---
apiVersion: v1
kind: Secret
metadata:
  name: gitea-admin-pass
  annotations:
    "helm.sh/resource-policy": "keep"
type: Opaque
data:
  {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "gitea-admin-pass") | default dict }}
  {{- $secretData := (get $secretObj "data") | default dict }}
  {{- $pass := (get $secretData "password") | default (randAlphaNum 32 | b64enc) }}
  password: {{ $pass | quote }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitea
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitea
  template:
    metadata:
      labels:
        app: gitea
    spec:
      containers:
      - name: gitea
        image: gitea/gitea:latest
        ports:
        - containerPort: 22
          name: ssh
        - containerPort: 3000
          name: http
        volumeMounts:
        - name: gitea-persistent-storage
          mountPath: /data
          subPath: backup/gitea/gitea/data
      volumes:
      - name: gitea-persistent-storage
        persistentVolumeClaim:
          claimName: homey-pvc-nfs
---
apiVersion: v1
kind: Service
metadata:
  name: gitea-svc
spec:
  selector:
    app: gitea
  ports:
  - name: http-port
    protocol: TCP
    port: 3000
    targetPort: http
  selector:
    app: gitea
---
apiVersion: v1
kind: Service
metadata:
  name: gitea-svc-ssh
spec:
  type: NodePort
  selector:
    app: gitea
  ports:
  - name: ssh
    protocol: TCP
    port: 22
    targetPort: ssh
    nodePort: 32222
  selector:
    app: gitea
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gitea-ingress
spec:
  ingressClassName: {{ .Values.homey.ingress_class }}
  tls:
    - hosts:
      - git.{{ .Values.homey.url }}
      secretName: {{ .Values.homey.certname }}
  rules:
  - host: git.{{ .Values.homey.url }}
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: gitea-svc
            port:
              number: 3000