From b02ef13a6ba68b8103d41d42160aabb5537973e6 Mon Sep 17 00:00:00 2001
From: Jan Novak <jan.novak@livesport.eu>
Date: Sat, 27 Dec 2025 00:19:16 +0100
Subject: [PATCH] add several config files, namely relevant to docker-30 and
 gitea

---
 docker-30/gitea/docker-compose.yaml    | 117 +++++++++++++++++++++++++
 docker-30/gitea/readme.md              |  14 +++
 docker-30/readme.md                    |   0
 todo.md                                |   4 +-
 vagrant/Vagrantfile                    |   9 +-
 vagrant/k8s/gitea-values.yaml          |  31 +++++++
 vagrant/k8s/loadbalancer-ip-pools.yaml |   2 +-
 vagrant/k8s/notes.md                   |  64 ++++++++++++++
 8 files changed, 236 insertions(+), 5 deletions(-)
 create mode 100644 docker-30/gitea/docker-compose.yaml
 create mode 100644 docker-30/gitea/readme.md
 create mode 100644 docker-30/readme.md
 create mode 100644 vagrant/k8s/gitea-values.yaml
 create mode 100644 vagrant/k8s/notes.md

diff --git a/docker-30/gitea/docker-compose.yaml b/docker-30/gitea/docker-compose.yaml
new file mode 100644
index 0000000..f9a37ae
--- /dev/null
+++ b/docker-30/gitea/docker-compose.yaml
@@ -0,0 +1,117 @@
+version: '3.8'
+
+services:
+  postgres:
+    image: postgres:16
+    container_name: gitea-postgres
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: gitea
+      POSTGRES_USER: gitea
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+    networks:
+      - gitea-network
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U gitea"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  # minio:
+  #   image: minio/minio:RELEASE.2025-09-07T16-13-09Z-cpuv1
+  #   container_name: gitea-minio
+  #   restart: unless-stopped
+  #   command: server /data --console-address ":9001"
+  #   environment:
+  #     MINIO_ROOT_USER: gitea
+  #     MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
+  #   volumes:
+  #     - ./minio:/data
+  #   networks:
+  #     - gitea-network
+  #   healthcheck:
+  #     test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
+  #     interval: 30s
+  #     timeout: 20s
+  #     retries: 3
+
+  gitea:
+    image: gitea/gitea:1.25
+    container_name: gitea-server
+    restart: unless-stopped
+    depends_on:
+      postgres:
+        condition: service_healthy
+      #minio:
+      #  condition: service_healthy
+    environment:
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=postgres:5432
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=gitea
+      - GITEA__database__PASSWD=${POSTGRES_PASSWORD}
+      - GITEA__server__DOMAIN=gitea.home.hrajfrisbee.cz
+      - GITEA__server__SSH_DOMAIN=gitea.home.hrajfrisbee.cz
+      - GITEA__server__ROOT_URL=https://gitea.home.hrajfrisbee.cz
+      - GITEA__security__SECRET_KEY=${GITEA_SECRET_KEY}
+      - GITEA__security__INTERNAL_TOKEN=${INTERNAL_TOKEN}
+      #- GITEA__storage__STORAGE_TYPE=minio
+      #- GITEA__storage__MINIO_ENDPOINT=minio:9000
+      #- GITEA__storage__MINIO_ACCESS_KEY_ID=gitea
+      #- GITEA__storage__MINIO_SECRET_ACCESS_KEY=${MINIO_ROOT_PASSWORD}
+      #- GITEA__storage__MINIO_BUCKET=gitea
+      #- GITEA__storage__MINIO_USE_SSL=false
+      #- GITEA__lfs__STORAGE_TYPE=minio
+      #- GITEA__packages__STORAGE_TYPE=minio
+      - GITEA__actions__ENABLED=true
+    volumes:
+      - ./data:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3000:3000"
+      - "2222:22"
+    networks:
+      - gitea-network
+
+  gitea-runner:
+    image: gitea/act_runner:nightly
+    container_name: gitea-runner
+    restart: unless-stopped
+    depends_on:
+      - gitea
+    environment:
+      GITEA_INSTANCE_URL: http://gitea:3000
+      GITEA_RUNNER_REGISTRATION_TOKEN: ${RUNNER_TOKEN}
+    volumes:
+      - ./runner-data:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - gitea-network
+
+  # caddy:
+  #   image: caddy:2.7-alpine
+  #   container_name: gitea-caddy
+  #   restart: unless-stopped
+  #   ports:
+  #     - "80:80"
+  #     - "443:443"
+  #   volumes:
+  #     - ./Caddyfile:/etc/caddy/Caddyfile
+  #     - ./caddy-data:/data
+  #     - ./caddy-config:/config
+  #   networks:
+  #     - gitea-network
+
+networks:
+  gitea-network:
+    driver: bridge
+
+volumes:
+  postgres-data:
+  #minio-data:
+  gitea-data:
+  #caddy-data:
+  #caddy-config:
\ No newline at end of file
diff --git a/docker-30/gitea/readme.md b/docker-30/gitea/readme.md
new file mode 100644
index 0000000..7b6d1f3
--- /dev/null
+++ b/docker-30/gitea/readme.md
@@ -0,0 +1,14 @@
+# Gitea
+
+```bash
+# mkdir -p /srv/docker/gitea-production/{data,postgres,minio,config}
+mkdir -p /srv/docker/gitea-production/{data,postgres,config}
+cd /srv/docker/gitea-production
+
+# Generate secure passwords
+echo "POSTGRES_PASSWORD=$(openssl rand -base64 32)" > .env
+echo "MINIO_ROOT_PASSWORD=$(openssl rand -base64 24)" >> .env
+echo "GITEA_SECRET_KEY=$(openssl rand -base64 32)" >> .env
+echo "INTERNAL_TOKEN=$(openssl rand -base64 32)" >> .env
+
+```
\ No newline at end of file
diff --git a/docker-30/readme.md b/docker-30/readme.md
new file mode 100644
index 0000000..e69de29
diff --git a/todo.md b/todo.md
index 741a4ce..572ce8d 100644
--- a/todo.md
+++ b/todo.md
@@ -1,7 +1,9 @@
 ## kubernetes apps
 - certManager
 - cloudNativePg
-- longhorn CSI
+- ~~longhorn CSI~~
+- [20.7.2024] portworx
+- ingress controller
 
 
 ## other apps
diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile
index 88d838d..31a542f 100644
--- a/vagrant/Vagrantfile
+++ b/vagrant/Vagrantfile
@@ -7,9 +7,11 @@ VAGRANT_BOX         = "generic/ubuntu2204"
 VAGRANT_BOX_VERSION = "4.3.12"
 CPUS_MASTER_NODE    = 2
 CPUS_WORKER_NODE    = 4
-MEMORY_MASTER_NODE  = 2048
-MEMORY_WORKER_NODE  = 4096
-WORKER_NODES_COUNT  = 2
+#MEMORY_MASTER_NODE  = 2048
+MEMORY_MASTER_NODE  = 4096
+#MEMORY_WORKER_NODE  = 4096
+MEMORY_WORKER_NODE  = 8192
+WORKER_NODES_COUNT  = 3
 
 
 Vagrant.configure(2) do |config|
@@ -84,6 +86,7 @@ Vagrant.configure(2) do |config|
         libvirt.cpus     = CPUS_WORKER_NODE
         libvirt.storage_pool_path = '/srv/vms'
         libvirt.storage :file, :size => '50G', :type => 'qcow2'
+        libvirt.storage :file, :size => '50G', :type => 'qcow2'
       end
 
       node.vm.provision "shell", path: "bootstrap_kworker.sh"
diff --git a/vagrant/k8s/gitea-values.yaml b/vagrant/k8s/gitea-values.yaml
new file mode 100644
index 0000000..c2de69e
--- /dev/null
+++ b/vagrant/k8s/gitea-values.yaml
@@ -0,0 +1,31 @@
+# helm upgrade --install gitea gitea-charts/gitea -n gitea --values gitea-values.yaml
+
+global:
+  storageClass: px-csi-db
+
+# clusterDomain: homelab.hrajfrisbee.cz
+
+
+gitea:
+  config:
+    server:
+      SSH_DOMAIN: gitea.homelab.hrajfrisbee.cz
+
+# service:
+#   http:
+#     type: LoadBalancer
+#     port: 443
+#     annotations:
+#       "io.cilium/lb-ipam-ips": "192.168.0.31"
+#       "lbipam.cilium.io/sharing-key": "1234"
+#     labels:
+#       homelab/public-service: "true"
+#   ssh:
+#     type: LoadBalancer
+#     port: 22
+#     ClusterIP:
+#     annotations:
+#       "io.cilium/lb-ipam-ips": "192.168.0.31"
+#       "lbipam.cilium.io/sharing-key": "1234"
+#     labels:
+#       homelab/public-service: "true"
diff --git a/vagrant/k8s/loadbalancer-ip-pools.yaml b/vagrant/k8s/loadbalancer-ip-pools.yaml
index 99eee2d..a5736ed 100644
--- a/vagrant/k8s/loadbalancer-ip-pools.yaml
+++ b/vagrant/k8s/loadbalancer-ip-pools.yaml
@@ -6,4 +6,4 @@ metadata:
 spec:
   cidrs:
     - start: "192.168.0.31"
-    - stop: "192.168.0.39"    
\ No newline at end of file
+      stop: "192.168.0.39"    
\ No newline at end of file
diff --git a/vagrant/k8s/notes.md b/vagrant/k8s/notes.md
new file mode 100644
index 0000000..0484aff
--- /dev/null
+++ b/vagrant/k8s/notes.md
@@ -0,0 +1,64 @@
+## gitea
+
+```bash
+# gitea install
+helm repo add gitea-charts https://dl.gitea.com/charts/ 
+helm upgrade --install gitea gitea-charts/gitea -n gitea --values gitea-values.yaml
+```
+
+
+## ingress
+```bash
+# istio
+# based on: https://tetrate.io/blog/istio-ingressclass-controller-with-helm/
+helm repo add istio https://istio-release.storage.googleapis.com/charts
+helm repo update
+
+kubectl create ns istio-system
+# this installs only serviceAccount and webhook
+helm install istio-base istio/base -n istio-system
+
+helm upgrade --install istiod istio/istiod -n istio-system \
+  --set meshConfig.ingressSelector=istio-ingress \
+  --set meshConfig.ingressService=istio-ingress \
+  --set pilot.env.K8S_INGRESS_NS=istio-ingress
+
+kubectl create ns istio-ingress
+helm install istio-ingress istio/gateway -n istio-ingress 
+
+helm install istio-ingressgateway istio/gateway -n istio-system
+
+# ingress class
+cat <<EOF | kubectl apply -f -
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+  name: istio
+  annotations:
+    ingressclass.kubernetes.io/is-default-class: "true"
+spec:
+  controller: istio.io/ingress-controller
+EOF
+
+# first ingress
+cat <<EOF | kubectl apply -f -
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: httpbin
+spec:
+  ingressClassName: istio
+  rules:
+  - host: httpbin.homelab.hrajfrisbee.cz
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: httpbin
+            port:
+              number: 8000
+EOF
+
+```
\ No newline at end of file