# Gitea Helm Values
# Chart: https://gitea.com/gitea/helm-chart
# Self-hosted Git service

fullnameOverride: gitea

replicaCount: 1

image:
  registry: docker.io
  repository: gitea/gitea
  tag: "1.25.2"
  pullPolicy: IfNotPresent
  rootless: false

# Gitea configuration
gitea:
  admin:
    # Admin credentials managed via environment variables
    existingSecret: gitea-admin-secret
    # Do not update password on every restart
    passwordMode: initialOnlyNoReset

  config:
    server:
      DOMAIN: gitea0213.kro.kr
      ROOT_URL: https://gitea0213.kro.kr
      SSH_DOMAIN: gitea0213.kro.kr
      SSH_PORT: 2222
      DISABLE_SSH: true
      START_SSH_SERVER: false
      SSH_LISTEN_PORT: 2222

    database:
      DB_TYPE: postgres
      HOST: postgresql-cnpg-rw.postgresql-cnpg.svc.cluster.local:5432
      NAME: gitea
      USER: bluemayne
      SCHEMA: public
      SSL_MODE: disable

    service:
      DISABLE_REGISTRATION: false
      REQUIRE_SIGNIN_VIEW: false
      ENABLE_NOTIFY_MAIL: false

    cache:
      ENABLED: true
      ADAPTER: memory

    session:
      PROVIDER: memory

    git:
      PATH: /usr/bin/git

    actions:
      ENABLED: true
      DEFAULT_ACTIONS_URL: github

    packages:
      ENABLED: true
      CHUNKED_UPLOAD_PATH: /data/packages/chunked-upload

    container:
      ENABLED: true
      REGISTRY_HOST: gitea0213.kro.kr

  # Health checks
  livenessProbe:
    enabled: true
    tcpSocket:
      port: http
    initialDelaySeconds: 60
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 10

  readinessProbe:
    enabled: true
    tcpSocket:
      port: http
    initialDelaySeconds: 30
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3

# PostgreSQL dependency (using existing PostgreSQL instance)
postgresql:
  enabled: false

# Use existing PostgreSQL
postgresql-ha:
  enabled: false

# Valkey cluster (disabled, using memory for cache/session)
valkey-cluster:
  enabled: false

# Redis (optional, for caching)
redis-cluster:
  enabled: false

# Deployment strategy: Recreate to avoid leveldb lock conflicts
strategy:
  type: Recreate

# Environment variables for database password
deployment:
  env:
    - name: GITEA__database__PASSWD
      valueFrom:
        secretKeyRef:
          name: gitea-postgres-password
          key: password

# Persistence for Gitea data
persistence:
  enabled: true
  create: true
  volumeName: pvc-ec9c8a13-61a8-4722-8842-14d5570612a0  # Bind to existing PV with data
  size: 10Gi
  storageClass: longhorn
  accessModes:
    - ReadWriteOnce

# Service configuration
service:
  http:
    type: ClusterIP
    port: 3000
  ssh:
    type: LoadBalancer
    port: 2222
    externalTrafficPolicy: Local
    annotations:
      metallb.universe.tf/allow-shared-ip: gitea

# Ingress configuration
ingress:
  enabled: true
  className: haproxy
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    # HAProxy handles large body sizes by default, no annotation needed
  hosts:
    - host: gitea0213.kro.kr
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: gitea-tls
      hosts:
        - gitea0213.kro.kr

# Resource limits
resources:
  limits:
    memory: 512Mi
  requests:
    cpu: 10m  # Reduced from 50m based on actual usage (5m)
    memory: 256Mi

# Security context
securityContext: {}

# Init containers for database setup
initPreScript: |
  #!/bin/sh
  echo "Waiting for PostgreSQL..."
  until nc -z postgresql-cnpg-rw.postgresql-cnpg.svc.cluster.local 5432; do
    echo "Waiting for PostgreSQL to be ready..."
    sleep 2
  done
  echo "PostgreSQL is ready"