Migrate gitea to gitea.nik4nao.com

ansible/roles/gitea-runner/tasks/main.yaml

@@ -61,7 +61,7 @@
       After=network.target
 
       [Service]
-      Environment=GITEA_INSTANCE_URL=https://gitea.home.arpa
+      Environment=GITEA_INSTANCE_URL=https://gitea.nik4nao.com
       Environment=GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea_runner_token }}
       Environment=GITEA_RUNNER_NAME=minisforum
       Environment=SSL_CERT_FILE=/etc/ssl/certs/homelab-ca.pem

ansible/roles/watch-party/defaults/main.yaml

@@ -3,5 +3,5 @@
 # Called by: ansible/playbooks/deploy-watch-party.yaml
 # Description: Default variables for the watch-party role including repo URL and local directory.
 
-watch_party_repo: https://gitea.home.arpa/nik/watch-party.git
+watch_party_repo: https://gitea.nik4nao.com/nik/watch-party.git
 watch_party_dir: /Users/nik/repo/watch-party

config/dashy/conf.yaml

@@ -112,14 +112,9 @@ sections:
         id: 4_836_watchparty
       - title: Gitea
         icon: si-gitea
-        url: https://gitea.home.arpa
+        url: https://gitea.nik4nao.com
         target: newtab
         id: 5_836_gitea
-      - title: old-qBittorrent
-        icon: si-qbittorrent
-        url: http://192.168.7.183:8082
-        target: newtab
-        id: 1_836_qbittorrent
     displayData:
       cutToHeight: true
       rows: 1

manifests/gitea/gitea-public-ingress.yaml

@@ -0,0 +1,29 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: gitea-nik4nao-tls
+  namespace: gitea
+spec:
+  secretName: gitea-nik4nao-tls
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  dnsNames:
+    - gitea.nik4nao.com
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: gitea-public
+  namespace: gitea
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`gitea.nik4nao.com`)
+      kind: Rule
+      services:
+        - name: gitea-http
+          port: 3000
+  tls:
+    secretName: gitea-nik4nao-tls

manifests/gitea/gitea-runner.yaml

@@ -35,7 +35,7 @@ spec:
           image: gitea/act_runner:latest
           env:
             - name: GITEA_INSTANCE_URL
-              value: "https://gitea.home.arpa"
+              value: "https://gitea.nik4nao.com"
             - name: GITEA_RUNNER_REGISTRATION_TOKEN
               valueFrom:
                 secretKeyRef:
@@ -101,6 +101,6 @@ data:
     container:
       network: host
       privileged: true
-      options: "--add-host=gitea.home.arpa:192.168.7.77"
+      options: "--add-host=gitea.nik4nao.com:192.168.7.77"
       valid_volumes:
         - "**"

values/gitea.yaml

@@ -6,23 +6,6 @@ replicaCount: 1
 image:
   tag: "1.23"
 
-ingress:
-  enabled: true
-  className: traefik
-  annotations:
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    traefik.ingress.kubernetes.io/router.tls: "true"
-    cert-manager.io/cluster-issuer: internal-ca-issuer
-  hosts:
-    - host: gitea.home.arpa
-      paths:
-        - path: /
-          pathType: Prefix
-  tls:
-    - secretName: gitea-tls
-      hosts:
-        - gitea.home.arpa
-
 gitea:
   admin:
     username: nik
@@ -31,9 +14,9 @@ gitea:
 
   config:
     server:
-      DOMAIN: gitea.home.arpa
-      ROOT_URL: https://gitea.home.arpa
-      SSH_DOMAIN: gitea.home.arpa
+      DOMAIN: gitea.nik4nao.com
+      ROOT_URL: https://gitea.nik4nao.com
+      SSH_DOMAIN: gitea.nik4nao.com
       SSH_PORT: 2222
     repository:
       DEFAULT_PRIVATE: true
@@ -75,22 +58,3 @@ service:
 
 postgresql-ha:
   enabled: false
-
-deployment:
-  env:
-    - name: SSL_CERT_FILE
-      value: /etc/ssl/internal-ca/ca.crt
-
-extraVolumes:
-  - name: internal-ca
-    configMap:
-      name: internal-ca-cert
-
-extraVolumeMounts:
-  - name: internal-ca
-    mountPath: /etc/ssl/internal-ca
-    readOnly: true
-
-initPreScript: |
-  cp /etc/ssl/internal-ca/ca.crt /usr/local/share/ca-certificates/internal-ca.crt
-  update-ca-certificates

values/pihole-debian.yaml

@@ -35,13 +35,18 @@ dnsmasq:
     - address=/gitea.home.arpa/192.168.7.77
     - address=/pihole.home.arpa/192.168.7.77
     - address=/home.arpa/192.168.7.77
+    - address=/nik4nao.home.arpa/192.168.7.183
     - address=/dashy.home.arpa/192.168.7.77
     - address=/jellyfin.home.arpa/192.168.7.77
     - address=/qbittorrent.home.arpa/192.168.7.77
     - address=/jdownloader.home.arpa/192.168.7.77
     - address=/glances.home.arpa/192.168.7.77
     - address=/glances-debian.home.arpa/192.168.7.77
-    - address=/watch-party.nik4nao.com/192.168.7.77
+    - address=/ca.home.arpa/192.168.7.77
+    - address=/auth.home.arpa/192.168.7.77
+    - address=/traefik.home.arpa/192.168.7.77
+    - address=/photoview.home.arpa/192.168.7.77
+    - address=/gitea.nik4nao.com/192.168.7.77
 
 persistentVolumeClaim:
   enabled: true

values/pihole.yaml

@@ -76,4 +76,5 @@ dnsmasq:
     - address=/ca.home.arpa/192.168.7.77
     - address=/auth.home.arpa/192.168.7.77
     - address=/traefik.home.arpa/192.168.7.77
-    - address=/photoview.home.arpa/192.168.7.77
+    - address=/photoview.home.arpa/192.168.7.77
+    - address=/gitea.nik4nao.com/192.168.7.77