forgejo: continue

README.rst

@@ -160,7 +160,7 @@ ArgoCD bootstrap
 
   .. code-block:: bash
 
-    argocd login --grpc-web argocd.ioot.xyz
+    argocd login --grpc-web argocd.ioot.xyz --sso
     argocd repo add git@github.com:amkartashov/gf-k8s --ssh-private-key-path ~/.ssh/argocd.ioot.xyz
 
 
@@ -204,10 +204,23 @@ ArgoCD bootstrap
       argocd app set argocd/grafana --parameter githubClientSecret=REPLACE
       argocd app set argocd/grafana --parameter adminPassword=`pwgen -1 12`
 
-* Reset forgejo password
+* Create new Oauth application https://github.com/settings/applications/new:
+
+  * Application name: git.ioot.xyz
+  * Homepage URL: https://git.ioot.xyz/
+  * Authorization callback URL: https://git.ioot.xyz/user/oauth2/GitHub/callback
+  * Update client secret and admin password:
 
     .. code-block:: bash
-    argocd app set argocd/forgejo --parameter adminPassword=`pwgen -1 12`
+
+      argocd app set argocd/forgejo --parameter 'gitea.oauth[0].key=REPLACE'
+      argocd app set argocd/forgejo --parameter 'gitea.oauth[0].secret=REPLACE'
+      argocd app set argocd/forgejo --parameter gitea.admin.password=`pwgen -1 12`
+      argocd app set argocd/forgejo --parameter gitea.config.database.PASSWD=$(\
+        kubectl --context gullfaxi -n forgejo get secret \
+        postgresql-app -o jsonpath='{.data.password}' \
+        | base64 -d \
+      )
 
 
 * Remove secret ``kubectl --context gullfaxi -n argocd delete secret argocd-initial-admin-secret``.

state/gullfaxi/apps/cloudnative-pg/application.yaml

@@ -2,6 +2,8 @@ apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
   name: cloudnative-pg
+  labels:
+    app-type: operator
 spec:
   destination:
     server: https://kubernetes.default.svc

state/gullfaxi/apps/forgejo/application.yaml

@@ -29,8 +29,8 @@ spec:
       selfHeal: true
     syncOptions:
       - CreateNamespace=true
-  sources:
+  source:
-    - repoURL: codeberg.org/forgejo-contrib
+    repoURL: codeberg.org/forgejo-contrib
     chart: forgejo
     targetRevision: 0.12.1
     helm:
@@ -45,7 +45,7 @@ spec:
           enabled: true
           className: nginx
           annotations:
-              kubernetes.io/tls-acme: "true"
+            cert-manager.io/cluster-issuer: letsencrypt
           hosts:
             - host: git.ioot.xyz
               paths:
@@ -57,13 +57,22 @@ spec:
                 - git.ioot.xyz
         gitea:
           admin:
-              username: admin
+            username: amkartashov
-              password: reset_in_argocd
+            # password: reset_in_argocd
             email: "a@ioot.xyz"
+          oauth:
+            - name: GitHub
+              provider: github
+          config:
+            database:
+              DB_TYPE: postgres
+              HOST: postgresql-rw
+              NAME: gitea
+              USER: gitea
+              # PASSWD: reset_in_argocd
+            service:
+              DISABLE_REGISTRATION: "true"
           metrics:
             enabled: true
             serviceMonitor:
               enabled: true
-    - repoURL: git@github.com:amkartashov/gf-k8s.git
-      targetRevision: main
-      path: state/gullfaxi/apps/forgejo/manifests

state/gullfaxi/apps/forgejo/postgresql/application.yaml

@@ -0,0 +1,19 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: forgejo-postgres
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: forgejo
+  project: apps
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+  source:
+    repoURL: git@github.com:amkartashov/gf-k8s.git
+    targetRevision: main
+    path: state/gullfaxi/apps/forgejo/postgresql/manifests

state/gullfaxi/apps/forgejo/postgresql/manifests/postgresql.yaml

@@ -8,3 +8,8 @@ spec:
   primaryUpdateStrategy: unsupervised
   storage:
     size: 10Gi
+  bootstrap:
+    initdb:
+      database: gitea
+      localeCollate: en_US.UTF-8
+      localeCType: en_US.UTF-8