mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-17 18:24:14 +02:00
164 lines
4.3 KiB
YAML
164 lines
4.3 KiB
YAML
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: gitea
|
|
namespace: default
|
|
spec:
|
|
interval: 15m
|
|
chart:
|
|
spec:
|
|
chart: gitea
|
|
version: 6.0.3
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: gitea
|
|
namespace: flux-system
|
|
install:
|
|
createNamespace: true
|
|
remediation:
|
|
retries: 5
|
|
upgrade:
|
|
remediation:
|
|
retries: 5
|
|
dependsOn:
|
|
- name: postgres-cluster
|
|
namespace: default
|
|
values:
|
|
image:
|
|
repository: gitea/gitea
|
|
tag: 1.17.3
|
|
rootless: true
|
|
containerSecurityContext:
|
|
capabilities:
|
|
add: ["SYS_CHROOT"]
|
|
gitea:
|
|
admin:
|
|
username: auricom
|
|
config:
|
|
APP_NAME: "Gitea Homelab"
|
|
cron.resync_all_sshkeys:
|
|
ENABLED: true
|
|
RUN_AT_START: true
|
|
database:
|
|
DB_TYPE: postgres
|
|
HOST: postgres-rw.default.svc.cluster.local.:5432
|
|
NAME: gitea
|
|
SCHEMA: public
|
|
SSL_MODE: disable
|
|
server:
|
|
SSH_PORT: 22
|
|
SSH_LISTEN_PORT: 30322
|
|
SSH_DOMAIN: gitea.${SECRET_DOMAIN}
|
|
ROOT_URL: https://gitea.${SECRET_CLUSTER_DOMAIN}
|
|
respository:
|
|
DEFAULT_BRANCH: main
|
|
DEFAULT_PRIVATE: true
|
|
admin:
|
|
DISABLE_REGULAR_ORG_CREATION: true
|
|
security:
|
|
PASSWORD_COMPLEXITY: "lower,upper"
|
|
MIN_PASSWORD_LENGTH: 12
|
|
service:
|
|
DISABLE_REGISTRATION: true
|
|
REQUIRE_SIGNIN_VIEW: true
|
|
cron:
|
|
ENABLED: true
|
|
attachment:
|
|
STORAGE_TYPE: minio
|
|
MINIO_ENDPOINT: truenas.${SECRET_DOMAIN}:9000
|
|
MINIO_BUCKET: gitea
|
|
MINIO_USE_SSL: true
|
|
storage:
|
|
STORAGE_TYPE: minio
|
|
MINIO_ENDPOINT: truenas.${SECRET_DOMAIN}:9000
|
|
MINIO_BUCKET: gitea
|
|
MINIO_USE_SSL: true
|
|
mailer:
|
|
ENABLED: true
|
|
MAILER_TYPE: smtp
|
|
HOST: smtp-relay.default:2525
|
|
FROM: "Gitea <gitea@${SECRET_DOMAIN}>"
|
|
# openid:
|
|
# ENABLE_OPENID_SIGNIN: false
|
|
# ENABLE_OPENID_SIGNUP: true
|
|
# WHITELISTED_URIS: "auth.${SECRET_CLUSTER_DOMAIN}"
|
|
# oauth:
|
|
# - name: authelia
|
|
# provider: openidConnect
|
|
# key: gitea
|
|
# secret: "${SECRET_GITEA_OAUTH_CLIENT_SECRET}"
|
|
# autoDiscoverUrl: "https://auth.${SECRET_CLUSTER_DOMAIN}/.well-known/openid-configuration"
|
|
# groupClaimName: groups
|
|
# adminGroup: admins
|
|
# restrictedGroup: people
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
podAnnotations:
|
|
secret.reloader.stakater.com/reload: gitea-config
|
|
postgresql:
|
|
enabled: false
|
|
memcached:
|
|
enabled: false
|
|
persistence:
|
|
enabled: true
|
|
existingClaim: "gitea-config"
|
|
service:
|
|
ssh:
|
|
type: LoadBalancer
|
|
port: 22
|
|
loadBalancerIP: ${CLUSTER_LB_GITEA}
|
|
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
hosts:
|
|
- host: "gitea.${SECRET_CLUSTER_DOMAIN}"
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- hosts:
|
|
- "gitea.${SECRET_CLUSTER_DOMAIN}"
|
|
resources:
|
|
requests:
|
|
cpu: 15m
|
|
memory: 226M
|
|
limits:
|
|
cpu: 500m
|
|
memory: 1Gi
|
|
valuesFrom:
|
|
- targetPath: gitea.admin.email
|
|
kind: Secret
|
|
name: gitea-config
|
|
valuesKey: adminEmail
|
|
- targetPath: gitea.admin.password
|
|
kind: Secret
|
|
name: gitea-config
|
|
valuesKey: adminPassword
|
|
- targetPath: gitea.config.attachment.MINIO_ACCESS_KEY_ID
|
|
kind: Secret
|
|
name: gitea-config
|
|
valuesKey: minioAccessKeyId
|
|
- targetPath: gitea.config.attachment.MINIO_SECRET_ACCESS_KEY
|
|
kind: Secret
|
|
name: gitea-config
|
|
valuesKey: minioSecretAccessKey
|
|
- targetPath: gitea.config.database.PASSWD
|
|
kind: Secret
|
|
name: gitea-config
|
|
valuesKey: dbPassword
|
|
- targetPath: gitea.config.database.USER
|
|
kind: Secret
|
|
name: gitea-config
|
|
valuesKey: dbUser
|
|
- targetPath: gitea.config.storage.MINIO_ACCESS_KEY_ID
|
|
kind: Secret
|
|
name: gitea-config
|
|
valuesKey: minioAccessKeyId
|
|
- targetPath: gitea.config.storage.MINIO_SECRET_ACCESS_KEY
|
|
kind: Secret
|
|
name: gitea-config
|
|
valuesKey: minioSecretAccessKey
|