ansible-role-eom/tasks/git.yaml

---
# tasks file for gitea
- name: Add gitea repo
  kubernetes.core.helm_repository:
    name: gitea
    repo_url: https://dl.gitea.com/charts/

- name: Update Helm repos
  command: helm repo update

- name: Deploy Gitea
  kubernetes.core.helm:
    name: gitea
    chart_ref: gitea/gitea
    release_namespace: git
    create_namespace: true
    values:
      service:
        ssh:
          type: LoadBalancer
      ingress:
        enabled: true
        className: nginx
        annotations:
          cert-manager.io/cluster-issuer: ca-issuer
        hosts:
          - host: git.eom.dev
            paths:
              - path: /
                pathType: Prefix
        tls:
          - hosts:
            - git.eom.dev
            secretName: gitea-tls
      persistence:
        size: 128Gi
      actions:
        enabled: true
        provisioning:
          enabled: true
      gitea:
        admin:
          username: gitea
          password: "{{ gitea_admin_password }}"
          email: "gitea@mail.eom.dev"
        metrics:
          enabled: false
          serviceMonitor:
            enabled: false
            #  additionalLabels:
            #    prometheus-release: prom1
            interval: ""
            relabelings: []
            scheme: ""
            scrapeTimeout: ""
            tlsConfig: {}
        ldap:
          - name: OpenLDAP
            securityProtocol: unencrypted
            host: openldap.auth.svc.cluster.local
            port: 389
            userSearchBase: ou=People,dc=eom,dc=dev
            userFilter: (&(objectClass=inetOrgPerson)(uid=%s))
            adminFilter: (&(cn=Gitea Admin,ou=Gitea,ou=Services,dc=eom,dc=dev)(memberUid=%s))
            emailAttribute: mail
            bindDn: cn=readonly,dc=eom,dc=dev
            bindPassword: "{{ ldap_readonly_password }}"
            usernameAttribute: uid
            publicSSHKeyAttribute: publicSSHKey
        config:
          APP_NAME: "Gitea"
        additionalConfigFromEnvs:
          - name: GITEA_DISABLE_REGISTRATION
            value: "true"
          - name: GITEA_DEFAULT_ALLOW_CREATE_ORGANIZATION
            value: "false"
      redis-cluster:
        enabled: false
      redis:
        enabled: true
        global:
          redis:
            password: "{{ gitea_redis_password }}"
      postgresql-ha:
        enabled: false
      postgresql:
        enabled: true
        global:
          postgresql:
            auth:
              password: "{{ gitea_postgres_password }}"
              database: gitea
              username: gitea
        primary:
          persistence:
            size: 128Gi