auricom-home-cluster/kubernetes/archive/gitea/app/helmrelease.yaml

---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: gitea
  namespace: default
spec:
  interval: 30m
  chart:
    spec:
      chart: gitea
      version: 9.2.0
      sourceRef:
        kind: HelmRepository
        name: gitea
        namespace: flux-system
  maxHistory: 2
  install:
    createNamespace: true
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      retries: 3
  uninstall:
    keepHistory: false
  values:
    image:
      repository: gitea/gitea
      tag: 1.20.3
      rootless: true
    containerSecurityContext:
      capabilities:
        add: ["SYS_CHROOT"]
    gitea:
      admin:
        username: auricom
      config:
        APP_NAME: "Gitea Homelab"
        cron.resync_all_sshkeys:
          ENABLED: true
          RUN_AT_START: true
        database:
          DB_TYPE: postgres
          HOST: postgres-rw.default.svc.cluster.local:5432
          NAME: gitea
          SCHEMA: public
          SSL_MODE: disable
        server:
          SSH_PORT: 22
          SSH_LISTEN_PORT: 30322
          SSH_DOMAIN: gitea.${SECRET_DOMAIN}
          ROOT_URL: https://gitea.${SECRET_CLUSTER_DOMAIN}
        respository:
          DEFAULT_BRANCH: main
          DEFAULT_PRIVATE: true
        admin:
          DISABLE_REGULAR_ORG_CREATION: true
        security:
          PASSWORD_COMPLEXITY: "lower,upper"
          MIN_PASSWORD_LENGTH: 12
        service:
          DISABLE_REGISTRATION: true
          REQUIRE_SIGNIN_VIEW: true
        cron:
          ENABLED: true
        attachment:
          STORAGE_TYPE: minio
          MINIO_ENDPOINT: truenas.${SECRET_DOMAIN}:51515
          MINIO_BUCKET: gitea
          MINIO_USE_SSL: true
        storage:
          STORAGE_TYPE: minio
          MINIO_ENDPOINT: truenas.${SECRET_DOMAIN}:51515
          MINIO_BUCKET: gitea
          MINIO_USE_SSL: true
        mailer:
          ENABLED: true
          MAILER_TYPE: smtp
          SMTP_ADDR: smtp-relay.default
          SMTP_PORT: 2525
          FROM: "Gitea <gitea@${SECRET_DOMAIN}>"
        webhook:
          ALLOWED_HOST_LIST: drone.default.svc
        cache:
          ADAPTER: redis
          HOST: redis://redis-master.default.svc.cluster.local:6379
        session:
          PROVIDER: redis
          PROVIDER_CONFIG: redis://redis-master.default.svc.cluster.local:6379
      #   openid:
      #     ENABLE_OPENID_SIGNIN: false
      #     ENABLE_OPENID_SIGNUP: true
      #     WHITELISTED_URIS: "auth.${SECRET_CLUSTER_DOMAIN}"
      # oauth:
      #   - name: authelia
      #     provider: openidConnect
      #     key: gitea
      #     secret: "${SECRET_GITEA_OAUTH_CLIENT_SECRET}"
      #     autoDiscoverUrl: "https://auth.${SECRET_CLUSTER_DOMAIN}/.well-known/openid-configuration"
      #     groupClaimName: groups
      #     adminGroup: admins
      #     restrictedGroup: people
      metrics:
        enabled: true
        serviceMonitor:
          enabled: true
    postgresql:
      enabled: false
    postgresql-ha:
      enabled: false
    memcached:
      enabled: false
    redis-cluster:
      enabled: false
    persistence:
      enabled: true
      existingClaim: "gitea-config"
    service:
      ssh:
        type: LoadBalancer
        port: 22
        loadBalancerIP: ${CLUSTER_LB_GITEA}
    ingress:
      enabled: true
      className: nginx
      annotations:
        hajimari.io/icon: mdi:code-json
      hosts:
        - host: "gitea.${SECRET_CLUSTER_DOMAIN}"
          paths:
            - path: /
              pathType: Prefix
      tls:
        - hosts:
            - "gitea.${SECRET_CLUSTER_DOMAIN}"
    resources:
      requests:
        cpu: 15m
        memory: 226M
      limits:
        cpu: 500m
        memory: 1Gi
  valuesFrom:
    - targetPath: gitea.admin.email
      kind: Secret
      name: gitea-secret
      valuesKey: GITEA_ADMIN_EMAIL
    - targetPath: gitea.admin.password
      kind: Secret
      name: gitea-secret
      valuesKey: GITEA_ADMIN_PASSWORD
    - targetPath: gitea.config.attachment.MINIO_ACCESS_KEY_ID
      kind: Secret
      name: gitea-secret
      valuesKey: GITEA_AWS_S3_ACCESS_KEY
    - targetPath: gitea.config.attachment.MINIO_SECRET_ACCESS_KEY
      kind: Secret
      name: gitea-secret
      valuesKey: GITEA_AWS_S3_SECRET_KEY
    - targetPath: gitea.config.database.PASSWD
      kind: Secret
      name: gitea-secret
      valuesKey: POSTGRES_PASSWORD
    - targetPath: gitea.config.database.USER
      kind: Secret
      name: gitea-secret
      valuesKey: POSTGRES_USERNAME
    - targetPath: gitea.config.storage.MINIO_ACCESS_KEY_ID
      kind: Secret
      name: gitea-secret
      valuesKey: GITEA_AWS_S3_ACCESS_KEY
    - targetPath: gitea.config.storage.MINIO_SECRET_ACCESS_KEY
      kind: Secret
      name: gitea-secret
      valuesKey: GITEA_AWS_S3_SECRET_KEY
  postRenderers:
    - kustomize:
        patches:
          - kind: Deployment
            apiVersion: apps/v1
            metadata:
              name: gitea
            spec:
              template:
                spec:
                  initContainers:
                    - name: 01-init-db
                      image: ghcr.io/auricom/postgres-init:15.4
                      imagePullPolicy: IfNotPresent
                      envFrom:
                        - secretRef:
                            name: gitea-secret