image:
    tag: 1.26.2
ingress:
    enabled: true
    hosts:
        - host: git.vhaudiquet.fr
          paths:
            - path: /
              pathType: Prefix
# Disable HA, we are on a 1-node cluster
redis-cluster:
    enabled: false
# Valkey cluster is the new default in chart 12.x - must be explicitly disabled
valkey-cluster:
    enabled: false
# Use standalone Valkey (replaces 'redis' in chart 12.x)
valkey:
    enabled: true
    master:
        resources:
            requests:
                cpu: 100m
                memory: 128Mi
            limits:
                cpu: 500m
                memory: 256Mi
postgresql:
    enabled: true
    global:
        postgresql:
            auth:
                postgressPassword: ENC[AES256_GCM,data:5SoftEfh4w8hmA==,iv:QbbOmVM3Jp3gxAxL1OvnB6WKFX+OTHFENz1roMnPqyc=,tag:Gtn7H7d3O7Hweg5q6P6xUg==,type:str]
                password: ENC[AES256_GCM,data:0BMgFdvPvhB9oQ==,iv:Z0mkQBfhpc7y1nSLY6MOucxwuKZ8TfOk6NlQE9RwVQw=,tag:yGDAOH6TCJDCfhxNlC/eCg==,type:str]
                database: gitea
                username: ENC[AES256_GCM,data:F7+91aE=,iv:tEGgJ6GoXVkNoD6D4ZnyClrOQLGlqzFIUqqwDrVjd9U=,tag:H1+f/EKf/KptooRf8g0qcQ==,type:str]
    volumePermissions:
        enabled: true
    primary:
        resources:
            requests:
                cpu: 250m
                memory: 256Mi
            limits:
                cpu: 1000m
                memory: 1Gi
        livenessProbe:
            enabled: true
            initialDelaySeconds: 30
            periodSeconds: 10
            timeoutSeconds: 10
            successThreshold: 1
            failureThreshold: 10
        readinessProbe:
            enabled: true
            initialDelaySeconds: 5
            periodSeconds: 10
            timeoutSeconds: 10
            successThreshold: 1
            failureThreshold: 6
postgresql-ha:
    enabled: false
persistence:
    enabled: true
    subPath: data
extraVolumes:
    - name: git
      nfs:
        server: truenas.lan
        path: /mnt/fast_app_data/git
extraContainerVolumeMounts:
    - name: git
      mountPath: /git
clusterDomain: cluster.local
gitea:
    oauth:
        - name: Authentik
          provider: openidConnect
          key: ENC[AES256_GCM,data:oq+UsuiNEGWphxXbwtbBs3d27bB2cVPoR617TWhcPOk67D7XWUPkmg==,iv:hODOA45FFex/b5ghHScnDoc5osu1d8bzD969oFVH3wE=,tag:67TMl55I6zgJWNGMqco6fg==,type:str]
          secret: ENC[AES256_GCM,data:o9BZSzy61ouycNgtgRg/Jn8Wz+hLBBqgX46iHbaYtPbUVPVFc9tpdCsTdHCpfSGfiS1B8kWcoSzIDIAIIofRSCS/QqEQeuTwsyakkXhgn/LtLn+TH7bdLLS8qqusy5MZ9U18IJ/UBPGZ5+16Y/glbhpfHu9NNv0AI07nPciTq1w=,iv:7dn7eW2oEK/EU4xIETwVSekZUmktrs7U9KTJC486nHs=,tag:Otl2KuySu9bI/cZfCyjiKA==,type:str]
          autoDiscoverUrl: https://authentik.vhaudiquet.fr/application/o/gitea/.well-known/openid-configuration
    config:
        APP_NAME: Gitea
        server:
            ROOT_URL: https://git.vhaudiquet.fr
        lfs:
            STORAGE_TYPE: local
            PATH: /git/lfs
        repository:
            ROOT: /git/repo
        database:
            DB_TYPE: postgres
        service:
            ALLOW_ONLY_EXTERNAL_REGISTRATION: true
        actions:
            ENABLED: true
        oauth2_client:
            ENABLE_AUTO_REGISTRATION: true
            ACCOUNT_LINKING: login
        openid:
            ENABLE_OPENID_SIGNIN: false
            ENABLE_OPENID_SIGNUP: false
        indexer:
            ISSUE_INDEXER_TYPE: bleve
            REPO_INDEXER_ENABLED: true
# Resource limits for Gitea container
resources:
    requests:
        cpu: 250m
        memory: 512Mi
    limits:
        cpu: 1000m
        memory: 1Gi
# Increase replica count is not useful for 1-node cluster
replicaCount: 1
sops:
    lastmodified: "2026-06-27T10:20:08Z"
    mac: ENC[AES256_GCM,data:VZY4oK2PCMBJd4VozL5qS7jlZtOu1JNsOn7aqJgPZ8uQR7kG939By7oVELMH9us0Sb8AZIYmzx7nLwnlp6IUNnacOffhKNl4stTFrb5Vry/5zem0CNp08eEDEt9VoxNudfQYC2axuGSwbAIahMzZsOYVRqOGgF1gEG17+hgd7ww=,iv:MiHKGUfzaSAppXLLxJSQD5loGkToFLzVQetWoRHq074=,tag:FduCPbHmy6A0mYdCrnRxDw==,type:str]
    pgp:
        - created_at: "2026-06-27T10:20:08Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----

            hQIMA7uy4qQr71wiAQ//VDYGwZupOfefdEtJkD9SPOW3tHcOy2XR6ULhVQjXTGGh
            APuONtgUZKFCViUqYZB7l6fazM8U/fv3cHsIpZfALFGE9wSZ+4So6D5dmBj13egh
            yznV55xjinoaKPzaYYZoVmlt1ZO22SxmC0vld3yfAs89KD1Aow5wNZGTBELzyAWF
            gMYGMkCsLlH3gqBaJTV1m5LKHHQAtoyzvJbKcpiynNRySfN/ogNX67GmgEMH9+u8
            UexPwUHL6skIzHLmugYcrs4FAABot4WzoJsR794wOq/DEqHBE4SfQg48y/DROu2O
            mgo6KqiXXe8qPGCIvjLiudb7MdSLpoLqgZ0vpExzdS/wMXAXczodrRRJmzEQyeDE
            j08pquhfUzQ1SA/9VRQkgl4r0dj0CTuc+EhvHD4M9nj3JIjvuJ0AdyKye5S8rdNM
            rm9eyX8V+o6X811qUM8bobKEi36tdnSMiB1yVHTtdW7hKctQwRMNQ8A9QEtOxS2F
            +9Owub4LXZwBejSLgh9jaKEnilJQKVYN5Aw2lNAmZZZKtJ+iGHHkq9H6k+k5oEoG
            xkQ/IYIEGLhfjH0PDZ9m2G3Ren3EkEkNjYvhwENhuUcyuW5Abl62v9FMY8c9NYyK
            +uf5VS1ceHOBcelQcdSx9Kuox5UuyUtbwUcv+HbTmymZtmYdw+dnOTtRHR5CNY7S
            XgEvPWAEagJpsmqC2n7Vc9d7b7TVp+SLSiL/w0v9JD6ko54Rwj0x21Odx3FLe7P6
            obKU6XNNX9PPThJw2W0E295i2+DmOTH0AFio3rsg5wM3JFUokY/t8590sWnFR8g=
            =Gypa
            -----END PGP MESSAGE-----
          fp: DC6910268E657FF70BA7EC289974494E76938DDC
    encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
    version: 3.10.2