delivery stage almost done

.gitignore

@@ -1,2 +1,5 @@
 **/*/.envs/.*
-!**/*/.envs/.*.template
+!**/*/.envs/.*.template
+
+stages/.common/*
+!stages/.common/*.template

stages/delivery/.envs/.forgejo-oidc-secret.template

@@ -0,0 +1 @@
+{{ pw "46289080-39de-4e5e-bae5-6be41b08e25b" }}

stages/delivery/helmfile.yaml

@@ -1,7 +1,6 @@
 repositories:
   - name: argocd
     url: https://argoproj.github.io/argo-helm
-
 ---
 
 releases:
@@ -10,5 +9,12 @@ releases:
     chart: argocd/argo-cd
     version: 7.7.21
     values:
-      - ./values/argocd.values.yaml
+      - ./values/argocd.values.yaml.gotmpl
-    installed: false
+    installed: false
+  - name: forgejo
+    namespace: forgejo
+    chart: oci://code.forgejo.org/forgejo-helm/forgejo
+    version: 11.0.3
+    values:
+      - ./values/forgejo.values.yaml.gotmpl
+    installed: false

stages/delivery/kustomization.yaml

@@ -1,11 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-labels:
-- includeSelectors: true
-  pairs:
-    app.kubernetes.io/managed-by: Kustomize
-
-
-resources:
-  - ./deployment.yaml

stages/delivery/values/argocd.values.yaml.gotmpl

@@ -3,7 +3,7 @@ global:
 
 secret:
   extra:
-    dex.kropcloud-idp.clientSecret: {{ readFile ../.envs}}
+    dex.kropcloud-idp.clientSecret: {{ readFile "../.envs/.argocd-oidc-secret" }}
 
 configs:
   params:

stages/delivery/values/forgejo.values.yaml.gotmpl

@@ -0,0 +1,69 @@
+redis-cluster:
+  enabled: false
+redis:
+  enabled: true
+postgresql:
+  enabled: true
+postgresql-ha:
+  enabled: false
+
+gitea:
+  oauth:
+    - name: kropcloud-idp
+      provider: openidConnect
+      key: VcyEM48aqaMlau356WMVO10cNcmd6McnxW1KvBLu
+      secret: {{ readFile "../.envs/.forgejo-oidc-secret" }}
+      autoDiscoverUrl: https://idp.kropcloud.net/application/o/git/.well-known/openid-configuration
+      skipLocal2fa: true
+      scopes: forgejo
+      requiredClaimName: forgejo
+      groupClaimName: forgejo
+      adminGroup: admin
+
+
+  config:
+    service:
+      DISABLE_REGISTRATION: false
+      ALLOW_ONLY_EXTERNAL_REGISTRATION: true
+    oauth2_client:
+      ENABLE_AUTO_REGISTRATION: true
+      UPDATE_AVATAR: true
+    openid:
+      ENABLE_OPENID_SIGNIN: false
+      ENABLE_OPENID_SIGNUP: false
+    database:
+      DB_TYPE: postgres
+    indexer:
+      ISSUE_INDEXER_TYPE: bleve
+      REPO_INDEXER_ENABLED: true
+    mailer:
+      ENABLED: true
+      FROM: no-reply@kropcloud.net
+      PROTOCOL: smtps
+      SMTP_ADDR: smtp.seznam.cz
+      SMTP_PORT: 465
+      USER: no-reply@kropcloud.net
+      PASSWD: {{ readFile "../../.common/.noreply-email-password" }}
+
+ingress:
+  enabled: true
+  className: nginx
+  hosts:
+    - host: git.kropcloud.net
+      paths:
+        - path: /
+          pathType: Prefix
+  annotations:
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/baWckend-protocol: "HTTP"
+    cert-manager.io/cluster-issuer: cloudflare-issuer
+  tls:
+    - hosts:
+        - git.kropcloud.net
+      secretName: forgejo-tls
+
+service:
+  ssh:
+    type: LoadBalancer
+    annotations:
+      metallb.io/allow-shared-ip: kropcloud

stages/identity/values/authentik.values.yaml.gotmpl

@@ -14,7 +14,7 @@ authentik:
     use_ssl: true
     from: no-reply@kropcloud.net
     username: no-reply@kropcloud.net
-    password: {{ readFile "../.envs/.authentik-email-password" }}
+    password: {{ readFile "../../.common/.noreply-email-password" }}
 
   postgresql:
     password: {{ readFile "../.envs/.authentik-postgresql" }}