Added gitea

2026-04-22 16:51:54 -07:00 · 2026-04-22 16:51:54 -07:00 · 99ab70ed8e
commit 99ab70ed8e
parent 4301877f33
8 changed files with 257 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -184,6 +184,7 @@ helm upgrade --install dashboards charts/dashboards -n apps
 helm upgrade --install paperless charts/paperless -n apps
 helm upgrade --install mealie charts/mealie -n apps
 helm upgrade --install utils charts/utils -n apps
 helm upgrade --install gitea charts/gitea -n apps
 kubectl create namespace media
 helm upgrade --install media charts/media -n media
--- a/charts/gitea/Chart.yaml
+++ b/charts/gitea/Chart.yaml
@ -0,0 +1,5 @@
 apiVersion: v2
 name: gitea
 description: Gitea self-hosted Git service
 version: 0.1.0
 type: application
--- a/charts/gitea/templates/gitea-ingressroute.yaml
+++ b/charts/gitea/templates/gitea-ingressroute.yaml
@ -0,0 +1,32 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: gitea
  annotations:
    kubernetes.io/ingress.class: traefik-internal
 spec:
  entryPoints:
    - web
  routes:
    - match: Host(`gitea.{{ .Values.internalDomain }}`)
      kind: Rule
      services:
        - name: gitea
          port: 3000
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: gitea-tls
  annotations:
    kubernetes.io/ingress.class: traefik-internal
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`gitea.{{ .Values.internalDomain }}`)
      kind: Rule
      services:
        - name: gitea
          port: 3000
  tls: {}
--- a/charts/gitea/templates/gitea.yaml
+++ b/charts/gitea/templates/gitea.yaml
@ -0,0 +1,102 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: gitea
  labels:
    app: gitea
 spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: gitea
  template:
    metadata:
      labels:
        app: gitea
    spec:
      nodeSelector:
        homelab/node-role: worker
      containers:
        - name: gitea
          image: {{ .Values.image }}
          ports:
            - name: http
              containerPort: 3000
            - name: ssh
              containerPort: 2222
          resources:
            limits:
              memory: {{ .Values.resources.limits.memory }}
          env:
            - name: USER_UID
              value: {{ .Values.puid | quote }}
            - name: USER_GID
              value: {{ .Values.pgid | quote }}
            - name: GITEA__server__DOMAIN
              value: gitea.{{ .Values.domain }}
            - name: GITEA__server__ROOT_URL
              value: https://gitea.{{ .Values.domain }}
            - name: GITEA__server__SSH_PORT
              value: "2222"
            - name: GITEA__server__SSH_LISTEN_PORT
              value: "2222"
            - name: GITEA__database__DB_TYPE
              value: postgres
            - name: GITEA__database__HOST
              value: gitea-postgres:5432
            - name: GITEA__database__NAME
              value: {{ .Values.postgres.database }}
            - name: GITEA__database__USER
              value: {{ .Values.postgres.user }}
            - name: GITEA__database__PASSWD
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.secretName }}
                  key: GITEA_DB_PASS
            - name: GITEA__service__DISABLE_REGISTRATION
              value: "true"
          volumeMounts:
            - name: data
              mountPath: /data
      volumes:
        - name: data
          hostPath:
            path: /dogstore/service-data/gitea
            type: DirectoryOrCreate
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: gitea
 spec:
  selector:
    app: gitea
  ports:
    - name: http
      port: 3000
      targetPort: 3000
    - name: ssh
      port: 2222
      targetPort: 2222
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: gitea
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls.certresolver: {{ .Values.certResolver }}
 spec:
  rules:
    - host: gitea.{{ .Values.domain }}
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: gitea
                port:
                  number: 3000
--- a/charts/gitea/templates/postgres.yaml
+++ b/charts/gitea/templates/postgres.yaml
@ -0,0 +1,59 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: gitea-postgres
  labels:
    app: gitea-postgres
 spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: gitea-postgres
  template:
    metadata:
      labels:
        app: gitea-postgres
    spec:
      initContainers:
        - name: fix-permissions
          image: busybox
          command: ["sh", "-c", "chown -R 999:999 /data"]
          volumeMounts:
            - name: data
              mountPath: /data
      containers:
        - name: postgres
          image: {{ .Values.postgres.image }}
          ports:
            - containerPort: 5432
          env:
            - name: POSTGRES_DB
              value: {{ .Values.postgres.database }}
            - name: POSTGRES_USER
              value: {{ .Values.postgres.user }}
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.secretName }}
                  key: GITEA_DB_PASS
          volumeMounts:
            - name: data
              mountPath: /var/lib/postgresql/data
      volumes:
        - name: data
          hostPath:
            path: /dogstore/service-data/gitea/pgdata
            type: DirectoryOrCreate
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: gitea-postgres
 spec:
  selector:
    app: gitea-postgres
  ports:
    - port: 5432
      targetPort: 5432
--- a/charts/gitea/values.yaml
+++ b/charts/gitea/values.yaml
@ -0,0 +1,19 @@
 domain: ratboo.me
 internalDomain: dog
 certResolver: myresolver
 tz: America/Los_Angeles
 puid: "1000"
 pgid: "1000"
 image: gitea/gitea:1.23
 secretName: gitea-secrets
 resources:
  limits:
    memory: 512Mi
 postgres:
  image: docker.io/library/postgres:17
  database: gitea
  user: gitea
--- a/scripts/bootstrap.sh
+++ b/scripts/bootstrap.sh
@ -108,7 +108,7 @@ cmd_deploy() {
  local charts_dir
  charts_dir="$(cd "$(dirname "$0")/.." && pwd)/charts"
-  local -a chart_order=(traefik-config media paperless mealie dashboards utils headlamp)
+  local -a chart_order=(traefik-config media paperless mealie dashboards utils headlamp gitea)
  local -A chart_ns=(
    [traefik-config]=kube-system
    [media]=media
@ -117,6 +117,7 @@ cmd_deploy() {
    [dashboards]=apps
    [utils]=apps
    [headlamp]=apps
    [gitea]=apps
  )
  for chart in "${chart_order[@]}"; do
--- a/secrets/secrets.enc.yaml
+++ b/secrets/secrets.enc.yaml
@ -25,8 +25,8 @@ sops:
            eGZTZ0VSUElFZVpqWlVISjNYdnA4UFUK/uOyj7CKU0XLHHdPNKByO2c56JWQfhk5
            oauimeYrkNE+06dhXgVcJiQH+HcB33tB9u3YS9LxFYs3R98zKAHG6g==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-04-20T16:15:57Z"
+    lastmodified: "2026-04-22T23:40:49Z"
-    mac: ENC[AES256_GCM,data:QjexLkuBkJxXbWBTPUowSXGb8y3Zd22CtibFoYr/efLBYFI34KZS7mqtUx0bTlwLPRFbBUPaqlAfc7xvlRjRqIUpkfBvef0q3DVvJ8IiRVdSVR82lFGFpgJ/oDjQC9PSuEVFX1WvfpuOofwSTfV3ywvkVSlWzSJW66NNsKpl1MI=,iv:rxyUuOwTlT/fYkCX1WuZ1UJYUvCzEfXnrXQrwdDhYtA=,tag:50srDy5k4T+4zUdyI14xtg==,type:str]
+    mac: ENC[AES256_GCM,data:WJrfgMP6ioP/GU65sv6tWIjYe//TgAwUDowG1mOqm5UlJ1LT31vs7vmmm+1tYO+jpjCoQlVM0S2e1z+CgrqSMye4+x3VhRTiQKW8DQAN7x8ILoDB+RVcmq8wlqMsubdUtBHray43YtGdeDj4f+Rr4FC84uf9Qgl4ywkiq5CKnc0=,iv:hkQ+QRw1VBbNzJEWx/pdbq7eZ5TrYie0xofzXWIgZDw=,tag:xcnSUQtiF407DHTG5NCALA==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.12.2
 ---
@ -52,8 +52,8 @@ sops:
            eGZTZ0VSUElFZVpqWlVISjNYdnA4UFUK/uOyj7CKU0XLHHdPNKByO2c56JWQfhk5
            oauimeYrkNE+06dhXgVcJiQH+HcB33tB9u3YS9LxFYs3R98zKAHG6g==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-04-20T16:15:57Z"
+    lastmodified: "2026-04-22T23:40:49Z"
-    mac: ENC[AES256_GCM,data:QjexLkuBkJxXbWBTPUowSXGb8y3Zd22CtibFoYr/efLBYFI34KZS7mqtUx0bTlwLPRFbBUPaqlAfc7xvlRjRqIUpkfBvef0q3DVvJ8IiRVdSVR82lFGFpgJ/oDjQC9PSuEVFX1WvfpuOofwSTfV3ywvkVSlWzSJW66NNsKpl1MI=,iv:rxyUuOwTlT/fYkCX1WuZ1UJYUvCzEfXnrXQrwdDhYtA=,tag:50srDy5k4T+4zUdyI14xtg==,type:str]
+    mac: ENC[AES256_GCM,data:WJrfgMP6ioP/GU65sv6tWIjYe//TgAwUDowG1mOqm5UlJ1LT31vs7vmmm+1tYO+jpjCoQlVM0S2e1z+CgrqSMye4+x3VhRTiQKW8DQAN7x8ILoDB+RVcmq8wlqMsubdUtBHray43YtGdeDj4f+Rr4FC84uf9Qgl4ywkiq5CKnc0=,iv:hkQ+QRw1VBbNzJEWx/pdbq7eZ5TrYie0xofzXWIgZDw=,tag:xcnSUQtiF407DHTG5NCALA==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.12.2
 ---
@ -77,8 +77,8 @@ sops:
            eGZTZ0VSUElFZVpqWlVISjNYdnA4UFUK/uOyj7CKU0XLHHdPNKByO2c56JWQfhk5
            oauimeYrkNE+06dhXgVcJiQH+HcB33tB9u3YS9LxFYs3R98zKAHG6g==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-04-20T16:15:57Z"
+    lastmodified: "2026-04-22T23:40:49Z"
-    mac: ENC[AES256_GCM,data:QjexLkuBkJxXbWBTPUowSXGb8y3Zd22CtibFoYr/efLBYFI34KZS7mqtUx0bTlwLPRFbBUPaqlAfc7xvlRjRqIUpkfBvef0q3DVvJ8IiRVdSVR82lFGFpgJ/oDjQC9PSuEVFX1WvfpuOofwSTfV3ywvkVSlWzSJW66NNsKpl1MI=,iv:rxyUuOwTlT/fYkCX1WuZ1UJYUvCzEfXnrXQrwdDhYtA=,tag:50srDy5k4T+4zUdyI14xtg==,type:str]
+    mac: ENC[AES256_GCM,data:WJrfgMP6ioP/GU65sv6tWIjYe//TgAwUDowG1mOqm5UlJ1LT31vs7vmmm+1tYO+jpjCoQlVM0S2e1z+CgrqSMye4+x3VhRTiQKW8DQAN7x8ILoDB+RVcmq8wlqMsubdUtBHray43YtGdeDj4f+Rr4FC84uf9Qgl4ywkiq5CKnc0=,iv:hkQ+QRw1VBbNzJEWx/pdbq7eZ5TrYie0xofzXWIgZDw=,tag:xcnSUQtiF407DHTG5NCALA==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.12.2
 ---
@ -102,8 +102,8 @@ sops:
            eGZTZ0VSUElFZVpqWlVISjNYdnA4UFUK/uOyj7CKU0XLHHdPNKByO2c56JWQfhk5
            oauimeYrkNE+06dhXgVcJiQH+HcB33tB9u3YS9LxFYs3R98zKAHG6g==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-04-20T16:15:57Z"
+    lastmodified: "2026-04-22T23:40:49Z"
-    mac: ENC[AES256_GCM,data:QjexLkuBkJxXbWBTPUowSXGb8y3Zd22CtibFoYr/efLBYFI34KZS7mqtUx0bTlwLPRFbBUPaqlAfc7xvlRjRqIUpkfBvef0q3DVvJ8IiRVdSVR82lFGFpgJ/oDjQC9PSuEVFX1WvfpuOofwSTfV3ywvkVSlWzSJW66NNsKpl1MI=,iv:rxyUuOwTlT/fYkCX1WuZ1UJYUvCzEfXnrXQrwdDhYtA=,tag:50srDy5k4T+4zUdyI14xtg==,type:str]
+    mac: ENC[AES256_GCM,data:WJrfgMP6ioP/GU65sv6tWIjYe//TgAwUDowG1mOqm5UlJ1LT31vs7vmmm+1tYO+jpjCoQlVM0S2e1z+CgrqSMye4+x3VhRTiQKW8DQAN7x8ILoDB+RVcmq8wlqMsubdUtBHray43YtGdeDj4f+Rr4FC84uf9Qgl4ywkiq5CKnc0=,iv:hkQ+QRw1VBbNzJEWx/pdbq7eZ5TrYie0xofzXWIgZDw=,tag:xcnSUQtiF407DHTG5NCALA==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.12.2
 ---
@ -127,8 +127,8 @@ sops:
            eGZTZ0VSUElFZVpqWlVISjNYdnA4UFUK/uOyj7CKU0XLHHdPNKByO2c56JWQfhk5
            oauimeYrkNE+06dhXgVcJiQH+HcB33tB9u3YS9LxFYs3R98zKAHG6g==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-04-20T16:15:57Z"
+    lastmodified: "2026-04-22T23:40:49Z"
-    mac: ENC[AES256_GCM,data:QjexLkuBkJxXbWBTPUowSXGb8y3Zd22CtibFoYr/efLBYFI34KZS7mqtUx0bTlwLPRFbBUPaqlAfc7xvlRjRqIUpkfBvef0q3DVvJ8IiRVdSVR82lFGFpgJ/oDjQC9PSuEVFX1WvfpuOofwSTfV3ywvkVSlWzSJW66NNsKpl1MI=,iv:rxyUuOwTlT/fYkCX1WuZ1UJYUvCzEfXnrXQrwdDhYtA=,tag:50srDy5k4T+4zUdyI14xtg==,type:str]
+    mac: ENC[AES256_GCM,data:WJrfgMP6ioP/GU65sv6tWIjYe//TgAwUDowG1mOqm5UlJ1LT31vs7vmmm+1tYO+jpjCoQlVM0S2e1z+CgrqSMye4+x3VhRTiQKW8DQAN7x8ILoDB+RVcmq8wlqMsubdUtBHray43YtGdeDj4f+Rr4FC84uf9Qgl4ywkiq5CKnc0=,iv:hkQ+QRw1VBbNzJEWx/pdbq7eZ5TrYie0xofzXWIgZDw=,tag:xcnSUQtiF407DHTG5NCALA==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.12.2
 ---
@ -152,7 +152,32 @@ sops:
            eGZTZ0VSUElFZVpqWlVISjNYdnA4UFUK/uOyj7CKU0XLHHdPNKByO2c56JWQfhk5
            oauimeYrkNE+06dhXgVcJiQH+HcB33tB9u3YS9LxFYs3R98zKAHG6g==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-04-20T16:15:57Z"
+    lastmodified: "2026-04-22T23:40:49Z"
-    mac: ENC[AES256_GCM,data:QjexLkuBkJxXbWBTPUowSXGb8y3Zd22CtibFoYr/efLBYFI34KZS7mqtUx0bTlwLPRFbBUPaqlAfc7xvlRjRqIUpkfBvef0q3DVvJ8IiRVdSVR82lFGFpgJ/oDjQC9PSuEVFX1WvfpuOofwSTfV3ywvkVSlWzSJW66NNsKpl1MI=,iv:rxyUuOwTlT/fYkCX1WuZ1UJYUvCzEfXnrXQrwdDhYtA=,tag:50srDy5k4T+4zUdyI14xtg==,type:str]
+    mac: ENC[AES256_GCM,data:WJrfgMP6ioP/GU65sv6tWIjYe//TgAwUDowG1mOqm5UlJ1LT31vs7vmmm+1tYO+jpjCoQlVM0S2e1z+CgrqSMye4+x3VhRTiQKW8DQAN7x8ILoDB+RVcmq8wlqMsubdUtBHray43YtGdeDj4f+Rr4FC84uf9Qgl4ywkiq5CKnc0=,iv:hkQ+QRw1VBbNzJEWx/pdbq7eZ5TrYie0xofzXWIgZDw=,tag:xcnSUQtiF407DHTG5NCALA==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.12.2
 ---
 #ENC[AES256_GCM,data:nMA2+3xncC8MS36NjOh8hFQazy+v/nGIFIqSbnSFd/YtVOUsAPW46GMZrz6x0rrw4aCM5+E0j/nj9qhgNh3br2krltR5Owl0eNwn+xR36C5aPNgHdwtkVRtHPnv+j+d3nGKbgEvrvCpT83PDEdb2clt2ajrxffrrE3pGu2HDB4T2ogidDXFsl6i8bMxo/1zDYUoGS587aH93USGZ+s5BmHOlRVAg3W+Xg5FqepggiwJzSfvguIQtpH65JDmcuEjiwFvTbB3+WqHhWSJ5NQ==,iv:5Try5OdOks3JKpQ6A1wAS4wfwBcoBnqJAJGJ0pmdjZw=,tag:3/n5Uxf+zBLed0KhT4YvMg==,type:comment]
 apiVersion: ENC[AES256_GCM,data:F6o=,iv:8McPTAtRKlG0wpF1DUXRrhkzNuoD97Vu4OFyI8Opy28=,tag:DgEjMs6yXKFEv6Uu8A8WDg==,type:str]
 kind: ENC[AES256_GCM,data:eVSn4ODQ,iv:iDOb7kRnWbW1CYKILAZwbtlhbAqwi/I+YXFbHsmz2KI=,tag:dcWY/PdP2eMRv1HxmfyHoQ==,type:str]
 metadata:
    name: ENC[AES256_GCM,data:NXxSRxqzrL1BsWku/g==,iv:xCfwy3bNxd0wDyVEyWa6bgdcxZDIws+fdHPqUCNzMAs=,tag:xoFYlZ63vs8qdIC1XjObFw==,type:str]
    namespace: ENC[AES256_GCM,data:O6kz8Q==,iv:ZMv7m+YLaIChgNTM4Riopt2VUNg5HwUwdLR6bRA1Nf0=,tag:undk4ODEabPJbQKoa1He7A==,type:str]
 type: ENC[AES256_GCM,data:YMUJyMI2,iv:o++4jFOch8C8g5iKCzot/AcHnERRO/Yqn/uHuCAIFEI=,tag:ReJgAAajctyGo7xYr2Yc8w==,type:str]
 stringData:
    GITEA_DB_PASS: ENC[AES256_GCM,data:NcCI1tJCZEGLzE/Gj39zUPUVUWG65kWz7+/vk24TxgM=,iv:oXMBDmaPOoZiw9B9PKjCyRdON0jJaA0l6MBLrpEtdmU=,tag:1HzvvmvSOgkcWcl+Uy+dOQ==,type:str]
 sops:
    age:
        - recipient: age12gv2cu66v80khwse5jgwcaukf3juvufkm2kw507gfnvecdpwt3hsjra7te
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNWFcrTlYrOW1Tb0xGUmVS
            Q3VPb3VPMS9hRWQ4aDQzRGtFTXp4SU90YWlrCng5NkN3TUFEUGIrWkRCK1NMeVND
            Z2RwV0JKVnRTMWUvWlpDRzhBQWtsNVkKLS0tIHZ2NkZaVTJSaE1vTjVVMXhzTmYz
            eGZTZ0VSUElFZVpqWlVISjNYdnA4UFUK/uOyj7CKU0XLHHdPNKByO2c56JWQfhk5
            oauimeYrkNE+06dhXgVcJiQH+HcB33tB9u3YS9LxFYs3R98zKAHG6g==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2026-04-22T23:40:49Z"
    mac: ENC[AES256_GCM,data:WJrfgMP6ioP/GU65sv6tWIjYe//TgAwUDowG1mOqm5UlJ1LT31vs7vmmm+1tYO+jpjCoQlVM0S2e1z+CgrqSMye4+x3VhRTiQKW8DQAN7x8ILoDB+RVcmq8wlqMsubdUtBHray43YtGdeDj4f+Rr4FC84uf9Qgl4ywkiq5CKnc0=,iv:hkQ+QRw1VBbNzJEWx/pdbq7eZ5TrYie0xofzXWIgZDw=,tag:xcnSUQtiF407DHTG5NCALA==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.12.2