turingpi/gitea_values.yaml

# Gitea configuration for TuringPi K3s cluster
# Self-hosted Git server for ArgoCD integration

# Single replica for homelab
replicaCount: 1

# Service configuration - LoadBalancer for direct access
service:
  http:
    type: LoadBalancer
    port: 3000
    # MetalLB will assign an IP
  ssh:
    type: LoadBalancer
    port: 22
    # For git SSH access

# Ingress for web access  
ingress:
  enabled: true
  className: nginx
  pathType: Prefix
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    # Restrict to LAN access (matching your existing pattern)
    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16,10.0.0.0/8,172.16.0.0/12"
  hosts:
    - host: gitea.turing.lan
      paths:
        - path: /
          pathType: Prefix

# Storage using your NFS setup
persistence:
  enabled: true
  create: true
  storageClass: "nfs-client"  # Your existing NFS storage class
  size: 20Gi
  accessModes:
    - ReadWriteOnce

# Database - use PostgreSQL for production-ready setup
postgresql:
  enabled: true
  auth:
    username: gitea
    database: gitea
    # Password will be auto-generated
  primary:
    persistence:
      enabled: true
      storageClass: "nfs-client"
      size: 10Gi

# Disable PostgreSQL HA (since we're enabling regular postgresql)
postgresql-ha:
  enabled: false

# Disable Valkey cluster (Redis alternative) - not needed for homelab
valkey-cluster:
  enabled: false

# Gitea configuration
gitea:
  cache:
    enabled: false
  admin:
    username: admin
    password: "gitea-admin-pass"  # Change this!
    email: "admin@turing.lan"

  config:
    APP_NAME: "TuringPi Gitea"
    RUN_MODE: prod
    
    server:
      DOMAIN: gitea.turing.lan
      SSH_DOMAIN: gitea.turing.lan
      ROOT_URL: http://gitea.turing.lan
      DISABLE_SSH: false
      SSH_PORT: 22
      LFS_START_SERVER: true
    
    database:
      DB_TYPE: postgres
    
    security:
      INSTALL_LOCK: true
    
    service:
      DISABLE_REGISTRATION: false  # Allow user registration
      REQUIRE_SIGNIN_VIEW: false   # Allow anonymous viewing of public repos
    
    ui:
      DEFAULT_THEME: auto
    
    repository:
      DEFAULT_PRIVATE: false       # Public repos by default for easier ArgoCD access

# Resource limits (adjust based on your node capacity)
resources:
  limits:
    cpu: 1000m
    memory: 1Gi
  requests:
    cpu: 100m
    memory: 256Mi

# Node affinity (prefer worker nodes, avoid control plane)
affinity:
  nodeAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
    - weight: 100
      preference:
        matchExpressions:
        - key: node-role.kubernetes.io/control-plane
          operator: DoesNotExist