homelab/k3s/forgejo/forgejo-db-init.yaml

# Forgejo DB Init Job
# Creates forgejo database and user in PostgreSQL.
# Run once before deploying Forgejo.
#
# Deploy:
#   kubectl create secret generic forgejo-secret \
#     --from-literal=db-password='<password>'
#   kubectl apply -f forgejo-db-init.yaml
#
# Watch completion:
#   kubectl get jobs -w
#   kubectl logs job/forgejo-db-init

apiVersion: batch/v1
kind: Job
metadata:
  name: forgejo-db-init
spec:
  template:
    spec:
      restartPolicy: OnFailure
      containers:
        - name: forgejo-db-init
          image: postgres:16
          env:
            - name: PGPASSWORD
              valueFrom:
                secretKeyRef:
                  name: postgres-secret
                  key: password
            - name: FORGEJO_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: forgejo-secret
                  key: db-password
          command:
            - /bin/sh
            - -c
            - |
              psql -h postgres -U postgres <<EOF
              CREATE USER forgejo_user WITH PASSWORD '${FORGEJO_DB_PASSWORD}';
              CREATE DATABASE forgejo_db OWNER forgejo_user;
              EOF