replicaCount: 1
image:
  registry: code.forgejo.org
  repository: forgejo/forgejo

resources:
  requests:
    cpu: 200m
    memory: 512Mi

gitea:
  metrics:
    enabled: false
    serviceMonitor:
      enabled: false
  config:
    APP_NAME: 'Forgejo: With a cup of tea.'
    cache:
      ENABLED: true
      ADAPTER: redis
      HOST: redis://dragonfly-forgejo.forgejo.svc:6379/0
    session:
      PROVIDER: redis
      PROVIDER_CONFIG: redis://dragonfly-forgejo.forgejo.svc:6379/1
    queue:
      TYPE: redis
      CONN_STR: redis://dragonfly-forgejo.forgejo.svc:6379/2
    storage:
      STORAGE_TYPE: minio
      MINIO_ENDPOINT: hel1.your-objectstorage.com
      MINIO_USE_SSL: true
      MINIO_LOCATION: hel1
      MINIO_BUCKET: obx-forgejo
    security:
      INSTALL_LOCK: true
    service:
      DISABLE_REGISTRATION: false
    server:
      APP_DATA_PATH: "/data/gitea"
      DOMAIN: git.svc.hel1.obx
      ROOT_URL: https://git.svc.hel1.obx
      SSH_DOMAIN: git.svc.hel1.obx
      SSH_PORT: 22
      SSH_SERVER_USE_PROXY_PROTOCOL: true
      LANDING_PAGE: "explore"
    oauth2_client:
      ENABLE_AUTO_REGISTRATION: true
      UPDATE_AVATAR: true
      ACCOUNT_LINKING: auto
    database:
      DB_TYPE: postgres
      MAX_OPEN_CONNS: 90
    openid:
      ENABLE_OPENID_SIGNIN: false
      ENABLE_OPENID_SIGNUP: false
  oauth:
    - name: 'Oceanbox'
      provider: 'openidConnect'
      existingSecret: forgejo-oauth-oceanbox
      autoDiscoverUrl: 'https://login.microsoftonline.com/3f737008-e9a0-4485-9d27-40329d288089/.well-known/openid-configuration'
      scopes: 'openid profile email groups'
      groupClaimName: 'groups'
      adminGroup: '/oceanbox/devel'
      restrictedGroup: ''
  additionalConfigFromEnvs:
    - name: FORGEJO__STORAGE__MINIO_ACCESS_KEY_ID
      valueFrom:
        secretKeyRef:
          name: forgejo-s3
          key: access_key
    - name: FORGEJO__STORAGE__MINIO_SECRET_ACCESS_KEY
      valueFrom:
        secretKeyRef:
          name: forgejo-s3
          key: secret_key
    - name: FORGEJO__DATABASE__PASSWD
      valueFrom:
        secretKeyRef:
          name: forgejo-db-app
          key: password
    - name: FORGEJO__DATABASE__NAME
      valueFrom:
        secretKeyRef:
          name: forgejo-db-app
          key: dbname
    - name: FORGEJO__DATABASE__USER
      valueFrom:
        secretKeyRef:
          name: forgejo-db-app
          key: user
    - name: FORGEJO__DATABASE__HOST
      valueFrom:
        secretKeyRef:
          name: forgejo-db-app
          key: host
    - name: FORGEJO__DATABASE__DB_TYPE
      value: postgres

ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: ca-issuer
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24,100.64.0.0/12
  hosts:
    - host: git.svc.hel1.obx
      paths:
      - backend:
          service:
            name: forgejo-http
            port:
              number: 3000
        path: /
        pathType: ImplementationSpecific
  tls:
    - secretName: forgejo-tls
      hosts:
        - git.svc.hel1.obx

# service:
  # ssh:
    # type: LoadBalancer
    # port: 22
    # annotations:
      # load-balancer.hetzner.cloud/location: hel1
      # load-balancer.hetzner.cloud/uses-proxyprotocol: 'false'

persistence:
  enabled: true
  size: 1Gi