image:
    tag: 1.26.2
ingress:
    enabled: true
    hosts:
        - host: git.vhaudiquet.fr
          paths:
            - path: /
              pathType: Prefix
# Disable HA, we are on a 1-node cluster
redis-cluster:
    enabled: false
redis:
    enabled: true
    master:
        resources:
            requests:
                cpu: 100m
                memory: 128Mi
            limits:
                cpu: 500m
                memory: 256Mi
postgresql:
    enabled: true
    global:
        postgresql:
            auth:
                postgressPassword: ENC[AES256_GCM,data:vluPzU5r0wgR1Q==,iv:o7gh99/CndIHikAIuoZ9IM2HUxdxCknc62Qieb+Do8s=,tag:JIOc/PfS0IRTU/cZlDP8pw==,type:str]
                password: ENC[AES256_GCM,data:R0HR9fWO0gMLhg==,iv:abe4swqs7JAHMliw0xxs+yvp/1mwDJPXFP1v9XzOpN4=,tag:AifSLNUrMCgbngaON9NMaw==,type:str]
                database: gitea
                username: ENC[AES256_GCM,data:l6oTjsQ=,iv:jduUmLzqMVLJTeeQoDH/eALOtUCG2hYDhw5MLIa1PXI=,tag:zpY8sz2s0Iz/V9Hc4K7Dzg==,type:str]
    volumePermissions:
        enabled: true
    primary:
        resources:
            requests:
                cpu: 250m
                memory: 256Mi
            limits:
                cpu: 1000m
                memory: 1Gi
        livenessProbe:
            enabled: true
            initialDelaySeconds: 30
            periodSeconds: 10
            timeoutSeconds: 10
            successThreshold: 1
            failureThreshold: 10
        readinessProbe:
            enabled: true
            initialDelaySeconds: 5
            periodSeconds: 10
            timeoutSeconds: 10
            successThreshold: 1
            failureThreshold: 6
postgresql-ha:
    enabled: false
persistence:
    enabled: true
    subPath: data
extraVolumes:
    - name: git
      nfs:
        server: truenas.lan
        path: /mnt/fast_app_data/git
extraContainerVolumeMounts:
    - name: git
      mountPath: /git
clusterDomain: cluster.local
gitea:
    oauth:
        - name: Authentik
          provider: openidConnect
          key: ENC[AES256_GCM,data:qYnP0MCD1eVziAUL0SU6e3RZ/T74/KL92hs3Dq+A9VKjJ1f9eXlWxg==,iv:WXH8kM7qo7Z7S0uM+b//wvlZp9Vl9B8AVX4VVr+TEDY=,tag:yNJ0AmXjCHRJ66hIHrg8RQ==,type:str]
          secret: ENC[AES256_GCM,data:2tPsKMshDQBT9bt8DZeuMmec4DMtSNirwnOCkggZZ9jLvQ0yxn5yjuxo5JjdZqRx9vVT0wF3cSnl8JqOEsHmVd8RtmGy6TNZfaT2VzA9b/H2xz5sGOCkMHCJW/5cdqKWQKgN16vcS3RBrGivizfynRmNwZcaLsKyIxaGuZ4vZfE=,iv:Gbkb7Gj3H/VPyDn/oDNBPFec2LwPXqxq8lM/mQxO1sk=,tag:HFt0G2V3bPWZdPNj1G0YvA==,type:str]
          autoDiscoverUrl: https://authentik.vhaudiquet.fr/application/o/gitea/.well-known/openid-configuration
    config:
        APP_NAME: Gitea
        server:
            ROOT_URL: https://git.vhaudiquet.fr
        lfs:
            STORAGE_TYPE: local
            PATH: /git/lfs
        repository:
            ROOT: /git/repo
        database:
            DB_TYPE: postgres
        service:
            ALLOW_ONLY_EXTERNAL_REGISTRATION: true
        actions:
            ENABLED: true
        oauth2_client:
            ENABLE_AUTO_REGISTRATION: true
            ACCOUNT_LINKING: login
        openid:
            ENABLE_OPENID_SIGNIN: false
            ENABLE_OPENID_SIGNUP: false
        indexer:
            ISSUE_INDEXER_TYPE: bleve
            REPO_INDEXER_ENABLED: true
# Resource limits for Gitea container
resources:
    requests:
        cpu: 250m
        memory: 512Mi
    limits:
        cpu: 1000m
        memory: 1Gi
# Increase replica count is not useful for 1-node cluster
replicaCount: 1
sops:
    lastmodified: "2026-06-27T10:09:03Z"
    mac: ENC[AES256_GCM,data:qX9swFKIwpjtvFSt1RVlq/RE/29R3YrQCb8BaE9BV6iZ/0S7N8fsxIUSfyHsQm4a4VCkvaP39gAxIYuX4Rj0yHUof/6iezOoJH0xEKB8wQXBb4zgHW8yJfqlNR0zYsumFyaOw2tcPhCFD1TH3eb998O0J3IYa9ErJUcZHwZeQxg=,iv:8wPDRikZpQNcgsZt4lkjRmaaf4dkwFxcfIjIJi9T4UI=,tag:tsKWvNtsGwgdpFyeRNT1pw==,type:str]
    pgp:
        - created_at: "2026-06-27T10:09:03Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----

            hQIMA7uy4qQr71wiAQ//efSk6zmVJ46hJ7Gv21z9Wxh/yfW8KPCiYx5bpONjLVCr
            c11t/iTGafQUb3CQtxwmQaEXhKEkm0HdfR/J2jWOgrAJBMK7QSsQDL5wkkUe5ox3
            0b2Ni02DtxV9O1DcbQPkbhUVrek0hGgYH2/FIa7G2OV4L8/sLmVTTC82firVxIQj
            Ho/oPLHm28Ipa7OlGsb5daFIAZjgsZJ3VXqnbUqvoWRkS+OTuXwDWpiAwRWLVgM7
            UqV6v0slwqwK6KF4TfkRSGMI6S6Qdgivt0OidfLFm7IGiJfMga9L9MgDmOtXRR3H
            Ju849l+tahdZRUvC3fl2tISSFcKShlMzIo/gtd4JVfo8V4n4bAXvoayq5DaY7Z1q
            RoimNqXolP97HFnKlaUp1pIMRDPor1QokNgdBpzRlU6tkmQIS8ivOPv49/OZR2z3
            Tz1IM1KrGGqkgM/pt83BKqTon52cYaRSC/dCC5KDU6zyQ0GE/sZMlQfpF4Cd0R7L
            YR6frInIhtv8nOhJuA3+1sZv0qj4qYz1C+D9KqBSTQl5KGfgMpA73d+Yvp0Ca5LA
            xHELSZ0j/+A5/G9KiHNRr7DyY62QSuL64PNPvHTg1cYgtqjZZbMaPS239ayix4EG
            gqvBOLZfzCZEBWrr4pyfEwOoAji0k2OSetG7FdB2BQMl4Q/U1NBO/MVYiZPbG9DS
            XgFhYbO34xGNryC5QLYbzOsllvUh7W8i4N7bktj55cUA+elDdMJJR6eejgIgA+Kk
            v3BdopyZjzDHjE4377hh2JMnYKjQylxAJI46kBSsShySIgaV89AgGjmaKOQrh+I=
            =4QJo
            -----END PGP MESSAGE-----
          fp: DC6910268E657FF70BA7EC289974494E76938DDC
    encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
    version: 3.10.2