thomasklein/terraform-app-gitea
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
f69e2e4d2a9f5c16bf8ef87bb645b0c81d76c3f9
terraform-app-gitea/gitea.tf
Tamas Kiss f69e2e4d2a fix traffic policy
2025-01-15 07:17:56 +01:00

214 lines
5.1 KiB
HCL
Raw Blame History

resource "kubernetes_namespace" "this" {
metadata {
name = "gitea"
}
}
resource "helm_release" "this" {
name = "gitea"
namespace = kubernetes_namespace.this.metadata.0.name
repository = "https://dl.gitea.io/charts/"
chart = "gitea"
version = "10.1.4"
create_namespace = false
set {
name = "clusterDomain"
value = "k8s.lawndale"
}
values = [
jsonencode({
ingress = {
enabled = true
className = "traefik"
annotations = {
"traefik.ingress.kubernetes.io/router.entrypoints" = "websecure"
"traefik.ingress.kubernetes.io/router.tls" = "true"
"traefik.ingress.kubernetes.io/router.tls.domains.0.main" = local.ingress_domain
"cert-manager.io/cluster-issuer" = "acme-thomasklein-me"
}
hosts = [
{
host = local.ingress_domain
paths = [
{
path = "/"
pathType = "Prefix"
}
]
}
]
tls = [
{
secretName = "git-thomasklein-me-tls"
hosts = [
local.ingress_domain
]
}
]
}
service = {
http = {
internalTrafficPolicy = "Cluster"
}
}
}),
jsonencode({
service = {
ssh = {
type = "LoadBalancer"
externalTrafficPolicy = "Local"
}
}
}),
jsonencode({
gitea = {
oauth = [
{
name = "Cognito"
provider = "openidConnect"
autoDiscoverUrl = "https://cognito-idp.${data.aws_region.current.name}.amazonaws.com/${data.aws_cognito_user_pools.thomasklein_infra.ids[0]}/.well-known/openid-configuration"
#useCustomUrls =
#customAuthUrl =
#customTokenUrl =
#customProfileUrl =
#customEmailUrl =
}
]
}
}),
jsonencode({
gitea = {
config = {
# APP_NAME = ""
server = {
ROOT_URL = "https://${local.ingress_domain}/"
}
indexer = {
ISSUE_INDEXER_TYPE = "db" # bleve doesn't like 9p filesystems :/
}
metrics = {
ENABLED = false ## the metrics not really worth it
}
service = {
DISABLE_REGISTRATION = true
}
}
admin = {
username = "thomasklein"
email = "kiss.tamas94@gmail.com"
}
}
}),
jsonencode({
gitea = {
config = {
mailer = {
ENABLED = true
FROM = "gitea@git.thomasklein.me"
PROTOCOL = "smtp"
SMTP_ADDR = "nat.lawndale"
SMTP_PORT = "25"
## Deprecated config for 1.17
HOST = "nat.lawndale:25"
IS_TLS_ENABLED = false
MAILER_TYPE = "smtp"
}
}
}
}),
jsonencode({
persistence = {
enabled = true
create = false
claimName = module.gitea_persistance.pvc_name
}
}),
jsonencode({
postgresql = {
enabled = true
primary = {
persistence = {
enabled = true
existingClaim = module.postgres_persistance.pvc_name
claimName = module.postgres_persistance.pvc_name
}
podSecurityContext = {
enabled = true
}
volumePermissions = {
enabled = true
}
}
}
}),
# Non-HA config base, see https://gitea.com/gitea/helm-chart/src/tag/v10.1.4#single-pod-configurations
jsonencode({
"redis-cluster" = {
enabled = false
}
"postgresql-ha" = {
enabled = false
}
gitea = {
config = {
database = {
DB_TYPE = "postgres"
}
session = {
PROVIDER = "db"
}
cache = {
ADAPTER = "memory"
}
queue = {
TYPE = "level"
}
indexer = {
ISSUE_INDEXER_TYPE = "bleve"
REPO_INDEXER_ENABLED = true
}
}
}
}),
]
set_sensitive {
name = "postgresql.global.postgresql.auth.password"
value = random_password.postgresql_gitea.result
}
set_sensitive {
name = "postgresql.global.postgresql.auth.postgresPassword"
value = random_password.postgresql.result
}
set_sensitive {
name = "gitea.oauth[0].key"
value = aws_cognito_user_pool_client.gitea.id
}
set_sensitive {
name = "gitea.oauth[0].secret"
value = aws_cognito_user_pool_client.gitea.client_secret
}
set_sensitive {
name = "gitea.admin.password"
value = random_password.gitea_admin.result
}
}
resource "random_password" "postgresql_gitea" {
length = 5
}
resource "random_password" "postgresql" {
length = 10
}
resource "random_password" "gitea_admin" {
length = 16
special = true
}
Reference in New Issue View Git Blame Copy Permalink