Initial commit

kubernetes/code/gitea/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: gitea
+resources:
+  - namespace.yaml
+  - repository.yaml
+  - release.yaml
+secretGenerator:
+  - name: gitea-values
+    files:
+      - values.yaml=values.yaml
+configurations:
+  - kustomizeconfig.yaml

kubernetes/code/gitea/kustomizeconfig.yaml

@@ -0,0 +1,6 @@
+nameReference:
+- kind: Secret
+  version: v1
+  fieldSpecs:
+  - path: spec/valuesFrom/name
+    kind: HelmRelease

kubernetes/code/gitea/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea

kubernetes/code/gitea/release.yaml

@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  interval: 1m
+  chart:
+    spec:
+      sourceRef:
+        kind: HelmRepository
+        name: gitea
+        namespace: gitea
+      chart: gitea
+      interval: 1m
+  valuesFrom:
+    - kind: Secret
+      name: gitea-values

kubernetes/code/gitea/repository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  interval: 1m
+  url: https://dl.gitea.io/charts/

kubernetes/code/gitea/values.yaml

@@ -0,0 +1,102 @@
+ingress:
+    enabled: true
+    hosts:
+        - host: git.vhaudiquet.fr
+          paths:
+            - path: /
+              pathType: Prefix
+# Disable HA, we are on a 1-node cluster
+redis-cluster:
+    enabled: false
+redis:
+    enabled: true
+postgresql:
+    enabled: true
+    global:
+        postgresql:
+            auth:
+                postgressPassword: ENC[AES256_GCM,data:S0jkpB+S8jV5+w==,iv:8lZJkw5DN2b0OhI1FHGYv90ZH1Pn0XXU2RSyv4aVx/Q=,tag:9r908balQkich6RFPlpHCQ==,type:str]
+                password: ENC[AES256_GCM,data:+KBkk+NOsM7Amg==,iv:VmBbDVk9G4rRgieFeJrFoWrXIfrY50Aq1/XBKsfamL4=,tag:oK3AFrYG7rGXIjttGgOv3Q==,type:str]
+                database: gitea
+                username: ENC[AES256_GCM,data:jiZce5o=,iv:mKzFJAXbSoaW4REoND/uJ6SW8sNhGOhjxH7X8R9nw0M=,tag:QSRIzYeRWYMju3hCEt+wpg==,type:str]
+    volumePermissions:
+        enabled: true
+postgresql-ha:
+    enabled: false
+persistence:
+    enabled: true
+    subPath: data
+extraVolumes:
+    - name: git
+      nfs:
+        server: truenas.local
+        path: /mnt/main_storage/git
+extraContainerVolumeMounts:
+    - name: git
+      mountPath: /git
+clusterDomain: kube-talos.local
+actions:
+    enabled: true
+    provisioning:
+        enabled: true
+gitea:
+    oauth:
+        - name: Authentik
+          provider: openidConnect
+          key: ENC[AES256_GCM,data:s6yBMmp8FpIaC7m4uGen81nfPbCLnbJ06a0hEeuCLnPouXS2qNibkw==,iv:NpxJ3/fKcaEkctYqN9FV7WDWgdK0f2h4YUkW2e9ifAA=,tag:4WItsUK3J8hRk0c9qlWgMQ==,type:str]
+          secret: ENC[AES256_GCM,data:lO1R+gT+S2FrGhC6Ld/IRnRHDFjoB0/T+/Zle41oMchGtmmbdyKAUmTG9W6FzZzBsTEdV5GjgfwGU/G+PGnB1HPQkDD7INfy8qryfCBXhxqE9tUcpb8umxcXn77Yba1hAdETXY4FNpePv269Opixu/R4o4vTwG4isAGCkyTAwLw=,iv:LmZR/0+nXt5Dj59aqq4u0Qa/bqeMpCrs2TPi+mBG7eE=,tag:5+E5GUbOkF+GXVBLpLtodA==,type:str]
+          autoDiscoverUrl: https://authentik.vhaudiquet.fr/application/o/gitea/.well-known/openid-configuration
+    config:
+        APP_NAME: Gitea
+        server:
+            ROOT_URL: https://git.vhaudiquet.fr
+        lfs:
+            STORAGE_TYPE: local
+            PATH: /git/lfs
+        repository:
+            ROOT: /git/repo
+        database:
+            DB_TYPE: postgres
+        service:
+            ALLOW_ONLY_EXTERNAL_REGISTRATION: true
+        oauth2_client:
+            ENABLE_AUTO_REGISTRATION: true
+            ACCOUNT_LINKING: login
+        openid:
+            ENABLE_OPENID_SIGNIN: false
+            ENABLE_OPENID_SIGNUP: false
+        indexer:
+            ISSUE_INDEXER_TYPE: bleve
+            REPO_INDEXER_ENABLED: true
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2025-03-22T13:26:30Z"
+    mac: ENC[AES256_GCM,data:cVb4woEMFuW+KO9OtBFMQw1bcDeiJ93FR3mVY3l1nrGENXRPmlJQKsSUhMUlrn7nNnAQWbrJJ65u2MPvn2hZXRZsU0jy9vojSnF7XDecnrSzP69/lw8gRozBUlsLuiH7hivtKVuLDFMguuyD9wkCiQxp91ajJPZhaNiUkIgxz3o=,iv:q0L/o+6umhIm0Vf7tJ580Pi3i88VfhV7437qwxkyBvU=,tag:JlFXgYdVjnRHB190emIb1Q==,type:str]
+    pgp:
+        - created_at: "2025-03-22T13:26:30Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA7uy4qQr71wiAQ/+LEKY6WwSXYVrv0Fs79agmy3GIm1zmJGny6Dw6IpB2ZzE
+            +r1h41IMltscDfXmiu2hAn/J7NXupc5Ak3OFR0LxYDsWIyWe8sF9JiRtjlcJHI0s
+            7II4Gg8WrGaOOoEGFpDCnwBkuz/rOrFWcXeE7NPu2UuwWwcKDXqgA0R47U1RJlHH
+            KWzyE9blF3bOvJDALHnxSeyarVmL+IIDpx5+M5oOSHxigR8ltyZnIDvKuZ/ZxDKr
+            e8Te2W5MRjrhsFW2dWyHXaMnJeFM2KqiPQUw4BkEx1LlNf2O85cJhPHKX06PhMtl
+            L7fxLhwWsA0G/VRu1LDpCDKvQrwnhF6MgAI1KrU3Lweeo/LCtv3k20anpFMSFbaF
+            bplci98Ee4pk+Kk3iX+WuCcZOXeCucr/oRb1bbNWLK0eT/vrI2DBGHsgzbkr+S91
+            OZiUjZgKc7KgU8j+opW+Tfao8uvVCamq/VqMVGmxW07j5CcuwxAWB6srxxA/B8PV
+            qzuB046F/hMi3ibAYi+R+zCCM4MR33G0blgKEZk4Z/UQenMpqaQMZWr0pUA+l+9a
+            JT1JVRE4SVMXhNYKxZ3Jcfv56Ua4eMyxNGfbq7iyv/YJPCNvQKcsd4rJRaHgojUm
+            kVwAZO5lPknuDwrIQQ/XaRnd+K5EnyRncFzNow3Dbsr04DZr7e2sGQy5IjM2ob/U
+            aAEJAhD80JnUs0Q0GK4wR0uwEHq8ACsMmJG4qPoljiQ2qL/T/5SLjui2lHThqm1j
+            tM9UbHsGUF/NN0HPZtDVASsaXO+jYCjM108e7yj58IEMvPLymIAXM+eXWoanpBX3
+            YLbnTetfr+ut
+            =u3XM
+            -----END PGP MESSAGE-----
+          fp: DC6910268E657FF70BA7EC289974494E76938DDC
+    encrypted_regex: ^(password|ssh-key|api-key|user|username|privateKey|apiKey|extraArgs.*|extraEnvVars|.*secret.*|key|.*Password|.*\.ya?ml)$
+    version: 3.9.4

kubernetes/code/harbor/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: harbor
+resources:
+  - namespace.yaml
+  - repository.yaml
+  - release.yaml
+secretGenerator:
+  - name: harbor-values
+    files:
+      - values.yaml=values.yaml
+configurations:
+  - kustomizeconfig.yaml

kubernetes/code/harbor/kustomizeconfig.yaml

@@ -0,0 +1,6 @@
+nameReference:
+- kind: Secret
+  version: v1
+  fieldSpecs:
+  - path: spec/valuesFrom/name
+    kind: HelmRelease

kubernetes/code/harbor/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: harbor

kubernetes/code/harbor/release.yaml

@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: harbor
+  namespace: harbor
+spec:
+  interval: 1m
+  chart:
+    spec:
+      sourceRef:
+        kind: HelmRepository
+        name: harbor
+        namespace: harbor
+      chart: harbor
+      interval: 1m
+  valuesFrom:
+    - kind: Secret
+      name: harbor-values

kubernetes/code/harbor/repository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: harbor
+  namespace: harbor
+spec:
+  interval: 1m
+  url: https://helm.goharbor.io

kubernetes/code/harbor/values.yaml

@@ -0,0 +1,42 @@
+externalURL: http://harbor.local
+expose:
+    type: ingress
+    ingress:
+        hosts:
+            core: harbor.local
+core:
+    extraEnvVars:
+        - name: ENC[AES256_GCM,data:eMpF9wMbBxkYceKeTXU4CPc/zDME,iv:zOZrXlAv45gNv2FffG2kqXq2670HwXCKSZjQaegEz+Y=,tag:dTNolgpFxKuXCg5/5/s0gQ==,type:str]
+          value: ENC[AES256_GCM,data:c5wQjHgl9y4rAYf1gHnK26cGRtg4wKVf9oHliewruhZkGflu8ds9OL5EPe8U7FuPjt9IGTHtovbjlWv3L+8myfYX1IBEe9tJ/2VdAsaldNFQKvBTm8V9TXPQeyoiZz9wsBT7Dq15vFBQBs2e3+u2ZVd6Kv0F62Ioq6Utc/Ng2WpoKVo0kFrBbwqg4wdDojnT+oXxyEBLnPUEPsES48w6L8zjcy+SF52FPAAXIM5tj9KVD6BlF/8b3B8TUTSZHI/rw5WkOVLL33iCrQnLVa8svR1DncvatEoe4yhfHS38ioft+WuO+pK7DpYYif/6RF7snKVs92mS6hrHreBxiQiiwaSvvMqdGN2G/l/iLaxypxPO4aykhHUPwayJyrX+ay7BOCbyGoXB2fUFxgWv3Shed++iIJc/tyd2n0p0wve0YZUHNrOoFjj8zuYIsGxr4igI0Tao/Gxf27ljGoEwc/A94fVY4AmISj/PYpHGaeTmNbcQJ7QetNXDtkJvBBQ0t7TyDmo+5kUrWU08PBrPxh8H+j0loZFJnbq/hjDHygRXFs+2cpYeV6GjvncWaMlp2Rdu7oq+TBvL9KFlzgp/8pNhOXTFJeQPqyHIzi0Q/JrIZoR8ixYGuvBBBNARWnMyfLbrM5BzJWns8Ybif8WzFIHZy/9ISB13lIiJEDveLbHA4yJGplFFYWBfUzGwEN4K9swE4aAjDC8Vmk7ap/uqFufj4oZT62e/na4hKW+Rtj3bbLzXZPgGzczojTOMet5UGuY=,iv:X8JmR3oy1G94f/K5vYeARyGB0usmMlZl3VrAiDQurH8=,tag:tSlixKKBI2dB4FSx03erZg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2025-03-22T13:26:30Z"
+    mac: ENC[AES256_GCM,data:LIYTSXxmp7xpnrucygefTyHhI0Wi6EbGD0sA1NNLR9x/h+yG/5nlmdr02+dWFiEaeyvpA+6aSeoUWCHOMGMXV0EM5nmcZk14lQBQUWOVeYPbo5KSYzEdCy4ywVIa8HLG5yGJIhGuMPN7EDidkAiHcWNfaVRwRbG0PuczohYlwLg=,iv:fLqIPUlk8XkluxHA/WZd44JiM4FIZEvla33lCcvod2k=,tag:Xtg+QcTYy33WLJDWTECPeA==,type:str]
+    pgp:
+        - created_at: "2025-03-22T13:26:30Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA7uy4qQr71wiAQ/+IoSA9GM+l1zIjF0mhXxmzMQC5yjcJPXkxBQ1bZTJEvkZ
+            pL7fl/8Jvc/eQ96DKXpC95vE6m0jRSXhv0kz4HgoRV+tZUBl6CYMPcQXmY4/Zh+a
+            olL5xkk0U2fjEqX/cxNDomTZP85TQpZy2k4vxx1A4Nun7lhjLPsYM+49Ql9WP69e
+            f/UZDxyfuZf0ScK0wnCIXJMdB5mgbdMacw7VXrGtbv6vz8tQUk6jqM7S+7VyLeWv
+            G9jDXn2Cs8FFHJcmlifvTqxdRv8AjSPpYyQ7CVpuSMm3xQzsDGH2pKlkFORNcEXH
+            76+z7IaE09xiJA07lOiXVnGrAlkK5Y/eSt7227uQJlewQMYXHIm7LffakQzlrEq0
+            EEmevA1AFtR6Dn1Q9yb7G0QQNFA+Vire7zF/RNkUobqXY2nC9CLgDdyhph+XLfSx
+            aZILDqhrHKSUVe+YrbZvkQK6MNKKZe7icQtp1NjESS4InWQajXAYzNhy5bPz/9vh
+            1JbmF0zF9rviOoK8mKXPw5xR5guvK2jVu+zNPuQClrONW6EvKKXhudcnw2JNtbJl
+            TN1hRXVu6gFJhtpSwt07RCEYNCp15E7foPDKijiG4OZCXZQHSdhLQ3bGo64sbCOq
+            BIB7OYNNSoMBZZxLzdjX/amBQNzpQFbGZx9560ZyLWcTbJWQYSACh0ukjvA76YLU
+            ZgEJAhCinfjS8XV8hdGbk08slYRTcoZT0VFuV4J+1CnilNACwxAF/fjvHR4NtIbs
+            gEhh5W6LjVSol+PxQHyjEPaU6KHV0pryHn5U7AzD0NMbn7o2A5O/DOk12EXQeekk
+            EWSu2T+KJw==
+            =UYvy
+            -----END PGP MESSAGE-----
+          fp: DC6910268E657FF70BA7EC289974494E76938DDC
+    encrypted_regex: ^(password|ssh-key|api-key|user|username|privateKey|apiKey|extraArgs.*|extraEnvVars|.*secret.*|key|.*Password|.*\.ya?ml)$
+    version: 3.9.4