From d5ad448d2bcdcb672a5b56d6d40ca4aa980e719c Mon Sep 17 00:00:00 2001
From: Richard Robert Reitz <richard-robert.reitz@telekom.de>
Date: Wed, 23 Apr 2025 15:50:14 +0200
Subject: [PATCH] Using ESO for Forgejo admin password generation

---
 .../manifests/secret-admin-password.yaml      | 36 +++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 template/stacks/core/forgejo/manifests/secret-admin-password.yaml

diff --git a/template/stacks/core/forgejo/manifests/secret-admin-password.yaml b/template/stacks/core/forgejo/manifests/secret-admin-password.yaml
new file mode 100644
index 0000000..f20efc3
--- /dev/null
+++ b/template/stacks/core/forgejo/manifests/secret-admin-password.yaml
@@ -0,0 +1,36 @@
+apiVersion: generators.external-secrets.io/v1alpha1
+kind: Password
+metadata:
+  name: forgejo-admin-password-generator
+  namespace: gitea 
+spec:
+  length: 36
+  digits: 5
+  symbols: 5
+  symbolCharacters: "/-+"
+  noUpper: false
+  allowRepeat: true
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: forgejo-admin-password-generator
+  namespace: gitea 
+spec:
+  refreshInterval: "0"
+  target:
+    name: gitea-credential
+    template:
+      engineVersion: v2
+      data:
+        username: giteaAdmin
+        password: "{{.INITIAL_ADMIN_PASSWORD}}"
+  dataFrom:
+    - sourceRef:
+        generatorRef:
+          apiVersion: generators.external-secrets.io/v1alpha1
+          kind: Password
+          name: forgejo-admin-password-generator
+      rewrite:
+        - transform:
+            template: "INITIAL_ADMIN_PASSWORD"