From f485fb10c67b1a6c5a6fccd62c57be7b3a23e6da Mon Sep 17 00:00:00 2001
From: Nicolas Meienberger <github@thisprops.com>
Date: Sun, 11 Jun 2023 13:39:58 +0200
Subject: [PATCH] feat(forgejo): use random db password

---
 apps/forgejo/config.json        | 17 +++++++++++------
 apps/forgejo/docker-compose.yml | 28 +++++++++++++++++++++++-----
 2 files changed, 34 insertions(+), 11 deletions(-)

diff --git a/apps/forgejo/config.json b/apps/forgejo/config.json
index 40711b53..b811e968 100644
--- a/apps/forgejo/config.json
+++ b/apps/forgejo/config.json
@@ -5,14 +5,19 @@
   "available": true,
   "exposable": true,
   "id": "forgejo",
-  "tipi_version": 7,
+  "tipi_version": 1,
   "version": "1.19.3-0",
-  "categories": [
-    "development"
-  ],
+  "categories": ["development"],
   "description": "Forgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job.",
   "short_desc": "Beyond coding. We forge. · Lightweight and performant · Guaranteed 100% Free Software",
   "author": "forgejo",
   "source": "https://codeberg.org/forgejo/forgejo/",
-  "form_fields": []
-}
\ No newline at end of file
+  "form_fields": [
+    {
+      "type": "random",
+      "label": "FORGEJO_DB_PASSWORD",
+      "min": 32,
+      "env_variable": "FORGEJO_DB_PASSWORD"
+    }
+  ]
+}
diff --git a/apps/forgejo/docker-compose.yml b/apps/forgejo/docker-compose.yml
index 013ee4ff..26377c83 100644
--- a/apps/forgejo/docker-compose.yml
+++ b/apps/forgejo/docker-compose.yml
@@ -1,4 +1,4 @@
-version: "3.7"
+version: '3.7'
 
 services:
   forgejo:
@@ -17,18 +17,36 @@ services:
       - ${APP_DATA_DIR}/data/forgejo:/data
     ports:
       - ${APP_PORT}:3000
-      - "222:22"
+      - '222:22'
     depends_on:
       - forgejo-db
     networks:
       - tipi_main_network
     labels:
-      traefik.enable: ${APP_EXPOSED}
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.forgejo-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.forgejo.loadbalancer.server.port: 3000
+      # Web
+      traefik.http.routers.forgejo-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.forgejo-insecure.entrypoints: web
+      traefik.http.routers.forgejo-insecure.service: forgejo
+      traefik.http.routers.forgejo-insecure.middlewares: forgejo-web-redirect
+      # Websecure
       traefik.http.routers.forgejo.rule: Host(`${APP_DOMAIN}`)
       traefik.http.routers.forgejo.entrypoints: websecure
       traefik.http.routers.forgejo.service: forgejo
       traefik.http.routers.forgejo.tls.certresolver: myresolver
-      traefik.http.services.forgejo.loadbalancer.server.port: 3000
+      # Local domain
+      traefik.http.routers.forgejo-local-insecure.rule: Host(`forgejo.${LOCAL_DOMAIN}`)
+      traefik.http.routers.forgejo-local-insecure.entrypoints: web
+      traefik.http.routers.forgejo-local-insecure.service: forgejo
+      traefik.http.routers.forgejo-local-insecure.middlewares: forgejo-web-redirect
+      # Local domain secure
+      traefik.http.routers.forgejo-local.rule: Host(`forgejo.${LOCAL_DOMAIN}`)
+      traefik.http.routers.forgejo-local.entrypoints: websecure
+      traefik.http.routers.forgejo-local.service: forgejo
+      traefik.http.routers.forgejo-local.tls: true
 
   forgejo-db:
     container_name: forgejo-db
@@ -36,7 +54,7 @@ services:
     restart: unless-stopped
     environment:
       - POSTGRES_USER=forgejo
-      - POSTGRES_PASSWORD=forgejo
+      - POSTGRES_PASSWORD=${FORGEJO_DB_PASSWORD}
       - POSTGRES_DB=forgejo
     volumes:
       - ${APP_DATA_DIR}/data/postgres:/var/lib/postgresql/data