Add Google Cloud K3s infrastructure support

- Add Terraform configuration for GCP instance and storage
- Add startup script for K3s installation and configuration
- Add pipeline scripts for deployment and management
- Add Forgejo deployment manifests and configuration

gcloud/tf/k3s/forgejo/deployment.yaml

@@ -0,0 +1,68 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: forgejo-deployment
+  namespace: forgejo
+  labels:
+    app: forgejo-app
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: forgejo-app
+  template:
+    metadata:
+      labels:
+        app: forgejo-app
+    spec:
+      terminationGracePeriodSeconds: 10
+      containers:
+      - name: forgejo
+        image: codeberg.org/forgejo/forgejo:11.0.6
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: FORGEJO__repository__ENABLE_PUSH_CREATE_USER
+          value: "true"
+        - name: FORGEJO__server__ROOT_URL
+          value: "https://frg.headshed.dev/"
+        - name: FORGEJO__repository__DEFAULT_BRANCH
+          value: "main"
+        - name: FORGEJO__server__LFS_START_SERVER
+          value: "true"
+        - name: FORGEJO__security__INSTALL_LOCK
+          value: "true"
+        - name: FORGEJO__service__DISABLE_REGISTRATION
+          value: "false"
+        ports:
+        - name: http
+          containerPort: 3000
+          protocol: TCP
+        - name: ssh
+          containerPort: 22
+        resources:
+          requests:
+            memory: "128Mi"
+            cpu: "100m"
+          limits:
+            memory: "256Mi"
+            cpu: "500m"        
+        tty: true
+        volumeMounts:
+        - name: forgejo-data
+          mountPath: /data
+        # - name: forgejo-timezone
+        #   mountPath: /etc/timezone
+        # - name: forgejo-localtime
+        #   mountPath: /etc/localtime
+      volumes:
+      - name: forgejo-data
+        persistentVolumeClaim:
+          claimName: forgejo-data-pvc
+      # - name: forgejo-timezone
+      #   configMap:
+      #     name: forgejo-timezone
+      # - name: forgejo-localtime
+      #   configMap:
+      #     name: forgejo-localtime

gcloud/tf/k3s/forgejo/ingress.yaml.template

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: tls-forgejo-ingress-http
+  namespace: forgejo
+  annotations:
+    cert-manager.io/issuer: "le-cluster-issuer-http"
+    
+spec:
+  tls:
+    - hosts:
+        - ${APP_DOMAIN_NAME}
+      secretName: tls-frg-ingress-http
+  rules:
+    - host: ${APP_DOMAIN_NAME}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: forgejo-app-service
+                port:
+                  name: web

gcloud/tf/k3s/forgejo/issuer.yaml.template

@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: le-cluster-issuer-http
+  namespace: forgejo
+spec:
+  acme:
+    email: ${EMAIL}
+    # We use the staging server here for testing to avoid throttling.
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: http-issuer-account-key
+    solvers:
+      - http01:
+          ingress:
+            class: traefik

gcloud/tf/k3s/forgejo/pvc.yaml

@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: forgejo-local-pv
+spec:
+  capacity:
+    storage: 3Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: /mnt/disks/app-data/forgejo
+  storageClassName: local-path
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: forgejo-data-pvc
+  namespace: forgejo
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 3Gi
+  volumeName: forgejo-local-pv
+  storageClassName: local-path

gcloud/tf/k3s/forgejo/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: forgejo-app-service
+  namespace: forgejo
+spec:
+  selector:
+    app: forgejo-app
+  ports:
+    - name: web
+      protocol: TCP
+      port: 3000
+      targetPort: 3000