[Skip-CI] Add website to contact info

README.md

@@ -1,7 +1,7 @@
 # convention 4 kubernetes: c4k-forgejo
 [![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-forgejo.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-forgejo) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/commits/main) 
 
-[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa-gmbh.de/img/community/Mastodon_Logotype.svg" width=20 alt="team@social.meissa-gmbh.de"> team@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@team) | [Website & Blog](https://domaindrivenarchitecture.org)
+[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa.de/images/parts/contact/mastodon36_hue9b2464f10b18e134322af482b9c915e_5501_filter_14705073121015236177.png" width=20 alt="M"> meissa@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@meissa) | [Blog](https://domaindrivenarchitecture.org) | [Website](https://meissa.de)
 
 ## Purpose
 
@@ -55,6 +55,6 @@ For more details about our repository model see: https://repo.prod.meissa.de/mei
 
 ## License
 
-Copyright © 2023 meissa GmbH
+Copyright © 2024 meissa GmbH
 Licensed under the [Apache License, Version 2.0](LICENSE) (the "License")
 Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE)

doc/Runbook_UpgradeFrom1.19To7.0.5.md

@@ -9,70 +9,70 @@
 
 ## Preparations
 
-1. Stop Forgejo Prod: `k scale deployment forgejo --replicas=0`
+1. Stop Forgejo Prod: `k scale -n forgejo deployment forgejo --replicas=0`
-1. Disable Backup Cron: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
+1. Disable Backup Cron: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
-1. Scale up Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1`
+1. Scale up Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
-1. Execute Manual Backup: `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh`
+1. Execute Manual Backup: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh`
 
 ### Create 2nd Repo Prod Server
 
 1. Terraform Preparations for 2nd Server: TODO
 1. Install c4k-forgejo Version TODO   
    with config `"forgejo-image-version-overwrite": "1.19.3-0"`
-1. Stop Forgejo Deployment: `k scale deployment forgejo --replicas=0`
+1. Stop Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
-1. Disable Backup Cron: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
+1. Disable Backup Cron: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
-1. Scale up Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1`
+1. Scale up Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
 1. Restore Forgejo Backup: See [BackupAndRestore.md](BackupAndRestore.md)
 1. Check for `..._INSTALL_LOCK: true` in ConfigMap `forgejo-env`
-1. Scale up Forgejo Deployment and check for (startup) problems: `k scale deployment forgejo --replicas=1`
+1. Scale up Forgejo Deployment and check for (startup) problems: `k scale -n forgejo deployment forgejo --replicas=1`
 
 ## Upgrade to 1.20.1-0
 
-1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0`
+1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
-1. Adjust configmap: `k edit cm forgejo-env`
+1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
     1. Remove `FORGEJO__database__CHARSET: utf8` (This was a misconfiguration, since this option only had effect for mysql dbs)
     1. Change `FORGEJO__mailer__MAILER_TYPE: smtp+startls` TO `FORGEJO__mailer__PROTOCOL: smtp+starttls` (Missed deprecation from 1.19)
     1. Change `FORGEJO__service__EMAIL_DOMAIN_WHITELIST: repo.test.meissa.de` TO `FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: repo.test.meissa.de` (Fallback deprecation in 1.21)
-1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
+1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
-1. Set version to `1.20.1-0` with `k edit deployment forgejo`
+1. Set version to `1.20.1-0` with `k edit -n forgejo deployment forgejo`
-1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1`
+1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
 1. Check for errors
 
 ## Upgrade to 1.21.1-0
 
-1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0`
+1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
-1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
+1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
-1. Set version to `1.21.1-0` with `k edit deployment forgejo`
+1. Set version to `1.21.1-0` with `k edit -n forgejo deployment forgejo`
-1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1`
+1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
 1. Check for errors
 1. After upgrading, login as an admin, go to the `/admin` page and click run `Sync missed branches from git data to databases` (`Fehlende Branches aus den Git-Daten in die Datenbank synchronisieren`). If this is not done there will be messages such as `LoadBranches: branch does not exist in the logs`.
 
 ## Upgrade to 7.0.0
 
-1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0`
+1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
-1. Adjust configmap: `k edit cm forgejo-env`
+1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
     1. Change `FORGEJO__oauth2__ENABLE: "true"` TO `FORGEJO__oauth2__ENABLED: "true"`
-1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
+1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
-1. Set version to `7.0.0` with `k edit deployment forgejo`
+1. Set version to `7.0.0` with `k edit -n forgejo deployment forgejo`
-1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1`
+1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
 1. Check for errors
 
 ## Upgrade to 7.0.5 (no breaking changes)
 
 TODO: Upgrade to 8.0.0 instead after Release!
 
-1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0`
+1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
-1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
+1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
-1. Set version to `7.0.5` with `k edit deployment forgejo`
+1. Set version to `7.0.5` with `k edit -n forgejo deployment forgejo`
-1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1`
+1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
 1. Check for errors
 
 ## Post Work
 
 1. Switch DNS to new server
-1. Reenable Backup Cron on new server: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : false }}'`
+1. Reenable Backup Cron on new server: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : false }}'`
-1. Execute manual Backup on new server: `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh`
+1. Execute manual Backup on new server: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh`
-1. Scale down Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1`
+1. Scale down Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
 1. The scope of all access tokens might (invisibly) have changed (in v1.20). Thus, rotate all tokens!
 1. Users should check their ssh keys: if they use rsa keys the minimum length should be 3072 bits! However, shorter keys should still work.
 
@@ -85,3 +85,23 @@ In the logs the following error can be found. This will be resolved automaticall
 ```
 2024/07/08 08:31:30 ...g/config_provider.go:321:deprecatedSetting() [E] Deprecated fallback `[log]` `ROUTER` present. Use `[log]` `logger.router.MODE` instead. This fallback will be/has been removed in 1.21
 ```
+
+# Add Shynet Analytics
+
+1. Log into shynet & create new Service
+    1. Copy the generated html snippet and save it somewhere you remember
+1. SSH into prod server
+1. Make the necessary folders and files in forgejo data dir:
+    1. `kubectl exec -n forgejo -it forgejo-... -- bash`
+    1. `mkdir -p /data/gitea/templates/custom`
+    1. `touch /data/gitea/templates/custom/footer.tmpl`
+1. Open the `footer.tmpl` and paste the saved snippet
+1. Restart the pod
+    1. `k scale -n forgejo deployment forgejo --replicas=0`
+    1. `k scale -n forgejo deployment forgejo --replicas=1`
+1. Add Information about analytics: Clone Datenschutz Repo
+    1. `git clone ssh://git@repo.prod.meissa.de:2222/meissa/Datenschutz.git`
+1. Merge forgejo-upgrade into main
+    1. `git merge forgejo-upgrade`
+1. Push to origin
+    1. `git push`

infrastructure/backup/build.py

@@ -6,7 +6,7 @@ from ddadevops import *
 name = "c4k-forgejo"
 MODULE = "backup"
 PROJECT_ROOT_PATH = "../.."
-version = "3.4.4-dev"
+version = "3.4.5-dev"
 
 
 @init

infrastructure/federated/build.py

@@ -6,7 +6,7 @@ from ddadevops import *
 name = 'c4k-forgejo'
 MODULE = 'federated'
 PROJECT_ROOT_PATH = '../..'
-version = "3.4.4-dev"
+version = "3.4.5-dev"
 
 @init
 def initialize(project):

package.json

@@ -2,7 +2,7 @@
     "name": "c4k-forgejo",
     "description": "Generate c4k yaml for a forgejo deployment.",
     "author": "meissa GmbH",
-    "version": "3.4.4-SNAPSHOT",
+    "version": "3.4.5-SNAPSHOT",
     "homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-forgejo#readme",
     "repository": "https://www.npmjs.com/package/c4k-forgejo",
     "license": "APACHE2",

project.clj

@@ -1,4 +1,4 @@
-(defproject org.domaindrivenarchitecture/c4k-forgejo "3.4.4-SNAPSHOT"
+(defproject org.domaindrivenarchitecture/c4k-forgejo "3.4.5-SNAPSHOT"
   :description "forgejo c4k-installation package"
   :url "https://domaindrivenarchitecture.org"
   :license {:name "Apache License, Version 2.0"

src/main/cljc/dda/c4k_forgejo/core.cljc

@@ -59,9 +59,8 @@
                    (forgejo/generate-service-ssh)
                    (forgejo/generate-data-volume resolved-config)
                    (forgejo/generate-appini-env resolved-config)
-                   (forgejo/generate-secrets auth)
+                   (forgejo/generate-secrets auth)] ; this does not have a vector as output
-                   (forgejo/generate-rate-limit-middleware rate-limit-defaults)] ; this does not have a vector as output
+                  (forgejo/generate-ratelimit-ingress-and-cert resolved-config) ; this function has a vector as output
-                  (forgejo/generate-rate-limit-ingress-and-cert resolved-config) ; this function has a vector as output
                   (when (contains? resolved-config :restic-repository)
                     [(backup/generate-config resolved-config)
                      (backup/generate-secret auth)

src/main/cljc/dda/c4k_forgejo/forgejo.cljc

@@ -128,35 +128,17 @@
      (cm/replace-all-matching "MAILERUSER" (b64/encode mailer-user))
      (cm/replace-all-matching "MAILERPW" (b64/encode mailer-pw)))))
 
-(defn generate-ingress-and-cert
+(defn-spec generate-ratelimit-ingress-and-cert seq?
-  [config]
-  (let [{:keys [fqdn]} config]
-    (ing/generate-ingress-and-cert
-     (merge
-      {:service-name "forgejo-service"
-       :service-port 3000
-       :fqdns [fqdn]}
-      config))))
-
-(defn-spec generate-rate-limit-ingress-and-cert pred/map-or-seq?
   [config config?]
-  (->
+  (let [{:keys [fqdn max-rate max-concurrent-requests namespace]} config]
-   (generate-ingress-and-cert config) ; returns a vector
+    (ing/generate-simple-ingress (merge
-   (#(assoc-in % ; Attention: heavily relying on the output order of ing/generate-ingress-and-cert
+                                  {:service-name "forgejo-service"
-               [1 :metadata :annotations :traefik.ingress.kubernetes.io/router.middlewares]
+                                   :service-port 3000
-               (str
+                                   :fqdns [fqdn]
-                (-> (second %) :metadata :annotations :traefik.ingress.kubernetes.io/router.middlewares)
+                                   :average-rate max-rate
-                ", default-ratelimit@kubernetescrd")))))
+                                   :burst-rate max-concurrent-requests
-
+                                   :namespace namespace}
-
+                                  config))))
-; using :average and :burst seems sensible, :period may be interesting for fine tuning later on
-(defn-spec generate-rate-limit-middleware pred/map-or-seq?
-  [config rate-limit-config?]
-  (let [{:keys [max-rate max-concurrent-requests]} config]
-  (->
-   (yaml/load-as-edn "forgejo/middleware-ratelimit.yaml")
-   (cm/replace-key-value :average max-rate)
-   (cm/replace-key-value :burst max-concurrent-requests))))
 
 (defn-spec generate-data-volume pred/map-or-seq?
   [config vol?]

src/main/resources/forgejo/middleware-ratelimit.yaml

@@ -1,9 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: ratelimit
-  namespace: forgejo
-spec:
-  rateLimit: # Config options for rate limiting: https://doc.traefik.io/traefik/middlewares/http/ratelimit/
-    average: AVG
-    burst: BRS

src/test/cljc/dda/c4k_forgejo/forgejo_test.cljc

@@ -163,26 +163,3 @@
           :storage-c2 "15Gi"}
          (th/map-diff (cut/generate-data-volume {:volume-total-storage-size 1})
                       (cut/generate-data-volume {:volume-total-storage-size 15})))))
-
-(deftest should-generate-middleware-ratelimit
-  (is (= {:apiVersion "traefik.containo.us/v1alpha1",
-          :kind "Middleware",
-          :metadata {:name "ratelimit", :namespace "forgejo"},
-          :spec {:rateLimit {:average 10, :burst 5}}}
-         (cut/generate-rate-limit-middleware {:max-rate 10, :max-concurrent-requests 5}))))
-
-(deftest should-generate-middleware-ratelimit-ingress-and-cert
-  (is (= {:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
-          :traefik.ingress.kubernetes.io/router.middlewares
-          "default-redirect-https@kubernetescrd, default-ratelimit@kubernetescrd",
-          :metallb.universe.tf/address-pool "public"}
-         (-> (second
-              (cut/generate-rate-limit-ingress-and-cert
-               {:fqdn "test.de"
-                :mailer-from ""
-                :mailer-host "m.t.de"
-                :mailer-port "123"
-                :service-noreply-address ""
-                :average 10
-                :burst 5}))
-             :metadata :annotations))))