Forgejo template

cluster/staging/app/git/deploy/forgejo.hcl

@@ -0,0 +1,137 @@
+job "git" {
+  datacenters = ["bespin"]
+  type = "service"
+
+  group "forgejo" {
+    count = 1
+
+    network {
+      port "http" { static = 3000 }
+      port "ssh"  { static = 22 }
+    }
+
+    ephemeral_disk {
+      size    = 10000
+    }
+
+    restart {
+      attempts = 10
+      delay    = "30s"
+    }
+
+    task "forgejo" {
+      driver = "docker"
+
+      config {
+        image = "codeberg.org/forgejo/forgejo:10.0.2"
+        network_mode = "host"
+        readonly_rootfs = true
+        ports = [ "http", "ssh" ]
+        volumes = [
+          "/ssd/forgejo:/data",
+          "/etc/timezone:/etc/timezone:ro",
+          "/etc/localtime:/etc/localtime:ro"
+        ]
+      }
+
+      template {
+        data = <<ENV
+USER_UID = 106
+USER_GID = 112
+DB_TYPE  = postgres
+DB_HOST  = db:3306
+GITEA__database__NAME   = gitea
+GITEA__database__USER   = gitea
+GITEA__database__PASSWD = "{{ key \"secrets/git/forgejo/database_password\" }}"
+# Mailer credentials
+GITEA__mailer__USER   = _system._gitea@deuxfleurs.fr
+GITEA__mailer__PASSWD = "{{ key \"secrets/git/forgejo/mailer_password\" }}"
+# General configuration
+GITEA__server__DOMAIN     = git.staging.deuxfleurs.org
+GITEA__server__SSH_DOMAIN = git.staging.deuxfleurs.org
+GITEA__server__ROOT_URL   = https://git.staging.deuxfleurs.org
+GITEA__server__LFS_START_SERVER = true
+GITEA__database__DB_TYPE  = mysql
+GITEA__database__HOST     = db
+GITEA__mailer__ENABLED    = true
+GITEA__mailer__SMTP_ADDR  = smtp.deuxfleurs.fr
+GITEA__mailer__SMTP_PORT  = 465
+GITEA__mailer__PROTOCOL   = smtps
+GITEA__mailer__FROM       = Deuxfleurs Gitea <_system._forjego@staging.deuxfleurs.org>
+GITEA__mailer__FORCE_TRUST_SERVER_CERT = true
+GITEA__mailer__SUBJECT_PREFIX = [Deuxfleurs Forgejo Staging]
+GITEA__service__REGISTER_EMAIL_CONFIRM = true
+GITEA__service__ENABLE_NOTIFY_MAIL = true
+GITEA__admin__DEFAULT_EMAIL_NOTIFICATIONS = enabled
+GITEA__lfs__PATH = /data/git/lfs
+# Prevent spam accounts
+GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION = false
+GITEA__service__DEFAULT_USER_VISIBILITY = limited
+GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE = true
+# Allow CORS for StaticCMS (a fork of Netlify CMS)
+GITEA__cors__ENABLED = true
+GITEA__cors__ALLOW_DOMAIN = *
+GITEA__cors__ALLOW_CREDENTIALS = true
+GITEA__cors__METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
+GITEA__cors__SCHEME = *
+GITEA__cors__HEADERS = Content-Type,User-Agent,Authorization
+# Options passed to Gitea
+# see https://docs.gitea.io/en-us/config-cheat-sheet/
+# config is in /data/gitea/config/app.ini
+GITEA__ui__ISSUE_PAGING_NUM = 20
+        ENV
+        destination = "secrets/env"
+        env = true
+      }
+
+      resources {
+        cpu = 1000
+        memory = 1000
+        memory_max = 1000
+      }
+
+      service {
+        name = "forgejo-ssh"
+        port = "ssh"
+        address_mode = "host"
+        tags = [
+          "forgejo-staging-ssh",
+          "tricot git.staging.deuxfleurs.org 100",
+          "d53-cname git.staging.deuxfleurs.org",
+        ]
+        check {
+          type = "tcp"
+          port = "ssh"
+          interval = "60s"
+          timeout = "5s"
+          check_restart {
+            limit = 3
+            grace = "90s"
+            ignore_warnings = false
+          }
+        }
+      }
+      service {
+        name = "forgejo-http"
+        port = "http"
+        address_mode = "host"
+        tags = [
+          "forgejo-staging-http",
+          "tricot-add-header Access-Control-Allow-Origin *",
+          "d53-cname git.staging.deuxfleurs.org",
+        ]
+        check {
+          type = "tcp"
+          port = "http"
+          interval = "60s"
+          timeout = "5s"
+          check_restart {
+            limit = 3
+            grace = "90s"
+            ignore_warnings = false
+          }
+        }
+      }
+    }
+  }
+}