init: copy from lawndale-infra

2022-05-27 16:55:50 +02:00
commit 65ab6a1512
11 changed files with 422 additions and 0 deletions
--- a/gitea.tf
+++ b/gitea.tf
@@ -0,0 +1,121 @@
+resource "kubernetes_namespace" "this" {
+  metadata {
+    name = "gitea"
+  }
+}
+
+resource "helm_release" "this" {
+  name      = "gitea"
+  namespace = kubernetes_namespace.this.metadata.0.name
+
+  repository = "https://dl.gitea.io/charts/"
+  chart      = "gitea"
+  version    = "5.0.0"
+
+  create_namespace = false
+
+  values = [
+    jsonencode({
+      ingress = {
+        enabled = true
+        annotations = {
+          "kubernetes.io/ingress.class"                             = "traefik"
+          "traefik.ingress.kubernetes.io/router.entrypoints"        = "websecure"
+          "traefik.ingress.kubernetes.io/router.tls"                = "true"
+          "traefik.ingress.kubernetes.io/router.tls.certresolver"   = "acme-thomasklein-me"
+          "traefik.ingress.kubernetes.io/router.tls.domains.0.main" = local.ingress_domain
+        }
+        hosts = [
+          {
+            host = local.ingress_domain
+            paths = [
+              {
+                path     = "/"
+                pathType = "Prefix"
+              }
+            ]
+          }
+        ]
+      }
+    }),
+    jsonencode({
+      gitea = {
+        oauth = [
+          {
+            name            = "Cognito"
+            provider        = "openidConnect"
+            autoDiscoverUrl = "https://cognito-idp.${data.aws_region.current.name}.amazonaws.com/${data.aws_cognito_user_pools.thomasklein_infra.ids[0]}/.well-known/openid-configuration"
+            #useCustomUrls =
+            #customAuthUrl =
+            #customTokenUrl =
+            #customProfileUrl =
+            #customEmailUrl =
+          }
+        ]
+      }
+    }),
+    jsonencode({
+      gitea = {
+        config = {
+          # APP_NAME = ""
+          server = {
+            ROOT_URL = "https://${local.ingress_domain}/"
+          }
+          indexer = {
+            ISSUE_INDEXER_TYPE = "db" # bleve doesn't like 9p filesystems :/
+          }
+          metrics = {
+              ENABLED = false ## the metrics not really worth it
+          }
+          service = {
+              DISABLE_REGISTRATION = true
+          }
+        }
+        admin = {
+          username = "thomasklein"
+          email    = "kiss.tamas94@gmail.com"
+        }
+      }
+    }),
+    jsonencode({
+      persistence = {
+        enabled       = true
+        existingClaim = module.gitea_persistance.pvc_name
+      }
+    }),
+    jsonencode({
+      postgresql = {
+        enabled = true
+        persistence = {
+          enabled       = true
+          existingClaim = module.postgres_persistance.pvc_name
+        }
+        podSecurityContext = {
+          enabled = true
+        }
+        volumePermissions = {
+          enabled = true
+        }
+      }
+    }),
+  ]
+
+  set_sensitive {
+    name  = "gitea.oauth[0].key"
+    value = aws_cognito_user_pool_client.gitea.id
+  }
+  set_sensitive {
+    name  = "gitea.oauth[0].secret"
+    value = aws_cognito_user_pool_client.gitea.client_secret
+  }
+
+  set_sensitive {
+    name  = "gitea.admin.password"
+    value = random_password.gitea_admin.result
+  }
+}
+
+resource "random_password" "gitea_admin" {
+  length  = 16
+  special = true
+}