gitea: replicaCount: 3 ingress: enabled: true hosts: - host: git.dubyatp.xyz paths: - path: / tls: - secretName: cert-dubyatp-xyz hosts: - git.dubyatp.xyz persistence: enabled: true create: true mount: true claimName: gitea-shared-storage size: 50Gi accessModes: - ReadWriteMany storageClass: weyma-shared deployment: annotations: backup.velero.io/backup-volumes: data env: - name: GITEA__database__PASSWD valueFrom: secretKeyRef: key: password name: gitea-db-auth - name: GITEA__mailer__PASSWD valueFrom: secretKeyRef: key: smtp_smtp2go name: gitea-secrets - name: GITEA__security__INTERNAL_TOKEN valueFrom: secretKeyRef: key: internal_token name: gitea-secrets - name: GITEA__security__SECRET_KEY valueFrom: secretKeyRef: key: secret_key name: gitea-secrets - name: GITEA__oauth2__JWT_SECRET valueFrom: secretKeyRef: key: oauth2_jwt name: gitea-secrets gitea: admin: passwordMode: initialOnlyNoReset podAnnotations: backup.velero.io/backup-volumes: data config: database: DB_TYPE: postgres HOST: pooler-weyma-rw.cloudnativepg.svc.cluster.local NAME: gitea USER: gitea server: DISABLE_SSH: false DOMAIN: git.dubyatp.xyz ENABLE_PPROF: false ROOT_URL: https://git.dubyatp.xyz SSH_DOMAIN: git-ssh.dubyatp.xyz SSH_LISTEN_PORT: 22 SSH_PORT: 22 START_SSH_SERVER: true OFFLINE_MODE: false service: DISABLE_REGISTRATION: false webhook: ALLOWED_HOST_LIST: "drone.infra.dubyatp.xyz,argocd.infra.dubyatp.xyz,discord.com,10.0.0.0/8" mailer: ENABLED: true FROM: gitea@em924671.dubyatp.xyz PROTOCOL: smtps SMTP_ADDR: mail.smtp2go.com SMTP_PORT: 465 USER: gitea_dubyatp security: INSTALL_LOCK: true metrics: enabled: true serviceMonitor: enabled: true extraDeploy: - apiVersion: traefik.io/v1alpha1 kind: IngressRouteTCP metadata: name: gitea-ssh spec: entryPoints: - gitssh routes: - match: HostSNI(`*`) priority: 1 services: - name: gitea-ssh port: 22 - apiVersion: v1 kind: Secret metadata: name: cert-dubyatp-xyz annotations: replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz" replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key" data: tls.crt: "" tls.key: "" - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: gitea-db-auth spec: data: - remoteRef: conversionStrategy: Default decodingStrategy: None key: cloudnativepg metadataPolicy: None property: gitea_pw secretKey: password refreshInterval: 1h secretStoreRef: kind: ClusterSecretStore name: weyma-vault target: creationPolicy: Owner deletionPolicy: Retain name: gitea-db-auth - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: gitea-secrets spec: data: - remoteRef: conversionStrategy: Default decodingStrategy: None key: gitea metadataPolicy: None property: internal_token secretKey: internal_token - remoteRef: conversionStrategy: Default decodingStrategy: None key: gitea metadataPolicy: None property: oauth2_jwt secretKey: oauth2_jwt - remoteRef: conversionStrategy: Default decodingStrategy: None key: gitea metadataPolicy: None property: secret_key secretKey: secret_key - remoteRef: conversionStrategy: Default decodingStrategy: None key: gitea metadataPolicy: None property: smtp_smtp2go secretKey: smtp_smtp2go - remoteRef: conversionStrategy: Default decodingStrategy: None key: gitea metadataPolicy: None property: gitea_admin secretKey: gitea_admin refreshInterval: 1h secretStoreRef: kind: ClusterSecretStore name: weyma-vault target: creationPolicy: Owner deletionPolicy: Retain name: gitea-secrets postgresql-ha: enabled: false valkey-cluster: enabled: true valkey: resourcesPreset: "small"