development/forgejo/forgejo.yaml

---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/common-3.0.1/charts/library/common/values.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: forgejo
  namespace: development
spec:
  releaseName: forgejo
  interval: 15m
  chart:
    spec:
      # renovate: registryUrl=https://bjw-s.github.io/helm-charts
      chart: app-template
      version: 3.6.1
      interval: 15m
      sourceRef:
        kind: HelmRepository
        name: bjw-s-helm-charts
        namespace: flux-system
  values:
    controllers:
      main:
        strategy: Recreate
        initContainers:
          clean-gpg-lock:
            image:
              repository: alpine
              tag: 3.21.2
              pullPolicy: IfNotPresent
            command: ['sh', '-c', "rm -f /data/gitea/home/.gnupg/public-keys.d/pubring.db.lock"]
        #   init-db:
        #     image:
        #       repository: ghcr.io/onedr0p/postgres-init
        #       tag: 14.9
        #       imagePullPolicy: IfNotPresent
        #     env:
        #       INIT_POSTGRES_HOST: shared-psql-v16-rw.default.svc.cluster.local
        #       INIT_POSTGRES_SUPER_PASS: ${SECRET_CNPG_SUPER_PASS}
        #       INIT_POSTGRES_DBNAME: forgejo
        #       INIT_POSTGRES_USER: forgejo
        #       INIT_POSTGRES_PASS: ${SECRET_FORGEJO_DB_PASSWORD}
        containers:
          main:
            image:
              repository: codeberg.org/forgejo/forgejo
              pullPolicy: IfNotPresent
              tag: 10.0.0-rootless@sha256:d07a623ff4da1a78baab6f3ba0b3273268efd305c73cbc597e1ebe735b77e6b1
            env:
              TZ: America/Chicago
              USER_UID: 1000
              USER_GID: 1000
              FORGEJO__APP_NAME: "The Homelab Git"
              FORGEJO__actions__ENABLED: "true"
              FORGEJO__actions__DEFAULT_ACTIONS_URL: "https://github.com"
              FORGEJO__admin__DISABLE_REGULAR_ORG_CREATION: "true"
              FORGEJO__cache__ENABLED: "true"
              FORGEJO__cache__ADAPTER: "redis"
              FORGEJO__cache__HOST: "redis://:${SECRET_FORGEJO_REDIS_PASSWORD}@forgejo-valkey-primary.development.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s"
              FORGEJO__database__DB_TYPE: "postgres"
              FORGEJO__database__HOST: "shared-psql-v16-rw.default.svc.cluster.local:5432"
              FORGEJO__database__NAME: "forgejo"
              FORGEJO__database__USER: "forgejo"
              FORGEJO__database__PASSWD: ${SECRET_FORGEJO_DB_PASSWORD}
              FORGEJO__federation__ENABLED: "false"
              FORGEJO__git.timeout__MIGRATE: "2000"
              FORGEJO__git.timeout__MIRROR: "2000"
              FORGEJO__mailer__ENABLED: "true"
              FORGEJO__mailer__PROTOCOL: "smtp+starttls"
              FORGEJO__mailer__SMTP_ADDR: "${SECRET_SMTP_DOMAIN}"
              FORGEJO__mailer__SMTP_PORT: "587"
              FORGEJO__mailer__FROM: "${SECRET_FORGEJO_SMTP_USER}"
              FORGEJO__mailer__USER: "${SECRET_FORGEJO_SMTP_USER}"
              FORGEJO__mailer__PASSWD: "${SECRET_FORGEJO_SMTP_PASSWORD}"
              FORGEJO__repository__DEFAULT_PRIVATE: "true"
              FORGEJO__repository__DEFAULT_REPO_UNITS: "repo.code,repo.releases,repo.issues,repo.pulls,repo.packages"
              FORGEJO__repository__DEFAULT_PUSH_CREATE_PRIVATE: "true"
              FORGEJO__repository__ENABLE_PUSH_CREATE_USER: "true"
              FORGEJO__repository__ENABLE_PUSH_CREATE_ORG: "true"
              FORGEJO__repository.signing__SIGNING_KEY: "${SECRET_FORGEJO_SIGNING_KEY}"
              FORGEJO__repository.signing__SIGNING_NAME: "The Homelab Git"
              FORGEJO__repository.signing__SIGNING_EMAIL: "${SECRET_FORGEJO_SIGNING_EMAIL}"
              FORGEJO__security__PASSWORD_COMPLEXITY: "lower,upper"
              FORGEJO__security__MIN_PASSWORD_LENGTH: "12"
              FORGEJO__security__SECRET_KEY: "${SECRET_FORGEJO_SECRET_KEY}"
              FORGEJO__server__ROOT_URL: "https://git.${SECRET_DOMAIN}"
              FORGEJO__server__APP_DATA_PATH: "/data/gitea"
              FORGEJO__server__SSH_PORT: "22"
              FORGEJO__server__SSH_LISTEN_PORT: "2222"
              FORGEJO__service__DISABLE_REGISTRATION: "true"
              FORGEJO__service__REQUIRE_SIGNIN_VIEW: "false"
              FORGEJO__storage__STORAGE_TYPE: "minio"
              FORGEJO__storage__MINIO_ENDPOINT: "minio.kube-system.svc:9000"
              FORGEJO__storage__MINIO_ACCESS_KEY_ID: "${SECRET_FORGEJO_MINIO_ACCESS_KEY}"
              FORGEJO__storage__MINIO_SECRET_ACCESS_KEY: "${SECRET_FORGEJO_MINIO_SECRET_KEY}"
              FORGEJO__storage__MINIO_BUCKET: "forgejo"
              FORGEJO__ui__DEFAULT_SHOW_FULL_NAME: "true"
              FORGEJO__ui__DEFAULT_THEME: "gitea-dark"
            resources:
              requests:
                cpu: 100m
                memory: 2048Mi
              limits:
                memory: 6144Mi
    defaultPodOptions:
      securityContext:
        fsGroup: 1000
        fsGroupChangePolicy: "Always"
      # tolerations:
      # - key: "arm"
      #   operator: "Exists"
    service:
      main:
        controller: main
        ports:
          http:
            port: 3000
      ssh:
        type: LoadBalancer
        loadBalancerIP: ${SVC_FORGEJO_IP}
        controller: main
        ports:
          ssh:
            enabled: true
            port: 2222
            protocol: TCP
            targetPort: 2222
    ingress:
      main:
        enabled: true
        annotations:
          kubernetes.io/tls-acme: "true"
          cert-manager.io/cluster-issuer: letsencrypt-prod
          nginx.ingress.kubernetes.io/proxy-body-size: 1024m
          nginx.org/client-max-body-size: 1024m
          nginx.ingress.kubernetes.io/custom-http-errors: "418"
        hosts:
          - host: git.${SECRET_DOMAIN}
            paths:
              - path: /
                pathType: Prefix
                service:
                  identifier: main
                  port: http
        className: nginx-external
    persistence:
      config:
        enabled: true
        existingClaim: forgejo-config-pvc
        globalMounts:
          - path: /etc/gitea
      custom:
        enabled: true
        existingClaim: forgejo-custom-pvc
        globalMounts:
          - path: /var/lib/gitea/custom
      data:
        enabled: true
        existingClaim: forgejo-data-pvc
        globalMounts:
          - path: /data