mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-17 18:24:14 +02:00
cb21cd952c
| datasource | package | from | to | | ---------- | ------------------------------- | ---- | ---- | | docker | ghcr.io/onedr0p/postgres-initdb | 14.7 | 14.8 |
204 lines
5.8 KiB
YAML
204 lines
5.8 KiB
YAML
---
|
|
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
|
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: gitea
|
|
namespace: default
|
|
spec:
|
|
interval: 15m
|
|
chart:
|
|
spec:
|
|
chart: gitea
|
|
version: 8.1.0
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: gitea
|
|
namespace: flux-system
|
|
maxHistory: 3
|
|
install:
|
|
createNamespace: true
|
|
remediation:
|
|
retries: 3
|
|
upgrade:
|
|
cleanupOnFail: true
|
|
remediation:
|
|
retries: 3
|
|
uninstall:
|
|
keepHistory: false
|
|
values:
|
|
image:
|
|
repository: gitea/gitea
|
|
tag: 1.18.0
|
|
rootless: true
|
|
containerSecurityContext:
|
|
capabilities:
|
|
add: ["SYS_CHROOT"]
|
|
gitea:
|
|
admin:
|
|
username: auricom
|
|
config:
|
|
APP_NAME: "Gitea Homelab"
|
|
cron.resync_all_sshkeys:
|
|
ENABLED: true
|
|
RUN_AT_START: true
|
|
database:
|
|
DB_TYPE: postgres
|
|
HOST: ${POSTGRES_HOST}:${POSTGRES_PORT}
|
|
NAME: gitea
|
|
SCHEMA: public
|
|
SSL_MODE: disable
|
|
server:
|
|
SSH_PORT: 22
|
|
SSH_LISTEN_PORT: 30322
|
|
SSH_DOMAIN: gitea.${SECRET_DOMAIN}
|
|
ROOT_URL: https://gitea.${SECRET_CLUSTER_DOMAIN}
|
|
respository:
|
|
DEFAULT_BRANCH: main
|
|
DEFAULT_PRIVATE: true
|
|
admin:
|
|
DISABLE_REGULAR_ORG_CREATION: true
|
|
security:
|
|
PASSWORD_COMPLEXITY: "lower,upper"
|
|
MIN_PASSWORD_LENGTH: 12
|
|
service:
|
|
DISABLE_REGISTRATION: true
|
|
REQUIRE_SIGNIN_VIEW: true
|
|
cron:
|
|
ENABLED: true
|
|
attachment:
|
|
STORAGE_TYPE: minio
|
|
MINIO_ENDPOINT: truenas.${SECRET_DOMAIN}:51515
|
|
MINIO_BUCKET: gitea
|
|
MINIO_USE_SSL: true
|
|
storage:
|
|
STORAGE_TYPE: minio
|
|
MINIO_ENDPOINT: truenas.${SECRET_DOMAIN}:51515
|
|
MINIO_BUCKET: gitea
|
|
MINIO_USE_SSL: true
|
|
mailer:
|
|
ENABLED: true
|
|
MAILER_TYPE: smtp
|
|
SMTP_ADDR: smtp-relay.default
|
|
SMTP_PORT: 2525
|
|
FROM: "Gitea <gitea@${SECRET_DOMAIN}>"
|
|
webhook:
|
|
ALLOWED_HOST_LIST: drone.default.svc
|
|
# openid:
|
|
# ENABLE_OPENID_SIGNIN: false
|
|
# ENABLE_OPENID_SIGNUP: true
|
|
# WHITELISTED_URIS: "auth.${SECRET_CLUSTER_DOMAIN}"
|
|
# oauth:
|
|
# - name: authelia
|
|
# provider: openidConnect
|
|
# key: gitea
|
|
# secret: "${SECRET_GITEA_OAUTH_CLIENT_SECRET}"
|
|
# autoDiscoverUrl: "https://auth.${SECRET_CLUSTER_DOMAIN}/.well-known/openid-configuration"
|
|
# groupClaimName: groups
|
|
# adminGroup: admins
|
|
# restrictedGroup: people
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
podAnnotations:
|
|
secret.reloader.stakater.com/reload: gitea-config
|
|
postgresql:
|
|
enabled: false
|
|
memcached:
|
|
enabled: false
|
|
persistence:
|
|
enabled: true
|
|
existingClaim: "gitea-config"
|
|
service:
|
|
ssh:
|
|
type: LoadBalancer
|
|
port: 22
|
|
loadBalancerIP: ${CLUSTER_LB_GITEA}
|
|
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
hajimari.io/icon: mdi:code-json
|
|
hosts:
|
|
- host: "gitea.${SECRET_CLUSTER_DOMAIN}"
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- hosts:
|
|
- "gitea.${SECRET_CLUSTER_DOMAIN}"
|
|
resources:
|
|
requests:
|
|
cpu: 15m
|
|
memory: 226M
|
|
limits:
|
|
cpu: 500m
|
|
memory: 1Gi
|
|
valuesFrom:
|
|
- targetPath: gitea.admin.email
|
|
kind: Secret
|
|
name: gitea-config
|
|
valuesKey: adminEmail
|
|
- targetPath: gitea.admin.password
|
|
kind: Secret
|
|
name: gitea-config
|
|
valuesKey: adminPassword
|
|
- targetPath: gitea.config.attachment.MINIO_ACCESS_KEY_ID
|
|
kind: Secret
|
|
name: gitea-config
|
|
valuesKey: minioAccessKeyId
|
|
- targetPath: gitea.config.attachment.MINIO_SECRET_ACCESS_KEY
|
|
kind: Secret
|
|
name: gitea-config
|
|
valuesKey: minioSecretAccessKey
|
|
- targetPath: gitea.config.database.PASSWD
|
|
kind: Secret
|
|
name: gitea-config
|
|
valuesKey: dbPassword
|
|
- targetPath: gitea.config.database.USER
|
|
kind: Secret
|
|
name: gitea-config
|
|
valuesKey: dbUser
|
|
- targetPath: gitea.config.storage.MINIO_ACCESS_KEY_ID
|
|
kind: Secret
|
|
name: gitea-config
|
|
valuesKey: minioAccessKeyId
|
|
- targetPath: gitea.config.storage.MINIO_SECRET_ACCESS_KEY
|
|
kind: Secret
|
|
name: gitea-config
|
|
valuesKey: minioSecretAccessKey
|
|
postRenderers:
|
|
- kustomize:
|
|
patchesStrategicMerge:
|
|
- kind: StatefulSet
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: gitea
|
|
spec:
|
|
template:
|
|
spec:
|
|
initContainers:
|
|
- name: init-db
|
|
image: ghcr.io/onedr0p/postgres-initdb:14.8
|
|
env:
|
|
- name: POSTGRES_HOST
|
|
value: ${POSTGRES_HOST}
|
|
- name: POSTGRES_DB
|
|
value: gitea
|
|
- name: POSTGRES_SUPER_PASS
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postgres-superuser
|
|
key: password
|
|
- name: POSTGRES_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-config
|
|
key: dbUser
|
|
- name: POSTGRES_PASS
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-config
|
|
key: dbPassword
|