112 lines
4.0 KiB
YAML
112 lines
4.0 KiB
YAML
---
|
|
# tasks file for gitea
|
|
- name: add gitea repo
|
|
kubernetes.core.helm_repository:
|
|
name: gitea
|
|
repo_url: https://dl.gitea.com/charts/
|
|
register: repo_update
|
|
|
|
- name: update repos
|
|
command: helm repo update
|
|
when: repo_update.changed
|
|
|
|
- name: deploy gitea
|
|
kubernetes.core.helm:
|
|
name: gitea
|
|
chart_ref: gitea/gitea
|
|
release_namespace: gitea
|
|
create_namespace: true
|
|
values:
|
|
image:
|
|
pullPolicy: Always
|
|
service:
|
|
ssh:
|
|
type: LoadBalancer
|
|
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: ca-issuer
|
|
nginx.ingress.kubernetes.io/enable-cors: "true"
|
|
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
|
|
nginx.ingress.kubernetes.io/server-snippet: "{{ lookup('file', 'server-snippet') }}"
|
|
hosts:
|
|
- host: gitea.eom.dev
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- hosts:
|
|
- gitea.eom.dev
|
|
secretName: gitea-tls
|
|
persistence:
|
|
size: 2Ti
|
|
gitea:
|
|
metrics:
|
|
enabled: true
|
|
admin:
|
|
username: gitea_admin
|
|
password: "{{ gitea_admin_password }}"
|
|
email: gitea@postfix.eom.dev
|
|
ldap:
|
|
- name: OpenLDAP
|
|
securityProtocol: unencrypted
|
|
host: openldap.openldap.svc.cluster.local
|
|
port: 389
|
|
userSearchBase: dc=eom,dc=dev
|
|
userFilter: (&(objectClass=posixAccount)(uid=%s)(memberOf=cn=Gitea Users,ou=Gitea,ou=Services,dc=eom,dc=dev))
|
|
adminFilter: (memberOf=cn=Gitea Administrators,ou=Gitea,ou=Services,dc=eom,dc=dev)
|
|
emailAttribute: mail
|
|
bindDn: cn=readonly,dc=eom,dc=dev
|
|
bindPassword: "{{ openldap_readonly_password }}"
|
|
usernameAttribute: uid
|
|
publicSSHKeyAttribute: sshPublicKey
|
|
config:
|
|
APP_NAME: "Gitea"
|
|
service:
|
|
DISABLE_REGISTRATION: false
|
|
SHOW_REGISTRATION_BUTTON: true
|
|
DEFAULT_ALLOW_CREATE_ORGANIZATION: false
|
|
ALLOW_ONLY_EXTERNAL_REGISTRATION: false
|
|
ENABLE_NOTIFY_MAIL: true
|
|
EMAIL_DOMAIN_BLOCKLIST: "spammer.com,mailinator.com,tempmail.com,10minutemail.com,guerrillamail.com,dispostable.com,fakemail.com,maildrop.cc,trashmail.com,yopmail.com,techstrategylab.com,timminsgoldminetour.com,claxyn.org,sise.claxyn.org,blyxen.com,seti.blyxen.com,tute.blyxen.com,tula.blyxen.com,sise.blyxen.org,ivolix.com,seti.lyvix.org,tute.lyvix.org,seti.ivolix.org,semo.ivolix.com,elyquin.org,simu.elyquin.org,semo.claxyn.com,sise.oxilv.com,simu.glinxy.org,simu.hivoltz.org,semo.elyquin.com,prisite.online,sise.dravix.org,dravix.org,semo.glinxy.com,glinxy.com,dark-webmarket.com,seti.juxal.org,juxal.org,9e5d.getir.space,getir.space,topcompanygroup.com,6d43.getir.space,9e2d.mikrowellen-tests.com,verifiedlinklist.com,xylzen.com,tapi.xylzen.com,ylixo.com,tapi.ylixo.com,tute.ylixo.com"
|
|
ENABLE_CAPTCHA: true
|
|
REGISTER_EMAIL_CONFIRM: true
|
|
oauth2_client:
|
|
ENABLE_AUTO_REGISTRATION: true
|
|
UPDATE_AVATAR: true
|
|
ACCOUNT_LINKING: auto
|
|
mailer:
|
|
ENABLED: true
|
|
SMTP_ADDR: postfix.eom.dev
|
|
SMTP_PORT: 587
|
|
USER: gitea
|
|
PASSWD: "{{ gitea_admin_password }}"
|
|
FROM: Gitea <gitea@eom.dev>
|
|
ENVELOPE_FROM: gitea@eom.dev
|
|
redis:
|
|
enabled: true
|
|
global:
|
|
redis:
|
|
password: "{{ gitea_admin_password }}"
|
|
persistence:
|
|
enabled: true
|
|
redis-cluster:
|
|
enabled: false
|
|
postgresql:
|
|
enabled: true
|
|
image:
|
|
pullPolicy: Always
|
|
global:
|
|
postgresql:
|
|
auth:
|
|
username: gitea
|
|
password: "{{ gitea_admin_password }}"
|
|
database: gitea
|
|
primary:
|
|
persistence:
|
|
enabled: true
|
|
size: 2Ti
|
|
postgresql-ha:
|
|
enabled: false
|