# Forgejo on railiance01 Production source forge at **`https://forgejo.coulomb.social`**. Mirrors the coulombcore Gitea pattern (`railiance-forge`) but targets **railiance01** using the same OAS split as other S5 apps (`inter-hub`, `reuse-surface`). ## Layer ownership | Layer | Repo | Concern | | --- | --- | --- | | S3 | `railiance-platform` | `forgejo-db` CNPG cluster + network policies | | S5 | `railiance-apps` | Helm release, ingress, operator Makefile | | S2 | `railiance-cluster` | Traefik, cert-manager, cnpg operator | Hostname decision: `the-custodian/docs/forgejo-production-decisions.md`. ## Hosts | Item | Value | | --- | --- | | Server | railiance01 `92.205.62.239` | | Namespace | `forgejo` | | Helm release | `forgejo` | | HTTP service | `forgejo-gitea-http` (chart naming; ingress must target this) | | Chart | `gitea-charts/gitea` **12.5.0** (Forgejo-compatible; 12.6+ needs Gitea 1.26 `config edit-ini`) | | Image | `code.forgejo.org/forgejo/forgejo:11.0.3` | | Database | `forgejo-db-rw.databases.svc.cluster.local:5432` | | Kubeconfig | `~/.kube/config-hosteurope` | ## Bootstrap (first deploy) ### 1. Database credentials (platform) ```bash cd ~/railiance-platform # One-time: create and SOPS-encrypt helm/forgejo-db-secret.sops.yaml from template KUBECONFIG=~/.kube/config-hosteurope make forgejo-db-deploy KUBECONFIG=~/.kube/config-hosteurope make forgejo-db-status ``` ### 2. Application secrets (apps) ```bash cd ~/railiance-apps # Encrypt helm/forgejo-secrets.sops.yaml from template (DB PASSWD must match platform secret) make check-sops ``` ### 3. Deploy Forgejo ```bash cd ~/railiance-apps make forgejo-dry-run make forgejo-deploy make forgejo-ingress-deploy make forgejo-ssh-nodeport-deploy # optional; git+ssh via nodePort 30022 # In-cluster Actions runner (ADR-004, railiance-infra/docs/adr/ADR-004-...) # One-time: encrypt helm/forgejo-runner-registration.sops.yaml from template make forgejo-runner-registration-deploy make forgejo-runner-deploy make forgejo-status make forgejo-smoke make forgejo-runner-status ``` ## Upgrade notes - Pin `FORGEJO_CHART_VERSION=12.5.0` — chart 12.6+ requires Gitea 1.26 `config edit-ini`. - `strategy.type: Recreate` in `helm/forgejo-values.yaml` — avoids leveldb queue lock on the shared RWO PVC during rolling updates. - Actions enabled via `gitea.config.actions.ENABLED: true`. - Ingress backend service name is `forgejo-gitea-http` (Helm release naming). ## Day-2 operator targets ```bash make forgejo-status make forgejo-logs make forgejo-smoke ``` ## Coexistence with Gitea Gitea on coulombcore remains canonical until `RAIL-HO-WP-0005` migration drills and cutover pass. Do not repoint repo remotes until Wave 1 cutover is approved. ## Related - Gitea reference: `~/railiance-forge/Makefile` (`gitea-deploy`) - Drain plan: `the-custodian/docs/coulombcore-drain-placement-plan.md` Wave 1 - Onboarding checklist: `docs/s5-app-onboarding-checklist.md`