Add automatic SSL certificate generation

2026-01-06 04:53:46 -05:00 · 2026-01-06 04:53:46 -05:00 · 3155eacdac
commit 3155eacdac
parent 01bd631af8
7 changed files with 8 additions and 109 deletions
--- a/devops/terraform/modules/forgejo/cloud-init.yaml.tpl
+++ b/devops/terraform/modules/forgejo/cloud-init.yaml.tpl
@ -152,54 +152,6 @@ write_files:
      echo "Firewall configured successfully"
    permissions: '0755'

-  # Volume mount script
-  - path: /usr/local/bin/mount-volume.sh
-    content: |
-      #!/bin/bash
-      set -e
-
-      VOLUME_NAME="${volume_name}"
-      MOUNT_POINT="/mnt/forgejo"
-
-      # Create mount point
-      mkdir -p "$MOUNT_POINT"
-
-      # Find the volume device
-      # DigitalOcean volumes are typically at /dev/disk/by-id/scsi-0DO_Volume_*
-      VOLUME_DEV=$(readlink -f /dev/disk/by-id/scsi-0DO_Volume_$VOLUME_NAME 2>/dev/null || true)
-
-      if [ -z "$VOLUME_DEV" ]; then
-        echo "Waiting for volume to attach..."
-        sleep 10
-        VOLUME_DEV=$(readlink -f /dev/disk/by-id/scsi-0DO_Volume_$VOLUME_NAME 2>/dev/null || true)
-      fi
-
-      if [ -n "$VOLUME_DEV" ]; then
-        # Check if already mounted
-        if ! mountpoint -q "$MOUNT_POINT"; then
-          mount "$VOLUME_DEV" "$MOUNT_POINT"
-          echo "Volume mounted at $MOUNT_POINT"
-        fi
-
-        # Add to fstab if not already there
-        if ! grep -q "$VOLUME_DEV" /etc/fstab; then
-          echo "$VOLUME_DEV $MOUNT_POINT ext4 defaults,nofail,discard 0 2" >> /etc/fstab
-        fi
-
-        # Create subdirectories
-        mkdir -p "$MOUNT_POINT/forgejo-data"
-        mkdir -p "$MOUNT_POINT/forgejo-db"
-        mkdir -p "$MOUNT_POINT/runner-data"
-
-        # Set permissions (UID 1000 is typically the forgejo user in container)
-        chown -R 1000:1000 "$MOUNT_POINT/forgejo-data"
-        chown -R 999:999 "$MOUNT_POINT/forgejo-db"  # postgres user
-        chown -R 1000:1000 "$MOUNT_POINT/runner-data"
-      else
-        echo "WARNING: Volume not found. Please attach volume manually."
-      fi
-    permissions: '0755'
-
  # Swap configuration script (needed for 1GB RAM)
  - path: /usr/local/bin/configure-swap.sh
    content: |
@ -269,7 +221,7 @@ write_files:
            POSTGRES_PASSWORD: $${POSTGRES_PASSWORD}
            POSTGRES_DB: $${POSTGRES_DB:-forgejo}
          volumes:
-            - /mnt/forgejo/forgejo-db:/var/lib/postgresql/data
+            - /var/lib/forgejo/forgejo-db:/var/lib/postgresql/data
          networks:
            - forgejo-internal
          healthcheck:
@ -326,7 +278,7 @@ write_files:
            FORGEJO__log__MODE: "console"
            FORGEJO__log__LEVEL: "Info"
          volumes:
-            - /mnt/forgejo/forgejo-data:/data
+            - /var/lib/forgejo/forgejo-data:/data
            - /etc/timezone:/etc/timezone:ro
            - /etc/localtime:/etc/localtime:ro
          networks:
@ -394,7 +346,7 @@ write_files:
            DOCKER_TLS_VERIFY: "1"
            DOCKER_CERT_PATH: /certs/client
          volumes:
-            - /mnt/forgejo/runner-data:/data
+            - /var/lib/forgejo/runner-data:/data
            - dind-certs-client:/certs/client:ro
          networks:
            - forgejo-internal
@ -571,7 +523,7 @@ write_files:
      |  Domain: ${domain}
      |  Git SSH Port: ${git_ssh_port}
      |                                                               |
-      |  Data location: /mnt/forgejo                                  |
+      |  Data location: /var/lib/forgejo                               |
      |  Docker compose: /opt/forgejo                                 |
      |                                                               |
      |  Commands:                                                    |
@ -633,12 +585,10 @@ runcmd:
  # Configure swap (important for 1GB RAM)
  - /usr/local/bin/configure-swap.sh

-  # Mount the volume
-  - /usr/local/bin/mount-volume.sh
-
-  # Fix ownership for Forgejo container (runs as UID 1000)
-  # This must run AFTER all directories are created to ensure correct permissions
-  - chown -R 1000:1000 /mnt/forgejo/forgejo-data
+  # Create data directories on local disk
+  - mkdir -p /var/lib/forgejo/forgejo-data /var/lib/forgejo/forgejo-db /var/lib/forgejo/runner-data
+  - chown -R 1000:1000 /var/lib/forgejo/forgejo-data /var/lib/forgejo/runner-data
+  - chown -R 999:999 /var/lib/forgejo/forgejo-db

  # Configure firewall
  - /usr/local/bin/configure-firewall.sh