--- apiVersion: v1 kind: Namespace metadata: name: gitea --- apiVersion: onepassword.com/v1 kind: OnePasswordItem metadata: name: gitea-admin-password namespace: gitea spec: itemPath: "vaults/cluster/items/gitea-admin-password" --- apiVersion: onepassword.com/v1 kind: OnePasswordItem metadata: name: gitea-actions-token namespace: gitea spec: itemPath: "vaults/cluster/items/gitea-actions-token" --- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: gitea-repo namespace: flux-system spec: interval: 15m0s url: https://dl.gitea.com/charts/ --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: gitea namespace: gitea spec: chart: spec: chart: gitea reconcileStrategy: ChartVersion sourceRef: kind: HelmRepository name: gitea-repo namespace: flux-system version: v12.3.x interval: 1m0s releaseName: gitea values: strategy: type: Recreate service: http: type: LoadBalancer externalTrafficPolicy: Local port: 80 annotations: metallb.universe.tf/allow-shared-ip: gitea ssh: enabled: true type: LoadBalancer externalTrafficPolicy: Local port: 2222 annotations: metallb.universe.tf/allow-shared-ip: gitea ingress: enabled: true hosts: - host: git.yadunut.dev paths: - path: / pathType: ImplementationSpecific tls: - secretName: wildcard-cert-i.yadunut.dev-prod hosts: - git.yadunut.dev valkey-cluster: enabled: false valkey: enabled: true image: repository: bitnamilegacy/valkey global: security: allowInsecureImages: true # auth: # existingSecret: gitea-valkey # existingSecretPasswordKey: password postgresql: enabled: true image: repository: bitnamilegacy/postgresql tag: 16.3.0-debian-12-r23 global: security: allowInsecureImages: true postgresql-ha: enabled: false persistence: enabled: true accessModes: - ReadWriteMany gitea: admin: existingSecret: gitea-admin-password config: server: SSH_PORT: 2222 LANDING_PAGE: /yadunut LFS_START_SERVER: true database: DB_TYPE: postgres indexer: ISSUE_INDEXER_TYPE: bleve REPO_INDEXER_ENABLED: true openid: ENABLE_OPENID_SIGNUP: true service: DISABLE_REGISTRATION: false SHOW_REGISTRATION_BUTTON: false ALLOW_ONLY_EXTERNAL_REGISTRATION: true repository: ENABLE_PUSH_CREATE_USER: true packages: ENABLED: false --- apiVersion: traefik.io/v1alpha1 kind: IngressRouteTCP metadata: name: gitea-ssh-ingress-route-tcp namespace: gitea spec: entryPoints: - git-ssh routes: - match: HostSNI(`*`) services: - name: gitea-ssh port: 2222 --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: gitea-actions namespace: gitea spec: chart: spec: chart: actions sourceRef: kind: HelmRepository name: gitea-repo namespace: flux-system version: v0.0.x interval: 1m values: enabled: true giteaRootURL: https://git.yadunut.dev # Provide the runner registration token from 1Password-backed Secret existingSecret: gitea-actions-token existingSecretKey: token statefulset: replicas: 1 # Your custom runner config replicated here (labels, dind, volumes) actRunner: config: | log: level: debug cache: enabled: true runner: labels: - "ubuntu-latest:docker://catthehacker/ubuntu:act-latest" - "ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04" - "ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04" container: options: | --add-host=docker:host-gateway -v /certs:/certs -e "DOCKER_HOST=tcp://docker:2376/" -e "DOCKER_TLS_CERTDIR=/certs" -e "DOCKER_TLS_VERIFY=1" -e "DOCKER_CERT_PATH=/certs/server" valid_volumes: - /certs - '**' dind: extraVolumeMounts: - name: certs mountPath: /certs extraVolumes: - name: certs emptyDir: {}