212 lines
5.3 KiB
YAML
212 lines
5.3 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: gitea
|
|
---
|
|
apiVersion: onepassword.com/v1
|
|
kind: OnePasswordItem
|
|
metadata:
|
|
name: gitea-admin-password
|
|
namespace: gitea
|
|
spec:
|
|
itemPath: "vaults/cluster/items/gitea-admin-password"
|
|
---
|
|
apiVersion: onepassword.com/v1
|
|
kind: OnePasswordItem
|
|
metadata:
|
|
name: gitea-valkey
|
|
namespace: gitea
|
|
spec:
|
|
itemPath: "vaults/cluster/items/gitea-valkey"
|
|
# ---
|
|
# apiVersion: onepassword.com/v1
|
|
# kind: OnePasswordItem
|
|
# metadata:
|
|
# name: gitea-actions-token
|
|
# namespace: gitea
|
|
# spec:
|
|
# itemPath: "vaults/cluster/items/gitea-actions-token"
|
|
---
|
|
apiVersion: source.toolkit.fluxcd.io/v1
|
|
kind: HelmRepository
|
|
metadata:
|
|
name: gitea-repo
|
|
namespace: flux-system
|
|
spec:
|
|
interval: 15m0s
|
|
url: https://dl.gitea.com/charts/
|
|
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: gitea
|
|
namespace: gitea
|
|
spec:
|
|
chart:
|
|
spec:
|
|
chart: gitea
|
|
reconcileStrategy: ChartVersion
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: gitea-repo
|
|
namespace: flux-system
|
|
version: v12.3.x
|
|
interval: 1m0s
|
|
releaseName: gitea
|
|
values:
|
|
strategy:
|
|
type: Recreate
|
|
service:
|
|
http:
|
|
type: LoadBalancer
|
|
externalTrafficPolicy: Local
|
|
port: 80
|
|
annotations:
|
|
metallb.universe.tf/allow-shared-ip: gitea
|
|
ssh:
|
|
enabled: true
|
|
type: LoadBalancer
|
|
externalTrafficPolicy: Local
|
|
port: 2222
|
|
annotations:
|
|
metallb.universe.tf/allow-shared-ip: gitea
|
|
ingress:
|
|
enabled: true
|
|
hosts:
|
|
- host: git.yadunut.dev
|
|
paths:
|
|
- path: /
|
|
pathType: ImplementationSpecific
|
|
tls:
|
|
- secretName: wildcard-cert-i.yadunut.dev-prod
|
|
hosts:
|
|
- git.yadunut.dev
|
|
# actions:
|
|
# enabled:
|
|
# provisioning:
|
|
# enabled: true
|
|
# statefulset:
|
|
# actRunner:
|
|
# config: |
|
|
# log:
|
|
# level: debug
|
|
# cache:
|
|
# enabled: true
|
|
# runner:
|
|
# labels:
|
|
# - "ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
|
|
# - "ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04"
|
|
# - "ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04"
|
|
# container:
|
|
# options: |
|
|
# --add-host=docker:host-gateway -v /certs:/certs -e "DOCKER_HOST=tcp://docker:2376/" -e "DOCKER_TLS_CERTDIR=/certs" -e "DOCKER_TLS_VERIFY=1" -e "DOCKER_CERT_PATH=/certs/server"
|
|
# valid_volumes:
|
|
# - /certs
|
|
# - '**'
|
|
valkey-cluster:
|
|
enabled: false
|
|
valkey:
|
|
enabled: true
|
|
auth:
|
|
existingSecret: gitea-valkey
|
|
existingSecretPasswordKey: password
|
|
postgresql:
|
|
enabled: true
|
|
postgresql-ha:
|
|
enabled: false
|
|
|
|
persistence:
|
|
enabled: true
|
|
accessModes:
|
|
- ReadWriteMany
|
|
gitea:
|
|
admin:
|
|
existingSecret: gitea-admin-password
|
|
config:
|
|
server:
|
|
SSH_PORT: 2222
|
|
LANDING_PAGE: /yadunut
|
|
LFS_START_SERVER: true
|
|
database:
|
|
DB_TYPE: postgres
|
|
indexer:
|
|
ISSUE_INDEXER_TYPE: bleve
|
|
REPO_INDEXER_ENABLED: true
|
|
openid:
|
|
ENABLE_OPENID_SIGNUP: true
|
|
service:
|
|
DISABLE_REGISTRATION: false
|
|
SHOW_REGISTRATION_BUTTON: false
|
|
ALLOW_ONLY_EXTERNAL_REGISTRATION: true
|
|
repository:
|
|
ENABLE_PUSH_CREATE_USER: true
|
|
packages:
|
|
ENABLED: false
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRouteTCP
|
|
metadata:
|
|
name: gitea-ssh-ingress-route-tcp
|
|
namespace: gitea
|
|
spec:
|
|
entryPoints:
|
|
- git-ssh
|
|
routes:
|
|
- match: HostSNI(`*`)
|
|
services:
|
|
- name: gitea-ssh
|
|
port: 2222
|
|
# ---
|
|
# apiVersion: helm.toolkit.fluxcd.io/v2
|
|
# kind: HelmRelease
|
|
# metadata:
|
|
# name: gitea-actions
|
|
# namespace: gitea
|
|
# spec:
|
|
# chart:
|
|
# spec:
|
|
# chart: actions
|
|
# sourceRef:
|
|
# kind: HelmRepository
|
|
# name: gitea-repo
|
|
# namespace: flux-system
|
|
# version: v0.0.x
|
|
# interval: 1m
|
|
# values:
|
|
# enabled: true
|
|
# giteaRootURL: https://git.yadunut.dev
|
|
#
|
|
# # Provide the runner registration token from 1Password-backed Secret
|
|
# existingSecret: gitea-actions-token
|
|
# existingSecretKey: token
|
|
#
|
|
# statefulset:
|
|
# replicas: 1
|
|
# # Your custom runner config replicated here (labels, dind, volumes)
|
|
# actRunner:
|
|
# config: |
|
|
# log:
|
|
# level: debug
|
|
# cache:
|
|
# enabled: true
|
|
# runner:
|
|
# labels:
|
|
# - "ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
|
|
# - "ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04"
|
|
# - "ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04"
|
|
# container:
|
|
# options: |
|
|
# --add-host=docker:host-gateway -v /certs:/certs -e "DOCKER_HOST=tcp://docker:2376/" -e "DOCKER_TLS_CERTDIR=/certs" -e "DOCKER_TLS_VERIFY=1" -e "DOCKER_CERT_PATH=/certs/server"
|
|
# valid_volumes:
|
|
# - /certs
|
|
# - '**'
|
|
# dind:
|
|
# extraVolumeMounts:
|
|
# - name: certs
|
|
# mountPath: /certs
|
|
# extraVolumes:
|
|
# - name: certs
|
|
# emptyDir: {}
|
|
|