8 +46,8 @@ Development happens at: https://repo.prod.meissa.de/meissa/c4k-forgejo
Mirrors are: Mirrors are:
* https://codeberg.org/meissa/c4k-forgejo (Issues and PR)
* https://gitlab.com/domaindrivenarchitecture/c4k-forgejo (CI) * https://gitlab.com/domaindrivenarchitecture/c4k-forgejo (CI)
* https://codeberg.org/meissa/c4k-forgejo (issues and PR)
* https://github.com/DomainDrivenArchitecture/c4k-forgejo * https://github.com/DomainDrivenArchitecture/c4k-forgejo
For more details about our repository model see: https://repo.prod.meissa.de/meissa/federate-your-repos For more details about our repository model see: https://repo.prod.meissa.de/meissa/federate-your-repos
@ -55,6 +55,6 @@ For more details about our repository model see: https://repo.prod.meissa.de/mei
## License ## License
Copyright © 2023 meissa GmbH Copyright © 2023, 2024 meissa GmbH
Licensed under the [Apache License, Version 2.0](LICENSE) (the "License") Licensed under the [Apache License, Version 2.0](LICENSE) (the "License")
Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE) Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE)

View file

@ -10,32 +10,32 @@
## Manual init the restic repository for the first time ## Manual init the restic repository for the first time
1. apply backup-and-restore pod: 1. apply backup-and-restore pod:
`kubectl scale deployment backup-restore --replicas=1` `kubectl -n forgejo scale deployment backup-restore --replicas=1`
2. exec into pod and execute restore pod (press tab to get your exact pod name) 2. exec into pod and execute restore pod (press tab to get your exact pod name)
`kubectl exec -it backup-restore-... -- /usr/local/bin/init.sh` `kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/init.bb`
3. remove backup-and-restore pod: 3. remove backup-and-restore pod:
`kubectl scale deployment backup-restore --replicas=0` `kubectl -n forgejo scale deployment backup-restore --replicas=0`
## Manual backup the restic repository for the first time ## Manual backup the restic repository for the first time
1. apply backup-and-restore pod: 1. apply backup-and-restore pod:
`kubectl scale deployment backup-restore --replicas=1` `kubectl -n forgejo scale deployment backup-restore --replicas=1`
2. exec into pod and execute backup pod (press tab to get your exact pod name) 2. exec into pod and execute backup pod (press tab to get your exact pod name)
`kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh` `kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/backup.bb`
3. remove backup-and-restore pod: 3. remove backup-and-restore pod:
`kubectl scale deployment backup-restore --replicas=0` `kubectl -n forgejo scale deployment backup-restore --replicas=0`
## Manual restore ## Manual restore
1. apply backup-and-restore pod: 1. apply backup-and-restore pod:
`kubectl scale deployment backup-restore --replicas=1` `kubectl -n forgejo scale deployment backup-restore --replicas=1`
2. Scale down forgejo deployment: 2. Scale down forgejo deployment:
`kubectl scale deployment forgejo --replicas=0` `kubectl -n forgejo scale deployment forgejo --replicas=0`
3. exec into pod and execute restore pod (press tab to get your exact pod name) 3. exec into pod and execute restore pod (press tab to get your exact pod name)
`kubectl exec -it backup-restore-... -- /usr/local/bin/restore.sh` `kubectl -n forgejo exec -it backup-restore-... -- /usr/local/bin/restore.bb`
4. Start forgejo again: 4. Start forgejo again:
`kubectl scale deployment forgejo --replicas=1` `kubectl -n forgejo scale deployment forgejo --replicas=1`
5. remove backup-and-restore pod: 5. remove backup-and-restore pod:
`kubectl scale deployment backup-restore --replicas=0` `kubectl -n forgejo scale deployment backup-restore --replicas=0`

View file

@ -1,41 +0,0 @@
# Release process
## ... for testing (snapshots)
Make sure your clojars.org credentials are correctly set in your ~/.lein/profiles.clj file.
``` bash
git add .
git commit
```
``` bash
lein deploy # or lein deploy clojars
```
## ... for stable release
Make sure tags are protected in gitlab:
Repository Settings -> Protected Tags -> set \*.\*.\* as tag and save.
``` bash
git checkout main # for old projects replace main with master
git add .
git commit
```
Execute tests
``` bash
shadow-cljs compile test
node target/node-tests.js
lein test
```
Release with type (NONE, PATCH, MINOR, MAJOR):
``` bash
RELEASE_TYPE=[TYPE] pyb prepare_release after_publish
```
Done.

View file

@ -0,0 +1,135 @@
# Playbook Upgrade from 1.19 to 7.0.5
## Info: Relevant Breaking Changes:
* 1.19.3: First version under consideration
* 1.20.1-0: Breaking https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#1-20-1-0
* 1.21.1-0: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#1-21-1-0
* 7.0.0: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-0
* 8.0.0: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#8-0-0
## Preparations
1. Stop Forgejo Prod: `k scale deployment forgejo --replicas=0`
1. Disable Backup Cron: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
1. Scale up Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1`
1. Execute Manual Backup: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh`
### Create 2nd Repo Prod Server
1. Terraform Preparations for 2nd Server: TODO
1. Install c4k-forgejo Version `3.5.0`!
with config `"forgejo-image-version-overwrite": "1.19.3-0"` (in server-setup)
1. Stop Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Disable Backup Cron: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
1. Scale up Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
1. Restore Forgejo Backup: See [BackupAndRestore.md](BackupAndRestore.md)
1. Check for `..._INSTALL_LOCK: true` in ConfigMap `forgejo-env`
1. Scale up Forgejo Deployment and check for (startup) problems: `k scale -n forgejo deployment forgejo --replicas=1`
## Upgrade to 1.20.1-0
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
1. Remove `FORGEJO__database__CHARSET: utf8` (This was a misconfiguration, since this option only had effect for mysql dbs)
1. Change `FORGEJO__mailer__MAILER_TYPE: smtp+startls` TO `FORGEJO__mailer__PROTOCOL: smtp+starttls` (Missed deprecation from 1.19)
1. Change `FORGEJO__service__EMAIL_DOMAIN_WHITELIST: repo.test.meissa.de` TO `FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: repo.test.meissa.de` (Fallback deprecation in 1.21)
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Set version to `1.20.1-0` with `k edit -n forgejo deployment forgejo`
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
1. Check for errors: `k logs -n forgejo forgejo-...`
## Upgrade to 1.21.1-0
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Set version to `1.21.1-0` with `k edit -n forgejo deployment forgejo`
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
1. Check for errors: `k logs -n forgejo forgejo-...`
1. After upgrading, login as an admin, go to the `/admin` page and click run `Sync missed branches from git data to databases` (`Fehlende Branches aus den Git-Daten in die Datenbank synchronisieren`). If this is not done there will be messages such as `LoadBranches: branch does not exist in the logs`.
## Upgrade to 7.0.0
1. Check DB Version.
1. MariaDB or MySQL needs to be 8.0 or higher.
2. Postgres needs to be 12 or higher
1. API Endpoints
1. Check if the [/repos/{owner}/{repo}/releases](https://code.forgejo.org/api/swagger/#/repository/repoListReleases) API endpoint is used
1. as the per_page param is not used for [limit](https://codeberg.org/forgejo/forgejo/commit/0aab2d38a7d91bc8caff332e452364468ce52d9a) anymore
2. Check if [/repos/{owner}/{repo}/push_mirrors](https://code.forgejo.org/api/swagger/#/repository/repoListPushMirrors) and [/repos/{owner}/{repo}/push_mirrors](https://code.forgejo.org/api/swagger/#/repository/repoAddPushMirror) API endpoints are used
1. The date format of created and last_update fields are now [timestamps](https://codeberg.org/forgejo/forgejo/commit/0ee7cbf725f45650136be45f8e0f74d395f73b5c)
3. [pprof](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#server-server) endpoint changed labels
1. graceful-lifecycle to gracefulLifecycle
2. process-type to processType
3. process-description to processDescription This allows for those endpoints to be scraped by services requiring prometheus style labels such as grafana-agent.
1. The Gitea themes were renamed and the \[ui\].THEMES setting must be changed as follows:
1. gitea is replaced by gitea-light
2. arc-green is replaced by gitea-dark
3. auto is replaced by gitea-auto
1. Migration warning
2. If the logs show a line like the following, run `doctor convert` to fix it.
3. Current database is using a case-insensitive collation "utf8mb4_general_ci"
4. Large instances may experience slow migrations when the database is upgraded to support SHA-256 git repositories.
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
1. Change `FORGEJO__oauth2__ENABLE: "true"` TO `FORGEJO__oauth2__ENABLED: "true"`
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Set version to `7.0.0` with `k edit -n forgejo deployment forgejo`
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
1. Check for errors: `k logs -n forgejo forgejo-...`
## Upgrade to 8.0.3 (no relevant breaking changes)
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Set version to `8.0.3` with `k edit -n forgejo deployment forgejo`
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
1. Check for errors: `k logs -n forgejo forgejo-...`
## Enable Federation
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
1. Change `FORGEJO__federation__ENABLED: "false"` TO `FORGEJO__federation__ENABLED: "true"`
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
1. Check for errors: `k logs -n forgejo forgejo-...`
## Post Work
1. Switch DNS to new server
1. Reenable Backup Cron on new server: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : false }}'`
1. Execute manual Backup on new server: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh`
1. Scale down Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
1. The scope of all access tokens might (invisibly) have changed (in v1.20). Thus, rotate all tokens!
1. Users should check their ssh keys: if they use rsa keys the minimum length should be 3072 bits! However, shorter keys should still work.
## Known Errors
### Error in v1.20.1-0
In the logs the following error can be found. This will be resolved automatically with the next upgrade (v1.21).
```
2024/07/08 08:31:30 ...g/config_provider.go:321:deprecatedSetting() [E] Deprecated fallback `[log]` `ROUTER` present. Use `[log]` `logger.router.MODE` instead. This fallback will be/has been removed in 1.21
```
# Add Shynet Analytics
1. Log into shynet & create new Service
1. Copy the generated html snippet and save it somewhere you remember
1. SSH into prod server
1. Make the necessary folders and files in forgejo data dir:
1. `kubectl exec -n forgejo -it forgejo-... -- bash`
1. `mkdir -p /data/gitea/templates/custom`
1. `touch /data/gitea/templates/custom/footer.tmpl`
1. Open the `footer.tmpl` and paste the saved snippet
1. Restart the pod
1. `k scale -n forgejo deployment forgejo --replicas=0`
1. `k scale -n forgejo deployment forgejo --replicas=1`
1. Add Information about analytics: Clone Datenschutz Repo
1. `git clone ssh://git@repo.prod.meissa.de:2222/meissa/Datenschutz.git`
1. Merge forgejo-upgrade into main
1. `git merge forgejo-upgrade`
1. Push to origin
1. `git push`

View file

@ -1,87 +0,0 @@
# Playbook Upgrade from 1.19 to 7.0.5
## Info: Relevant Breaking Changes:
* 1.19.3:Current version
* 1.20.1-0: Breaking https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#1-20-1-0
* 1.21.1-0: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#1-21-1-0
* 7.0.0: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-0
## Preparations
1. Stop Forgejo Prod: `k scale deployment forgejo --replicas=0`
1. Disable Backup Cron: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
1. Scale up Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1`
1. Execute Manual Backup: `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh`
### Create 2nd Repo Prod Server
1. Terraform Preparations for 2nd Server: TODO
1. Install c4k-forgejo Version TODO
with config `"forgejo-image-version-overwrite": "1.19.3-0"`
1. Stop Forgejo Deployment: `k scale deployment forgejo --replicas=0`
1. Disable Backup Cron: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
1. Scale up Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1`
1. Restore Forgejo Backup: See [BackupAndRestore.md](BackupAndRestore.md)
1. Check for `..._INSTALL_LOCK: true` in ConfigMap `forgejo-env`
1. Scale up Forgejo Deployment and check for (startup) problems: `k scale deployment forgejo --replicas=1`
## Upgrade to 1.20.1-0
1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0`
1. Adjust configmap: `k edit cm forgejo-env`
1. Remove `FORGEJO__database__CHARSET: utf8` (This was a misconfiguration, since this option only had effect for mysql dbs)
1. Change `FORGEJO__mailer__MAILER_TYPE: smtp+startls` TO `FORGEJO__mailer__PROTOCOL: smtp+starttls` (Missed deprecation from 1.19)
1. Change `FORGEJO__service__EMAIL_DOMAIN_WHITELIST: repo.test.meissa.de` TO `FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: repo.test.meissa.de` (Fallback deprecation in 1.21)
1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Set version to `1.20.1-0` with `k edit deployment forgejo`
1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1`
1. Check for errors
## Upgrade to 1.21.1-0
1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0`
1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Set version to `1.21.1-0` with `k edit deployment forgejo`
1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1`
1. Check for errors
1. After upgrading, login as an admin, go to the `/admin` page and click run `Sync missed branches from git data to databases` (`Fehlende Branches aus den Git-Daten in die Datenbank synchronisieren`). If this is not done there will be messages such as `LoadBranches: branch does not exist in the logs`.
## Upgrade to 7.0.0
1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0`
1. Adjust configmap: `k edit cm forgejo-env`
1. Change `FORGEJO__oauth2__ENABLE: "true"` TO `FORGEJO__oauth2__ENABLED: "true"`
1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Set version to `7.0.0` with `k edit deployment forgejo`
1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1`
1. Check for errors
## Upgrade to 7.0.5 (no breaking changes)
TODO: Upgrade to 8.0.0 instead after Release!
1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0`
1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
1. Set version to `7.0.5` with `k edit deployment forgejo`
1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1`
1. Check for errors
## Post Work
1. Switch DNS to new server
1. Reenable Backup Cron on new server: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : false }}'`
1. Execute manual Backup on new server: `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh`
1. Scale down Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1`
1. The scope of all access tokens might (invisibly) have changed (in v1.20). Thus, rotate all tokens!
1. Users should check their ssh keys: if they use rsa keys the minimum length should be 3072 bits! However, shorter keys should still work.
## Known Errors
### Error in v1.20.1-0
In the logs the following error can be found. This will be resolved automatically with the next upgrade (v1.21).
```
2024/07/08 08:31:30 ...g/config_provider.go:321:deprecatedSetting() [E] Deprecated fallback `[log]` `ROUTER` present. Use `[log]` `logger.router.MODE` instead. This fallback will be/has been removed in 1.21
```

View file

@ -1,195 +0,0 @@
# Upgrading process
## adhoc (on kubernetes cluster)
Ssh into your kubernetes cluster running the forgejo instance.
``` bash
kubectl edit configmap forgejo-env
# make sure INSTALL_LOCK under security is set to true to disable the installation screen
# save and exit
kubectl edit deployments forgejo
# search for your current forgejo version, e.g. 1.19
# replace with new version
# save and exit
kubectl scale deployment forgejo --replicas=0
kubectl scale deployment forgejo --replicas=1
```
Logging into the admin account should now show the new version.
You may want to update your c4k-forgejo resources to reflect the changes made on the cluster.
## Upgrading from 1.19
### Config related issues with c4k-forgejo v3.2.2
These errors show in the log, when just upgrading to forgejo v7.0.4 from 1.19 without changing the config.
The related config options are listed below the errors.
- Oauth2: ENABLED instead of ENABLE
- `FORGEJO__oauth2__ENABLED: "true"`
- [E] Deprecated config option `[log]` `ROUTER` present. Use `[log]` `logger.router.MODE` instead.
- `FORGEJO__log_0x2E_logger_0x2E_router__MODE: console, file`
- [E] Deprecated config option `[service]` `EMAIL_DOMAIN_WHITELIST` present. Use `[service]
` `EMAIL_DOMAIN_ALLOWLIST` instead.
- `FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: YOUR_ALLOW_LIST`
- [E] Deprecated config option `[mailer]` `MAILER_TYPE` present. Use `[mailer]` `PROTOCOL`
instead.
- [E] Deprecated fallback `[mailer]` `PROTOCOL = smtp+startls` present. Use `[mailer]` `PROTOCOL = smtp+starttls`` instead.
- `FORGEJO__mailer__PROTOCOL: smtp+starttls`
### Breaking Changes since 1.19
#### 1.19.3 & 1.19.4: Version installed by c4k-forgejo v3.2.2
#### 1.20.1-0: Breaking https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#1-20-1-0
##### app.ini
- Check [queue] section - n/e
- Check [repository.editor] - n/e
- Check [storage] - n/e
- Check ssh_keygen_path in app.ini - n/e
- Is WORK_PATH set? Or app.ini writeable by forgejo server user?
- 1. No
- 2. Yes
- If not, it shows in the logs starting with: `Unable to update WORK_PATH`
- Also ssh pushing will likely fail
- *test ssh*
- Set logger.router.mode as described in environment-to-ini
- See: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/contrib/environment-to-ini
- Check [git.reflog] and maybe move to [git.config] - n/e
- Check [indexer], [mailer], [repository] - n/e
##### tokens
- Scoped and personal access tokens were refactored
- Scope may change, if we have tokens they should be rotated
#### 1.21.1-0: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#1-21-1-0
##### custom themes
- Move to `custom/public/assets/`
##### git branches
- `/admin` page and click run Sync missed branches from git data to databases.
##### db - mysql
- c4k uses postgres
##### ssh server
- We don't use host cert used for auth
##### ssh keys
- All users need to check their key length, now 3072
##### tokens
- Finer restrictions might now return 404 errors on users tokens in certain teams with certain restrictions
#### 7.0.0: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-0
##### webhooks
- Do we use webhooks?
##### db
- Psql min ver is 12, c4k-common uses 14+
##### api
- [/repos/{owner}/{repo}/releases](https://code.forgejo.org/api/swagger/#/repository/repoListReleases)
- [/repos/{owner}/{repo}/push_mirrors](https://code.forgejo.org/api/swagger/#/repository/repoListPushMirrors)
- Application profiling
##### repos
- Do we have repo descriptions?
- https://codeberg.org/forgejo/forgejo/commit/1075ff74b5050f671c5f9824ae39390230b3c85d
##### app.ini
- Check [ui] - n/e
### Vor dem Upgrade
- Host cert used for auth? - no
- Do we use webhooks? - no
- Do we use:
- [/repos/{owner}/{repo}/releases - repoListReleases](https://code.forgejo.org/api/swagger/#/repository/repoListReleases) - no
- In the ListReleases, the `per_page` parameter has been decoupled from the `limit` parameter, we do not use the repoListReleases endpoint
- In the `ArtifactDeploymentApi` in dda-devops-build we only use the `POST` method
- The respective endpoint is [repoCreateRelease](https://code.forgejo.org/api/swagger/#/repository/repoCreateRelease)
- [`/repos/{owner}/{repo}/push_mirrors`](https://code.forgejo.org/api/swagger/#/repository/repoListPushMirrors) - no
- Application profiling - no
- Do we have repo descriptions? - yes
- There is now a sanitizer that only allows links, emphasis, code and emojis
- See: https://codeberg.org/forgejo/forgejo/commit/1075ff74b5050f671c5f9824ae39390230b3c85d
- Our repository descriptions are mostly plaintext and links
### Upgrade plan
TEST indicates actions that only apply to the test server and are ignored in PROD.
PROD indicates actions that only apply to the prod server and are ignored in TEST.
See also the overview for upgrading: https://forgejo.org/docs/latest/admin/upgrade/
- Set up Forgejo server with c4k-forgejo v3.2.2
- Has Forgejo v1.19
- TEST
- Delete old remote ids
- `ssh-keygen -f "/home/${USER}/.ssh/known_hosts" -R "repo.test.meissa.de"`
- Ssh to server
- Forgejo pod downscale
- `k scale deployment forgejo --replicas=0`
- Install lock off
- `k edit cm forgejo-env`
- Set to `FORGEJO__security__INSTALL_LOCK: "false"`
- Forgejo pod upscale
- `k scale deployment forgejo --replicas=1`
- Create admin test or prod admin and install forgejo
- `gopass show server/meissa/forgejo-test` bzw `-prod`
- Forgejo pod downscale
- Install lock on
- Set to `FORGEJO__security__INSTALL_LOCK: "true"`
- TEST
- Forgejo pod upscale
- Log in
- Make Ssh keys
- ed_xyz
- rsa mit 2048
- rsa mit 4096
- Create repos
- Forgejo pod downscale
- PROD
- Backup pod upscale
- `k scale deployment backup-restore --replicas=1`
- Restore backups
- Delete or rename app.ini's in the pod
- Backup pod downscale
- `k scale deployment backup-restore --replicas=0`
- Set image version to 7.0.4 in forgejo deployment
- `k edit deployment.apps forgejo`
- Update configmap:
- Double check install lock enabled
- `FORGEJO__oauth2__ENABLED: "true"`
- `FORGEJO__log_0x2E_logger_0x2E_router__MODE: console, file`
- `FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST:`
- `FORGEJO__mailer__PROTOCOL: smtp+starttls`
- `FORGEJO__federation__ENABLED: true`
- TEST
- Backup pod upscale
- Delete or rename app.ini's in the pod
- Backup pod downscale
- Forgejo pod upscale
- Migrations happen automatically
- `/admin` page and click run Sync missed branches from git data to databases
- and **Sync missed tags ...*
- Rsa keys with size 2048 can not be added anymore. However, it seems they still can be used if they are on the server
- Team members having app tokens need to recreate them with proper scopes
- Add analytics: https://forgejo.org/docs/latest/admin/customization/

View file

@ -6,7 +6,7 @@ from ddadevops import *
name = "c4k-forgejo" name = "c4k-forgejo"
MODULE = "backup" MODULE = "backup"
PROJECT_ROOT_PATH = "../.." PROJECT_ROOT_PATH = "../.."
version = "3.4.1" version = "4.0.1-dev"
@init @init

View file

@ -1,5 +1,4 @@
FROM domaindrivenarchitecture/dda-backup:latest FROM domaindrivenarchitecture/dda-backup:latest
# Prepare Entrypoint Script
ADD resources /tmp ADD resources /tmp
RUN /tmp/install.sh RUN /tmp/install.bb

View file

@ -0,0 +1,46 @@
#!/usr/bin/env bb
(require
'[dda.backup.core :as bc]
'[dda.backup.restic :as rc]
'[dda.backup.postgresql :as pg]
'[dda.backup.backup :as bak])
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
(def file-config (merge restic-repo {:backup-path "files"
:execution-directory "/var/backups/"
:files ["gitea/" "git/repositories/"]}))
(def db-config (merge restic-repo {:backup-path "pg-database"
:pg-host (bc/env-or-file "POSTGRES_SERVICE")
:pg-port (bc/env-or-file "POSTGRES_PORT")
:pg-db (bc/env-or-file "POSTGRES_DB")
:pg-user (bc/env-or-file "POSTGRES_USER")
:pg-password (bc/env-or-file "POSTGRES_PASSWORD")}))
(def aws-config {:aws-access-key-id (bc/env-or-file "AWS_ACCESS_KEY_ID")
:aws-secret-access-key (bc/env-or-file "AWS_SECRET_ACCESS_KEY")})
(def dry-run {:dry-run true :debug true})
(defn prepare!
[]
(bc/create-aws-credentials! aws-config)
(pg/create-pg-pass! db-config))
(defn restic-repo-init!
[]
(rc/init! file-config)
(rc/init! db-config))
(defn restic-backup!
[]
(bak/backup-file! file-config)
(bak/backup-db! db-config))
(prepare!)
(restic-repo-init!)
(restic-backup!)

View file

@ -1,19 +0,0 @@
#!/bin/bash
set -Eexo pipefail
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
file_env RESTIC_DAYS_TO_KEEP 30
file_env RESTIC_MONTHS_TO_KEEP 12
backup-db-dump
backup-fs-from-directory '/var/backups/' 'gitea/' 'git/repositories/'
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
source /usr/local/lib/file-functions.sh
main

View file

@ -0,0 +1,3 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}

View file

@ -0,0 +1,3 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
org.domaindrivenarchitecture/dda-build {:mvn/version "0.1.1-SNAPSHOT"}}}

View file

@ -1,15 +0,0 @@
#!/bin/bash
set -Eexo pipefail
function main() {
create-pg-pass
while true; do
sleep 1m
done
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
main

View file

@ -1,13 +0,0 @@
#!/bin/bash
set -Eexo pipefail
function main() {
create-pg-pass
/usr/local/bin/backup.sh
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
main

View file

@ -0,0 +1,3 @@
#!/usr/bin/env bb
(println "initialized")

View file

@ -1,16 +0,0 @@
#!/bin/bash
set -Eexo pipefail
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
init-database-repo
init-file-repo
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
source /usr/local/lib/file-functions.sh
main

View file

@ -0,0 +1,14 @@
#!/usr/bin/env bb
(require
'[dda.image.ubuntu :as ub]
'[dda.image.install :as in])
(ub/upgrade-system!)
(in/install! "bb-backup.edn" :target-name "bb.edn" :mod "0400")
(in/install! "backup.bb")
(in/install! "restore.bb")
(in/install! "list-snapshots.bb")
(in/install! "wait.bb")
(ub/cleanup-container!)

View file

@ -1,21 +0,0 @@
#!/bin/bash
set -exo pipefail
function main()
{
upgradeSystem
install -m 0700 /tmp/entrypoint.sh /
install -m 0700 /tmp/entrypoint-start-and-wait.sh /
install -m 0700 /tmp/init.sh /usr/local/bin/
install -m 0700 /tmp/backup.sh /usr/local/bin/
install -m 0700 /tmp/restore.sh /usr/local/bin/
install -m 0700 /tmp/restic-snapshots.sh /usr/local/bin/
cleanupDocker
} > /dev/null
source /tmp/install_functions_debian.sh
DEBIAN_FRONTEND=noninteractive DEBCONF_NOWARNINGS=yes main

View file

@ -0,0 +1,28 @@
#!/usr/bin/env bb
(require
'[dda.backup.core :as bc]
'[dda.backup.restic :as rc])
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
(def file-config (merge restic-repo {:backup-path "files"}))
(def db-config (merge restic-repo {:backup-path "pg-database"}))
(def aws-config {:aws-access-key-id (bc/env-or-file "AWS_ACCESS_KEY_ID")
:aws-secret-access-key (bc/env-or-file "AWS_SECRET_ACCESS_KEY")})
(defn prepare!
[]
(bc/create-aws-credentials! aws-config))
(defn list-snapshots!
[]
(rc/list-snapshots! file-config)
(rc/list-snapshots! db-config))
(prepare!)
(list-snapshots!)

View file

@ -1,16 +0,0 @@
#!/bin/bash
set -exo pipefail
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
restic -r ${RESTIC_REPOSITORY}/files snapshots
restic -r ${RESTIC_REPOSITORY}/pg-database snapshots
}
source /usr/local/lib/functions.sh
source /usr/local/lib/file-functions.sh
main

View file

@ -0,0 +1,46 @@
#!/usr/bin/env bb
(require '[babashka.tasks :as tasks]
'[dda.backup.core :as bc]
'[dda.backup.postgresql :as pg]
'[dda.backup.restore :as rs])
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
(def file-config (merge restic-repo {:backup-path "files"
:restore-target-directory "/var/backups/restore"
:snapshot-id "latest"}))
(def db-config (merge restic-repo {:backup-path "pg-database"
:pg-host (bc/env-or-file "POSTGRES_SERVICE")
:pg-port (bc/env-or-file "POSTGRES_PORT")
:pg-db (bc/env-or-file "POSTGRES_DB")
:pg-user (bc/env-or-file "POSTGRES_USER")
:pg-password (bc/env-or-file "POSTGRES_PASSWORD")
:snapshot-id "latest"}))
(def aws-config {:aws-access-key-id (bc/env-or-file "AWS_ACCESS_KEY_ID")
:aws-secret-access-key (bc/env-or-file "AWS_SECRET_ACCESS_KEY")})
(def dry-run {:dry-run true :debug true})
(defn prepare!
[]
(pg/create-pg-pass! db-config)
(bc/create-aws-credentials! aws-config))
(defn restic-restore!
[]
(rs/restore-file! file-config)
(tasks/shell ["bash" "-c" "rm -rf /var/backups/gitea/*"])
(tasks/shell ["bash" "-c" "rm -rf /var/backups/git/repositories/*"])
(tasks/shell ["mv" "/var/backups/restore/gitea" "/var/backups/"])
(tasks/shell ["mv" "/var/backups/restore/git/repositories" "/var/backups/git/"])
(tasks/shell ["chown" "-R" "1000:1000" "/var/backups"])
(pg/drop-create-db! (merge db-config {:debug true}))
(rs/restore-db! (merge db-config {:debug true})))
(prepare!)
(restic-restore!)

View file

@ -1,37 +0,0 @@
#!/bin/bash
set -Eexo pipefail
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
# Restore latest snapshot into /var/backups/restore
restore-directory '/var/backups/restore'
rm -rf /var/backups/gitea/*
rm -rf /var/backups/git/repositories/*
cp -r /var/backups/restore/gitea /var/backups/ #ToDo: mv instead of cp or rm -rf after
cp -r /var/backups/restore/git/repositories /var/backups/git/ #ToDo: mv instead of cp or rm -rf after
# adjust file permissions for the git user
chown -R 1000:1000 /var/backups
# TODO: Regenerate Git Hooks? Do we need this?
#/usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks
# Restore db
drop-create-db
restore-db
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
source /usr/local/lib/file-functions.sh
main

View file

@ -0,0 +1,27 @@
#!/usr/bin/env bb
(require
'[dda.backup.core :as bc]
'[dda.backup.postgresql :as pg])
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
(def db-config (merge restic-repo {:backup-path "pg-database"
:pg-host (bc/env-or-file "POSTGRES_SERVICE")
:pg-port (bc/env-or-file "POSTGRES_PORT")
:pg-db (bc/env-or-file "POSTGRES_DB")
:pg-user (bc/env-or-file "POSTGRES_USER")
:pg-password (bc/env-or-file "POSTGRES_PASSWORD")}))
(defn prepare!
[]
(pg/create-pg-pass! db-config))
(defn wait! []
(while true
(Thread/sleep 1000)))
(prepare!)
(wait!)

View file

@ -0,0 +1,4 @@
FROM c4k-forgejo-backup:latest
ADD resources /tmp/
RUN ENV_PASSWORD=env-password FILE_PASSWORD_FILE=/tmp/file_password /tmp/test.bb

View file

@ -0,0 +1,3 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}

View file

@ -0,0 +1,62 @@
#!/usr/bin/env bb
(require '[babashka.tasks :as tasks]
'[dda.backup.core :as bc]
'[dda.backup.restic :as rc]
'[dda.backup.postgresql :as pg]
'[dda.backup.backup :as bak]
'[dda.backup.restore :as rs])
(def restic-repo {:password-file "restic-pwd"
:restic-repository "restic-repo"})
(def file-config (merge restic-repo {:backup-path "files"
:files ["test-backup"]
:restore-target-directory "test-restore"}))
(def db-config (merge restic-repo {:backup-path "db"
:pg-db "mydb"
:pg-user "user"
:pg-password "password"}))
(def dry-run {:dry-run true :debug true})
(defn prepare!
[]
(spit "/tmp/file_password" "file-password")
(println (bc/env-or-file "FILE_PASSWORD"))
(println (bc/env-or-file "ENV_PASSWORD"))
(spit "restic-pwd" "ThePassword")
(tasks/shell "mkdir" "-p" "test-backup")
(spit "test-backup/file" "I was here")
(tasks/shell "mkdir" "-p" "test-restore")
(pg/create-pg-pass! db-config))
(defn restic-repo-init!
[]
(rc/init! file-config)
(rc/init! (merge db-config dry-run)))
(defn restic-backup!
[]
(bak/backup-file! file-config)
(bak/backup-db! (merge db-config dry-run)))
(defn list-snapshots!
[]
(rc/list-snapshots! file-config)
(rc/list-snapshots! (merge db-config dry-run)))
(defn restic-restore!
[]
(rs/restore-file! file-config)
(pg/drop-create-db! (merge db-config dry-run))
(rs/restore-db! (merge db-config dry-run)))
(prepare!)
(restic-repo-init!)
(restic-backup!)
(list-snapshots!)
(restic-restore!)

View file

@ -6,7 +6,7 @@ from ddadevops import *
name = 'c4k-forgejo' name = 'c4k-forgejo'
MODULE = 'federated' MODULE = 'federated'
PROJECT_ROOT_PATH = '../..' PROJECT_ROOT_PATH = '../..'
version = "3.4.1" version = "4.0.1-dev"
@init @init
def initialize(project): def initialize(project):

View file

@ -2,7 +2,7 @@
"name": "c4k-forgejo", "name": "c4k-forgejo",
"description": "Generate c4k yaml for a forgejo deployment.", "description": "Generate c4k yaml for a forgejo deployment.",
"author": "meissa GmbH", "author": "meissa GmbH",
"version": "3.4.1", "version": "4.0.1-SNAPSHOT",
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-forgejo#readme", "homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-forgejo#readme",
"repository": "https://www.npmjs.com/package/c4k-forgejo", "repository": "https://www.npmjs.com/package/c4k-forgejo",
"license": "APACHE2", "license": "APACHE2",

View file

@ -1,16 +1,17 @@
(defproject org.domaindrivenarchitecture/c4k-forgejo "3.4.1" (defproject org.domaindrivenarchitecture/c4k-forgejo "4.0.1-SNAPSHOT"
:description "forgejo c4k-installation package" :description "forgejo c4k-installation package"
:url "https://domaindrivenarchitecture.org" :url "https://domaindrivenarchitecture.org"
:license {:name "Apache License, Version 2.0" :license {:name "Apache License, Version 2.0"
:url "https://www.apache.org/licenses/LICENSE-2.0.html"} :url "https://www.apache.org/licenses/LICENSE-2.0.html"}
:dependencies [[org.clojure/clojure "1.11.3" :scope "provided"] :dependencies [[org.clojure/clojure "1.11.4" :scope "provided"]
[org.clojure/tools.reader "1.4.2"] [org.clojure/tools.reader "1.5.0"]
[org.domaindrivenarchitecture/c4k-common-clj "6.4.1"] [org.domaindrivenarchitecture/c4k-common-clj "8.0.0"]
[hickory "0.7.1" :exclusions [viebel/codox-klipse-theme]]] [hickory "0.7.1" :exclusions [viebel/codox-klipse-theme]]]
:target-path "target/%s/" :target-path "target/%s/"
:source-paths ["src/main/cljc" :source-paths ["src/main/cljc"
"src/main/clj"] "src/main/clj"]
:resource-paths ["src/main/resources"] :resource-paths ["src/main/resources"
"project.clj"]
:repositories [["snapshots" :clojars] :repositories [["snapshots" :clojars]
["releases" :clojars]] ["releases" :clojars]]
:deploy-repositories [["snapshots" {:sign-releases false :url "https://clojars.org/repo"}] :deploy-repositories [["snapshots" {:sign-releases false :url "https://clojars.org/repo"}]
@ -23,9 +24,9 @@
:main dda.c4k-forgejo.uberjar :main dda.c4k-forgejo.uberjar
:uberjar-name "c4k-forgejo-standalone.jar" :uberjar-name "c4k-forgejo-standalone.jar"
:dependencies [[org.clojure/tools.cli "1.1.230"] :dependencies [[org.clojure/tools.cli "1.1.230"]
[ch.qos.logback/logback-classic "1.5.6" [ch.qos.logback/logback-classic "1.5.7"
:exclusions [com.sun.mail/javax.mail]] :exclusions [com.sun.mail/javax.mail]]
[org.slf4j/jcl-over-slf4j "2.0.13"] [org.slf4j/jcl-over-slf4j "2.0.16"]
[com.github.clj-easy/graal-build-time "1.0.5"]]}} [com.github.clj-easy/graal-build-time "1.0.5"]]}}
:release-tasks [["test"] :release-tasks [["test"]
["vcs" "assert-committed"] ["vcs" "assert-committed"]

View file

@ -4,7 +4,7 @@
"src/test/cljc" "src/test/cljc"
"src/test/cljs" "src/test/cljs"
"src/test/resources"] "src/test/resources"]
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "6.4.1"] :dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "8.0.0"]
[hickory "0.7.1"]] [hickory "0.7.1"]]
:builds {:frontend {:target :browser :builds {:frontend {:target :browser
:modules {:main {:init-fn dda.c4k-forgejo.browser/init}} :modules {:main {:init-fn dda.c4k-forgejo.browser/init}}

View file

@ -7,10 +7,11 @@
(set! *warn-on-reflection* true) (set! *warn-on-reflection* true)
(defn -main [& cmd-args] (defn -main [& cmd-args]
(uberjar/main-common (uberjar/main-cm
"c4k-forgejo" "c4k-forgejo"
core/config? core/config?
core/auth? core/auth?
core/config-defaults core/config-defaults
core/k8s-objects core/config-objects
core/auth-objects
cmd-args)) cmd-args))

View file

@ -1,24 +1,33 @@
(ns dda.c4k-forgejo.core (ns dda.c4k-forgejo.core
(:require (:require
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
[dda.c4k-common.yaml :as yaml] [dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm] [dda.c4k-common.common :as cm]
[dda.c4k-common.monitoring :as mon] [dda.c4k-common.monitoring :as mon]
[dda.c4k-forgejo.forgejo :as forgejo] [dda.c4k-forgejo.forgejo :as forgejo]
[dda.c4k-forgejo.backup :as backup] [dda.c4k-forgejo.backup :as backup]
[dda.c4k-common.postgres :as postgres] [dda.c4k-common.postgres :as postgres]
[dda.c4k-common.namespace :as ns])) [dda.c4k-common.namespace :as ns]))
(def config-defaults {:issuer "staging", :deploy-federated "false"}) (def config-defaults {:namespace "forgejo"
:issuer "staging"
:deploy-federated "false"
:federation-enabled "false"
:db-name "forgejo"
:pv-storage-size-gb 5
:pvc-storage-class-name ""
:postgres-image "postgres:14"
:postgres-size :2gb})
(def rate-limit-defaults {:max-rate 10, :max-concurrent-requests 5}) (def rate-limit-defaults {:max-rate 10, :max-concurrent-requests 5})
(def config? (s/keys :req-un [::forgejo/fqdn (def config? (s/keys :req-un [::forgejo/fqdn
::forgejo/mailer-from ::forgejo/mailer-from
::forgejo/mailer-host ::forgejo/mailer-host
::forgejo/mailer-port ::forgejo/mailer-port
::forgejo/service-noreply-address] ::forgejo/service-noreply-address]
:opt-un [::forgejo/issuer :opt-un [::forgejo/issuer
::forgejo/deploy-federated ::forgejo/deploy-federated
::forgejo/federation-enabled
::forgejo/default-app-name ::forgejo/default-app-name
::forgejo/service-domain-whitelist ::forgejo/service-domain-whitelist
::forgejo/forgejo-image-version-overwrite ::forgejo/forgejo-image-version-overwrite
@ -33,33 +42,39 @@
(def vol? (s/keys :req-un [::forgejo/volume-total-storage-size])) (def vol? (s/keys :req-un [::forgejo/volume-total-storage-size]))
(defn k8s-objects [config auth] ; ToDo: ADR for generate functions - vector or no vector? (defn config-objects [config] ; ToDo: ADR for generate functions - vector or no vector?
(let [storage-class (if (contains? config :postgres-data-volume-path) :manual :local-path)] (let [storage-class (if (contains? config :postgres-data-volume-path) :manual :local-path)]
(map yaml/to-string (map yaml/to-string
(filter #(not (nil? %)) (filter #(not (nil? %))
(cm/concat-vec (cm/concat-vec
(ns/generate (merge {:namespace "forgejo"} config)) (ns/generate config)
[(postgres/generate-config {:postgres-size :2gb :db-name "forgejo"}) [(postgres/generate-configmap config)
(postgres/generate-secret auth)
(when (contains? config :postgres-data-volume-path) (when (contains? config :postgres-data-volume-path)
(postgres/generate-persistent-volume (select-keys config [:postgres-data-volume-path :pv-storage-size-gb]))) (postgres/generate-persistent-volume (select-keys config [:postgres-data-volume-path :pv-storage-size-gb])))
(postgres/generate-pvc {:pv-storage-size-gb 5 (postgres/generate-pvc (merge config {:pvc-storage-class-name storage-class}))
:pvc-storage-class-name storage-class}) (postgres/generate-deployment config)
(postgres/generate-deployment {:postgres-image "postgres:14"
:postgres-size :2gb})
(postgres/generate-service config) (postgres/generate-service config)
(forgejo/generate-deployment config) (forgejo/generate-deployment config)
(forgejo/generate-service) (forgejo/generate-service)
(forgejo/generate-service-ssh) (forgejo/generate-service-ssh)
(forgejo/generate-data-volume config) (forgejo/generate-data-volume config)
(forgejo/generate-appini-env config) (forgejo/generate-appini-env config)]
(forgejo/generate-secrets auth) (forgejo/generate-ratelimit-ingress-and-cert config) ; this function has a vector as output
(forgejo/generate-rate-limit-middleware rate-limit-defaults)] ; this does not have a vector as output
(forgejo/generate-rate-limit-ingress-and-cert (merge {:namespace "forgejo"} config)) ; this function has a vector as output
(when (contains? config :restic-repository) (when (contains? config :restic-repository)
[(backup/generate-config config) [(backup/generate-config config)
(backup/generate-secret auth)
(backup/generate-cron) (backup/generate-cron)
(backup/generate-backup-restore-deployment config)]) (backup/generate-backup-restore-deployment config)])
(when (:contains? config :mon-cfg) (when (contains? config :mon-cfg)
(mon/generate (:mon-cfg config) (:mon-auth auth)))))))) (mon/generate-config)))))))
(defn auth-objects [config auth]
(map yaml/to-string
(filter #(not (nil? %))
(cm/concat-vec
(ns/generate config)
[(postgres/generate-secret config auth)
(forgejo/generate-secrets auth)]
(when (contains? config :restic-repository)
[(backup/generate-secret auth)])
(when (contains? config :mon-cfg)
(mon/generate-auth (:mon-cfg config) (:mon-auth auth)))))))

View file

@ -33,6 +33,7 @@
(s/def ::default-app-name string?) (s/def ::default-app-name string?)
(s/def ::fqdn pred/fqdn-string?) (s/def ::fqdn pred/fqdn-string?)
(s/def ::deploy-federated boolean-string?) (s/def ::deploy-federated boolean-string?)
(s/def ::federation-enabled boolean-string?)
(s/def ::mailer-from pred/bash-env-string?) (s/def ::mailer-from pred/bash-env-string?)
(s/def ::mailer-host pred/bash-env-string?) (s/def ::mailer-host pred/bash-env-string?)
(s/def ::mailer-port pred/bash-env-string?) (s/def ::mailer-port pred/bash-env-string?)
@ -53,6 +54,7 @@
::service-noreply-address] ::service-noreply-address]
:opt-un [::issuer :opt-un [::issuer
::deploy-federated ::deploy-federated
::federation-enabled
::default-app-name ::default-app-name
::service-domain-whitelist ::service-domain-whitelist
::forgejo-image-version-overwrite])) ::forgejo-image-version-overwrite]))
@ -67,11 +69,11 @@
(defn data-storage-by-volume-size (defn data-storage-by-volume-size
[total] [total]
total) total)
;;TODO: remove unneccessaries, fedaration is merged
(def federated-image-name "domaindrivenarchitecture/c4k-forgejo-federated") (def federated-image-name "domaindrivenarchitecture/c4k-forgejo-federated")
(def federated-image-version "latest") (def federated-image-version "latest")
(def non-federated-image-name "codeberg.org/forgejo/forgejo") (def non-federated-image-name "codeberg.org/forgejo/forgejo")
(def non-federated-image-version "1.19") (def non-federated-image-version "8.0.3")
(defn-spec generate-image-str string? (defn-spec generate-image-str string?
[config config?] [config config?]
@ -88,7 +90,7 @@
(defn generate-appini-env (defn generate-appini-env
[config] [config]
(let [{:keys [default-app-name (let [{:keys [default-app-name
deploy-federated federation-enabled
fqdn fqdn
mailer-from mailer-from
mailer-host mailer-host
@ -97,7 +99,7 @@
service-noreply-address] service-noreply-address]
:or {default-app-name "forgejo instance" :or {default-app-name "forgejo instance"
service-domain-whitelist fqdn}} config service-domain-whitelist fqdn}} config
deploy-federated-bool (boolean-from-string deploy-federated)] federation-enabled-bool (boolean-from-string federation-enabled)]
(-> (->
(yaml/load-as-edn "forgejo/appini-env-configmap.yaml") (yaml/load-as-edn "forgejo/appini-env-configmap.yaml")
(cm/replace-all-matching-values-by-new-value "APPNAME" default-app-name) (cm/replace-all-matching-values-by-new-value "APPNAME" default-app-name)
@ -109,7 +111,7 @@
(cm/replace-all-matching-values-by-new-value "WHITELISTDOMAINS" service-domain-whitelist) (cm/replace-all-matching-values-by-new-value "WHITELISTDOMAINS" service-domain-whitelist)
(cm/replace-all-matching-values-by-new-value "NOREPLY" service-noreply-address) (cm/replace-all-matching-values-by-new-value "NOREPLY" service-noreply-address)
(cm/replace-all-matching-values-by-new-value "IS_FEDERATED" (cm/replace-all-matching-values-by-new-value "IS_FEDERATED"
(if deploy-federated-bool (if federation-enabled-bool
"true" "true"
"false"))))) "false")))))
@ -121,40 +123,22 @@
mailer-pw]} auth] mailer-pw]} auth]
(-> (->
(yaml/load-as-edn "forgejo/secrets.yaml") (yaml/load-as-edn "forgejo/secrets.yaml")
(cm/replace-all-matching-values-by-new-value "DBUSER" (b64/encode postgres-db-user)) (cm/replace-all-matching "DBUSER" (b64/encode postgres-db-user))
(cm/replace-all-matching-values-by-new-value "DBPW" (b64/encode postgres-db-password)) (cm/replace-all-matching "DBPW" (b64/encode postgres-db-password))
(cm/replace-all-matching-values-by-new-value "MAILERUSER" (b64/encode mailer-user)) (cm/replace-all-matching "MAILERUSER" (b64/encode mailer-user))
(cm/replace-all-matching-values-by-new-value "MAILERPW" (b64/encode mailer-pw))))) (cm/replace-all-matching "MAILERPW" (b64/encode mailer-pw)))))
(defn generate-ingress-and-cert (defn-spec generate-ratelimit-ingress-and-cert seq?
[config]
(let [{:keys [fqdn]} config]
(ing/generate-ingress-and-cert
(merge
{:service-name "forgejo-service"
:service-port 3000
:fqdns [fqdn]}
config))))
(defn-spec generate-rate-limit-ingress-and-cert pred/map-or-seq?
[config config?] [config config?]
(-> (let [{:keys [fqdn max-rate max-concurrent-requests namespace]} config]
(generate-ingress-and-cert config) ; returns a vector (ing/generate-simple-ingress (merge
(#(assoc-in % ; Attention: heavily relying on the output order of ing/generate-ingress-and-cert {:service-name "forgejo-service"
[1 :metadata :annotations :traefik.ingress.kubernetes.io/router.middlewares] :service-port 3000
(str :fqdns [fqdn]
(-> (second %) :metadata :annotations :traefik.ingress.kubernetes.io/router.middlewares) :average-rate max-rate
", default-ratelimit@kubernetescrd"))))) :burst-rate max-concurrent-requests
:namespace namespace}
config))))
; using :average and :burst seems sensible, :period may be interesting for fine tuning later on
(defn-spec generate-rate-limit-middleware pred/map-or-seq?
[config rate-limit-config?]
(let [{:keys [max-rate max-concurrent-requests]} config]
(->
(yaml/load-as-edn "forgejo/middleware-ratelimit.yaml")
(cm/replace-key-value :average max-rate)
(cm/replace-key-value :burst max-concurrent-requests))))
(defn-spec generate-data-volume pred/map-or-seq? (defn-spec generate-data-volume pred/map-or-seq?
[config vol?] [config vol?]
@ -162,15 +146,13 @@
data-storage-size (data-storage-by-volume-size volume-total-storage-size)] data-storage-size (data-storage-by-volume-size volume-total-storage-size)]
(-> (->
(yaml/load-as-edn "forgejo/datavolume.yaml") (yaml/load-as-edn "forgejo/datavolume.yaml")
(cm/replace-all-matching-values-by-new-value "DATASTORAGESIZE" (str (str data-storage-size) "Gi"))))) (cm/replace-all-matching "DATASTORAGESIZE" (str (str data-storage-size) "Gi")))))
(defn-spec generate-deployment pred/map-or-seq? (defn-spec generate-deployment pred/map-or-seq?
[config config?] [config config?]
(let [{:keys [deploy-federated]} config
deploy-federated-bool (boolean-from-string deploy-federated)]
(-> (->
(yaml/load-as-edn "forgejo/deployment.yaml") (yaml/load-as-edn "forgejo/deployment.yaml")
(cm/replace-all-matching-values-by-new-value "IMAGE_NAME" (generate-image-str config))))) (cm/replace-all-matching "IMAGE_NAME" (generate-image-str config))))
(defn generate-service (defn generate-service
[] []

View file

@ -4,7 +4,7 @@
[clojure.tools.reader.edn :as edn] [clojure.tools.reader.edn :as edn]
[dda.c4k-forgejo.core :as core] [dda.c4k-forgejo.core :as core]
[dda.c4k-forgejo.forgejo :as forgejo] [dda.c4k-forgejo.forgejo :as forgejo]
[dda.c4k-common.browser :as br] [dda.c4k-common.browser :as br]
[dda.c4k-common.common :as cm])) [dda.c4k-common.common :as cm]))
(defn generate-group (defn generate-group
@ -73,14 +73,13 @@
:mailer-host (br/get-content-from-element "mailer-host") :mailer-host (br/get-content-from-element "mailer-host")
:mailer-port (br/get-content-from-element "mailer-port") :mailer-port (br/get-content-from-element "mailer-port")
:service-noreply-address (br/get-content-from-element "service-noreply-address") :service-noreply-address (br/get-content-from-element "service-noreply-address")
:volume-total-storage-size (br/get-content-from-element "volume-total-storage-size" :deserializer js/parseInt)} :volume-total-storage-size (br/get-content-from-element "volume-total-storage-size" :deserializer js/parseInt)}
(when (not (st/blank? issuer)) (when (not (st/blank? issuer))
{:issuer issuer}) {:issuer issuer})
(when (not (st/blank? app-name)) (when (not (st/blank? app-name))
{:default-app-name app-name}) {:default-app-name app-name})
(when (not (st/blank? domain-whitelist)) (when (not (st/blank? domain-whitelist))
{:service-domain-whitelist domain-whitelist}) {:service-domain-whitelist domain-whitelist}))))
)))
(defn validate-all! [] (defn validate-all! []
(br/validate! "fqdn" ::forgejo/fqdn) (br/validate! "fqdn" ::forgejo/fqdn)
@ -91,7 +90,7 @@
(br/validate! "deploy-federated" ::forgejo/deploy-federated :optional true) (br/validate! "deploy-federated" ::forgejo/deploy-federated :optional true)
(br/validate! "issuer" ::forgejo/issuer :optional true) (br/validate! "issuer" ::forgejo/issuer :optional true)
(br/validate! "app-name" ::forgejo/default-app-name :optional true) (br/validate! "app-name" ::forgejo/default-app-name :optional true)
(br/validate! "domain-whitelist" ::forgejo/service-domain-whitelist :optional true) (br/validate! "domain-whitelist" ::forgejo/service-domain-whitelist :optional true)
(br/validate! "volume-total-storage-size" ::forgejo/volume-total-storage-size :deserializer js/parseInt) (br/validate! "volume-total-storage-size" ::forgejo/volume-total-storage-size :deserializer js/parseInt)
(br/validate! "auth" forgejo/auth? :deserializer edn/read-string) (br/validate! "auth" forgejo/auth? :deserializer edn/read-string)
(br/set-form-validated!)) (br/set-form-validated!))
@ -103,16 +102,21 @@
(defn init [] (defn init []
(br/append-hickory (generate-content-div)) (br/append-hickory (generate-content-div))
(-> js/document (let [config-only false
(.getElementById "generate-button") auth-only false]
(.addEventListener "click" (-> js/document
#(do (validate-all!) (.getElementById "generate-button")
(-> (cm/generate-common (.addEventListener "click"
(config-from-document) #(do (validate-all!)
(br/get-content-from-element "auth" :deserializer edn/read-string) (-> (cm/generate-cm
core/config-defaults (config-from-document)
core/k8s-objects) (br/get-content-from-element "auth" :deserializer edn/read-string)
(br/set-output!))))) core/config-defaults
core/config-objects
core/auth-objects
config-only
auth-only)
(br/set-output!))))))
(add-validate-listener "fqdn") (add-validate-listener "fqdn")
(add-validate-listener "deploy-federated") (add-validate-listener "deploy-federated")
(add-validate-listener "mailer-from") (add-validate-listener "mailer-from")
@ -120,7 +124,7 @@
(add-validate-listener "mailer-port") (add-validate-listener "mailer-port")
(add-validate-listener "service-noreply-address") (add-validate-listener "service-noreply-address")
(add-validate-listener "app-name") (add-validate-listener "app-name")
(add-validate-listener "domain-whitelist") (add-validate-listener "domain-whitelist")
(add-validate-listener "volume-total-storage-size") (add-validate-listener "volume-total-storage-size")
(add-validate-listener "issuer") (add-validate-listener "issuer")
(add-validate-listener "auth")) (add-validate-listener "auth"))

View file

@ -21,7 +21,7 @@ spec:
- image: domaindrivenarchitecture/c4k-forgejo-backup - image: domaindrivenarchitecture/c4k-forgejo-backup
name: backup-app name: backup-app
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["/entrypoint-start-and-wait.sh"] command: ["wait.bb"]
env: env:
- name: POSTGRES_USER - name: POSTGRES_USER
valueFrom: valueFrom:

View file

@ -17,7 +17,7 @@ spec:
- name: backup-app - name: backup-app
image: domaindrivenarchitecture/c4k-forgejo-backup image: domaindrivenarchitecture/c4k-forgejo-backup
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["/entrypoint.sh"] command: ["backup.bb"]
env: env:
- name: POSTGRES_USER - name: POSTGRES_USER
valueFrom: valueFrom:

View file

@ -16,7 +16,6 @@ data:
FORGEJO__database__NAME: forgejo FORGEJO__database__NAME: forgejo
FORGEJO__database__LOG_SQL: "false" FORGEJO__database__LOG_SQL: "false"
FORGEJO__database__SSL_MODE: disable FORGEJO__database__SSL_MODE: disable
FORGEJO__database__CHARSET: utf8
#[DEFAULT] #[DEFAULT]
APP_NAME: APPNAME APP_NAME: APPNAME
@ -37,12 +36,12 @@ data:
#[mailer] #[mailer]
FORGEJO__mailer__ENABLED: "true" FORGEJO__mailer__ENABLED: "true"
FORGEJO__mailer__FROM: FROM FORGEJO__mailer__FROM: FROM
FORGEJO__mailer__MAILER_TYPE: smtp+startls FORGEJO__mailer__PROTOCOL: smtp+starttls
FORGEJO__mailer__SMTP_ADDR: MAILERHOST FORGEJO__mailer__SMTP_ADDR: MAILERHOST
FORGEJO__mailer__SMTP_PORT: MAILERPORT FORGEJO__mailer__SMTP_PORT: MAILERPORT
#[oauth2] #[oauth2]
FORGEJO__oauth2__ENABLE: "true" FORGEJO__oauth2__ENABLED: "true"
#[openid] #[openid]
FORGEJO__openid__ENABLE_OPENID: "true" FORGEJO__openid__ENABLE_OPENID: "true"
@ -76,7 +75,7 @@ data:
FORGEJO__service__REQUIRE_SIGNIN_VIEW: "false" FORGEJO__service__REQUIRE_SIGNIN_VIEW: "false"
FORGEJO__service__REGISTER_EMAIL_CONFIRM: "true" FORGEJO__service__REGISTER_EMAIL_CONFIRM: "true"
FORGEJO__service__ENABLE_NOTIFY_MAIL: "true" FORGEJO__service__ENABLE_NOTIFY_MAIL: "true"
FORGEJO__service__EMAIL_DOMAIN_WHITELIST: WHITELISTDOMAINS FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: WHITELISTDOMAINS
FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "false" FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "false"
FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: "true" FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: "true"
FORGEJO__service__ENABLE_CAPTCHA: "false" FORGEJO__service__ENABLE_CAPTCHA: "false"

View file

@ -1,9 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: ratelimit
namespace: forgejo
spec:
rateLimit: # Config options for rate limiting: https://doc.traefik.io/traefik/middlewares/http/ratelimit/
average: AVG
burst: BRS

View file

@ -14,7 +14,7 @@
(deftest should-generate-image-str (deftest should-generate-image-str
(testing "non-federated-image" (testing "non-federated-image"
(is (= "codeberg.org/forgejo/forgejo:1.19" (is (= "codeberg.org/forgejo/forgejo:8.0.3"
(cut/generate-image-str {:fqdn "test.de" (cut/generate-image-str {:fqdn "test.de"
:mailer-from "" :mailer-from ""
:mailer-host "m.t.de" :mailer-host "m.t.de"
@ -63,12 +63,12 @@
:FORGEJO__server__ROOT_URL-c2 "https://test.com", :FORGEJO__server__ROOT_URL-c2 "https://test.com",
:FORGEJO__server__SSH_DOMAIN-c1 "test.de", :FORGEJO__server__SSH_DOMAIN-c1 "test.de",
:FORGEJO__server__SSH_DOMAIN-c2 "test.com", :FORGEJO__server__SSH_DOMAIN-c2 "test.com",
:FORGEJO__service__EMAIL_DOMAIN_WHITELIST-c1 "adb.de", :FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST-c1 "adb.de",
:FORGEJO__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net", :FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST-c2 "test.com,test.net",
:FORGEJO__service__NO_REPLY_ADDRESS-c1 "", :FORGEJO__service__NO_REPLY_ADDRESS-c1 "",
:FORGEJO__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"} :FORGEJO__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"}
(th/map-diff (cut/generate-appini-env {:default-app-name "" (th/map-diff (cut/generate-appini-env {:default-app-name ""
:deploy-federated "false" :federation-enabled "false"
:fqdn "test.de" :fqdn "test.de"
:mailer-from "" :mailer-from ""
:mailer-host "m.t.de" :mailer-host "m.t.de"
@ -76,7 +76,7 @@
:service-domain-whitelist "adb.de" :service-domain-whitelist "adb.de"
:service-noreply-address ""}) :service-noreply-address ""})
(cut/generate-appini-env {:default-app-name "test forgejo" (cut/generate-appini-env {:default-app-name "test forgejo"
:deploy-federated "true" :federation-enabled "true"
:fqdn "test.com" :fqdn "test.com"
:mailer-from "test@test.com" :mailer-from "test@test.com"
:mailer-host "mail.test.com" :mailer-host "mail.test.com"
@ -97,7 +97,7 @@
:spec :spec
{:containers {:containers
[{:name "forgejo", [{:name "forgejo",
:image "codeberg.org/forgejo/forgejo:1.19", :image "codeberg.org/forgejo/forgejo:8.0.3",
:imagePullPolicy "IfNotPresent", :imagePullPolicy "IfNotPresent",
:envFrom [{:configMapRef {:name "forgejo-env"}} {:secretRef {:name "forgejo-secrets"}}], :envFrom [{:configMapRef {:name "forgejo-env"}} {:secretRef {:name "forgejo-secrets"}}],
:volumeMounts [{:name "forgejo-data-volume", :mountPath "/data"}], :volumeMounts [{:name "forgejo-data-volume", :mountPath "/data"}],
@ -163,26 +163,3 @@
:storage-c2 "15Gi"} :storage-c2 "15Gi"}
(th/map-diff (cut/generate-data-volume {:volume-total-storage-size 1}) (th/map-diff (cut/generate-data-volume {:volume-total-storage-size 1})
(cut/generate-data-volume {:volume-total-storage-size 15}))))) (cut/generate-data-volume {:volume-total-storage-size 15})))))
(deftest should-generate-middleware-ratelimit
(is (= {:apiVersion "traefik.containo.us/v1alpha1",
:kind "Middleware",
:metadata {:name "ratelimit", :namespace "forgejo"},
:spec {:rateLimit {:average 10, :burst 5}}}
(cut/generate-rate-limit-middleware {:max-rate 10, :max-concurrent-requests 5}))))
(deftest should-generate-middleware-ratelimit-ingress-and-cert
(is (= {:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
:traefik.ingress.kubernetes.io/router.middlewares
"default-redirect-https@kubernetescrd, default-ratelimit@kubernetescrd",
:metallb.universe.tf/address-pool "public"}
(-> (second
(cut/generate-rate-limit-ingress-and-cert
{:fqdn "test.de"
:mailer-from ""
:mailer-host "m.t.de"
:mailer-port "123"
:service-noreply-address ""
:average 10
:burst 5}))
:metadata :annotations))))