---
# tasks file for gitea
- name: Add gitea repo
  kubernetes.core.helm_repository:
    name: gitea
    repo_url: https://dl.gitea.com/charts/
  register: repo_update

- name: Update Helm repos
  command: helm repo update
  when: repo_update.changed

- name: Deploy Gitea
  kubernetes.core.helm:
    name: gitea
    chart_ref: gitea/gitea
    release_namespace: gitea
    create_namespace: true
    values:
      image:
        pullPolicy: IfNotPresent
      service:
        ssh:
          type: LoadBalancer
      ingress:
        enabled: true
        className: nginx
        annotations:
          cert-manager.io/cluster-issuer: ca-issuer
        hosts:
          - host: gitea.eom.dev
            paths:
              - path: /
                pathType: Prefix
        tls:
          - hosts:
            - gitea.eom.dev
            secretName: gitea-tls
      persistence:
        size: 2Ti
      actions:
        enabled: true
        provisioning:
          enabled: true
      gitea:
        metrics:
          enabled: true
        admin:
          username: gitea_admin
          password: "{{ gitea_admin_password }}"
          email: gitea@postfix.eom.dev
        ldap:
          - name: OpenLDAP
            securityProtocol: unencrypted
            host: openldap.openldap.svc.cluster.local
            port: 389
            userSearchBase: dc=eom,dc=dev
            userFilter: (&(objectClass=posixAccount)(uid=%s)(memberOf=cn=Gitea Users,ou=Gitea,ou=Services,dc=eom,dc=dev))
            adminFilter: (memberOf=cn=Gitea Administrators,ou=Gitea,ou=Services,dc=eom,dc=dev)
            emailAttribute: mail
            bindDn: cn=readonly,dc=eom,dc=dev
            bindPassword: "{{ openldap_readonly_password }}"
            usernameAttribute: uid
            publicSSHKeyAttribute: sshPublicKey
        config:
          APP_NAME: "Gitea"
          service:
            DISABLE_REGISTRATION: false
            SHOW_REGISTRATION_BUTTON: false
            DEFAULT_ALLOW_CREATE_ORGANIZATION: false
            ALLOW_ONLY_EXTERNAL_REGISTRATION: true
          oauth2_client:
            ENABLE_AUTO_REGISTRATION: true
            UPDATE_AVATAR: true
            ACCOUNT_LINKING: auto
          mailer:
            ENABLED: true
            SMTP_ADDR: postfix.eom.dev
            SMTP_PORT: 587
            USER: gitea
            PASSWD: "{{ gitea_admin_password }}"
            FROM: Gitea <gitea@eom.dev>
            ENVELOPE_FROM: gitea@eom.dev
      redis:
        enabled: true
        global:
          redis:
            password: "{{ gitea_admin_password }}"
        persistence:
          enabled: true
      redis-cluster:
        enabled: false
      postgresql:
        enabled: true
        global:
          postgresql:
            auth:
              username: gitea
              password: "{{ gitea_admin_password }}"
              database: gitea
        primary:
          persistence:
            enabled: true
            size: 2Ti
      postgresql-ha:
        enabled: false