142 lines
3.3 KiB
YAML
142 lines
3.3 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: gitea
|
|
---
|
|
apiVersion: onepassword.com/v1
|
|
kind: OnePasswordItem
|
|
metadata:
|
|
name: gitea-admin-password
|
|
namespace: gitea
|
|
spec:
|
|
itemPath: "vaults/cluster/items/gitea-admin-password"
|
|
---
|
|
apiVersion: source.toolkit.fluxcd.io/v1
|
|
kind: HelmRepository
|
|
metadata:
|
|
name: gitea-repo
|
|
namespace: flux-system
|
|
spec:
|
|
interval: 15m0s
|
|
url: https://dl.gitea.com/charts/
|
|
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: gitea
|
|
namespace: gitea
|
|
spec:
|
|
chart:
|
|
spec:
|
|
chart: gitea
|
|
reconcileStrategy: ChartVersion
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: gitea-repo
|
|
namespace: flux-system
|
|
version: v10.6.x
|
|
interval: 1m0s
|
|
releaseName: gitea
|
|
values:
|
|
strategy:
|
|
type: Recreate
|
|
service:
|
|
http:
|
|
type: LoadBalancer
|
|
externalTrafficPolicy: Local
|
|
port: 80
|
|
annotations:
|
|
metallb.universe.tf/allow-shared-ip: gitea
|
|
ssh:
|
|
enabled: true
|
|
type: LoadBalancer
|
|
externalTrafficPolicy: Local
|
|
port: 2222
|
|
annotations:
|
|
metallb.universe.tf/allow-shared-ip: gitea
|
|
ingress:
|
|
enabled: true
|
|
hosts:
|
|
- host: git.yadunut.dev
|
|
paths:
|
|
- path: /
|
|
pathType: ImplementationSpecific
|
|
tls:
|
|
- secretName: wildcard-cert-i.yadunut.dev-prod
|
|
hosts:
|
|
- git.yadunut.dev
|
|
actions:
|
|
enabled: true
|
|
provisioning:
|
|
enabled: true
|
|
statefulset:
|
|
actRunner:
|
|
config: |
|
|
log:
|
|
level: debug
|
|
cache:
|
|
enabled: true
|
|
runner:
|
|
labels:
|
|
- "ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
|
|
- "ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04"
|
|
- "ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04"
|
|
container:
|
|
options: |
|
|
--add-host=docker:host-gateway -v /certs:/certs -e "DOCKER_HOST=tcp://docker:2376/" -e "DOCKER_TLS_CERTDIR=/certs" -e "DOCKER_TLS_VERIFY=1" -e "DOCKER_CERT_PATH=/certs/server"
|
|
valid_volumes:
|
|
- /certs
|
|
- '**'
|
|
|
|
|
|
redis-cluster:
|
|
enabled: false
|
|
redis:
|
|
enabled: true
|
|
postgresql:
|
|
enabled: true
|
|
postgresql-ha:
|
|
enabled: false
|
|
|
|
persistence:
|
|
enabled: true
|
|
accessModes:
|
|
- ReadWriteMany
|
|
gitea:
|
|
admin:
|
|
existingSecret: gitea-admin-password
|
|
config:
|
|
server:
|
|
SSH_PORT: 2222
|
|
LANDING_PAGE: /yadunut
|
|
database:
|
|
DB_TYPE: postgres
|
|
indexer:
|
|
ISSUE_INDEXER_TYPE: bleve
|
|
REPO_INDEXER_ENABLED: true
|
|
openid:
|
|
ENABLE_OPENID_SIGNUP: true
|
|
service:
|
|
DISABLE_REGISTRATION: false
|
|
SHOW_REGISTRATION_BUTTON: false
|
|
ALLOW_ONLY_EXTERNAL_REGISTRATION: true
|
|
repository:
|
|
ENABLE_PUSH_CREATE_USER: true
|
|
packages:
|
|
ENABLED: false
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRouteTCP
|
|
metadata:
|
|
name: gitea-ssh-ingress-route-tcp
|
|
namespace: gitea
|
|
spec:
|
|
entryPoints:
|
|
- git-ssh
|
|
routes:
|
|
- match: HostSNI(`*`)
|
|
services:
|
|
- name: gitea-ssh
|
|
port: 2222
|