diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..ab9d76b --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,5 @@ +{ + "cSpell.words": [ + "valkey" + ] +} \ No newline at end of file diff --git a/README.md b/README.md index d2a93fb..0041c1a 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,6 @@ Welcome to public repository of my [Git Server](https://git.limbosolutions.com) Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server. - [Deploy](#deploy) - - [Environment files](#environment-files) - [App](#app) - [Continuous Deploy](#continuous-deploy) - [Infra](#infra) @@ -14,14 +13,15 @@ Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server. ## Deploy -### Environment files - -- /.deploy/app/cronjobs/backups/.env.d/secrets [Example:](./deploy/app/cronjobs/backups/.env.d/secrets.example). -- /.deploy/app/cronjobs/backups/.env.d/borg_key [Example:](./deploy/app/cronjobs/backups/.env.d/borg_key.example). -- /.deploy/app/cronjobs/backups/.env.d/id_rsa [Example:](./deploy/app/cronjobs/backups/.env.d/id_rsa.example). - ### App +**Environment files:** + +- ./deploy/app/cronjobs/backups/.env.d/secrets [Example:](./deploy/app/cronjobs/backups/.env.d/secrets.example). +- ./deploy/app/cronjobs/backups/.env.d/borg_key [Example:](./deploy/app/cronjobs/backups/.env.d/borg_key.example). +- ./deploy/app/cronjobs/backups/.env.d/id_rsa [Example:](./deploy/app/cronjobs/backups/.env.d/id_rsa.example). +- ./deploy/helm/.env [Example:](./deploy/helm/.env.example). + ```bash ./deploy/apply-app.sh ``` @@ -30,7 +30,7 @@ Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server. ### Continuous Deploy -Executes [App Deploy](#app) using an [Gitea workflow](./.gitea/workflows/app-deploy.yaml). +Executes [App Deploy](#app) using [Gitea workflow](./.gitea/workflows/app-deploy.yaml). ### Infra diff --git a/deploy/apply-app.sh b/deploy/apply-app.sh index 5672815..923f7e8 100755 --- a/deploy/apply-app.sh +++ b/deploy/apply-app.sh @@ -1,2 +1,36 @@ #/bin/bash -kubectl kustomize deploy/app | kubectl apply -f - \ No newline at end of file +kubectl kustomize deploy/app | kubectl apply -f - + +if [ -f "deploy/helm/.env" ]; then + # Export all variables from the file + echo "export variables from file helm/.env" + set -a + . deploy/helm/.env + set +a +fi + + +if [ -n "${GITEA_ADMIN_USERNAME:-}" ]; then + echo "Executing helm deploy." + + helm repo add gitea-charts https://dl.gitea.com/charts/ + helm repo update + helm upgrade --install gitea gitea-charts/gitea \ + --values deploy/helm/values.yaml \ + --set valkey.global.valkey.password=${VALKEY_GLOBAL_PASSWORD} \ + --set postgresql.global.postgresql.auth.postgresPassword=${POSTGRESQL_AUTH_POSTGRESPASSWORD} \ + --set postgresql.global.postgresql.auth.password=${POSTGRESQL_AUTH_PASSWORD} \ + --set postgresql.global.postgresql.auth.database=${POSTGRESQL_AUTH_DATABASE} \ + --set postgresql.global.postgresql.auth.username=${POSTGRESQL_AUTH_USERNAME} \ + --set gitea.admin.username=${GITEA_ADMIN_USERNAME} \ + --set gitea.admin.password=${GITEA_ADMIN_PASSWORD} \ + --set gitea.admin.email=${GITEA_ADMIN_EMAIL} \ + --set gitea.config.oauth2.JWT_SECRET=${GITEA_CONFIG_OAUTH2_JWT_SECRET} \ + --set gitea.config.server.LFS_JWT_SECRET=${GITEA_CONFIG_SERVER_LFS_JWT_SECRET} \ + --set gitea.config.security.SECRET_KEY=${GITEA_CONFIG_SECURITY_SECRET_KEY} \ + --set gitea.config.security.REVERSE_PROXY_TRUSTED_PROXIES=${GITEA_CONFIG_SECURITY_REVERSE_PROXY_TRUSTED_PROXIES} \ + --set gitea.config.security.INTERNAL_TOKEN=${GITEA_CONFIG_SECURITY_INTERNAL_TOKEN} \ + --set gitea.config.security.PASSWORD_HASH_ALGO=${GITEA_CONFIG_SECURITY_PASSWORD_HASH_ALGO} \ + --set gitea.config.service.oauth2.JWT_SECRET=${GITEA_CONFIG_SERVICE_OAUTH2_JWT_SECRET} \ + --namespace=git-limbosolutions-com +fi \ No newline at end of file diff --git a/deploy/apply-infra.sh b/deploy/apply-infra.sh index 701f9cb..e74bf60 100755 --- a/deploy/apply-infra.sh +++ b/deploy/apply-infra.sh @@ -1,11 +1,7 @@ -#/bin/bash +#!/bin/bash +set -e +echo "Executing infra deploy." kubectl kustomize deploy/infra | kubectl apply -f - -helm repo add gitea-charts https://dl.gitea.com/charts/ -helm repo update -helm upgrade --install gitea gitea-charts/gitea \ ---values helm/values.yaml \ ---values helm/values.private.yaml \ ---namespace=git-limbosolutions-com diff --git a/deploy/helm/.env.example b/deploy/helm/.env.example new file mode 100644 index 0000000..384e1ac --- /dev/null +++ b/deploy/helm/.env.example @@ -0,0 +1,15 @@ +VALKEY_GLOBAL_PASSWORD="????" +POSTGRESQL_AUTH_POSTGRESPASSWORD="????" +POSTGRESQL_AUTH_PASSWORD="????" +POSTGRESQL_AUTH_DATABASE="????" +POSTGRESQL_AUTH_USERNAME="????" +GITEA_ADMIN_USERNAME=m"????" +GITEA_ADMIN_PASSWORD="????" +GITEA_ADMIN_EMAIL="????" +GITEA_CONFIG_OAUTH2_JWT_SECRET=i"????" +GITEA_CONFIG_SERVER_LFS_JWT_SECRET="????" +GITEA_CONFIG_SECURITY_INTERNAL_TOKEN="????" +GITEA_CONFIG_SECURITY_PASSWORD_HASH_ALGO="????" +GITEA_CONFIG_SECURITY_REVERSE_PROXY_TRUSTED_PROXIES="????" +GITEA_CONFIG_SECURITY_SECRET_KEY="????" +GITEA_CONFIG_SERVICE_OAUTH2_JWT_SECRET="????" diff --git a/helm/values.yaml b/deploy/helm/values.yaml similarity index 67% rename from helm/values.yaml rename to deploy/helm/values.yaml index 0b9765a..992cfbc 100644 --- a/helm/values.yaml +++ b/deploy/helm/values.yaml @@ -15,7 +15,7 @@ valkey: architecture: standalone global: valkey: - password: "????" + password: "???" master: count: 1 service: @@ -31,8 +31,6 @@ postgresql: imagePullPolicy: IfNotPresent global: postgresql: - # volumePermissions: - # enabled: true auth: postgresPassword: "???" password: "???" @@ -40,7 +38,7 @@ postgresql: username: "???" service: ports: - postgresql: "???" + postgresql: 5432 primary: persistence: size: 10Gi @@ -67,6 +65,8 @@ gitea: password: "???" email: "???" config: + oauth2: + JWT_SECRET: "???" actions: ENABLED: true database: @@ -79,7 +79,6 @@ gitea: server: DOMAIN: git.limbosolutions.com SSH_DOMAIN: git.limbosolutions.com - #HTTP_PORT: 3000 ROOT_URL: https://git.limbosolutions.com DISABLE_SSH: false SSH_PORT: 2222 @@ -98,15 +97,15 @@ gitea: #### service: - DISABLE_REGISTRATION: "???" - REQUIRE_SIGNIN_VIEW: "???" - REGISTER_EMAIL_CONFIRM: "???" - ENABLE_NOTIFY_MAIL: "???" - ALLOW_ONLY_EXTERNAL_REGISTRATION: "???" - ENABLE_CAPTCHA: "???" - DEFAULT_KEEP_EMAIL_PRIVATE : "???" - DEFAULT_ALLOW_CREATE_ORGANIZATION: "???" - DEFAULT_ENABLE_TIMETRACKING: "???" + DISABLE_REGISTRATION: true + REQUIRE_SIGNIN_VIEW: false + REGISTER_EMAIL_CONFIRM: false + ENABLE_NOTIFY_MAIL: false + ALLOW_ONLY_EXTERNAL_REGISTRATION: false + ENABLE_CAPTCHA: true + DEFAULT_KEEP_EMAIL_PRIVATE : true + DEFAULT_ALLOW_CREATE_ORGANIZATION: true + DEFAULT_ENABLE_TIMETRACKING: true NO_REPLY_ADDRESS: noreply.localhost oauth2: JWT_SECRET: "???" @@ -114,33 +113,19 @@ gitea: ENABLED: false openid: - ENABLE_OPENID_SIGNIN: true - ENABLE_OPENID_SIGNUP: true + ENABLE_OPENID_SIGNIN: false + ENABLE_OPENID_SIGNUP: false security: INSTALL_LOCK: true SECRET_KEY: "???" REVERSE_PROXY_LIMIT: 1 - REVERSE_PROXY_TRUSTED_PROXIES: + REVERSE_PROXY_TRUSTED_PROXIES: "???" INTERNAL_TOKEN: "???" PASSWORD_HASH_ALGO: "???" ingress: - enabled: true - className: traefik - annotations: - kubernetes.io/ingress.class: traefik - cert-manager.io/cluster-issuer: "letsencrypt-prod" - traefik.ingress.kubernetes.io/router.entrypoints: websecure, public-https - hosts: - - host: git.limbosolutions.com - paths: - - path: / - pathType: Prefix - tls: - - secretName: limbosolutions-com-secret-tls - hosts: - - "git.limbosolutions.com" + enabled: false diff --git a/deploy/infra/ingress.yaml b/deploy/infra/ingress.yaml new file mode 100644 index 0000000..5c8854f --- /dev/null +++ b/deploy/infra/ingress.yaml @@ -0,0 +1,53 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteTCP +metadata: + name: git-limbosolutions-com-ssh + namespace: git-limbosolutions-com +spec: + entryPoints: + - ssh-git + routes: + - match: HostSNI(`*`) + services: + - name: gitea-ssh + port: 2222 + weight: 10 + terminationDelay: 90000 + proxyProtocol: + version: 1 +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: gitea + namespace: git-limbosolutions-com + labels: + helm.sh/chart: gitea-12.4.0 + app: gitea + app.kubernetes.io/name: gitea + app.kubernetes.io/instance: gitea + app.kubernetes.io/version: "1" + version: "1" + app.kubernetes.io/managed-by: Helm + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + kubernetes.io/ingress.class: "traefik" + traefik.ingress.kubernetes.io/router.entrypoints: "websecure, public-https" +spec: + ingressClassName: traefik + tls: + - hosts: + - "git.limbosolutions.com" + secretName: limbosolutions-com-tls + rules: + - host: "git.limbosolutions.com" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: gitea-http + port: + number: 3000 \ No newline at end of file diff --git a/deploy/infra/kustomization.yaml b/deploy/infra/kustomization.yaml index 3a59937..4224d68 100644 --- a/deploy/infra/kustomization.yaml +++ b/deploy/infra/kustomization.yaml @@ -2,6 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yaml - - ssh-ingress.yaml + - ingress.yaml diff --git a/deploy/infra/ssh-ingress.yaml b/deploy/infra/ssh-ingress.yaml deleted file mode 100644 index bf24113..0000000 --- a/deploy/infra/ssh-ingress.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRouteTCP -metadata: - name: git-limbosolutions-com-ssh-ingress - namespace: git-limbosolutions-com -spec: - entryPoints: - - ssh-git - routes: - - match: HostSNI(`*`) - services: - - name: gitea-ssh - port: 2222 - weight: 10 - terminationDelay: 90000 - proxyProtocol: - version: 1 \ No newline at end of file