# Gitea configuration for TuringPi K3s cluster
# Self-hosted Git server for ArgoCD integration

# Single replica for homelab
replicaCount: 1

# Service configuration - LoadBalancer for direct access
service:
  http:
    type: LoadBalancer
    port: 3000
    # MetalLB will assign an IP
  ssh:
    type: LoadBalancer
    port: 22
    # For git SSH access

# Ingress for web access  
ingress:
  enabled: true
  className: traefik
  pathType: Prefix
  annotations:
    # Restrict to LAN access via Traefik v3 Middleware (resources/gitea-middleware.yaml)
    traefik.ingress.kubernetes.io/router.middlewares: "gitea-lan-only@kubernetescrd"
    cert-manager.io/cluster-issuer: "letsencrypt-production"
  hosts:
    - host: gitea.gilgamezh.me
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: gitea-tls
      hosts:
        - gitea.gilgamezh.me

# Storage using your NFS setup
persistence:
  enabled: true
  create: true
  storageClass: "nfs-client"  # Your existing NFS storage class
  size: 20Gi
  accessModes:
    - ReadWriteOnce

# Database - use PostgreSQL for production-ready setup
postgresql:
  enabled: true
  auth:
    username: gitea
    database: gitea
    # Password will be auto-generated
  primary:
    persistence:
      enabled: true
      storageClass: "nfs-client"
      size: 10Gi

# Disable PostgreSQL HA (since we're enabling regular postgresql)
postgresql-ha:
  enabled: false

# Disable Valkey cluster (Redis alternative) - not needed for homelab
valkey-cluster:
  enabled: false

# Gitea configuration
gitea:
  cache:
    enabled: false
  admin:
    username: admin
    password: "gitea-admin-pass"  # Change this!
    email: "admin@gilgamezh.me"

  config:
    APP_NAME: "TuringPi Gitea"
    RUN_MODE: prod
    
    server:
      DOMAIN: gitea.gilgamezh.me
      SSH_DOMAIN: gitea.gilgamezh.me
      ROOT_URL: https://gitea.gilgamezh.me
      PROTOCOL: http
      DISABLE_SSH: false
      SSH_PORT: 22
      LFS_START_SERVER: true
    
    database:
      DB_TYPE: postgres
    
    security:
      INSTALL_LOCK: true
    
    service:
      DISABLE_REGISTRATION: false  # Allow user registration
      REQUIRE_SIGNIN_VIEW: false   # Allow anonymous viewing of public repos
    
    ui:
      DEFAULT_THEME: gitea-dark
    
    repository:
      DEFAULT_PRIVATE: false       # Public repos by default for easier ArgoCD access
    
    ssh.minimum_key_sizes:
      RSA: 1024                    # Allow 2048-bit RSA keys
      ECDSA: 256
      ED25519: 256

# Resource limits (adjust based on your node capacity)
resources:
  limits:
    cpu: 1000m
    memory: 1Gi
  requests:
    cpu: 100m
    memory: 256Mi

# Node affinity (prefer worker nodes, avoid control plane)
affinity:
  nodeAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
    - weight: 100
      preference:
        matchExpressions:
        - key: node-role.kubernetes.io/control-plane
          operator: DoesNotExist