doomtube/beeta
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add automatic SSL certificate generation
All checks were successful
Build and Push / build-all (push) Successful in 7m17s
Details

Browse source
This commit is contained in:
doomtube 2026-01-06 04:53:46 -05:00
parent 01bd631af8
commit 3155eacdac
7 changed files with 8 additions and 109 deletions
Download patch file Download diff file Expand all files Collapse all files

1
devops/terraform/main.tf
View file

@ -73,7 +73,6 @@ module "forgejo" {
ssh_keys = module.ssh_keys.forgejo_ssh_key_ids ssh_keys = module.ssh_keys.forgejo_ssh_key_ids
droplet_size = var.forgejo_droplet_size droplet_size = var.forgejo_droplet_size
droplet_image = var.forgejo_droplet_image droplet_image = var.forgejo_droplet_image
volume_size = var.forgejo_volume_size
ssh_port = var.forgejo_ssh_port ssh_port = var.forgejo_ssh_port
git_ssh_port = var.forgejo_git_ssh_port git_ssh_port = var.forgejo_git_ssh_port
domain = var.forgejo_domain domain = var.forgejo_domain

66
devops/terraform/modules/forgejo/cloud-init.yaml.tpl
View file

@ -152,54 +152,6 @@ write_files:
echo "Firewall configured successfully" echo "Firewall configured successfully"
permissions: '0755' permissions: '0755'
# Volume mount script
- path: /usr/local/bin/mount-volume.sh
content: |
#!/bin/bash
set -e
VOLUME_NAME="${volume_name}"
MOUNT_POINT="/mnt/forgejo"
# Create mount point
mkdir -p "$MOUNT_POINT"
# Find the volume device
# DigitalOcean volumes are typically at /dev/disk/by-id/scsi-0DO_Volume_*
VOLUME_DEV=$(readlink -f /dev/disk/by-id/scsi-0DO_Volume_$VOLUME_NAME 2>/dev/null || true)
if [ -z "$VOLUME_DEV" ]; then
echo "Waiting for volume to attach..."
sleep 10
VOLUME_DEV=$(readlink -f /dev/disk/by-id/scsi-0DO_Volume_$VOLUME_NAME 2>/dev/null || true)
fi
if [ -n "$VOLUME_DEV" ]; then
# Check if already mounted
if ! mountpoint -q "$MOUNT_POINT"; then
mount "$VOLUME_DEV" "$MOUNT_POINT"
echo "Volume mounted at $MOUNT_POINT"
fi
# Add to fstab if not already there
if ! grep -q "$VOLUME_DEV" /etc/fstab; then
echo "$VOLUME_DEV $MOUNT_POINT ext4 defaults,nofail,discard 0 2" >> /etc/fstab
fi
# Create subdirectories
mkdir -p "$MOUNT_POINT/forgejo-data"
mkdir -p "$MOUNT_POINT/forgejo-db"
mkdir -p "$MOUNT_POINT/runner-data"
# Set permissions (UID 1000 is typically the forgejo user in container)
chown -R 1000:1000 "$MOUNT_POINT/forgejo-data"
chown -R 999:999 "$MOUNT_POINT/forgejo-db" # postgres user
chown -R 1000:1000 "$MOUNT_POINT/runner-data"
else
echo "WARNING: Volume not found. Please attach volume manually."
fi
permissions: '0755'
# Swap configuration script (needed for 1GB RAM) # Swap configuration script (needed for 1GB RAM)
- path: /usr/local/bin/configure-swap.sh - path: /usr/local/bin/configure-swap.sh
content: | content: |
@ -269,7 +221,7 @@ write_files:
POSTGRES_PASSWORD: $${POSTGRES_PASSWORD} POSTGRES_PASSWORD: $${POSTGRES_PASSWORD}
POSTGRES_DB: $${POSTGRES_DB:-forgejo} POSTGRES_DB: $${POSTGRES_DB:-forgejo}
volumes: volumes:
- /mnt/forgejo/forgejo-db:/var/lib/postgresql/data - /var/lib/forgejo/forgejo-db:/var/lib/postgresql/data
networks: networks:
- forgejo-internal - forgejo-internal
healthcheck: healthcheck:
@ -326,7 +278,7 @@ write_files:
FORGEJO__log__MODE: "console" FORGEJO__log__MODE: "console"
FORGEJO__log__LEVEL: "Info" FORGEJO__log__LEVEL: "Info"
volumes: volumes:
- /mnt/forgejo/forgejo-data:/data - /var/lib/forgejo/forgejo-data:/data
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
networks: networks:
@ -394,7 +346,7 @@ write_files:
DOCKER_TLS_VERIFY: "1" DOCKER_TLS_VERIFY: "1"
DOCKER_CERT_PATH: /certs/client DOCKER_CERT_PATH: /certs/client
volumes: volumes:
- /mnt/forgejo/runner-data:/data - /var/lib/forgejo/runner-data:/data
- dind-certs-client:/certs/client:ro - dind-certs-client:/certs/client:ro
networks: networks:
- forgejo-internal - forgejo-internal
@ -571,7 +523,7 @@ write_files:
| Domain: ${domain} | Domain: ${domain}
| Git SSH Port: ${git_ssh_port} | Git SSH Port: ${git_ssh_port}
| | | |
| Data location: /mnt/forgejo | | Data location: /var/lib/forgejo |
| Docker compose: /opt/forgejo | | Docker compose: /opt/forgejo |
| | | |
| Commands: | | Commands: |
@ -633,12 +585,10 @@ runcmd:
# Configure swap (important for 1GB RAM) # Configure swap (important for 1GB RAM)
- /usr/local/bin/configure-swap.sh - /usr/local/bin/configure-swap.sh
# Mount the volume # Create data directories on local disk
- /usr/local/bin/mount-volume.sh - mkdir -p /var/lib/forgejo/forgejo-data /var/lib/forgejo/forgejo-db /var/lib/forgejo/runner-data
- chown -R 1000:1000 /var/lib/forgejo/forgejo-data /var/lib/forgejo/runner-data
# Fix ownership for Forgejo container (runs as UID 1000) - chown -R 999:999 /var/lib/forgejo/forgejo-db
# This must run AFTER all directories are created to ensure correct permissions
- chown -R 1000:1000 /mnt/forgejo/forgejo-data
# Configure firewall # Configure firewall
- /usr/local/bin/configure-firewall.sh - /usr/local/bin/configure-firewall.sh

23
devops/terraform/modules/forgejo/main.tf
View file

@ -22,19 +22,6 @@ resource "random_password" "forgejo_jwt_secret" {
special = false special = false
} }
# =============================================================================
# Forgejo Volume (Block Storage)
# =============================================================================
resource "digitalocean_volume" "forgejo" {
name = "${var.project_name}-forgejo-${var.environment}"
region = var.region
size = var.volume_size
initial_filesystem_type = "ext4"
description = "Forgejo data volume for ${var.project_name}"
tags = var.tags
}
# ============================================================================= # =============================================================================
# Forgejo Droplet # Forgejo Droplet
# ============================================================================= # =============================================================================
@ -57,7 +44,6 @@ resource "digitalocean_droplet" "forgejo" {
ssh_port = var.ssh_port ssh_port = var.ssh_port
git_ssh_port = var.git_ssh_port git_ssh_port = var.git_ssh_port
vpc_ip_range = var.vpc_ip_range vpc_ip_range = var.vpc_ip_range
volume_name = "${var.project_name}-forgejo-${var.environment}"
domain = var.domain domain = var.domain
postgres_password = random_password.postgres.result postgres_password = random_password.postgres.result
forgejo_secret_key = random_password.forgejo_secret_key.result forgejo_secret_key = random_password.forgejo_secret_key.result
@ -73,15 +59,6 @@ resource "digitalocean_droplet" "forgejo" {
} }
} }
# =============================================================================
# Volume Attachment
# =============================================================================
resource "digitalocean_volume_attachment" "forgejo" {
droplet_id = digitalocean_droplet.forgejo.id
volume_id = digitalocean_volume.forgejo.id
}
# ============================================================================= # =============================================================================
# DNS Record (optional - requires domain to be managed by DigitalOcean) # DNS Record (optional - requires domain to be managed by DigitalOcean)
# ============================================================================= # =============================================================================

10
devops/terraform/modules/forgejo/outputs.tf
View file

@ -18,16 +18,6 @@ output "urn" {
value = digitalocean_droplet.forgejo.urn value = digitalocean_droplet.forgejo.urn
} }
output "volume_id" {
description = "ID of the Forgejo volume"
value = digitalocean_volume.forgejo.id
}
output "volume_name" {
description = "Name of the Forgejo volume"
value = digitalocean_volume.forgejo.name
}
output "dns_record_fqdn" { output "dns_record_fqdn" {
description = "FQDN of the DNS record (if managed)" description = "FQDN of the DNS record (if managed)"
value = var.manage_dns ? digitalocean_record.forgejo[0].fqdn : null value = var.manage_dns ? digitalocean_record.forgejo[0].fqdn : null

6
devops/terraform/modules/forgejo/variables.tf
View file

@ -40,12 +40,6 @@ variable "droplet_image" {
default = "debian-12-x64" default = "debian-12-x64"
} }
variable "volume_size" {
description = "Size of the data volume in GB"
type = number
default = 50
}
variable "ssh_port" { variable "ssh_port" {
description = "System SSH port (non-standard, VPC only)" description = "System SSH port (non-standard, VPC only)"
type = number type = number

5
devops/terraform/outputs.tf
View file

@ -55,11 +55,6 @@ output "forgejo_private_ip" {
value = module.forgejo.private_ip value = module.forgejo.private_ip
} }
output "forgejo_volume_id" {
description = "ID of the Forgejo volume"
value = module.forgejo.volume_id
}
output "forgejo_ssh_port" { output "forgejo_ssh_port" {
description = "System SSH port for Forgejo (VPC only)" description = "System SSH port for Forgejo (VPC only)"
value = var.forgejo_ssh_port value = var.forgejo_ssh_port

6
devops/terraform/variables.tf
View file

@ -105,12 +105,6 @@ variable "forgejo_droplet_image" {
default = "debian-12-x64" default = "debian-12-x64"
} }
variable "forgejo_volume_size" {
description = "Size of the Forgejo data volume in GB"
type = number
default = 50
}
variable "forgejo_domain" { variable "forgejo_domain" {
description = "Domain name for Forgejo (e.g., qbit.realms.pub)" description = "Domain name for Forgejo (e.g., qbit.realms.pub)"
type = string type = string