From d4854fd5aa62dec7e20c4c79306fade32aa65a71 Mon Sep 17 00:00:00 2001
From: LordMathis <matus@namesny.com>
Date: Tue, 24 Sep 2024 19:39:11 +0200
Subject: [PATCH] Add gitea

---
 apps/base/gitea/kustomization.yaml |  8 ++++
 apps/base/gitea/namespace.yaml     |  4 ++
 apps/base/gitea/release.yaml       | 16 +++++++
 apps/base/gitea/repository.yaml    |  8 ++++
 apps/prod/gitea/ingress.yaml       | 14 ++++++
 apps/prod/gitea/kustomization.yaml | 18 ++++++++
 apps/prod/gitea/release.yaml       | 19 ++++++++
 apps/prod/gitea/secret.enc.yaml    | 28 ++++++++++++
 apps/prod/gitea/values.yaml        | 70 ++++++++++++++++++++++++++++++
 9 files changed, 185 insertions(+)
 create mode 100644 apps/base/gitea/kustomization.yaml
 create mode 100644 apps/base/gitea/namespace.yaml
 create mode 100644 apps/base/gitea/release.yaml
 create mode 100644 apps/base/gitea/repository.yaml
 create mode 100644 apps/prod/gitea/ingress.yaml
 create mode 100644 apps/prod/gitea/kustomization.yaml
 create mode 100644 apps/prod/gitea/release.yaml
 create mode 100644 apps/prod/gitea/secret.enc.yaml
 create mode 100644 apps/prod/gitea/values.yaml

diff --git a/apps/base/gitea/kustomization.yaml b/apps/base/gitea/kustomization.yaml
new file mode 100644
index 0000000..848c96d
--- /dev/null
+++ b/apps/base/gitea/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: gitea
+
+resources:
+  - namespace.yaml
+  - repository.yaml
+  - release.yaml
diff --git a/apps/base/gitea/namespace.yaml b/apps/base/gitea/namespace.yaml
new file mode 100644
index 0000000..d884423
--- /dev/null
+++ b/apps/base/gitea/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
\ No newline at end of file
diff --git a/apps/base/gitea/release.yaml b/apps/base/gitea/release.yaml
new file mode 100644
index 0000000..bba5bea
--- /dev/null
+++ b/apps/base/gitea/release.yaml
@@ -0,0 +1,16 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  interval: 1h
+  chart:
+    spec:
+      chart: gitea
+      version: 10.2.0
+      sourceRef:
+        kind: HelmRepository
+        name: gitea
+        namespace: gitea
+      interval: 1h
\ No newline at end of file
diff --git a/apps/base/gitea/repository.yaml b/apps/base/gitea/repository.yaml
new file mode 100644
index 0000000..b898524
--- /dev/null
+++ b/apps/base/gitea/repository.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  interval: 1h
+  url: https://dl.gitea.io/charts/
\ No newline at end of file
diff --git a/apps/prod/gitea/ingress.yaml b/apps/prod/gitea/ingress.yaml
new file mode 100644
index 0000000..6c5dfc1
--- /dev/null
+++ b/apps/prod/gitea/ingress.yaml
@@ -0,0 +1,14 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: gitea-web-ingress
+  namespace: gitea
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`git.example.com`)
+    kind: Rule
+    services:
+    - name: gitea-http
+      port: 3000
\ No newline at end of file
diff --git a/apps/prod/gitea/kustomization.yaml b/apps/prod/gitea/kustomization.yaml
new file mode 100644
index 0000000..7a44527
--- /dev/null
+++ b/apps/prod/gitea/kustomization.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: gitea
+
+resources:
+  - ../base/gitea
+  - secret.enc.yaml
+  - release.yaml
+  - ingress.yaml
+
+configMapGenerator:
+  - name: gitea-prod-values
+    namespace: gitea
+    files:
+      - values.yaml
+
+patchesStrategicMerge:
+  - release.yaml
\ No newline at end of file
diff --git a/apps/prod/gitea/release.yaml b/apps/prod/gitea/release.yaml
new file mode 100644
index 0000000..891a0bc
--- /dev/null
+++ b/apps/prod/gitea/release.yaml
@@ -0,0 +1,19 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  interval: 1h
+  chart:
+    spec:
+      chart: gitea
+      version: 10.2.0
+      sourceRef:
+        kind: HelmRepository
+        name: gitea
+        namespace: gitea
+      interval: 1h
+  valuesFrom:
+    - kind: ConfigMap
+      name: gitea-prod-values
\ No newline at end of file
diff --git a/apps/prod/gitea/secret.enc.yaml b/apps/prod/gitea/secret.enc.yaml
new file mode 100644
index 0000000..2235be9
--- /dev/null
+++ b/apps/prod/gitea/secret.enc.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: gitea-admin-secret
+    namespace: gitea
+stringData:
+    username: ENC[AES256_GCM,data:1K7hWGJC,iv:SRYfP1NLS633JKNORnsFkBFXo5sP4ejWNj6r4NXbrrQ=,tag:kOfUyxznR8p8VsiYy//Ytg==,type:str]
+    password: ENC[AES256_GCM,data:6GstZlME7jdHkwmyKCp+G72j6yk=,iv:sMunSzr6NZq5QVuibItDJq6n/KM5F9+Ulgc3XLdXuEg=,tag:+/2eBSEJMggo2X1Ft8RIlw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzQXVTa2hVaTAvbzU3aUxS
+            OHNUZm40RXlXa1dzRE5tMndKU015RVNYY1hjCjY5WDFYOFBrOXcyZm4vMkhWc0c4
+            UkhSYkhyVEJ2V1c1UytOZUxOTUJQWjgKLS0tIER2OFNsQUdHdkxTdEpObFFJcUxP
+            MVZUOGNJOC9QMU9WSWY2eTJjdEZsK2cKvdCXFw0LGc2Fqcnjla8SON0Oonsnrzfc
+            4GS1TFZ6bv4djodgn2wl43HmrrEvdHal2+HBDKv4McJv4x/jKBFbnw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-09-24T17:35:23Z"
+    mac: ENC[AES256_GCM,data:MCbFvTfxsp1jEQngBp1dVZBHBagfogq4kUgpvHUG7xmzvSipicxnPdJe1bLdR/Ei8VWvU6O+PYn2jGBKxof8aYvEKUbMngq2fT26lhi/910pDMyEnp+HV4wJIdnIOwR3p8DMzw386ejlOxk+Q57/JvDoDuu1p7vWv9g+/6fxu2g=,iv:t8WGOMajR88BbW1M7NOigYnSFhZs+yW00Plq4dq57b0=,tag:Pvg6MdWhGslRTFI7XAseHw==,type:str]
+    pgp: []
+    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
+    version: 3.9.0
diff --git a/apps/prod/gitea/values.yaml b/apps/prod/gitea/values.yaml
new file mode 100644
index 0000000..2f9fbbb
--- /dev/null
+++ b/apps/prod/gitea/values.yaml
@@ -0,0 +1,70 @@
+redis-cluster:
+  enabled: false
+postgresql-ha:
+  enabled: false
+postgresql:
+  enabled: true
+  image:
+    registry: docker.io
+    repository: bitnami/postgresql
+    tag: 15.3.0-debian-11-r24
+    digest: sha256:fff6086d557d962422c6d751b6723877642170bbcc25d6f23e5c2c2f079987d5
+  primary:
+    persistence:
+      storageClass: retain-local-path
+
+persistence:
+  enabled: true
+  storageClass: retain-local-path
+
+image:
+  rootless: true
+
+gitea:
+  admin:
+    existingSecret: gitea-admin-secret
+    email: "admin@example.com"
+  config:
+    actions:
+      ENABLED: true
+    federation:
+      ENABLED: true
+    database:
+      DB_TYPE: postgres
+    session:
+      PROVIDER: db
+    cache:
+      ADAPTER: memory
+    queue:
+      TYPE: channel
+    server:
+      BUILTIN_SSH_SERVER_USER: git
+      ROOT_URL: https://git.example.com
+      DOMAIN: git.example.com
+      SSH_CREATE_AUTHORIZED_KEYS_FILE: false
+      LANDING_PAGE: explore
+    service:
+      REGISTER_MANUAL_CONFIRM: true
+    indexer:
+      ISSUE_INDEXER_TYPE: bleve
+      REPO_INDEXER_ENABLED: true
+
+service:
+  http:
+    type: ClusterIP
+    port: 3000
+    clusterIP:
+  ssh:
+    type: ClusterIP
+    port: 22
+
+podSecurityContext:
+  fsGroup: 1001
+
+containerSecurityContext:
+  runAsGroup: 1001
+  runAsNonRoot: true
+  runAsUser: 1001
+
+test:
+  enabled: false