yadunut/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity
Files
7f7c72299a696f84c4fa79f6b8f69dcfa5bc8dd2
homelab/apps/base/gitea.yaml

190 lines
4.5 KiB
YAML
Raw Blame History

---
apiVersion: v1
kind: Namespace
metadata:
name: gitea
---
apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
name: gitea-admin-password
namespace: gitea
spec:
itemPath: "vaults/cluster/items/gitea-admin-password"
---
apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
name: gitea-actions-token
namespace: gitea
spec:
itemPath: "vaults/cluster/items/gitea-actions-token"
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: gitea-repo
namespace: flux-system
spec:
interval: 15m0s
url: https://dl.gitea.com/charts/
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: gitea
namespace: gitea
spec:
chart:
spec:
chart: gitea
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: gitea-repo
namespace: flux-system
version: v12.4.x
interval: 1m0s
releaseName: gitea
values:
strategy:
type: Recreate
service:
http:
type: LoadBalancer
externalTrafficPolicy: Local
port: 80
annotations:
metallb.universe.tf/allow-shared-ip: gitea
ssh:
enabled: true
type: LoadBalancer
externalTrafficPolicy: Local
port: 2222
annotations:
metallb.universe.tf/allow-shared-ip: gitea
ingress:
enabled: true
hosts:
- host: git.yadunut.dev
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: wildcard-cert-i.yadunut.dev-prod
hosts:
- git.yadunut.dev
valkey-cluster:
enabled: false
valkey:
enabled: true
# image:
# repository: bitnamilegacy/valkey
global:
security:
allowInsecureImages: true
# auth:
# existingSecret: gitea-valkey
# existingSecretPasswordKey: password
postgresql:
enabled: true
image:
# repository: bitnamilegacy/postgresql
tag: 16.3.0-debian-12-r23
global:
security:
allowInsecureImages: true
postgresql-ha:
enabled: false
persistence:
enabled: true
accessModes:
- ReadWriteMany
gitea:
admin:
existingSecret: gitea-admin-password
config:
server:
SSH_PORT: 2222
LANDING_PAGE: /yadunut
LFS_START_SERVER: true
database:
DB_TYPE: postgres
indexer:
ISSUE_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: true
openid:
ENABLE_OPENID_SIGNUP: true
service:
DISABLE_REGISTRATION: false
SHOW_REGISTRATION_BUTTON: false
ALLOW_ONLY_EXTERNAL_REGISTRATION: true
repository:
ENABLE_PUSH_CREATE_USER: true
packages:
ENABLED: false
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: gitea-ssh-ingress-route-tcp
namespace: gitea
spec:
entryPoints:
- git-ssh
routes:
- match: HostSNI(`*`)
services:
- name: gitea-ssh
port: 2222
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: gitea-actions
namespace: gitea
spec:
chart:
spec:
chart: actions
sourceRef:
kind: HelmRepository
name: gitea-repo
namespace: flux-system
version: v0.0.x
interval: 1m
values:
enabled: true
giteaRootURL: https://git.yadunut.dev
# Provide the runner registration token from 1Password-backed Secret
existingSecret: gitea-actions-token
existingSecretKey: token
statefulset:
replicas: 1
# Your custom runner config replicated here (labels, dind, volumes)
actRunner:
config: |
log:
level: debug
cache:
enabled: true
runner:
labels:
- "ubuntu-latest:docker://harbor.yadunut.dev/gitea_cache/runner-images:ubuntu-latest"
- "ubuntu-22.04:docker://harbor.yadunut.dev/gitea_cache/runner-images:ubuntu-22.04"
- "ubuntu-20.04:docker://harbor.yadunut.dev/gitea_cache/runner-images:ubuntu-20.04"
container:
network: host
valid_volumes:
- '**'
options: |
-v /certs:/certs
--add-host=docker:host-gateway
-e DOCKER_HOST=tcp://docker:2376
-e DOCKER_TLS_VERIFY=1
-e DOCKER_CERT_PATH=/certs/client
-e DOCKER_TLS_CERTDIR=/certs
Reference in New Issue View Git Blame Copy Permalink