FEAT(gitea): add self-contained Gitea deployment

- Replace GitHub redirect with actual Gitea server
- SQLite database (no CNPG dependency)
- local-path StorageClass (no Longhorn dependency)
- Manual secret creation (no Vault dependency)
- Ingress at gitea0213.kro.kr

gitea/argocd.yaml

@@ -7,8 +7,17 @@ metadata:
   - resources-finalizer.argocd.argoproj.io
 spec:
   project: default
-  source:
-    repoURL: https://github.com/K3S-HOME/applications.git
+  sources:
+  - repoURL: https://dl.gitea.com/charts/
+    chart: gitea
+    targetRevision: 12.4.0
+    helm:
+      valueFiles:
+      - $values/gitea/helm-values.yaml
+  - repoURL: https://github.com/K3S-HOME/applications.git
+    targetRevision: main
+    ref: values
+  - repoURL: https://github.com/K3S-HOME/applications.git
     targetRevision: main
     path: gitea
   destination:
@@ -29,4 +38,7 @@ spec:
         duration: 5s
         factor: 2
         maxDuration: 3m
+    managedNamespaceMetadata:
+      labels:
+        goldilocks.fairwinds.com/enabled: 'true'
   revisionHistoryLimit: 10

gitea/helm-values.yaml

@@ -0,0 +1,125 @@
+# Gitea Helm Chart Values
+# Self-contained deployment with SQLite and local-path storage
+
+# =============================================================================
+# DISABLE ALL EXTERNAL DEPENDENCIES
+# =============================================================================
+postgresql-ha:
+  enabled: false
+
+postgresql:
+  enabled: false
+
+valkey-cluster:
+  enabled: false
+
+valkey:
+  enabled: false
+
+# =============================================================================
+# PERSISTENCE - local-path StorageClass
+# =============================================================================
+persistence:
+  enabled: true
+  create: true
+  mount: true
+  size: 10Gi
+  accessModes:
+  - ReadWriteOnce
+  storageClass: local-path
+  annotations:
+    helm.sh/resource-policy: keep
+
+# =============================================================================
+# ADMIN USER
+# =============================================================================
+gitea:
+  admin:
+    existingSecret: gitea-admin-secret
+    username: gitea_admin
+    email: admin@gitea.local
+    passwordMode: keepUpdated
+
+  # Gitea configuration (app.ini)
+  config:
+    APP_NAME: Gitea - K3S-HOME
+
+    server:
+      DOMAIN: gitea0213.kro.kr
+      ROOT_URL: https://gitea0213.kro.kr
+      HTTP_PORT: 3000
+      SSH_DOMAIN: gitea0213.kro.kr
+      SSH_PORT: 22
+      SSH_LISTEN_PORT: 2222
+      LFS_START_SERVER: true
+
+    database:
+      DB_TYPE: sqlite3
+      PATH: /data/gitea/gitea.db
+      SQLITE_TIMEOUT: 500
+      SQLITE_JOURNAL_MODE: WAL
+
+    session:
+      PROVIDER: memory
+
+    cache:
+      ADAPTER: memory
+
+    queue:
+      TYPE: level
+
+    security:
+      INSTALL_LOCK: true
+
+    service:
+      DISABLE_REGISTRATION: false
+      REQUIRE_SIGNIN_VIEW: false
+      DEFAULT_KEEP_EMAIL_PRIVATE: true
+
+    log:
+      MODE: console
+      LEVEL: info
+
+# =============================================================================
+# INGRESS
+# =============================================================================
+ingress:
+  enabled: true
+  className: traefik
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+  hosts:
+  - host: gitea0213.kro.kr
+    paths:
+    - path: /
+      pathType: Prefix
+  tls:
+  - secretName: gitea-tls
+    hosts:
+    - gitea0213.kro.kr
+
+# =============================================================================
+# RESOURCES
+# =============================================================================
+resources:
+  requests:
+    cpu: 100m
+    memory: 256Mi
+  limits:
+    memory: 512Mi
+
+# =============================================================================
+# POD CONFIGURATION
+# =============================================================================
+tolerations:
+- key: node-role.kubernetes.io/master
+  operator: Exists
+  effect: NoExecute
+
+# =============================================================================
+# SSH SERVICE
+# =============================================================================
+service:
+  ssh:
+    type: ClusterIP
+    port: 22

gitea/kustomization.yaml

@@ -1,5 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-resources:
-- redirect.yaml
-namespace: gitea
+# Secret is created manually via kubectl
+resources: []

gitea/redirect.yaml

@@ -1,70 +0,0 @@
-# Traefik Middleware for GitHub redirect
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: redirect-to-github
-  namespace: gitea
-spec:
-  redirectRegex:
-    regex: ".*"
-    replacement: "https://github.com/mayne0213"
-    permanent: true
----
-# IngressRoute for HTTPS
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: gitea-redirect-https
-  namespace: gitea
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-prod
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`gitea0213.kro.kr`) || Host(`www.gitea0213.kro.kr`)
-      kind: Rule
-      middlewares:
-        - name: redirect-to-github
-      services:
-        - name: noop@internal
-          kind: TraefikService
-  tls:
-    secretName: gitea-tls
-    domains:
-      - main: gitea0213.kro.kr
-        sans:
-          - www.gitea0213.kro.kr
----
-# IngressRoute for HTTP (redirect to HTTPS first, then to GitHub)
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: gitea-redirect-http
-  namespace: gitea
-spec:
-  entryPoints:
-    - web
-  routes:
-    - match: Host(`gitea0213.kro.kr`) || Host(`www.gitea0213.kro.kr`)
-      kind: Rule
-      middlewares:
-        - name: redirect-to-github
-      services:
-        - name: noop@internal
-          kind: TraefikService
----
-# Certificate for TLS
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: gitea-certificate
-  namespace: gitea
-spec:
-  secretName: gitea-tls
-  issuerRef:
-    name: letsencrypt-prod
-    kind: ClusterIssuer
-  dnsNames:
-    - gitea0213.kro.kr
-    - www.gitea0213.kro.kr