feat(forgejo): add Forgejo module with Nomad job specification

2025-01-12 20:36:40 +00:00 · 2025-01-12 20:36:40 +00:00 · a250e8a538
commit a250e8a538
parent 08f372c693
3 changed files with 277 additions and 0 deletions
--- a/main.tf
+++ b/main.tf
@ -33,3 +33,7 @@ module "plugin-csi" {
 module "home-assistant" {
  source = "./modules/home-assistant"
 }
 module "forgejo" {
  source = "./modules/forgejo"
 }
--- a/modules/forgejo/jobspec.nomad.hcl
+++ b/modules/forgejo/jobspec.nomad.hcl
@ -0,0 +1,270 @@
 job "forgejo" {
  group "forgejo" {
    network {
      mode = "bridge"
      port "forgejo" {
        to = 3000
      }
      port "envoy_metrics" {
        to = 9102
      }
    }
    task "forgejo" {
      driver = "docker"
      config {
        image = "codeberg.org/forgejo/forgejo:9.0.3"
        volumes = [
          "/etc/timezone:/etc/timezone:ro",
          "/etc/localtime:/etc/localtime:ro"
        ]
      }
      volume_mount {
        volume      = "data"
        destination = "/data"
      }
      resources {
        cpu    = 500
        memory = 512
      }
      env {
        USER_UID = "1000"
        USER_GID = "1000"
      }
    }
    volume "data" {
      type            = "csi"
      read_only       = false
      source          = "martinibar_prod_forgejo_data"
      attachment_mode = "file-system"
      access_mode     = "single-node-writer"
    }
    service {
      port     = "3000"
      provider = "consul"
      meta {
        envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}"
      }
      connect {
        sidecar_service {
          proxy {
            expose {
              path {
                path            = "/metrics"
                protocol        = "http"
                local_path_port = 9102
                listener_port   = "envoy_metrics"
              }
            }
            transparent_proxy {}
          }
        }
      }
    }
  }
  group "runner" {
    network {
      mode = "bridge"
      port "envoy_metrics" {
        to = 9102
      }
    }
    task "runner" {
      driver = "docker"
      config {
        image = "data.forgejo.org/forgejo/runner:4.0.0"
        command = "forgejo-runner"
        args    = ["daemon", "--config=${NOMAD_TASK_DIR}/config.yml"]
        volumes = ["/var/run/docker.sock:/var/run/docker.sock"]
      }
      volume_mount {
        volume      = "data"
        destination = "/data"
      }
      resources {
        cpu    = 500
        memory = 512
      }
      template {
        data = <<-EOF
          log:
            level: info
          runner:
            file: .runner
            capacity: 3
            timeout: 3h
            shutdown_timeout: 3h
            insecure: false
            fetch_timeout: 5s
            fetch_interval: 2s
            report_interval: 1s
            labels: []
          cache:
            enabled: true
            dir: ""
            host: ""
            port: 0
            external_server: ""
          container:
            network: "host"
            enable_ipv6: false
            privileged: true
            options:
            workdir_parent:
            valid_volumes: []
            docker_host: "-"
            force_pull: false
          host:
            workdir_parent:
          EOF
        destination = "local/config.yml"
      }
      env {
        DOCKER_HOST = "tcp://forgejo-docker-in-docker.virtual.consul:2375"
      }
    }
    volume "data" {
      type            = "csi"
      read_only       = false
      source          = "martinibar_prod_forgejo-runner_data"
      attachment_mode = "file-system"
      access_mode     = "single-node-writer"
    }
    service {
      provider = "consul"
      meta {
        envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}"
      }
      connect {
        sidecar_service {
          proxy {
            expose {
              path {
                path            = "/metrics"
                protocol        = "http"
                local_path_port = 9102
                listener_port   = "envoy_metrics"
              }
            }
            transparent_proxy {}
          }
        }
      }
    }
  }
  group "docker-in-docker" {
    network {
      mode = "bridge"
      port "websocket" {
        to = 2375
      }
      port "envoy_metrics" {
        to = 9102
      }
    }
    task "docker-in-docker" {
      driver = "docker"
      config {
        image      = "docker:dind"
        privileged = true
        command = "dockerd"
        args    = ["-H=tcp://0.0.0.0:2375", "--tls=false"]
      }
      resources {
        cpu    = 500
        memory = 512
      }
    }
    service {
      port     = "2375"
      provider = "consul"
      meta {
        envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}"
      }
      connect {
        sidecar_service {
          proxy {
            expose {
              path {
                path            = "/metrics"
                protocol        = "http"
                local_path_port = 9102
                listener_port   = "envoy_metrics"
              }
            }
            transparent_proxy {}
          }
        }
      }
    }
  }
  group "forgejo-ingress-group" {
    network {
      mode = "bridge"
      port "inbound" {
        to = 8080
      }
    }
    service {
      port = "inbound"
      tags = [
        "traefik.enable=true",
        "traefik.http.routers.forgejo.entrypoints=websecure",
        "traefik.http.routers.forgejo.rule=Host(`git.brmartin.co.uk`)"
      ]
      connect {
        gateway {
          ingress {
            listener {
              port     = 8080
              protocol = "http"
              service {
                name  = "forgejo-forgejo"
                hosts = ["*"]
              }
            }
          }
        }
      }
    }
  }
 }
--- a/modules/forgejo/main.tf
+++ b/modules/forgejo/main.tf
@ -0,0 +1,3 @@
 resource "nomad_job" "forgejo" {
  jobspec = file("${path.module}/jobspec.nomad.hcl")
 }