module "gitea" { source = "./service" name = "git" image = "gitea/gitea:1.21" resources = { cpu = 200 memory = 512 } env = { # Custom files should be part of the task GITEA_WORK_DIR = "$${NOMAD_TASK_DIR}" GITEA_CUSTOM = "$${NOMAD_TASK_DIR}/custom" } ingress = true service_port = 3000 use_wesher = var.use_wesher ports = [ { name = "ssh" to = 22 } ] service_check = { path = "/api/healthz" } custom_services = [ { name = "git-ssh" port = "ssh" tags = [ "traefik.enable=true", "traefik.tcp.routers.git-ssh.entryPoints=gitssh", "traefik.tcp.routers.git-ssh.rule=HostSNI(`*`)", "traefik.tcp.routers.git-ssh.tls=false", ] }, ] use_smtp = true mysql_bootstrap = { enabled = true } oidc_client_config = { description = "Gitea" redirect_uris = [ "https://git.thefij.rocks/user/oauth2/authelia/callback", ] scopes = ["openid", "email", "profile"] } host_volumes = [ { name = "gitea-data" dest = "/data" read_only = false }, ] # TODO: Bootstrap OIDC with # su -- git gitea admin auth add-oauth --name authelia --provider openidConnect --key gitea --secret "{{ .oidc_secret }}" --auto-discover-url https://authelia.thefij.rocks/.well-known/openid-configuration --skip-local-2fa templates = [ { data = <