move storage to s3 (b2)

forgejo/README.md

@@ -0,0 +1,58 @@
+# Forgejo (was: Gitea)
+
+This deploys the Forgejo git hosting software on Fly.io.
+
+## Installation
+
+1. Clone this repository
+1. `fly launch`, follow the prompts
+1. Select `n` when it asks if you want to deploy
+1. Create a volume in a region of your choice: `fly volumes create data --size 50 --region ord`
+1. Generate, and store securely, you secrets:
+    ```shell
+    fly secrets set \
+      "GITEA__security__SECRET_KEY=$(openssl rand -hex 12)" \
+      "GITEA__security__INTERNAL_TOKEN=$(openssl rand -hex 12)"
+    ```
+1. For S3 storage you'll need to add two more secrets:
+    ```shell
+    fly secrets set "GITEA__storage__MINIO_ACCESS_KEY_ID=[redacted]"
+    fly secrets set "GITEA__storage__MINIO_SECRET_ACCESS_KEY=[redacted]"
+    ```
+1. Deploy, `fly deploy --remote-only`
+1. Setup DNS with your registrar, you must have either CNAME or A/AAAA records
+   set. See: https://fly.io/docs/app-guides/custom-domains-with-fly/
+1. Create certificate for Fly's automatic TLS termination. `fly certs create git.example.com`
+1. Opens an SSH session to the running container. `fly ssh console`
+1. In the SSH session in the container, run: `su git` and then
+    ```shell
+    gitea admin user create \
+      --username MYNAME \
+      --email MYEMAIL@example.com \
+      --admin \
+      --random-password \
+      --must-change-password
+    ```
+
+## Proxy the GUI to localhost
+
+1. Forward container port 3000 to localhost:3000 `fly proxy 3000:3000`
+
+## Get Connected using WireGuard (VPN)
+
+1. Create a WireGuard peer with `fly wireguard create`
+1. Setup WireGuard with generated config
+1. `fly ips private` to get the IP of your Daemon
+1. Set the `DOCKER_HOST` env variable using that IP:
+    ```
+    export DOCKER_HOST=tcp://[fdaa:0:5d2:a7b:81:0:26d4:2]:2375
+    ```
+
+# Final Step
+
+1. Delete the Docker Engine from your local system.
+1. You probably want to scale your remote Daemon: `fly scale vm dedicated-cpu-2x`
+
+# NOTES:
+
+* https://blog.luketurner.org/posts/gitea-on-fly/

forgejo/fly.toml

@@ -25,15 +25,31 @@ kill_timeout = "5s"
   GITEA__mailer__SUBJECT_PREFIX = "git.burd.me"
   GITEA__security__INSTALL_LOCK = "true"
   GITEA__server__DOMAIN = "git.burd.me"
+  GITEA__server__LANDING_PAGE = "/greg"
   GITEA__server__ROOT_URL = "https://git.burd.me"
   GITEA__server__SSH_DOMAIN = "git.burd.me"
   GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE = "true"
   GITEA__service__DEFAULT_USER_IS_RESTRICTED = "true"
-  GITEA__service__DISABLE_REGISTRATION = "false"
+  GITEA__service__DISABLE_REGISTRATION = "true"  # NOTE: should be uncomment once you have created your first user
   GITEA__service__REGISTER_EMAIL_CONFIRM = "false"
   GITEA__service__REGISTER_MANUAL_CONFIRM = "true"
   "GITEA__ui.meta__AUTHOR" = "git.burd.me: Git for us"
   GITEA__ui__DEFAULT_THEME = "forgejo-auto"
+  # GITEA__log__MODE = "console"
+  # GITEA__log__LEVEL = "trace"
+  # GITEA__log__REDIRECT_MACARON_LOG = "true"
+  # GITEA__log__MACARON = "console"
+  # GITEA__log__ROUTER = "console"
+  # GITEA__log__ROOT_PATH = "/data/gitea/log"
+  # Storage in S3 bucket
+  # NOTE: MINIO_BASE_PATH must *not* be set in the [storage] section.
+  GITEA__storage__STORAGE_TYPE = "minio"
+  GITEA__storage__MINIO_USE_SSL = "true"
+  GITEA__storage__MINIO_ENDPOINT = "s3.us-west-000.backblazeb2.com"
+  # GITEA__storage__MINIO_ACCESS_KEY_ID = [use fly secrets set ..., see README.md]
+  # GITEA__storage__MINIO_SECRET_ACCESS_KEY = [use fly secrets set ..., see README.md]
+  GITEA__storage__MINIO_BUCKET = "burd-infra-forgejo-4276-a538"
+  GITEA__storage__MINIO_LOCATION = "us-west-000"
 
 [[mounts]]
   source = "gitea_data"