# --- Resource Optimization: Disable HA Clusters ---
postgresql-ha:
  enabled: false
valkey-cluster:
  enabled: false

# --- Lightweight Database (PostgreSQL) ---
postgresql:
  enabled: true
  global:
    postgresql:
      auth:
        database: gitea
        username: gitea
        password: "eexai7ohHoameo3aefah" # <--- [1] DB Password
  # Reduce DB resources for private use
  primary:
    resources:
      requests:
        cpu: 10m
        memory: 128Mi
      limits:
        memory: 512Mi
    persistence:
      size: 5Gi
      storageClass: openebs-hostpath

# --- Lightweight Cache (Valkey Standalone) ---
valkey:
  enabled: true
  architecture: standalone
  global:
    valkey:
      password: "Aid0eiy1ohghoagahjo3" # <--- [2] Cache Password
  master:
    resources:
      requests:
        cpu: 10m
        memory: 64Mi
      limits:
        memory: 128Mi
    persistence:
      enabled: false # Ephemeral cache is fine for home use (saves disk I/O)

# --- Gitea Configuration ---
image:
  tag: "1.21.5"
  rootless: true

# Limit Gitea's own resources
resources:
  gitea:
    requests:
      memory: 256Mi
      cpu: 100m
    limits:
      memory: 1Gi
      cpu: 1000m

persistence:
  enabled: true
  storageClass: openebs-hostpath
  size: 10Gi
  accessModes:
    - ReadWriteOnce

gitea:
  admin:
    username: "moritz"
    password: "oongaeY9ohw4eith2Aiv" # <--- [3] Admin Password
    email: "moritz@moritzgraf.de"

  config:
    security:
      INSTALL_LOCK: true
      SECRET_KEY: "eew5quoo3jeiPheeb7eereeTaik2Ieth" # <--- [4] Secret Key
    server:
      DOMAIN: git.moritzgraf.de
      ROOT_URL: "https://git.moritzgraf.de/"
      SSH_DOMAIN: git.moritzgraf.de
      SSH_PORT: "2222"         # External display port
      SSH_LISTEN_PORT: "2222"  # Internal container port
      START_SSH_SERVER: true
    
    # Connect to our standalone Valkey instance
    # The default host for the subchart is usually: <release-name>-valkey-master
    cache:
      ADAPTER: redis
      HOST: "redis://:Aid0eiy1ohghoagahjo3@gitea-valkey-master:6379/0" # <--- [2] Cache Password
    session:
      PROVIDER: redis
      PROVIDER_CONFIG: "redis://:Aid0eiy1ohghoagahjo3@gitea-valkey-master:6379/0" # <--- [2] Cache Password
    queue:
      TYPE: redis
      CONN_STR: "redis://:Aid0eiy1ohghoagahjo3@gitea-valkey-master:6379/0" # <--- [2] Cache Password

service:
  ssh:
    type: NodePort
    port: 2222
    targetPort: 2222
    nodePort: 30222 # Open this port on your firewall/router if needed

ingress:
  enabled: true
  className: nginx
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.ingress.kubernetes.io/proxy-body-size: "512m"
  hosts:
    - host: git.moritzgraf.de
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: git-moritzgraf-de
      hosts:
        - git.moritzgraf.de