From 23ef2ce590907930b3e56579aa98b090fccd5f49 Mon Sep 17 00:00:00 2001
From: Sebastian <thrawn235@gmail.com>
Date: Wed, 27 Aug 2025 18:37:54 +0200
Subject: [PATCH] gitea

---
 .DS_Store                  | Bin 6148 -> 6148 bytes
 gitea/.DS_Store            | Bin 0 -> 6148 bytes
 gitea/README.md            |  10 ++
 gitea/adminer.yaml         |  47 +++++
 gitea/db.yaml              | 216 ++++++++++++++++++++++
 gitea/filesystem.yaml      |  42 +++++
 gitea/gitea.yaml           | 357 +++++++++++++++++++++++++++++++++++++
 gitea/ingress.yaml         |  25 +++
 gitea/namespace.yaml       |   6 +
 gitea/secrets.yaml         |  37 ++++
 gitea/service-monitor.yaml |  19 ++
 terraform/.DS_Store        | Bin 0 -> 6148 bytes
 12 files changed, 759 insertions(+)
 create mode 100644 gitea/.DS_Store
 create mode 100644 gitea/README.md
 create mode 100644 gitea/adminer.yaml
 create mode 100644 gitea/db.yaml
 create mode 100644 gitea/filesystem.yaml
 create mode 100644 gitea/gitea.yaml
 create mode 100644 gitea/ingress.yaml
 create mode 100644 gitea/namespace.yaml
 create mode 100644 gitea/secrets.yaml
 create mode 100644 gitea/service-monitor.yaml
 create mode 100644 terraform/.DS_Store

diff --git a/.DS_Store b/.DS_Store
index ad5287b02d5d8732abfc148becb2767116877967..c3330613832d8514540681e1acf431c006254200 100644
GIT binary patch
delta 248
zcmZoMXfc=|#>B!ku~2NHo+2aP#(>?7i$5?kG4gHZVcNx5&&rU_kjYTOkjjvlQk<NV
zl%Jo&00c<FIq8PM$@#ejAYlfEbXOpOB%7P>;*yk;p9B=;ut{XenELjJBf5$d+$v1K
zHWy?dTk!y>pMewXrXq$ShD3%mhI}BM3v(ai#=<_v&Fmcf96*0<e#rctc{0C<BL^b`
N0~1K+<_M8B%m9PtJ8}R3

delta 71
zcmZoMXfc=|#>B)qu~2NHo+2aX#(>?7jGUW!SavZ^j%AbHEXX0oGO<BmGdl-A2T&Q1
Y|DAa<zlb9T0}wDWFtBWn5Lv?v0D7zs`2YX_

diff --git a/gitea/.DS_Store b/gitea/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..5008ddfcf53c02e82d7eee2e57c38e5672ef89f6
GIT binary patch
literal 6148
zcmeH~Jr2S!425mzP>H1@V-^m;4Wg<&0T*E43hX&L&p$$qDprKhvt+--jT7}7np#A3
zem<@ulZcFPQ@L2!n>{z**<q8>++&mCkOWA81W14cNZ<zv;LbK1Poaz?KmsK2CSc!(
z0ynLxE!0092;Krf2c+FF_Fe*7ECH>lEfg7;MkzE(HCqgga^y>{tEnwC%0;vJ&^%eQ
zLs35+`xjp>T0<F0fCPF1$Cyrb|F7^5{eNG?83~ZUUlGt@xh*qZDeu<Z%US-OSsOPv
j)R!Z4KLME7ReXlK;d!wEw5GODWMKRea10D2@KpjYNUI8I

literal 0
HcmV?d00001

diff --git a/gitea/README.md b/gitea/README.md
new file mode 100644
index 0000000..01213f9
--- /dev/null
+++ b/gitea/README.md
@@ -0,0 +1,10 @@
+# Undercloud Gitea
+## git
+
+main repo for kubernetes apps
+
+the root url has been changed. check for errors or problems
+
+improvements:
+ldap group import (no cli command...)
+ldap avatars
diff --git a/gitea/adminer.yaml b/gitea/adminer.yaml
new file mode 100644
index 0000000..587c847
--- /dev/null
+++ b/gitea/adminer.yaml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: adminer
+  namespace: gitea
+  labels:
+    app: adminer
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: adminer
+  template:
+    metadata:
+      labels:
+        app: adminer
+    spec:
+      containers:
+      - name: adminer
+        image: adminer
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: ADMINER_DEFAULT_SERVER
+          value: db
+        ports:
+            - containerPort: 8080
+              protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: adminer
+  namespace: gitea
+spec:
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+  - IPv6
+  ipFamilyPolicy: SingleStack
+  ports:
+  - name: http
+    port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: adminer
+  sessionAffinity: None
+  type: ClusterIP
diff --git a/gitea/db.yaml b/gitea/db.yaml
new file mode 100644
index 0000000..bcecde9
--- /dev/null
+++ b/gitea/db.yaml
@@ -0,0 +1,216 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: db
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+  # clusterID is the namespace where the rook cluster is running
+  # If you change this namespace, also change the namespace below where the secret namespaces are defined
+  clusterID: rook-ceph
+
+  # CephFS filesystem name into which the volume shall be created
+  fsName: gitea
+
+  # Ceph pool into which the volume shall be created
+  # Required for provisionVolume: "true"
+  pool: gitea-replicated
+
+  # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+  # in the same namespace as the cluster.
+  csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+  csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+  csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+  csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+  csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+  csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: db
+  namespace: gitea
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 16Gi
+  storageClassName: db
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: db
+  namespace: gitea
+  labels:
+    app: db
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: db
+  template:
+    metadata:
+      labels:
+        app: db
+    spec:
+      containers:
+      - name: db
+        image: mariadb:10.5
+        imagePullPolicy: "IfNotPresent"
+        ports:
+        - name: mysql
+          containerPort: 3306
+        env:
+        - name: MARIADB_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: gitea-db
+              key: root.pw
+        - name: MARIADB_USER
+          valueFrom:
+            secretKeyRef:
+              name: gitea-db
+              key: username
+              optional: false
+        - name: MARIADB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: gitea-db
+              key: user.pw
+              optional: false
+        - name: MARIADB_DATABASE
+          value: gitea
+        #livenessProbe:
+        #  exec:
+        #    command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
+        #  initialDelaySeconds: 120
+        #  periodSeconds: 10
+        #  timeoutSeconds: 1
+        #  successThreshold: 1
+        #  failureThreshold: 3
+        #readinessProbe:
+        #  exec:
+        #    command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
+        #  initialDelaySeconds: 30
+        #  periodSeconds: 10
+        #  timeoutSeconds: 1
+        #  successThreshold: 1
+        #  failureThreshold: 3
+        volumeMounts:
+        - mountPath: /var/lib/mysql
+          name: data
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: db
+          readOnly: false
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: db
+  namespace: gitea
+spec:
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+  - IPv6
+  ipFamilyPolicy: SingleStack
+  ports:
+  - name: mysql
+    port: 3306
+    protocol: TCP
+    targetPort: 3306
+  selector:
+    app: db
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: db-backup
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+  # clusterID is the namespace where the rook cluster is running
+  # If you change this namespace, also change the namespace below where the secret namespaces are defined
+  clusterID: rook-ceph
+
+  # CephFS filesystem name into which the volume shall be created
+  fsName: gitea
+
+  # Ceph pool into which the volume shall be created
+  # Required for provisionVolume: "true"
+  pool: gitea-replicated
+
+  # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+  # in the same namespace as the cluster.
+  csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+  csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+  csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+  csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+  csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+  csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: db-backup
+  namespace: gitea
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: db-backup
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: db-backup
+  namespace: gitea
+  labels:
+    app: db-backup
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: db-backup
+  template:
+    metadata:
+      labels:
+        app: db-backup
+    spec:
+      containers:
+      - name: db-backup
+        image: rsprta/mariadb-backup
+        imagePullPolicy: "IfNotPresent"
+        env:
+        - name: CRON_TIMER
+          value: "@daily"
+        - name: MARIADB_HOST
+          value: db
+        - name: MARIADB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: gitea-db
+              key: root.pw
+        - name: MARIADB_USER
+          value: root
+        - name: MARIADB_PORT
+          value: "3306"
+        volumeMounts:
+        - mountPath: /backup
+          name: backup
+      volumes:
+      - name: backup
+        persistentVolumeClaim:
+          claimName: db-backup
+          readOnly: false
\ No newline at end of file
diff --git a/gitea/filesystem.yaml b/gitea/filesystem.yaml
new file mode 100644
index 0000000..47e5898
--- /dev/null
+++ b/gitea/filesystem.yaml
@@ -0,0 +1,42 @@
+apiVersion: ceph.rook.io/v1
+kind: CephFilesystem
+metadata:
+  name: gitea
+  namespace: rook-ceph
+spec:
+  metadataPool:
+    failureDomain: host
+    replicated:
+      size: 3
+  dataPools:
+    - name: replicated
+      failureDomain: host
+      replicated:
+        size: 3
+  preserveFilesystemOnDelete: false
+  metadataServer:
+    activeCount: 1
+    activeStandby: true
+    placement:
+    #  nodeAffinity:
+    #    requiredDuringSchedulingIgnoredDuringExecution:
+    #      nodeSelectorTerms:
+    #      - matchExpressions:
+    #        - key: role
+    #          operator: In
+    #          values:
+    #          - mds-node
+      tolerations:
+      - key: node-role.kubernetes.io/storage-node
+        operator: Exists
+        effect: NoSchedule
+    #  podAffinity:
+    #  podAntiAffinity:
+    #  topologySpreadConstraints:
+    #resources:
+    #  limits:
+    #    cpu: "80m"
+    #    memory: "1024Mi"
+    #  requests:
+    #    cpu: "500m"
+    #    memory: "1024Mi"
\ No newline at end of file
diff --git a/gitea/gitea.yaml b/gitea/gitea.yaml
new file mode 100644
index 0000000..a019cf4
--- /dev/null
+++ b/gitea/gitea.yaml
@@ -0,0 +1,357 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: app-ini
+  namespace: gitea
+data:
+  # file-like keys
+  app.ini: |
+    APP_NAME = Gitea: Undercloud Code Repository
+    RUN_MODE = prod
+    RUN_USER = git
+
+    [repository]
+    ROOT = /data/git/repositories
+    ENABLE_PUSH_CREATE_USER=true
+    ENABLE_PUSH_CREATE_ORG=true
+    ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET=false
+
+    [repository.local]
+    LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+    [repository.upload]
+    TEMP_PATH = /data/gitea/uploads
+
+    [server]
+    APP_DATA_PATH    = /data/gitea
+    DOMAIN           = localhost
+    SSH_DOMAIN       = localhost
+    HTTP_PORT        = 3000
+    ROOT_URL         = https://gitea.undercloud.cf/
+    DISABLE_SSH      = false
+    SSH_PORT         = 22
+    SSH_LISTEN_PORT  = 22
+    LFS_START_SERVER = true
+    LFS_JWT_SECRET   = LvgbTqg7kmthqjp39gQcTr1nhNgi13A7CNAPOmZHeAc
+    OFFLINE_MODE     = false
+
+    [database]
+    PATH     = /data/gitea/gitea.db
+    DB_TYPE  = sqlite3
+    HOST     = localhost:3306
+    NAME     = gitea
+    USER     = root
+    PASSWD   = 
+    LOG_SQL  = false
+    SCHEMA   = 
+    SSL_MODE = disable
+    CHARSET  = utf8
+
+    [indexer]
+    ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+    [session]
+    PROVIDER_CONFIG = /data/gitea/sessions
+    PROVIDER        = file
+
+    [picture]
+    AVATAR_UPLOAD_PATH            = /data/gitea/avatars
+    REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+    ENABLE_FEDERATED_AVATAR       = false
+
+    [attachment]
+    PATH = /data/gitea/attachments
+
+    [log]
+    MODE      = console
+    LEVEL     = info
+    ROUTER    = console
+    ROOT_PATH = /data/gitea/log
+
+    [security]
+    INSTALL_LOCK                  = true
+    SECRET_KEY                    = 
+    REVERSE_PROXY_LIMIT           = 1
+    REVERSE_PROXY_TRUSTED_PROXIES = *
+    INTERNAL_TOKEN                = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2NzI2MTA0MzB9.MnlX0rQXUl9QQTc2Hy878Tp2SqKRCDwcl9Y6rX2d4t0
+    PASSWORD_HASH_ALGO            = pbkdf2
+
+    [service]
+    DISABLE_REGISTRATION              = false
+    REQUIRE_SIGNIN_VIEW               = false
+    REGISTER_EMAIL_CONFIRM            = false
+    ENABLE_NOTIFY_MAIL                = false
+    ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+    ENABLE_CAPTCHA                    = false
+    DEFAULT_KEEP_EMAIL_PRIVATE        = false
+    DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+    DEFAULT_ENABLE_TIMETRACKING       = true
+    NO_REPLY_ADDRESS                  = noreply.localhost
+
+    [lfs]
+    PATH = /data/git/lfs
+
+    [mailer]
+    ENABLED = false
+
+    [openid]
+    ENABLE_OPENID_SIGNIN = true
+    ENABLE_OPENID_SIGNUP = true
+
+    [repository.pull-request]
+    DEFAULT_MERGE_STYLE = merge
+
+    [repository.signing]
+    DEFAULT_TRUST_MODEL = committer
+
+    [metrics]
+    ENABLED=true   
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: startup
+  namespace: gitea
+data:
+  startup.sh: |
+    #!/bin/sh
+    echo "startup..."
+    if test ! -f "/data/startup.ran"; then
+      echo "waiting 60s for startup..."
+      sleep 60s
+      echo "writing pw to files"
+      echo $SHODAN_PW > /data/shodan.pw
+      echo $ARGOCD_PW > /data/argocd.pw
+      echo $GITEA_PW > /data/gitea.pw
+      echo "creating users..."
+      echo $ARGOCD_PW
+      su git -c 'echo $ARGOCD_PW' 
+      su git -c 'SHODAN_PW=`cat /data/shodan.pw` && gitea admin user create --username shodan --admin --password $SHODAN_PW --email thrawn235@gmail.com'
+      su git -c 'ARGOCD_PW=`cat /data/argocd.pw` && gitea admin user create --username argocd --password $ARGOCD_PW --email argocd@undercloud.cf --must-change-password=false'
+      su git -c 'GITEA_PW=`cat /data/gitea.pw` && gitea admin auth add-ldap --name ldap --security-protocol StartTLS --host ldap.undercloud.cf. --port 389 --user-search-base "ou=users,dc=undercloud,dc=cf" --user-filter "(&(objectClass=person)(uid=%s))" --admin-filter "(&(memberOf=cn=gitea-admins,ou=groups,dc=undercloud,dc=cf))" --email-attribute mail --avatar-attribute jpegPhoto --synchronize-users --skip-tls-verify --username-attribute uid --bind-dn "cn=gitea,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf" --bind-password $GITEA_PW --attributes-in-bind --firstname-attribute cn --surname-attribute sn'
+
+      sleep 30s
+      echo "wget tea..."
+      wget http://aux-balancer.undercloud.cf.:3000/undercloud/kube-binaries/raw/branch/main/tea
+      echo "wget ctea..."
+      wget http://aux-balancer.undercloud.cf.:3000/undercloud/kube-binaries/raw/branch/main/ctea
+      chmod +x tea
+      chmod +x ctea
+      #echo "using tea to create login..."
+      #./tea login add --url http://localhost:3000 -i --user shodan --password $SHODAN_PW
+      #./tea login default localhost:3000
+      echo "creating undercloud organisation"
+      sleep 30s
+      #./tea organization create undercloud
+      ./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 CreateOrg undercloud
+      sleep 5s
+      echo "creating undercloud team"
+      ./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 CreateTeam undercloud undercloud
+      sleep 5s
+      echo "add argocd to undercloud team"
+      ./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddUserToTeam undercloud undercloud argocd
+      sleep 5s
+      echo "cloning k8aux-apps"
+      execline-cd /data git clone http://aux-balancer.undercloud.cf.:3000/undercloud/k8aux-apps.git
+      execline-cd /data/k8aux-apps rm -Rf .git
+      execline-cd /data/k8aux-apps git init
+      execline-cd /data/k8aux-apps git config --global user.email "thrawn235@gmail.com"
+      execline-cd /data/k8aux-apps git config --global user.name "shodan"
+      execline-cd /data/k8aux-apps git add .
+      execline-cd /data/k8aux-apps git commit -m "upload"
+      echo "push k8aux-apps to localhost"
+      execline-cd /data/k8aux-apps git push http://shodan:$SHODAN_PW@localhost:3000/undercloud/k8aux-apps.git --all
+      echo "delete local copy..."
+      #execline-cd /data rm -Rf k8aux-apps
+      echo "create PushMirror.."
+      ./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddPushMirror undercloud k8aux-apps "http://aux1.undercloud.cf.:3000/undercloud/k8aux-apps.git" shodan $SHODAN_PW 1h0m0s
+      ./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddPushMirror undercloud k8aux-apps "http://aux2.undercloud.cf.:3000/undercloud/k8aux-apps.git" shodan $SHODAN_PW 1h0m0s
+      echo "create startup.ran file..."
+      touch /data/startup.ran
+    else
+      echo "startup ran already!"
+    fi
+    echo "startup done."
+    #exit 123
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: gitea
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+  # clusterID is the namespace where the rook cluster is running
+  # If you change this namespace, also change the namespace below where the secret namespaces are defined
+  clusterID: rook-ceph
+
+  # CephFS filesystem name into which the volume shall be created
+  fsName: gitea
+
+  # Ceph pool into which the volume shall be created
+  # Required for provisionVolume: "true"
+  pool: gitea-replicated
+
+  # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+  # in the same namespace as the cluster.
+  csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+  csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+  csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+  csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+  csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+  csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 32Gi
+  storageClassName: gitea
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitea
+  namespace: gitea
+  labels:
+    app: gitea
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gitea
+  template:
+    metadata:
+      labels:
+        app: gitea
+    spec:
+      initContainers:
+      - name: copyappini
+        image: gitea/gitea:1.19
+        command: ["bash", "-c", "mkdir -p /data/gitea/conf && cp -f /copy/app.ini /data/gitea/conf/app.ini"]
+        volumeMounts:
+        - mountPath: /data
+          name: data
+        - mountPath: /copy
+          name: app-ini
+      containers:
+      - name: gitea
+        image: gitea/gitea:1.19
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 3000
+        - containerPort: 22
+        #lifecycle:
+        #    postStart:
+        #      exec:
+        #        command:
+        #          - "/bin/startup.sh"
+        env:
+        - name: USER_UID
+          value: "1000"
+        - name: USER_GID
+          value: "1000"
+        - name: GITEA__database__DB_TYPE
+          value: mysql
+        - name: GITEA__database__HOST
+          value: db:3306
+        - name: GITEA__database__NAME
+          value: gitea
+        - name: GITEA__database__USER
+          valueFrom:
+            secretKeyRef:
+              name: gitea-db
+              key: username
+              optional: false
+        - name: GITEA__database__PASSWD
+          valueFrom:
+            secretKeyRef:
+              name: gitea-db
+              key: user.pw
+              optional: false
+        - name: SHODAN_PW
+          valueFrom:
+            secretKeyRef:
+              name: shodan
+              key: pw
+              optional: false
+        - name: ARGOCD_PW
+          valueFrom:
+            secretKeyRef:
+              name: argocd-user
+              key: pw
+              optional: false
+        - name: GITEA_PW
+          valueFrom:
+            secretKeyRef:
+              name: gitea-user
+              key: pw
+              optional: false
+        livenessProbe:
+          httpGet:
+            path: /api/healthz
+            port: http
+          initialDelaySeconds: 200
+          timeoutSeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          failureThreshold: 10
+        volumeMounts:
+        - mountPath: /data
+          name: data
+        - mountPath: /bin/startup.sh
+          name: startup
+          subPath: startup.sh
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: gitea
+          readOnly: false
+      - name: app-ini
+        configMap:
+          name: app-ini
+          items:
+          - key: "app.ini"
+            path: "app.ini"
+      - name: startup
+        configMap:
+          name: startup
+          defaultMode: 0700
+          items:
+          - key: "startup.sh"
+            path: "startup.sh"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea
+  namespace: gitea
+  labels:
+    app: gitea
+spec:
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+  - IPv6
+  - IPv4
+  ipFamilyPolicy: PreferDualStack
+  ports:
+  - name: http
+    port: 3000
+    protocol: TCP
+    targetPort: 3000
+  - name: ssh
+    port: 22
+    protocol: TCP
+    targetPort: 22
+  selector:
+    app: gitea
+  sessionAffinity: None
+  type: ClusterIP
diff --git a/gitea/ingress.yaml b/gitea/ingress.yaml
new file mode 100644
index 0000000..acab523
--- /dev/null
+++ b/gitea/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gitea
+  namespace: gitea
+  annotations:
+    kubernetes.io/ingress.class: nginx    
+    cert-manager.io/cluster-issuer: letsencrypt
+
+spec:
+  tls:
+  - hosts:
+    - gitea.undercloud.cf
+    secretName: gitea-tls
+  rules:
+  - host: gitea.undercloud.cf
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: gitea
+            port:
+              number: 3000
\ No newline at end of file
diff --git a/gitea/namespace.yaml b/gitea/namespace.yaml
new file mode 100644
index 0000000..153c038
--- /dev/null
+++ b/gitea/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
+  labels:
+    prometheus: prometheus
\ No newline at end of file
diff --git a/gitea/secrets.yaml b/gitea/secrets.yaml
new file mode 100644
index 0000000..c5f078f
--- /dev/null
+++ b/gitea/secrets.yaml
@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitea-db
+  namespace: gitea
+type: Opaque
+data:
+  root.pw: dGhpc2lzYXB3
+  username: Z2l0ZWE=
+  user.pw: YW5kYW5vdGVyb25l
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: shodan
+  namespace: gitea
+type: Opaque
+data:
+  pw: NElzVGhlTWluZEtpbGxlcg==
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: argocd-user
+  namespace: gitea
+type: Opaque
+data:
+  pw: dW5zZWN1cmVwdw==
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitea-user
+  namespace: gitea
+type: Opaque
+data:
+  pw: Z2l0ZWFzZWN1cmVQVw==
\ No newline at end of file
diff --git a/gitea/service-monitor.yaml b/gitea/service-monitor.yaml
new file mode 100644
index 0000000..f38f8c9
--- /dev/null
+++ b/gitea/service-monitor.yaml
@@ -0,0 +1,19 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: gitea-metrics
+  namespace: gitea
+  labels:
+    team: undercloud
+spec:
+  #namespaceSelector:
+  #  matchNames:
+  #    - argocd-metrics
+  selector:
+    matchLabels:
+      app: gitea
+  endpoints:
+  - port: http
+    #path: /metrics
+    interval: 5s
+
diff --git a/terraform/.DS_Store b/terraform/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..184864923b21448f9aa41dcf49614a5769e74033
GIT binary patch
literal 6148
zcmeHLOHKnZ47Fh@jl`x)mbpUrEJ8IsK`%h3gQiGRO(kHTOY}w@gbQ#7o?{m^FcK>e
zLbjAV$FcKy(j@T^5ig&+1<{;{Y7{{hWkSR}*>z#gGa%<NHr?ZPXvcAw80K%9WbHHR
z>4Bc;o{IIKnTLL{-j4f&?xA0mLHn_3+F@*At#3Bf?)dg{``M%W#^bO%pWzkZF3x~6
z;0!ne&cM$wfIC~HzEbqs8E^)ife!}cd<ZCl(J(3IqXSh=0e}_ES)fZUAu+))8YV^b
zKv+Y88p@Vpu!h4P%r6=yMGYsm<b!SIQ}V)jc8njgJ8@L>+8J;LN(L^qIhXq%DedVK
zDxJLL3^)V-ngOnwb+g14?QZ?DS-EQi${mV`_$5&w(2GX^8uGL7I(KS+5FLKeFe%C?
SV$b0~e+XnkymAJ9fq{1=+%TO0

literal 0
HcmV?d00001