ansible/roles/gitea/defaults/main.yaml

gitea_enabled: true
gitea_publish_web: false
gitea_publish_ssh: false
gitea_use_external_db: true
gitea_short_name: "gitea"
gitea_ingress_class: "{{ gitea_namespace | default(namespace) }}-{{ 'public' if gitea_publish_web else 'private' }}-gitea-ingress-nginx"
gitea_default_values:
  service:
    http:
      clusterIP:
    ssh:
      clusterIP:
  ingress:
    enabled: true
    className: "{{ gitea_ingress_class }}"
    annotations:
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
      kubernetes.io/tls-acme: "true"
    hosts:
    - host: "{{ gitea_short_name }}.{{ domain }}"
      paths:
        - path: /
          pathType: Prefix
    tls:
      - secretName: "{{ gitea_short_name }}.{{ domain }}-tls"
        hosts:
          - "{{ gitea_short_name }}.{{ domain }}"
  
  persistence:
    enabled: true
    accessModes: 
      - "{{ gitea_storage_mode | default('ReadWriteMany') }}"
    size: "{{ gitea_size | default('20Gi') }}"
    storageClass: "{{ gitea_storage | default('nfs-ssd') }}"
    ## addtional annotations for PVCs. Uncommenting will prevent the PVC from being deleted.
    annotations:
      "helm.sh/resource-policy": keep
  
  gitea:
    admin:
      username: "{{ gitea_admin_user | default('gitea') }}"
      password: "{{ gitea_admin_pass | default(gitea_admin_password) }}"
      email: "gitea@{{ mail_domain | default(domain) }}"
  
    ldap:
    - name: OpenLDAP
      securityProtocol: ldaps
      host: "{{ openldap_short_name | default('openldap')}}.{{ domain }}"
      port: "636"
      userSearchBase: "ou=users,{{ openldap_domain }}"
      userFilter: "(&(objectClass=posixAccount)(uid=%s))"
      emailAttribute: mail
      bindDn: "uid=ldapbind,ou=services,{{ openldap_domain }}"
      bindPassword: "{{ ldapbind_pass | default(ldapbind_password) }}"
  
    config: 
    #  APP_NAME: "Gitea: Git with a cup of tea"
      RUN_MODE: prod
      server:
        LFS_START_SERVER: true
        ROOT_URL: "https://{{ gitea_short_name}}.{{ domain }}"
      repository:
        DEFAULT_BRANCH: "master"
      migrations:
        ALLOW_LOCALNETWORKS: true
      service:
        DISABLE_REGISTRATION: true
      webhook:
        ALLOWED_HOST_LIST: "*"
      mailer:
        ENABLED: "true"
        HOST: "{{ mail_short_name | default('mail') }}.{{ mail_domain | default(domain) }}:465"
        IS_TLS_ENABLED: "true"
        FROM: "gitea@{{ mail_domain | default(domain) }}"
        USER: "{{ gitea_ldap_user | default('gitea') }}"
        PASSWD: "{{ gitea_ldap_pass | default(gitea_ldap_password) }}"
        MAILER_TYPE: "smtp"

gitea_external_db_values:
  gitea:
    config:
      database:
        DB_TYPE: "{{ gitea_db_type | default('postgres') }}"
        HOST: "{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local:5432"
        NAME: "{{ gitea_db_name | default('gitea') }}"
        USER: "{{ gitea_db_username | default(omit) }}"
        PASSWD: "{{ gitea_db_password | default(omit) }}"
  postgresql:
    enabled: false

gitea_publish_ingress_nginx_values:
  controller:
    kind: DaemonSet
    config:
      use-proxy-protocol: true
      use-forward-headers: true
      compute-full-forward-for: true
    service:
      externalTrafficPolicy: Local

gitea_ingress_nginx_default_values:
  controller:
    containerPort:
      ssh: 22
      http: 80
      https: 443
    publishService:
      enabled: true
    scope:
      enabled: true
    extraArgs:
      tcp-services-configmap: "{{ gitea_namespace | default(namespace) }}/{{ gitea_ingress_nginx_name | default(namespace + '-gitea-ingress-nginx') }}-tcp"
    service:
      enabled: true
      type: LoadBalancer
      loadBalancerIP: "{{ gitea_loadbalancer_ip | default(omit) }}"
      ports:
        ssh: 22
        http: 80
        https: 443
      targetPorts:
        ssh: ssh
        http: http
        https: https
    electionID: "{{ gitea_ingress_class }}-leader"
    ingressClassResource:
      name: "{{ gitea_ingress_class }}"
      controllerValue: "k8s.io/{{ gitea_ingress_class }}"
  tcp: 
    22: "{{ gitea_namespace | default(namespace) }}/{{ namespace }}-gitea-ssh:22"


gitea_dns_default_values:
  image:
    registry: registry.0xace.cc
    repository: ghp/external-dns
    tag: v0.7.6-663-gf76382a5
  fullnameOverride: "{{ gitea_dns_name | default(namespace + '-gitea-internal-dns') }}"
  ingressClass: "{{ gitea_ingress_class }}"
  domainFilters: ["{{ domain }}"]
  provider: rfc2136
  rfc2136:
    host: "{{ dns_ip }}"
    port: 53
    zone: "{{ domain }}"
    tsigSecret: "{{ k8s_tsig }}"
    tsigSecretAlg: "{{ gitea_dns_tsigSecretAlg | default('hmac-sha512') }}"
    tsigKeyname: "{{ gitea_dns_tsigKeyname | default('k8s') }}"
    tsigAxfr: true
    ## Possible units [ns, us, ms, s, m, h], see more https://golang.org/pkg/time/#ParseDuration
    minTTL: "30s"