apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: gitea
  namespace: default
spec:
  interval: 5m
  chart:
    spec:
      chart: gitea
      version: 0.3.2
      sourceRef:
        kind: HelmRepository
        name: bitnami-charts
        namespace: flux-system

  timeout: 5m

  values:
    existingSecret: gitea-secret
    existingSecretKey: admin-password

    persistence:
      enabled: true
      size: 30Gi
      storageClass: hostpath
      selector:
        matchLabels:
          app.kubernetes.io/name: gitea-pv

    resources:
      requests:
        cpu: 1m
        memory: 340Mi
      limits:
        memory: 2Gi

#    podSecurityContext:
#      enabled: true
#      fsGroup: 10000

#    containerSecurityContext:
#      enabled: true
#      runAsUser: 10000
#      runAsNonRoot: true

    # Sidecar used for mirroring GitHub repos to gitea
#    sidecars:
#      - name: mirror-to-gitea
#        image: jaedle/mirror-to-gitea:latest
#        imagePullPolicy: Always
#        envFrom:
#        - secretRef:
#            name: gitea-sidecar-secret

    service:
      type: ClusterIP
      nodePorts:
        ssh: 30022

    ingress:
      enabled: false
#      annotations:
#        cert-manager.io/cluster-issuer: letsencrypt-production
#        traefik.ingress.kubernetes.io/router.entrypoints: websecure
#      hostname: &host "budget.${SECRET_NEW_DOMAIN}"
#
#      tls: true
#      selfSigned: false
#
#      extraTls:
#      - hosts:
#        - *host
#        secretName: wildcard-main-tls
#
#      secrets: nil
#      secrets:
#      - wildcard-main-tls

    postgresql:
      enabled: false

    externalDatabase:
      host: postgresql.database
      port: 5432
      user: gitea
      database: gitea
      existingSecret: gitea-secret
      existingSecretPasswordKey: db-password

    volumePermissions:
      enabled: true