prettysunflower/infra
1
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

apps(gitea): Added gitea to the infra

Browse Source
This commit is contained in:
prettysunflower
2025-07-08 22:19:00 -04:00
parent 569cf41c2e
commit 2cf0476839
5 changed files with 225 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
apps/gitea/configmap.yaml Normal file
View File

@@ -0,0 +1,64 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-config
data:
GITEA__DEFAULT__RUN_USER: git
GITEA__DEFAULT__RUN_MODE: prod
GITEA__DEFAULT__APP_NAME: prettysunflower's gitea
GITEA__DEFAULT__WORK_PATH: /var/lib/gitea
GITEA__repository__ROOT: /var/lib/gitea/git
GITEA__repository__SCRIPT_TYPE: sh
GITEA__repository__DISABLE_STARS: "true"
GITEA__server__STATIC_ROOT_PATH: /usr/share/webapps/gitea
GITEA__server__APP_DATA_PATH: /var/lib/gitea/data
GITEA__server__LFS_START_SERVER: "true"
GITEA__server__SSH_DOMAIN: git.default.svc.yakumo.prettysunflower.moe
GITEA__server__DOMAIN: git.prettysunflower.moe
GITEA__server__HTTP_PORT: "3000"
GITEA__server__ROOT_URL: https://git.prettysunflower.moe/
GITEA__server__DISABLE_SSH: "false"
GITEA__server__SSH_PORT: "22"
GITEA__server__OFFLINE_MODE: "false"
GITEA__server__PUBLIC_URL_DETECTION: auto
GITEA__database__DB_TYPE: postgres
GITEA__database__SSL_MODE: disable
GITEA__database__HOST: 100.75.132.10:5432
GITEA__database__NAME: gitea
GITEA__database__SCHEMA: public
GITEA__database__LOG_SQL: "false"
GITEA__session__PROVIDER: redis
GITEA__log__MODE: console
GITEA__log__LEVEL: info
GITEA__mailer__ENABLED: "true"
GITEA__mailer__FROM: gitea@prettysunflower.moe
GITEA__mailer__PROTOCOL: smtp+starttls
GITEA__mailer__SMTP_ADDR: mail.prettysunflower.moe
GITEA__mailer__SMTP_PORT: "587"
GITEA__storage__STORAGE_TYPE: minio
GITEA__storage__MINIO_ENDPOINT: t3.storage.dev:443
GITEA__storage__MINIO_ACCESS_KEY_ID: tid_uCZAvxLOlpVdEusuMYvVmsOvMgVccrwxGJwqauuhSucI_MwddN
GITEA__storage__MINIO_BUCKET: prettysunflower-gitea
GITEA__storage__MINIO_LOCATION: auto
GITEA__storage__MINIO_USE_SSL : "true"
GITEA__storage__SERVE_DIRECT: "true"
GITEA__service__REGISTER_EMAIL_CONFIRM: "false"
GITEA__service__ENABLE_NOTIFY_MAIL: "false"
GITEA__service__DISABLE_REGISTRATION: "true"
GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "false"
GITEA__service__ENABLE_CAPTCHA: "false"
GITEA__service__REQUIRE_SIGNIN_VIEW: "false"
GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE: "false"
GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION: "true"
GITEA__service__DEFAULT_ENABLE_TIMETRACKING: "true"
GITEA__service__NO_REPLY_ADDRESS: noreply.localhost
GITEA__openid__ENABLE_OPENID_SIGNIN: "true"
GITEA__openid__ENABLE_OPENID_SIGNUP: "true"
GITEA__cron_0X2E_update_checker__ENABLED: "false"
GITEA__repository_0X2E_pull_0X2D_request__DEFAULT_MERGE_STYLE: merge
GITEA__repository_0X2E_signing__DEFAULT_TRUST_MODEL: committer
GITEA__security__INSTALL_LOCK: "true"
GITEA__security__PASSWORD_HASH_ALGO: argon2
GITEA__cache__ADAPTER: redis
GITEA__cache__HOST: redis://127.0.0.1:6379/0
GITEA__cache_0X2E_last_commit__COMMITS_COUNT: "1"

102
apps/gitea/deployment.yaml Normal file
View File

@@ -0,0 +1,102 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea
labels:
app.kubernetes.io/name: gitea
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: gitea
template:
metadata:
labels:
app.kubernetes.io/name: gitea
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: location
operator: In
values:
- fsn
volumes:
- name: data
persistentVolumeClaim:
claimName: gitea-tigris-pvc
- name: config
persistentVolumeClaim:
claimName: gitea-config-pvc
- name: valkey
emptyDir:
sizeLimit: 128Mi
medium: Memory
dnsPolicy: "None"
dnsConfig:
nameservers:
- 100.96.226.96
containers:
- image: docker.gitea.com/gitea:1.24.2-rootless
name: gitea
ports:
- containerPort: 3000
protocol: TCP
name: http
- containerPort: 22
protocol: TCP
name: ssh
volumeMounts:
- name: data
mountPath: /var/lib/gitea
- name: config
mountPath: /etc/gitea
envFrom:
- configMapRef:
name: gitea-config
- secretRef:
name: gitea-secrets
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
livenessProbe:
httpGet:
path: /api/healthz
port: http
initialDelaySeconds: 200
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 10
- image: valkey/valkey:alpine
name: valkey
command: ["valkey-server"]
ports:
- containerPort: 6379
protocol: TCP
env:
- name: VALKEY_EXTRA_FLAGS
value: "--save 60 1"
volumeMounts:
- name: valkey
mountPath: "/data"
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault

6
apps/gitea/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
resources:
- deployment.yaml
- pvc.yaml
- svc.yaml
- secrets.yaml
- configmap.yaml

36
apps/gitea/pvc.yaml Normal file
View File

@@ -0,0 +1,36 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5G
storageClassName: seaweedfs-storage
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-config-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 64M
storageClassName: seaweedfs-storage
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-tigris-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 50G
storageClassName: tigris

17
apps/gitea/svc.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: git
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: gitea
ports:
- protocol: TCP
port: 22
targetPort: ssh
name: ssh
- protocol: TCP
port: 80
targetPort: http
name: http