Rebase gitea

This commit is contained in:
2024-11-26 21:20:36 +11:00
parent a90954368e
commit f661cfce5f
21 changed files with 75 additions and 32 deletions

View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: gitea

View File

@ -1,26 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: runner-config
namespace: gitea
data:
dind-config.yml: |
runner:
capacity: 2
labels: [dind:docker://node:21-bullseye]
container:
options: "--add-host=docker:host-gateway -v /certs:/certs -v /scratch:/scratch -v /output:/output"
valid_volumes:
- /certs
- /scratch
- /output
dind-rootless-config.yml: |
runner:
capacity: 2
labels: [dind-rootless:docker://node:21-bullseye]
container:
options: "-v /certs:/certs -v /scratch:/scratch -v /output:/output"
valid_volumes:
- /certs
- /scratch
- /output

View File

@ -1,76 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: act-runner-dind-rootless
name: act-runner-dind-rootless
namespace: gitea
spec:
replicas: 1
selector:
matchLabels:
app: act-runner-dind-rootless
strategy:
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
app: act-runner-dind-rootless
spec:
hostname: act-runner-dind-rootless
restartPolicy: Always
volumes:
- name: runner-config
configMap:
name: runner-config
items:
- key: dind-rootless-config.yml
path: dind-rootless-config.yml
- name: docker-certs
emptyDir: {}
- name: runner-data
persistentVolumeClaim:
claimName: act-runner-dind-rootless
- name: flexvolsmb-runner-output
persistentVolumeClaim:
claimName: flexvolsmb-runner-output
- name: flexvolsmb-runner-scratch
persistentVolumeClaim:
claimName: flexvolsmb-runner-scratch
securityContext:
fsGroup: 1000
containers:
- name: runner
image: gitea/act_runner:nightly-dind-rootless
imagePullPolicy: Always
env:
- name: CONFIG_FILE
value: /opt/act/config.yml
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: DOCKER_CERT_PATH
value: /certs/client
- name: DOCKER_TLS_VERIFY
value: "1"
- name: GITEA_INSTANCE_URL
value: http://gitea.gitea.svc.cluster.local:3000
- name: GITEA_RUNNER_LABELS
value: dind-rootless:docker://node:21-bullseye
- name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: runner-secret
key: token
securityContext:
privileged: true
volumeMounts:
- name: runner-data
mountPath: /data
- name: runner-config
mountPath: /opt/act/config.yml
subPath: dind-rootless-config.yml
- name: flexvolsmb-runner-output
mountPath: /output
- name: flexvolsmb-runner-scratch
mountPath: /scratch

View File

@ -1,90 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: act-runner-dind
name: act-runner-dind
namespace: gitea
spec:
replicas: 1
selector:
matchLabels:
app: act-runner-dind
strategy:
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
app: act-runner-dind
spec:
hostname: act-runner-dind
restartPolicy: Always
volumes:
- name: runner-config
configMap:
name: runner-config
items:
- key: dind-config.yml
path: dind-config.yml
- name: docker-certs
emptyDir: {}
- name: runner-data
persistentVolumeClaim:
claimName: act-runner-dind
- name: flexvolsmb-runner-output
persistentVolumeClaim:
claimName: flexvolsmb-runner-output
- name: flexvolsmb-runner-scratch
persistentVolumeClaim:
claimName: flexvolsmb-runner-scratch
containers:
- name: runner
image: gitea/act_runner:nightly
command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"]
env:
- name: CONFIG_FILE
value: /opt/act/config.yml
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: DOCKER_CERT_PATH
value: /certs/client
- name: DOCKER_TLS_VERIFY
value: "1"
- name: GITEA_INSTANCE_URL
value: http://gitea.gitea.svc.cluster.local:3000
- name: GITEA_RUNNER_LABELS
value: dind:docker://node:21-bullseye
- name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: runner-secret
key: token
volumeMounts:
- name: runner-config
mountPath: /opt/act/config.yml
subPath: dind-config.yml
- name: docker-certs
mountPath: /certs
- name: runner-data
mountPath: /data
- name: flexvolsmb-runner-output
mountPath: /output
- name: flexvolsmb-runner-scratch
mountPath: /scratch
- name: daemon
image: docker:26.1-dind
args:
- --mtu=1400
env:
- name: DOCKER_TLS_CERTDIR
value: /certs
securityContext:
privileged: true
volumeMounts:
- name: docker-certs
mountPath: /certs
- name: flexvolsmb-runner-output
mountPath: /output
- name: flexvolsmb-runner-scratch
mountPath: /scratch

View File

@ -1,50 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea
namespace: gitea
labels:
app: gitea
spec:
replicas: 1
selector:
matchLabels:
app: gitea
template:
metadata:
labels:
app: gitea
spec:
containers:
- name: gitea
image: gitea/gitea:1.22
imagePullPolicy: Always
env:
- name: DB_TYPE
value: 'sqlite3'
- name: ROOT_URL
value: 'https://code.spamasaurus.com'
- name: USER_UID
value: "1000"
- name: USER_GID
value: "1000"
ports:
- name: ui
containerPort: 3000
volumeMounts:
- mountPath: /data
name: flexvolsmb-gitea-data
- mountPath: /data/ssh
name: flexvolsmb-gitea-ssh
subPath: ssh
# securityContext:
# runAsUser: 1000
# runAsGroup: 1000
# fsGroup: 1000
volumes:
- name: flexvolsmb-gitea-data
persistentVolumeClaim:
claimName: flexvolsmb-gitea-data
- name: flexvolsmb-gitea-ssh
persistentVolumeClaim:
claimName: flexvolsmb-gitea-ssh

View File

@ -1,17 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: gitea
namespace: gitea
spec:
entryPoints:
- websecure
routes:
- match: Host(`code.spamasaurus.com`)
kind: Rule
services:
- name: gitea
port: 3000
middlewares:
- name: security-headers@file
- name: compression@file

View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-gitea-data
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-gitea-data
flexVolume:
driver: mount/smb
secretRef:
name: flexvolsmb-credentials
options:
opts: file_mode=0777,dir_mode=0777,uid=1000,gid=1000,iocharset=utf8,nobrl
server: 192.168.154.225
share: /K3s.Volumes/gitea/data

View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-gitea-ssh
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-gitea-ssh
flexVolume:
driver: mount/smb
secretRef:
name: flexvolsmb-credentials
options:
opts: file_mode=0600,dir_mode=0600,iocharset=utf8
server: 192.168.154.225
share: /K3s.Volumes/gitea/ssh

View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-runner-output
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-runner-output
flexVolume:
driver: mount/smb
secretRef:
name: flexvolsmb-credentials
options:
opts: file_mode=0777,dir_mode=0777,iocharset=utf8
server: 192.168.154.225
share: /K3s.Volumes/lighttpd/websites/sn.itch.fyi/Repository/rel

View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-runner-scratch
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-runner-scratch
flexVolume:
driver: mount/smb
secretRef:
name: flexvolsmb-credentials
options:
opts: file_mode=0777,dir_mode=0777,iocharset=utf8
server: 192.168.154.225
share: /K3s.Volumes/gitea/runner/scratch

View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: act-runner-dind-rootless
namespace: gitea
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 1Gi

View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: act-runner-dind
namespace: gitea
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 1Gi

View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-gitea-data
namespace: gitea
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-gitea-data
resources:
requests:
storage: 1Gi

View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-gitea-ssh
namespace: gitea
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-gitea-ssh
resources:
requests:
storage: 1Gi

View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-runner-output
namespace: gitea
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-runner-output
resources:
requests:
storage: 50Gi

View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-runner-scratch
namespace: gitea
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-runner-scratch
resources:
requests:
storage: 50Gi

View File

@ -1,16 +0,0 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: flexvolsmb-credentials
namespace: gitea
spec:
encryptedData:
password: AgBXexS/ciX+5APi07J2Y/UtRfRlI+EIls9TAabPnVaRWjeAUVzTlJ9duv491QalcLEZaDzu4jWCXhcYJqLVax+FFJJxaewPYfingS/Foaw03p6tE70CF3Dddeu0oNK2jwldDHL5/NHvH1o5QF7WgMu9gdrYPnUEwJ5vAInf7FOn+K35ewomAN5BBV23a3faohRGMYNms/JdNip456GSiVqKXbUL04eSvqKHhxgwqdLHD7mijV2a2GGmC9QQ886NKh+EDTsqg6skTQ7oEMejAQQOt6LyTr8OP2Phy6kkD++MTkSH5y6z9UJE4214WVE1Evhse94q9leS5pi/DD1s9xFXVXOGBScYOqrzm6dFjVaRrL4688ALcOykN92iIQJtPbBU9zV2mI1WwKet000AyJU5sr7yzl+d7dFOULPdkF5Wtuf0oAK6z6JLCmVZSPvrimKzsPNpuT1ziDaay/XBONU9KyjQG1Jf28THiXJni0/K8vEfjB/pp7010vBI+cW/c/zhi9dfzT1z0fVkA4tl4yjelRCEtFwj5b5qKPNrLjmcU5FPeIK+mv6iRW15Rn/cxK60vn61bHHI6NW+ozRuYJbknPd7AO5utjTntzAOZErLdqzXOmTWh8mJMqjoeeEwq9lROYRBjUWRGiTG8sOh4Z3NUcGH4oL7T2m8g9gUBEz99A3/lXurWBdYvssDCyxS9UXDPEUaI+yeLCepbVgcJeQd
username: AgBZQjEVHei5IOl9qZgBfA88DeP6aOridfWHKEY2e8JzqDb6xS0YXYHgc0LZwZ/HuhQljnhSfu+L/YbAfbaK0LJPSuq2pqfDMjbufBHZ9vmDHa/vVn5oWdAIaRViwohvjvQRtxMfQ53Q/zuKGQla0O7yB0J570F7/dnC52MvszwGs6Yfrp7M9OztC2P5zj7LoM7R8IkxJSihOA6K4Cmfs4yWzYFMwihoHg9LKS9QlpfjGlmpkfSfIOczJo3PMZjd+m4bhpa5phiUqGUYzqWdeIixTaLXmUP/x9psbsd/wDpYlZnKEXmVQnW4tQ/QSbNGFIYg28QamYvg1Qmd78zJ40D2n6VSg9krk8rDg/5TVd0Mqj0dPgRRauJpMm62o41SE6U3LdXvrQnfqtquHLig7wKCMt6+E/brKsULcFtK8X90PRqESUlywZHXBAzpk9+ALD5RwrrClyO+DqKLoYO+2TtFnVwJOPTDRQzUa5uXHOGHDTsDuZyL5IODPz+nodtQ9ty+qpruszLc45nAc1hEiNSKaqH824AKgRr790gvg0AqIvttAoxt9cE/d73F1MHyFd1uoBliL15JmxnNkn7gO3DPWvj9M1GTOFkrYFKNrH1WB+ines9zW0FHsbK+eRXC6YizTvuMg1YPNZfVE9gnKGw8RX92LWZft+dWLtgHmaMF0A3LYxF2Dnj6HyOhx8s2T2HcaC6D+TQ=
template:
metadata:
creationTimestamp: null
name: flexvolsmb-credentials
namespace: gitea
type: mount/smb

View File

@ -1,8 +0,0 @@
apiVersion: v1
data:
token: bjF2R1hHZXVjRVlyaU95aXZaREhrVDlFNVJ0MHptMTJ6Z1kzcTE1TQ==
kind: Secret
metadata:
name: runner-secret
namespace: gitea
type: Opaque

View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: gitea
namespace: gitea
spec:
ports:
- protocol: TCP
name: ui
port: 3000
selector:
app: gitea

View File

@ -0,0 +1,43 @@
actions:
enabled: true
provisioning:
enabled: true
gitea:
admin:
username: djpbessems
email: danny@bessems.eu
config:
APP_NAME: "code.spamasaurus.com"
database:
DB_TYPE: sqlite3
session:
PROVIDER: memory
cache:
ADAPTER: memory
queue:
TYPE: level
server:
APP_DATA_PATH: /data/gitea
OFFLINE_MODE: true
PROTOCOL: http
ROOT_URL: https://code.spamasaurus.com/
image:
pullPolicy: IfNotPresent
debug:
ingress:
enabled: true
hosts:
- host: code.spamasaurus.com
paths:
- path: /
pathType: Prefix
persistence:
storageClass: smb-csi
postgresql:
enabled: false
postgresql-ha:
enabled: false
redis-cluster:
enabled: false
strategy:
type: Recreate