gitea: global: imageRegistry: registry.hub.docker.com replicaCount: 3 image: repository: gitea/gitea tag: 1.25.2 service: http: type: ClusterIP port: 3000 clusterIP: 10.103.160.139 ssh: type: ClusterIP port: 22 clusterIP: 10.103.160.140 ingress: enabled: false persistence: storageClass: ceph-filesystem size: 40Gi accessModes: - ReadWriteMany extraVolumes: - name: gitea-themes-storage persistentVolumeClaim: claimName: gitea-themes-storage extraInitVolumeMounts: - name: gitea-themes-storage readOnly: false mountPath: /data/gitea/public/assets/css extraContainerVolumeMounts: - name: gitea-themes-storage readOnly: true mountPath: /data/gitea/public/assets/css initPreScript: | wget https://github.com/catppuccin/gitea/releases/latest/download/catppuccin-gitea.tar.gz; tar -xvzf catppuccin-gitea.tar.gz -C /data/gitea/public/assets/css; rm catppuccin-gitea.tar.gz; gitea: metrics: enabled: true serviceMonitor: enabled: false oauth: - name: Authentik provider: openidConnect existingSecret: gitea-oidc-secret autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration iconUrl: https://goauthentik.io/img/icon.png scopes: "email profile" config: APP_NAME: Gitea server: PROTOCOL: http DOMAIN: gitea.alexlebens.dev ROOT_URL: https://gitea.alexlebens.dev LOCAL_ROOT_URL: http://gitea-http.gitea.svc.cluster.local:3000 START_SSH_SERVER: true SSH_DOMAIN: gitea.alexlebens.net SSH_PORT: 22 SSH_LISTEN_PORT: 22 ENABLE_PPROF: true LANDING_PAGE: explore database: DB_TYPE: postgres SCHEMA: public oauth2_client: ENABLE_AUTO_REGISTRATION: true cache: ENABLED: true ADAPTER: redis HOST: redis://redis-replication-gitea-master.gitea:6379 queue: TYPE: redis CONN_STR: redis://redis-replication-gitea-master.gitea:6379 session: PROVIDER: redis PROVIDER_CONFIG: redis://redis-replication-gitea-master.gitea:6379 indexer: ISSUE_INDEXER_ENABLED: true ISSUE_INDEXER_TYPE: meilisearch REPO_INDEXER_ENABLED: false actions: ENABLED: true service: REGISTER_MANUAL_CONFIRM: true SHOW_REGISTRATION_BUTTON: false ALLOW_ONLY_EXTERNAL_REGISTRATION: true explore: REQUIRE_SIGNIN_VIEW: true webhook: ALLOWED_HOST_LIST: private ui: DEFAULT_THEME: gitea-auto THEMES: gitea-light,gitea-dark,gitea-auto,catppuccin-rosewater-auto,catppuccin-flamingo-auto,catppuccin-pink-auto,catppuccin-mauve-auto,catppuccin-red-auto,catppuccin-maroon-auto,catppuccin-peach-auto,catppuccin-yellow-auto,catppuccin-green-auto,catppuccin-teal-auto,catppuccin-sky-auto,catppuccin-sapphire-auto,catppuccin-blue-auto,catppuccin-lavender-auto,catppuccin-latte-rosewater,catppuccin-latte-flamingo,catppuccin-latte-pink,catppuccin-latte-mauve,catppuccin-latte-red,catppuccin-latte-maroon,catppuccin-latte-peach,catppuccin-latte-yellow,catppuccin-latte-green,catppuccin-latte-teal,catppuccin-latte-sky,catppuccin-latte-sapphire,catppuccin-latte-blue,catppuccin-latte-lavender,catppuccin-frappe-rosewater,catppuccin-frappe-flamingo,catppuccin-frappe-pink,catppuccin-frappe-mauve,catppuccin-frappe-red,catppuccin-frappe-maroon,catppuccin-frappe-peach,catppuccin-frappe-yellow,catppuccin-frappe-green,catppuccin-frappe-teal,catppuccin-frappe-sky,catppuccin-frappe-sapphire,catppuccin-frappe-blue,catppuccin-frappe-lavender,catppuccin-macchiato-rosewater,catppuccin-macchiato-flamingo,catppuccin-macchiato-pink,catppuccin-macchiato-mauve,catppuccin-macchiato-red,catppuccin-macchiato-maroon,catppuccin-macchiato-peach,catppuccin-macchiato-yellow,catppuccin-macchiato-green,catppuccin-macchiato-teal,catppuccin-macchiato-sky,catppuccin-macchiato-sapphire,catppuccin-macchiato-blue,catppuccin-macchiato-lavender,catppuccin-mocha-rosewater,catppuccin-mocha-flamingo,catppuccin-mocha-pink,catppuccin-mocha-mauve,catppuccin-mocha-red,catppuccin-mocha-maroon,catppuccin-mocha-peach,catppuccin-mocha-yellow,catppuccin-mocha-green,catppuccin-mocha-teal,catppuccin-mocha-sky,catppuccin-mocha-sapphire,catppuccin-mocha-blue,catppuccin-mocha-lavender mirror: DEFAULT_INTERVAL: 10m repo-archive: ENABLED: false additionalConfigFromEnvs: - name: GITEA__DATABASE__HOST valueFrom: secretKeyRef: name: gitea-postgresql-18-cluster-app key: host - name: GITEA__DATABASE__NAME valueFrom: secretKeyRef: name: gitea-postgresql-18-cluster-app key: dbname - name: GITEA__DATABASE__USER valueFrom: secretKeyRef: name: gitea-postgresql-18-cluster-app key: user - name: GITEA__DATABASE__PASSWD valueFrom: secretKeyRef: name: gitea-postgresql-18-cluster-app key: password - name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR valueFrom: secretKeyRef: name: gitea-meilisearch-master-key-secret key: ISSUE_INDEXER_CONN_STR valkey-cluster: enabled: false valkey: enabled: false postgresql-ha: enabled: false postgresql: enabled: false gitea-actions: enabled: true global: fullnameOverride: gitea-actions statefulset: replicas: 6 actRunner: repository: gitea/act_runner tag: 0.2.13 config: | log: level: debug cache: enabled: false runner: labels: - "ubuntu-latest:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04" - "ubuntu-js:docker://harbor.alexlebens.net/proxy-ghcr.io/catthehacker/ubuntu:js-24.04" - "ubuntu-24.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04" - "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04" dind: repository: docker tag: 25.0.2-dind persistence: storageClass: ceph-block size: 5Gi init: image: repository: busybox tag: "1.37.0" existingSecret: gitea-runner-secret existingSecretKey: token giteaRootURL: http://gitea-http.gitea:3000 meilisearch: environment: MEILI_NO_ANALYTICS: true MEILI_ENV: production MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true auth: existingMasterKeySecret: gitea-meilisearch-master-key-secret service: type: ClusterIP port: 7700 persistence: enabled: true storageClass: ceph-block size: 5Gi resources: requests: cpu: 10m memory: 128Mi serviceMonitor: enabled: true cloudflared: existingSecretName: gitea-cloudflared-secret postgres-18-cluster: mode: recovery cluster: storage: storageClass: local-path walStorage: storageClass: local-path resources: requests: memory: 1Gi cpu: 200m recovery: method: objectStore objectStore: destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-18-cluster endpointURL: http://garage-main.garage:3900 index: 1 endpointCredentials: gitea-postgresql-18-cluster-backup-secret-garage backup: objectStore: - name: garage-local destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-18-cluster index: 1 endpointURL: http://garage-main.garage:3900 endpointCredentials: gitea-postgresql-18-cluster-backup-secret-garage endpointCredentialsIncludeRegion: true retentionPolicy: "3d" isWALArchiver: true # - name: external # destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-18-cluster # index: 1 # retentionPolicy: "30d" # isWALArchiver: false # - name: garage-remote # destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-18-cluster # index: 1 # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 # endpointCredentials: gitea-postgresql-18-cluster-backup-secret-garage # retentionPolicy: "30d" # data: # compression: bzip2 # jobs: 2 scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 0 0 * * *" backupName: garage-local # - name: daily-backup # suspend: false # immediate: true # schedule: "0 0 0 * * *" # backupName: external # - name: weekly-backup # suspend: true # immediate: true # schedule: "0 0 4 * * SAT" # backupName: garage-remote redis-replication-gitea: replicationNameOverride: redis-replication-gitea sentinelNameOverride: redis-sentinel-gitea existingSecret: enabled: false redisReplication: clusterSize: 3 resources: requests: cpu: 20m memory: 400Mi volumeClaimTemplate: spec: resources: requests: storage: 10Gi redisSentinel: enabled: true clusterSize: 3 redis-replication-renovate: replicationNameOverride: redis-replication-renovate existingSecret: enabled: false redisReplication: clusterSize: 1 redisSentinel: enabled: false volsync-target-storage: pvcTarget: gitea-shared-storage moverSecurityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch local: enabled: true schedule: 0 0 0 * * * restic: pruneIntervalDays: 3 retain: hourly: 1 daily: 1 weekly: 3 monthly: 0 yearly: 0 copyMethod: Snapshot storageClassName: ceph-filesystem volumeSnapshotClassName: ceph-filesystem-snapshot cacheCapacity: 10Gi external: enabled: false remote: enabled: false