--- apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: gitea namespace: default spec: interval: 15m chart: spec: chart: gitea version: 6.0.3 sourceRef: kind: HelmRepository name: gitea namespace: flux-system install: createNamespace: true remediation: retries: 5 upgrade: remediation: retries: 5 dependsOn: - name: postgres-cluster namespace: default values: image: repository: gitea/gitea tag: 1.17.4 rootless: true containerSecurityContext: capabilities: add: ["SYS_CHROOT"] gitea: admin: username: auricom config: APP_NAME: "Gitea Homelab" cron.resync_all_sshkeys: ENABLED: true RUN_AT_START: true database: DB_TYPE: postgres HOST: ${POSTGRES_HOST}:${POSTGRES_PORT} NAME: gitea SCHEMA: public SSL_MODE: disable server: SSH_PORT: 22 SSH_LISTEN_PORT: 30322 SSH_DOMAIN: gitea.${SECRET_DOMAIN} ROOT_URL: https://gitea.${SECRET_CLUSTER_DOMAIN} respository: DEFAULT_BRANCH: main DEFAULT_PRIVATE: true admin: DISABLE_REGULAR_ORG_CREATION: true security: PASSWORD_COMPLEXITY: "lower,upper" MIN_PASSWORD_LENGTH: 12 service: DISABLE_REGISTRATION: true REQUIRE_SIGNIN_VIEW: true cron: ENABLED: true attachment: STORAGE_TYPE: minio MINIO_ENDPOINT: truenas.${SECRET_DOMAIN}:51515 MINIO_BUCKET: gitea MINIO_USE_SSL: true storage: STORAGE_TYPE: minio MINIO_ENDPOINT: truenas.${SECRET_DOMAIN}:51515 MINIO_BUCKET: gitea MINIO_USE_SSL: true mailer: ENABLED: true MAILER_TYPE: smtp HOST: smtp-relay.default:2525 FROM: "Gitea " webhook: ALLOWED_HOST_LIST: drone.default.svc # openid: # ENABLE_OPENID_SIGNIN: false # ENABLE_OPENID_SIGNUP: true # WHITELISTED_URIS: "auth.${SECRET_CLUSTER_DOMAIN}" # oauth: # - name: authelia # provider: openidConnect # key: gitea # secret: "${SECRET_GITEA_OAUTH_CLIENT_SECRET}" # autoDiscoverUrl: "https://auth.${SECRET_CLUSTER_DOMAIN}/.well-known/openid-configuration" # groupClaimName: groups # adminGroup: admins # restrictedGroup: people metrics: enabled: true serviceMonitor: enabled: true podAnnotations: secret.reloader.stakater.com/reload: gitea-config postgresql: enabled: false memcached: enabled: false persistence: enabled: true existingClaim: "gitea-config" service: ssh: type: LoadBalancer port: 22 loadBalancerIP: ${CLUSTER_LB_GITEA} ingress: enabled: true className: nginx hosts: - host: "gitea.${SECRET_CLUSTER_DOMAIN}" paths: - path: / pathType: Prefix tls: - hosts: - "gitea.${SECRET_CLUSTER_DOMAIN}" resources: requests: cpu: 15m memory: 226M limits: cpu: 500m memory: 1Gi valuesFrom: - targetPath: gitea.admin.email kind: Secret name: gitea-config valuesKey: adminEmail - targetPath: gitea.admin.password kind: Secret name: gitea-config valuesKey: adminPassword - targetPath: gitea.config.attachment.MINIO_ACCESS_KEY_ID kind: Secret name: gitea-config valuesKey: minioAccessKeyId - targetPath: gitea.config.attachment.MINIO_SECRET_ACCESS_KEY kind: Secret name: gitea-config valuesKey: minioSecretAccessKey - targetPath: gitea.config.database.PASSWD kind: Secret name: gitea-config valuesKey: dbPassword - targetPath: gitea.config.database.USER kind: Secret name: gitea-config valuesKey: dbUser - targetPath: gitea.config.storage.MINIO_ACCESS_KEY_ID kind: Secret name: gitea-config valuesKey: minioAccessKeyId - targetPath: gitea.config.storage.MINIO_SECRET_ACCESS_KEY kind: Secret name: gitea-config valuesKey: minioSecretAccessKey postRenderers: - kustomize: patchesStrategicMerge: - kind: StatefulSet apiVersion: apps/v1 metadata: name: gitea spec: template: spec: initContainers: - name: init-db image: ghcr.io/onedr0p/postgres-initdb:14.6 env: - name: POSTGRES_HOST value: ${POSTGRES_HOST} - name: POSTGRES_DB value: gitea - name: POSTGRES_SUPER_PASS valueFrom: secretKeyRef: name: postgres-superuser key: password - name: POSTGRES_USER valueFrom: secretKeyRef: name: gitea-config key: dbUser - name: POSTGRES_PASS valueFrom: secretKeyRef: name: gitea-config key: dbPassword