Initial commit

2026-02-27 17:30:50 -05:00
commit b9f615dcb3
13 changed files with 227 additions and 0 deletions
--- a/tasks/gitea.yaml
+++ b/tasks/gitea.yaml
@@ -0,0 +1,105 @@
+---
+# tasks file for gitea
+- name: add gitea repo
+  kubernetes.core.helm_repository:
+    name: gitea
+    repo_url: https://dl.gitea.com/charts/
+  register: repo_update
+
+- name: update repos
+  command: helm repo update
+  when: repo_update.changed
+
+- name: deploy gitea
+  kubernetes.core.helm:
+    name: gitea
+    chart_ref: gitea/gitea
+    release_namespace: gitea
+    create_namespace: true
+    values:
+      image:
+        pullPolicy: IfNotPresent
+      service:
+        ssh:
+          type: LoadBalancer
+      ingress:
+        enabled: true
+        className: nginx
+        annotations:
+          cert-manager.io/cluster-issuer: ca-issuer
+        hosts:
+          - host: gitea.eom.dev
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+            - gitea.eom.dev
+            secretName: gitea-tls
+      persistence:
+        size: 2Ti
+      gitea:
+        metrics:
+          enabled: true
+        admin:
+          username: gitea_admin
+          password: "{{ gitea_admin_password }}"
+          email: gitea@postfix.eom.dev
+        ldap:
+          - name: OpenLDAP
+            securityProtocol: unencrypted
+            host: openldap.openldap.svc.cluster.local
+            port: 389
+            userSearchBase: dc=eom,dc=dev
+            userFilter: (&(objectClass=posixAccount)(uid=%s)(memberOf=cn=Gitea Users,ou=Gitea,ou=Services,dc=eom,dc=dev))
+            adminFilter: (memberOf=cn=Gitea Administrators,ou=Gitea,ou=Services,dc=eom,dc=dev)
+            emailAttribute: mail
+            bindDn: cn=readonly,dc=eom,dc=dev
+            bindPassword: "{{ openldap_readonly_password }}"
+            usernameAttribute: uid
+            publicSSHKeyAttribute: sshPublicKey
+        config:
+          APP_NAME: "Gitea"
+          service:
+            DISABLE_REGISTRATION: false
+            SHOW_REGISTRATION_BUTTON: true
+            DEFAULT_ALLOW_CREATE_ORGANIZATION: false
+            ALLOW_ONLY_EXTERNAL_REGISTRATION: false
+            ENABLE_NOTIFY_MAIL: true
+          oauth2_client:
+            ENABLE_AUTO_REGISTRATION: true
+            UPDATE_AVATAR: true
+            ACCOUNT_LINKING: auto
+          mailer:
+            ENABLED: true
+            SMTP_ADDR: postfix.eom.dev
+            SMTP_PORT: 587
+            USER: gitea
+            PASSWD: "{{ gitea_admin_password }}"
+            FROM: Gitea <gitea@eom.dev>
+            ENVELOPE_FROM: gitea@eom.dev
+      redis:
+        enabled: true
+        global:
+          redis:
+            password: "{{ gitea_admin_password }}"
+        persistence:
+          enabled: true
+      redis-cluster:
+        enabled: false
+      postgresql:
+        enabled: true
+        image:
+          tag: 16.4.0-debian-12-r9
+        global:
+          postgresql:
+            auth:
+              username: gitea
+              password: "{{ gitea_admin_password }}"
+              database: gitea
+        primary:
+          persistence:
+            enabled: true
+            size: 2Ti
+      postgresql-ha:
+        enabled: false