Flux for K3s | Notion

Install Forgeo

# This for debian
wget <https://codeberg.org/forgejo/forgejo/releases/download/v1.21.10-0/forgejo-1.21.10-0-linux-amd64>
chmod +x forgejo-1.21.10-0-linux-amd64
mv forgejo-1.21.10-0-linux-amd64 /bin/forgejo

# Make directories
mkdir /var/www
mkdir /opt/forgejo
mkdir /opt/forgejo/data
mkdir /opt/forgejo/custom/
mkdir /opt/forgejo/data/repos/
mkdir /opt/forgejo/data/lfs/
mkdir /var/log/forgejo/
chown www-data:www-data -R /opt/forgejo/data/
chown www-data:www-data -R /var/log/forgejo/
chown www-data:www-data -R /var/www/

echo "
[Unit]
Description=Forgejo
After=network.target

[Service]
Type=simple
User=www-data
Group=www-data
WorkingDirectory=/opt/forgejo
Environment="ARG1=--work-path /opt/forgejo/"
ExecStart=/bin/forgejo $ARG1

[Install]
WantedBy=multi-user.target
" > /etc/systemd/forgejo.service
systemctl enable /etc/systemd/forgejo.service
systemctl start forgejo

apt install -y mariadb-server ssh
mysql -uroot -e 'create database forgejo; create user forgejo@localhost identified by "forgejo"; grant all on forgejo.* to forgejo@localhost; flush privileges'

# Access localhost:3000.
# Fill in DB stuff.
# Change the repo root, LFS root, and log path
# Everthing else default

sudo -u www-data forgejo --work-path=/opt/forgejo admin user create --username root --password root --email root@localhost --admin

Set up https reverse proxy so flux can auth

# Nginx reverse proxy on 8443, because i'm also running k3s on this host :skull:
apt install nginx
mkdir /opt/forgejo/ssl/
openssl req  -nodes -new -x509 -days 3650 -keyout /opt/forgejo/ssl/server.key -out /opt/forgejo/ssl/server.cert -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=bruh.local"  -addext "subjectAltName = DNS: forgejo"
echo "
server {
        listen 8443 ssl default_server;
        listen [::]:8443 ssl default_server;

        ssl_certificate /opt/forgejo/ssl/server.cert;
        ssl_certificate_key /opt/forgejo/ssl/server.key;

        location / {
                proxy_pass <http://localhost:3000>;
        }

}
" > /etc/nginx/sites-enabled/default

systemctl restart nginx

kubectl edit configmap -n kube-system coredns
for deploy in $(kubectl get deploy -n flux-system | awk '{print $1}'); do kubectl rollout restart -n flux-system deploy/$deploy; done

Install Flux

curl -s [<https://fluxcd.io/install.sh>](<https://fluxcd.io/install.sh>) | sudo bash
. <(flux completion bash

# Use `--scopes all` if you want vulnerable hehe
export GITEA_TOKEN=$(sudo -u www-data forgejo --work-path=/opt/forgejo admin user generate-access-token --username root --scopes 'write:repository,write:user,read:misc' --raw --token-name flux_token)
export GITEA_URL="<http://localhost:3000/api/v1/user/repos>"
export REPO_NAME="Flux"
#curl -k  -H "content-type: application/json"  -H "Authorization: token $GITEA_TOKEN" $GITEA_URL -d "{\\"name\\": \\"$REPO_NAME\\"}"
flux bootstrap gitea --token-auth --owner=root --repository=$REPO_NAME --private=false --personal=true --path=clusters/mycluster --branch=main --hostname 'localhost:8443' --ca-file /opt/forgejo/ssl/server.cert
unset GITEA_TOKEN
unset GITEA_URL
unset REPO_NAME