resource "kubernetes_namespace" "this" { metadata { name = "gitea" } } resource "helm_release" "this" { name = local.instance_name namespace = kubernetes_namespace.this.metadata.0.name repository = "https://dl.gitea.io/charts/" chart = "gitea" version = "12.4.0" create_namespace = false set { name = "clusterDomain" value = "k8s.lawndale" } values = [ jsonencode({ ingress = { enabled = true className = "traefik" annotations = { "traefik.ingress.kubernetes.io/router.entrypoints" = "websecure" "traefik.ingress.kubernetes.io/router.tls" = "true" "traefik.ingress.kubernetes.io/router.tls.domains.0.main" = local.ingress_domain "cert-manager.io/cluster-issuer" = "acme-thomasklein-me" } hosts = [ { host = local.ingress_domain paths = [ { path = "/" pathType = "Prefix" } ] } ] tls = [ { secretName = "git-thomasklein-me-tls" hosts = [ local.ingress_domain ] } ] } service = { http = { internalTrafficPolicy = "Cluster" } } }), jsonencode({ service = { ssh = { type = "LoadBalancer" externalTrafficPolicy = "Local" } } }), jsonencode({ gitea = { oauth = [ { name = "Cognito" provider = "openidConnect" autoDiscoverUrl = "https://cognito-idp.${data.aws_region.current.name}.amazonaws.com/${data.aws_cognito_user_pools.thomasklein_infra.ids[0]}/.well-known/openid-configuration" #useCustomUrls = #customAuthUrl = #customTokenUrl = #customProfileUrl = #customEmailUrl = } ] } }), jsonencode({ gitea = { config = { # APP_NAME = "" server = { ROOT_URL = "https://${local.ingress_domain}/" } indexer = { ISSUE_INDEXER_TYPE = "db" # bleve doesn't like 9p filesystems :/ } metrics = { ENABLED = false ## the metrics are not really worth it } service = { DISABLE_REGISTRATION = true } } admin = { username = "thomasklein" email = "kiss.tamas94@gmail.com" } } }), jsonencode({ gitea = { config = { mailer = { ENABLED = true FROM = "gitea@git.thomasklein.me" PROTOCOL = "smtp" SMTP_ADDR = "nat.lawndale" SMTP_PORT = "25" } } } }), jsonencode({ persistence = { enabled = true create = false claimName = module.gitea_persistance.pvc_name } }), jsonencode({ postgresql = { enabled = false } "postgresql-ha" = { enabled = false } "redis-cluster" = { enabled = false } "valkey-cluster" = { enabled = false } "valkey" = { enabled = false } }), # Non-HA config base, see https://gitea.com/gitea/helm-chart/src/tag/v10.1.4#single-pod-configurations jsonencode({ gitea = { config = { database = { DB_TYPE = "postgres" NAME = local.postgresql_dbname HOST = "${kubernetes_service.postgresql.metadata.0.name}.${kubernetes_namespace.this.metadata.0.name}.svc.k8s.lawndale" } session = { PROVIDER = "db" } cache = { ADAPTER = "memory" } queue = { TYPE = "level" } indexer = { ISSUE_INDEXER_TYPE = "bleve" REPO_INDEXER_ENABLED = true } } } }), ] set_sensitive { name = "gitea.config.database.PASSWD" value = random_password.postgresql.result } # set_sensitive { # name = "postgresql.global.postgresql.auth.password" # value = random_password.postgresql_gitea.result # } # set_sensitive { # name = "postgresql.global.postgresql.auth.postgresPassword" # value = random_password.postgresql.result # } set_sensitive { name = "gitea.oauth[0].key" value = aws_cognito_user_pool_client.gitea.id } set_sensitive { name = "gitea.oauth[0].secret" value = aws_cognito_user_pool_client.gitea.client_secret } set_sensitive { name = "gitea.admin.password" value = random_password.gitea_admin.result } } resource "random_password" "postgresql_gitea" { length = 5 } resource "random_password" "postgresql" { length = 10 } resource "random_password" "gitea_admin" { length = 16 special = true }