diff --git a/cluster/apps/default/gitea/gitea-appini.sops.yaml b/cluster/apps/default/gitea/gitea-appini.sops.yaml deleted file mode 100644 index ceba1022..00000000 --- a/cluster/apps/default/gitea/gitea-appini.sops.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: gitea-appini-secret - namespace: default -stringData: - app.ini: ENC[AES256_GCM,data:V4Od9odINfb6C+pTJj3vMeLrgA2r6GGsrZDV9ZugucZaOCidaRrcNpiSeCJIdpEOxW0P6kGI3o5FIH9JBSJkMTgmE0rQBfpTeR3PI+1S+2c2kfGL+DRFRaDUCtkp0NEu9bkDvrcFGYkkIvGly9XLue21Eq+vXO5yOQ86/N40N5YHNYixQmkmD5m8hpnYlatjUk41zHaSwbyo81W1JJLJLPHWbV7f8WjdpYNHBU23sOIWWBw2aHHc0QUYp2mrjIYWwXhRLkFl2qFTb4ptl6ogej13ZIfT37yv/qSUtDjADL9dgAPzDzGbwN5ZYQrILHIMaBsUWYWklwQolW+v9/sGMc+AoQSUad4kIVlZL3kt3gQvqZ9C2W/2/dkQaoEHJUzrR7CV0KhtpDYgmahf7nBq1PGl8xqp+IsnDgm7QLBXiwFMd1z7sVAhTFqxaMZSj3+QFBYgvUBdMPeOWdjObsHyNkAY2Hn6NcxAbtfGk9zbdCF1iw48fcSxXTr0DLtUo8y2Fr/y2pC2EbMDMrYBoZYIMI0PYri8nv2kPWpOvzHNpeico7ME3OIvE7csgDJQNtj1j3abZrkOvtmyRb/CZRTyP5ME4hWNMNSpY81bw/zVWiZ151NztcXpGOj2exlYFNHh14Uy3JW60vMu+eSxIGcqjBJmqKH2Y1eP/x8ZYodGz+7SiL/Y89igVElcUCAyEypmDhdhtFXZ4Agb+5T4dyLeZ7NRYqjethEt3A4d0H1ZXwtp0gJ6HjhWeeK+ouRM/+WyCmFqvqLgxDxqFeYbeIaAdLnoNQx+4rhKl/yJncfkbk9jCJEvQSDfAaZuoHJmjk5QlF4eyBUVqeNBwQtVJ4TG//LR9uP89IBr2C4tyhkOT0FG6P68O3Gaf04YDjwEmc2gfhBkH26ARzqhwHNZ6jO3zkCgtxNa4kVcgPPp/WIiD6nVpFuucUhcjypplenPTv9060HQ6fCxyiHLV7kETaykJFIIEPXIMfpIFHJi83CWt/yH2rbDDXb5eZfmezJETh+zM16TrfkumHwL5+kV96ccMrq9O6qnoI6fD0mlXa8npVGiBotfXfkEUdP5FRcxv4vzeimArPRRkBqMZCRT2tXrVFChrIABudxgkiSqJPWoIlRb4u/maN/UuyiE/wm09l0/ROkCd0yRqUvNJd8nHtZZpivJu/icNjERUNgvuO+x+Ssl4IkJ6utVqhUHSZa2M0VI/pe6j/zitYVZyIslzEAjqmO4oq389wdw1GaJrSffRNftIBdzsSx1JKlnQhH51tO2jL/tdbWX2XLMoK1tiRYkjZDKfSpEfdGVDZRtQg9C1gkAaB6/+4usmbjXRqQCoOyNXaTopXQ97pQoqnrfhMrgdu1rq6Bju0Zs4fTUcfTv4BtA7SAP7I1v2RZqcZuuanhKZRM8JuUJdJezLwcOlkkELPSODXiZZ0wlp+z3xEgk/tvNEnck7mEyFb8TB1ffYuFAC4/zJn1Dgo92jvCWXW6IRksDWIV5wzqjdDU5+2AA863C6ULHPIlpmXn4EQUWkxeF0OcZD0GQXhJUoSwBl8kpA9v6vQ952dME15nFTblr1TjfXjk5RK/0tgPD8NEVecmfShvyc9ncWmZlUZXgp0/C25yJYhyIgJYzPvNWqgB/Z3jBbWidejpxZ+8mGzf98IK7tLjLnZs7BvqmJ71HHU3O59s9ZMZ89bbAT3ExPjukD+8VetEZGsfMDUv3B5bnFxKyji5AYDzVZRJB8DYBGW0Fx+FgIyIyJwrQ8DMczCj/8h2MbsOznre4YcZ79JFuXlYJWpQN5lyyY1oCY+kVl+0SQrZY7Pb5VgZrsancu7/O2tnDZF9V2YuP82DZo/8ZBseOMtAbSs7+fCYNfmPBSSoeEP3MTrMqDj/kAkOiGXHfvoszRMlK73HlWKyqraGKO1SbfECE2hfNQacZYN8kFwqJKoTiRb3C5n0xkU1M2n19gF1BWRxFMM+rXkHKjNJ5/fODV+FLIeEsZ2WLYOKdAH0/745GPHdTx8O7xOb13CcL9mrLLWlVPg4tgERrG+4gahfjar7RIH18oI2+OX1ZiXQQYwcRaExQtlTFABomAoGxOsjQ+3Fzjj2pQbmMgQJuzJKw/ZOgllDHwQ8YuYwb0z4X93e331bg8pJVNsLlgA18/aoKiRM0O+9Sw0Bpd06ATM8gHE9eZpkJtrYbaFYXAvIBIUYqwDXxSLgMLzz3/MKRezC21cALv8MmDI0lkeGeYOC9JXZUSK2UPB8DkTbsyPy4npF0+omV4sBM2lleTWqFWB3aHpEXtOqYWGSZJvBjy9SY74slfnKZZaxwZhyE7JLZJLqQmtYvW5W2uXKmFD4aOZmrurn+q6TioIjruZ/wuIWuQuKw7ukcxKIt+fYQkJRIc/Qta0hRl58idZDlCjf1eL24MkKmdjvO2XzM8myhRaeKqCYunvYiSF/JcbSz4yhzFjCFNxVvQQ0BGizfHeqQYSaWpyuasecAXkvXPdgq+Lht0TK34BCuq2pC4aIIE3ZeR2XzHrJ7rAP+g4nws+HRlqVvIPE6gunrsrZy4L4UItrLBe1FZ/o8K3vPANCKMjrKZNU14Jn6dykhzwVG/6Yv3QWPUyCvD+zqNGD19F53Gc3Kp6dysMlYUruG9bq07UQyiz1Ue7/wEKc2g9QYDlMbG1AWT3EVb/KKyurvS0A9W9+rYC1c6m/oOkPtb5UIz8HVIic/AXxstUE+T6QNDcaUfpz8d1dQINq60bCwOex5TAUqBYjG87aUofdeyVSAE5Uvv6XEY7zrO9+ffzJA5W72MUtgfymr7/NVtnv1w2GY1ZrAr1YaqCJ54A90JCbzGiYMRInDmXdzFmTHCBxcFG88dDTi1MZiYbkwlofMpIBrpm9CcE1WdXNozmy/1PlwCPfTmAW2v7m+GIqh3i0PzL+OaHbH28hthdfWywoxYQwpCLtCtpqAIt71HdYD3pFrsNw6ncA3IHCc5V8M40HfAa9UnuqyDsovf8xzGsoWFD+dNDGpB0zwpA==,iv:DTW6aqHeXAwtC0TF1+omBsD7PIa2q5a+jQ3rKav29LA=,tag:bkRwn09eorKyN6TbPqDFcw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-06-03T18:27:51Z" - mac: ENC[AES256_GCM,data:L/N8wCxBKJ+aMqoc+jKyq8femyQDry3hO0L6YL48EGVpvti7OajBG3lciL7P3xPb8Xl8T8Gb7MZ9pCzVPd11LyYwFDifR/eke77uvaQ5KBNMiuabkryG56eRTLpwOjhUBufcwdX4vIaz/RGe8BBputgBNJLS7nlPtlHxgXvJJ9k=,iv:FbeA9CHPl8E3h0+EiV43z7q9ma8IlaJitrHb55teha8=,tag:cFL0ldTyab3Bye4YUhv0cA==,type:str] - pgp: - - created_at: "2023-06-03T18:27:50Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hQIMAzKleRwoSoixAQ//bFZnbddFfGqV2GblLjInM4qbBb59OZnZH07RyP+I1fFX - vSASqWFR4dFOKUZ2rL4eC19jbWFG/a+0zUodTatuQ4lNmY4Q5g2fACv4KdZb87P5 - 0hT8s3QuCKR6wZkTTl6y+k2JwYv/2ZsTF6ywMH53tc1X4wr5n+/Rhz+XeY8uEbyY - lNoydGOxum7dHLoF0ARVfgmJH/OHkxlN4zemwMy/yu/MSYMJ/8ionB7Qi39kjtL4 - ixKjwYKwfZiO1DrxWz0bjppuQAEorJuFPerhHJROXJhgtLDEgoh+3rpqUCaASq6Q - mGZehgrWC1hnZZ6jc4eZ4OQ0OhDFrXI7EwGoodrJFtqtFT4nP4jOzsAiHddFJWgD - pONHnu3ZXWaQiEaSWQQGtevER6IDPSoxYQV5hgnYt5lajZRoNNI0BEqbYl+Ug3/j - 8uAZPvHkfVlFnvH1dVLZKFbreqRDLrP6dNNtDSphEO7Re1I+GEZt5Vjx0O0JrlbX - KVJOUQksJljabIOVzOY0VX8pI/pAQjBPOTmOQ3MLOiN6ceWgeR21mAvHDqYxX9Oy - e7u8tqQ+gfpePPW8Rf6Uf+mxkZAoAhfDyWOEn42+gVJWKwzSVQomnvDT4PdjesBl - ZczhR9JQ9gEVu6Iw4jjhk5Py19TVw0nxhOfoxiWPyXTWoFXTQuiUPmTazd2f5VPU - ZgEJAhB96XVANmNvvofAXAomeLaH9LXz39MXa8Jqwluf/lDFibDs7VWypk5fwzIa - WTLg8J3wsNDVXE9i6mLakB8GNUOYMLPv/wQNkyxvYC2JNKrw464xosc9L0gmMU8s - 2LXQalo/Jg== - =6a3k - -----END PGP MESSAGE----- - fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5 - - created_at: "2023-06-03T18:27:50Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hQIMA4WLYkVpP8xtARAAlPo3j7fnQDlqavKWY1PoYe4BiKlQUNtu1GSBThVhAygj - jxe334RtyhrZN9oloj70I3w0tGxShMSQ+dZ3Bo6cxBvrXyP6yUKrnw55jwtD+d9J - 3Q+ibWIpgQDqHsNiSh7QgeQyHTO6Ymgtbrg8UjXgz2tDmg1xWx1UlvGgu6wZtQ1v - 9s/pW2fafNIIJRSy9liaKSmshoWrhJaKVwheT6r6g8xuLNOvoef2FaINi8vnWmuw - ATt8Hew0WewRkvU9EV/pPszIkEV9WVkh6bpYKc/esHn6DVby+at+XY+oqEtoaRxp - eKpOmfq9SG2yrGogFdDHA6/0eDsxBYHEhQuM42Af4y7I5yUQBowFNLTnvECvrhIW - Y0KdDH1+YtWk/qMPak2RqCHrSUsbdoKMPobdQ34Jb9wPPIFz3y51ekwAX++xCB1J - EcdPxwAPPiXFu0x8VME5t3TMpPzd2mqzrRjywUTwt099QzBdxfs7NWldoJGYxXSf - SSjAgV4vLW8Ms+bUT3n5iIYr5Dv1XKtign0bkyBksW8lOW4j/foWm9Z2yRkV3Z0b - tKLYUU5yJJ8JOttaiaAM6zWUAtiUAuB1G47yg7YcO9b05pCTo9CrdrjaSCJEvPEU - lGiwzK8mDZxSYNL20vXA+bHRIz7unVM6K5S46GZ2vU/j2JSueorCtzGGQrscz8rU - ZgEJAhBLWl6lG1nM6MaUhff6+jSw3SJBahVT/DRVNjZfD+U5PA5e5iiFYLRVD0W6 - bNlhQgN24TfvkMYpnLpNeLlpd8vp/IGhyL+SgWVY0v+gCBdov1Qa1eKoplxvgWpa - pODUhRDgyw== - =X5Og - -----END PGP MESSAGE----- - fp: 8DF31C9F48A24F525FFB1815FC96C52B59328E95 - encrypted_regex: ^(data|stringData)$ - version: 3.7.3 diff --git a/cluster/apps/default/gitea/gitea-secret.sops.yaml b/cluster/apps/default/gitea/gitea-secret.sops.yaml index efe8889f..1c22eabc 100644 --- a/cluster/apps/default/gitea/gitea-secret.sops.yaml +++ b/cluster/apps/default/gitea/gitea-secret.sops.yaml @@ -4,19 +4,16 @@ metadata: name: gitea-secret namespace: default stringData: - GITEA__database__DB_TYPE: ENC[AES256_GCM,data:CxKLDkwWDro=,iv:vMzk5XUyeiUog3uaNWQi3YKOpnhUTUbZLWi8aQe1GOI=,tag:cIa3sjnmZZeqf8RkHaHyCA==,type:str] - GITEA__database__HOST: ENC[AES256_GCM,data:SPy0h0kvhTMzbx7IhmOrOZ2RfVF0h2E4,iv:YvrmhhZfPGzjuuppfBumrKjQzGAwmScZ4Kv88bTRTa4=,tag:xnrGbDv0XwhYrCeJ3l+Cvg==,type:str] - GITEA__database__NAME: ENC[AES256_GCM,data:K1lM4P8=,iv:5sN41GkSZ4sPLwIyVjiy6JNm20WFq3qNYFZ1gWfqG/4=,tag:hBoBRIgae5QRoMirGgEWmg==,type:str] - GITEA__database__USER: ENC[AES256_GCM,data:aQvMk8Y=,iv:SaDZ5fWWbhu66BqYJ+KKs6/zMrdTDoDZvBQKd2IyLck=,tag:4z7jRIT158aUxaOmYWewAQ==,type:str] - GITEA__database__PASSWD: ENC[AES256_GCM,data:n6ywTKo/Eb8JU9/MBvwlbLxcPJp1VRRrMKniktMZjS4=,iv:c7DSl3ReYNWoRN2TPeGkxIUo/OXz7EtKr416nBtFUxA=,tag:zEf7GhN3RNkfbSn13WA1Yg==,type:str] + admin-password: ENC[AES256_GCM,data:IjukgfqqKKmFzOA=,iv:pbkG9/pRDveNksDJJU8ujje56xLTUFAFHDuaX2Te7yg=,tag:dMXUc4wQ1n6U0jmFmDdR9Q==,type:str] + db-password: ENC[AES256_GCM,data:V7tDCRPEbYrSLbgwZgU7yVOPh/kUH0cK4aFkmvEiFgI=,iv:u8dgHSPrIYY7kBjiWTEmgYnQzh157iPpC0d0j2KWOZ4=,tag:IbY2UumxQhANDF7lEcEEig==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-04-27T23:49:11Z" - mac: ENC[AES256_GCM,data:tAs7ev9V8nwDlpUeYC6D79gpT2IztnIppycM3GSmiLwock9XrJilAyaahd+OdmLQXjEqqqOZjLKVCm67xf+3jiPFkmCsIfP9A0incrySEJBVsum9/7i3nbUTf2tJyhj7mlex33KG3Arsinx3oPfY1U5QykYBBLR6dEan69Vg6Fc=,iv:IrrJnQgpyGW6B2Nu2IKetT279/WRDU9yG/A6r+5gtXo=,tag:ZXdVSvVsP3IJECSCguSdVw==,type:str] + lastmodified: "2023-06-04T04:02:52Z" + mac: ENC[AES256_GCM,data:Rfp9jgDr4b35rwTmX9EfOGgPSdYGSwoK096cDz2MFFzp3akUyeRQposFJ/M1JtcYLseg+XCKCLNSd/yVxwhNGMcA+lF4kgHHXAZyjYGHqOuo4RaylaYuAavdFmC8LL0f0fUX3P5L1AHH1JuqW9EJK60/IxqxD1/d/qJdhwaLH7k=,iv:fwLlG5BsTf70IyeXkWfHwfB3phjJTLYLZoYWFMo6qJ4=,tag:ZJLMIGRW4OUKauvOyaO8AQ==,type:str] pgp: - created_at: "2023-04-07T01:57:22Z" enc: | diff --git a/cluster/apps/default/gitea/helm-release.yaml b/cluster/apps/default/gitea/helm-release.yaml index d9810055..3c2c51ff 100644 --- a/cluster/apps/default/gitea/helm-release.yaml +++ b/cluster/apps/default/gitea/helm-release.yaml @@ -7,30 +7,36 @@ spec: interval: 5m chart: spec: - chart: app-template - version: 1.3.x + chart: gitea + version: 0.3.2 sourceRef: kind: HelmRepository - name: bjws-charts + name: bitnami-charts namespace: flux-system values: - image: - repository: gitea/gitea - tag: 1.19.3-rootless + existingSecret: gitea-secret + existingSecretKey: admin-password - podLabels: - needsDatabase: "yes" - needsAuthentik: "yes" + persistence: + enabled: true + hostPath: /mnt/MainPool/Kubernetes/gitea - env: - USER: git - USER_UID: 10000 - USER_GID: 10000 + resources: + requests: + cpu: 1m + memory: 340Mi + limits: + memory: 1Gi - envFrom: - - secretRef: - name: gitea-secret + podSecurityContext: + enabled: true + fsGroup: 10000 + + containerSecurityContext: + enabled: true + runAsUser: 10000 + runAsNonRoot: true # Sidecar used for mirroring GitHub repos to gitea sidecars: @@ -42,64 +48,29 @@ spec: name: gitea-sidecar-secret service: - main: - ports: - http: - port: 3000 - - ssh: - enabled: true - type: NodePort - ports: - ssh: - enabled: true - port: 22 - protocol: TCP - nodePort: 30022 - - probes: - liveness: - enabled: false + type: ClusterIP + nodePorts: + ssh: 30022 ingress: - main: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production - traefik.ingress.kubernetes.io/router.entrypoints: websecure - hosts: - - host: &host "git.${SECRET_NEW_DOMAIN}" - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - secretName: wildcard-main-tls + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + traefik.ingress.kubernetes.io/router.entrypoints: websecure + hostname: "budget.${SECRET_NEW_DOMAIN}" + secrets: + - wildcard-main-tls - persistence: - storage: - enabled: true - type: hostPath - hostPath: /mnt/MainPool/Kubernetes/gitea - mountPath: /data + postgresql: + enabled: false - config: - enabled: true - type: secret - name: gitea-appini-secret - mountPath: /etc/gitea + externalDatabase: + host: postgresql.database + port: 5432 + user: gitea + database: gitea + existingSecret: gitea-secret + existingSecretPasswordKey: db-password - podSecurityContext: - runAsNonRoot: true - runAsUser: 10000 - runAsGroup: 10000 - fsGroup: 10000 - fsGroupChangePolicy: OnRootMismatch - - resources: - requests: - cpu: 1m - memory: 340Mi - limits: - memory: 1Gi \ No newline at end of file + volumePermissions: + enabled: true \ No newline at end of file