--- # tasks file for gitea - name: add gitea repo kubernetes.core.helm_repository: name: gitea repo_url: https://dl.gitea.com/charts/ register: repo_update - name: update repos command: helm repo update when: repo_update.changed - name: deploy gitea kubernetes.core.helm: name: gitea chart_ref: gitea/gitea release_namespace: gitea create_namespace: true values: image: pullPolicy: Always service: ssh: type: LoadBalancer ingress: enabled: true className: nginx annotations: cert-manager.io/cluster-issuer: ca-issuer nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" nginx.ingress.kubernetes.io/server-snippet: "{{ lookup('file', 'server-snippet') }}" hosts: - host: gitea.eom.dev paths: - path: / pathType: Prefix tls: - hosts: - gitea.eom.dev secretName: gitea-tls persistence: size: 2Ti gitea: metrics: enabled: true admin: username: gitea_admin password: "{{ gitea_admin_password }}" email: gitea@postfix.eom.dev ldap: - name: OpenLDAP securityProtocol: unencrypted host: openldap.openldap.svc.cluster.local port: 389 userSearchBase: dc=eom,dc=dev userFilter: (&(objectClass=posixAccount)(uid=%s)(memberOf=cn=Gitea Users,ou=Gitea,ou=Services,dc=eom,dc=dev)) adminFilter: (memberOf=cn=Gitea Administrators,ou=Gitea,ou=Services,dc=eom,dc=dev) emailAttribute: mail bindDn: cn=readonly,dc=eom,dc=dev bindPassword: "{{ openldap_readonly_password }}" usernameAttribute: uid publicSSHKeyAttribute: sshPublicKey config: APP_NAME: "Gitea" service: DISABLE_REGISTRATION: false SHOW_REGISTRATION_BUTTON: true DEFAULT_ALLOW_CREATE_ORGANIZATION: false ALLOW_ONLY_EXTERNAL_REGISTRATION: false ENABLE_NOTIFY_MAIL: true EMAIL_DOMAIN_BLOCKLIST: "spammer.com,mailinator.com,tempmail.com,10minutemail.com,guerrillamail.com,dispostable.com,fakemail.com,maildrop.cc,trashmail.com,yopmail.com,techstrategylab.com,timminsgoldminetour.com,claxyn.org,sise.claxyn.org,blyxen.com,seti.blyxen.com,tute.blyxen.com,tula.blyxen.com,sise.blyxen.org,ivolix.com,seti.lyvix.org,tute.lyvix.org,seti.ivolix.org,semo.ivolix.com,elyquin.org,simu.elyquin.org,semo.claxyn.com,sise.oxilv.com,simu.glinxy.org,simu.hivoltz.org,semo.elyquin.com,prisite.online,sise.dravix.org,dravix.org,semo.glinxy.com,glinxy.com,dark-webmarket.com,seti.juxal.org,juxal.org,9e5d.getir.space,getir.space,topcompanygroup.com,6d43.getir.space,9e2d.mikrowellen-tests.com,verifiedlinklist.com,xylzen.com,tapi.xylzen.com,ylixo.com,tapi.ylixo.com,tute.ylixo.com" ENABLE_CAPTCHA: true REGISTER_EMAIL_CONFIRM: true oauth2_client: ENABLE_AUTO_REGISTRATION: true UPDATE_AVATAR: true ACCOUNT_LINKING: auto mailer: ENABLED: true SMTP_ADDR: postfix.eom.dev SMTP_PORT: 587 USER: gitea PASSWD: "{{ gitea_admin_password }}" FROM: Gitea ENVELOPE_FROM: gitea@eom.dev redis: enabled: true global: redis: password: "{{ gitea_admin_password }}" persistence: enabled: true redis-cluster: enabled: false postgresql: enabled: true image: pullPolicy: Always global: postgresql: auth: username: gitea password: "{{ gitea_admin_password }}" database: gitea primary: persistence: enabled: true size: 2Ti postgresql-ha: enabled: false