feat(k8s/gitea): add Gitea with PostgreSQL, backups, and Authelia OIDC

2026-04-29 22:45:42 +03:00
parent db633544c6
commit fa61316abf
12 changed files with 619 additions and 5 deletions
--- a/kubernetes/app/gitea/secret.sops.yaml
+++ b/kubernetes/app/gitea/secret.sops.yaml
@@ -0,0 +1,73 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: gitea-credentials
+    namespace: gitea
+stringData:
+    DB_USERNAME: ENC[AES256_GCM,data:3cbes9s=,iv:E+zSCE93AVTPiWtQKW15+fHp/6nKtEY0RFWkC9K95w4=,tag:bpM84tAY0TJlJHkvCYl4tQ==,type:str]
+    DB_PASSWORD: ENC[AES256_GCM,data:PziUZ2Yg+kk6qvqs16k3gl2+gFT/MeE7DTzsfD+21bvLa8cvjPywNTTBS2gDB5h6H6+bn3f3X6tN+KYg2fNUYA==,iv:Ego7tQnpe8LcDd+XAG3ThtQUGR5cyjRnkCjppOtcW3M=,tag:zwrew+a4j78kNpgr2yfW6w==,type:str]
+    DB_DATABASE_NAME: ENC[AES256_GCM,data:wevUgjE=,iv:2VMHHmp4rI3EE8lmKL+88VDwtIy8RoHbxZM5dsln6Q0=,tag:Vinwbtci+UkGoyzGEEF/5A==,type:str]
+sops:
+    age:
+        - recipient: age1zffnskvuezntkk703a0pyxsd5m8vx2hm33dr47wdfy8mn4fdw4sqgw0jgc
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWWhqdVVJNmhUT0FBWFVk
+            V1V4R0wyV1V3WnpHZ1JGWm1iTnQ5TmsyeGk4ClpKSlJyMjYxNmQvUWlNbHY0cU0y
+            ZkJuTHd0K1k2cGhLTG1ncXBhMWk3ZzgKLS0tIEtXNXJQa2txMFovSnZkeDM1R2tk
+            TWwxTXBRUkJWcG1sMUl3REFtMkI2WG8KyvuPr8iwuiVC9j5wXLaok5AeJhXXq8CI
+            H7HCBU4mVjwd0IrtlwSCLx5vUDKTpc2e5SumJp4nSy1D5R+uOjEWBA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-04-29T19:32:53Z"
+    mac: ENC[AES256_GCM,data:ngT9hUeIQM+NL3v/WApSBGsdWJw7CZvAMfqb/4d80DwV0cF14WjMVupc0d6mD7ykhJGM5ptwf1zR8QPSkErCRXSHxFoLXGAJVN4h+MOy48yZ61RK/p+dip5CkPojTfb5i6rU0dIOFVpjm7z6JbPLz8UTxMTikwzo/w931AKa9PE=,iv:wXZQRvt6pImnxVIfyOhRJWQl+ytrlmDxd8odDra16XQ=,tag:/6Fixh2urHAgUfQx+h6Dsg==,type:str]
+    encrypted_regex: ^(data|stringData|email)$
+    version: 3.12.2
+---
+apiVersion: v1
+kind: Secret
+metadata:
+    name: gitea-admin
+    namespace: gitea
+stringData:
+    username: ENC[AES256_GCM,data:w6EdTuF/JRY3QuU=,iv:DaPA4FbTz44m99OafT7rYGAuSNY1+Kd0fqoH3nl/8vQ=,tag:QZU+4g/k5Ft4w06uh/kzZw==,type:str]
+    password: ENC[AES256_GCM,data:tl8bLeTQfsa3NHg2WJrHzBe5LXaGd+9btVyZFgPc0Mp3hDkPZh6pAZDd1n96pO9oNYe2elmKfdaJZGhX6Xknow==,iv:boQQm3XRAg9ZrLC2yP2TBqDH6JtCneoS3y4RCBpTTMw=,tag:uKLU0mUQvCLs3FhEv3aFYQ==,type:str]
+    email: ENC[AES256_GCM,data:WekZNlut9EhIyIJF6Z5yZevVeBWUggeDbFYQx2A=,iv:125s6eI55SckKFvFvZ78G2MCdoiUqdXaKGNu7vtFOpw=,tag:ZVToNfQ5K11Z3QUJ0FrWPg==,type:str]
+sops:
+    age:
+        - recipient: age1zffnskvuezntkk703a0pyxsd5m8vx2hm33dr47wdfy8mn4fdw4sqgw0jgc
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWWhqdVVJNmhUT0FBWFVk
+            V1V4R0wyV1V3WnpHZ1JGWm1iTnQ5TmsyeGk4ClpKSlJyMjYxNmQvUWlNbHY0cU0y
+            ZkJuTHd0K1k2cGhLTG1ncXBhMWk3ZzgKLS0tIEtXNXJQa2txMFovSnZkeDM1R2tk
+            TWwxTXBRUkJWcG1sMUl3REFtMkI2WG8KyvuPr8iwuiVC9j5wXLaok5AeJhXXq8CI
+            H7HCBU4mVjwd0IrtlwSCLx5vUDKTpc2e5SumJp4nSy1D5R+uOjEWBA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-04-29T19:32:53Z"
+    mac: ENC[AES256_GCM,data:ngT9hUeIQM+NL3v/WApSBGsdWJw7CZvAMfqb/4d80DwV0cF14WjMVupc0d6mD7ykhJGM5ptwf1zR8QPSkErCRXSHxFoLXGAJVN4h+MOy48yZ61RK/p+dip5CkPojTfb5i6rU0dIOFVpjm7z6JbPLz8UTxMTikwzo/w931AKa9PE=,iv:wXZQRvt6pImnxVIfyOhRJWQl+ytrlmDxd8odDra16XQ=,tag:/6Fixh2urHAgUfQx+h6Dsg==,type:str]
+    encrypted_regex: ^(data|stringData|email)$
+    version: 3.12.2
+---
+apiVersion: v1
+kind: Secret
+metadata:
+    name: gitea-oauth-authelia
+    namespace: gitea
+stringData:
+    key: ENC[AES256_GCM,data:6gbsmUI=,iv:rLq6rHHqyJ158JxbmFGkko6rPt2aJkQKCDGY/kOil5E=,tag:qz/2riJi00AkEdtOtQTJdA==,type:str]
+    secret: ENC[AES256_GCM,data:z8zuEZ9xgiIiSCDOtXn4yXU5n5TggMpc+5y8Vv21ja8PTXXf1l3krnc55qaJPuo85+fYqzW+NDPbTWPAIkVqtvr260N++d7z,iv:hh91ss/nbBIvxosNLQ5zy6G593Vxn92q+8f0APjiORk=,tag:FzvjgjCyEyvzmZ4J/muPlg==,type:str]
+sops:
+    age:
+        - recipient: age1zffnskvuezntkk703a0pyxsd5m8vx2hm33dr47wdfy8mn4fdw4sqgw0jgc
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWWhqdVVJNmhUT0FBWFVk
+            V1V4R0wyV1V3WnpHZ1JGWm1iTnQ5TmsyeGk4ClpKSlJyMjYxNmQvUWlNbHY0cU0y
+            ZkJuTHd0K1k2cGhLTG1ncXBhMWk3ZzgKLS0tIEtXNXJQa2txMFovSnZkeDM1R2tk
+            TWwxTXBRUkJWcG1sMUl3REFtMkI2WG8KyvuPr8iwuiVC9j5wXLaok5AeJhXXq8CI
+            H7HCBU4mVjwd0IrtlwSCLx5vUDKTpc2e5SumJp4nSy1D5R+uOjEWBA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-04-29T19:32:53Z"
+    mac: ENC[AES256_GCM,data:ngT9hUeIQM+NL3v/WApSBGsdWJw7CZvAMfqb/4d80DwV0cF14WjMVupc0d6mD7ykhJGM5ptwf1zR8QPSkErCRXSHxFoLXGAJVN4h+MOy48yZ61RK/p+dip5CkPojTfb5i6rU0dIOFVpjm7z6JbPLz8UTxMTikwzo/w931AKa9PE=,iv:wXZQRvt6pImnxVIfyOhRJWQl+ytrlmDxd8odDra16XQ=,tag:/6Fixh2urHAgUfQx+h6Dsg==,type:str]
+    encrypted_regex: ^(data|stringData|email)$
+    version: 3.12.2