Files
the-custodian/docs/forgejo-production-decisions.md
codex a912679675 Document glas-harness Forgejo migration pilot routing
Records what works (SSH forgejo-remote, CI smoke, HTTPS mirror) and what is
still blocked before state-hub cutover. Updates CUST-WP-0054-T04 progress.
2026-07-04 00:59:53 +02:00

3.7 KiB

Forgejo Production Decisions (Wave 1)

Date: 2026-07-03
Workplans: RAIL-HO-WP-0005-T02, CUST-WP-0054-T04
Operator input: 2026-07-03

Decision log

# Topic Decision Status Evidence (2026-07-03)
1 Production hostname forgejo.coulomb.social decided DNS A → 92.205.62.239 (railiance01); HTTPS reaches Traefik on railiance01
2 Exposure model Private HTTPS via railiance01 Traefik ingress + cert-manager letsencrypt-prod decided Same pattern as Gitea (manifests/forgejo-ingress.yaml in railiance-apps)
2b Deployment pattern gitea-charts/gitea 12.5.0 Helm + Forgejo image; CNPG forgejo-db in railiance-platform; Makefile in railiance-apps decided Chart 12.6+ requires Gitea 1.26 config edit-ini (incompatible with Forgejo 11); see railiance-apps/docs/forgejo-on-railiance01.md
2c Live deploy Forgejo pod + ingress + TLS on railiance01 done (2026-07-03) make forgejo-smoke → HTTP 200 + OCI /v2/ 401 challenge; cert forgejo-tls Ready
3 Gitea during transition gitea.coulomb.social on coulombcore remains canonical until Forgejo restore/migration drills pass; then read-only mirror unchanged Per RAIL-HO-WP-0005 safety contract
4 SMTP / password reset TBD open
5 Package registry scope TBD (container images first assumed) open
6 Actions runner model In-cluster on railiance01: forgejo-runner Deployment + DinD (railiance01-build-01) done (2026-07-03) Runner 2/2 Ready; coulombcore host runner disabled; image-build probe pushed OCI image via org secrets
7 Backup target + retention TBD open
8 Cutover mode TBD (staged per-repo vs freeze-all) open

Hostname decision detail

Chosen hostname: https://forgejo.coulomb.social

Field Value
DNS forgejo.coulomb.social92.205.62.239 (railiance01)
Edge railiance01 k3s Traefik (kube-system/traefik LoadBalancer)
Target machine railiance01 (production home per CUST-WP-0054)
Canonical git remote (post-cutover) https://forgejo.coulomb.social/coulomb/<repo>.git
OCI registry (post-cutover) forgejo.coulomb.social/coulomb/<image>

Live probe (2026-07-03, post-deploy)

getent hosts forgejo.coulomb.social   # 92.205.62.239
curl -fsS -o /dev/null -w '%{http_code}\n' https://forgejo.coulomb.social/   # 200
curl -sSI -X GET https://forgejo.coulomb.social/v2/ | grep -i docker-distribution  # registry/2.0
KUBECONFIG=~/.kube/config-hosteurope kubectl get pods,ingress,certificate -n forgejo

Forgejo is serving HTTPS with a valid Let's Encrypt cert. Gitea on coulombcore remains canonical for git remotes until migration drills pass.

Implications for CUST-WP-0054

  • Wave 1 can proceed with a fixed hostname for overlays, ingress manifests, and CI IMAGE_REPOSITORY variables.
  • State Hub / sweep checkouts on railiance01 (T05) should clone from forgejo.coulomb.social once cutover completes.
  • Runners and image-build CI are proven; first repo migration pilot (glas-harness) documents git/SSH/CI routing in docs/forgejo-repo-migration-pilot-glas-harness.md.
  • Remaining blockers for production cutover: SMTP, backup, cutover mode, operator SSH identity on Forgejo, and production repo migration (RAIL-HO-WP-0005-T11).

Open decisions (need operator input)

  1. SMTP provider, sender address, and SPF/DKIM alignment for @coulomb.social
  2. Package types beyond OCI at launch (npm, PyPI, Helm, …)
  3. Actions runner: in-cluster ephemeral vs long-lived pod vs host runner
  4. Backup destination and restore cadence
  5. Cutover: staged project-by-project vs single freeze window