infrastructure/clusters/cl01tl/platform/gitea/values.yaml

gitea:
  ingress:
    enabled: true
    className: traefik
    annotations:
      traefik.ingress.kubernetes.io/router.entrypoints: websecure
      traefik.ingress.kubernetes.io/router.tls: "true"
      cert-manager.io/cluster-issuer: letsencrypt-issuer
    hosts:
      - host: gitea.alexlebens.net
        paths:
          - path: /
            pathType: Prefix
    tls:
      - secretName: gitea-secret-tls
        hosts:
          - gitea.alexlebens.net
  gitea:
    admin:
      existingSecret: gitea-admin-secret
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
    config:
      server:
        LANDING_PAGE: explore
        ROOT_URL: https://gitea.alexlebens.net
        ENABLE_PPROF: true
      webhook:
        ALLOWED_HOST_LIST: private
        scopes: email profile
      service:
        DISABLE_REGISTRATION: true
        SHOW_REGISTRATION_BUTTON: false
        explore:
          REQUIRE_SIGNIN_VIEW: true
      database:
        DB_TYPE: postgres
        SCHEMA: public
    additionalConfigFromEnvs:
      - name: GITEA__DATABASE__HOST
        valueFrom:
          secretKeyRef:
            name: gitea-postgresql-16-cluster-app
            key: host
      - name: GITEA__DATABASE__NAME
        valueFrom:
          secretKeyRef:
            name: gitea-postgresql-16-cluster-app
            key: dbname
      - name: GITEA__DATABASE__USER
        valueFrom:
          secretKeyRef:
            name: gitea-postgresql-16-cluster-app
            key: user
      - name: GITEA__DATABASE__PASSWD
        valueFrom:
          secretKeyRef:
            name: gitea-postgresql-16-cluster-app
            key: password
    oauth:
      - name: Authentik
        provider: openidConnect
        existingSecret: gitea-oidc-secret
        autoDiscoverUrl: "https://authentik.alexlebens.net/application/o/gitea/.well-known/openid-configuration"
        iconUrl: https://goauthentik.io/img/icon.png
        scopes: "email profile"
  persistence:
    storageClass: ceph-block
  postgresql:
    enabled: false
  postgresql-ha:
    enabled: false
  redis-cluster:
    enabled: true
    persistence:
      enabled: false
postgres-16-cluster:
  mode: standalone
  cluster:
    walStorage:
      storageClass: local-path
    storage:
      storageClass: local-path
    monitoring:
      enabled: true
      prometheusRule:
        enabled: false
  backup:
    enabled: true
    endpointURL: https://s3.us-east-2.amazonaws.com
    destinationPath: s3://cl01tl-postgresql-backups/gitea
    endpointCredentials: gitea-postgresql-16-cluster-backup-secret
    backupIndex: 1
    retentionPolicy: 14d