infrastructure/kubernetes/gitea/web.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitea-web
  namespace: gitea
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitea-web
  template:
    metadata:
      labels:
        app: gitea-web
    spec:
      containers:
        - name: gitea
          image: docker.io/gitea/gitea:1.25
          ports:
            - containerPort: 3000
            - containerPort: 22
          env:
            - name: USER_UID
              value: "1000"
            - name: USER_GID
              value: "1000"
            - name: GITEA__database__DB_TYPE
              value: "postgres"
            - name: GITEA__database__HOST
              value: "gitea-db-svc:5432"
            - name: GITEA__database__NAME
              value: "gitea"
            - name: GITEA__database__USER
              value: "gitea"
            - name: GITEA__database__PASSWD
              value: wauiofnasufnweaiufbsdklfjb23456
            - name: GITEA__server__PROTOCOL
              value: "http"
            - name: GITEA__server__DOMAIN
              value: "git.alexmickelson.guru"
            - name: GITEA__server__PUBLIC_URL_DETECTION
              value: "auto"
            - name: GITEA__server__LOCAL_ROOT_URL
              value: "http://gitea-web-svc.gitea.svc.cluster.local:3000/"
            - name: GITEA__server__SSH_DOMAIN
              value: "gitea-gitea-web-svc.beefalo-newton.ts.net"
            - name: GITEA__server__SSH_PORT
              value: "22"
            # security
            - name: GITEA__service__ENABLE_BASIC_AUTHENTICATION
              value: "false"
            - name: GITEA__service__DISABLE_REGISTRATION
              value: "true"
            - name: GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION
              value: "false"
            - name: GITEA__openid__ENABLE_OPENID_SIGNIN
              value: "false"
            - name: GITEA__openid__ENABLE_OPENID_SIGNUP
              value: "false"
          volumeMounts:
            - name: gitea-data
              mountPath: /data
            - name: timezone
              mountPath: /etc/timezone
              readOnly: true
            - name: localtime
              mountPath: /etc/localtime
              readOnly: true
            - name: landing-page
              mountPath: /data/gitea/templates/home.tmpl
              subPath: home.tmpl
              readOnly: true
            - name: landing-page
              mountPath: /data/gitea/public/assets/css/custom-landing.css
              subPath: custom-landing.css
              readOnly: true
            - name: landing-page
              mountPath: /data/gitea/public/assets/js/custom-landing.js
              subPath: custom-landing.js
              readOnly: true
      volumes:
        - name: gitea-data
          hostPath:
            path: /data/gitea/data
            type: DirectoryOrCreate
        - name: timezone
          hostPath:
            path: /etc/timezone
        - name: localtime
          hostPath:
            path: /etc/localtime
        - name: landing-page
          configMap:
            name: gitea-landing-page

---
apiVersion: v1
kind: Service
metadata:
  name: gitea-web-svc
  namespace: gitea
  annotations:
    tailscale.com/expose: "true" # exposes IP directly
spec:
  type: NodePort
  ports:
    - name: http
      port: 3000
      targetPort: 3000
    - name: ssh
      port: 22
      targetPort: 22
  selector:
    app: gitea-web
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gitea
  namespace: gitea
  annotations:
    cert-manager.io/cluster-issuer: cloudflare-issuer
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - git.alexmickelson.guru
      secretName: git-tls-cert2
  rules:
    - host: git.alexmickelson.guru
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: gitea-web-svc
                port:
                  number: 3000