gitea:
  image:
    repository: gitea/gitea
    tag: 1.22.0
  ingress:
    enabled: false
    className: traefik
    annotations:
      traefik.ingress.kubernetes.io/router.entrypoints: websecure
      traefik.ingress.kubernetes.io/router.tls: "true"
      cert-manager.io/cluster-issuer: letsencrypt-issuer
    hosts:
      - host: gitea.alexlebens.net
        paths:
          - path: /
            pathType: Prefix
    tls:
      - secretName: gitea-secret-tls
        hosts:
          - gitea.alexlebens.net
  serviceAccount:
    create: true
    automountServiceAccountToken: true
  gitea:
    admin:
      existingSecret: gitea-admin-secret
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
    oauth:
      - name: Authentik
        provider: openidConnect
        existingSecret: gitea-oidc-secret
        autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration
        iconUrl: https://goauthentik.io/img/icon.png
        scopes: "email profile"
    config:
      APP_NAME: Gitea
      server:
        PROTOCOL: http
        DOMAIN: gitea.alexlebens.dev
        ROOT_URL: https://gitea.alexlebens.dev
        LOCAL_ROOT_URL: http://gitea-http.gitea.svc.cluster.local:3000
        START_SSH_SERVER: true
        SSH_DOMAIN: gitea.alexlebens.dev
        SSH_PORT: 2222
        SSH_LISTEN_PORT: 2222
        ENABLE_PPROF: true
        LANDING_PAGE: explore
      database:
        DB_TYPE: postgres
        SCHEMA: public
      oauth2_client:
        ENABLE_AUTO_REGISTRATION: true
      service:
        REGISTER_MANUAL_CONFIRM: true
        SHOW_REGISTRATION_BUTTON: false
        ALLOW_ONLY_EXTERNAL_REGISTRATION: true
      explore:
        REQUIRE_SIGNIN_VIEW: true
      webhook:
        ALLOWED_HOST_LIST: private
      mirror:
        DEFAULT_INTERVAL: 10m
    additionalConfigFromEnvs:
      - name: GITEA__DATABASE__HOST
        valueFrom:
          secretKeyRef:
            name: gitea-postgresql-16-cluster-app
            key: host
      - name: GITEA__DATABASE__NAME
        valueFrom:
          secretKeyRef:
            name: gitea-postgresql-16-cluster-app
            key: dbname
      - name: GITEA__DATABASE__USER
        valueFrom:
          secretKeyRef:
            name: gitea-postgresql-16-cluster-app
            key: user
      - name: GITEA__DATABASE__PASSWD
        valueFrom:
          secretKeyRef:
            name: gitea-postgresql-16-cluster-app
            key: password
  persistence:
    storageClass: ceph-block
  postgresql:
    enabled: false
  postgresql-ha:
    enabled: false
  redis-cluster:
    enabled: true
cloudflared:
  existingSecretName: gitea-cloudflared-secret
postgres-16-cluster:
  mode: standalone
  cluster:
    walStorage:
      storageClass: local-path
    storage:
      storageClass: local-path
    monitoring:
      enabled: true
      prometheusRule:
        enabled: false
  backup:
    enabled: true
    endpointURL: https://s3.us-east-2.amazonaws.com
    destinationPath: s3://cl01tl-postgresql-backups/gitea
    endpointCredentials: gitea-postgresql-16-cluster-backup-secret
    backupIndex: 1
    retentionPolicy: 14d