From 38c9fe5281893e04e0382d9f2548f246e86850fb Mon Sep 17 00:00:00 2001
From: ben <ben@brmartin.co.uk>
Date: Sun, 8 Jun 2025 18:24:59 +0100
Subject: [PATCH] fix(forgejo): run rootless

- Fixes permissions issues between webserver and agent
---
 modules/forgejo/jobspec.nomad.hcl | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/modules/forgejo/jobspec.nomad.hcl b/modules/forgejo/jobspec.nomad.hcl
index 1d735dc..57eddb6 100644
--- a/modules/forgejo/jobspec.nomad.hcl
+++ b/modules/forgejo/jobspec.nomad.hcl
@@ -16,7 +16,7 @@ job "forgejo" {
       driver = "docker"
 
       config {
-        image = "codeberg.org/forgejo/forgejo:11.0.1"
+        image = "codeberg.org/forgejo/forgejo:11.0.1-rootless"
 
         ports = ["forgejo"]
 
@@ -25,10 +25,17 @@ job "forgejo" {
           "/etc/localtime:/etc/localtime:ro"
         ]
       }
+      
+      user = "1000:1000"
 
       volume_mount {
-        volume      = "data"
-        destination = "/data"
+        volume      = "gitea"
+        destination = "/etc/gitea"
+      }
+
+      volume_mount {
+        volume      = "git"
+        destination = "/var/lib/gitea"
       }
 
       resources {
@@ -36,11 +43,6 @@ job "forgejo" {
         memory = 512
       }
 
-      env {
-        USER_UID = "1000"
-        USER_GID = "1000"
-      }
-
       service {
         port     = "forgejo"
         provider = "consul"
@@ -148,10 +150,18 @@ job "forgejo" {
       }
     }
 
-    volume "data" {
+    volume "gitea" {
       type            = "csi"
       read_only       = false
-      source          = "martinibar_prod_forgejo_data"
+      source          = "martinibar_prod_forgejo_gitea"
+      attachment_mode = "file-system"
+      access_mode     = "single-node-writer"
+    }
+
+    volume "git" {
+      type            = "csi"
+      read_only       = false
+      source          = "martinibar_prod_forgejo_git"
       attachment_mode = "file-system"
       access_mode     = "single-node-writer"
     }