From 3410213913a39b3f5a6cbace2ba10016498aebb8 Mon Sep 17 00:00:00 2001
From: ducoterra <git@ducoterra.net>
Date: Wed, 1 Nov 2023 09:36:56 -0400
Subject: [PATCH] take the secrets out of the gitea values.yaml

---
 README.md         | 11 +++++++-
 gitea-values.yaml | 72 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 82 insertions(+), 1 deletion(-)
 create mode 100644 gitea-values.yaml

diff --git a/README.md b/README.md
index 0524571..b35eca8 100644
--- a/README.md
+++ b/README.md
@@ -523,13 +523,22 @@ they decide to change things. This is the first chart (besides ingress-nginx) wh
 we need to pay attention to the MetalLB annotation. This has been set in the values.yaml
 file.
 
+First we need to create the gitea admin secret
+
+```bash
+kubectl create secret generic gitea-admin-secret \
+    --from-literal=username='' \
+    --from-literal=password='' \
+    --from-literal=email=''
+```
+
 ```bash
 helm repo add gitea-charts https://dl.gitea.io/charts/
 helm repo update
 helm upgrade --install \
     gitea \
     gitea-charts/gitea \
-    --values secrets/gitea-values.yaml \
+    --values gitea-values.yaml \
     --namespace gitea \
     --create-namespace
 ```
diff --git a/gitea-values.yaml b/gitea-values.yaml
new file mode 100644
index 0000000..bd54c59
--- /dev/null
+++ b/gitea-values.yaml
@@ -0,0 +1,72 @@
+ingress:
+  enabled: true
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.org/client-max-body-size: "0"
+  hosts:
+    - host: gitea.reeseapps.com
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+  - hosts:
+    - gitea.reeseapps.com
+    secretName: gitea-tls-cert
+
+persistence:
+  enabled: true
+  create: false
+  storageClass: zfs-iscsi-enc0
+  claimName: data-gitea-0
+  annotations:
+    "helm.sh/resource-policy": keep
+
+global:
+  storageClass: zfs-iscsi-enc1
+
+postgresql:
+  enabled: true
+  primary:
+    persistence:
+      enabled: true
+      storageClass: zfs-iscsi-enc1
+      annotations:
+        "helm.sh/resource-policy": keep
+
+postgresql-ha:
+  enabled: false
+
+gitea:
+  admin:
+    existingSecret: gitea-admin-secret
+  config:
+    service:
+      DISABLE_REGISTRATION: true
+
+service:
+  ssh:
+    port: 2222
+    type: LoadBalancer
+    externalTrafficPolicy: Cluster
+    annotations:
+      metallb.universe.tf/address-pool: "production"
+      metallb.universe.tf/allow-shared-ip: "production"
+
+redis-cluster:
+  enabled: true
+
+deployment:
+  tolerations:
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoExecute"
+      tolerationSeconds: 1
+    - key: "node.kubernetes.io/not-ready"
+      operator: "Exists"
+      effect: "NoExecute"
+      tolerationSeconds: 1
+
+strategy:
+  type: Recreate