From 121d5eb19842ad5a6e85d9d1c12c1d9105dd5d44 Mon Sep 17 00:00:00 2001
From: Mayne0213 <bluemayne0213@icloud.com>
Date: Sat, 10 Jan 2026 19:38:35 +0900
Subject: [PATCH] REFACTOR(gitea): move from applications repo

- Add gitea Application manifests
- Update repoURL to reference platform repo
- Include helm-values, kustomization, redirect configs
---
 gitea/argocd.yaml        |  41 ++++++++++++
 gitea/helm-values.yaml   | 133 +++++++++++++++++++++++++++++++++++++++
 gitea/kustomization.yaml |   5 ++
 gitea/redirect.yaml      |  70 +++++++++++++++++++++
 kustomization.yaml       |   1 +
 5 files changed, 250 insertions(+)
 create mode 100644 gitea/argocd.yaml
 create mode 100644 gitea/helm-values.yaml
 create mode 100644 gitea/kustomization.yaml
 create mode 100644 gitea/redirect.yaml

diff --git a/gitea/argocd.yaml b/gitea/argocd.yaml
new file mode 100644
index 0000000..5682bbd
--- /dev/null
+++ b/gitea/argocd.yaml
@@ -0,0 +1,41 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gitea
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  sources:
+  - repoURL: https://dl.gitea.com/charts/
+    chart: gitea
+    targetRevision: 12.4.0
+    helm:
+      valueFiles:
+      - $values/gitea/helm-values.yaml
+  - repoURL: https://github.com/K3S-HOME/platform.git
+    targetRevision: main
+    ref: values
+  - repoURL: https://github.com/K3S-HOME/platform.git
+    targetRevision: main
+    path: gitea
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: gitea
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+    - CreateNamespace=true
+    - PrunePropagationPolicy=foreground
+    - PruneLast=true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+  revisionHistoryLimit: 10
diff --git a/gitea/helm-values.yaml b/gitea/helm-values.yaml
new file mode 100644
index 0000000..9354cbf
--- /dev/null
+++ b/gitea/helm-values.yaml
@@ -0,0 +1,133 @@
+# Gitea Helm Chart Values
+# Self-contained deployment with SQLite and local-path storage
+
+# =============================================================================
+# DISABLE ALL EXTERNAL DEPENDENCIES
+# =============================================================================
+postgresql-ha:
+  enabled: false
+
+postgresql:
+  enabled: false
+
+valkey-cluster:
+  enabled: false
+
+valkey:
+  enabled: false
+
+# =============================================================================
+# PERSISTENCE - local-path StorageClass
+# =============================================================================
+persistence:
+  enabled: true
+  create: true
+  mount: true
+  size: 10Gi
+  accessModes:
+  - ReadWriteOnce
+  storageClass: local-path-retain
+  annotations:
+    helm.sh/resource-policy: keep
+
+# =============================================================================
+# ADMIN USER
+# =============================================================================
+gitea:
+  admin:
+    existingSecret: gitea-admin-secret
+    username: Mayne0213
+    email: bluemayne0213@icloud.com
+    passwordMode: keepUpdated
+
+  # Gitea configuration (app.ini)
+  config:
+    APP_NAME: Gitea - K3S-HOME
+
+    server:
+      DOMAIN: github0213.com
+      ROOT_URL: https://github0213.com
+      HTTP_PORT: 3000
+      SSH_DOMAIN: github0213.com
+      SSH_PORT: 22
+      SSH_LISTEN_PORT: 2222
+      LFS_START_SERVER: true
+
+    database:
+      DB_TYPE: sqlite3
+      PATH: /data/gitea/gitea.db
+      SQLITE_TIMEOUT: 500
+      SQLITE_JOURNAL_MODE: WAL
+
+    session:
+      PROVIDER: memory
+
+    cache:
+      ADAPTER: memory
+
+    queue:
+      TYPE: level
+
+    security:
+      INSTALL_LOCK: true
+
+    service:
+      DISABLE_REGISTRATION: false
+      REQUIRE_SIGNIN_VIEW: false
+      DEFAULT_KEEP_EMAIL_PRIVATE: true
+
+    log:
+      MODE: console
+      LEVEL: info
+
+# =============================================================================
+# INGRESS
+# =============================================================================
+ingress:
+  enabled: true
+  className: traefik
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+  hosts:
+  - host: github0213.com
+    paths:
+    - path: /
+      pathType: Prefix
+  tls:
+  - secretName: github-tls
+    hosts:
+    - github0213.com
+
+# =============================================================================
+# RESOURCES
+# =============================================================================
+resources:
+  requests:
+    cpu: 63m
+    memory: 237Mi
+  limits:
+    memory: 237Mi
+
+# =============================================================================
+# POD CONFIGURATION
+# =============================================================================
+strategy:
+  type: Recreate
+
+tolerations:
+- key: node-role.kubernetes.io/control-plane
+  operator: Exists
+  effect: NoSchedule
+
+nodeSelector:
+  node-role.kubernetes.io/control-plane: "true"
+
+priorityClassName: high-priority
+
+# =============================================================================
+# SSH SERVICE
+# =============================================================================
+service:
+  ssh:
+    type: ClusterIP
+    port: 22
diff --git a/gitea/kustomization.yaml b/gitea/kustomization.yaml
new file mode 100644
index 0000000..40722a9
--- /dev/null
+++ b/gitea/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- redirect.yaml
+namespace: gitea
diff --git a/gitea/redirect.yaml b/gitea/redirect.yaml
new file mode 100644
index 0000000..b9b5a8b
--- /dev/null
+++ b/gitea/redirect.yaml
@@ -0,0 +1,70 @@
+# Traefik Middleware for GitHub redirect
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: redirect-to-github
+  namespace: gitea
+spec:
+  redirectRegex:
+    regex: ".*"
+    replacement: "https://github.com/mayne0213"
+    permanent: true
+---
+# IngressRoute for HTTPS
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: gitea-redirect-https
+  namespace: gitea
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`gitea0213.kro.kr`) || Host(`www.gitea0213.kro.kr`)
+      kind: Rule
+      middlewares:
+        - name: redirect-to-github
+      services:
+        - name: noop@internal
+          kind: TraefikService
+  tls:
+    secretName: gitea-tls
+    domains:
+      - main: gitea0213.kro.kr
+        sans:
+          - www.gitea0213.kro.kr
+---
+# IngressRoute for HTTP (redirect to HTTPS first, then to GitHub)
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: gitea-redirect-http
+  namespace: gitea
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`gitea0213.kro.kr`) || Host(`www.gitea0213.kro.kr`)
+      kind: Rule
+      middlewares:
+        - name: redirect-to-github
+      services:
+        - name: noop@internal
+          kind: TraefikService
+---
+# Certificate for TLS
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: gitea-certificate
+  namespace: gitea
+spec:
+  secretName: gitea-tls
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  dnsNames:
+    - gitea0213.kro.kr
+    - www.gitea0213.kro.kr
diff --git a/kustomization.yaml b/kustomization.yaml
index d79659f..d9c28fb 100644
--- a/kustomization.yaml
+++ b/kustomization.yaml
@@ -11,3 +11,4 @@ resources:
   - traefik/argocd.yaml
   - argocd-image-updater/argocd.yaml
   - argocd/argocd.yaml
+  - gitea/argocd.yaml