auricom-home-cluster/cluster/apps/development/gitea/helm-release.yaml

---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: gitea
  namespace: development
spec:
  interval: 5m
  chart:
    spec:
      # renovate: registryUrl=https://dl.gitea.io/charts
      chart: gitea
      version: 4.0.1
      sourceRef:
        kind: HelmRepository
        name: gitea-charts
        namespace: flux-system
      interval: 5m
  values:
    image:
      repository: gitea/gitea
      tag: 1.14.6
    persistence:
      enabled: true
      size: 10Gi
      existingClaim: "gitea-config"
    ingress:
      enabled: true
      annotations:
        kubernetes.io/ingress.class: "traefik"
        traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
      hosts:
        - host: "gitea.${SECRET_CLUSTER_DOMAIN}"
          paths:
            - path: /
              pathType: Prefix
    service:
      annotations:
        prometheus.io/probe: "true"
        prometheus.io/protocol: "tcp"
      http:
        port: 3000
      ssh:
        type: LoadBalancer
        port: 22
        externalTrafficPolicy: Local
        externalIPs:
          - ${CLUSTER_LB_GITEA}
    gitea:
      admin:
        email: ${SECRET_GITEA_ADMIN_EMAIL}
        username: auricom
        password: ${SECRET_GITEA_ADMIN_PASSWORD}
      config:
        APP_NAME: "Homelab Gitea"
        cron.resync_all_sshkeys:
          ENABLED: true
          RUN_AT_START: true
        database:
          DB_TYPE: postgres
          HOST: postgresql-kube.data.svc.cluster.local.:5432
          NAME: gitea
          USER: gitea
          PASSWD: ${SECRET_GITEA_DB_PASSWORD}
          SCHEMA: gitea
        server:
          SSH_PORT: 22
          SSH_LISTEN_PORT: 22
          SSH_DOMAIN: gitea.${SECRET_CLUSTER_DOMAIN_ROOT}
          ROOT_URL: https://gitea.${SECRET_CLUSTER_DOMAIN}
        respository:
          DEFAULT_PRIVATE: true
        admin:
          DISABLE_REGULAR_ORG_CREATION: true
        security:
          PASSWORD_COMPLEXITY: "lower,upper"
          MIN_PASSWORD_LENGTH: 12
        service:
          DISABLE_REGISTRATION: true
          REQUIRE_SIGNIN_VIEW: true
      database:
        builtIn:
          postgresql:
            enabled: false
        postgresql:
      cache:
        builtIn:
          enabled: true
    memcached:
      image:
        repository: bitnami/memcached
        tag: 1.6.10
      service:
        port: 11211