From 3d5f8c7cf1c7bc12ee9f086566e89b90408850ba Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Thu, 30 Jul 2020 15:02:02 +0200
Subject: [PATCH 01/25] remove helm build artifacts since they are not needed
 in this repository

---
 .gitignore               |   2 ++
 .helmignore              |  24 ++++++++++++++++++++++++
 Chart.lock               |   6 ------
 charts/mariadb-7.3.0.tgz | Bin 22060 -> 0 bytes
 4 files changed, 26 insertions(+), 6 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 .helmignore
 delete mode 100644 Chart.lock
 delete mode 100644 charts/mariadb-7.3.0.tgz

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..8d89461
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+charts
+Chart.lock
diff --git a/.helmignore b/.helmignore
new file mode 100644
index 0000000..7449b68
--- /dev/null
+++ b/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+#charts/
+#Chart.lock
diff --git a/Chart.lock b/Chart.lock
deleted file mode 100644
index 11715b1..0000000
--- a/Chart.lock
+++ /dev/null
@@ -1,6 +0,0 @@
-dependencies:
-- name: mariadb
-  repository: https://charts.bitnami.com
-  version: 7.3.0
-digest: sha256:eac0df60131cc9aa4784d84693592d56c9f12ddf8272881b66c2cdcf34e305d7
-generated: "2019-12-09T16:07:28.17872647-05:00"
diff --git a/charts/mariadb-7.3.0.tgz b/charts/mariadb-7.3.0.tgz
deleted file mode 100644
index d8d116fdf078ddfb759a4b3cb77c67274c606b17..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 22060
zcmV*DKy1GsiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0POw!cH20TI1JC<x{6x4cVo|(lI(o+jCQkUosZ7s?M~v2-QB<a
zW&79=2}u}J1RDVDsN<aT-o|r#&y_p}1%L!8lA>(oqkGKV=~yH_3I$Z5s!*s}5Wz?^
z89tp8p$1E`i2t<pXEYj(zJ2%*{~e7+)qf8TA3Sh>oA(EY4<0`J6Ko%nnkSQrh(C=+
zw{537xZlY`QuY%SlJR5=mj^wPruol<(cu2zaMX*a3<XOSzWk0zwGV>Ej7(y>4>BaN
z`HLhGP$HM0IAoFnPiYcJo{5m^@<i7sF+@a>36Zo1AeU0n#Q<LEHTdiaoKSH|1uzLL
zQ8bBY1XC_x!K4N#2nACtB=J7XDY;w*F((nEf=5}X+qTWg9srSWMdMiis~ez;35_C_
z%yhdP7DUP*qG`;RGy=(|>WT<DfWNcZJYE91Bn*d?!xhGvR8$OlG?}r4j$y`C8u#XW
zLB}vxDwX5m&=S&si&>9_8ddJggsFrq*dXMKA(4_QIh2Zo7t+-kvc=5(9pI<n@No40
z@cx5An#_6^ba}-^B*(n~Y$^TMQvMqEf&!lbm=~$w3##Tclf4CDi6Sha0xQ!6VeuG3
z?q2?v2U-sxA$mYh%)6fX<vKJIiOsli&6t{J6C9Rp$Nd{bJiMSHD4?yWQ@}aIu|#L|
zeaeNRqIc<*;J1VOgHi8G)5stBaZB)$#2J;JW&>#F{|^rCkG`$)|8Ebzz2pC%<JsAP
z7crlZ7@i@`0$Y$7g_H=gpo$9F+u4ERm=a0%A>oRGniB<T&Lmv1I0k-6g<z3>Pgg4M
z153g<L*5(FRP*#CWK`~JCNyQUOwh>f7rOq;fP#xrcl<OHf+ou2$+K2q$L7sjI%86a
zCGJW1<~WPv6B-Jt^niLhww-Zr2cTSM42z}v`!!k6qJ-CmsRs~vg}<ju^EIy}6&GYi
zpT<N=-Rz0?yQhcuqohC*AhDt%A&P<w=QPS<D)xa6W&`N!CNBB|U0Bd*v8P;Q6Dks_
zs2ngpjCd%AipUE&B+-H;OmA0#-L{4~s)I!qE0)GI$or8)gO2=#27Zjd*?l121rY};
zfM{-RxIHp;k#7Z#u_!V#onZZO4?yIYwiOx2w<(uQas9s1Mh`%dSuT(S5uGrS1b+*}
z!QXlSJ3DZa(vVG;K#G|<<}nMG=JPW;C0VSbUTXJ_;w!S0_kd09@=;`_WsZ9>QB<mX
z`#@t!K~jaqUrt|hbu6f)iMnT+%MnmN5t*bSm}M-YL+n5fcTz!vG>c=F%mVWcTj~L%
zIjCdsyD~k!NsZJLFG0E?CP0KBOW@O$WjV0eFu!1tNd*%M3zB5mMkpvzGy;|&wdoyR
zrX-|;%D7rrSh1W^9tF8DG1Mb5g9}o@E{URno9Uq&?GBDNCnEi#jfmWEa3++<sGhVX
z&)|w@aRf2Dp!$oX6zF>;2(V<z#R5f5;0eThW)KZ86{t)k5}q8L{2kfC>!VjMA)=FP
zHZzhTXu^r;#KT3KsAEe9*s&b$=;i~S1QR0XLEdf;Odn&Il2}qCtP>@4kBV!?r5Mgk
z&PAOVInCl&&krcNNcGBuU1YaTq{9gm6d5y4<enj9{pTCo*tpW2ZnH~QrX}~f+}g{8
zDNlm*d9VI_$>VH6kEyUiyBx#QIZ0-Qz4NPt3dH_Q@GR9!SierSxF?ln^rk*6c$TP?
zvjk^eWXX~IQBpCU$`@GCNGmWEe1R=U8fJp2<x`$0`d;bZdJSm4*;@sv2S5|On?!C}
zEQi-$n)p)#hsxKC<xx@zs=_(G@M+s{9ejN=y1qGOe|p-s)Lld0>nL1f)u|Tn;bX5S
zskmez&cx0Re4hgf_5-M8O84QZ+1p+o8(QWOJ?26I5fo&Wq8bqaQIO``RM#69^^o`2
z9r9)BSkZ#$-(z_He&GJ!evvV`q}30)pE2COKYCQ&hHwfTOt@B257n=K;3RrNVv>ZG
z5^~u60m_aXIpj%5Q>{>%$}&i(y5i!3B{TPKxT9MPG&~yKf)zUmtAoEk8jTLh!`813
zk^YZ)BvDb<pdN*xCe-fINz?i&-dmspVwxVh1!21y`-o;#!qr^skOGJU$`%AU$30>~
z9c{RQo1X>c@9e;-B^k$%Doq&y)lSLFsTPA#JkZl;TGR4_-k<h?n1+~y8BM4_qRb>R
z;CUO%#R<t}ueUs=@PtSjX&h6DQuy07C`Qq5NHR6&g8hb@;809Rh|-t-W4tnYJENMf
zApZo*KyN>zjw9nM`d%Rr6*gUB#2S4)0L$UEu!oDV;Qi)}6PxLKCY463L}miJY?g3A
zB?!*dK136o9YNEWg+?AoiIiwZu{)(}!EhskcPHy2DmAVmn&=%Gl?L51LShy|xvXow
zhHg9CNp>Vv8lphWX`p)xT&r5Jm@*+%AhIME9qq?4^!vWJh+91uA=Rr^pwOFdGI^x|
zoN7IeNf7kcj0tONyEmut0<v@_NJQ`Hs+yZXDtJmoyew#dVO>oL*p*)Rf+P`N<UJVm
za6$`07&yqW%5e_9M~SbH;L0ckB7wk^#S~Z~6(y0TQ$tiF0h(Mg!IK4w4;qn^n7WQw
z@(&s+yB{6NpHLL=7yr{tD!xEO4WmhQ#-mAPu5~%2TfMlpGUZ5*dd^AUEO`Mc5Op)2
zAsygsuTK6mTU}3@q4KQ*RtJ+c6E4p@!|oqwDQdVs%SwFfu`0(@@fWh5;-g)W&yjEX
z3{InwNy|_rZZ~EQwJtPuC8hq`F6V*99zw7WJc*Y;Oxs2f0AnJ@(Ofm`rB&|jk&4fH
zH4?YN7_&4Wf!DILag+(f72u*Br0p{8b+G+$*>xjcKPA1egsEr(=4cA#BPV@F43$43
zP?xd=G;StTixXNcKrRLo&Qa1ivi3K2N#o@{8W=*7K$<E2x5%5wl8729UJpqQ?Lwf5
z5=&H80|V3`f`|zkYE{w58s`0pX~!537t1sK_RKUskn=HITdN}M{L65{lA)Zt7c`u6
z=s)8i@yvuJvq8VNgBuvKidQ6sE2idMM*Es;`R{bqfLj8x3UuDjxYx6af=67@1YQ}Y
zL86G+lfINkK$3(jTp4mhjYflY$>`P4sxyHeU%)4NS;(Q+E*h8oj+{PoL6>7|N;WS@
z!nLjt;0O1^6sU@H`5;2RSm@0@W(kF9Oq@aKDM>VjGieOij$&7f@0%mY_hgaAR;@KH
zpyB8{U1SXXAXt$1T2@YIr~)bk7xMAJXfy)+a%R8i;XOWh_^@vQKAKMTEG@AQ#J7}e
zh7@HAtkW5CbeFcAp=kz1daWf6cZlsMAW0OEM6tlVaU*iSjT&#XcbX!<fe8sOu84@F
z#!pHVo3NOv<pBQ2l3K#AAYu}?G^Sv(1VI=45)E_8axrK6V{&eceo7ZrbHTIO-0oQe
z2gM-e(NUsUjv&i_a-K%Kk7GOpwm@rr9AYw|vAi)>Jqxf#Um$60CNDRH>enaumJ1JK
zr#z-+3U1zc!<1^hOyTsYyptT9;*}i3yI(9cSsD>VPn6ybW@e2!3bE9FqKKl?EIy%X
zL-N*C9di=lD<yc0hY`}YC#f3lnC=5<`e$e}FN0((OvbYFmZN$7M=a1Q2}!wq5%*ZV
zsE!MZquE*DX-wFn%A?lKZeh6$jG0m9DD^rWJ0sl7skIVhk^*UhV&4<XbV0gE)$$n=
zzM-uucxeXLI9k2cI(7N@r>C~Kdxd>ETir=E$+s?N4Y4*^#f@3kmXz7#n5em_h#&AL
zR1bjM*jEQ@kHf&6hZQJ_=#(Wi+Ap1-;kgw2hyUt7y*l=^rXTd{s`dN(a5ZP)+%Xvm
z(NY5$YEkKuNyZantat6{tsbF(U5$ds93brh7p|)$i{pJr_)2%U7XZsg1iHpPgmcbw
zJCJR!=$(oI!0s$P1fIar&nJ2mB#DTKfG0&uFTQ`iuRp`T!JCvOCyIm@du0P``OvW+
z^qVIDXTGvU=Pmggs%B7)tr!Cpyy6ip)yLQRtu+J(@RpM3XTcPGlZ3RnLCJnAwWNQK
z;jb^4rfS?ZUnWdF&CejT;G{<$SY0&YK`tiQo!?mZVUo$^ggcY2-K)p&?q0<2?Zdsi
z);-4okDO6naV-?sQ>Hq()v}K7s(Zbu@;tfxi3n+5<&d8KU;6@#oHB;~^GwU`!($?t
z>=(A$aw}E@ai%wTwLJOnAB+G<AT%b8#c~iPQ<PL|STlOupmuXH8Pdf3&UXwgZs8jv
zbS;))G9B*NaRq!Dl(v>2@1qA+bsfWXfOGfGxc2;FCh~%%fgX7vsO0gbnPvK3YY$AF
zS)!0<Q!dUFTTrRUBE>QjB5B0L;~`H~ErUtpY{rtarZPkG-4x|QJ+?M`0I6koRbNRh
zQi~{E%Ir0Zw6PCmfz|RFiDQ06qqCG?^9PS!nQ<^JK1GqBQa&CH@c#@@EJ8G{0VEov
zEW!#gpBXW+zDCSv&aG+?bHmxfIT0jOR0NVLG_+Ik_{Y=l{%XGR*!bwVFPWPD^~@-P
z@mYw(2k<V88BNqLx5uQN?Vtoz0ZzvWwTp}-WJbjnpxS62s$^*GChkNFRdp(r1fvlw
znA%vt(DHJo48h<jSuS6c&&>d0c1aT|<+0!sD{<5a2|M{7moUXh%zn$aBxgPh(bl8L
z1x0NWG$mp!W~w}+F<G9_kSCEG!@=RG(z127@Xzkdajiix6^utkbyHjS!8297HglKZ
z9&$PtRL*%Ex%X4T;!IHQ{e46TiP%~U)DGhQ*D(e>QH-83DKfMSJ;|aORh5xA>kGhw
zB}dLL$~C*AxzCRY@!#96Omif=IoQ)7C*Zl0N4KQh67$YtO%qY%b{9`NK;Mj_m31<N
z-OZ>-NE}3o9FRDjlR=pb=3FYfnNJ3G-$5tUo;i>-{z7QaEJo-o5huFHogw1R5b;F}
z5x79_>=2*H4q<5hYc@lCemg+D23X-scM96)SJ03({Bx^mce>YCu6uoXg{n$BhHCDV
zs^6PZ_2A)GF@`&(YE`KcysB0$s1hvPu4^>Xb&y}`1Lq<=8XO!B4*Xjjhxg4AXub;p
zcV5#iUeh(wU2(fo11m#8v~=3nB-^hkU_6=oe>)gGa4Ow%6s3rmId6iLNULO4?`yWY
z&otlj%-JpqPe)>AVRw$m@2osxe30!gBS;2;-ZN>a1|(Dbj3uF<THG6iT12%c8P%c_
zmc)E^mW!{|@8){%8A}o#P0q9ukkvP23o3q*wHGwE%sQ0trPS3zESd5%8P4f~42%$<
zTU=k(j>Hmo*WwBR(R9$cN@&HeZbcV#v9@$7xMuM&lWLQ)g9S^@^3Aoa(ytj6%QHb`
z$`eVu)luE1$P^p6&A)4fPE(3LVvQwJDyFU^z0~UjRas3Ln^zb_Y(}LzQ}n$$LrH7%
zCT>_w&&DQIuL$cfKrM%!nF`&?vP3G9G|_=yoFx%`&v-XDaJn}t9P{vEeNoR3?+h<k
zoh|5MLd9A0f<fNe#-B_9EjrYHpHm{#gp&H1%D)ag@8Gs#INIKw<oyRZ&d8lo@V>Y)
zoZb`8FQrCU2)UqKdNM=6Q!1=0uN8)0@kEQ7jUs&MK5#D6>E07cBN|x&EB`Wvg=sN&
z0nv@c6B1rHF}#2$ciqU6m`Z5{QI@yL5=F%&i8UUjGsvOzb!rgmeJEc{zM2ztPZ~qM
zH8D>)>K9MBpl?p#-EjfMOU;?$82=R}{)zl$w+5ke8ZU-g&sTD&1f@eGTn!~sS{<Ty
zR2&KCR8s2H8H(WtGNJLdx~q8?92EWQH4C2{2q%(C)3J0Wam%iXDr3-UK;Q*g!MpNA
zN%&5X1x5es-N*2R$T=KkiZ4*ZIHkt@>I7rd?4dI@E=F8oR4P5?`AvIijk8QMLsVcW
z779d`BvfFO4zz#hmnLWjTE!!(2#Y0#3pmAlv$%Sdv6oDh^<FL<`}cwB^$LCTBS$#?
z!(J*z3*dkD2R*D^cU5a=MGMhIb1WF#dCFt6`dC&VqbSppLE_=0*tV?Z_`uris(pXy
zFdDzxC%44ei->ag`pxO{lYx4#w${g*_+JkWzpci9d2sOU=q~=t=XiQ1wu{m46~oIu
za~7NX`p82yJDN}%!3ASx^?Ii)#Y2vti3;Zxo&rXi^lrW8=Qx^mhAM^`Rgm&XLU08^
zP;Aj3KEU9uVLyY{`P+{lA&6b9gU8h}@bP1>XD{rUlNY=!@ygl|K71%5DD<n>Z~HKS
zj~@q3-45hsIB>zgVjhxstc(6+LM2&gWT1JK2I9kqKr?ao*}s`(Ij1gV!8<WFjWT%V
z==hTXM-zmgcVt7v;Lhh?c|`2}Xs<Yq@g{8#z+L=-F?_S@&!D||+i3!8r$OcxEi+aK
zIQ&EMBqeJ8xc>olhJlNVR=N-Su@BdH+VtoF1VKbY9?`vC@05e}Pte;c-raF}0FLco
z0B^Gd2%cwS93ywv2M=N;5HRMIanEi$ZoGOc?XZ*rQyqdpEFcJ!T0+3|FRk4R_4wXv
zdP&7S2#i?}>f6L`4kew)BXI5>L7>qx*We!xpo|aep5_eGyIR8-UJ0h?UOry5&_OWY
zGTlIs>G^{o1#gi?lR@GrxEuBK0Pa_ZWzL66qY8KuFV_v~mejU(NIuD(a(7A3XhJA%
zA$N7_^35cV>f+y?GqD#ZGy-lu-fN`ZdoJn;N`~mAuFJby>jT&9y&`6d?m^D^RRR+l
z^Q#<TZ{NH*Jv%-+Ir;g`+h>oza;i5V`xhZs0Mfl!;omk4L7*|Tf}F?Sl*XQ~OO4W9
zYuT63cV`^^eBzO22Zb2B2fGPZuv`AF$PBJQaT}B8T1&+A{dX*hpdX0;{om*>-(1T%
zIehqN+~3>7rStRA+t)8&zsNmHFkDqc6%DmsvFok9DhTlL<9Ow>uKn@j-ae!@bWk4B
z&0G<cO7LVBFF{bvQ%n?2#erOM<|0{$0ul)f`Dqb_)APL;^!~z<DbMx%h=+3EN5d@Q
z2o2}_Do}igS1j@BLtuLebT5HdvgcFQmlmIX_s^>Qe>SIaN`)M#bW5Qi+vWem`wvIe
z_`eTF5AWZ}|DWUe@L~Ap-dn0NVfGi2rh=z}X_j5Y21e_G=M^{T{ds7&ICD?RWA9$6
zqJcgHg@`Qa;*yG|e324Cq5mHTgM$abs1JjuBqivP$*3HBpG~N(J$S*CgT%Fy3YIA7
zlQfmX%YzA3<e=yTBly*q^a^Qtsq%ME;{z_)VvIZJl*LpnQ~G$Jmq|FMW3U4s{<-)3
zeTp`iO7I}u)>{x{q>Z5Xisr<D3BZlJmE+ic^fkS0h%5==(S7`rEl#rOl)Z<3usR|G
z-%}Hsh~#~k_;0^vBu0y+o@<1B(EFL1*0H?OedtkWy)PtMG)Bw0XFbO8P8p3Oi7~hE
zti~F%w0yHWF+s4Ny*|-pF-}iP!@WW8<+K#F4)Q(K=$a;YlFEY-pf%J)5y;}$LfeSi
zLYNCy6|!nPySz+efles*SK2oS{`hhCS@qz|F=1LM3oxa%Jgt1(7*5+t|6gVBud-ih
z&2+!Xa%&+be~wUgZk?h!slNf{T@zTgUOCxw-Ss!eO<TL&M_W}cZa4~TrsE*$k#1T=
z;%bDVv`Wq2j@w@2Jqs<)_y5v|{@KQ`ly?^sn4}z17Kyr<rmZrZlbG;g^J-G7O20Pp
zuUFp5!%a1Ec{#76h2)ij71=#-+rZzo=5aVUIB<~%P3)b*U0!bt#D)RXl63Bp>~1<6
z89HLqDaB~VGUO@U?@clVw(-BA0&+Mw7(v9TOztVy88EdElEW3n0|ngyTck0bqq|eL
z02g@7XDl4_j$+C8b@7nsW{d~A7VBd?B6A!+CciC#YM_l*n~fer65!~CRZN&izcx7Y
zN8^-M`*BbX(EQQ)ubJY-!W{mq9OK$-t6iO3oVdX2KBw&VPRfgFeXBn8`#s#M^;VIj
zhKQ_JPbVU>Wjhm7sr*JnRjs*}xXKmoi0qEYz7Ubs8DdKjkX{*km06H4tbL6+#}hMy
zF8)#xmT8U1y3$3BSX3W~sb)9tcdgPS4eDxv9Ya|<sR(a_y$(FfDj-z_$(d?NDZFZn
zMp=r+`npMYEEgNtz^uip$%XPYLRUk3C9`gMJ?1U<?H~P4jcmZ{ZMuV($m(;-G#<f#
zCf79rl;;-R|Ds&g1kc?9Tg8Sx5o2v(svaVB$<@RVx~{;8=N+mSH_bkLaLgsQZRRVD
zO@WJwH0pVbH*BSKC01gg*Ocuzs@jTc$5U>j8Q{&^>NvFZ7_aU-ci8_@*k8jGjoVZQ
z>DPEkm7J40OTvwHH<F6mT3IV0H&?!smhYtHuSq2>h!J*O!UI-H7-ECT1!=)4Os&0U
z@@?QP9f-GyD{Vr$&26kD+@`8`WP3-pUz}`xx-CUw%u|&ZrLV=PWRyZb+{Eu#w`f^~
zLF+Q~$G@^d*c5i@uV@@^skT?DSDpXWc$WX$|KEOpr7s-KM(xy)MeAtXLTV)n4?}i^
zcp*@l+i%6$nub>KcQY)u<8o7s-fZ+fjvMjb#x`z<|7~IZ^RL`ZN7;(a+p|qPvum+t
z;mP0~)4XGvl_BRQLtG%Y=b7#8e4Q-wMq}S5$J_vbEusDMFWL>qcq?{Uwf$R@bsnuy
zaY0K?&n<>*-*LFc{$I}LWlJ=DT|Ea`<L=%z;xFyPcbjL`|Fe9eWn+jfNP6?!;A`%G
z9gZFxmi<2uNB6(I%m4jZo)4aXI~TA!_>RR?4qn830{wMqZiasze30{f`D?8IH<<nQ
zvA<V;1Zmyj+m9#F;l1z~9mC~8?}8=KxHwMjEvO<9QDmH_9;=XU^`H_yek>hp_P|Ef
zv{4Y#bPWAk@-G@N5p&FajfTS3!>TB4y&T7@ml3Yv*Nm&2fzPR63ZozTC0&ZmO5u<%
zQl8L6!(m<AN>>y%ojx;d{qEB<VF?k-XE+1Ka>ltrqgVN0;G2}F`96FzSt=^=`^_LT
z1OM;=?|qn7;p0cd6?W~KrOJN1hRLG`Gzopo)f_T>{Md`~LEIF3cJY7Q0Dm7o+@_ns
zk!=pHfhCa^%MWV?h#@9xfw3Sc{y$_9!=SC1yDJv|4A1KRZ`jH<_I>xP+5bn64(?a(
ze>{5h;Nji=|2dv|i;<c9PqZE1Vh66-{l12s*<rv0^TnvTp6XG?Y0hyURL{J>$ox0b
ze;Q40Px<CqL;nX49#-l9;e&^Vcl7@`o(7BYYQ$9k8n(|AQViJXu3%XPalBf8J*%j@
zWB$o_#X45;i8zH!X*jN0E?SW8hod!}l>^kSvY9TeRK&%Opp;_ZT3{-1aXW&u(vk;I
zHTcqksBr#+w+1#^1<mWA<LrL;gWol7<p2IX&RgyS?fn1#{Ra;oR`~z7hYug!@&C{9
z_^iA>TtmZsUSyJn+xzJ^wj~g*q3$iR@=h##)%;?;BMd|D%Cx$SsspTbfaKv3Uw6m4
zpF^oFsmUr^FP9zYViji{JQsOOjT`>TVQo$Qy?m<t6e?p(v{^cQ_-I1SnZa3nd#kSI
zRL3O;_TsDOm|TgR?dn@Q)&*Ve!#C!{)xWmX(j?lebj93KWvbU4tmLm&Uc{x<v(ft5
zj50c|xcW5*;0T}w?J}IxD2u5mw^VvvT3qD{6&b4rN2@nOnwVJ46_P=@;nGc#FcVBI
zpYlY}_o^Je%k*0+P)yQPz7RZ1%Y&-4X3Lb&pCw1~M``1gHC4<@wP3`Kg#Nm^P`xBn
z{W%d)-=hJSfXZv7WJ9cE*M>$j;$K@}!$b^zGOV$8fGOy&851;mhG}h1%tBzv?By)s
z`RnKJX_#qZ8<&ng15iBWF`q5Jr^_+)>(d_eD@VsjU?-J8pT$$d!u@9>a`cC}meBl*
z2kYih@~Qf|<}np?O2v&Q@`|$AT)C*iUb8%My`56ASe=p53aDQID|ObafVFGj#;ahX
zbx?ZII-9HO0Lqh_beP>HmQv}|PaId2t)!DHI&Z1m3RbXo^j^xiqIxNh+$K2qP!|DW
z^#+|sDUXVFSUKz28n4KjL}`v3(-n->6|N`OT7vZsxtg8R-8R?aSGTeg78iO}9s9k7
zZ_~TgQc9zHe}#DRS#T+0ysfhB`jIKVDosEs!(2a{^Q)x45B=b+{%^;9c-(2DuQXVL
z*gS#0F8zxKVWX%4Ww~Kg+DnVj$SWkcimJT0M;!-;Wki`;uQZgh%Cl`!KcYy5)#Zb#
zH4HV3zIhpkHKgTwcdM!2anWtQ#JVjgnp}=o+_L<u+}KJ)C)upBGq{mFd3pN!=+(=!
zXV0Jf_@aVPmxHj#;?sz%+TML;f(c)%<sA^Oj^4gJdiLb(`Tse6dvx~Q4@WOf8bDc{
z*i!2^fie%u$dZ51P+6vXByIM|H6WMbH=cd>@`vXQkk=-pGd^Z=SQ~$`W-v95c&z}{
z!SbEpH3E%+<a@e&OQ&_hM~ex)8ey}hHfA2K9pnZRh5;@yE2$s<G?P^9twYL>C(qxm
zUs1NT+I8eD7!0FugQc>yRdTxp@>Q>mO_xQ@>*{!)9i1LMIXY>=cx^P@*7<J?wcQNE
z+vmqWynK3e`tr@|vsZ7PHNjFoFj(JIw`J|a+hu+G<!{ClJrK9Y8Vjgy%OPvP`znc{
zZpgPFjF#QmW)iNep|ykEdcDf8x(DC1$a4)a;gyqm`3{3<R}hp-WXG63FwYU&HoQ_|
zr+RX&$^GOW`o6F>7El-=er5Iokn@_CL0I$hx@PX(6rYjo{p0>OA8L2>aqzKfS<(-i
z!aE42&{Pe{PuGQC{vFhuCbedQ3Jl-uhD5<P%?<9=v@&INmJL0dBwDb<rEAE;nSbMV
zS*lu_Y-&{iEYEOFrRq|wB%oT?VySqwt!mn;b&ZwFS6f?6ceSp)YK>}(tBJDKwOFlD
zZn2h(>nX3CQLLWy>avcx=Z^Nie%h<d@ivIB(&R0vuhQD>$*<DjHt4U?<Q56g8Cohd
z*J7?&soK1!*Fy3I3^#2kDBU{CCiPYAhjpDd)^8WLKH)8wBG6u=^L^b6nDpP(TPh6`
z(gNtsWzNFiw-!G9+5%FYx}Yl!jYDkH^wxY`J9Qn6L~Bh0x7MwkPT*x=*$_icp<0K4
z>Xg~AT`jiwa>8d=V+*YWhuy#?x*9?3Hn!0(V)rX2slT)Tbzma3GT(~4w<7DU%6T`H
z@wOq~-A=Y!k?WovogST?y!r9%)8}Wek6t~0+}B7QfAhib=i`6vV(O?lmujq)<-K7a
zh7*=l6XVzHXZ4}`^2GU;k=N~obxUAl<$r~tz^eNHw}a7x78%Hbd^`Pru2lMhswzRG
zhRfE2nId#`-_{D%wJ_gKsIG1D#zJ*%Yqt@qYa6_sP+i;P7KCcs?rqiDFSDe!s;Jes
zdD}&`MOCf7#jPx>?JH|}!#B{@R_bo3uH8Z;TCeHdLS$_aliG)~^2&g?)-z^R8)?);
zLZ@++N4$aOc`Ni^jk?%PRony{Z4vG}VdaZzV%?UsS*B%V6vA=W3uwi|6kV)%0^UlC
z(Ie?7i$lICbt&7RNZ<JEd<D>sFy0cpjn(s2gswZYtHJB~D(&2^#@(*PnXavfjau|H
zCTvl+{wv12ysk3X!FuHd8|qgpp7&k)_8pV`XcwFL305FR_mO8zU>1MBhmOeGT?dIj
z3hS0~S>Wc>U3)V~3RZ5CKpoiCyBQl^NrcvGiLlAVQ}b*TLZ*CW1Aw3q_KHW<jk%(7
zuHx3KS%xPtYG)0sHFQ%5R3!xbno(I5WNe(WwT5B#TP>nKd|37Etqo#ZjZFWgFX?^4
zr}_TpW%!xy{~tc6#{W8a_~0)7*XMa^<9k@n@s(ZK|6<`iR%PC*4ZgyR>~*u%+kvIa
zhU@M6%?hU9a(zUR#=HFuz%?E{)|GGV(*EgonUyP~uEFBc=<2PtQkni!lX(B-alcf)
zTG;02e`)X5xu3_iz2}8Xrqj~?RQi!yM^_!9j5VmH4~(g6SDPYYMwPLYnyTwY{hCKq
zm+#lir7M}(G98LkOvLVWE#NhE>L<BnwbdO{)!CENvhlctCtIu~Jj52*OU^L*HJ7pa
zf8@=-cK;VVrrX;2&9gTC*SFR9KM(Fd8r|*xpW~@fRqGS!6)O3JgzjY}77%_SnVNH9
z!^aLT{)%@nbJ5~0k2}Z}+l?Cbg~bPv#ag)ufTRp>gyqU+zu#NYe~{CmMNzZIODZP$
zhZ$8{*GlT?f5MW8C9^HDfpzh}MvqqH|8GYR?&$w>Je}#kf&2@qeqz>4cZTrK#RX(G
z`3DUZGJ=wpW%1muVl@V^(9~)@L>zl*L3<CtW5XMu{hz}a@=y4z@_&1_w?z?fo&D$A
zZ>#aY9*(}f<Nu%KanYK5GkQ5!f=OA?U?<WAKD(Ld3v+T~(0G%QUo)DAer>)In;!_e
zqa=F@QG1G4xhPnzT0}QD!}AYJN>iBEoN^J;<IX(`l0-*wIw!BQ1ssf4`}15L8=BFr
z*kC@;KY~}f)Uzk>mU9IT5MVMd^e_FE@zxt<y4*c(E!Qv=^|RoW?~H%F+*>feA<}~y
ztgl7*GolCv&0m9be|T$bU|sLswh)6?rHLMDPG6hv&u&f`UgcKeXawU%(^cPG6Ri}5
z*OE*fE?TFtEXvjG|H$!dcK&UM0qg8P4-ZGx`0o!6@89kJpW~@F8dr3`=Ka5<!E}@Z
zT7vQYP9=ihv3Ar*{|lZl#l>f!|HFfa2P^b{XaD^?Po1k$)8VFlZx_fbyFeP^!rS%3
zlGz~Sf^s<s`C?dQ9k!7hs}K!`P8AS!6`2wj$2b33>rmWYx3sI?j$M735cB{&=oaC&
z9v`w2^sheDZ3VcRW8u#eFu4RrZdf<RxT{Y5-BuGz6cv|6c5?T-%WA6Dt@uNA13-p?
zr1aGI<GZS*mt8=qZKVWHzVuI4=SpKYKbWYZJ*Su7@y7U1^3?4AF}bAMO#ih0{P)45
zmHq$QyZkSo<*C{K>(u&OKfv6v+e!~*TKg34W7zW7p&Ya)hbkeo(XHy!&3_a9Z!!JT
z+VkIshb#8~!*37n=>Ky(-AsB_D}l)%{l`iYwaPNSrW{etDBmDORQE=j{rXzk*epTR
zCJnVX0B$osl(z&nPY?C`ly#f<{}$6ft;_#3I(+z`n*V9^?VbJSvpn7S|7Xq;)m1M1
z>XSs_K)!+;Q3j5-6j2Q*FET`}aBla>6zr5d%2d2@?x@D<pD=Zl>2sTzqgq=0<0p=C
z3-K;*)YqOj$}Q8|q>Zv|++~fr5iR<|ylK{`x>?*bY1Aj5#k-tQpD$-rWinS+!6!%=
zW%|5X#;BUQH%%C2n!3vurGaR_l3!yKUY{<?>hpKmqPCGOsv0cxkC+pxI>zP|d6)U=
zwwa#{aeku2Pc@Bqg7Jn)SxQ#A`j%cDot!>@d-nG?C#Us|Y#RBgp@ZW$Z%@x&|M==j
zm$WaHTj8BXfT2iRvdRd~ReSE3TLsniq4=6|YSqD22h#5?wC-JYp}XutH_9$l&+0eK
zBD7lbt4kteK>P#b5US%~-P4&g^5t7*HEC@3%O*FeoAp~o%&lwirr~ny+PX!o+`8s&
z6)3l^!P`g4b!Py7fRsXar09>Z6De*pdUb7!w<E^wMXs)GZwutO^{CaZ+0A2CS8IOe
z1VfEhfW|@oVUyL|<)XREMRS*n<}Me_?>!d{vgy^izDq@Omx^Ws(d#Z1&1YItcd2OZ
zQqkO{qUoq=Y#|d(gR5mL?4MqrxXY-rrHm@S>y#yaq@0Z$I{I46_l4v7#2#4lYs<f}
za-jSbrr%hdjISd5#wu8wB;PQ#+jDRHKCjjMZl1>bKif<Hu{Qq8!-H!4?}zsf9^T#m
z`5e#Y_kT9c60+q>-W%QKZs77?GDV2xd0%CQkXG25P7eO?`9VB$R&!{?PnI5JcYS`4
zy}GHqL4uHy-L6}Hki1I$95*kuuRA?R9j~a*4)S{!PgeJTMWqTvmLzm5!QZ;Xe|}gK
z|Nn0P|13|1EcN8ewLAYYk7{=PdNM0-`~j}6Y7o_ja1AlP%6%1AZdUf^G+qqkd^qR)
zqCW;~#oFxhjil~6MXsJ=jj13Ddd0<sQ})`9A`L3^f4_6pYK|pW4xj?)Pl%lN{TD&#
z|GX~QQxpW$cfr_!kf%$S5G6rzP@KmSBIcjNgee4XVVFrV#50^>%qH|b4Tmtq;zM28
z8N_NQxIC&F^J1%MvAvCMcZTXrgh9#ZheN4Y0o=Rlg@CH@O2gJ+idU!ecJ~0h3nKnZ
z=>Ond5rtPf5Pd_DB?CFn?{$<8q`My5HXPZu9oOFcsCKPUt#+l|Y;Apl)uh|4uBOsE
zK}qx`iI-zgBBL8GNzb4hthB#k9PS+3CUA`emHsLgHbko;Lb-+enqE?|UOcJa|F@a_
zVSW6!2ai_re?5Ho=x+c29M6sR|IPv4TGzCzXE-4SM$^mszw}q=pHj?0k;g=5(wa)y
zB&L1%U<nCzB?#tS`t|%DYdI?f6z<76zd~#Cgh(p?{T}x7$2CJb`X6Wsi{X9it@p8x
z{zs!~{I|nL5AX87e3oZ0W9pB!qVJwf9!LLget!M@?a8O<V;%h;ep}W54<6jb|N1-+
zNmIcuQIQHD70ZYxER($e6knw5w*?oy03=yZD&!>T1rQP;cr>T_{XfX1B=L;k-x)~`
z?jQ65Sg=_}V?yUWK`$A-`b3R?Y0UjG9!LLgpC3JY^?b01K0zO?^nWlqd@!oU|2rIw
z?(+YCmS@Ka*uCC6``0hKbEQ%_9y-tS0T;79Er9cc0-u7KQ&@1RAmwQm6OoI{7+8x6
z2`s@vS6sx=0A8y9_y7O@NLY}F!eohGxL`AukQgF*Nn@VsN_+~hmM8!H1I8VhWkirf
zQ5u2bAQf2xPiX?iE---CTw!p~Oq%|TXTi_xf~7QKWFNjGA)Ro3fvvsZd=}F|ujgqK
zuIC7d^xFo>r|OCbiZzJ@0)ob9jnweEp)v)UbFzp^APH!=F}VMfgcPP+IBg}FVVwb-
z&MBaVt>DsVRA$H)A`(lUkK@J56YTx}ck<>nOes;BpmNab?d-tm5C8t`?Z5YW=jZ1W
zBImttKuhkx5~)ZWYfMdInqQ_lKR?G>FB2trl!bZ}z251ZNpq446V8=Xf~0z!t1Do}
z)I6JD>JI0CXa5Z%9$rup*q-*lJ34kpYY@>i=F0_56!1iM@O>U-$@DQE4oiWT_VTJ3
zqE4@scYmkxq5#R7g7+XL;RTsdSdfIws2KEmPYh^gXc9t_zyy~_WFi4!_asea(b|Q5
zgG1cIiSvNgb6}b`W0-=51)iGrSw2vyr#HvxoJg2ZnxFy5EZ{3HE({E>U%Y(%f8b>@
z6I9B52&qtk9l<_K<BTRM!hVkhUr;rtnWj5XJawe^?#cJZZ_6V{1&;=d5BJO(ITjQn
zqe-Ty?DYaD&<+QKgTue{0yB`q!NI{_fD7~M{$LbLs3Q0E_v4?;`qm4T3XoZf$CZ|{
zvm~M-Ug{}g$y5-jL>B5*YF8UBMmK?ou3qny=c`n|HMl~Y=%4nS4Xp@pzE}qK#re2#
ztp@=XF3Q%feoc4QFl(n)=0wNMXgu_|<!8qk(J9GdWes?li4kRJ`Q0%QWI^@p|FXN2
z=0Em8QlvA8nN$*+DZYZ56XjN>Yn4V2VT?03G}BG5_n+|RKcBMn&wn1n4@@f1qqbv}
zmO{=ECAup^=|3i{3HzD*G>m9W6~)g!s=cMZigjD3D87nbK^Oc|^FuquK3?7Fssth>
z4;fL8DvQNnrYOb=-kPwBI>({ubjstHU*RZmCn&I;PnLe|q2AJuoBX0rHK$DEbA4${
zVZGjU(I>2buHhM#p<o!vx<mP*mg)B9&voxQ*yP!)^zCX@+UQ-w`7GuW5}V_cw{*s&
z63g=@?7YCj@C-K_b36mWR%*uSdBWm`CcERb45=5-t*+%Nq&bY{RK?`dL1`iZA_Q4F
zNZ<W(4!aSj5`Aw;6xl(hncmG!hk6Gwq)8)4c_jB5AoX1-o5r6*Y70ZCOPif<skhIt
zVEmf8wv1DAiYD6U-SwG^Yn|pjht!BB1IBL(Zwb<rOQv`$tOcYm5mMZj*7pMEm3z3G
z!|Oq+$ZUQ6Dx`|cy7U6)A5M>6;B~@}H$<ujX>o?y38x-Gm_!ookiMM0=IU5bNfUJ=
zSSygWP`&H(B&8vnF2Tygorr&HwC_chTQ}SSQZ@yw0WqIRkaM2JkrqkZ(N6`ZQxa?W
z;N}lPs`2pVk_y41b&Xxai9(4;alM5rM&fu0+*XF_0Z(!EgCYe1X=?9YF}-R8O{v-E
zOLFF39a}?4UArBi^&!>OZUAK`1U5k07?^Vv<ZF12pU_jL@S(6G>6|1pD(yKoc#%1C
zS(qpS5fkWMw}f52V}vM)Ud^eXC3*ScuM*DlP?YB=Wt~s$4<lef#Btec)o8C_jWvw0
zaSyqMm*t_Y#u=^IOSZOSG()<whjfS3-%I=*gC#7YH{CIsAg$R$x<l&kCD(8+m7pq|
z-<)f-LRzzjbcfX6ORnMkD83@g76yM)NOL!qwK#Pp^Q$+*m@Sy9*4mN`=KB$^<-?v5
zXX~NM_L^Gfxli`3C~DOk+XOhSY1Hj)EX<Yom&Yj9nkt%0CFLP7=@lKokCMV`o*47p
zoRTP}vKVwT_8TBYC*pctp$SssPW{OMEkl}eu}(g^wia2}G@5|c&m5fJzdw3(tA*-A
zTFypZ-)xRkvmL296+kKp$~`g1G!<<_w5fws^Xz8*>vV3px;02tpj6y~SFZJfCR8BM
zg=w@|z-Wfl&y~?W>}z=KL8-U&yfW-^M6sHa#BKU}uGW^gl$emPb<TZApBjv5IU|!4
z-aa{cS~wau*4mO>+mQI9p7yN_=IY=kK;O5M)is<ek=+W=dPr^5@dk?q1|)y^4B3n|
ztl9ml4bp?r=wSPhdcx#tpBP_#GeEZoDSgk-Rn6#$Yb+X?b-M~qJ=9P;Us{N$A}p4$
zd!FBWci+zU;XIm@e){+I^7nvB&xC^U=Q76$DGM(&??_=P_yW|NN!$OPv1eOg<^)wv
zi$O#AbSdGy*7aAz&~^viO8%}${(7*EO&AWaf`Jyy9y<)WMS#`M@q};yHkAloBdegF
zNq3SLX|T=&Ng}?0gArPYNvL;S5~p*LWD6=-XtlPpT1cl{g!H%#+-vwwm$4_8isOB7
zt&)>s5!BV%60d5Hrcl-|0X?e0#E`^T(m8~9E;?nXOiD#bq_+vPF_8pla>)cw@X+j1
z&%Ne&8w>#<wRg0-jM(l}dgc>axNp{PrCzP`#q!J*z8Pj6q**Ozs_RoD-|hYySj1~P
zpc>MC|8`qy4(WPYa(%8)lmoXrIbl0pDN46i;1ZAMr!1k-Sq}Sp>T<AuQ5uUT9jMFo
zX=v<oQkMs5&3*4?xz*WY{geJWdttfOmL!*ISo=<vV;@q)a9b}$AG{MOcY$;bv9&<z
zYJQ@vYX#CZr1hnDt#v_l&V8IBMKxmdlTnwk#wScglM_4$USm?ahGz^t1&CN`5KL7t
zhsaGz%N9@Kd`R;v9St%|{=GP}uYkMznkza6XEB#mRMZ;VyFqG`T6xz(-~BSUpmnE5
z*IHW5H!S_Xq87RcV92S}TDM1PGo)zmUTOQ<*ugi1b=!~@S$o=KYsaOmC5=Q8v;J_-
z^&@5pg(+tL`9zSq40UY{YDf))F2UU{OLA~E+sY@%%ZO<0ZEDXPbl&KIvpoAn<88Ys
zLYi`|pD7mPAh(=xYQ30GZ+5C#2dSS|Z!M&{unpT{R8|eSlx${r<qD)XLu3P_UWUGA
zozXZ+X}Ma1s`XcQi5e?Y*fp)~RUm!$%N8Lm=O=EmR$82Td9!T_WxYjX&DC{q4d-wD
z1jn~sr!}G7YPgiOS9yi)UU~e})5c!5CH2)oYGojdA6Gj2J2s*aZsJZ*IzM(*)lWs(
zIbT}X(r#J<sf`_9gVU32QXHgO`>H*7)jSI2m(^OI4$}OR^Le#T{jz|`gOfB{EU)3b
z8eo27u$v(DcGilmqL^r~aTal^{a_MxkZzSrm1e)e7po4^6YGkFh3k8P^IO8%g3}_B
z;98s>VOcO?2b&;$_m-0AXTcPGlZ5mJ%(W4x?6-y!wHlnV-`4nGUBmfbU$E^_R87*=
z8rnZ9gr~9}hVc+`wh+Z(LQ!Wi9^`1zRB3z;(=0Lm#rbY_eIrP1j<4o@{|H@`EPNU!
ztfmzttr$5ovGHK8iilSGl74$#`Iir=>0q56WwaBc(>ZzC0pxaCyqZ#~b$(WM`E`yi
z)&Y1)7BMz?)^4S?kTxFnmmxj=arlZZG~aJH^OydaH3~A@=2EqB?^ihgX(kf9wUKE3
zc$$a8hg4Uq6{WVm@2`z^e{MXeW3q$^opM2|U@~drpeq{rFki#@!Qp6owBHg$-}6uT
zJHG-xRTNc`l!_@A3v)rB6{iQc1hfUxawzrlyw9JtPE<gqi%H;_s)w<F^tPK+Go;lJ
z?dP`7S1e(RY@u0^#0>G5)P;bjGUo<m1b<pctAXF!Ahl(i07YMlZ9-a~qM+h+w?g}Q
zt(JwlZQ5U-mf*Zf`&BR-h+pG$n-tZS?4Y2iuYvYk^C+CVKEDRqUz4BV9KIUbUz7Er
z1=7z=`zeo}F)1><q4Xq+W^~n6<r-d2F#y)SJCG!3=!x=*Fu|I>l#=pD4sL7gUkB-e
zB}bQp#Twr85>AtBF`)v6nyNyYD6L8HDMDp@o2}oMpbNs1+=(f=>7rc=DS7{6LJC-~
z;T3t`4blZNGjmlsE84iJ^6x`h6Q{REJMpAt7SdMb*{iiB`P8K%G^)cIPnu^`GC?DU
zQ$DrcldGCX3DWJ*zJavMfy9kZB(~-2TLWqRfy9kZB(@4^mjem!M8eE@rvr(t<Fvzp
z1YE<3fw1X7!p%?ZdBklft2F!T4<vF(H#(5m-id^Pw9A1+4(Ub*65HldT@EBVoJeT6
zcd^AiAJXldNEk@F97yCi-RMAKdnXc&xn}CPRO5*RX*Tz7&x3X~5lhpC`h{)MHMv=u
zt_Oc%n{;b(oAo&Tj5g`|d^Zg~6JOLO?d_&(Ow!x6NjqNFX|t_Dy2d1ZQ=4>?V7P%m
z;6d8OB)!HaebNljc5Kp>q~7g56J2f6ve<RE&851Sq&wK8D;uf9={7lk7nAfxHt7Q9
zt=XjOAgwn^cd$z};B-57sX9pOP13D)sX7=7NVll*bumeAYL~LWe^N;6P0}0Mr99TY
z9lMm{QtM69U2M`di(t#N-^C=onN2!}`5Mk2Jlv)YWxYxI>!AHECh4z(_Pdy*zYf~(
zVv_zkXupd|dPAGEbXJVpo21u4S~W?3X`6Hlq!p9&m$pearjD!APON2O6O;57eJ09@
z%GxFA6NMq=K(dGiArYE-To6Z>vAPD*?c9-Ykamc$bq&uQG#iB0+FG2HDx@tDwpJkR
z6k5xVlTywX-W~25NLwRptw7o-wAR)lYn35wjj*)>X{XRyTZ^o<l9|2}PCG?N$syg6
zr>vv>_ezi>F_Uf4N1mf0f{2-1v6GlJc(%#`w&#1k0%=S1k*@;M4jO+4A2ie0);0bX
zNW1u<wELiWFyCI|Z-Mlteke^iy`|LO0_o;{D77#akZzIoJ81ly`k^@BKPjZ!@I%S5
ze0!<C!ui)~{9Sy|>K4J4X}^QUznKqO0rTy>(ApraBmS?1_B&|&UkUAZ(D=U++V7z8
ze<ieU)wowY(IS5X?X#&RW2f;;AbvpnHz^fFap6K|+16kevnXKfdp)LA<;}=DrtQ5|
z-Kz~!4C0!S(C01J@FunAX8C8hnzL~3L(3$HEJ;j!cU$ka5^5Wyn1|w$l-f76KSkj=
zQSlO8PeMUb>e6V#ZYD85hdqGWhpCMsKOy0TE?*4ko)`0L-B{Wnl{Ky&MMQMP;Ub&R
zz*C}K=>OfPT+lZsAZW-J3z|eU+S`Xo=Er!GQ~?P?E+Tt&dA!<=QNTPkeZ11;$8$4;
zQfkEZsVlA`VkJD3oYU|^uj`N}2@Or$d6KC)O_YmLz$B#HBsje3KITE%@$m1h)2lGp
zig8QI9l(lI;An93>uqHLH|AJgHD6rADU}NH6wXz{#cuiFde4LOmPU)UkXFnW4Un!i
zTxdw6Oe<a_#+<=7Gp#j4x?;X)fOM_l;u_9Jg9n3K$OMg$Hmut9>(m=X8PZ#?Q_MC&
zCj7FLOkzP&=K^7!4=_?l9<)fa`gfIEuzAj#?rC)f@EsSh(2^xfw76ziMQVar3pzEy
zqcAVb?R&EeAmU-Rpowy6NL<ixO2T=811}Ecc@SuBdqJ0v(NW>ue*Wh#=Rm{^o6~@v
z`x#u$&FJWRvPfgPzd@px|Lp;oK38JIJvOm%+|PX*Q0g&B(>&G})`!M)F=n!zC#j@1
zuZZ*Buz}@>jn|pSmC?g1cYZ$bTx;SbXbzRjGdVDNa8WrH*`U`uiWL<J(NbEx+y?^x
zbM)#5<4$4@5b}7Zg?~sP#T5(H=9+PFg0y&IBj0#QVlWrVjb|g6mi$xd(CTHf`5&Gk
zP+HvZV}`%;+W2MH`>}`lU!M9YcyRmlljXR$iMr?xyt7`3@Y4yrTr4t^Ax4pzm-#8;
zp&VE`K-wsro`!RN6(~N$EJsq2BnpISFwkuTUdg>)?<K}zl1lJo7B78~M6U=vN>&0v
za|WX4!{+1iBM#X-QZ$h$lrMQ!%14#w3NX>ywE)32M+nX8GJymn27)Cs4V7`>j9k3=
zh)t(d=$6cmP^8Slkdbaa2}XJ|`EjrX6kV0{{leJP7PHCB^2Bh2B}KV?kZhK)DGN!G
z$C%#-E+7;P;fBjBPN*Og7Bi(+Glp&$n0Y)dkW|XRR7zoHlcs5sIyb8(D3FT_=-iNv
z2~)qc%WujwZSzGrMUY@Lu{pcahR!kX7hj}AFll_aO<sW+=E6Jo7Vi0=ve=nii96*}
z08jLk1RX+cVPY~9)7YkoATD&jT#af~7t%_a3{QGR^a7}lUpWTUj{NVn!M9wwzcjXk
zDfR!dwizrIKsC}|0Y_70y#j*Oy0-7;s<zk0XlNc9)`cPSFwxwaL&o~Xuq5)&VC{XE
z(tMV0(v0Dt_m`D-hpy!=r<SGGD{6Hy=#>w}0Cq4h9GcJAZ<@tS1(kEd!;_GjjrW~n
zN4H5tXk-`?$NUO8sN=%OOv6knzQ}`?DQ>NEwLlHvWddA8M#iG=X_(opX}12p{;`Bb
zCY9b}V;&;6Wr;-PFHdYX<*{z$Tob<>T7YSy#4_b9QGtn+Hi*taa?@myAx>rsYGc;r
zLD*Ks1IN`Iuc(aE6V)mK>I!j=NQhXdS?|m86%{q7k^)Cdhb+26TMH`L3DEZlO<au=
z=Q6?NNH!eQf@OC*CL!Vp+8!iTsvc4=KwS<prUA9$5HeTX#q#tks2W^pMoupo&!ii|
zz)E>~h0q9LPfT_QA}E{><otYJ|MP2X!x!s62eaSK?XG0b&oF~S;Z|*v(wSVHZuOx*
zikT5}KOv9LZau0oQ7B?3Z^?Q5nxn>H?#_Z?|4qIXmnKv)m03>+yfdU{CZW`AYl3R!
zUE?%M%d(yB<K_1!u>11KD|j07Eb`MlSfkqBJ|sNBc+Yk(vKd?En4~~3<)?{pxfE@9
zpoJBU)f~t8`n!`L<yTZQFx&y{RfGYYaJ!<=Y?Gn%q4D9Rr{QoO&iPexZZpqjT24Bl
zx}=TVhc_IIng(!PL<>R?C3+-?I-*CE(Sn%hF?#QV2%|*ry^b24D5HxWMDHYe8*TJa
zGrINdes|B^J@@X}|Kfem^E^NLM=DlB@IU(`zClkqPpi3DlCMJL0`My6%6|}c5nd-{
zFutDOkYh^QDiB?p%3u|mH|w_>d%1s+wzw_jS(xoi`n8A9muR}!ALsc^%%IEx&2I{t
zS?U)whCKjyIJa3{B45icDF+wLfQK*RrS!~QH`Ox}_Fjpi5j<5J$(n5tTOceHv3xsx
zZL29CU;V=aX;nc*n%6%@e7<~ATix3&7g{dh)cV#+_o$OdHjP>NI2A`sO6Yx&6Q&;L
zOCY?!w=2zA#Q1nVX_vNrFBvkK+r#@S@zD@J)wr<_u`I6EDeZv=qAHdJksOO8s$;C%
zvY}9??%5+pHLfdzZ(F@bS;fAvysFjR*W_q$)_EDYp#vP3I;Gm+=tNAeVkNzJ&+VYt
zx)j&ZDpX@0w!{eWSxFD0*^we3E=iRAY7R@i<()i90w1^}7r_noDbeC$A-J=<e$?y%
zlOyD<+PjO}Vbk|V82@$=s7~J}tYp@U5Ril6ud9(=rm9I;>*tE$i_|{VC>4@VZdj1i
z9*iX8?yw)-6*Ea&RO4^HqJzmgb>lgt3t(5lKADrn)em)#rM8f0xYLGF*whL)z*X#*
z>{~-K{Ccf9<sAgZ5}{{*HtQ2j)3oyz=hp3R_%aE|tIP`P)}cvqxpE=ms=jPPzD!9g
zJ;{xqoCNwwn}f}PgfL4zRa~`_&=hQ!=wfsV^O;k$wIvsfKj+Cy{W0$v7xs^%X@j|s
z_+ULalc*eGwg%V(+Hu(kA^9O$PIb7b;8UYGC@^kw?sEXS+fqx9L<-wyj9vg!CY3p}
zk9mxQ_d7LE_VMxFszZn^-O;M7zC`iwmevXt)3kMYnYrc$$EA!cddAF*>+8+^8bhM#
zc03BCaEj2WiUmbUDx}kyHX(K-st>AVy<Qf|XvdR&LQqlJ$2}VV9-pK0xDrINOd=of
z9v;&FZGXFNbAb=}L^n;1BiqX0A-n8^0_s9VG1d4*f<b&C#8FCEcMr_4x6cy%N{77T
zpk`sBTKEeK_Y(MijUD<^o|kbzt?&TN6*d-qv|5D1Km0(Eum9wg&*c(?r5xAjme}-_
zI#Cpza_R#mo?>3u>xYugq_Jl<N^NGRO0VQO>})qD8U$wXg^&|bAW>}Dw{Vqd#V-`R
zUy!mtBf~YCJQB8^GE*^i9eZPN(aP}P5No#7;=^2+rK?%<*^4d`TN^4&WP>c2>jG_S
zgVTn=@QxhCK1r3D*9;6^P~TH+nR8Zis!U|G_XRp8;#xvGpV!=)Di7)W*~2M1f?e6F
zs#sy*Krz(n#q%ALtEMC_tv`o#77UT}M3iy37x<&&xCwS~q9>FOnS-5K1@y}LfEIG1
znBAIZh;BtmYGM+>b^N>z?}fVB=x2iC$gn5-mkrIZc)=`^l|HHVpWPCf)v?xi2lHEK
zZxR?<n=Ys@kc}^?y4FvGI(DN(MA>2r@pJ=<t!4JaFK(pY)h3#U9z=uo#B71WUf1>r
zGOFS}3t<X*fI=HHu{L>Wc_Kcl1Pjvi*fEFdkeqB{EoLN81_X>tfBlX=aeBRA%pmR;
z#F47*CTHz0q(Hu%3l+w=t;D*%(Z}@F!MnZHn<3@iL!*z`&d0bqI9OZ0Gc(6035`UW
z@ehVR3!5Mk>nbp+=VGYZo=|TO%Zt@5guRlJd6&#RAdLdr)=gh=k%^biM?bO_nePAX
zXznLe?G)F($muMrRBO1|`8B(gGFFldWDzrYozz>4CeE4(dGU#6$D67Xlolvk{B>sc
zEwc>ycyEtI0lHS|hC+(!RhL_G31S`z90f}-a^((RQAf$=IWkKA^abX<KU*HZ0mdA+
zAKf6f4#)GPI*O=K0}0mUf7J5E?dMBK4&0Al_e-sBlP_E-IIz?AT}TqG!>f{A%P5ED
z9Lq8_9G^|`(n=>1aNy9uJagUTnroUVinI^7=J!9NcJ?uZdFl7oE#!x76=TOrf6PMA
zU!8tYds&zHO2p*dT?W+bpN^~E8zJ(`42j!!D~OJ*mFQck-kKWhS0<87eBv@15Mlpg
zmiK}u2tbSDhhG3&Xx(v}kY-*Kp-biDUlPdljE(CJ3={VWOV))YmRf0qa>(BV2=Z|-
z80&J_Ij*<8p=NTvYCjSxHZroa6KP!K>f6pvsF!#+$9sl>1wTZ)TDNW1T|0?2%~GHm
z_+k`x^!=^k4BZ&Fi~wKS99DCs#)5D&qg`-Idw5GiTViEQh)F)+089^gfo_#!;p()L
z&rm=TVo@bs<K71!yW?%0DzQQ>hNjw8Pb}XHb&ycPV5*Tq&G?OjOVp5Faj)I)HI_&9
z46GR8Lp{$ONJ)UwvK*1D9m`nGhYburMo2Q&Io2;!VDpZfHEz%42u`yU|9F$m{Bm(O
zB|qqveP430j~!KT#PGZOM$8ed;v#~z!_isu$P^#)J>em()rPjC@+N)#FYM<$J5e2|
zfz$Pth&6KrPAo<T^=q%DYA$@Lr&DY{=#_aC;%Nwrghc0~gxz%+KJ@%<>I~mVJT7($
zlHOP%;!(hDW(~)4C=79^6??su5qcT{V1{&c!0z)`&xzV4NYIYe5Kl25tHx8jKKHn_
z{|oJ?smFx2ts-(qvfhhC5mcIrEQ}B1ixaTRjs&zUGNei_kTn)&Cy1wNC<Rh!ubOwr
zr3;9nn41kAX|Y<Io#jc$^j)f@_}hNmR&AIqcsUslHE`HBzyFkap=U_S$-|kM9&uA4
zljWH;S~Z+-mj}e|S(om1la$CM2lfQ}IF;GiKbiKLF=mwc3~#z!Ix_1Je7X|8HY@5E
zX;tC__l4Gf32x9mWLc(`^x8Yy%UPRI&v6f4MRqNR6afZrt8&a4#!Yz=`7B{46tw^B
zY^*n4(!Z<*)*s&9{J3eq@$WtS-^Rv9>NhDTatWrYDFs=YPrhHOS%4%S<P#tIbIQ2_
z0>9m-d^-Fts9>?C?l)a|2yUIKfJ)KxtGw~8ui|z$J7XE=$Ism#VWd~JHM>sKwuPgq
zwtk3ClR!6yE=?K7(>E^Nv4y1w2bO2IV`HTf91^@l<e+Is(6Enh$l2|`kjFnQwMbvz
z6{d(E1Uq`DAP5+YQdfe{A;jVDPoKuC3^!Ir17!G^n3N1JV~z&4_9H9kqL+N+>47A6
zo=}|J&O+r#YKd-)d$pvKfv3|Soi40uS7GsXQK)f*jlpzZMvxER5=^4*UdFbss;fHh
zaCl&5kZ?37Rw46v4x7IjZ_wOeSIBjK(aTs(2V1CULvUBG@=b)&f65pxA)P+UPo6lJ
z8X~1dzkten`L-PfVO*o=YnCo(DY8U_ct*yzLPgsXF~44O(O)1YHB4Z<@(g|wBKZ33
zIBJ>MpmeurxOAd8#cE^1idH^h#|xM+pkm46BD^`d+!M$mM5~|Vazm=_U7U_0D#1W{
zy6t3_=Zi0k8oBY(AlXoxos2e2O8|SPX}9w!Q;@lo`|zjmm`@UO=e=!rmCXR7if6hg
zoKpOE5pVLmcBoF?tdR)&d9Nt8;F!$Sk2o)729ySS*A6sFye%mNFFgbeO?<%t5013G
zXOCeHau-vWH=o%xy6URlv1gw>P~zTbnUqjFh*sLJm0(1Lof(0a8Urh4R%A0R2IvCT
z4<;LdqfIXSeJ7r@oO$bAc0<7t8!#WJ1ubLW1$9Na1lgzCZc*o^zj2DsN--g)0X~jJ
z-$|38dhXQa&I=+2LW{{?%CIug0tX&E<<Ygdidm4xP$qkg2kXXjfM4c<Iw_H0;&Nt+
zts~s2dGoEh2n)7$mZJWTV;eKHal?f1PUUPk=N&h^xZgTIDl-#+PD`9ChwOglFCcsh
z&L!hZBo-Kup3@|cIeB`<Nd0j=7-#emn3Vp67w1NTw3t33HHN2$42<GlGYuHXer7ES
z##F4`+90~c0%A+6G-+e-Zb%n>3N98ssgeiNLg<2H-jAoPnT0*A4jQN=^@Rwfb4pp2
z)!?2n_=hpvc0rzq<PecO#sn9naNpzN#+6w+lBCm>fJ7kB2S7aN1Bu?`=%Nl-2buf%
zET*aEKGl+#hszrpVbNLr+$2v(L3DP_SjVZF%!9&pIh-!TGblw~gJ~o9TCTd^f>dez
zFf=EuvvfEjD82z$9pC-FN4(lJ{ChtWAw=wn+*Qzi@5DRC^uT!iGs%(fiW2>DwaMdb
z;<ctN&5DnU>uU7Zt}-3}$Q7Ad`V3;HrV)}5tM5VI!gv&(l;}yCb_!Q%cJmCcq*0ih
zAFN7A)O9P<)Mh4C$SB$9PZZVxC{KpQO^X?BzE{B&xe+;iqUER*)saKlhqqn6XW3wS
zsOlu?rQ7ez8}Ho?3s~fk_r5m=6fV*FJDu>ldFl6%#7d`Il9_W0DS_cO2^!1jBJ|Dl
zOo-EnhXW==TjFG?gc@USWI|?z;C_^u3zUuz4Sn!gqxN+53VC%YaQ(DJ(HfGg@VQDG
z(3%|c^h&zj152wq_WU0t#Agp-rL%|ydQ)g`K_WEopB)Gt_&)its!tgE-}u8~PX9Wj
zGn233yMW89RrDVO7`&Uc_60aX7t=tK%RKyZM@|ofXx;&n`p6Sry$Cryy_<Vtw4TU!
znr*2EVPv4_Fl(=zNY<}nR)|BGcpNWFeV<>PvbL<E3+#W)_M3Jpl8ixuQSLeuMXk5c
zDJ;LG$JJ#fx=^+D@Lce@J-74{khE-7G<X*Sd5}rKX6?Y#Pnc}->&qMU{xxNR!P8bP
zhExdWtM%E$2mzwAg1@wft?uD}gFQ@n{u}HetyMF0y0qBS>u@WH27huD^qAnq#u}NY
zbo9Tr9ws!y8WDDgj0fZ|USKI|8u1%T-5#Abx2M4un&zATOL{2w|Nlu3sT>mUpT)TU
zQ+c@1xmO<4hA@<z8GGNo?Nn{+^^k;EC_@Tm*4E4Wf=&o52|<nQdkAV05@1rY!2%EJ
z*9hG&TAV8~f?g*ho0Pn}D8!E;1Gb4Qs9}_?aPU>=BdK!(3OpNp=eu2M>@2nlS$lZo
zPkJ59b7!PMjhK4$QN=&(hVO(k2lYV`eJ;ua+<d6VQ-Wl24(>-?@Od$Ude?NKaRL0W
zo>7h%DfN1mj1M4@B^a4#I@v+lgN9n>M3Cna4Vh#)Sx4;Uw4KcPwUSrsrIxX>``mBj
zbcG5|w66{QuB!9p0A<lDII*U6FK$uOWT=lJ?RY?lVK?>dIc;22k`@xj9b~x<`NkqZ
zVFm~uUs-W-T3Jqi-Qs8gzxac>aKYJd&N=<SLT*f)xGbz(GPo^k!si|4n%KhKe8-mG
zWKR=v!`fYsQ<PR~XM;{)l)_BSxoj6D_EL!&zU<Bun3#+i@W#<y@B?-{r%zA3x_YDz
zt<CmC*0T>0sygH+v${MUTJ4i&J>;G}@qxeu0q%CoGvZnQa6_|w+~L*=5;iYPm%2yF
zh1V*<E=|v{YkYU9rc>%zs%jVOUI&{>i*9{ntBnUW<PtXN=!;T*bU~&n)+x?*__JAF
zw9RO3Pe+Dtz`pWtgyk>p6gz;-!ig8!7VF*?amtOB^~7^hg0$noJ8u4Z&+(LJzIQ$|
z5qR+%mW%pL^H4Ee*tyHb696djl+y{pG%19Da`biG^`YL*$+D*sYl|yCwwH>XhPooo
z<Rs7y0xc7+_4h;}rR6Xoo`>yIUw+)pj{rg5BH3aBwljewU;57sjrQG6wXI?~7o?EL
zSh0XqY6q*67LE)lg{aC$5b4HKv*0iD>!LxwY$xjkm6i*hewSmW19U$y7Ock7x-};v
zoHRM`^lP;Em_?Hw+!yrh6AuNzAu0lj(sP@25M(H*Dfn-S0rxM8VKlg<YRZ@*5zp=u
z%pKg5nga02xYbU5L{JTo4Prc0B2Wt9i7h2)(hAt3rv!G2xFm|Y0l?>eDpoD!2R2K%
z_;Poi!<`)XoniSCu6z8LjS2<aG#*3yuDPu1)-pzDK5-@p36MRPC5pEu41CO?T(V^{
z8d#hUcrL|GWIVa*&|LdTvk=Dgg12B#m>rI($eb|Ndz}G6RFkaW-hi_3cLc0``#$Kx
z5uKSnjKyI17!YM2xF)qH1QuMnvGg75nsf6+jD%BZC}o*AAvt4)cT9EtxQa5XaQ|`^
z(&qni7Jg8=k7{K>u2cMyY;T!7s#_)J*4pXl#C5{%j#pO31DelY-LKBau(y0o3tOdv
z+v<Mq;69q^{?Tn`b-S>Q+FiAQX&6jp6r{Uv&V`wL_|tocDI&jYkUF&dYq}dPbT$ly
zX6K(y+4lZ?KRVC1oEm;)dP6x3L2y2aXhT#Mpvi=UUr?*Lg4z~hm$OBvDeFH!yYIX!
z)_?U6;%N~Zd_|ZdmRa*WSJ7Mr!<+kpZ@xg}EtfCw#qSj}{`SO4bhy`^<{kf?kKq1k
zUcde3Ta;Qu8on*BTiV-pVg$VPY9`5ZN_5jM4E(DKyR|$8MEqELi5A)VM(_PwQyn|g
z%9)X1?C$gr!cX&C2|~G7TH8e8Hoh+_a^`#PCYE)LmxoT4FUOm{VVSrs>H8({(luwA
zt{@7n5K%4k*)HGxr4L~EAn+tLK7U?(gSP?<F8|VmCoEqx^MD(k;a=E^YwKt~kZ#<4
zLS)^kf*a2-2p+-tcp1U(x;QqA@o})WJhQ3()~09-_)`h-(7?fqvB=Qo&@|`=>s5KU
zmrmDbTK1gp3AyPD4;cN~$tr%fMe2Sq*1=Qpx(l~{Oeg5ghPtAj&qZ9t5P+Iup4iph
z;N9ZTe}0^Jo+$i^C)u}M<JuIyJuT`Gj5i$h;7@+y%r}<Ssb_h_1l=n)(9@(2-|M}F
zuNjlO(KHKu*mqZ`Y??Az)8?qR$DFu{N}g~nvZbCQF3Yc<RC~Z<ctfG@St3pS(}yV<
z$|#eDI9;C*P4oTomwc#SIY{ZapOtM9ejJ^hwxTC=Bev_jTRXD@HtCvJ-vXE!?51-{
zZwSP{1Nf<RH|QUtd(xH-LIv>8M3Xb~sy~kY++an>N%AGf!T)@x5nH4cC^gGpz+&0m
fzFVAaM`bl54=xs^?hOBeVei=D+_^DCu`vDvq!70Q

-- 
2.40.1


From 3b5cd592407451cac81af06ecce328f77f494d11 Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Thu, 30 Jul 2020 15:04:08 +0200
Subject: [PATCH 02/25] Rework templates for helm chart.

- app.ini configurable via config
- admin user and ldap settings configurable via config
- using statefulset to handle pvc
- update helpers for new dependencies
---
 templates/gitea/_container.tpl                |  46 -
 templates/gitea/config.yaml                   | 881 ++++++++++++++++++
 templates/gitea/gitea-config.yaml             | 725 --------------
 templates/gitea/gitea-pvc.yaml                |  29 -
 templates/gitea/gitea-ssh-svc.yaml            |  24 -
 .../{gitea-http-svc.yaml => http-svc.yaml}    |  12 +-
 templates/gitea/ingress.yaml                  |  39 +
 templates/gitea/ssh-svc.yaml                  |  24 +
 templates/gitea/statefulset.yaml              | 146 +++
 9 files changed, 1095 insertions(+), 831 deletions(-)
 delete mode 100644 templates/gitea/_container.tpl
 create mode 100644 templates/gitea/config.yaml
 delete mode 100644 templates/gitea/gitea-config.yaml
 delete mode 100644 templates/gitea/gitea-pvc.yaml
 delete mode 100644 templates/gitea/gitea-ssh-svc.yaml
 rename templates/gitea/{gitea-http-svc.yaml => http-svc.yaml} (50%)
 create mode 100644 templates/gitea/ingress.yaml
 create mode 100644 templates/gitea/ssh-svc.yaml
 create mode 100644 templates/gitea/statefulset.yaml

diff --git a/templates/gitea/_container.tpl b/templates/gitea/_container.tpl
deleted file mode 100644
index 033e668..0000000
--- a/templates/gitea/_container.tpl
+++ /dev/null
@@ -1,46 +0,0 @@
-{{/*
-Create helm partial for gitea server
-*/}}
-{{- define "gitea" }}
-- name: gitea
-  image: {{ .Values.images.gitea }}
-  imagePullPolicy: {{ .Values.images.pullPolicy }}
-  env:
-  - name: DATABASE_PASSWORD
-    valueFrom:
-      secretKeyRef:
-      {{- if .Values.mariadb.enabled }}
-        name: {{ template "mariadb.fullname" . }}
-        key: mariadb-password
-      {{- else }}
-        name: {{ printf "%s-%s" .Release.Name "externaldb" }}
-        key: db-password
-      {{- end }}
-  ports:
-  - name: ssh
-    containerPort: 22
-  - name: http
-    containerPort: 3000
-  livenessProbe:
-    tcpSocket:
-      port: http
-    initialDelaySeconds: 200
-    timeoutSeconds: 1
-    periodSeconds: 10
-    successThreshold: 1
-    failureThreshold: 10
-  readinessProbe:
-    tcpSocket:
-      port: http
-    initialDelaySeconds: 5
-    periodSeconds: 10
-    successThreshold: 1
-    failureThreshold: 3
-  resources:
-{{ toYaml .Values.resources.gitea | indent 10 }}
-  volumeMounts:
-  - name: gitea-data
-    mountPath: /data
-  - name: gitea-config
-    mountPath: /etc/gitea
-{{- end }}
diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml
new file mode 100644
index 0000000..209d7c1
--- /dev/null
+++ b/templates/gitea/config.yaml
@@ -0,0 +1,881 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "gitea.fullname" . }}
+  labels:
+    {{- include "gitea.labels" . | nindent 4 }}
+data:
+  app.ini: |-
+    ; This file lists the default values used by Gitea
+    ; Copy required sections to your own app.ini (default is custom/conf/app.ini)
+    ; and modify as needed.
+
+    ; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
+
+    ; App name that shows in every page title
+    APP_NAME = {{ .Values.gitea.config.appName }}
+    ; Change it if you run locally
+    RUN_USER = {{ .Values.gitea.config.runUser }}
+    ; Either "dev", "prod" or "test", default is "dev"
+    RUN_MODE = {{ .Values.gitea.config.runMode }}
+
+    [repository]
+    ROOT = {{ .Values.gitea.repository.root }}
+    SCRIPT_TYPE = bash
+    ; Default ANSI charset
+    ANSI_CHARSET =
+    ; Force every new repository to be private
+    FORCE_PRIVATE = {{ .Values.gitea.repository.forcePrivate }}
+    ; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used.
+    DEFAULT_PRIVATE = {{ .Values.gitea.repository.defaultPrivate }}
+    ; Global limit of repositories per user, applied at creation time. -1 means no limit
+    MAX_CREATION_LIMIT = {{ .Values.gitea.repository.maxCreationLimit }}
+    ; Mirror sync queue length, increase if mirror syncing starts hanging
+    MIRROR_QUEUE_LENGTH = {{ .Values.gitea.repository.mirrorQueueLength }}
+    ; Patch test queue length, increase if pull request patch testing starts hanging
+    PULL_REQUEST_QUEUE_LENGTH = {{ .Values.gitea.repository.pullRequestQueueLength }}
+    ; Preferred Licenses to place at the top of the List
+    ; The name here must match the filename in conf/license or custom/conf/license
+    PREFERRED_LICENSES = {{ .Values.gitea.repository.preferredLicenses }}
+    ; Disable the ability to interact with repositories using the HTTP protocol
+    DISABLE_HTTP_GIT = {{ .Values.gitea.repository.disableHttpGit }}
+    ; Force ssh:// clone url instead of scp-style uri when default SSH port is used
+    USE_COMPAT_SSH_URI = {{ .Values.gitea.repository.useCompatSSHUri }}
+
+    [repository.editor]
+    ; List of file extensions for which lines should be wrapped in the CodeMirror editor
+    ; Separate extensions with a comma. To line wrap files without an extension, just put a comma
+    LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
+    ; Valid file modes that have a preview API associated with them, such as api/v1/markdown
+    ; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match
+    PREVIEWABLE_FILE_MODES = markdown
+
+    [repository.local]
+    ; Path for local repository copy. Defaults to `tmp/local-repo`
+    LOCAL_COPY_PATH = {{ .Values.gitea.repository.local.copyPath }}
+    ; Path for local wiki copy. Defaults to `tmp/local-wiki`
+    LOCAL_WIKI_PATH = {{ .Values.gitea.repository.local.wikiPath }}
+
+    [repository.upload]
+    ; Whether repository file uploads are enabled. Defaults to `true`
+    ENABLED = {{ .Values.gitea.repository.upload.enabled }}
+    ; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart)
+    TEMP_PATH = {{ .Values.gitea.repository.upload.tempPath }}
+    ; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type
+    ALLOWED_TYPES = {{ .Values.gitea.repository.upload.allowedTypes }}
+    ; Max size of each file in megabytes. Defaults to 3MB
+    FILE_MAX_SIZE = {{ .Values.gitea.repository.upload.fileMaxSize }}
+    ; Max number of files per upload. Defaults to 5
+    MAX_FILES = {{ .Values.gitea.repository.upload.maxFiles }}
+
+    [repository.pull-request]
+    ; List of prefixes used in Pull Request title to mark them as Work In Progress
+    WORK_IN_PROGRESS_PREFIXES = {{ .Values.gitea.repository.pullRequest.workInProgressPrefixes }}
+    ; List of keywords used in Pull Request comments to automatically close a related issue
+    CLOSE_KEYWORDS= {{ .Values.gitea.repository.pullRequest.closeKeywords }}
+    ; List of keywords used in Pull Request comments to automatically reopen a related issue
+    REOPEN_KEYWORDS= {{ .Values.gitea.repository.pullRequest.reopenKeywords }}
+    ; In the default merge message for squash commits include at most this many commits
+    DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT= {{ .Values.gitea.repository.pullRequest.defaultMergeMessageCommitsLimit }}
+    ; In the default merge message for squash commits limit the size of the commit messages to this
+    DEFAULT_MERGE_MESSAGE_SIZE = {{ .Values.gitea.repository.pullRequest.defaultMergeMessageSize }}
+    ; In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list
+    DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = {{ .Values.gitea.repository.pullRequest.defaultMergeMessageAllAuthors }}
+    ; In default merge messages limit the number of approvers listed as Reviewed-by: to this many
+    DEFAULT_MERGE_MESSAGE_MAX_APPROVERS = {{ .Values.gitea.repository.pullRequest.defaultMergeMessageMaxApprovers }}
+    ; In default merge messages only include approvers who are official
+    DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY = {{ .Values.gitea.repository.pullRequest.defaultMergeMessageOfficialApproversOnly }}
+
+    [repository.signing]
+    ; GPG key to use to sign commits, Defaults to the default - that is the value of git config --get user.signingkey
+    ; run in the context of the RUN_USER
+    ; Switch to none to stop signing completely
+    SIGNING_KEY = {{ .Values.gitea.repository.signing.signingKey }}
+    ; If a SIGNING_KEY ID is provided and is not set to default, use the provided Name and Email address as the signer.
+    ; These should match a publicized name and email address for the key. (When SIGNING_KEY is default these are set to
+    ; the results of git config --get user.name and git config --get user.email respectively and can only be overrided
+    ; by setting the SIGNING_KEY ID to the correct ID.)
+    SIGNING_NAME = {{ .Values.gitea.repository.signing.signingName }}
+    SIGNING_EMAIL = {{ .Values.gitea.repository.signing.signingEmail }}
+    ; Determines when gitea should sign the initial commit when creating a repository
+    ; Either:
+    ; - never
+    ; - pubkey: only sign if the user has a pubkey
+    ; - twofa: only sign if the user has logged in with twofa
+    ; - always
+    ; options other than none and always can be combined as comma separated list
+    INITIAL_COMMIT = {{ .Values.gitea.repository.signing.initialCommit }}
+    ; Determines when to sign for CRUD actions
+    ; - as above
+    ; - parentsigned: requires that the parent commit is signed.
+    CRUD_ACTIONS = {{ .Values.gitea.repository.signing.crudActions }}
+    ; Determines when to sign Wiki commits
+    ; - as above
+    WIKI = {{ .Values.gitea.repository.signing.wiki }}
+    ; Determines when to sign on merges
+    ; - basesigned: require that the parent of commit on the base repo is signed.
+    ; - commitssigned: require that all the commits in the head branch are signed.
+    ; - approved: only sign when merging an approved pr to a protected branch
+    MERGES = {{ .Values.gitea.repository.signing.merges }}
+
+    [ui]
+    ; Number of repositories that are displayed on one explore page
+    EXPLORE_PAGING_NUM = {{ .Values.gitea.ui.explorePagingNum }}
+    ; Number of issues that are displayed on one page
+    ISSUE_PAGING_NUM = {{ .Values.gitea.ui.issuePagingNum }}
+    MEMBERS_PAGING_NUM = {{ .Values.gitea.ui.membersPagingNum }}
+    ; Number of maximum commits displayed in one activity feed
+    FEED_MAX_COMMIT_NUM = {{ .Values.gitea.ui.feedMaxCommitNum }}
+    ; Number of maximum commits displayed in commit graph.
+    GRAPH_MAX_COMMIT_NUM = {{ .Values.gitea.ui.graphMaxCommitNum }}
+    ; Number of line of codes shown for a code comment
+    CODE_COMMENT_LINES = {{ .Values.gitea.ui.codeCommentLines }}
+    ; Value of `theme-color` meta tag, used by Android >= 5.0
+    ; An invalid color like "none" or "disable" will have the default style
+    ; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
+    THEME_COLOR_META_TAG = {{ .Values.gitea.ui.themeColorMetaTag }}
+    ; Max size of files to be displayed (default is 8MiB)
+    MAX_DISPLAY_FILE_SIZE = {{ .Values.gitea.ui.maxDisplayFileSize }}
+    ; Whether the email of the user should be shown in the Explore Users page
+    SHOW_USER_EMAIL = {{ .Values.gitea.ui.showUserMail }}
+    ; Set the default theme for the Gitea install
+    DEFAULT_THEME = {{ .Values.gitea.ui.defaultTheme }}
+    ; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
+    THEMES = gitea,arc-green
+    ;All available reactions users can choose on issues/prs and comments.
+    ;Values can be emoji alias (:smile:) or a unicode emoji.
+    ;For custom reactions, add a tightly cropped square image to public/emoji/img/reaction_name.png
+    REACTIONS = +1, -1, laugh, hooray, confused, heart, rocket, eyes
+    ; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
+    DEFAULT_SHOW_FULL_NAME = {{ .Values.gitea.ui.defaultShowFullName }}
+    ; Whether to search within description at repository search on explore page.
+    SEARCH_REPO_DESCRIPTION = {{ .Values.gitea.ui.searchRepoDescription }}
+    ; Whether to enable a Service Worker to cache frontend assets
+    USE_SERVICE_WORKER = {{ .Values.gitea.ui.useServiceWorker }}
+
+
+    [ui.admin]
+    ; Number of users that are displayed on one page
+    USER_PAGING_NUM = 50
+    ; Number of repos that are displayed on one page
+    REPO_PAGING_NUM = 50
+    ; Number of notices that are displayed on one page
+    NOTICE_PAGING_NUM = 25
+    ; Number of organizations that are displayed on one page
+    ORG_PAGING_NUM = 50
+
+    [ui.user]
+    ; Number of repos that are displayed on one page
+    REPO_PAGING_NUM = 15
+
+    [ui.meta]
+    AUTHOR = Gitea - Git with a cup of tea
+    DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go
+    KEYWORDS = go,git,self-hosted,gitea
+
+    [markdown]
+    ; Enable hard line break extension
+    ENABLE_HARD_LINE_BREAK = false
+    ; List of custom URL-Schemes that are allowed as links when rendering Markdown
+    ; for example git,magnet
+    CUSTOM_URL_SCHEMES =
+    ; List of file extensions that should be rendered/edited as Markdown
+    ; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
+    FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
+
+    [server]
+    ; PROTOCOL hardcoded to http since tls is delegated to ingress
+    PROTOCOL = http
+    {{- if .Values.gitea.server.http.externalDomain }}
+    DOMAIN = {{ .Values.gitea.server.http.externalDomain }}
+    {{ else }}
+    DOMAIN = {{ include "gitea.fullname" . }}-http.{{ .Release.Namespace }}.svc.cluster.local
+    {{ end }}
+    {{ if .Values.ingress.tls }}
+    {{- $proto := set . "proto" "https" }}
+    {{- else -}}
+    {{- $proto := set . "proto" "http" }}
+    {{- end -}}
+    {{- if and .Values.gitea.server.http.externalDomain ( .Values.gitea.server.http.externalPort ) }}
+    ROOT_URL = {{ .proto }}://{{ .Values.gitea.server.http.externalDomain }}:{{ .Values.gitea.server.http.externalPort }}/
+    {{- else if .Values.gitea.server.http.externalDomain }}
+    ROOT_URL = {{ .proto }}://{{ .Values.gitea.server.http.externalDomain }}/
+    {{- else }}
+    ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
+    {{- end -}}
+    ; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
+    HTTP_ADDR = 0.0.0.0
+    HTTP_PORT = {{ .Values.service.http.port }}
+    ; If REDIRECT_OTHER_PORT is true, and PROTOCOL is set to https an http server
+    ; will be started on PORT_TO_REDIRECT and it will redirect plain, non-secure http requests to the main
+    ; ROOT_URL.  Defaults are false for REDIRECT_OTHER_PORT and 80 for
+    ; PORT_TO_REDIRECT.
+    REDIRECT_OTHER_PORT = false
+    PORT_TO_REDIRECT = 80
+    ; Permission for unix socket
+    UNIX_SOCKET_PERMISSION = 666
+    ; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
+    ; In most cases you do not need to change the default value.
+    ; Alter it only if your SSH server node is not the same as HTTP node.
+    ; Do not set this variable if PROTOCOL is set to 'unix'.
+    LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
+    ; Disable SSH feature when not available
+    DISABLE_SSH = false
+    ; Whether to use the builtin SSH server or not.
+    START_SSH_SERVER = false
+    ; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
+    BUILTIN_SSH_SERVER_USER =
+    ; Domain name to be exposed in clone URL
+    {{- if .Values.gitea.server.ssh.externalDomain }}
+    SSH_DOMAIN = {{ .Values.gitea.server.ssh.externalDomain }}
+    {{- else }}
+    SSH_DOMAIN = {{ include "gitea.fullname" . }}-ssh.{{ .Release.Namespace }}.svc.cluster.local
+    {{- end }}
+    ; THe network interface the builtin SSH server should listen on
+    SSH_LISTEN_HOST =
+    ; Port number to be exposed in clone URL
+    {{- if .Values.gitea.server.ssh.externalPort  }}
+    SSH_PORT = {{ .Values.gitea.server.ssh.externalPort  }}
+    {{- else }}
+    SSH_PORT = {{ .Values.service.ssh.port  }}
+    {{- end }}
+    ; The port number the builtin SSH server should listen on
+    SSH_LISTEN_PORT = {{ .Values.service.ssh.port  }}
+    ; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
+    SSH_ROOT_PATH =
+    ; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
+    ; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
+    SSH_CREATE_AUTHORIZED_KEYS_FILE = true
+    ; For the built-in SSH server, choose the ciphers to support for SSH connections,
+    ; for system SSH this setting has no effect
+    SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
+    ; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections,
+    ; for system SSH this setting has no effect
+    SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
+    ; For the built-in SSH server, choose the MACs to support for SSH connections,
+    ; for system SSH this setting has no effect
+    SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
+    ; Directory to create temporary files in when testing public keys using ssh-keygen,
+    ; default is the system temporary directory.
+    SSH_KEY_TEST_PATH =
+    ; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
+    SSH_KEYGEN_PATH = ssh-keygen
+    ; Enable SSH Authorized Key Backup when rewriting all keys, default is true
+    SSH_BACKUP_AUTHORIZED_KEYS = true
+    ; Enable exposure of SSH clone URL to anonymous visitors, default is false
+    SSH_EXPOSE_ANONYMOUS = false
+    ; Indicate whether to check minimum key size with corresponding type
+    MINIMUM_KEY_SIZE_CHECK = false
+    ; Disable CDN even in "prod" mode
+    OFFLINE_MODE = {{ .Values.gitea.server.offlineMode }}
+    DISABLE_ROUTER_LOG = false
+    ; Generate steps:
+    ; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
+    ;
+    ; Or from a .pfx file exported from the Windows certificate store (do
+    ; not forget to export the private key):
+    ; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
+    ; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
+    CERT_FILE = custom/https/cert.pem
+    KEY_FILE = custom/https/key.pem
+    ; Root directory containing templates and static files.
+    ; default is the path where Gitea is executed
+    STATIC_ROOT_PATH =
+    ; Default path for App data
+    APP_DATA_PATH = data
+    ; Application level GZIP support
+    ENABLE_GZIP = false
+    ; Application profiling (memory and cpu)
+    ; For "web" command it listens on localhost:6060
+    ; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)_<username>_<temporary id>
+    ENABLE_PPROF = false
+    ; PPROF_DATA_PATH, use an absolute path when you start gitea as service
+    PPROF_DATA_PATH = data/tmp/pprof
+    ; Landing page, can be "home", "explore", or "organizations"
+    LANDING_PAGE = home
+    ; Enables git-lfs support. true or false, default is false.
+    LFS_START_SERVER = false
+    ; Where your lfs files reside, default is data/lfs.
+    LFS_CONTENT_PATH = data/lfs
+    ; LFS authentication secret, change this yourself
+    LFS_JWT_SECRET =
+    ; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
+    LFS_HTTP_AUTH_EXPIRY = 20m
+
+    ; Define allowed algorithms and their minimum key length (use -1 to disable a type)
+    [ssh.minimum_key_sizes]
+    ED25519 = 256
+    ECDSA = 256
+    RSA = 2048
+    DSA = 1024
+
+    [database]
+    {{- if .Values.gitea.database.builtIn.postgresql.enabled }}
+    DB_TYPE = postgres
+    HOST = {{ include "postgresql.dns" . }}
+    NAME = {{ .Values.postgresql.global.postgresql.postgresqlDatabase }}
+    USER = {{ .Values.postgresql.global.postgresql.postgresqlUsername }}
+    PASSWD = {{ .Values.postgresql.global.postgresql.postgresqlPassword }}
+    {{ else if .Values.gitea.database.builtIn.mysql.enabled }}
+    DB_TYPE = mysql
+    HOST = {{ include "mysql.dns" . }}
+    NAME = {{ .Values.mysql.mysqlDatabase }}
+    USER = {{ .Values.mysql.mysqlUser }}
+    PASSWD = {{ .Values.mysql.mysqlPassword }}
+    {{ else }}
+    ; Database to use. Either "mysql", "postgres", "mssql" or "sqlite3".
+    DB_TYPE = {{ .Values.gitea.database.external.type }}
+    HOST = {{ .Values.gitea.database.external.host }}:{{ .Values.gitea.database.external.port }}
+    NAME = {{ .Values.gitea.database.external.name }}
+    USER = {{ .Values.gitea.database.external.user }}
+    ; Use PASSWD = `your password` for quoting if you use special characters in the password.
+    PASSWD = {{ .Values.gitea.database.external.password }}
+    ; For Postgres, schema to use if different from "public". The schema must exist beforehand,
+    ; the user must have creation privileges on it, and the user search path must be set
+    ; to the look into the schema first. e.g.:ALTER USER user SET SEARCH_PATH = schema_name,"$user",public;
+    SCHEMA = {{ .Values.gitea.database.external.schema }}
+    {{ end }}
+    ; For Postgres, either "disable" (default), "require", or "verify-full"
+    ; For MySQL, either "false" (default), "true", or "skip-verify"
+    SSL_MODE = {{ .Values.gitea.database.sslMode }}
+    ; For MySQL only, either "utf8" or "utf8mb4", default is "utf8mb4".
+    ; NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
+    CHARSET = {{ .Values.gitea.database.charset }}
+    ; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
+    PATH = {{ .Values.gitea.database.path }}
+    ; For "sqlite3" only. Query timeout
+    SQLITE_TIMEOUT = {{ .Values.gitea.database.sqlLiteTimeout }}
+    ; For iterate buffer, default is 50
+    ITERATE_BUFFER_SIZE = {{ .Values.gitea.database.iterateBufferSize }}
+    ; Show the database generated SQL
+    LOG_SQL = {{ .Values.gitea.database.logSql }}
+    ; Maximum number of DB Connect retries
+    DB_RETRIES = {{ .Values.gitea.database.dbRetries }}
+    ; Backoff time per DB retry (time.Duration)
+    DB_RETRY_BACKOFF = {{ .Values.gitea.database.dbRetryBackoff }}
+    ; Max idle database connections on connnection pool, default is 2
+    MAX_IDLE_CONNS = {{ .Values.gitea.database.maxIdleConns }}
+    ; Database connection max life time, default is 0 or 3s mysql (See #6804 & #7071 for reasoning)
+    CONN_MAX_LIFETIME = {{ .Values.gitea.database.connMaxLifetime }}
+    ; Database maximum number of open connections, default is 0 meaning no maximum
+    MAX_OPEN_CONNS = {{ .Values.gitea.database.maxOpenConns }}
+
+    [indexer]
+    ISSUE_INDEXER_PATH = indexers/issues.bleve
+    ; repo indexer by default disabled, since it uses a lot of disk space
+    REPO_INDEXER_ENABLED = false
+    REPO_INDEXER_PATH = indexers/repos.bleve
+    UPDATE_BUFFER_LEN = 20
+    MAX_FILE_SIZE = 1048576
+
+    [admin]
+    ; Disallow regular (non-admin) users from creating organizations.
+    DISABLE_REGULAR_ORG_CREATION = {{ .Values.gitea.admin.disableRegularOrgCreation }}
+    ; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
+    DEFAULT_EMAIL_NOTIFICATIONS = {{ .Values.gitea.admin.defaultEmailNotifications }}
+
+    [security]
+    ; Whether the installer is disabled
+    INSTALL_LOCK = {{ .Values.gitea.security.installLock }}
+    ; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
+    SECRET_KEY = {{ .Values.gitea.security.secretKey }}
+    ; How long to remember that a user is logged in before requiring relogin (in days)
+    LOGIN_REMEMBER_DAYS = {{ .Values.gitea.security.loginRememberDays }}
+    COOKIE_USERNAME = {{ .Values.gitea.security.cookieUsername }}
+    COOKIE_REMEMBER_NAME = {{ .Values.gitea.security.cookieRememberName }}
+    ; Reverse proxy authentication header name of user name
+    REVERSE_PROXY_AUTHENTICATION_USER = {{ .Values.gitea.security.reverseProxyAuthUser }}
+    REVERSE_PROXY_AUTHENTICATION_EMAIL = {{ .Values.gitea.security.reverseProxyAuthEmail }}
+    ; The minimum password length for new Users
+    MIN_PASSWORD_LENGTH = {{ .Values.gitea.security.minPasswordLength }}
+    ; Set to true to allow users to import local server paths
+    IMPORT_LOCAL_PATHS = {{ .Values.gitea.security.importLocalPaths }}
+    ; Set to true to prevent all users (including admin) from creating custom git hooks
+    DISABLE_GIT_HOOKS = {{ .Values.gitea.security.disabledGitHooks }}
+    ; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED
+    ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = {{ .Values.gitea.security.onlyAllowPushIfGiteaEnvSet }}
+    ;Comma separated list of character classes required to pass minimum complexity.
+    ;If left empty or no valid values are specified, the default values ("lower,upper,digit,spec") will be used.
+    ;Use "off" to disable checking.
+    PASSWORD_COMPLEXITY = {{ .Values.gitea.security.passwordComplexity }}
+    ; Password Hash algorithm, either "pbkdf2", "argon2", "scrypt" or "bcrypt"
+    PASSWORD_HASH_ALGO = {{ .Values.gitea.security.passwordHashAlgo }}
+    ; Set false to allow JavaScript to read CSRF cookie
+    CSRF_COOKIE_HTTP_ONLY = {{ .Values.gitea.security.crsfCookieHttpOnly }}
+
+    [openid]
+    ;
+    ; OpenID is an open, standard and decentralized authentication protocol.
+    ; Your identity is the address of a webpage you provide, which describes
+    ; how to prove you are in control of that page.
+    ;
+    ; For more info: https://en.wikipedia.org/wiki/OpenID
+    ;
+    ; Current implementation supports OpenID-2.0
+    ;
+    ; Tested to work providers at the time of writing:
+    ;  - Any GNUSocial node (your.hostname.tld/username)
+    ;  - Any SimpleID provider (http://simpleid.koinic.net)
+    ;  - http://openid.org.cn/
+    ;  - openid.stackexchange.com
+    ;  - login.launchpad.net
+    ;  - <username>.livejournal.com
+    ;
+    ; Whether to allow signin in via OpenID
+    ENABLE_OPENID_SIGNIN = {{ .Values.gitea.openid.enableOpenidSignin }}
+    ; Whether to allow registering via OpenID
+    ; Do not include to rely on rhw DISABLE_REGISTRATION setting
+    ;ENABLE_OPENID_SIGNUP = {{ .Values.gitea.openid.enableOpenidSignup }}
+    ; Allowed URI patterns (POSIX regexp).
+    ; Space separated.
+    ; Only these would be allowed if non-blank.
+    ; Example value: trusted.domain.org trusted.domain.net
+    WHITELISTED_URIS = {{ .Values.gitea.openid.whitelistedUris }}
+    ; Forbidden URI patterns (POSIX regexp).
+    ; Space separated.
+    ; Only used if WHITELISTED_URIS is blank.
+    ; Example value: loadaverage.org/badguy stackexchange.com/.*spammer
+    BLACKLISTED_URIS = {{ .Values.gitea.openid.blacklistedUris }}
+
+    [service]
+    ; Time limit to confirm account/email registration
+    ACTIVE_CODE_LIVE_MINUTES = {{ .Values.gitea.service.activeCodeLiveMinutes }}
+    ; Time limit to perform the reset of a forgotten password
+    RESET_PASSWD_CODE_LIVE_MINUTES = {{ .Values.gitea.service.resetPasswordCodeLiveMinutes }}
+    ; Whether a new user needs to confirm their email when registering.
+    REGISTER_EMAIL_CONFIRM = {{ .Values.gitea.service.registerEmailConfirm }}
+    ; List of domain names that are allowed to be used to register on a Gitea instance
+    ; gitea.io,example.com
+    EMAIL_DOMAIN_WHITELIST= {{ .Values.gitea.service.emailDomainWhitelist }}
+    ; Disallow registration, only allow admins to create accounts.
+    DISABLE_REGISTRATION = {{ .Values.gitea.service.disableRegistration }}
+    ; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
+    ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ .Values.gitea.service.allowOnlyExternalRegistration }}
+    ; User must sign in to view anything.
+    REQUIRE_SIGNIN_VIEW = {{ .Values.gitea.service.requireSigninView }}
+    ; Mail notification
+    ENABLE_NOTIFY_MAIL = {{ .Values.gitea.service.enableNotifyMail }}
+    ; This setting enables gitea to be signed in with HTTP BASIC Authentication using the user's password
+    ; If you set this to false you will not be able to access the tokens endpoints on the API with your password
+    ; Please note that setting this to false will not disable OAuth Basic or Basic authentication using a token
+    ENABLE_BASIC_AUTHENTICATION = {{ .Values.gitea.service.enableBasicAuth }}
+    ; More detail: https://github.com/gogits/gogs/issues/165
+    ENABLE_REVERSE_PROXY_AUTHENTICATION = {{ .Values.gitea.service.enableReverseProxyAuth }}
+    ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = {{ .Values.gitea.service.enableReverseProxyAutoRegistration }}
+    ENABLE_REVERSE_PROXY_EMAIL = {{ .Values.gitea.service.enableReverseProxyEmail }}
+    ; Enable captcha validation for registration
+    ENABLE_CAPTCHA = {{ .Values.gitea.service.enableCaptcha }}
+    ; Type of captcha you want to use. Options: image, recaptcha
+    CAPTCHA_TYPE = {{ .Values.gitea.service.captchaType }}
+    ; Enable recaptcha to use Google's recaptcha service
+    ; Go to https://www.google.com/recaptcha/admin to sign up for a key
+    RECAPTCHA_SECRET  = {{ .Values.gitea.service.recaptchaSecret }}
+    RECAPTCHA_SITEKEY = {{ .Values.gitea.service.recaptchaSiteKey }}
+    ; Change this to use recaptcha.net or other recaptcha service
+    RECAPTCHA_URL = {{ .Values.gitea.service.racaptchaUrl }}
+    ; Default value for KeepEmailPrivate
+    ; Each new user will get the value of this setting copied into their profile
+    DEFAULT_KEEP_EMAIL_PRIVATE = {{ .Values.gitea.service.defaultKeepEmailPrivate }}
+    ; Default value for AllowCreateOrganization
+    ; Every new user will have rights set to create organizations depending on this setting
+    DEFAULT_ALLOW_CREATE_ORGANIZATION = {{ .Values.gitea.service.deaultAllowCreateOrg }}
+    ; Either "public", "limited" or "private", default is "public"
+    ; Limited is for signed user only
+    ; Private is only for member of the organization
+    ; Public is for everyone
+    DEFAULT_ORG_VISIBILITY = {{ .Values.gitea.service.defaultOrgVisibility }}
+    ; Default value for DefaultOrgMemberVisible
+    ; True will make the membership of the users visible when added to the organisation
+    DEFAULT_ORG_MEMBER_VISIBLE = {{ .Values.gitea.service.defaultOrgMemberVisible }}
+    ; Default value for EnableDependencies
+    ; Repositories will use dependencies by default depending on this setting
+    DEFAULT_ENABLE_DEPENDENCIES = {{ .Values.gitea.service.defaultEnableDependencies }}
+    ; Dependencies can be added from any repository where the user is granted access or only from the current repository depending on this setting.
+    ALLOW_CROSS_REPOSITORY_DEPENDENCIES = {{ .Values.gitea.service.allowCrossRepositoryDependencies }}
+    ; Enable heatmap on users profiles.
+    ENABLE_USER_HEATMAP = {{ .Values.gitea.service.enableUserHeatmap }}
+    ; Enable Timetracking
+    ENABLE_TIMETRACKING = {{ .Values.gitea.service.enableTimeTracking }}
+    ; Default value for EnableTimetracking
+    ; Repositories will use timetracking by default depending on this setting
+    DEFAULT_ENABLE_TIMETRACKING = {{ .Values.gitea.service.defaultEnableTimeTracking}}
+    ; Default value for AllowOnlyContributorsToTrackTime
+    ; Only users with write permissions can track time if this is true
+    DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = {{ .Values.gitea.service.defaultAllowOnlyContributorsToTrackTime }}
+    ; Default value for the domain part of the user's email address in the git log
+    ; if he has set KeepEmailPrivate to true. The user's email will be replaced with a
+    ; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
+    NO_REPLY_ADDRESS = {{ .Values.gitea.service.noReplyAddress }}
+    ; Show Registration button
+    SHOW_REGISTRATION_BUTTON = {{ .Values.gitea.service.showRegistrationButton }}
+    ; Show milestones dashboard page - a view of all the user's milestones
+    SHOW_MILESTONES_DASHBOARD_PAGE = {{ .Values.gitea.service.showMilestonesDashboardPage }}
+    ; Default value for AutoWatchNewRepos
+    ; When adding a repo to a team or creating a new repo all team members will watch the
+    ; repo automatically if enabled
+    AUTO_WATCH_NEW_REPOS = {{ .Values.gitea.service.autoWatchNewRepos }}
+    ; Default value for AutoWatchOnChanges
+    ; Make the user watch a repository When they commit for the first time
+    AUTO_WATCH_ON_CHANGES = {{ .Values.gitea.service.autoWatchOnChanges }}
+
+    [webhook]
+    ; Hook task queue length, increase if webhook shooting starts hanging
+    QUEUE_LENGTH = {{ .Values.gitea.webhook.queueLength }}
+    ; Deliver timeout in seconds
+    DELIVER_TIMEOUT = {{ .Values.gitea.webhook.deliverTimeout }}
+    ; Allow insecure certification
+    SKIP_TLS_VERIFY = {{ .Values.gitea.webhook.skipTlsVerify }}
+    ; Number of history information in each page
+    PAGING_NUM = {{ .Values.gitea.webhook.pagingNum }}
+
+    [mailer]
+    ENABLED = {{ .Values.gitea.mailer.enabled }}
+    ; Buffer length of channel, keep it as it is if you don't know what it is.
+    SEND_BUFFER_LEN = {{ .Values.gitea.mailer.sendBufferLen }}
+    ; Prefix displayed before subject in mail
+    SUBJECT_PREFIX = {{ .Values.gitea.mailer.subjectPrefix }}
+    ; Mail server
+    ; Gmail: smtp.gmail.com:587
+    ; QQ: smtp.qq.com:465
+    ; Using STARTTLS on port 587 is recommended per RFC 6409.
+    ; Note, if the port ends with "465", SMTPS will be used.
+    HOST = {{ .Values.gitea.mailer.host }}
+    ; Disable HELO operation when hostnames are different.
+    DISABLE_HELO = {{ .Values.gitea.mailer.disableHelo }}
+    ; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
+    HELO_HOSTNAME = {{ .Values.gitea.mailer.heloHostname }}
+    ; Do not verify the certificate of the server. Only use this for self-signed certificates
+    SKIP_VERIFY = {{ .Values.gitea.mailer.skipVerify }}
+    ; Use client certificate
+    USE_CERTIFICATE = {{ .Values.gitea.mailer.useCertificate }}
+    CERT_FILE = {{ .Values.gitea.mailer.certFile }}
+    KEY_FILE = {{ .Values.gitea.mailer.keyFile }}
+    ; Should SMTP connect with TLS, (if port ends with 465 TLS will always be used.)
+    ; If this is false but STARTTLS is supported the connection will be upgraded to TLS opportunistically.
+    IS_TLS_ENABLED = {{ .Values.gitea.mailer.isTlsEnabled }}
+    ; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
+    FROM = {{ .Values.gitea.mailer.from }}
+    ; Mailer user name and password
+    ; Please Note: Authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via STARTTLS) or `HOST=localhost`.
+    USER = {{ .Values.gitea.mailer.user }}
+    ; Use PASSWD = `your password` for quoting if you use special characters in the password.
+    PASSWD = {{ .Values.gitea.mailer.password }}
+    ; Send mails as plain text
+    SEND_AS_PLAIN_TEXT = {{ .Values.gitea.mailer.sendAsPlainText }}
+    ; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
+    MAILER_TYPE = {{ .Values.gitea.mailer.mailerType }}
+    ; Specify an alternative sendmail binary
+    SENDMAIL_PATH = {{ .Values.gitea.mailer.sendMailPath }}
+    ; Specify any extra sendmail arguments
+    SENDMAIL_ARGS = {{ .Values.gitea.mailer.sendMailArgs }}
+    ; Timeout for Sendmail
+    SENDMAIL_TIMEOUT = {{ .Values.gitea.mailer.sendMailTimeout }}
+
+    [cache]
+    ; if the cache enabled
+    ENABLED = {{ .Values.gitea.cache.enabled }}
+    {{- if .Values.gitea.cache.builtIn.enabled }}
+    ; Either "memory", "redis", or "memcache", default is "memory"
+    ADAPTER = memcache
+    ; For "redis" and "memcache", connection host address
+    ; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+    ; memcache: `127.0.0.1:11211`
+    HOST = {{ include "memcached.dns" . }}
+    {{ else }}
+    ADAPTER = {{ .Values.gitea.cache.external.adapter }}
+    ; For "redis" and "memcache", connection host address
+    ; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+    ; memcache: `127.0.0.1:11211`
+    HOST = {{ .Values.gitea.cache.external.host }}
+    {{ end }}
+    ; For "memory" only, GC interval in seconds, default is 60
+    INTERVAL = {{ .Values.gitea.cache.interval }}
+    ; Time to keep items in cache if not used, default is 16 hours.
+    ; Setting it to 0 disables caching
+    ITEM_TTL = {{ .Values.gitea.cache.itemTTL }}
+
+    ; Last commit cache
+    [cache.last_commit]
+    ; if the cache enabled
+    ENABLED = {{ .Values.gitea.cache.lastCommit.enabled }}
+    ; Time to keep items in cache if not used, default is 8760 hours.
+    ; Setting it to 0 disables caching
+    ITEM_TTL = {{ .Values.gitea.cache.lastCommit.itemTTL }}
+    ; Only enable the cache when repository's commits count great than
+    COMMITS_COUNT = {{ .Values.gitea.cache.lastCommit.commitCount }}
+
+    [session]
+    ; Either "memory", "file", or "redis", default is "memory"
+    PROVIDER = memory
+    ; Provider config options
+    ; memory: doesn't have any config yet
+    ; file: session file path, e.g. `data/sessions`
+    ; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+    ; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
+    PROVIDER_CONFIG = data/sessions
+    ; Session cookie name
+    COOKIE_NAME = i_like_gitea
+    ; If you use session in https only, default is false
+    COOKIE_SECURE = false
+    ; Enable set cookie, default is true
+    ENABLE_SET_COOKIE = true
+    ; Session GC time interval in seconds, default is 86400 (1 day)
+    GC_INTERVAL_TIME = 86400
+    ; Session life time in seconds, default is 86400 (1 day)
+    SESSION_LIFE_TIME = 86400
+
+    [picture]
+    AVATAR_UPLOAD_PATH = data/avatars
+    ; Max Width and Height of uploaded avatars. This is to limit the amount of RAM
+    ; used when resizing the image.
+    AVATAR_MAX_WIDTH = 4096
+    AVATAR_MAX_HEIGHT = 3072
+    ; Chinese users can choose "duoshuo"
+    ; or a custom avatar source, like: http://cn.gravatar.com/avatar/
+    GRAVATAR_SOURCE = gravatar
+    ; This value will always be true in offline mode.
+    DISABLE_GRAVATAR = false
+    ; Federated avatar lookup uses DNS to discover avatar associated
+    ; with emails, see https://www.libravatar.org
+    ; This value will always be false in offline mode or when Gravatar is disabled.
+    ENABLE_FEDERATED_AVATAR = false
+
+    [attachment]
+    ; Whether attachments are enabled. Defaults to `true`
+    ENABLED = {{ .Values.gitea.attachment.enabled }}
+    ; Path for attachments. Defaults to `data/attachments`
+    PATH = {{ .Values.gitea.attachment.path }}
+    ; One or more allowed types, e.g. image/jpeg|image/png
+    ALLOWED_TYPES = {{ .Values.gitea.attachment.allowedTypes }}
+    ; Max size of each file. Defaults to 4MB
+    MAX_SIZE = {{ .Values.gitea.attachment.maxSize }}
+    ; Max number of files per upload. Defaults to 5
+    MAX_FILES = {{ .Values.gitea.attachment.maxFiles }}
+
+    [log]
+    ROOT_PATH = {{ .Values.gitea.log.rootPath }}
+    ; Either "console", "file", "conn", "smtp" or "database", default is "console"
+    ; Use comma to separate multiple modes, e.g. "console, file"
+    MODE = {{ .Values.gitea.log.mode }}
+    ; Buffer length of the channel, keep it as it is if you don't know what it is.
+    BUFFER_LEN = {{ .Values.gitea.log.bufferLen }}
+    REDIRECT_MACARON_LOG = {{ .Values.gitea.log.redirectMacaronLog }}
+    MACARON = {{ .Values.gitea.log.macaron }}
+    ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Info"
+    ROUTER_LOG_LEVEL = {{ .Values.gitea.log.routerLogLevel }}
+    ROUTER = {{ .Values.gitea.log.router }}
+    ENABLE_ACCESS_LOG = {{ .Values.gitea.log.enableAccessLog }}
+    ACCESS = {{ .Values.gitea.log.access }}
+    ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
+    LEVEL = {{ .Values.gitea.log.level }}
+    ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None"
+    STACKTRACE_LEVEL = {{ .Values.gitea.log.stackTraceLevel }}
+
+    ; Generic log modes
+    [log.x]
+    FLAGS = {{ .Values.gitea.log.x.flags }}
+    EXPRESSION = {{ .Values.gitea.log.x.expression }}
+    PREFIX = {{ .Values.gitea.log.x.prefix }}
+    COLORIZE = {{ .Values.gitea.log.x.colorize }}
+
+    ; For "console" mode only
+    [log.console]
+    LEVEL = {{ .Values.gitea.log.console.level }}
+    STDERR = {{ .Values.gitea.log.console.stderr }}
+
+    ; For "file" mode only
+    [log.file]
+    LEVEL = {{ .Values.gitea.log.file.level }}
+    ; Set the file_name for the logger. If this is a relative path this
+    ; will be relative to ROOT_PATH
+    FILE_NAME = {{ .Values.gitea.log.file.fileName }}
+    ; This enables automated log rotate(switch of following options), default is true
+    LOG_ROTATE = {{ .Values.gitea.log.file.logRotate }}
+    ; Max number of lines in a single file, default is 1000000
+    MAX_LINES = {{ .Values.gitea.log.file.maxLines }}
+    ; Max size shift of a single file, default is 28 means 1 << 28, 256MB
+    MAX_SIZE_SHIFT = {{ .Values.gitea.log.file.maxSizeShift }}
+    ; Segment log daily, default is true
+    DAILY_ROTATE = {{ .Values.gitea.log.file.dailyRotate }}
+    ; delete the log file after n days, default is 7
+    MAX_DAYS = {{ .Values.gitea.log.file.maxDays }}
+    ; compress logs with gzip
+    COMPRESS = {{ .Values.gitea.log.file.compress }}
+    ; compression level see godoc for compress/gzip
+    COMPRESSION_LEVEL = {{ .Values.gitea.log.file.compressionLeveL }}
+
+    ; For "conn" mode only
+    [log.conn]
+    LEVEL = {{ .Values.gitea.log.conn.level }}
+    ; Reconnect host for every single message, default is false
+    RECONNECT_ON_MSG = {{ .Values.gitea.log.conn.reconnOnMsg }}
+    ; Try to reconnect when connection is lost, default is false
+    RECONNECT = {{ .Values.gitea.log.conn.reconnect }}
+    ; Either "tcp", "unix" or "udp", default is "tcp"
+    PROTOCOL = {{ .Values.gitea.log.conn.protocol }}
+    ; Host address
+    ADDR = {{ .Values.gitea.log.conn.addr }}
+
+    ; For "smtp" mode only
+    [log.smtp]
+    LEVEL = {{ .Values.gitea.log.smtp.level }}
+    ; Name displayed in mail title, default is "Diagnostic message from server"
+    SUBJECT = {{ .Values.gitea.log.smtp.subject }}
+    ; Mail server
+    HOST = {{ .Values.gitea.log.smtp.host }}
+    ; Mailer user name and password
+    USER = {{ .Values.gitea.log.smtp.user }}
+    ; Use PASSWD = `your password` for quoting if you use special characters in the password.
+    PASSWD = {{ .Values.gitea.log.smtp.password }}
+    ; Receivers, can be one or more, e.g. 1@example.com,2@example.com
+    RECEIVERS  = {{ .Values.gitea.log.smtp.receivers }}
+
+    [cron]
+    ; Enable running cron tasks periodically.
+    ENABLED = true
+    ; Run cron tasks when Gitea starts.
+    RUN_AT_START = false
+
+    ; Update mirrors
+    [cron.update_mirrors]
+    SCHEDULE = @every 10m
+
+    ; Repository health check
+    [cron.repo_health_check]
+    SCHEDULE = @every 24h
+    TIMEOUT = 60s
+    ; Arguments for command 'git fsck', e.g. "--unreachable --tags"
+    ; see more on http://git-scm.com/docs/git-fsck
+    ARGS =
+
+    ; Check repository statistics
+    [cron.check_repo_stats]
+    RUN_AT_START = true
+    SCHEDULE = @every 24h
+
+    ; Clean up old repository archives
+    [cron.archive_cleanup]
+    ; Whether to enable the job
+    ENABLED = true
+    ; Whether to always run at least once at start up time (if ENABLED)
+    RUN_AT_START = true
+    ; Time interval for job to run
+    SCHEDULE = @every 24h
+    ; Archives created more than OLDER_THAN ago are subject to deletion
+    OLDER_THAN = 24h
+
+    ; Synchronize external user data (only LDAP user synchronization is supported)
+    [cron.sync_external_users]
+    ; Synchronize external user data when starting server (default false)
+    RUN_AT_START = false
+    ; Interval as a duration between each synchronization (default every 24h)
+    SCHEDULE = @every 24h
+    ; Create new users, update existing user data and disable users that are not in external source anymore (default)
+    ;   or only create new users if UPDATE_EXISTING is set to false
+    UPDATE_EXISTING = true
+
+    [git]
+    ; The path of git executable. If empty, Gitea searches through the PATH environment.
+    PATH = {{ .Values.gitea.git.path }}
+    ; Disables highlight of added and removed changes
+    DISABLE_DIFF_HIGHLIGHT = {{ .Values.gitea.git.disableDiffHighlight }}
+    ; Max number of lines allowed in a single file in diff view
+    MAX_GIT_DIFF_LINES = {{ .Values.gitea.git.maxGitDiffLines }}
+    ; Max number of allowed characters in a line in diff view
+    MAX_GIT_DIFF_LINE_CHARACTERS = {{ .Values.gitea.git.maxGitDiffLineChars }}
+    ; Max number of files shown in diff view
+    MAX_GIT_DIFF_FILES = {{ .Values.gitea.git.maxGitDiffFiles }}
+    ; Arguments for command 'git gc', e.g. "--aggressive --auto"
+    ; see more on http://git-scm.com/docs/git-gc/
+    GC_ARGS = {{ .Values.gitea.git.gcArgs }}
+    ; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
+    ENABLE_AUTO_GIT_WIRE_PROTOCOL = {{ .Values.gitea.git.enableAutoGitWireProt }}
+    ; Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
+    PULL_REQUEST_PUSH_MESSAGE = {{ .Values.gitea.git.pullRequestPushMessage }}
+
+    ; Operation timeout in seconds
+    [git.timeout]
+    DEFAULT = {{ .Values.gitea.git.timeout.default }}
+    MIGRATE = {{ .Values.gitea.git.timeout.migrate }}
+    MIRROR = {{ .Values.gitea.git.timeout.mirror }}
+    CLONE = {{ .Values.gitea.git.timeout.clone }}
+    PULL = {{ .Values.gitea.git.timeout.pull }}
+    GC = {{ .Values.gitea.git.timeout.gc }}
+
+    [mirror]
+    ; Default interval as a duration between each check
+    DEFAULT_INTERVAL = 8h
+    ; Min interval as a duration must be > 1m
+    MIN_INTERVAL = 10m
+
+    [api]
+    ; Enables Swagger. True or false; default is true.
+    ENABLE_SWAGGER = true
+    ; Max number of items in a page
+    MAX_RESPONSE_ITEMS = 50
+
+    [i18n]
+    LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
+    NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어
+
+    ; Used for datetimepicker
+    [i18n.datelang]
+    en-US = en
+    zh-CN = zh
+    zh-HK = zh-HK
+    zh-TW = zh-TW
+    de-DE = de
+    fr-FR = fr
+    nl-NL = nl
+    lv-LV = lv
+    ru-RU = ru
+    uk-UA = uk
+    ja-JP = ja
+    es-ES = es
+    pt-BR = pt-BR
+    pl-PL = pl
+    bg-BG = bg
+    it-IT = it
+    fi-FI = fi
+    tr-TR = tr
+    cs-CZ = cs-CZ
+    sr-SP = sr
+    sv-SE = sv
+    ko-KR = ko
+
+    [U2F]
+    ; Two Factor authentication with security keys
+    ; https://developers.yubico.com/U2F/App_ID.html
+    ;APP_ID = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
+    ; Comma seperated list of truisted facets
+    ;TRUSTED_FACETS = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
+
+    ; Extension mapping to highlight class
+    ; e.g. .toml=ini
+    [highlight.mapping]
+
+    [other]
+    SHOW_FOOTER_BRANDING = false
+    ; Show version information about Gitea and Go in the footer
+    SHOW_FOOTER_VERSION = true
+    ; Show template execution time in the footer
+    SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
+
+    [markup.asciidoc]
+    ENABLED = false
+    ; List of file extensions that should be rendered by an external command
+    FILE_EXTENSIONS = .adoc,.asciidoc
+    ; External command to render all matching extensions
+    RENDER_COMMAND = "asciidoc --out-file=- -"
+    ; Don't pass the file on STDIN, pass the filename as argument instead.
+    IS_INPUT_FILE = false
+
+    [metrics]
+    ; Enables metrics endpoint. True or false; default is false.
+    ENABLED = {{ .Values.gitea.metrics.enabled }}
+    ; If you want to add authorization, specify a token here
+    TOKEN = {{ .Values.gitea.metrics.token }}
+{{- if .Values.gitea.extraConfig }}
+
+{{ .Values.gitea.extraConfig | indent 4 }}
+{{ end }}
diff --git a/templates/gitea/gitea-config.yaml b/templates/gitea/gitea-config.yaml
deleted file mode 100644
index 61a21b9..0000000
--- a/templates/gitea/gitea-config.yaml
+++ /dev/null
@@ -1,725 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "fullname" . }}
-  labels:
-    app: {{ template "fullname" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-data:
-  app.ini: |-
-    ; This file lists the default values used by Gitea
-    ; Copy required sections to your own app.ini (default is custom/conf/app.ini)
-    ; and modify as needed.
-
-    ; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
-
-    ; App name that shows in every page title
-    APP_NAME = Gitea: Git with a cup of tea
-    ; Change it if you run locally
-    RUN_USER = git
-    ; Either "dev", "prod" or "test", default is "dev"
-    RUN_MODE = dev
-
-    [repository]
-    ROOT =
-    SCRIPT_TYPE = bash
-    ; Default ANSI charset
-    ANSI_CHARSET =
-    ; Force every new repository to be private
-    FORCE_PRIVATE = false
-    ; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used.
-    DEFAULT_PRIVATE = last
-    ; Global limit of repositories per user, applied at creation time. -1 means no limit
-    MAX_CREATION_LIMIT = -1
-    ; Mirror sync queue length, increase if mirror syncing starts hanging
-    MIRROR_QUEUE_LENGTH = 1000
-    ; Patch test queue length, increase if pull request patch testing starts hanging
-    PULL_REQUEST_QUEUE_LENGTH = 1000
-    ; Preferred Licenses to place at the top of the List
-    ; The name here must match the filename in conf/license or custom/conf/license
-    PREFERRED_LICENSES = Apache License 2.0,MIT License
-    ; Disable the ability to interact with repositories using the HTTP protocol
-    DISABLE_HTTP_GIT = false
-    ; Force ssh:// clone url instead of scp-style uri when default SSH port is used
-    USE_COMPAT_SSH_URI = false
-
-    [repository.editor]
-    ; List of file extensions for which lines should be wrapped in the CodeMirror editor
-    ; Separate extensions with a comma. To line wrap files without an extension, just put a comma
-    LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
-    ; Valid file modes that have a preview API associated with them, such as api/v1/markdown
-    ; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match
-    PREVIEWABLE_FILE_MODES = markdown
-
-    [repository.local]
-    ; Path for local repository copy. Defaults to `tmp/local-repo`
-    LOCAL_COPY_PATH = tmp/local-repo
-    ; Path for local wiki copy. Defaults to `tmp/local-wiki`
-    LOCAL_WIKI_PATH = tmp/local-wiki
-
-    [repository.upload]
-    ; Whether repository file uploads are enabled. Defaults to `true`
-    ENABLED = true
-    ; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart)
-    TEMP_PATH = data/tmp/uploads
-    ; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type
-    ALLOWED_TYPES =
-    ; Max size of each file in megabytes. Defaults to 3MB
-    FILE_MAX_SIZE = 3
-    ; Max number of files per upload. Defaults to 5
-    MAX_FILES = 5
-
-    [repository.pull-request]
-    ; List of prefixes used in Pull Request title to mark them as Work In Progress
-    WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
-
-    [ui]
-    ; Number of repositories that are displayed on one explore page
-    EXPLORE_PAGING_NUM = 20
-    ; Number of issues that are displayed on one page
-    ISSUE_PAGING_NUM = 10
-    ; Number of maximum commits displayed in one activity feed
-    FEED_MAX_COMMIT_NUM = 5
-    ; Number of maximum commits displayed in commit graph.
-    GRAPH_MAX_COMMIT_NUM = 100
-    ; Number of line of codes shown for a code comment
-    CODE_COMMENT_LINES = 4
-    ; Value of `theme-color` meta tag, used by Android >= 5.0
-    ; An invalid color like "none" or "disable" will have the default style
-    ; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
-    THEME_COLOR_META_TAG = `#6cc644`
-    ; Max size of files to be displayed (default is 8MiB)
-    MAX_DISPLAY_FILE_SIZE = 8388608
-    ; Whether the email of the user should be shown in the Explore Users page
-    SHOW_USER_EMAIL = true
-    ; Set the default theme for the Gitea install
-    DEFAULT_THEME = gitea
-
-
-    [ui.admin]
-    ; Number of users that are displayed on one page
-    USER_PAGING_NUM = 50
-    ; Number of repos that are displayed on one page
-    REPO_PAGING_NUM = 50
-    ; Number of notices that are displayed on one page
-    NOTICE_PAGING_NUM = 25
-    ; Number of organizations that are displayed on one page
-    ORG_PAGING_NUM = 50
-
-    [ui.user]
-    ; Number of repos that are displayed on one page
-    REPO_PAGING_NUM = 15
-
-    [ui.meta]
-    AUTHOR = Gitea - Git with a cup of tea
-    DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go
-    KEYWORDS = go,git,self-hosted,gitea
-
-    [markdown]
-    ; Enable hard line break extension
-    ENABLE_HARD_LINE_BREAK = false
-    ; List of custom URL-Schemes that are allowed as links when rendering Markdown
-    ; for example git,magnet
-    CUSTOM_URL_SCHEMES =
-    ; List of file extensions that should be rendered/edited as Markdown
-    ; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
-    FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
-
-    [server]
-    ; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'.
-
-    ; PROTOCOL hardcoded to http since tls is delegated to ingress
-    PROTOCOL = http
-    {{- if .Values.service.http.externalHost }}
-    DOMAIN = {{ .Values.service.http.externalHost }}
-    {{- else if .Values.ingress.enabled }}
-    DOMAIN = {{ .Values.ingress.hostname }}
-    {{- else }}
-    DOMAIN = {{ template "fullname" . }}-http.{{ .Release.Namespace }}.svc.cluster.local
-    {{- end -}}
-    {{ if .Values.ingress.tls }}
-    {{- $proto := set . "proto" "https" }}
-    {{- else -}}
-    {{- $proto := set . "proto" "http" }}
-    {{- end -}}
-    {{- if and .Values.service.http.externalHost ( .Values.service.http.externalPort ) }}
-    ROOT_URL = {{ .proto }}://{{ .Values.service.http.externalHost }}:{{ .Values.service.http.externalPort  }}/
-    {{- else if .Values.service.http.externalHost }}
-    ROOT_URL = {{ .proto }}://{{ .Values.service.http.externalHost }}/
-    {{- else if .Values.ingress.enabled }}
-    ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s
-    {{- else }}
-    ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
-    {{- end -}}
-    ; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
-    HTTP_ADDR = 0.0.0.0
-    HTTP_PORT = {{ .Values.service.http.port }}
-    ; If REDIRECT_OTHER_PORT is true, and PROTOCOL is set to https an http server
-    ; will be started on PORT_TO_REDIRECT and it will redirect plain, non-secure http requests to the main
-    ; ROOT_URL.  Defaults are false for REDIRECT_OTHER_PORT and 80 for
-    ; PORT_TO_REDIRECT.
-    REDIRECT_OTHER_PORT = false
-    PORT_TO_REDIRECT = 80
-    ; Permission for unix socket
-    UNIX_SOCKET_PERMISSION = 666
-    ; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
-    ; In most cases you do not need to change the default value.
-    ; Alter it only if your SSH server node is not the same as HTTP node.
-    ; Do not set this variable if PROTOCOL is set to 'unix'.
-    LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
-    ; Disable SSH feature when not available
-    DISABLE_SSH = false
-    ; Whether to use the builtin SSH server or not.
-    START_SSH_SERVER = false
-    ; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
-    BUILTIN_SSH_SERVER_USER =
-    ; Domain name to be exposed in clone URL
-    {{- if .Values.service.ssh.externalHost  }}
-    SSH_DOMAIN = {{ .Values.service.ssh.externalHost  }}
-    {{- else }}
-    SSH_DOMAIN = {{ template "fullname" . }}-ssh.{{ .Release.Namespace }}.svc.cluster.local
-    {{- end }}
-    ; THe network interface the builtin SSH server should listen on
-    SSH_LISTEN_HOST =
-    ; Port number to be exposed in clone URL
-    {{- if .Values.service.ssh.externalPort  }}
-    SSH_PORT = {{ .Values.service.ssh.externalPort  }}
-    {{- else }}
-    SSH_PORT = {{ .Values.service.ssh.port  }}
-    {{- end }}
-    ; The port number the builtin SSH server should listen on
-    SSH_LISTEN_PORT = {{ .Values.service.ssh.port  }}
-    ; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
-    SSH_ROOT_PATH =
-    ; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
-    ; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
-    SSH_CREATE_AUTHORIZED_KEYS_FILE = true
-    ; For the built-in SSH server, choose the ciphers to support for SSH connections,
-    ; for system SSH this setting has no effect
-    SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
-    ; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections,
-    ; for system SSH this setting has no effect
-    SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
-    ; For the built-in SSH server, choose the MACs to support for SSH connections,
-    ; for system SSH this setting has no effect
-    SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
-    ; Directory to create temporary files in when testing public keys using ssh-keygen,
-    ; default is the system temporary directory.
-    SSH_KEY_TEST_PATH =
-    ; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
-    SSH_KEYGEN_PATH = ssh-keygen
-    ; Enable SSH Authorized Key Backup when rewriting all keys, default is true
-    SSH_BACKUP_AUTHORIZED_KEYS = true
-    ; Enable exposure of SSH clone URL to anonymous visitors, default is false
-    SSH_EXPOSE_ANONYMOUS = false
-    ; Indicate whether to check minimum key size with corresponding type
-    MINIMUM_KEY_SIZE_CHECK = false
-    ; Disable CDN even in "prod" mode
-    OFFLINE_MODE = {{ .Values.config.offlineMode }}
-    DISABLE_ROUTER_LOG = false
-    ; Generate steps:
-    ; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
-    ;
-    ; Or from a .pfx file exported from the Windows certificate store (do
-    ; not forget to export the private key):
-    ; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
-    ; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
-    CERT_FILE = custom/https/cert.pem
-    KEY_FILE = custom/https/key.pem
-    ; Root directory containing templates and static files.
-    ; default is the path where Gitea is executed
-    STATIC_ROOT_PATH =
-    ; Default path for App data
-    APP_DATA_PATH = data
-    ; Application level GZIP support
-    ENABLE_GZIP = false
-    ; Application profiling (memory and cpu)
-    ; For "web" command it listens on localhost:6060
-    ; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)_<username>_<temporary id>
-    ENABLE_PPROF = false
-    ; PPROF_DATA_PATH, use an absolute path when you start gitea as service
-    PPROF_DATA_PATH = data/tmp/pprof
-    ; Landing page, can be "home", "explore", or "organizations"
-    LANDING_PAGE = home
-    ; Enables git-lfs support. true or false, default is false.
-    LFS_START_SERVER = false
-    ; Where your lfs files reside, default is data/lfs.
-    LFS_CONTENT_PATH = data/lfs
-    ; LFS authentication secret, change this yourself
-    LFS_JWT_SECRET =
-    ; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
-    LFS_HTTP_AUTH_EXPIRY = 20m
-
-
-    ; Define allowed algorithms and their minimum key length (use -1 to disable a type)
-    [ssh.minimum_key_sizes]
-    ED25519 = 256
-    ECDSA = 256
-    RSA = 2048
-    DSA = 1024
-
-    [database]
-    {{ if .Values.externalDB }}
-    ; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
-    DB_TYPE = {{ .Values.dbType }}
-    HOST = {{ .Values.externalDB.dbHost }}:{{ .Values.externalDB.dbPort }}
-    NAME = {{ .Values.externalDB.dbDatabase }}
-    USER = {{ .Values.externalDB.dbUser }}
-    PASSWD = {{ .Values.externalDB.dbPassword }}
-    {{ else if .Values.mariadb.enabled }}
-    ; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
-    DB_TYPE = mysql
-    HOST = {{ template "mariadb.fullname" . }}:3306
-    NAME = {{ .Values.mariadb.db.name }}
-    USER = {{ .Values.mariadb.db.user }}
-    ; Use PASSWD = `your password` for quoting if you use special characters in the password.
-    {{ if .Values.mariadb.password }}
-    PASSWD = {{ .Values.mariadb.db.password }}
-    {{ else }}
-    PASSWD = MARIADB_PASSWORD
-    {{ end }}
-    {{ end }}
-    ; For "postgres" only, either "disable", "require" or "verify-full"
-    SSL_MODE = disable
-    ; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
-    PATH = data/gitea.db
-    ; For "sqlite3" only. Query timeout
-    SQLITE_TIMEOUT = 500
-    ; For iterate buffer, default is 50
-    ITERATE_BUFFER_SIZE = 50
-    ; Show the database generated SQL
-    LOG_SQL = true
-
-    [indexer]
-    ISSUE_INDEXER_PATH = indexers/issues.bleve
-    ; repo indexer by default disabled, since it uses a lot of disk space
-    REPO_INDEXER_ENABLED = false
-    REPO_INDEXER_PATH = indexers/repos.bleve
-    UPDATE_BUFFER_LEN = 20
-    MAX_FILE_SIZE = 1048576
-
-    [admin]
-    ; Disallow regular (non-admin) users from creating organizations.
-    DISABLE_REGULAR_ORG_CREATION = false
-
-    [security]
-    ; Whether the installer is disabled
-    INSTALL_LOCK = {{ .Values.config.disableInstaller }}
-    ; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
-    {{ if .Values.config.secretKey }}
-    SECRET_KEY = {{ .Values.config.secretKey }}
-    {{ else }}
-    SECRET_KEY = {{ randAlphaNum 64 | quote }}
-    {{ end }}
-
-
-    ; How long to remember that an user is logged in before requiring relogin (in days)
-    LOGIN_REMEMBER_DAYS = 7
-    COOKIE_USERNAME = gitea_awesome
-    COOKIE_REMEMBER_NAME = gitea_incredible
-    ; Reverse proxy authentication header name of user name
-    REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
-    ; The minimum password length for new Users
-    MIN_PASSWORD_LENGTH = 6
-    ; Set to true to allow users to import local server paths
-    IMPORT_LOCAL_PATHS = false
-    ; Set to true to prevent all users (including admin) from creating custom git hooks
-    DISABLE_GIT_HOOKS = false
-
-    [openid]
-    ;
-    ; OpenID is an open, standard and decentralized authentication protocol.
-    ; Your identity is the address of a webpage you provide, which describes
-    ; how to prove you are in control of that page.
-    ;
-    ; For more info: https://en.wikipedia.org/wiki/OpenID
-    ;
-    ; Current implementation supports OpenID-2.0
-    ;
-    ; Tested to work providers at the time of writing:
-    ;  - Any GNUSocial node (your.hostname.tld/username)
-    ;  - Any SimpleID provider (http://simpleid.koinic.net)
-    ;  - http://openid.org.cn/
-    ;  - openid.stackexchange.com
-    ;  - login.launchpad.net
-    ;  - <username>.livejournal.com
-    ;
-    ; Whether to allow signin in via OpenID
-    ENABLE_OPENID_SIGNIN = {{ .Values.config.openidSignin }}
-    ; Whether to allow registering via OpenID
-    ; Do not include to rely on rhw DISABLE_REGISTRATION setting
-    ;ENABLE_OPENID_SIGNUP = true
-    ; Allowed URI patterns (POSIX regexp).
-    ; Space separated.
-    ; Only these would be allowed if non-blank.
-    ; Example value: trusted.domain.org trusted.domain.net
-    WHITELISTED_URIS =
-    ; Forbidden URI patterns (POSIX regexp).
-    ; Space separated.
-    ; Only used if WHITELISTED_URIS is blank.
-    ; Example value: loadaverage.org/badguy stackexchange.com/.*spammer
-    BLACKLISTED_URIS =
-
-    [service]
-    ; Time limit to confirm account/email registration
-    ACTIVE_CODE_LIVE_MINUTES = 180
-    ; Time limit to perform the reset of a forgotten password
-    RESET_PASSWD_CODE_LIVE_MINUTES = 180
-    ; Whether a new user needs to confirm their email when registering.
-    REGISTER_EMAIL_CONFIRM = false
-    ; List of domain names that are allowed to be used to register on a Gitea instance
-    ; gitea.io,example.com
-    EMAIL_DOMAIN_WHITELIST=
-    ; Disallow registration, only allow admins to create accounts.
-    DISABLE_REGISTRATION = {{ .Values.config.disableRegistration }}
-    ; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
-    ALLOW_ONLY_EXTERNAL_REGISTRATION = false
-    ; User must sign in to view anything.
-    REQUIRE_SIGNIN_VIEW = {{ .Values.config.requireSignin }}
-    ; Mail notification
-    ENABLE_NOTIFY_MAIL = false
-    ; More detail: https://github.com/gogits/gogs/issues/165
-    ENABLE_REVERSE_PROXY_AUTHENTICATION = false
-    ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
-    ; Enable captcha validation for registration
-    ENABLE_CAPTCHA = false
-    ; Type of captcha you want to use. Options: image, recaptcha
-    CAPTCHA_TYPE = image
-    ; Enable recaptcha to use Google's recaptcha service
-    ; Go to https://www.google.com/recaptcha/admin to sign up for a key
-    RECAPTCHA_SECRET  =
-    RECAPTCHA_SITEKEY =
-    ; Default value for KeepEmailPrivate
-    ; Each new user will get the value of this setting copied into their profile
-    DEFAULT_KEEP_EMAIL_PRIVATE = false
-    ; Default value for AllowCreateOrganization
-    ; Every new user will have rights set to create organizations depending on this setting
-    DEFAULT_ALLOW_CREATE_ORGANIZATION = true
-    ; Default value for EnableDependencies
-    ; Repositories will use dependencies by default depending on this setting
-    DEFAULT_ENABLE_DEPENDENCIES = true
-    ; Enable heatmap on users profiles.
-    ENABLE_USER_HEATMAP = true
-    ; Enable Timetracking
-    ENABLE_TIMETRACKING = true
-    ; Default value for EnableTimetracking
-    ; Repositories will use timetracking by default depending on this setting
-    DEFAULT_ENABLE_TIMETRACKING = true
-    ; Default value for AllowOnlyContributorsToTrackTime
-    ; Only users with write permissions can track time if this is true
-    DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true
-    ; Default value for the domain part of the user's email address in the git log
-    ; if he has set KeepEmailPrivate to true. The user's email will be replaced with a
-    ; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
-    NO_REPLY_ADDRESS = noreply.example.org
-
-    [webhook]
-    ; Hook task queue length, increase if webhook shooting starts hanging
-    QUEUE_LENGTH = 1000
-    ; Deliver timeout in seconds
-    DELIVER_TIMEOUT = 5
-    ; Allow insecure certification
-    SKIP_TLS_VERIFY = false
-    ; Number of history information in each page
-    PAGING_NUM = 10
-
-    [mailer]
-    ENABLED = false
-    ; Buffer length of channel, keep it as it is if you don't know what it is.
-    SEND_BUFFER_LEN = 100
-    ; Name displayed in mail title
-    SUBJECT = %(APP_NAME)s
-    ; Mail server
-    ; Gmail: smtp.gmail.com:587
-    ; QQ: smtp.qq.com:465
-    ; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used.
-    HOST =
-    ; Disable HELO operation when hostnames are different.
-    DISABLE_HELO =
-    ; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
-    HELO_HOSTNAME =
-    ; Do not verify the certificate of the server. Only use this for self-signed certificates
-    SKIP_VERIFY =
-    ; Use client certificate
-    USE_CERTIFICATE = false
-    CERT_FILE = custom/mailer/cert.pem
-    KEY_FILE = custom/mailer/key.pem
-    ; Should SMTP connection use TLS
-    IS_TLS_ENABLED = false
-    ; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
-    FROM =
-    ; Mailer user name and password
-    USER =
-    ; Use PASSWD = `your password` for quoting if you use special characters in the password.
-    PASSWD =
-    ; Send mails as plain text
-    SEND_AS_PLAIN_TEXT = false
-    ; Enable sendmail (override SMTP)
-    USE_SENDMAIL = false
-    ; Specify an alternative sendmail binary
-    SENDMAIL_PATH = sendmail
-    ; Specify any extra sendmail arguments
-    SENDMAIL_ARGS =
-
-    [cache]
-    ; Either "memory", "redis", or "memcache", default is "memory"
-    ADAPTER = memcache
-    ; For "memory" only, GC interval in seconds, default is 60
-    INTERVAL = 60
-    ; For "redis" and "memcache", connection host address
-    ;redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
-    HOST = 127.0.0.1:11211
-    ; Time to keep items in cache if not used, default is 16 hours.
-    ; Setting it to 0 disables caching
-    ITEM_TTL = 16h
-
-    [session]
-    ; Either "memory", "file", or "redis", default is "memory"
-    PROVIDER = memory
-    ; Provider config options
-    ; memory: doesn't have any config yet
-    ; file: session file path, e.g. `data/sessions`
-    ; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
-    ; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
-    PROVIDER_CONFIG = data/sessions
-    ; Session cookie name
-    COOKIE_NAME = i_like_gitea
-    ; If you use session in https only, default is false
-    COOKIE_SECURE = false
-    ; Enable set cookie, default is true
-    ENABLE_SET_COOKIE = true
-    ; Session GC time interval in seconds, default is 86400 (1 day)
-    GC_INTERVAL_TIME = 86400
-    ; Session life time in seconds, default is 86400 (1 day)
-    SESSION_LIFE_TIME = 86400
-
-    [picture]
-    AVATAR_UPLOAD_PATH = data/avatars
-    ; Max Width and Height of uploaded avatars. This is to limit the amount of RAM
-    ; used when resizing the image.
-    AVATAR_MAX_WIDTH = 4096
-    AVATAR_MAX_HEIGHT = 3072
-    ; Chinese users can choose "duoshuo"
-    ; or a custom avatar source, like: http://cn.gravatar.com/avatar/
-    GRAVATAR_SOURCE = gravatar
-    ; This value will always be true in offline mode.
-    DISABLE_GRAVATAR = false
-    ; Federated avatar lookup uses DNS to discover avatar associated
-    ; with emails, see https://www.libravatar.org
-    ; This value will always be false in offline mode or when Gravatar is disabled.
-    ENABLE_FEDERATED_AVATAR = false
-
-    [attachment]
-    ; Whether attachments are enabled. Defaults to `true`
-    ENABLED = true
-    ; Path for attachments. Defaults to `data/attachments`
-    PATH = data/attachments
-    ; One or more allowed types, e.g. image/jpeg|image/png
-    ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip
-    ; Max size of each file. Defaults to 4MB
-    MAX_SIZE = 4
-    ; Max number of files per upload. Defaults to 5
-    MAX_FILES = 5
-
-    [log]
-    ROOT_PATH =
-    ; Either "console", "file", "conn", "smtp" or "database", default is "console"
-    ; Use comma to separate multiple modes, e.g. "console, file"
-    MODE = console
-    ; Buffer length of the channel, keep it as it is if you don't know what it is.
-    BUFFER_LEN = 10000
-    ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
-    LEVEL = Critical
-
-    ; For "console" mode only
-    [log.console]
-    LEVEL =
-
-    ; For "file" mode only
-    [log.file]
-    LEVEL =
-    ; This enables automated log rotate(switch of following options), default is true
-    LOG_ROTATE = true
-    ; Max number of lines in a single file, default is 1000000
-    MAX_LINES = 1000000
-    ; Max size shift of a single file, default is 28 means 1 << 28, 256MB
-    MAX_SIZE_SHIFT = 28
-    ; Segment log daily, default is true
-    DAILY_ROTATE = true
-    ; delete the log file after n days, default is 7
-    MAX_DAYS = 7
-
-    ; For "conn" mode only
-    [log.conn]
-    LEVEL =
-    ; Reconnect host for every single message, default is false
-    RECONNECT_ON_MSG = false
-    ; Try to reconnect when connection is lost, default is false
-    RECONNECT = false
-    ; Either "tcp", "unix" or "udp", default is "tcp"
-    PROTOCOL = tcp
-    ; Host address
-    ADDR =
-
-    ; For "smtp" mode only
-    [log.smtp]
-    LEVEL =
-    ; Name displayed in mail title, default is "Diagnostic message from server"
-    SUBJECT = Diagnostic message from server
-    ; Mail server
-    HOST =
-    ; Mailer user name and password
-    USER =
-    ; Use PASSWD = `your password` for quoting if you use special characters in the password.
-    PASSWD =
-    ; Receivers, can be one or more, e.g. 1@example.com,2@example.com
-    RECEIVERS =
-
-    ; For "database" mode only
-    [log.database]
-    LEVEL =
-    ; Either "mysql" or "postgres"
-    DRIVER =
-    ; Based on xorm, e.g.: root:root@localhost/gitea?charset=utf8
-    CONN =
-
-    [cron]
-    ; Enable running cron tasks periodically.
-    ENABLED = true
-    ; Run cron tasks when Gitea starts.
-    RUN_AT_START = false
-
-    ; Update mirrors
-    [cron.update_mirrors]
-    SCHEDULE = @every 10m
-
-    ; Repository health check
-    [cron.repo_health_check]
-    SCHEDULE = @every 24h
-    TIMEOUT = 60s
-    ; Arguments for command 'git fsck', e.g. "--unreachable --tags"
-    ; see more on http://git-scm.com/docs/git-fsck
-    ARGS =
-
-    ; Check repository statistics
-    [cron.check_repo_stats]
-    RUN_AT_START = true
-    SCHEDULE = @every 24h
-
-    ; Clean up old repository archives
-    [cron.archive_cleanup]
-    ; Whether to enable the job
-    ENABLED = true
-    ; Whether to always run at least once at start up time (if ENABLED)
-    RUN_AT_START = true
-    ; Time interval for job to run
-    SCHEDULE = @every 24h
-    ; Archives created more than OLDER_THAN ago are subject to deletion
-    OLDER_THAN = 24h
-
-    ; Synchronize external user data (only LDAP user synchronization is supported)
-    [cron.sync_external_users]
-    ; Synchronize external user data when starting server (default false)
-    RUN_AT_START = false
-    ; Interval as a duration between each synchronization (default every 24h)
-    SCHEDULE = @every 24h
-    ; Create new users, update existing user data and disable users that are not in external source anymore (default)
-    ;   or only create new users if UPDATE_EXISTING is set to false
-    UPDATE_EXISTING = true
-
-    [git]
-    ; Disables highlight of added and removed changes
-    DISABLE_DIFF_HIGHLIGHT = false
-    ; Max number of lines allowed in a single file in diff view
-    MAX_GIT_DIFF_LINES = 1000
-    ; Max number of allowed characters in a line in diff view
-    MAX_GIT_DIFF_LINE_CHARACTERS = 5000
-    ; Max number of files shown in diff view
-    MAX_GIT_DIFF_FILES = 100
-    ; Arguments for command 'git gc', e.g. "--aggressive --auto"
-    ; see more on http://git-scm.com/docs/git-gc/
-    GC_ARGS =
-
-    ; Operation timeout in seconds
-    [git.timeout]
-    MIGRATE = 600
-    MIRROR = 300
-    CLONE = 300
-    PULL = 300
-    GC = 60
-
-    [mirror]
-    ; Default interval as a duration between each check
-    DEFAULT_INTERVAL = 8h
-    ; Min interval as a duration must be > 1m
-    MIN_INTERVAL = 10m
-
-    [api]
-    ; Enables Swagger. True or false; default is true.
-    ENABLE_SWAGGER = true
-    ; Max number of items in a page
-    MAX_RESPONSE_ITEMS = 50
-
-    [i18n]
-    LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
-    NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어
-
-    ; Used for datetimepicker
-    [i18n.datelang]
-    en-US = en
-    zh-CN = zh
-    zh-HK = zh-HK
-    zh-TW = zh-TW
-    de-DE = de
-    fr-FR = fr
-    nl-NL = nl
-    lv-LV = lv
-    ru-RU = ru
-    uk-UA = uk
-    ja-JP = ja
-    es-ES = es
-    pt-BR = pt-BR
-    pl-PL = pl
-    bg-BG = bg
-    it-IT = it
-    fi-FI = fi
-    tr-TR = tr
-    cs-CZ = cs-CZ
-    sr-SP = sr
-    sv-SE = sv
-    ko-KR = ko
-
-    [U2F]
-    ; Two Factor authentication with security keys
-    ; https://developers.yubico.com/U2F/App_ID.html
-    ;APP_ID = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
-    ; Comma seperated list of truisted facets
-    ;TRUSTED_FACETS = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
-
-    ; Extension mapping to highlight class
-    ; e.g. .toml=ini
-    [highlight.mapping]
-
-    [other]
-    SHOW_FOOTER_BRANDING = false
-    ; Show version information about Gitea and Go in the footer
-    SHOW_FOOTER_VERSION = true
-    ; Show template execution time in the footer
-    SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
-
-    [markup.asciidoc]
-    ENABLED = false
-    ; List of file extensions that should be rendered by an external command
-    FILE_EXTENSIONS = .adoc,.asciidoc
-    ; External command to render all matching extensions
-    RENDER_COMMAND = "asciidoc --out-file=- -"
-    ; Don't pass the file on STDIN, pass the filename as argument instead.
-    IS_INPUT_FILE = false
-
-    [metrics]
-    ; Enables metrics endpoint. True or false; default is false.
-    ENABLED = false
-    ; If you want to add authorization, specify a token here
-    TOKEN =
diff --git a/templates/gitea/gitea-pvc.yaml b/templates/gitea/gitea-pvc.yaml
deleted file mode 100644
index dde81d0..0000000
--- a/templates/gitea/gitea-pvc.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingGiteaClaim) (not .Values.persistence.directGiteaVolumeMount) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "fullname" . }}
-  labels:
-    app: {{ template "fullname" . }}
-    chart: gitea
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-{{- if .Values.persistence.annotations }}
-  annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-
-spec:
-  accessModes:
-    - {{ .Values.persistence.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.giteaSize | quote }}
-{{- if .Values.persistence.storageClass }}
-{{- if (eq "-" .Values.persistence.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end }}
diff --git a/templates/gitea/gitea-ssh-svc.yaml b/templates/gitea/gitea-ssh-svc.yaml
deleted file mode 100644
index aa00440..0000000
--- a/templates/gitea/gitea-ssh-svc.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "fullname" . }}-ssh
-  labels:
-    app: {{ template "fullname" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-spec:
-  type: {{ .Values.service.ssh.serviceType }}
-  {{- with .Values.service.ssh.externalIPs }}
-  externalIPs:
-  {{ toYaml . | indent 2 | trim }}
-  {{- end }}
-  ports:
-  - name: ssh
-    port: {{ .Values.service.ssh.port }}
-    targetPort: ssh
-    {{- if  .Values.service.ssh.nodePort }}
-    nodePort: {{ .Values.service.ssh.nodePort }}
-    {{- end }}
-  selector:
-    app: {{ template "fullname" . }}
diff --git a/templates/gitea/gitea-http-svc.yaml b/templates/gitea/http-svc.yaml
similarity index 50%
rename from templates/gitea/gitea-http-svc.yaml
rename to templates/gitea/http-svc.yaml
index 38b016d..3154ce8 100644
--- a/templates/gitea/gitea-http-svc.yaml
+++ b/templates/gitea/http-svc.yaml
@@ -1,14 +1,12 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "fullname" . }}-http
+  name: {{ include "gitea.fullname" . }}-http
   labels:
-    app: {{ template "fullname" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
+    {{- include "gitea.labels" . | nindent 4 }}
 spec:
-  type: {{ .Values.service.http.serviceType }}
+  type: {{ .Values.service.http.type }}
+  clusterIP: None
   ports:
   - name: http
     port: {{ .Values.service.http.port }}
@@ -17,4 +15,4 @@ spec:
     {{- end }}
     targetPort: {{ .Values.service.http.port }}
   selector:
-    app: {{ template "fullname" . }}
+    {{- include "gitea.selectorLabels" . | nindent 4 }}
diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml
new file mode 100644
index 0000000..aa5e508
--- /dev/null
+++ b/templates/gitea/ingress.yaml
@@ -0,0 +1,39 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "gitea.fullname" . -}}
+{{- $httpPort := .Values.service.http.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "gitea.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . | quote }}
+      http:
+        paths:
+          - path: /
+            backend:
+              serviceName: {{ $fullName }}-http
+              servicePort: {{ $httpPort }}
+  {{- end }}
+{{- end }}
diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml
new file mode 100644
index 0000000..b3eeadb
--- /dev/null
+++ b/templates/gitea/ssh-svc.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "gitea.fullname" . }}-ssh
+  labels:
+    {{- include "gitea.labels" . | nindent 4 }}
+  annotations:
+{{ toYaml .Values.service.ssh.annotations | indent 4 }}
+spec:
+  type: {{ .Values.service.ssh.type }}
+  {{- if (.Values.service.ssh.loadBalancerIP) and eq .Values.service.ssh.serviceType "LoadBalancer" }}
+  loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
+  {{- end }}
+  clusterIP: None
+  ports:
+  - name: ssh
+    port: {{ .Values.service.ssh.port }}
+    targetPort: ssh
+    protocol: TCP
+    {{- if  .Values.service.ssh.nodePort }}
+    nodePort: {{ .Values.service.ssh.nodePort }}
+    {{- end }}
+  selector:
+    {{- include "gitea.selectorLabels" . | nindent 4 }}
diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml
new file mode 100644
index 0000000..b28e6dd
--- /dev/null
+++ b/templates/gitea/statefulset.yaml
@@ -0,0 +1,146 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "gitea.fullname" . }}
+  labels:
+    {{- include "gitea.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "gitea.selectorLabels" . | nindent 6 }}
+  serviceName: {{ include "gitea.fullname" . }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }}
+      labels:
+        {{- include "gitea.selectorLabels" . | nindent 8 }}
+    spec:
+      initContainers:
+        - name: init
+          image: "{{ .Values.image.repository }}:{{ .Values.image.version }}"
+          env:
+            - name: SCRIPT
+              value: &script |-
+                mkdir -p /data/gitea/conf
+                cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
+                chmod a+rwx /data/gitea/conf/app.ini
+                nc -v -w2 -z {{ include "postgresql.servicename" . }} {{ .Values.postgresql.global.postgresql.servicePort }} && \
+                su git -c ' \
+                gitea migrate; \
+                {{- if and .Values.gitea.config.adminUser (.Values.gitea.config.adminPassword) }}
+                gitea admin create-user --username {{ .Values.gitea.config.adminUser }} --password '{{ .Values.gitea.config.adminPassword }}' --email {{ .Values.gitea.config.adminEmail }} --admin \
+                || \
+                gitea admin change-password --username {{ .Values.gitea.config.adminUser }} --password '{{ .Values.gitea.config.adminPassword }}'; \
+                {{- end }}
+                {{- if .Values.gitea.ldap.enabled }}
+                gitea admin auth add-ldap \
+                --name {{ .Values.gitea.ldap.name | quote }} \
+                --security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
+                --host {{ .Values.gitea.ldap.host | quote }} \
+                --port {{ .Values.gitea.ldap.port | int}} \
+                --user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
+                --user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
+                --admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
+                --email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
+                --bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
+                --bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
+                --synchronize-users \
+                --username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
+                || \
+                ( \
+                  export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.ldap.name | quote }} | awk -F " "  "{print \$1}"); \
+                  gitea admin auth update-ldap --id ${GITEA_AUTH_ID} \
+                  --name {{ .Values.gitea.ldap.name | quote }} \
+                  --security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
+                  --host {{ .Values.gitea.ldap.host | quote }} \
+                  --port {{ .Values.gitea.ldap.port | int}} \
+                  --user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
+                  --user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
+                  --admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
+                  --email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
+                  --bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
+                  --bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
+                  --synchronize-users \
+                  --username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
+                ) \
+                {{- end }}
+                '
+          command: ["/bin/sh",'-c', *script]
+          volumeMounts:
+            - name: config
+              mountPath: /etc/gitea/conf
+            - name: data
+              mountPath: /data
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.version }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            - name: SCRIPT
+              value: &script |-
+                sleep 30
+                gitea migrate
+          ports:
+            - name: ssh
+              containerPort: {{ .Values.service.ssh.port }}
+            - name: http
+              containerPort: {{ .Values.service.http.port }}
+          livenessProbe:
+            tcpSocket:
+              port: http
+            initialDelaySeconds: 200
+            timeoutSeconds: 1
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 10
+          readinessProbe:
+            tcpSocket:
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: data
+              mountPath: /data
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      volumes:
+        - name: config
+          configMap:
+            name: {{ include "gitea.fullname" . }}
+  {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistence.existingClaim }}
+  {{- else if not .Values.persistence.enabled }}
+        - name: data
+          emptyDir: {}
+  {{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes:
+          {{- range .Values.persistence.accessModes }}
+            - {{ . | quote }}
+          {{- end }}
+        storageClassName: {{ .Values.persistence.storageClass | default "standard" | quote }}
+        resources:
+          requests:
+            storage: {{ .Values.persistence.size | quote }}
+  {{- end }}
-- 
2.40.1


From 4bf434542e7909a336d7e5d14030764da4cd0c2f Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Thu, 30 Jul 2020 15:06:14 +0200
Subject: [PATCH 03/25] Add initial test for gitea helm chart

---
 templates/tests/test-connection.yaml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 templates/tests/test-connection.yaml

diff --git a/templates/tests/test-connection.yaml b/templates/tests/test-connection.yaml
new file mode 100644
index 0000000..2a5fd54
--- /dev/null
+++ b/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "gitea.fullname" . }}-test-connection"
+  labels:
+{{ include "gitea.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args:  ['{{ include "gitea.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never
-- 
2.40.1


From 84501027ac203c8a471167893637a94203825d8e Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Thu, 30 Jul 2020 15:07:49 +0200
Subject: [PATCH 04/25] Remove now unused dependencies and deployments

- init is no longer used since databases are initialized
  on original charts and managed with dependency
- ingress.yaml moved to templates/gitea
- deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml
- memcached also handled with helm dependency and initialized in original chart
---
 templates/deployment.yaml          | 52 ------------------------------
 templates/ingress.yaml             | 42 ------------------------
 templates/init/_container.tpl      | 31 ------------------
 templates/memcached/_container.tpl | 35 --------------------
 4 files changed, 160 deletions(-)
 delete mode 100644 templates/deployment.yaml
 delete mode 100644 templates/ingress.yaml
 delete mode 100644 templates/init/_container.tpl
 delete mode 100644 templates/memcached/_container.tpl

diff --git a/templates/deployment.yaml b/templates/deployment.yaml
deleted file mode 100644
index c00cfb1..0000000
--- a/templates/deployment.yaml
+++ /dev/null
@@ -1,52 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "fullname" . }}
-  labels:
-    app: {{ template "fullname" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: {{ template "fullname" . }}
-{{- with .Values.deploymentStrategy }}
-  strategy:
-{{ toYaml . | trim | indent 4 }}
-{{- end }}
-  template: 
-    metadata:
-      labels:
-        app: {{ template "fullname" . }}
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    spec:
-      containers:
-      {{ include "gitea" . | indent 6 }}
-      {{ include "memcached" . | indent 6 }}
-      initContainers:
-      {{ include "init" . | indent 6 }}
-      volumes:
-      - name: gitea-data
-      {{- if .Values.persistence.enabled }}
-        {{- if .Values.persistence.directGiteaVolumeMount }}
-{{ tpl .Values.persistence.directGiteaVolumeMount . | indent 8 }}
-        {{- else }}
-        persistentVolumeClaim:
-         claimName: {{ .Values.persistence.existingGiteaClaim | default (include "fullname" .) }}
-        {{- end }}
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
-      - name: gitea-config
-        configMap:
-          name: {{ template "fullname" . }}
-
-      {{- if .Values.imagePullSecrets }}
-      imagePullSecrets:
-        - name: {{ .Values.imagePullSecrets }}
-      {{- end }}
diff --git a/templates/ingress.yaml b/templates/ingress.yaml
deleted file mode 100644
index 31a5b51..0000000
--- a/templates/ingress.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-{{- if .Values.ingress.enabled }}
-apiVersion: {{ template "gitea.ingress.apiVersion" . }}
-kind: Ingress
-metadata:
-  name: {{ template "fullname" . }}
-  labels:
-    app: "{{ template "fullname" . }}"
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: {{ .Release.Name | quote }}
-    heritage: {{ .Release.Service | quote }}
-  annotations:
-    {{- if .Values.ingress.certManager }}
-    kubernetes.io/tls-acme: "true"
-    {{- end }}
-    {{- range $key, $value := .Values.ingress.annotations }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-spec:
-  rules:
-  {{- if .Values.ingress.hostname }}
-  - host: {{ .Values.ingress.hostname }}
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: {{ template "fullname" . }}-http
-          servicePort: {{ .Values.service.http.port }}
-  {{- end }}
-  {{- range .Values.ingress.hosts }}
-  - host: {{ .name }}
-    http:
-      paths:
-      - path: {{ default "/" .path }}
-        backend:
-          serviceName: "{{ template "fullname" $ }}-http"
-          servicePort: {{ $.Values.service.http.port }}
-  {{- end }}
-  {{- if .Values.ingress.tls }}
-  tls:
-{{ toYaml .Values.ingress.tls | indent 4 }}
-  {{- end }}
-{{- end }}
diff --git a/templates/init/_container.tpl b/templates/init/_container.tpl
deleted file mode 100644
index 6a02e84..0000000
--- a/templates/init/_container.tpl
+++ /dev/null
@@ -1,31 +0,0 @@
-{{/*
-Create helm partial for gitea server
-*/}}
-{{- define "init" }}
-- name: init
-  image: {{ .Values.images.gitea }}
-  imagePullPolicy: {{ .Values.images.pullPolicy }}
-  env:
-  - name: MARIADB_PASSWORD
-    valueFrom:
-      secretKeyRef:
-      {{- if .Values.mariadb.enabled }}
-        name: {{ template "mariadb.fullname" . }}
-        key: mariadb-password
-      {{- else }}
-        name: {{ printf "%s-%s" .Release.Name "externaldb" }}
-        key: db-password
-      {{- end }}
-  - name: SCRIPT
-    value: &script |-
-      mkdir -p /datatmp/gitea/conf
-      if [ ! -f /datatmp/gitea/conf/app.ini ]; then
-        sed "s/MARIADB_PASSWORD/${MARIADB_PASSWORD}/g" < /etc/gitea/app.ini > /datatmp/gitea/conf/app.ini
-      fi
-  command: ["/bin/sh",'-c', *script]
-  volumeMounts:
-  - name: gitea-data
-    mountPath: /datatmp
-  - name: gitea-config
-    mountPath: /etc/gitea
-{{- end }}
diff --git a/templates/memcached/_container.tpl b/templates/memcached/_container.tpl
deleted file mode 100644
index 2472ad8..0000000
--- a/templates/memcached/_container.tpl
+++ /dev/null
@@ -1,35 +0,0 @@
-{{/*
-Create helm partial for memcached
-*/}}
-{{- define "memcached" }}
-- name: memcached
-  image: {{ .Values.images.memcached }}
-  imagePullPolicy: {{ .Values.images.pullPolicy }}
-  command:
-    - memcached
-    - -m {{ .Values.memcached.maxItemMemory  }}
-    {{- if .Values.memcached.extendedOptions }}
-    - -o
-    - {{ .Values.memcached.extendedOptions }}
-    {{- end }}
-    {{- if .Values.memcached.verbosity }}
-    - -{{ .Values.memcached.verbosity }}
-    {{- end }}
-  ports:
-  - name: memcache
-    containerPort: 11211
-  livenessProbe:
-    tcpSocket:
-      port: memcache
-    initialDelaySeconds: 30
-    timeoutSeconds: 5
-  readinessProbe:
-    tcpSocket:
-      port: memcache
-    initialDelaySeconds: 5
-    timeoutSeconds: 1
-  securityContext:
-    runAsUser: 1000
-  resources:
-{{ toYaml .Values.resources.memcached | indent 10 }}
-{{- end }}
-- 
2.40.1


From a5c2a9262b792533c89e7983a9c0152449c07e5d Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Thu, 30 Jul 2020 15:11:20 +0200
Subject: [PATCH 05/25] Requirements.yaml removed, since this is deprecated and
 moved to Chart.yaml

---
 requirements.yaml | 7 -------
 1 file changed, 7 deletions(-)
 delete mode 100644 requirements.yaml

diff --git a/requirements.yaml b/requirements.yaml
deleted file mode 100644
index e435a27..0000000
--- a/requirements.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-dependencies:
-  - name: mariadb
-    version: 7.3.0
-    repository: https://charts.bitnami.com
-    condition: mariadb.enabled
-    tags:
-      - mariadb
-- 
2.40.1


From c6057ade2d961be86068b25cf381c5a499c5ff1f Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Thu, 30 Jul 2020 15:11:34 +0200
Subject: [PATCH 06/25] update Chart.yaml with dependencies

---
 Chart.yaml | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/Chart.yaml b/Chart.yaml
index be9770d..433f459 100644
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -1,9 +1,11 @@
-name: gitea
-version: 1.3.3
 apiVersion: v2
+name: gitea
+description: Gitea Helm chart for Kubernetes
+type: application
+version: 1.4.0
 appVersion: 1.12.2
-description: Git with a cup of tea
 icon: https://docs.gitea.io/images/gitea.png
+
 keywords:
   - git
   - issue tracker
@@ -15,7 +17,23 @@ sources:
   - https://github.com/go-gitea/gitea
   - https://hub.docker.com/r/gitea/gitea/
 maintainers:
+  - name: Lucas Hahn
+    email: lucas.hahn@novum-rgi.de
   - name: Charlie Drage
     email: charlie@charliedrage.com
   - name: Gitea Authors
     email: maintainers@gitea.io
+
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 8.6.4
+  condition: gitea.database.builtIn.postgresql.enabled
+- name: mysql
+  repository: https://kubernetes-charts.storage.googleapis.com/
+  version: 1.6.6
+  condition: gitea.database.builtIn.mysql.enabled
+- name: memcached
+  repository: https://charts.bitnami.com/bitnami
+  version: 4.2.20
+  condition: gitea.cache.enabled
-- 
2.40.1


From 98357795a54be700ca3e681c98ebd497378929ec Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Thu, 30 Jul 2020 15:11:45 +0200
Subject: [PATCH 07/25] Update helpers with dependencies, update NOTES.txt

---
 templates/NOTES.txt    | 56 +++++++++------------------------
 templates/_helpers.tpl | 70 ++++++++++++++++++++++++++++++++----------
 2 files changed, 69 insertions(+), 57 deletions(-)

diff --git a/templates/NOTES.txt b/templates/NOTES.txt
index 5c07b3a..289e007 100644
--- a/templates/NOTES.txt
+++ b/templates/NOTES.txt
@@ -1,45 +1,19 @@
-1. Connect to your Gitea web URL by running:
-
+1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
-
-  Ingress is enabled for this chart deployment.  Please access the web UI at {{ .Values.ingress.hostname }}
-  
-{{- else if contains "NodePort" .Values.service.http.serviceType }}
-
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP/
-
-{{- else if contains "LoadBalancer" .Values.service.http.serviceType }}
-
-  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-        Watch the status with: 'kubectl get svc -w {{ template "fullname" . }}http'
-
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "fullname" . }}http -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP/
-{{- else if contains "ClusterIP"  .Values.service.http.serviceType }}
-
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "fullname" . }}" -o jsonpath="{.items[0].metadata.name}")
-  echo http://127.0.0.1:8080/
-  kubectl port-forward $POD_NAME 8080:80
+{{- range $host := .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}/
 {{- end }}
-
-2. Connect to your Gitea ssh port:
-
-{{- if contains "NodePort" .Values.service.ssh.serviceType }}
-
+{{- else if contains "NodePort" .Values.service.http.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "gitea.fullname" . }})
   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP/
-
-{{- else if contains "LoadBalancer" .Values.service.ssh.serviceType }}
-
-  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-        Watch the status with: 'kubectl get svc -w {{ template "fullname" . }}-ssh'
-
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "fullname" . }}-ssh -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP/
-{{- else if contains "ClusterIP"  .Values.service.ssh.serviceType }}
-
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "fullname" . }}" -o jsonpath="{.items[0].metadata.name}")
-  echo http://127.0.0.1:8080/
-  kubectl port-forward $POD_NAME 8022:22
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.http.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "gitea.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "gitea.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.http.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "gitea.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:{{ .Values.service.http.port }} to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME {{ .Values.service.http.port }}:{{ .Values.service.http.port }}
 {{- end }}
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index f662ef5..317ec95 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -2,30 +2,68 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "name" -}}
+{{- define "gitea.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
 {{/*
 Create a default fully qualified app name.
-We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
 */}}
-{{- define "fullname" -}}
+{{- define "gitea.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 24 -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
 {{- end -}}
 
-{{- define "mariadb.fullname" -}}
-{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}}
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "gitea.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "gitea.labels" -}}
+helm.sh/chart: {{ include "gitea.chart" . }}
+{{ include "gitea.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "gitea.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "gitea.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{- define "postgresql.dns" -}}
+{{- printf "%s-postgresql.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.postgresql.global.postgresql.servicePort -}}
+{{- end -}}
+
+{{- define "postgresql.servicename" -}}
+{{- printf "%s-postgresql" .Release.Name -}}
+{{- end -}}
+
+{{- define "mysql.dns" -}}
+{{- printf "%s-mysql.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.mysql.service.port | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "memcached.dns" -}}
+{{- printf "%s-memcached.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
-{{/*    
-Return the appropriate apiVersion for ingress.    
-*/}}    
-{{- define "gitea.ingress.apiVersion" -}}    
-{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}    
-{{- print "extensions/v1beta1" -}}    
-{{- else -}}    
-{{- print "networking.k8s.io/v1beta1" -}}    
-{{- end -}}    
-{{- end -}}  
-- 
2.40.1


From de6a852d08149195167c20a11f9212811a0e8360 Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Thu, 30 Jul 2020 15:12:21 +0200
Subject: [PATCH 08/25] update license file

---
 LICENSE | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/LICENSE b/LICENSE
index 006bc99..427ed0f 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,5 +1,7 @@
 MIT License
 
+
+Copyright (c) 2020 NOVUM-RGI
 Copyright (c) 2020 The Gitea Authors
 Copyright (c) 2019 - 2020 Charlie Drage
 Copyright (c) 2018 John Felten
-- 
2.40.1


From 0d6c5fd756713f1efff0b5a9342f8bacecb8d702 Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Thu, 30 Jul 2020 15:12:47 +0200
Subject: [PATCH 09/25] Replace Readme

---
 README.md | 577 ++++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 434 insertions(+), 143 deletions(-)

diff --git a/README.md b/README.md
index 2c6efad..af31700 100644
--- a/README.md
+++ b/README.md
@@ -1,189 +1,480 @@
-# Gitea
+# Gitea Helm Chart
 
-[Gitea](https://gitea.com/) is a lightweight GitHub clone.  This is for those who wish to self host their own git repos on kubernetes.
+[Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting solution written in Go. It is published under the MIT license.
 
-This chart is based upon the work done by [@jfelten](https://github.com/jfelten/gitea-helm-chart)
+Readme will be updated with examples in the next few days
 
-## TLDR
+# Content
+<!-- vscode-markdown-toc -->
+* 1. [Introduction](#Introduction)
+	* 1.1. [Dependencies](#Dependencies)
+* 2. [Installing](#Installing)
+* 3. [Prerequisites](#Prerequisites)
+* 4. [Configuration](#Configuration)
+	* 4.1. [Image](#Image)
+	* 4.2. [Persistence](#Persistence)
+	* 4.3. [Ingress](#Ingress)
+	* 4.4. [Service](#Service)
+	* 4.5. [Gitea Configuration](#GiteaConfiguration)
+	* 4.6. [Gitea repository](#Gitearepository)
+	* 4.7. [Gitea Ldap](#GiteaLdap)
+	* 4.8. [Gitea Server](#GiteaServer)
+	* 4.9. [Gitea Repository](#GiteaRepository)
+	* 4.10. [Gitea UI](#GiteaUI)
+	* 4.11. [Gitea Database](#GiteaDatabase)
+	* 4.12. [Gitea Admin](#GiteaAdmin)
+	* 4.13. [Gitea Security](#GiteaSecurity)
+	* 4.14. [Gitea OpenID](#GiteaOpenID)
+	* 4.15. [Gitea Service](#GiteaService)
+	* 4.16. [Gitea Webhook](#GiteaWebhook)
+	* 4.17. [Gitea Mailer](#GiteaMailer)
+	* 4.18. [Gitea Cache](#GiteaCache)
+	* 4.19. [Gitea Attachment](#GiteaAttachment)
+	* 4.20. [Gitea Log](#GiteaLog)
+	* 4.21. [Gitea Git](#GiteaGit)
+	* 4.22. [Gitea Extra Config](#GiteaExtraConfig)
+	* 4.23. [Memcached BuiltIn](#MemcachedBuiltIn)
+	* 4.24. [Mysql BuiltIn](#MysqlBuiltIn)
+	* 4.25. [Postgresql BuiltIn](#PostgresqlBuiltIn)
 
-```sh
-helm repo add k8s-land https://charts.k8s.land
-helm install gitea k8s-land/gitea
+<!-- vscode-markdown-toc-config
+	numbering=true
+	autoSave=true
+	/vscode-markdown-toc-config -->
+<!-- /vscode-markdown-toc -->
+
+##  1. <a name='Introduction'></a>Introduction
+
+This helm chart has taken some inspiration from https://github.com/jfelten/gitea-helm-chart
+But takes a completly different approach in providing database and cache with dependencies.
+Also this chart provides ldap and admin user configuration with values as well as it is deployed as statefulset to retain stored repositories.
+
+###  1.1. <a name='Dependencies'></a>Dependencies
+
+Gitea can be run with external database and cache. This chart provides those dependencies, which can be
+enabled, or disabled via [configuration](#3-configuration).
+
+Dependencies:
+
+* Postgresql
+* Memcached
+* Mysql
+
+##  2. <a name='Installing'></a>Installing
+
+```
+  helm repo add novum-rgi-helm https://novumrgi.github.io/helm/
+  helm install gitea novum-rgi-helm/gitea
 ```
 
-## Introduction
+##  3. <a name='Prerequisites'></a>Prerequisites
 
-This chart bootstraps both [Gitea](http://gitea.com) and MariaDB.
+* Kubernetes 1.12+
+* Helm 3.0+
+* PV provisioner for persistent data support
 
-In this chart, the following are ran:
-  - Gitea
-  - Memcached
-  - Mariadb
+##  4. <a name='Configuration'></a>Configuration
 
-## Prerequisites
+###  4.1. <a name='Image'></a>Image
 
-- Kubernetes 1.12+
-- Helm 3.0+
-- PV provisioner for persistent data support
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|image.repository| Image to start for this pod | gitea/gitea |
+|image.version| Image Version | 1.12.2 |
+|image.pullPolicy| Image pull policy | Always |
 
-## Installing the Chart
+###  4.2. <a name='Persistence'></a>Persistence
 
-By default, we use ingress to expose the service.
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|persistence.enabled| Enable persistence for Gitea |true|
+|persistence.existingClaim| Use an existing claim to store repository information | |
+|persistence.size| Size for persistence to store repo information | 10Gi |
+|persistence.accessModes|AccessMode for persistence||
+|persistence.storageClass|Storage class for repository persistence|standard|
 
-To install WITHOUT persistent storage / development:
+###  4.3. <a name='Ingress'></a>Ingress
 
-```bash
-helm repo add k8s-land https://charts.k8s.land
-helm install gitea k8s-land/gitea
-```
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|ingress.enabled| enable ingress | false|
+|ingress.annotations| add ingress annotations | |
+|ingress.hosts| add hosts for ingress as string list | git.example.com |
+|ingress.tls|add ingress tls settings|[]|
 
-For production / installing with persistent data:
+###  4.4. <a name='Service'></a>Service
 
-```sh
-helm show values k8s-land/gitea > values.yaml
-vim values.yaml # Edit to enable persistent storage
-helm install gitea k8s-land/gitea -f values.yaml
-```
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|service.http.type| Kubernetes service type for web traffic | ClusterIP |
+|service.http.port| Port for web traffic | 3000 |
+|service.ssh.type| Kubernetes service type for ssh traffic | ClusterIP |
+|service.ssh.port| Port for ssh traffic | 22 |
+|service.ssh.annotations| Additional ssh annotations for the ssh service ||
 
-### Database Configuration
+###  4.5. <a name='GiteaConfiguration'></a>Gitea Configuration
 
-By default, we will launch a Mariadb database:
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.config.appName | App name that shows in every Page | Gitea: Git with a cup of tea |
+|gitea.config.runMode | Run Mode for Gitea, either dev, prod or test | dev               |
+|gitea.config.runUser | User for gitea container to run   | git                          |
+|gitea.config.adminUser | Admin user to login in gitea   | gitea_admin |
+|gitea.config.adminPassword | Password for admin user   | gitea123456                         |
+|gitea.config.adminEmail | Email for admin user   | example@gitea.com                   |
 
-```yaml
-mariadb:
-  enabled: true
-```
+###  4.6. <a name='Gitearepository'></a>Gitea repository
 
-To use an external database, disable the in-pod database and fill in the "externalDB" values:
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.repository.root| Root path for storing all repository data. It must be an absolute path. | nil |
+|gitea.repository.forcePrivate | Force every new repository to be private. | false       |
+|gitea.repository.defaultPrivate| Default private when creating a new repository. [last, private, public] | false |
+|gitea.repository.maxCreationLimit| Global maximum creation limit of repositories per user, -1 means no limit.| -1 |
+|gitea.repository.mirrorQueueLength| Patch test queue length, increase if pull request patch testing starts hanging. | 1000 |
+|gitea.repository.pullRequestQueueLength| Length of pull request patch test queue, make it as large as possible. Use caution when editing this value. | 1000|
+|preferredLicenses| Preferred Licenses to place at the top of the list. Name must match file name in conf/license or custom/conf/license in container.| Apache License 2.0,MIT License |
+|gitea.repository.disableHttpGit|Disable the ability to interact with repositories over the HTTP protocol.| false|
+|gitea.repository.useCompatSSHUri|Force ssh:// clone url instead of scp-style uri when default SSH port is used.|false|
 
-```yaml
-mariadb:
-  enabled: false
+###  4.7. <a name='GiteaLdap'></a>Gitea Ldap
 
-#Connect to an external database
- externalDB:
-  dbUser: "postgres"
-   dbPassword: "<MY_PASSWORD>"
-   dbHost: "db-service-name.namespace.svc.cluster.local" # or some external host
-   dbPort: "5432"
-   dbDatabase: "gitea"
-```
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.ldap.enabled| enable ldap config | false|
+|gitea.ldap.name| unique name to store ldap config| ""|
+|gitea.ldap.securityProtocol| ldap security protocol | "" |
+|gitea.ldap.host | Ip or url to connect to ldap | "" |
+|gitea.ldap.port | Port to connecto to ldap server | "" |
+|gitea.ldap.userSearchBase| The LDAP base at which user accounts will be searched for. | "" |
+|gitea.ldap.userFilter| An LDAP filter declaring how to find the user record that is attempting to authenticate. The %s matching parameter will be substituted with login name given on sign-in form. | "" |
+|gitea.ldap.adminFilter | An LDAP filter specifying if a user should be given administrator privileges. If a user account passes the filter, the user will be privileged as an administrator. | "" |
+|gitea.ldap.emailAttribute | The attribute of the user’s LDAP record containing the user’s email address. This will be used to populate their account information. | "" |
+|gitea.ldap.bindDn | The DN to bind to the LDAP server with when searching for the user. This may be left blank to perform an anonymous search. | "" |
+|gitea.ldap.bindPassword | The password for the Bind DN specified above, if any. Note: The password is stored in plaintext at the server. As such, ensure that the Bind DN has as few privileges as possible. | "" |
+|gitea.ldap.usernameAttribute | The attribute of the user’s LDAP record containing the user name. Given attribute value will be used for new Gitea account user name after first successful sign-in. Leave empty to use login name given on sign-in form. | "" |
 
-## Persistent Data
+###  4.8. <a name='GiteaServer'></a>Gitea Server
 
-By default, persistent data is not enabled and thus you'll have to enable it from within the `values.yaml`.
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.server.http.externalDomain | Http clone setting for which address gitea will be available on clone | git.example.com|
+|gitea.server.http.externalDomain | Http clone setting for which port gitea will be available on clone | |
+|gitea.server.ssh.externalDomain | SSH clone setting for which address gitea will be available on clone | git.example.com|
+|gitea.server.http.externalPort | SSH clone setting for which port gitea will be available on clone | |
+|gitea.server.offlineMode | Disables use of CDN for static files and Gravatar for profile pictures. | false|
 
-Unless otherwise set to true, data will be deleted when the Pod is restarted. 
+###  4.9. <a name='GiteaRepository'></a>Gitea Repository
 
-To prevent data loss, we will enable persistent data.
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.repository.root| Root path for storing all repository data. It must be an absolute path. | "" |
+|gitea.repository.forcePrivate| Force every new repository to be private. | "" |
+|gitea.repository.defaultPrivate| Default private when creating a new repository. [last, private, public] | last |
+|gitea.repository.maxCreationLimit| Global maximum creation limit of repositories per user, -1 means no limit. | -1 |
+|gitea.repository.mirrorQueueLength| Patch test queue length, increase if pull request patch testing starts hanging. | 1000 |
+|gitea.repository.pullRequestQueueLength| Length of pull request patch test queue, make it as large as possible. Use caution when editing this value. | 1000 |
+|gitea.repository.preferredLicenses| Apache License 2.0,MIT License: Preferred Licenses to place at the top of the list. Name must match file name in conf/license or custom/conf/license. | Apache License 2.0,MIT License |
+|gitea.repository.disableHttpGit| Disable the ability to interact with repositories over the HTTP protocol. | false |
+|gitea.repository.useCompatSSHUri| Force ssh:// clone url instead of scp-style uri when default SSH port is used. | false |
+|gitea.repository.local.copyPath| Path for local repository copy. | tmp/local-repo |
+|gitea.repository.local.wikiPath| Path for local wiki copy. | tmp/local-wiki |
+|gitea.repository.upload.enabled| Whether repository file uploads are enabled. | true |
+|gitea.repository.upload.tempPath| Path for uploads. | data/tmp/uploads |
+|gitea.repository.upload.allowedTypes| One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type |  |
+|gitea.repository.upload.fileMaxSize|Max size of each file in megabytes.| 3 |
+|gitea.repository.upload.maxFiles| Max number of files per upload. | 5 |
+|gitea.repository.pullRequest.workInProgressPrefixes|  List of prefixes used in Pull Request title to mark them as Work In Progress | WIP:,[WIP] |
+|gitea.repository.pullRequest.closeKeywords| Max number of files per upload. | 5 |
+|gitea.repository.pullRequest.reopenKeywords| Max number of files per upload. | 5 |
+|gitea.repository.pullRequest.defaultMergeMessageCommitsLimit| Max number of files per upload. | 5 |
+|gitea.repository.pullRequest.defaultMergeMessageSize| Max number of files per upload. | 5 |
+|gitea.repository.pullRequest.defaultMergeMessageAllAuthors| Max number of files per upload. | 5 |
+|gitea.repository.pullRequest.defaultMergeMessageMaxApprovers| Max number of files per upload. | 5 |
+|gitea.repository.pullRequest.defaultMergeMessageOfficialApproversOnly| Max number of files per upload. | 5 |
+|gitea.repository.signing.signingKey| Key to sign with. [none, KEYID, default ] | default |
+|gitea.repository.signing.signingName|  if a KEYID is provided as the SIGNING_KEY, use these as the Name of the signer. These should match publicized name for the key. |  |
+|gitea.repository.signing.signingEmail|  if a KEYID is provided as the SIGNING_KEY, use these as the Email address of the signer. These should match publicized email address for the key. |  |
+|gitea.repository.signing.initialCommit|  [never, pubkey, twofa, always]: Sign initial commit. | always |
+|gitea.repository.signing.crudActions| [never, pubkey, twofa, parentsigned, always]: Sign CRUD actions. | pubkey, twofa, parentsigned |
+|gitea.repository.signing.wiki| [never, pubkey, twofa, always, parentsigned]: Sign commits to wiki. | never |
+|gitea.repository.signing.merges|  [never, pubkey, twofa, approved, basesigned, commitssigned, always]: Sign merges.  | pubkey, twofa, basesigned, commitssigned |gitea.ui.explorePagingNum|Number of repositories that are shown in one explore page.|20|
 
-First, enable persistency:
+###  4.10. <a name='GiteaUI'></a>Gitea UI
 
-```yaml
-persistence:
-  enabled: true
-```
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.ui.issuePagingNum|Number of issues that are shown in one page (for all pages that list issues).|10|
+|gitea.ui.membersPagingNum| Number of members that are shown in organization members.|20|
+|gitea.ui.feedMaxCommitNum|Number of maximum commits shown in one activity feed.|5|
+|gitea.ui.graphMaxCommitNum|Number of maximum commits shown in the commit graph.|100|
+|gitea.ui.codeCommentLines| Number of line of codes shown for a code comment |4|
+|gitea.ui.themeColorMetaTag|Value of `theme-color` meta tag, used by Android >= 5.0 An invalid color like "none" or "disable" will have the default style More info: https://developers.google.com/web/updates/201411Support-for-theme-color-in-Chrome-39-for-Android|#6cc644|
+|gitea.ui.maxDisplayFileSize| Max size of files to be displayed in Bytes |8388608|
+|gitea.ui.defaultTheme| [gitea, arc-green]: Set the default theme for the Gitea install.|gitea|
+|gitea.ui.showUserMail|Whether the email of the user should be shown in the Explore Users page|true|
+|gitea.ui.defaultShowFullName|Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.|false|
+|gitea.ui.searchRepoDescription|Whether to search within description at repository search on explore page.|true|
+|gitea.ui.useServiceWorker|Whether to enable a Service Worker to cache frontend assets|true|
 
+###  4.11. <a name='GiteaDatabase'></a>Gitea Database
 
-If you wish for helm **NOT** to replace data when re-deploying (updating the chart), add the `resource-policy` annotation:
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.database.builtIn.postgresql.enabled| Enable built in postgresql database, either postgres or mysql can be enabled. Not both!| true|
+|gitea.database.builtIn.mysql.enabled| Enable built in mysql database, either postgres or mysql can be enabled. Not both!| false |
+|gitea.database.external.type| database type if no built in is enabled | postgres |
+|gitea.database.external.port| port to connect to database | 5432 |
+|gitea.database.external.host| address to connect to database | |
+|gitea.database.external.name| database name | gitea |
+|gitea.database.external.user| database user | gitea |
+|gitea.database.external.password| database password for defined user | gitea |
+|gitea.database.external.schema| database schema to deploy db data | |
+|gitea.database.sslMode|SSL/TLS encryption mode for connecting to the database. This option is only applied for PostgreSQL and MySQL|disable|
+|gitea.database.charset|For MySQL only, either “utf8” or “utf8mb4”. NOTICE: for “utf8mb4” you must use MySQL InnoDB > 5.6. Gitea is unable to check this.|utf8mb4|
+|gitea.database.path|For SQLite3 only, the database file path.|data/gitea.db|
+|gitea.database.sqlLiteTimeout|For "sqlite3" only. Query timeout|500|
+|gitea.database.iterateBufferSize|For iterate buffer|50|
+|gitea.database.logSql|Show the database generated SQL|true|
+|gitea.database.dbRetries|Maximum number of DB Connect retries|10|
+|gitea.database.dbRetryBackoff|Backoff time per DB retry (time.Duration)|3s|
+|gitea.database.maxIdleConns|Max idle database connections on connnection pool|2|
+|gitea.database.connMaxLifetime|Database connection max life time|3s|
+|gitea.database.maxOpenConns|Database maximum number of open connections|0|
 
-```yaml
-persistence:
-  annotations:
-    "helm.sh/resource-policy": keep
-```
+###  4.12. <a name='GiteaAdmin'></a>Gitea Admin
 
-To use a previously created PVC / volume, use the following: 
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.admin.disableRegularOrgCreation|Disallow regular (non-admin) users from creating organizations.|false|
+|gitea.admin.defaultEmailNotifications|Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled|enabled|
 
-```yaml
- existingGiteaClaim: gitea-gitea
-```
+###  4.13. <a name='GiteaSecurity'></a>Gitea Security
 
-## Ingress And External Host/Ports
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.security.installLock|Disallow access to the install page.|true|
+|gitea.security.secretKey|Global secret key. This should be changed.|!#@FDEWREWR&*(|
+|gitea.security.loginRememberDays|Cookie lifetime, in days.|7|
+|gitea.security.cookieUsername|Name of the cookie used to store the current username.|gitea_awesome|
+|gitea.security.cookieRememberName|Name of cookie used to store authentication information.|gitea_incredible|
+|gitea.security.reverseProxyAuthUser|Header name for reverse proxy authentication.|X-WEBAUTH-USER|
+|gitea.security.reverseProxyAuthEmail|Header name for reverse proxy authentication provided email.|X-WEBAUTH-EMAIL|
+|gitea.security.minPasswordLength|The minimum password length for new Users|6|
+|gitea.security.importLocalPaths|Set to false to prevent all users (including admin) from importing local path on server.|false|
+|gitea.security.disabledGitHooks|Set to true to prevent all users (including admin) from creating custom git hooks|false|
+|gitea.security.onlyAllowPushIfGiteaEnvSet|Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED|true|
+|gitea.security.passwordComplexity|Comma separated list of character classes required to pass minimum complexity. [lower,upper,digit,spec]|off|
+|gitea.security.passwordHashAlgo|Password Hash algorithm, either "pbkdf2", "argon2", "scrypt" or "bcrypt"|pbkdf2|
+|gitea.security.crsfCookieHttpOnly|Set false to allow JavaScript to read CSRF cookie|true|
 
-Gitea requires ports to be exposed for accessibility. The recommended way is using **ingress**, however, you can supply `LoadBalancer` to your values alternatively.
+###  4.14. <a name='GiteaOpenID'></a>Gitea OpenID
 
-By default, we expose via an ingress:
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.openid.enableOpenidSignin|Whether to allow signin in via OpenID|true|
+|gitea.openid.enableOpenidSignup|Whether to allow registering via OpenID|true|
+|gitea.openid.whitelistedUris|Allowed URI patterns (POSIX regexp). Space seperated||
+|gitea.openid.blacklistedUris|Forbidden URI patterns (POSIX regexp). Space seperated||
 
-To expose via an ingress:
+###  4.15. <a name='GiteaService'></a>Gitea Service
 
-```yaml
-ingress:
-  enabled: true
-```
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.service.activeCodeLiveMinutes|Time limit (min) to confirm account/email registration.|180|
+|gitea.service.resetPasswordCodeLiveMinutes|Time limit (min) to confirm forgot password reset process.|180|
+|gitea.service.registerEmailConfirm|Enable this to ask for mail confirmation of registration. Requires Mailer to be enabled.|false|
+|gitea.service.emailDomainWhitelist|List of domain names that are allowed to be used to register on a Gitea instance||
+|gitea.service.disableRegistration|Disallow registration, only allow admins to create accounts.|false|
+|gitea.service.allowOnlyExternalRegistration|Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false|false|
+|gitea.service.requireSigninView|User must sign in to view anything.|false|
+|gitea.service.enableNotifyMail|Mail notification|false|
+|gitea.service.enableBasicAuth|This setting enables gitea to be signed in with HTTP BASIC Authentication using the user's password|true|
+|gitea.service.enableReverseProxyAuth|Enable this to allow reverse proxy authentication.|false|
+|gitea.service.enableReverseProxyAutoRegistration| Enable this to allow auto-registration for reverse authentication.|false|
+|gitea.service.enableReverseProxyEmail|Enable this to allow to auto-registration with a provided email rather than a generated email.|false|
+|gitea.service.enableCaptcha|Enable this to use captcha validation for registration.|false|
+|gitea.service.captchaType|[image, recaptcha]|image|
+|gitea.service.recaptchaSecret|Go to https://www.google.com/recaptcha/admin to get a secret for recaptcha.||
+|gitea.service.recaptchaSiteKey|Go to https://www.google.com/recaptcha/admin to get a sitekey for recaptcha.||
+|gitea.service.racaptchaUrl|Set the recaptcha url - allows the use of recaptcha net.|https://www.google.com/recaptcha/|
+|gitea.service.defaultKeepEmailPrivate|Default value for KeepEmailPrivate|false|
+|gitea.service.deaultAllowCreateOrg|Default value for AllowCreateOrganization|true|
+|gitea.service.defaultOrgVisibility|Either "public", "limited" or "private", limited is for signed user only|public|
+|gitea.service.defaultOrgMemberVisible|Default value for DefaultOrgMemberVisible|false|
+|gitea.service.defaultEnableDependencies|Default value for EnableDependencies|true|
+|gitea.service.allowCrossRepositoryDependencies|Dependencies can be added from any repository where the user is granted access or only from the current repository depending on this setting.|true|
+|gitea.service.enableUserHeatmap|Enable heatmap on users profiles.|true|
+|gitea.service.enableTimeTracking|Enable Timetracking|true|
+|gitea.service.defaultEnableTimeTracking|Default value for EnableTimetracking|true|
+|gitea.service.defaultAllowOnlyContributorsToTrackTime|Default value for AllowOnlyContributorsToTrackTime|true|
+|gitea.service.noReplyAddress|Default value for the domain part of the user's email address in the git log|noreply.example.org|
+|gitea.service.showRegistrationButton|Show Registration button|true|
+|gitea.service.showMilestonesDashboardPage|Show milestones dashboard page - a view of all the user's milestones|true|
+|gitea.service.autoWatchNewRepos|Default value for AutoWatchNewRepos|true|
+|gitea.service.autoWatchOnChanges|Default value for AutoWatchOnChanges|false|
 
-To expose the web application this chart will generate an ingress using the ingress controller of choice if specified. If an ingress is enabled services.http.externalHost must be specified. To expose SSH services it relies on either a LoadBalancer or NodePort.
+###  4.16. <a name='GiteaWebhook'></a>Gitea Webhook
 
-## Upgrading
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.webhook.queueLength|Hook task queue length, increase if webhook shooting starts hanging|1000|
+|gitea.webhook.deliverTimeout|Deliver timeout in seconds|5|
+|gitea.webhook.skipTlsVerify|Allow insecure certification|false|
+|gitea.webhook.pagingNum|Number of history information in each page|10|
 
-When upgrading, make sure you have the following enabled:
+###  4.17. <a name='GiteaMailer'></a>Gitea Mailer
 
-  - Persistency for both mariadb + Gitea
-  - Using `existingGiteaClaim`
-  - Due to using the [bitnami/mariadb](https://github.com/helm/charts/tree/master/stable/mariadb) chart, make sure to HARDCODE your passwords within `values.yaml`.  Or else you'll be unable to update mariadb
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.mailer.enabled|Enable mailer settings|false|
+|gitea.mailer.sendBufferLen|Buffer length of channel, keep it as it is if you don't know what it is.|100|
+|gitea.mailer.subjectPrefix|Prefix displayed before subject in mail||
+|gitea.mailer.host|Mail server||
+|gitea.mailer.disableHelo|Disable HELO operation when hostnames are different.||
+|gitea.mailer.heloHostname|Custom hostname for HELO operation, if no value is provided, one is retrieved from system.||
+|gitea.mailer.skipVerify|Do not verify the certificate of the server. Only use this for self-signed certificates||
+|gitea.mailer.useCertificate|Use client certificate|false|
+|gitea.mailer.certFile|Path to cert file|custom/mailer/cert.pem|
+|gitea.mailer.keyFile|Path to key file|custom/mailer/key.pem|
+|gitea.mailer.isTlsEnabled|Should SMTP connect with TLS, (if port ends with 465 TLS will always be used.)|false|
+|gitea.mailer.from|Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format||
+|gitea.mailer.user|Mailer user name||
+|gitea.mailer.password|Mailer password||
+|gitea.mailer.sendAsPlainText|Send mails as plain text|false|
+|gitea.mailer.mailerType|Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)|smtp|
+|gitea.mailer.sendMailPath|Specify an alternative sendmail binary|sendmail|
+|gitea.mailer.sendMailArgs|Specify any extra sendmail arguments||
+|gitea.mailer.sendMailTimeout|Timeout for Sendmail|5m|
 
-## Configuration
+###  4.18. <a name='GiteaCache'></a>Gitea Cache
 
-Refer to [values.yaml](values.yaml) for the full run-down on defaults.
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.cache.enabled| Enable cache | true |
+|gitea.cache.builtIn.enabled | Use built in memcached | true |
+|gitea.cache.external.adapter| If built in is not enabled use this to chhose cache adapter [memory, redis, memcache] | memory |
+|gitea.cache.external.host| If built in is not enabled use this to connect to an external cache | |
+|gitea.cache.interval| Garbage Collection interval (sec), for memory cache only. | 60 |
+|gitea.cache.itemTTL| Time to keep items in cache if not used, Setting it to 0 disables caching.| 16h |
+|gitea.cache.lastCommit.enabled | Enable last commit cache | true |
+|gitea.cache.lastCommit.itemTTL| Time to keep items in cache if not used, Setting it to 0 disables caching. | 8760h |
+|gitea.cache.lastCommit.commitCount| Only enable the cache when repository’s commits count great than. | 1000 |
 
-The following table lists the configurable parameters of this chart and their default values.
+###  4.19. <a name='GiteaAttachment'></a>Gitea Attachment
 
-| Parameter                             | Description                                                                                                                  | Default                   |
-|---------------------------------------|------------------------------------------------------------------------------------------------------------------------------|---------------------------|
-| `images.gitea`                        | `gitea` image                                                                                                                | `gitea/gitea:1.9.3`       |
-| `images.memcached`                    | `memcached` image                                                                                                            | `memcached:1.5.19-alpine` |
-| `images.pullPolicy`                   | Image pull policy                                                                                                            | `IfNotPresent`            |
-| `images.pullSecrets`                  | Specify an array of pull secrets                                                                                             | `[]`                      |
-| `memcached.maxItemMemory`             | Max item memory                                                                                                              | `64`                      |
-| `memcached.verbosity`                 | Verbosity                                                                                                                    | `v`                       |
-| `memcached.extendedOptions`           | Extended options for memcached                                                                                               | `modern`                  |
-| `ingress.enabled`                     | Switch to create ingress for this chart deployment                                                                           | `true`                    |
-| `ingress.hostname `                   | Hostname to be used for the ingress                                                                                          | `gitea.local`             |
-| `ingress.certManager`                 | Asks if we want to use cert-manager or not (let's encrypt, etc.)                                                             | `true`                    |
-| `ingress.annotations`                 | Annotations used by the ingress                                                                                              | `[]`                      |
-| `ingress.hosts `                      | Additional hosts to be used by the ingress                                                                                   | `[]`                      |
-| `ingress.tls `                        | TLS secret keys to be used with Gitea                                                                                        | `[]`                      |
-| `service.http.serviceType`            | type of kubernetes services used for http i.e. ClusterIP, NodePort or LoadBalancer                                           | `ClusterIP`               |
-| `service.http.port`                   | http port for web traffic                                                                                                    | `3000`                    |
-| `service.http.NodePort`               | Manual NodePort for web traffic                                                                                              | `nil`                     |
-| `service.http.externalPort`           | Port exposed on the internet by a load balancer or firewall that redirects to the ingress or NodePort                        | `8280`                    |
-| `service.http.externalHost`           | IP or DNS name exposed on the internet by a load balancer or firewall that redirects to the ingress or Node for http traffic | `gitea.local`             |
-| `service.ssh.serviceType`             | type of kubernetes services used for ssh i.e. ClusterIP, NodePort or LoadBalancer                                            | `ClusterIP`               |
-| `service.ssh.port`                    | http port for web traffic                                                                                                    | `22`                      |
-| `service.ssh.NodePort`                | Manual NodePort for ssh traffic                                                                                              | `nil`                     |
-| `service.ssh.externalPort`            | Port exposed on the internet by a load balancer or firewall that redirects to the ingress or NodePort                        | `nil`                     |
-| `service.ssh.externalHost`            | IP or DNS name exposed on the internet by a load balancer or firewall that redirects to the ingress or Node for http traffic | `gitea.local`             |
-| `resources.gitea.requests.memory`     | gitea container memory request                                                                                               | `500Mi`                   |
-| `resources.gitea.requests.cpu`        | gitea container request cpu                                                                                                  | `1000m`                   |
-| `resources.gitea.limits.memory`       | gitea container memory limits                                                                                                | `2Gi`                     |
-| `resources.gitea.limits.cpu`          | gitea container CPU/Memory resource requests/limits                                                                          | `1`                       |
-| `resources.memcached.requests.memory` | memcached container memory request                                                                                           | `64Mi`                    |
-| `resources.memcached.requests.cpu`    | memcached container request cpu                                                                                              | `50m`                     |
-| `persistence.enabled`                 | Create PVCs to store gitea data                                                                               | `false`                   |
-| `persistence.existingGiteaClaim`      | Already existing PVC that should be used for gitea data.                                                                     | `nil`                     |
-| `persistence.giteaSize`               | Size of gitea pvc to create                                                                                                  | `10Gi`                    |
-| `persistence.annotations`             | Annotations to set on created PVCs                                                                                           | `nil`                     |
-| `persistence.storageClass`            | StorageClass to use for dynamic provision if not 'default'                                                                   | `nil`                     |
-| `podAnnotations`                      | Annotations to set on the pod                                                                  | `{}`                        |
-| `mariadb.enabled`                     | Enable or diable mariadb                                                                                                     | `true`                    |
-| `mariadb.replication.enabled`         | Enable or diable replication                                                                                                 | `false`                   |
-| `mariadb.db.name`                     | Default name                                                                                                                 | `gitea`                   |
-| `mariadb.db.user`                     | Default user                                                                                                                 | `gitea`                   |
-| `mariadb.persistence.enabled`         | Enable or diable persistence                                                                                                 | `true`                    |
-| `mariadb.persistence.accessMode`      | What access mode to use                                                                                                      | `ReadWriteOnce`           |
-| `mariadb.persistence.size`            | What size of database to use                                                                                                 | `8Gi`                     |
-| `externalDB.dbUser`                   | external db user                                                                                                             | ` unset`                  |
-| `externalDB.dbPassword`               | external db password                                                                                                         | ` unset`                  |
-| `externalDB.dbHost`                   | external db host                                                                                                             | ` unset`                  |
-| `externalDB.dbPort`                   | external db port                                                                                                             | ` unset`                  |
-| `externalDB.dbDatabase`               | external db database name                                                                                                    | ` unset`                  |
-| `config.disableInstaller`             | Disable the installer                                                                                                        | `false`                   |
-| `config.offlineMode`                  | Sets Gitea's Offline Mode. Values are `true` or `false`.                                                                     | `false`                   |
-| `config.requireSignin`                | Require Gitea user to be signed in to see any pages. Values are `true` or `false`.                                           | `false`                   |
-| `config.disableRegistration`          | Disable Gitea's user registration. Values are `true` or `false`.                                                             | `false`                   |
-| `config.openidSignin`                 | Allow login with OpenID. Values are `true` or `false`.                                                                       | `true`                    |
-| `nodeSelector`                        | Node to be selected                                                                                                          | `{}`                      |
-| `affinity`                            | Affinity settings for pod assignment                                                                                         | `{}`                      |
-| `tolerations`                         | Toleration labels for pod assignment                                                                                         | `[]`                      |
-| `deploymentAnnotations`               | Deployment annotations to be used                                                                                            | `{}`                      |
-| `podAnnotations`                      | Pod deployment annotations to be used                                                                                        | `{}`                      |
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.attachment.enabled|Enable this to allow uploading attachments.|true|
+|gitea.attachment.path|Path to store attachments.|data/attachments|
+|gitea.attachment.allowedTypes||image/jpeg|image/png|application/zip|application/gzip|
+|gitea.attachment.maxSize|Maximum size (MB).|4|
+|gitea.attachment.maxFiles|Maximum number of attachments that can be uploaded at once.|5|
+
+###  4.20. <a name='GiteaLog'></a>Gitea Log
+
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.log.rootPath|Root path for log files.||
+|gitea.log.mode|Logging mode. For multiple modes, use a comma to separate values. You can configure each mode in per mode log subsections |console|
+|gitea.log.bufferLen|Buffer length of the channel, keep it as it is if you don't know what it is.|10000|
+|gitea.log.redirectMacaronLog|Redirects the Macaron log to its own logger or the default logger. |false|
+|gitea.log.macaron|Logging mode for the macaron logger, use a comma to separate values. Configure each mode in per mode log subsections |file|
+|gitea.log.routerLogLevel|The log level that the router should log at. (If you are setting the access log, its recommended to place this at Debug.)|Info|
+|gitea.log.router|The mode or name of the log the router should log to. (If you set this to , it will log to default gitea logger.) NB: You must REDIRECT_MACARON_LOG and have DISABLE_ROUTER_LOG set to false for this option to take effect. Configure each mode in per mode log subsections|console|
+|gitea.log.enableAccessLog|Creates an access.log in NCSA common log format, or as per the following template|false|
+|gitea.log.access|Logging mode for the access logger, use a comma to separate values. Configure each mode in per mode log subsections |file|
+|gitea.log.level| General log level. [Trace, Debug, Info, Warn, Error, Critical, Fatal, None]|Info|
+|gitea.log.stackTraceLevel|Default log level at which to log create stack traces. [Trace, Debug, Info, Warn, Error, Critical, Fatal, None]|None|
+|gitea.log.x.flags|A comma separated string representing the log flags.|stdflags|
+|gitea.log.x.expression| regular expression to match either the function name, file or message. Defaults to empty. Only log messages that match the expression will be saved in the logger.||
+|gitea.log.x.prefix|An additional prefix for every log line in this logger. Defaults to empty.||
+|gitea.log.x.colorize| Colorize the log lines by default|false|
+|gitea.log.console.level|Log Level [Trace, Debug, Info, Warn, Error, Critical, Fatal, None]|None|
+|gitea.log.console.stderr|Use Stderr instead of Stdout.|false|
+|gitea.log.file.level|Log Level [Trace, Debug, Info, Warn, Error, Critical, Fatal, None]|None|
+|gitea.log.file.fileName|Set the file_name for the logger. If this is a relative path this will be relative to ROOT_PATH||
+|gitea.log.file.logRotate|This enables automated log rotate(switch of following options)|true|
+|gitea.log.file.maxLines|Max number of lines in a single file|1000000|
+|gitea.log.file.maxSizeShift|Max size shift of a single file, default is 28 means 1 << 28, 256MB|28|
+|gitea.log.file.dailyRotate|Segment log daily|true|
+|gitea.log.file.maxDays|delete the log file after n days|7|
+|gitea.log.file.compress|compress logs with gzip|true|
+|gitea.log.file.compressionLeveL|compression level see godoc for compress/gzip|-1|
+|gitea.log.conn.level|Log Level [Trace, Debug, Info, Warn, Error, Critical, Fatal, None]|None|
+|gitea.log.conn.reconnOnMsg|Reconnect host for every single message, default is false|false|
+|gitea.log.conn.reconnect|Try to reconnect when connection is lost, default is false|false|
+|gitea.log.conn.protocol|Either "tcp", "unix" or "udp", default is "tcp"|tcp|
+|gitea.log.conn.addr|Host address||
+|gitea.log.smtp.level|Log Level [Trace, Debug, Info, Warn, Error, Critical, Fatal, None]|None|
+|gitea.log.smtp.subject|Name displayed in mail title, default is "Diagnostic message from server"|Diagnostic message from server|
+|gitea.log.smtp.host|Mail server||
+|gitea.log.smtp.user|Mailer user name||
+|gitea.log.smtp.password|Mailer password||
+|gitea.log.smtp.receivers|Receivers, can be one or more, e.g. 1@example.com,2@example.com|false|
+
+###  4.21. <a name='GiteaGit'></a>Gitea Git
+
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.git.path|The path of git executable. If empty, Gitea searches through the PATH environment.||
+|gitea.git.disableDiffHighlight|Disables highlight of added and removed changes|1000|
+|gitea.git.maxGitDiffLines|Max number of lines allowed in a single file in diff view|5000|
+|gitea.git.maxGitDiffLineChars|Max number of allowed characters in a line in diff view|100|
+|gitea.git.maxGitDiffFiles|Max number of files shown in diff view||
+|gitea.git.gcArgs|Arguments for command 'git gc', e.g. "--aggressive --auto"||
+|gitea.git.enableAutoGitWireProt|If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1|true|
+|gitea.git.pullRequestPushMessage|Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)|true|
+|gitea.git.timeout.default|Git operations default timeout seconds.|360|
+|gitea.git.timeout.migrate|Migrate external repositories timeout seconds.|600|
+|gitea.git.timeout.mirror|Mirror external repositories timeout seconds.|300|
+|gitea.git.timeout.clone|Git clone from internal repositories timeout seconds.|300|
+|gitea.git.timeout.pull|Git pull from internal repositories timeout seconds.|300|
+|gitea.git.timeout.gc|Git repository GC timeout seconds.|60|
+|gitea.git.metrics.enabled| Enables /metrics endpoint for prometheus.|false|
+|gitea.git.metrics.token|You need to specify the token, if you want to include in the authorization the metrics . The same token need to be used in prometheus parameters bearer_token or bearer_token_file.||
+
+###  4.22. <a name='GiteaExtraConfig'></a>Gitea Extra Config
+
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.extraConfig|If you want anymore configuration you need to do it here as a multiline string. For example look at https://docs.gitea.io/en-us/config-cheat-sheet/||
+
+###  4.23. <a name='MemcachedBuiltIn'></a>Memcached BuiltIn
+
+Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
+
+The following parameters are the defaults set by this chart
+
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|memcached.service.port|Memcached Port| 11211|
+
+###  4.24. <a name='MysqlBuiltIn'></a>Mysql BuiltIn
+
+Mysql is loaded as a dependency from stable. Configuration can be found from this [website](https://github.com/helm/charts/tree/master/stable/mysql)
+
+The following parameters are the defaults set by this chart
+
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|mysql.mysqlRootPassword|Password for the root user. Ignored if existing secret is provided|gitea|
+|mysql.mysqlUser|Username of new user to create.|gitea|
+|mysql.mysqlPassword|Password for the new user. Ignored if existing secret is provided|gitea|
+|mysql.mysqlDatabase|Name for new database to create.|gitea|
+|mysql.service.port|Port to connect to mysql service|3306|
+|mysql.persistence|Persistence size for mysql |10Gi|
+
+###  4.25. <a name='PostgresqlBuiltIn'></a>Postgresql BuiltIn
+
+Postgresql is loaded as a dependency from bitnami. Configuration can be found from this [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql)
+
+The following parameters are the defaults set by this chart
+
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|postgresql.global.postgresql.postgresqlDatabase| PostgreSQL database (overrides postgresqlDatabase)|gitea|
+|postgresql.global.postgresql.postgresqlUsername| PostgreSQL username (overrides postgresqlUsername)|gitea|
+|postgresql.global.postgresql.postgresqlPassword| PostgreSQL admin password (overrides postgresqlPassword)|gitea|
+|postgresql.global.postgresql.servicePort|PostgreSQL port (overrides service.port)|5432|
+|postgresql.persistence.size| PVC Storage Request for PostgreSQL volume |10Gi|
-- 
2.40.1


From af6de140d477e9df0fa1abdc1cdb5dcbfe3f8f17 Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Thu, 30 Jul 2020 15:13:19 +0200
Subject: [PATCH 10/25] update values to support most configuration gitea
 offers

---
 values.yaml | 580 +++++++++++++++++++++++++++++++++-------------------
 1 file changed, 367 insertions(+), 213 deletions(-)

diff --git a/values.yaml b/values.yaml
index 85bc9a7..c79a79f 100644
--- a/values.yaml
+++ b/values.yaml
@@ -1,230 +1,384 @@
-## Gitea image
-## ref: https://hub.docker.com/r/gitea/gitea/tags/
-##
+# Default values for gitea.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
 
-tags:
-  mariadb: true
+replicaCount: 1
 
-images:
-  registry: docker.io
-  gitea: "gitea/gitea:1.12.2"
-  memcached: "memcached:1.5.19-alpine"
-  pullPolicy: IfNotPresent
-  ## Optionally specify an array of imagePullSecrets.
-  ## Secrets must be manually created in the namespace.
-  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-  ##
-  # pullSecrets:
-  #   - myRegistryKeySecretName
+image:
+  repository: gitea/gitea
+  version: 1.12.2
+  pullPolicy: Always
 
-## Cache settings for memcache
-memcached:
-  maxItemMemory: 64
-  verbosity: v
-  extendedOptions: modern
+imagePullSecrets: []
 
-## Configure the ingress resource that allows you to access the
-## Gitea installation. Set up the URL
-## ref: http://kubernetes.io/docs/user-guide/ingress/
-##
-ingress:
-  ## Set to true to enable ingress record generation
-  enabled: true
-
-  ## Set this to true in order to add the corresponding annotations for cert-manager
-  certManager: false
-
-  ## When the ingress is enabled, a host pointing to this will be created
-  hostname: gitea.local
-
-  ## Ingress annotations done as key:value pairs
-  ## For a full list of possible ingress annotations, please see
-  ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
-  ##
-  ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
-  ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
-  annotations: {}
-  #  certmanager.k8s.io/cluster-issuer: letsencrypt-prod
-  #  kubernetes.io/ingress.class: nginx
-
-  ## The list of additional hostnames to be covered with this ingress record.
-  ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
-  # hosts:
-  # - name: gitea.local
-  #   path: /
-
-  ## The tls configuration for the ingress
-  ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
-  ## Uncomment below to enable tls / https for let's encrypt / cert-manager
-  # tls:    
-  #  - hosts:    
-  #    - gitea.local
-  #    secretName: gitea.tls 
-
-  secrets:
-  ## If you're providing your own certificates, please use this to add the certificates as secrets
-  ## key and certificate should start with -----BEGIN CERTIFICATE----- or
-  ## -----BEGIN RSA PRIVATE KEY-----
-  ##
-  ## name should line up with a tlsSecret set further up
-  ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
-  ##
-  ## It is also possible to create and manage the certificates outside of this helm chart
-  ## Please see README.md for more information
-  # - name: gitea.local-tls
-  #   key:
-  #   certificate:
-  #
-
-## This chart defaults to using an ingress for http, but change to LoadBalancer if using you cluster supports it
 service:
-
-  ## This can stay as ClusterIP as (by default) we use ingress
   http:
-    serviceType: ClusterIP
+    type: ClusterIP
     port: 3000
-    ## Make the external port available
-    # externalPort: 8280
-    # externalHost: gitea.local
-
-  ## SSH is commonly on port 22.. however.. you most likely already have port 22 being used by your node.
-  ## so we use port 8022.
   ssh:
-    serviceType: LoadBalancer
+    type: ClusterIP
     port: 22
-    #nodePort: 30222
-    ## If serving on a different external port used for determining the ssh url in the gui
-    externalPort: 8022
-    externalHost: gitea.local
-    externalIPs: []
+    annotations:
 
-## Configure resource requests and limits
-## ref: http://kubernetes.io/docs/user-guide/compute-resources/
-##
-resources:
-  gitea:
-    requests:
-      memory: 500Mi
-      cpu: 1000m
-    limits:
-      memory: 2Gi
-      cpu: 1
-  memcached:
-    requests:
-      memory: 64Mi
-      cpu: 50m
-
-## Update strategy - for deployments with RWO PVs attached and with a
-## single replicas = 1, an update can get stuck, as the previous pod
-## remains attached to the PVC. Changing the strategy to "Recreate"
-## will terminate the single previous pod, so that the new, incoming
-## pod can attach to the PV
-# deploymentStrategy:
-#   rollingUpdate:
-#     type: "Recreate"
-#     type: "RollingUpdate"
-#     maxSurge: 1
-#     maxUnavailable: 1
-
-## Enable persistence using Persistent Volume Claims
-## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
-## ref:
-##
-persistence:
+ingress:
   enabled: false
-  # existingGiteaClaim: gitea-gitea
-  giteaSize: 10Gi
-  # storageClass: glusterfs
-  accessMode: ReadWriteMany
-  ## addtional annotations for PVCs. Uncommenting will prevent the PVC from being deleted.
-  annotations:
-    "helm.sh/resource-policy": keep
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - git.example.com
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
 
-## if you want to mount a volume directly without using a storageClass or pvcs
-#  directGiteaVolumeMount:
-#    glusterfs:
-#      endpoints: "192.168.1.1 192.168.1.2 192.168.1.3"
-#      path: giteaData
-#  directPostgresVolumeMount:
-#    glusterfs:
-#      endpoints: "192.168.1.1 192.168.1.2 192.168.1.3"
-#      path: giteaPostgresData
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
 
-
-
-##
-## MariaDB chart configuration
-##
-## https://github.com/helm/charts/blob/master/stable/mariadb/values.yaml
-##
-mariadb:
-  ## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters
-  enabled: true
-  ## Disable MariaDB replication
-  replication:
-    enabled: false
-
-  ## Create a database and a database user
-  ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run
-  ##
-  db:
-    name: gitea
-    user: gitea
-    ## If the password is not specified, mariadb will generates a random password
-    ##
-    # password: ThisIsMySuperSecretPassword
-
-  ## MariaDB admin password
-  ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#setting-the-root-password-on-first-run
-  ##
-  rootUser:
-    # password: ThisIsMySuperSecretPassword
-
-  ## Enable persistence using Persistent Volume Claims
-  ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
-  ##
-  master:
-    persistence:
-      enabled: false
-      ## mariadb data Persistent Volume Storage Class
-      ## If defined, storageClassName: <storageClass>
-      ## If set to "-", storageClassName: "", which disables dynamic provisioning
-      ## If undefined (the default) or set to null, no storageClassName spec is
-      ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-      ##   GKE, AWS & OpenStack)
-      ##
-      # storageClass: "-"
-      accessMode: ReadWriteOnce
-      size: 8Gi
-
-## Connect to an external database instead
-# externalDB:
-#   dbUser: "postgres"
-#   dbPassword: "<MY_PASSWORD>"
-#   dbHost: "service-name.namespace.svc.cluster.local" # or some external host
-#   dbPort: "5432"
-#   dbDatabase: "gitea"
-
-
-## Actual Gitea configuration (modified the default .ini file for Gitea)
-## This will skip the initial installation screen. You must have a secretKey already defined
-## and disableInstaller set to True
-config:
-##  secretKey: ThisIsMySuperSecretKeyThatsUsedInterally
-  disableInstaller: false
-  offlineMode: false
-  requireSignin: false
-  disableRegistration: false
-  openidSignin: true
-
-## Common helm annotations
-## Node labels and tolerations for pod assignment
-## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
-## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
 nodeSelector: {}
+
 tolerations: []
+
 affinity: {}
 
-## Annotations for the deployment and pods.
-deploymentAnnotations: {}
-podAnnotations: {}
+persistence:
+  enabled: true
+  # existingClaim: 
+  size: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  storageClass: standard
+
+gitea:
+  config:
+    appName: "Gitea: Git with a cup of tea"
+    runMode: dev
+    # Do not change the run user for gitea default container
+    runUser: git
+
+    adminUser: "gitea_admin"
+    adminPassword: "gitea123456"
+    adminEmail: "example@gitea.com"
+
+  ldap:
+    enabled: false
+    name: ""
+    securityProtocol: ""
+    host: ""
+    port: ""
+    userSearchBase: ""
+    userFilter: ""
+    adminFilter: ""
+    emailAttribute: ""
+    bindDn: ""
+    bindPassword: ""
+    usernameAttribute: ""
+
+  server:
+    http:
+      externalDomain: git.example.com
+      externalPort:
+    ssh:
+      externalDomain: git.example.com
+      externalPort:
+    offlineMode: false
+
+  repository:
+    root:
+    forcePrivate: false
+    defaultPrivate: last
+    maxCreationLimit: -1
+    mirrorQueueLength: 1000
+    pullRequestQueueLength: 1000
+    preferredLicenses: Apache License 2.0,MIT License
+    disableHttpGit: false
+    useCompatSSHUri: false
+
+    local:
+      copyPath: tmp/local-repo
+      wikiPath: tmp/local-wiki
+
+    upload:
+      enabled: true
+      tempPath: data/tmp/uploads
+      allowedTypes:
+      fileMaxSize: 3
+      maxFiles: 5
+
+    pullRequest:
+      workInProgressPrefixes: "WIP:,[WIP]"
+      closeKeywords: close,closes,closed,fix,fixes,fixed,resolve,resolves,resolved
+      reopenKeywords: reopen,reopens,reopened
+      defaultMergeMessageCommitsLimit: 50
+      defaultMergeMessageSize: 5120
+      defaultMergeMessageAllAuthors: false
+      defaultMergeMessageMaxApprovers: 10
+      defaultMergeMessageOfficialApproversOnly: true
+
+    signing:
+      signingKey: default
+      signingName:
+      signingEmail:
+      initialCommit: always
+      crudActions: pubkey, twofa, parentsigned
+      wiki: never
+      merges: pubkey, twofa, basesigned, commitssigned
+
+  ui:
+    explorePagingNum: 20
+    issuePagingNum: 10
+    membersPagingNum: 20
+    feedMaxCommitNum: 5
+    graphMaxCommitNum: 100
+    codeCommentLines: 4
+    themeColorMetaTag: "#6cc644"
+    maxDisplayFileSize: 8388608
+    defaultTheme: gitea
+    showUserMail: true
+    defaultShowFullName: false
+    searchRepoDescription: true
+    useServiceWorker: true
+
+  database:
+    builtIn:
+      postgresql:
+        enabled: true
+      mysql:
+        enabled: false
+
+    external:
+      type: postgres
+      port: 5432
+      host:
+      name: gitea
+      user: gitea
+      password: gitea
+      schema:
+
+    sslMode: disable
+    charset: utf8mb4
+    path: data/gitea.db
+    sqlLiteTimeout: 500
+    iterateBufferSize: 50
+    logSql: true
+    dbRetries: 10
+    dbRetryBackoff: 3s
+    maxIdleConns: 2
+    connMaxLifetime: 3s
+    maxOpenConns: 0
+
+  admin:
+    disableRegularOrgCreation: false
+    defaultEmailNotifications: enabled
+
+  security:
+    installLock: true
+    secretKey: "!#@FDEWREWR&*("
+    loginRememberDays: 7
+    cookieUsername: gitea_awesome
+    cookieRememberName: gitea_incredible
+    reverseProxyAuthUser: X-WEBAUTH-USER
+    reverseProxyAuthEmail: X-WEBAUTH-EMAIL
+    minPasswordLength: 6
+    importLocalPaths: false
+    disabledGitHooks: false
+    onlyAllowPushIfGiteaEnvSet: true
+    passwordComplexity: "off"
+    passwordHashAlgo: pbkdf2
+    crsfCookieHttpOnly: true
+
+  openid:
+    enableOpenidSignin: true
+    enableOpenidSignup: true
+    whitelistedUris:
+    blacklistedUris:
+
+  service:
+    activeCodeLiveMinutes: 180
+    resetPasswordCodeLiveMinutes: 180
+    registerEmailConfirm: false
+    emailDomainWhitelist:
+    disableRegistration: false
+    allowOnlyExternalRegistration: false
+    requireSigninView: false
+    enableNotifyMail: false
+    enableBasicAuth: true
+    enableReverseProxyAuth: false
+    enableReverseProxyAutoRegistration: false
+    enableReverseProxyEmail: false
+    enableCaptcha: false
+    captchaType: image
+    recaptchaSecret:
+    recaptchaSiteKey:
+    racaptchaUrl: https://www.google.com/recaptcha/
+    defaultKeepEmailPrivate: false
+    deaultAllowCreateOrg: true
+    defaultOrgVisibility: public
+    defaultOrgMemberVisible: false
+    defaultEnableDependencies: true
+    allowCrossRepositoryDependencies: true
+    enableUserHeatmap: true
+    enableTimeTracking: true
+    defaultEnableTimeTracking: true
+    defaultAllowOnlyContributorsToTrackTime: true
+    noReplyAddress: noreply.example.org
+    showRegistrationButton: true
+    showMilestonesDashboardPage: true
+    autoWatchNewRepos: true
+    autoWatchOnChanges: false
+
+  webhook:
+    queueLength: 1000
+    deliverTimeout: 5
+    skipTlsVerify: false
+    pagingNum: 10
+
+  mailer:
+    enabled: false
+    sendBufferLen: 100
+    subjectPrefix:
+    host:
+    disableHelo:
+    heloHostname:
+    skipVerify:
+    useCertificate: false
+    certFile: custom/mailer/cert.pem
+    keyFile: custom/mailer/key.pem
+    isTlsEnabled: false
+    from:
+    user:
+    password:
+    sendAsPlainText: false
+    mailerType: smtp
+    sendMailPath: sendmail
+    sendMailArgs:
+    sendMailTimeout: 5m
+
+  cache:
+    enabled: true
+
+    builtIn:
+      enabled: true
+
+    external:
+      adapter: memory
+      host:
+
+    interval: 60
+    itemTTL: 16h
+
+    lastCommit:
+      enabled: true
+      itemTTL: 8760h
+      commitCount: 1000
+
+  attachment:
+    enabled: true
+    path: data/attachments
+    allowedTypes: image/jpeg|image/png|application/zip|application/gzip
+    maxSize: 4
+    maxFiles: 5
+
+  log:
+    rootPath:
+    mode: console
+    bufferLen: 10000
+    redirectMacaronLog: false
+    macaron: file
+    routerLogLevel: Info
+    router: console
+    enableAccessLog: false
+    access: file
+    level: Info
+    stackTraceLevel: None
+
+    x:
+      flags: stdflags
+      expression:
+      prefix:
+      colorize: false
+
+    console:
+      level: None
+      stderr: false
+
+    file:
+      level: None
+      fileName:
+      logRotate: true
+      maxLines: 100000
+      maxSizeShift: 28
+      dailyRotate: true
+      maxDays: 7
+      compress: true
+      compressionLeveL: -1
+
+    conn:
+      level: None
+      reconnOnMsg: false
+      reconnect: false
+      protocol: tcp
+      addr:
+
+    smtp:
+      level: None
+      subject: Diagnostic message from server
+      host:
+      user:
+      password:
+      receivers:
+
+  git:
+    path:
+    disableDiffHighlight: false
+    maxGitDiffLines: 1000
+    maxGitDiffLineChars: 5000
+    maxGitDiffFiles: 100
+    gcArgs:
+    enableAutoGitWireProt: true
+    pullRequestPushMessage: true
+
+    timeout:
+      default: 360
+      migrate: 600
+      mirror: 300
+      clone: 300
+      pull: 300
+      gc: 60
+  metrics:
+    enabled: false
+    token:
+  extraConfig:
+
+memcached:
+  service:
+    port: 11211
+
+postgresql:
+  global:
+    postgresql:
+      postgresqlDatabase: gitea
+      postgresqlUsername: gitea
+      postgresqlPassword: gitea
+      servicePort: 5432
+  persistence:
+    size: 10Gi
+
+mysql:
+  mysqlRootPassword: gitea
+  mysqlUser: gitea
+  mysqlPassword: gitea
+  mysqlDatabase: gitea
+  service:
+    port: 3306
+  persistence:
+    size: 10Gi
-- 
2.40.1


From 4e4189f7c516d7fa49382f228864f66d58de1da6 Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Wed, 5 Aug 2020 09:29:32 +0200
Subject: [PATCH 11/25] Fix and operator for newer helm versions

---
 templates/gitea/config.yaml      | 2 +-
 templates/gitea/ssh-svc.yaml     | 2 +-
 templates/gitea/statefulset.yaml | 2 +-
 values.yaml                      | 2 ++
 4 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml
index 209d7c1..fe010b6 100644
--- a/templates/gitea/config.yaml
+++ b/templates/gitea/config.yaml
@@ -196,7 +196,7 @@ data:
     {{- else -}}
     {{- $proto := set . "proto" "http" }}
     {{- end -}}
-    {{- if and .Values.gitea.server.http.externalDomain ( .Values.gitea.server.http.externalPort ) }}
+    {{- if and .Values.gitea.server.http.externalDomain .Values.gitea.server.http.externalPort }}
     ROOT_URL = {{ .proto }}://{{ .Values.gitea.server.http.externalDomain }}:{{ .Values.gitea.server.http.externalPort }}/
     {{- else if .Values.gitea.server.http.externalDomain }}
     ROOT_URL = {{ .proto }}://{{ .Values.gitea.server.http.externalDomain }}/
diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml
index b3eeadb..8d90f18 100644
--- a/templates/gitea/ssh-svc.yaml
+++ b/templates/gitea/ssh-svc.yaml
@@ -8,7 +8,7 @@ metadata:
 {{ toYaml .Values.service.ssh.annotations | indent 4 }}
 spec:
   type: {{ .Values.service.ssh.type }}
-  {{- if (.Values.service.ssh.loadBalancerIP) and eq .Values.service.ssh.serviceType "LoadBalancer" }}
+  {{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }}
   loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
   {{- end }}
   clusterIP: None
diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml
index b28e6dd..1cc3304 100644
--- a/templates/gitea/statefulset.yaml
+++ b/templates/gitea/statefulset.yaml
@@ -29,7 +29,7 @@ spec:
                 nc -v -w2 -z {{ include "postgresql.servicename" . }} {{ .Values.postgresql.global.postgresql.servicePort }} && \
                 su git -c ' \
                 gitea migrate; \
-                {{- if and .Values.gitea.config.adminUser (.Values.gitea.config.adminPassword) }}
+                {{- if and .Values.gitea.config.adminUser .Values.gitea.config.adminPassword }}
                 gitea admin create-user --username {{ .Values.gitea.config.adminUser }} --password '{{ .Values.gitea.config.adminPassword }}' --email {{ .Values.gitea.config.adminEmail }} --admin \
                 || \
                 gitea admin change-password --username {{ .Values.gitea.config.adminUser }} --password '{{ .Values.gitea.config.adminPassword }}'; \
diff --git a/values.yaml b/values.yaml
index c79a79f..0f4e4a6 100644
--- a/values.yaml
+++ b/values.yaml
@@ -18,6 +18,8 @@ service:
   ssh:
     type: ClusterIP
     port: 22
+    #loadBalancerIP:
+    #nodePort:
     annotations:
 
 ingress:
-- 
2.40.1


From e5783963d11b185eafbf371908987bc640d6c911 Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Wed, 5 Aug 2020 12:52:33 +0200
Subject: [PATCH 12/25] Fix port setting for ssh

---
 templates/gitea/statefulset.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml
index 1cc3304..458a8c1 100644
--- a/templates/gitea/statefulset.yaml
+++ b/templates/gitea/statefulset.yaml
@@ -84,7 +84,7 @@ spec:
                 gitea migrate
           ports:
             - name: ssh
-              containerPort: {{ .Values.service.ssh.port }}
+              containerPort: 22
             - name: http
               containerPort: {{ .Values.service.http.port }}
           livenessProbe:
-- 
2.40.1


From b29d6a236b7b8e109e4f78a8ea9af50a27a2dd14 Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Wed, 5 Aug 2020 12:52:58 +0200
Subject: [PATCH 13/25] Add examples to readme

---
 README.md | 209 ++++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 156 insertions(+), 53 deletions(-)

diff --git a/README.md b/README.md
index af31700..d751f34 100644
--- a/README.md
+++ b/README.md
@@ -10,32 +10,37 @@ Readme will be updated with examples in the next few days
 	* 1.1. [Dependencies](#Dependencies)
 * 2. [Installing](#Installing)
 * 3. [Prerequisites](#Prerequisites)
-* 4. [Configuration](#Configuration)
-	* 4.1. [Image](#Image)
+* 4. [Examples](#Examples)
+	* 4.1. [Ports and external url](#Portsandexternalurl)
 	* 4.2. [Persistence](#Persistence)
-	* 4.3. [Ingress](#Ingress)
-	* 4.4. [Service](#Service)
-	* 4.5. [Gitea Configuration](#GiteaConfiguration)
-	* 4.6. [Gitea repository](#Gitearepository)
-	* 4.7. [Gitea Ldap](#GiteaLdap)
-	* 4.8. [Gitea Server](#GiteaServer)
-	* 4.9. [Gitea Repository](#GiteaRepository)
-	* 4.10. [Gitea UI](#GiteaUI)
-	* 4.11. [Gitea Database](#GiteaDatabase)
-	* 4.12. [Gitea Admin](#GiteaAdmin)
-	* 4.13. [Gitea Security](#GiteaSecurity)
-	* 4.14. [Gitea OpenID](#GiteaOpenID)
-	* 4.15. [Gitea Service](#GiteaService)
-	* 4.16. [Gitea Webhook](#GiteaWebhook)
-	* 4.17. [Gitea Mailer](#GiteaMailer)
-	* 4.18. [Gitea Cache](#GiteaCache)
-	* 4.19. [Gitea Attachment](#GiteaAttachment)
-	* 4.20. [Gitea Log](#GiteaLog)
-	* 4.21. [Gitea Git](#GiteaGit)
-	* 4.22. [Gitea Extra Config](#GiteaExtraConfig)
-	* 4.23. [Memcached BuiltIn](#MemcachedBuiltIn)
-	* 4.24. [Mysql BuiltIn](#MysqlBuiltIn)
-	* 4.25. [Postgresql BuiltIn](#PostgresqlBuiltIn)
+	* 4.3. [Admin User](#AdminUser)
+	* 4.4. [Ldap Settings](#LdapSettings)
+* 5. [Configuration](#Configuration)
+	* 5.1. [Image](#Image)
+	* 5.2. [Persistence](#Persistence-1)
+	* 5.3. [Ingress](#Ingress)
+	* 5.4. [Service](#Service)
+	* 5.5. [Gitea Configuration](#GiteaConfiguration)
+	* 5.6. [Gitea repository](#Gitearepository)
+	* 5.7. [Gitea Ldap](#GiteaLdap)
+	* 5.8. [Gitea Server](#GiteaServer)
+	* 5.9. [Gitea Repository](#GiteaRepository)
+	* 5.10. [Gitea UI](#GiteaUI)
+	* 5.11. [Gitea Database](#GiteaDatabase)
+	* 5.12. [Gitea Admin](#GiteaAdmin)
+	* 5.13. [Gitea Security](#GiteaSecurity)
+	* 5.14. [Gitea OpenID](#GiteaOpenID)
+	* 5.15. [Gitea Service](#GiteaService)
+	* 5.16. [Gitea Webhook](#GiteaWebhook)
+	* 5.17. [Gitea Mailer](#GiteaMailer)
+	* 5.18. [Gitea Cache](#GiteaCache)
+	* 5.19. [Gitea Attachment](#GiteaAttachment)
+	* 5.20. [Gitea Log](#GiteaLog)
+	* 5.21. [Gitea Git](#GiteaGit)
+	* 5.22. [Gitea Extra Config](#GiteaExtraConfig)
+	* 5.23. [Memcached BuiltIn](#MemcachedBuiltIn)
+	* 5.24. [Mysql BuiltIn](#MysqlBuiltIn)
+	* 5.25. [Postgresql BuiltIn](#PostgresqlBuiltIn)
 
 <!-- vscode-markdown-toc-config
 	numbering=true
@@ -73,9 +78,107 @@ Dependencies:
 * Helm 3.0+
 * PV provisioner for persistent data support
 
-##  4. <a name='Configuration'></a>Configuration
+##  4. <a name='Examples'></a>Examples
 
-###  4.1. <a name='Image'></a>Image
+###  4.1. <a name='Portsandexternalurl'></a>Ports and external url
+
+By default port 3000 is used for web traffic and 22 for ssh. Those can be changed:
+
+```yaml
+  service:
+    http: 
+      port: 3000
+    ssh:
+      port: 22
+```
+
+For git to display the clone urls correctly the externalDomain setting has to be used. However the externalDomain does not change where gitea is published (Use ingress for this). ExternalDomain is just for displaying the correct clone URL. Same for externalPorts. Those are only used for display the correct clone URL.
+
+```yaml
+  gitea:
+    server:
+      http:
+        externalDomain: gitea.example.com
+        externalPort: 3000
+      ssh:
+        externalDomain: gitea.example.com
+        externalPort: 22
+```
+
+###  4.2. <a name='Persistence'></a>Persistence
+
+Gitea will be deployed as a statefulset. By simply enabling the persistence and setting the storage class according to your cluster
+everything else will be taken care of. The following example will create a PVC as a part of the statefulset. This PVC will not be deleted
+even if you uninstall the chart.
+When using Postgresql as dependency, this will also be deployed as a statefulset by default. 
+
+If you want to manage your own PVC you can simply pass the PVC name to the chart. 
+
+```yaml
+  persistence:
+    enabled: true
+    existingClaim: MyAwesomeGiteaClaim
+```
+
+In case that peristence has been disabled it will simply use an empty dir volume.
+
+Postgresql handles the persistence in the exact same way. 
+You can interact with the postgres settings as displayed in the following example:
+
+```yaml
+  postgresql:
+    persistence:
+      enabled: true
+      existingClaim: MyAwesomeGiteaPostgresClaim
+```
+
+Mysql also handles persistence the same, even though it is not deployed as a statefulset.
+You can interact with the postgres settings as displayed in the following example:
+
+```yaml
+  mysql:
+    persistence:
+      enabled: true
+      existingClaim: MyAwesomeGiteaMysqlClaim
+```
+
+###  4.3. <a name='AdminUser'></a>Admin User
+
+This chart enables you to create a default admin user. It is also possible to update the password for this user by upgrading or redeloying the chart.
+It is not possible to delete an admin user after it has been created. This has to be done in the ui.
+
+```yaml
+  gitea:
+    config:
+      adminUser: "MyAwesomeGiteaAdmin"
+      adminPassword: "AReallyAwesomeGiteaPassword"
+      adminEmail: "gi@tea.com"
+```
+
+###  4.4. <a name='LdapSettings'></a>Ldap Settings
+
+Like the admin user the ldap settings can be updated but also disabled or deleted.
+
+```yaml
+  gitea:
+    ldap:
+      enabled: true
+      name: 'MyAwesomeGiteaLdap'
+      securityProtocol: unencrypted
+      host: "127.0.0.1"
+      port: "389"
+      userSearchBase: ou=Users,dc=example,dc=com
+      userFilter: sAMAccountName=%s
+      adminFilter: CN=Admin,CN=Group,DC=example,DC=com
+      emailAttribute: mail
+      bindDn: CN=ldap read,OU=Spezial,DC=example,DC=com
+      bindPassword: JustAnotherBindPw
+      usernameAttribute: CN
+```
+
+##  5. <a name='Configuration'></a>Configuration
+
+###  5.1. <a name='Image'></a>Image
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -83,7 +186,7 @@ Dependencies:
 |image.version| Image Version | 1.12.2 |
 |image.pullPolicy| Image pull policy | Always |
 
-###  4.2. <a name='Persistence'></a>Persistence
+###  5.2. <a name='Persistence-1'></a>Persistence
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -93,7 +196,7 @@ Dependencies:
 |persistence.accessModes|AccessMode for persistence||
 |persistence.storageClass|Storage class for repository persistence|standard|
 
-###  4.3. <a name='Ingress'></a>Ingress
+###  5.3. <a name='Ingress'></a>Ingress
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -102,7 +205,7 @@ Dependencies:
 |ingress.hosts| add hosts for ingress as string list | git.example.com |
 |ingress.tls|add ingress tls settings|[]|
 
-###  4.4. <a name='Service'></a>Service
+###  5.4. <a name='Service'></a>Service
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -112,7 +215,7 @@ Dependencies:
 |service.ssh.port| Port for ssh traffic | 22 |
 |service.ssh.annotations| Additional ssh annotations for the ssh service ||
 
-###  4.5. <a name='GiteaConfiguration'></a>Gitea Configuration
+###  5.5. <a name='GiteaConfiguration'></a>Gitea Configuration
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -123,7 +226,7 @@ Dependencies:
 |gitea.config.adminPassword | Password for admin user   | gitea123456                         |
 |gitea.config.adminEmail | Email for admin user   | example@gitea.com                   |
 
-###  4.6. <a name='Gitearepository'></a>Gitea repository
+###  5.6. <a name='Gitearepository'></a>Gitea repository
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -137,7 +240,7 @@ Dependencies:
 |gitea.repository.disableHttpGit|Disable the ability to interact with repositories over the HTTP protocol.| false|
 |gitea.repository.useCompatSSHUri|Force ssh:// clone url instead of scp-style uri when default SSH port is used.|false|
 
-###  4.7. <a name='GiteaLdap'></a>Gitea Ldap
+###  5.7. <a name='GiteaLdap'></a>Gitea Ldap
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -154,17 +257,17 @@ Dependencies:
 |gitea.ldap.bindPassword | The password for the Bind DN specified above, if any. Note: The password is stored in plaintext at the server. As such, ensure that the Bind DN has as few privileges as possible. | "" |
 |gitea.ldap.usernameAttribute | The attribute of the user’s LDAP record containing the user name. Given attribute value will be used for new Gitea account user name after first successful sign-in. Leave empty to use login name given on sign-in form. | "" |
 
-###  4.8. <a name='GiteaServer'></a>Gitea Server
+###  5.8. <a name='GiteaServer'></a>Gitea Server
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
 |gitea.server.http.externalDomain | Http clone setting for which address gitea will be available on clone | git.example.com|
-|gitea.server.http.externalDomain | Http clone setting for which port gitea will be available on clone | |
+|gitea.server.http.externalPort | Http clone setting for which port gitea will be available on clone | |
 |gitea.server.ssh.externalDomain | SSH clone setting for which address gitea will be available on clone | git.example.com|
-|gitea.server.http.externalPort | SSH clone setting for which port gitea will be available on clone | |
+|gitea.server.ssh.externalPort | SSH clone setting for which port gitea will be available on clone | |
 |gitea.server.offlineMode | Disables use of CDN for static files and Gravatar for profile pictures. | false|
 
-###  4.9. <a name='GiteaRepository'></a>Gitea Repository
+###  5.9. <a name='GiteaRepository'></a>Gitea Repository
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -200,7 +303,7 @@ Dependencies:
 |gitea.repository.signing.wiki| [never, pubkey, twofa, always, parentsigned]: Sign commits to wiki. | never |
 |gitea.repository.signing.merges|  [never, pubkey, twofa, approved, basesigned, commitssigned, always]: Sign merges.  | pubkey, twofa, basesigned, commitssigned |gitea.ui.explorePagingNum|Number of repositories that are shown in one explore page.|20|
 
-###  4.10. <a name='GiteaUI'></a>Gitea UI
+###  5.10. <a name='GiteaUI'></a>Gitea UI
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -217,7 +320,7 @@ Dependencies:
 |gitea.ui.searchRepoDescription|Whether to search within description at repository search on explore page.|true|
 |gitea.ui.useServiceWorker|Whether to enable a Service Worker to cache frontend assets|true|
 
-###  4.11. <a name='GiteaDatabase'></a>Gitea Database
+###  5.11. <a name='GiteaDatabase'></a>Gitea Database
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -242,14 +345,14 @@ Dependencies:
 |gitea.database.connMaxLifetime|Database connection max life time|3s|
 |gitea.database.maxOpenConns|Database maximum number of open connections|0|
 
-###  4.12. <a name='GiteaAdmin'></a>Gitea Admin
+###  5.12. <a name='GiteaAdmin'></a>Gitea Admin
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
 |gitea.admin.disableRegularOrgCreation|Disallow regular (non-admin) users from creating organizations.|false|
 |gitea.admin.defaultEmailNotifications|Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled|enabled|
 
-###  4.13. <a name='GiteaSecurity'></a>Gitea Security
+###  5.13. <a name='GiteaSecurity'></a>Gitea Security
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -268,7 +371,7 @@ Dependencies:
 |gitea.security.passwordHashAlgo|Password Hash algorithm, either "pbkdf2", "argon2", "scrypt" or "bcrypt"|pbkdf2|
 |gitea.security.crsfCookieHttpOnly|Set false to allow JavaScript to read CSRF cookie|true|
 
-###  4.14. <a name='GiteaOpenID'></a>Gitea OpenID
+###  5.14. <a name='GiteaOpenID'></a>Gitea OpenID
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -277,7 +380,7 @@ Dependencies:
 |gitea.openid.whitelistedUris|Allowed URI patterns (POSIX regexp). Space seperated||
 |gitea.openid.blacklistedUris|Forbidden URI patterns (POSIX regexp). Space seperated||
 
-###  4.15. <a name='GiteaService'></a>Gitea Service
+###  5.15. <a name='GiteaService'></a>Gitea Service
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -314,7 +417,7 @@ Dependencies:
 |gitea.service.autoWatchNewRepos|Default value for AutoWatchNewRepos|true|
 |gitea.service.autoWatchOnChanges|Default value for AutoWatchOnChanges|false|
 
-###  4.16. <a name='GiteaWebhook'></a>Gitea Webhook
+###  5.16. <a name='GiteaWebhook'></a>Gitea Webhook
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -323,7 +426,7 @@ Dependencies:
 |gitea.webhook.skipTlsVerify|Allow insecure certification|false|
 |gitea.webhook.pagingNum|Number of history information in each page|10|
 
-###  4.17. <a name='GiteaMailer'></a>Gitea Mailer
+###  5.17. <a name='GiteaMailer'></a>Gitea Mailer
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -347,7 +450,7 @@ Dependencies:
 |gitea.mailer.sendMailArgs|Specify any extra sendmail arguments||
 |gitea.mailer.sendMailTimeout|Timeout for Sendmail|5m|
 
-###  4.18. <a name='GiteaCache'></a>Gitea Cache
+###  5.18. <a name='GiteaCache'></a>Gitea Cache
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -361,7 +464,7 @@ Dependencies:
 |gitea.cache.lastCommit.itemTTL| Time to keep items in cache if not used, Setting it to 0 disables caching. | 8760h |
 |gitea.cache.lastCommit.commitCount| Only enable the cache when repository’s commits count great than. | 1000 |
 
-###  4.19. <a name='GiteaAttachment'></a>Gitea Attachment
+###  5.19. <a name='GiteaAttachment'></a>Gitea Attachment
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -371,7 +474,7 @@ Dependencies:
 |gitea.attachment.maxSize|Maximum size (MB).|4|
 |gitea.attachment.maxFiles|Maximum number of attachments that can be uploaded at once.|5|
 
-###  4.20. <a name='GiteaLog'></a>Gitea Log
+###  5.20. <a name='GiteaLog'></a>Gitea Log
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -413,7 +516,7 @@ Dependencies:
 |gitea.log.smtp.password|Mailer password||
 |gitea.log.smtp.receivers|Receivers, can be one or more, e.g. 1@example.com,2@example.com|false|
 
-###  4.21. <a name='GiteaGit'></a>Gitea Git
+###  5.21. <a name='GiteaGit'></a>Gitea Git
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -434,13 +537,13 @@ Dependencies:
 |gitea.git.metrics.enabled| Enables /metrics endpoint for prometheus.|false|
 |gitea.git.metrics.token|You need to specify the token, if you want to include in the authorization the metrics . The same token need to be used in prometheus parameters bearer_token or bearer_token_file.||
 
-###  4.22. <a name='GiteaExtraConfig'></a>Gitea Extra Config
+###  5.22. <a name='GiteaExtraConfig'></a>Gitea Extra Config
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
 |gitea.extraConfig|If you want anymore configuration you need to do it here as a multiline string. For example look at https://docs.gitea.io/en-us/config-cheat-sheet/||
 
-###  4.23. <a name='MemcachedBuiltIn'></a>Memcached BuiltIn
+###  5.23. <a name='MemcachedBuiltIn'></a>Memcached BuiltIn
 
 Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
 
@@ -450,7 +553,7 @@ The following parameters are the defaults set by this chart
 |---------------------|-----------------------------------|------------------------------|
 |memcached.service.port|Memcached Port| 11211|
 
-###  4.24. <a name='MysqlBuiltIn'></a>Mysql BuiltIn
+###  5.24. <a name='MysqlBuiltIn'></a>Mysql BuiltIn
 
 Mysql is loaded as a dependency from stable. Configuration can be found from this [website](https://github.com/helm/charts/tree/master/stable/mysql)
 
@@ -465,7 +568,7 @@ The following parameters are the defaults set by this chart
 |mysql.service.port|Port to connect to mysql service|3306|
 |mysql.persistence|Persistence size for mysql |10Gi|
 
-###  4.25. <a name='PostgresqlBuiltIn'></a>Postgresql BuiltIn
+###  5.25. <a name='PostgresqlBuiltIn'></a>Postgresql BuiltIn
 
 Postgresql is loaded as a dependency from bitnami. Configuration can be found from this [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql)
 
-- 
2.40.1


From a7f5cef321318ac39ae72fdc581720f14ab7ec7e Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Wed, 5 Aug 2020 16:40:03 +0200
Subject: [PATCH 14/25] Fix PVC mounting issues for longhorn storageClass

---
 Chart.yaml                       | 2 +-
 templates/gitea/statefulset.yaml | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Chart.yaml b/Chart.yaml
index 433f459..3be838b 100644
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: gitea
 description: Gitea Helm chart for Kubernetes
 type: application
-version: 1.4.0
+version: 1.4.1
 appVersion: 1.12.2
 icon: https://docs.gitea.io/images/gitea.png
 
diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml
index 458a8c1..6a14c12 100644
--- a/templates/gitea/statefulset.yaml
+++ b/templates/gitea/statefulset.yaml
@@ -17,6 +17,8 @@ spec:
       labels:
         {{- include "gitea.selectorLabels" . | nindent 8 }}
     spec:
+      securityContext:
+        fsGroup: 1000
       initContainers:
         - name: init
           image: "{{ .Values.image.repository }}:{{ .Values.image.version }}"
-- 
2.40.1


From 73f8cb5c5bf2378ca4b29bdaf0665572a25c290f Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Fri, 7 Aug 2020 10:55:23 +0200
Subject: [PATCH 15/25] Multiple improvements for the chart:

- add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error
- add guard for loadbalancer settings in ssh service
- use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6)
- init container now also provisions mysql and external database correctly
---
 Chart.yaml                       |  4 ++--
 templates/_helpers.tpl           | 18 +++++++++++++++++-
 templates/gitea/config.yaml      |  6 +++---
 templates/gitea/ssh-svc.yaml     |  2 ++
 templates/gitea/statefulset.yaml |  3 ++-
 values.yaml                      | 13 +++++++++----
 6 files changed, 35 insertions(+), 11 deletions(-)

diff --git a/Chart.yaml b/Chart.yaml
index 3be838b..346a452 100644
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -30,8 +30,8 @@ dependencies:
   version: 8.6.4
   condition: gitea.database.builtIn.postgresql.enabled
 - name: mysql
-  repository: https://kubernetes-charts.storage.googleapis.com/
-  version: 1.6.6
+  repository: https://charts.bitnami.com/bitnami
+  version: 6.14.8
   condition: gitea.database.builtIn.mysql.enabled
 - name: memcached
   repository: https://charts.bitnami.com/bitnami
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index 317ec95..27870d5 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -55,8 +55,24 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- printf "%s-postgresql.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.postgresql.global.postgresql.servicePort -}}
 {{- end -}}
 
-{{- define "postgresql.servicename" -}}
+{{- define "db.servicename" -}}
+{{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
 {{- printf "%s-postgresql" .Release.Name -}}
+{{- else if .Values.gitea.database.builtIn.mysql.enabled -}}
+{{- printf "%s-mysql" .Release.Name -}}
+{{- else -}}
+{{ .Values.gitea.database.external.host }}
+{{- end -}}
+{{- end -}}
+
+{{- define "db.port" -}}
+{{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
+{{ .Values.postgresql.global.postgresql.servicePort }}
+{{- else if .Values.gitea.database.builtIn.mysql.enabled -}}
+{{ .Values.mysql.service.port }}
+{{- else -}}
+{{ .Values.gitea.database.external.port }}
+{{- end -}}
 {{- end -}}
 
 {{- define "mysql.dns" -}}
diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml
index fe010b6..cabb7aa 100644
--- a/templates/gitea/config.yaml
+++ b/templates/gitea/config.yaml
@@ -319,9 +319,9 @@ data:
     {{ else if .Values.gitea.database.builtIn.mysql.enabled }}
     DB_TYPE = mysql
     HOST = {{ include "mysql.dns" . }}
-    NAME = {{ .Values.mysql.mysqlDatabase }}
-    USER = {{ .Values.mysql.mysqlUser }}
-    PASSWD = {{ .Values.mysql.mysqlPassword }}
+    NAME = {{ .Values.mysql.db.name }}
+    USER = {{ .Values.mysql.db.user }}
+    PASSWD = {{ .Values.mysql.db.password }}
     {{ else }}
     ; Database to use. Either "mysql", "postgres", "mssql" or "sqlite3".
     DB_TYPE = {{ .Values.gitea.database.external.type }}
diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml
index 8d90f18..ba795e2 100644
--- a/templates/gitea/ssh-svc.yaml
+++ b/templates/gitea/ssh-svc.yaml
@@ -11,7 +11,9 @@ spec:
   {{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }}
   loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
   {{- end }}
+  {{- if ne .Values.service.ssh.type "LoadBalancer" }}
   clusterIP: None
+  {{- end }}
   ports:
   - name: ssh
     port: {{ .Values.service.ssh.port }}
diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml
index 6a14c12..acbd152 100644
--- a/templates/gitea/statefulset.yaml
+++ b/templates/gitea/statefulset.yaml
@@ -28,7 +28,7 @@ spec:
                 mkdir -p /data/gitea/conf
                 cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
                 chmod a+rwx /data/gitea/conf/app.ini
-                nc -v -w2 -z {{ include "postgresql.servicename" . }} {{ .Values.postgresql.global.postgresql.servicePort }} && \
+                nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \
                 su git -c ' \
                 gitea migrate; \
                 {{- if and .Values.gitea.config.adminUser .Values.gitea.config.adminPassword }}
@@ -75,6 +75,7 @@ spec:
               mountPath: /etc/gitea/conf
             - name: data
               mountPath: /data
+      terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }}
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.version }}"
diff --git a/values.yaml b/values.yaml
index 0f4e4a6..d461a32 100644
--- a/values.yaml
+++ b/values.yaml
@@ -52,6 +52,9 @@ tolerations: []
 
 affinity: {}
 
+statefulset:
+  terminationGracePeriodSeconds: 60
+
 persistence:
   enabled: true
   # existingClaim: 
@@ -376,10 +379,12 @@ postgresql:
     size: 10Gi
 
 mysql:
-  mysqlRootPassword: gitea
-  mysqlUser: gitea
-  mysqlPassword: gitea
-  mysqlDatabase: gitea
+  root:
+    password: gitea
+  db:
+    user: gitea
+    password: gitea
+    name: gitea
   service:
     port: 3306
   persistence:
-- 
2.40.1


From 5ff55e74b0362df75605c30c7262c4cf300ef65f Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Fri, 7 Aug 2020 14:25:11 +0200
Subject: [PATCH 16/25] fix naming order of license and maintainers

---
 Chart.yaml | 20 ++++++++++----------
 LICENSE    |  2 +-
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/Chart.yaml b/Chart.yaml
index 346a452..a47dc0d 100644
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -17,23 +17,23 @@ sources:
   - https://github.com/go-gitea/gitea
   - https://hub.docker.com/r/gitea/gitea/
 maintainers:
-  - name: Lucas Hahn
-    email: lucas.hahn@novum-rgi.de
   - name: Charlie Drage
     email: charlie@charliedrage.com
   - name: Gitea Authors
     email: maintainers@gitea.io
+  - name: Lucas Hahn
+    email: lucas.hahn@novum-rgi.de
 
 dependencies:
-- name: postgresql
-  repository: https://charts.bitnami.com/bitnami
-  version: 8.6.4
-  condition: gitea.database.builtIn.postgresql.enabled
-- name: mysql
-  repository: https://charts.bitnami.com/bitnami
-  version: 6.14.8
-  condition: gitea.database.builtIn.mysql.enabled
 - name: memcached
   repository: https://charts.bitnami.com/bitnami
   version: 4.2.20
   condition: gitea.cache.enabled
+- name: mysql
+  repository: https://charts.bitnami.com/bitnami
+  version: 6.14.8
+  condition: gitea.database.builtIn.mysql.enabled
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 8.6.4
+  condition: gitea.database.builtIn.postgresql.enabled
diff --git a/LICENSE b/LICENSE
index 427ed0f..5f65eb3 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,8 +1,8 @@
 MIT License
 
 
-Copyright (c) 2020 NOVUM-RGI
 Copyright (c) 2020 The Gitea Authors
+Copyright (c) 2020 NOVUM-RGI
 Copyright (c) 2019 - 2020 Charlie Drage
 Copyright (c) 2018 John Felten
 
-- 
2.40.1


From 9de2d078c4534a6ee780d11b89538518b44b71e5 Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Mon, 10 Aug 2020 10:57:09 +0200
Subject: [PATCH 17/25] Add values and Remove vscode TOC comments

- values enablePushCreateOrg and enablePushCreateUser have been added to repository settings
---
 README.md                   | 118 +++++++++++++++++++-----------------
 templates/gitea/config.yaml |   4 ++
 2 files changed, 65 insertions(+), 57 deletions(-)

diff --git a/README.md b/README.md
index d751f34..77efc79 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@
 Readme will be updated with examples in the next few days
 
 # Content
-<!-- vscode-markdown-toc -->
+
 * 1. [Introduction](#Introduction)
 	* 1.1. [Dependencies](#Dependencies)
 * 2. [Installing](#Installing)
@@ -16,37 +16,32 @@ Readme will be updated with examples in the next few days
 	* 4.3. [Admin User](#AdminUser)
 	* 4.4. [Ldap Settings](#LdapSettings)
 * 5. [Configuration](#Configuration)
-	* 5.1. [Image](#Image)
-	* 5.2. [Persistence](#Persistence-1)
-	* 5.3. [Ingress](#Ingress)
-	* 5.4. [Service](#Service)
-	* 5.5. [Gitea Configuration](#GiteaConfiguration)
-	* 5.6. [Gitea repository](#Gitearepository)
-	* 5.7. [Gitea Ldap](#GiteaLdap)
-	* 5.8. [Gitea Server](#GiteaServer)
-	* 5.9. [Gitea Repository](#GiteaRepository)
-	* 5.10. [Gitea UI](#GiteaUI)
-	* 5.11. [Gitea Database](#GiteaDatabase)
-	* 5.12. [Gitea Admin](#GiteaAdmin)
-	* 5.13. [Gitea Security](#GiteaSecurity)
-	* 5.14. [Gitea OpenID](#GiteaOpenID)
-	* 5.15. [Gitea Service](#GiteaService)
-	* 5.16. [Gitea Webhook](#GiteaWebhook)
-	* 5.17. [Gitea Mailer](#GiteaMailer)
-	* 5.18. [Gitea Cache](#GiteaCache)
-	* 5.19. [Gitea Attachment](#GiteaAttachment)
-	* 5.20. [Gitea Log](#GiteaLog)
-	* 5.21. [Gitea Git](#GiteaGit)
-	* 5.22. [Gitea Extra Config](#GiteaExtraConfig)
-	* 5.23. [Memcached BuiltIn](#MemcachedBuiltIn)
-	* 5.24. [Mysql BuiltIn](#MysqlBuiltIn)
-	* 5.25. [Postgresql BuiltIn](#PostgresqlBuiltIn)
-
-<!-- vscode-markdown-toc-config
-	numbering=true
-	autoSave=true
-	/vscode-markdown-toc-config -->
-<!-- /vscode-markdown-toc -->
+	* 5.1. [Others](#Others)
+	* 5.2. [Image](#Image)
+	* 5.3. [Persistence](#Persistence-1)
+	* 5.4. [Ingress](#Ingress)
+	* 5.5. [Service](#Service)
+	* 5.6. [Gitea Configuration](#GiteaConfiguration)
+	* 5.7. [Gitea repository](#Gitearepository)
+	* 5.8. [Gitea Ldap](#GiteaLdap)
+	* 5.9. [Gitea Server](#GiteaServer)
+	* 5.10. [Gitea Repository](#GiteaRepository)
+	* 5.11. [Gitea UI](#GiteaUI)
+	* 5.12. [Gitea Database](#GiteaDatabase)
+	* 5.13. [Gitea Admin](#GiteaAdmin)
+	* 5.14. [Gitea Security](#GiteaSecurity)
+	* 5.15. [Gitea OpenID](#GiteaOpenID)
+	* 5.16. [Gitea Service](#GiteaService)
+	* 5.17. [Gitea Webhook](#GiteaWebhook)
+	* 5.18. [Gitea Mailer](#GiteaMailer)
+	* 5.19. [Gitea Cache](#GiteaCache)
+	* 5.20. [Gitea Attachment](#GiteaAttachment)
+	* 5.21. [Gitea Log](#GiteaLog)
+	* 5.22. [Gitea Git](#GiteaGit)
+	* 5.23. [Gitea Extra Config](#GiteaExtraConfig)
+	* 5.24. [Memcached BuiltIn](#MemcachedBuiltIn)
+	* 5.25. [Mysql BuiltIn](#MysqlBuiltIn)
+	* 5.26. [Postgresql BuiltIn](#PostgresqlBuiltIn)
 
 ##  1. <a name='Introduction'></a>Introduction
 
@@ -178,7 +173,14 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 
 ##  5. <a name='Configuration'></a>Configuration
 
-###  5.1. <a name='Image'></a>Image
+###  5.1. <a name='Others'></a>Others
+
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|statefulset.terminationGracePeriodSeconds| Image to start for this pod | gitea/gitea |
+
+
+###  5.2. <a name='Image'></a>Image
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -186,7 +188,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |image.version| Image Version | 1.12.2 |
 |image.pullPolicy| Image pull policy | Always |
 
-###  5.2. <a name='Persistence-1'></a>Persistence
+###  5.3. <a name='Persistence-1'></a>Persistence
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -196,7 +198,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |persistence.accessModes|AccessMode for persistence||
 |persistence.storageClass|Storage class for repository persistence|standard|
 
-###  5.3. <a name='Ingress'></a>Ingress
+###  5.4. <a name='Ingress'></a>Ingress
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -205,7 +207,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |ingress.hosts| add hosts for ingress as string list | git.example.com |
 |ingress.tls|add ingress tls settings|[]|
 
-###  5.4. <a name='Service'></a>Service
+###  5.5. <a name='Service'></a>Service
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -215,7 +217,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |service.ssh.port| Port for ssh traffic | 22 |
 |service.ssh.annotations| Additional ssh annotations for the ssh service ||
 
-###  5.5. <a name='GiteaConfiguration'></a>Gitea Configuration
+###  5.6. <a name='GiteaConfiguration'></a>Gitea Configuration
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -226,7 +228,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.config.adminPassword | Password for admin user   | gitea123456                         |
 |gitea.config.adminEmail | Email for admin user   | example@gitea.com                   |
 
-###  5.6. <a name='Gitearepository'></a>Gitea repository
+###  5.7. <a name='Gitearepository'></a>Gitea repository
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -240,7 +242,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.repository.disableHttpGit|Disable the ability to interact with repositories over the HTTP protocol.| false|
 |gitea.repository.useCompatSSHUri|Force ssh:// clone url instead of scp-style uri when default SSH port is used.|false|
 
-###  5.7. <a name='GiteaLdap'></a>Gitea Ldap
+###  5.8. <a name='GiteaLdap'></a>Gitea Ldap
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -257,7 +259,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.ldap.bindPassword | The password for the Bind DN specified above, if any. Note: The password is stored in plaintext at the server. As such, ensure that the Bind DN has as few privileges as possible. | "" |
 |gitea.ldap.usernameAttribute | The attribute of the user’s LDAP record containing the user name. Given attribute value will be used for new Gitea account user name after first successful sign-in. Leave empty to use login name given on sign-in form. | "" |
 
-###  5.8. <a name='GiteaServer'></a>Gitea Server
+###  5.9. <a name='GiteaServer'></a>Gitea Server
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -267,7 +269,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.server.ssh.externalPort | SSH clone setting for which port gitea will be available on clone | |
 |gitea.server.offlineMode | Disables use of CDN for static files and Gravatar for profile pictures. | false|
 
-###  5.9. <a name='GiteaRepository'></a>Gitea Repository
+###  5.10. <a name='GiteaRepository'></a>Gitea Repository
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -280,6 +282,8 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.repository.preferredLicenses| Apache License 2.0,MIT License: Preferred Licenses to place at the top of the list. Name must match file name in conf/license or custom/conf/license. | Apache License 2.0,MIT License |
 |gitea.repository.disableHttpGit| Disable the ability to interact with repositories over the HTTP protocol. | false |
 |gitea.repository.useCompatSSHUri| Force ssh:// clone url instead of scp-style uri when default SSH port is used. | false |
+|gitea.repository.enablePushCreateUser| Allow users to push local repositories to Gitea and have them automatically created for a user. | false |
+|gitea.repository.enablePushCreateOrg| Allow users to push local repositories to Gitea and have them automatically created for an org. | false |
 |gitea.repository.local.copyPath| Path for local repository copy. | tmp/local-repo |
 |gitea.repository.local.wikiPath| Path for local wiki copy. | tmp/local-wiki |
 |gitea.repository.upload.enabled| Whether repository file uploads are enabled. | true |
@@ -303,7 +307,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.repository.signing.wiki| [never, pubkey, twofa, always, parentsigned]: Sign commits to wiki. | never |
 |gitea.repository.signing.merges|  [never, pubkey, twofa, approved, basesigned, commitssigned, always]: Sign merges.  | pubkey, twofa, basesigned, commitssigned |gitea.ui.explorePagingNum|Number of repositories that are shown in one explore page.|20|
 
-###  5.10. <a name='GiteaUI'></a>Gitea UI
+###  5.11. <a name='GiteaUI'></a>Gitea UI
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -320,7 +324,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.ui.searchRepoDescription|Whether to search within description at repository search on explore page.|true|
 |gitea.ui.useServiceWorker|Whether to enable a Service Worker to cache frontend assets|true|
 
-###  5.11. <a name='GiteaDatabase'></a>Gitea Database
+###  5.12. <a name='GiteaDatabase'></a>Gitea Database
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -345,14 +349,14 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.database.connMaxLifetime|Database connection max life time|3s|
 |gitea.database.maxOpenConns|Database maximum number of open connections|0|
 
-###  5.12. <a name='GiteaAdmin'></a>Gitea Admin
+###  5.13. <a name='GiteaAdmin'></a>Gitea Admin
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
 |gitea.admin.disableRegularOrgCreation|Disallow regular (non-admin) users from creating organizations.|false|
 |gitea.admin.defaultEmailNotifications|Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled|enabled|
 
-###  5.13. <a name='GiteaSecurity'></a>Gitea Security
+###  5.14. <a name='GiteaSecurity'></a>Gitea Security
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -371,7 +375,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.security.passwordHashAlgo|Password Hash algorithm, either "pbkdf2", "argon2", "scrypt" or "bcrypt"|pbkdf2|
 |gitea.security.crsfCookieHttpOnly|Set false to allow JavaScript to read CSRF cookie|true|
 
-###  5.14. <a name='GiteaOpenID'></a>Gitea OpenID
+###  5.15. <a name='GiteaOpenID'></a>Gitea OpenID
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -380,7 +384,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.openid.whitelistedUris|Allowed URI patterns (POSIX regexp). Space seperated||
 |gitea.openid.blacklistedUris|Forbidden URI patterns (POSIX regexp). Space seperated||
 
-###  5.15. <a name='GiteaService'></a>Gitea Service
+###  5.16. <a name='GiteaService'></a>Gitea Service
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -417,7 +421,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.service.autoWatchNewRepos|Default value for AutoWatchNewRepos|true|
 |gitea.service.autoWatchOnChanges|Default value for AutoWatchOnChanges|false|
 
-###  5.16. <a name='GiteaWebhook'></a>Gitea Webhook
+###  5.17. <a name='GiteaWebhook'></a>Gitea Webhook
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -426,7 +430,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.webhook.skipTlsVerify|Allow insecure certification|false|
 |gitea.webhook.pagingNum|Number of history information in each page|10|
 
-###  5.17. <a name='GiteaMailer'></a>Gitea Mailer
+###  5.18. <a name='GiteaMailer'></a>Gitea Mailer
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -450,7 +454,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.mailer.sendMailArgs|Specify any extra sendmail arguments||
 |gitea.mailer.sendMailTimeout|Timeout for Sendmail|5m|
 
-###  5.18. <a name='GiteaCache'></a>Gitea Cache
+###  5.19. <a name='GiteaCache'></a>Gitea Cache
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -464,7 +468,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.cache.lastCommit.itemTTL| Time to keep items in cache if not used, Setting it to 0 disables caching. | 8760h |
 |gitea.cache.lastCommit.commitCount| Only enable the cache when repository’s commits count great than. | 1000 |
 
-###  5.19. <a name='GiteaAttachment'></a>Gitea Attachment
+###  5.20. <a name='GiteaAttachment'></a>Gitea Attachment
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -474,7 +478,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.attachment.maxSize|Maximum size (MB).|4|
 |gitea.attachment.maxFiles|Maximum number of attachments that can be uploaded at once.|5|
 
-###  5.20. <a name='GiteaLog'></a>Gitea Log
+###  5.21. <a name='GiteaLog'></a>Gitea Log
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -516,7 +520,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.log.smtp.password|Mailer password||
 |gitea.log.smtp.receivers|Receivers, can be one or more, e.g. 1@example.com,2@example.com|false|
 
-###  5.21. <a name='GiteaGit'></a>Gitea Git
+###  5.22. <a name='GiteaGit'></a>Gitea Git
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -537,13 +541,13 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |gitea.git.metrics.enabled| Enables /metrics endpoint for prometheus.|false|
 |gitea.git.metrics.token|You need to specify the token, if you want to include in the authorization the metrics . The same token need to be used in prometheus parameters bearer_token or bearer_token_file.||
 
-###  5.22. <a name='GiteaExtraConfig'></a>Gitea Extra Config
+###  5.23. <a name='GiteaExtraConfig'></a>Gitea Extra Config
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
 |gitea.extraConfig|If you want anymore configuration you need to do it here as a multiline string. For example look at https://docs.gitea.io/en-us/config-cheat-sheet/||
 
-###  5.23. <a name='MemcachedBuiltIn'></a>Memcached BuiltIn
+###  5.24. <a name='MemcachedBuiltIn'></a>Memcached BuiltIn
 
 Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
 
@@ -553,7 +557,7 @@ The following parameters are the defaults set by this chart
 |---------------------|-----------------------------------|------------------------------|
 |memcached.service.port|Memcached Port| 11211|
 
-###  5.24. <a name='MysqlBuiltIn'></a>Mysql BuiltIn
+###  5.25. <a name='MysqlBuiltIn'></a>Mysql BuiltIn
 
 Mysql is loaded as a dependency from stable. Configuration can be found from this [website](https://github.com/helm/charts/tree/master/stable/mysql)
 
@@ -568,7 +572,7 @@ The following parameters are the defaults set by this chart
 |mysql.service.port|Port to connect to mysql service|3306|
 |mysql.persistence|Persistence size for mysql |10Gi|
 
-###  5.25. <a name='PostgresqlBuiltIn'></a>Postgresql BuiltIn
+###  5.26. <a name='PostgresqlBuiltIn'></a>Postgresql BuiltIn
 
 Postgresql is loaded as a dependency from bitnami. Configuration can be found from this [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql)
 
diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml
index cabb7aa..bd84fea 100644
--- a/templates/gitea/config.yaml
+++ b/templates/gitea/config.yaml
@@ -41,6 +41,10 @@ data:
     DISABLE_HTTP_GIT = {{ .Values.gitea.repository.disableHttpGit }}
     ; Force ssh:// clone url instead of scp-style uri when default SSH port is used
     USE_COMPAT_SSH_URI = {{ .Values.gitea.repository.useCompatSSHUri }}
+    ; Allow users to push local repositories to Gitea and have them automatically created for a user.
+    ENABLE_PUSH_CREATE_USER = {{ .Values.gitea.repository.enablePushCreateUser }}
+    ; Allow users to push local repositories to Gitea and have them automatically created for an org.
+    ENABLE_PUSH_CREATE_ORG = {{ .Values.gitea.repository.enablePushCreateOrg }}
 
     [repository.editor]
     ; List of file extensions for which lines should be wrapped in the CodeMirror editor
-- 
2.40.1


From 792e6e5f65d6cd191357daef080bedd2b716cac7 Mon Sep 17 00:00:00 2001
From: Konrad Lother <konrad.lother@novum-rgi.de>
Date: Mon, 17 Aug 2020 14:27:09 +0200
Subject: [PATCH 18/25] bump gitea version

---
 Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Chart.yaml b/Chart.yaml
index a47dc0d..bd7f01c 100644
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -3,7 +3,7 @@ name: gitea
 description: Gitea Helm chart for Kubernetes
 type: application
 version: 1.4.1
-appVersion: 1.12.2
+appVersion: 1.12.3
 icon: https://docs.gitea.io/images/gitea.png
 
 keywords:
-- 
2.40.1


From 26f58bbf6d032a2c1bfd3abd95375af97ccb3f2c Mon Sep 17 00:00:00 2001
From: Konrad Lother <konrad.lother@novum-rgi.de>
Date: Mon, 17 Aug 2020 14:30:28 +0200
Subject: [PATCH 19/25] make app.ini generic

- app.ini is now configurable via dictionary in values.yaml
- database and server configuration is autogenerated if not defined
- http and ssh services now use gitea config settings for targetPort
- add default security value INSTALL_LOCK = true
- clean up builtin cache settings
---
 templates/_helpers.tpl           |   4 +
 templates/gitea/config.yaml      | 953 +++----------------------------
 templates/gitea/http-svc.yaml    |   2 +-
 templates/gitea/ssh-svc.yaml     |   2 +-
 templates/gitea/statefulset.yaml |  10 +-
 values.yaml                      | 290 +---------
 6 files changed, 112 insertions(+), 1149 deletions(-)

diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index 27870d5..6ccd2e7 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -83,3 +83,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- printf "%s-memcached.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{- define "gitea.default_domain" -}}
+{{- printf "%s-gitea.%s.svc.cluster.local" (include "gitea.fullname" .) .Release.Namespace  | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml
index bd84fea..cb66d5c 100644
--- a/templates/gitea/config.yaml
+++ b/templates/gitea/config.yaml
@@ -6,880 +6,99 @@ metadata:
     {{- include "gitea.labels" . | nindent 4 }}
 data:
   app.ini: |-
-    ; This file lists the default values used by Gitea
-    ; Copy required sections to your own app.ini (default is custom/conf/app.ini)
-    ; and modify as needed.
+    {{- if not (hasKey .Values.gitea.config "cache") -}}
+    {{- $_ := set .Values.gitea.config "cache" dict -}}
+    {{- end -}}
 
-    ; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
+    {{- if not (hasKey .Values.gitea.config "server") -}}
+    {{- $_ := set .Values.gitea.config "server" dict -}}
+    {{- end -}}
 
-    ; App name that shows in every page title
-    APP_NAME = {{ .Values.gitea.config.appName }}
-    ; Change it if you run locally
-    RUN_USER = {{ .Values.gitea.config.runUser }}
-    ; Either "dev", "prod" or "test", default is "dev"
-    RUN_MODE = {{ .Values.gitea.config.runMode }}
+    {{- if not (hasKey .Values.gitea.config "database") -}}
+    {{- $_ := set .Values.gitea.config "database" dict -}}
+    {{- end -}}
 
-    [repository]
-    ROOT = {{ .Values.gitea.repository.root }}
-    SCRIPT_TYPE = bash
-    ; Default ANSI charset
-    ANSI_CHARSET =
-    ; Force every new repository to be private
-    FORCE_PRIVATE = {{ .Values.gitea.repository.forcePrivate }}
-    ; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used.
-    DEFAULT_PRIVATE = {{ .Values.gitea.repository.defaultPrivate }}
-    ; Global limit of repositories per user, applied at creation time. -1 means no limit
-    MAX_CREATION_LIMIT = {{ .Values.gitea.repository.maxCreationLimit }}
-    ; Mirror sync queue length, increase if mirror syncing starts hanging
-    MIRROR_QUEUE_LENGTH = {{ .Values.gitea.repository.mirrorQueueLength }}
-    ; Patch test queue length, increase if pull request patch testing starts hanging
-    PULL_REQUEST_QUEUE_LENGTH = {{ .Values.gitea.repository.pullRequestQueueLength }}
-    ; Preferred Licenses to place at the top of the List
-    ; The name here must match the filename in conf/license or custom/conf/license
-    PREFERRED_LICENSES = {{ .Values.gitea.repository.preferredLicenses }}
-    ; Disable the ability to interact with repositories using the HTTP protocol
-    DISABLE_HTTP_GIT = {{ .Values.gitea.repository.disableHttpGit }}
-    ; Force ssh:// clone url instead of scp-style uri when default SSH port is used
-    USE_COMPAT_SSH_URI = {{ .Values.gitea.repository.useCompatSSHUri }}
-    ; Allow users to push local repositories to Gitea and have them automatically created for a user.
-    ENABLE_PUSH_CREATE_USER = {{ .Values.gitea.repository.enablePushCreateUser }}
-    ; Allow users to push local repositories to Gitea and have them automatically created for an org.
-    ENABLE_PUSH_CREATE_ORG = {{ .Values.gitea.repository.enablePushCreateOrg }}
+    {{- if not (hasKey .Values.gitea.config "security") -}}
+    {{- $_ := set .Values.gitea.config "security" dict -}}
+    {{- end -}}
 
-    [repository.editor]
-    ; List of file extensions for which lines should be wrapped in the CodeMirror editor
-    ; Separate extensions with a comma. To line wrap files without an extension, just put a comma
-    LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
-    ; Valid file modes that have a preview API associated with them, such as api/v1/markdown
-    ; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match
-    PREVIEWABLE_FILE_MODES = markdown
+    {{- /* security default settings */ -}}   
+    {{- if not .Values.gitea.config.security.INSTALL_LOCK -}}
+    {{- $_ := set .Values.gitea.config.security "INSTALL_LOCK" "true" -}}
+    {{- end -}}
 
-    [repository.local]
-    ; Path for local repository copy. Defaults to `tmp/local-repo`
-    LOCAL_COPY_PATH = {{ .Values.gitea.repository.local.copyPath }}
-    ; Path for local wiki copy. Defaults to `tmp/local-wiki`
-    LOCAL_WIKI_PATH = {{ .Values.gitea.repository.local.wikiPath }}
-
-    [repository.upload]
-    ; Whether repository file uploads are enabled. Defaults to `true`
-    ENABLED = {{ .Values.gitea.repository.upload.enabled }}
-    ; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart)
-    TEMP_PATH = {{ .Values.gitea.repository.upload.tempPath }}
-    ; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type
-    ALLOWED_TYPES = {{ .Values.gitea.repository.upload.allowedTypes }}
-    ; Max size of each file in megabytes. Defaults to 3MB
-    FILE_MAX_SIZE = {{ .Values.gitea.repository.upload.fileMaxSize }}
-    ; Max number of files per upload. Defaults to 5
-    MAX_FILES = {{ .Values.gitea.repository.upload.maxFiles }}
-
-    [repository.pull-request]
-    ; List of prefixes used in Pull Request title to mark them as Work In Progress
-    WORK_IN_PROGRESS_PREFIXES = {{ .Values.gitea.repository.pullRequest.workInProgressPrefixes }}
-    ; List of keywords used in Pull Request comments to automatically close a related issue
-    CLOSE_KEYWORDS= {{ .Values.gitea.repository.pullRequest.closeKeywords }}
-    ; List of keywords used in Pull Request comments to automatically reopen a related issue
-    REOPEN_KEYWORDS= {{ .Values.gitea.repository.pullRequest.reopenKeywords }}
-    ; In the default merge message for squash commits include at most this many commits
-    DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT= {{ .Values.gitea.repository.pullRequest.defaultMergeMessageCommitsLimit }}
-    ; In the default merge message for squash commits limit the size of the commit messages to this
-    DEFAULT_MERGE_MESSAGE_SIZE = {{ .Values.gitea.repository.pullRequest.defaultMergeMessageSize }}
-    ; In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list
-    DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = {{ .Values.gitea.repository.pullRequest.defaultMergeMessageAllAuthors }}
-    ; In default merge messages limit the number of approvers listed as Reviewed-by: to this many
-    DEFAULT_MERGE_MESSAGE_MAX_APPROVERS = {{ .Values.gitea.repository.pullRequest.defaultMergeMessageMaxApprovers }}
-    ; In default merge messages only include approvers who are official
-    DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY = {{ .Values.gitea.repository.pullRequest.defaultMergeMessageOfficialApproversOnly }}
-
-    [repository.signing]
-    ; GPG key to use to sign commits, Defaults to the default - that is the value of git config --get user.signingkey
-    ; run in the context of the RUN_USER
-    ; Switch to none to stop signing completely
-    SIGNING_KEY = {{ .Values.gitea.repository.signing.signingKey }}
-    ; If a SIGNING_KEY ID is provided and is not set to default, use the provided Name and Email address as the signer.
-    ; These should match a publicized name and email address for the key. (When SIGNING_KEY is default these are set to
-    ; the results of git config --get user.name and git config --get user.email respectively and can only be overrided
-    ; by setting the SIGNING_KEY ID to the correct ID.)
-    SIGNING_NAME = {{ .Values.gitea.repository.signing.signingName }}
-    SIGNING_EMAIL = {{ .Values.gitea.repository.signing.signingEmail }}
-    ; Determines when gitea should sign the initial commit when creating a repository
-    ; Either:
-    ; - never
-    ; - pubkey: only sign if the user has a pubkey
-    ; - twofa: only sign if the user has logged in with twofa
-    ; - always
-    ; options other than none and always can be combined as comma separated list
-    INITIAL_COMMIT = {{ .Values.gitea.repository.signing.initialCommit }}
-    ; Determines when to sign for CRUD actions
-    ; - as above
-    ; - parentsigned: requires that the parent commit is signed.
-    CRUD_ACTIONS = {{ .Values.gitea.repository.signing.crudActions }}
-    ; Determines when to sign Wiki commits
-    ; - as above
-    WIKI = {{ .Values.gitea.repository.signing.wiki }}
-    ; Determines when to sign on merges
-    ; - basesigned: require that the parent of commit on the base repo is signed.
-    ; - commitssigned: require that all the commits in the head branch are signed.
-    ; - approved: only sign when merging an approved pr to a protected branch
-    MERGES = {{ .Values.gitea.repository.signing.merges }}
-
-    [ui]
-    ; Number of repositories that are displayed on one explore page
-    EXPLORE_PAGING_NUM = {{ .Values.gitea.ui.explorePagingNum }}
-    ; Number of issues that are displayed on one page
-    ISSUE_PAGING_NUM = {{ .Values.gitea.ui.issuePagingNum }}
-    MEMBERS_PAGING_NUM = {{ .Values.gitea.ui.membersPagingNum }}
-    ; Number of maximum commits displayed in one activity feed
-    FEED_MAX_COMMIT_NUM = {{ .Values.gitea.ui.feedMaxCommitNum }}
-    ; Number of maximum commits displayed in commit graph.
-    GRAPH_MAX_COMMIT_NUM = {{ .Values.gitea.ui.graphMaxCommitNum }}
-    ; Number of line of codes shown for a code comment
-    CODE_COMMENT_LINES = {{ .Values.gitea.ui.codeCommentLines }}
-    ; Value of `theme-color` meta tag, used by Android >= 5.0
-    ; An invalid color like "none" or "disable" will have the default style
-    ; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
-    THEME_COLOR_META_TAG = {{ .Values.gitea.ui.themeColorMetaTag }}
-    ; Max size of files to be displayed (default is 8MiB)
-    MAX_DISPLAY_FILE_SIZE = {{ .Values.gitea.ui.maxDisplayFileSize }}
-    ; Whether the email of the user should be shown in the Explore Users page
-    SHOW_USER_EMAIL = {{ .Values.gitea.ui.showUserMail }}
-    ; Set the default theme for the Gitea install
-    DEFAULT_THEME = {{ .Values.gitea.ui.defaultTheme }}
-    ; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
-    THEMES = gitea,arc-green
-    ;All available reactions users can choose on issues/prs and comments.
-    ;Values can be emoji alias (:smile:) or a unicode emoji.
-    ;For custom reactions, add a tightly cropped square image to public/emoji/img/reaction_name.png
-    REACTIONS = +1, -1, laugh, hooray, confused, heart, rocket, eyes
-    ; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
-    DEFAULT_SHOW_FULL_NAME = {{ .Values.gitea.ui.defaultShowFullName }}
-    ; Whether to search within description at repository search on explore page.
-    SEARCH_REPO_DESCRIPTION = {{ .Values.gitea.ui.searchRepoDescription }}
-    ; Whether to enable a Service Worker to cache frontend assets
-    USE_SERVICE_WORKER = {{ .Values.gitea.ui.useServiceWorker }}
-
-
-    [ui.admin]
-    ; Number of users that are displayed on one page
-    USER_PAGING_NUM = 50
-    ; Number of repos that are displayed on one page
-    REPO_PAGING_NUM = 50
-    ; Number of notices that are displayed on one page
-    NOTICE_PAGING_NUM = 25
-    ; Number of organizations that are displayed on one page
-    ORG_PAGING_NUM = 50
-
-    [ui.user]
-    ; Number of repos that are displayed on one page
-    REPO_PAGING_NUM = 15
-
-    [ui.meta]
-    AUTHOR = Gitea - Git with a cup of tea
-    DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go
-    KEYWORDS = go,git,self-hosted,gitea
-
-    [markdown]
-    ; Enable hard line break extension
-    ENABLE_HARD_LINE_BREAK = false
-    ; List of custom URL-Schemes that are allowed as links when rendering Markdown
-    ; for example git,magnet
-    CUSTOM_URL_SCHEMES =
-    ; List of file extensions that should be rendered/edited as Markdown
-    ; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
-    FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
-
-    [server]
-    ; PROTOCOL hardcoded to http since tls is delegated to ingress
-    PROTOCOL = http
-    {{- if .Values.gitea.server.http.externalDomain }}
-    DOMAIN = {{ .Values.gitea.server.http.externalDomain }}
-    {{ else }}
-    DOMAIN = {{ include "gitea.fullname" . }}-http.{{ .Release.Namespace }}.svc.cluster.local
-    {{ end }}
-    {{ if .Values.ingress.tls }}
-    {{- $proto := set . "proto" "https" }}
+    {{- /* server default settings */ -}}   
+    {{- if not (hasKey .Values.gitea.config.server "HTTP_PORT") -}}
+    {{- $_ := set .Values.gitea.config.server "HTTP_PORT" .Values.service.http.port -}}
+    {{- end -}}
+    {{- if not .Values.gitea.config.server.PROTOCOL -}}
+    {{- if gt (len .Values.ingress.tls) 0 -}}
+    {{- $_ := set .Values.gitea.config.server "PROTOCOL" "https" -}}
     {{- else -}}
-    {{- $proto := set . "proto" "http" }}
+    {{- $_ := set .Values.gitea.config.server "PROTOCOL" "http" -}}
     {{- end -}}
-    {{- if and .Values.gitea.server.http.externalDomain .Values.gitea.server.http.externalPort }}
-    ROOT_URL = {{ .proto }}://{{ .Values.gitea.server.http.externalDomain }}:{{ .Values.gitea.server.http.externalPort }}/
-    {{- else if .Values.gitea.server.http.externalDomain }}
-    ROOT_URL = {{ .proto }}://{{ .Values.gitea.server.http.externalDomain }}/
-    {{- else }}
-    ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
     {{- end -}}
-    ; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
-    HTTP_ADDR = 0.0.0.0
-    HTTP_PORT = {{ .Values.service.http.port }}
-    ; If REDIRECT_OTHER_PORT is true, and PROTOCOL is set to https an http server
-    ; will be started on PORT_TO_REDIRECT and it will redirect plain, non-secure http requests to the main
-    ; ROOT_URL.  Defaults are false for REDIRECT_OTHER_PORT and 80 for
-    ; PORT_TO_REDIRECT.
-    REDIRECT_OTHER_PORT = false
-    PORT_TO_REDIRECT = 80
-    ; Permission for unix socket
-    UNIX_SOCKET_PERMISSION = 666
-    ; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
-    ; In most cases you do not need to change the default value.
-    ; Alter it only if your SSH server node is not the same as HTTP node.
-    ; Do not set this variable if PROTOCOL is set to 'unix'.
-    LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
-    ; Disable SSH feature when not available
-    DISABLE_SSH = false
-    ; Whether to use the builtin SSH server or not.
-    START_SSH_SERVER = false
-    ; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
-    BUILTIN_SSH_SERVER_USER =
-    ; Domain name to be exposed in clone URL
-    {{- if .Values.gitea.server.ssh.externalDomain }}
-    SSH_DOMAIN = {{ .Values.gitea.server.ssh.externalDomain }}
-    {{- else }}
-    SSH_DOMAIN = {{ include "gitea.fullname" . }}-ssh.{{ .Release.Namespace }}.svc.cluster.local
+    {{- if not (.Values.gitea.config.server.DOMAIN) -}}
+    {{- if gt (len .Values.ingress.hosts) 0 -}}
+    {{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0) -}}
+    {{- else -}}
+    {{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}}
+    {{- end -}}
+    {{- end -}}
+    {{- if not .Values.gitea.config.server.ROOT_URL -}}
+    {{- if .Values.ingress.enabled -}}
+    {{- if gt (len .Values.ingress.tls) 0 -}}
+    {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index (index .Values.ingress.tls 0).hosts 0)) -}}
+    {{- else -}}
+    {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index .Values.ingress.hosts 0)) -}}
+    {{- end -}}
+    {{- else -}}
+    {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL .Values.gitea.config.server.DOMAIN) -}}
+    {{- end -}}
+    {{- end -}}
+    {{- if not .Values.gitea.config.server.SSH_DOMAIN -}}
+    {{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}}
+    {{- end -}}
+    {{- if not .Values.gitea.config.server.SSH_PORT -}}
+    {{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}}
+    {{- end -}}
+    {{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}}
+    {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}}
+    {{- end -}}
+
+    {{- /* database default settings */ -}}
+    {{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
+    {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "postgres" -}} 
+    {{- $_ := set .Values.gitea.config.database "HOST"      (include "postgresql.dns" .) -}}
+    {{- $_ := set .Values.gitea.config.database "NAME"      .Values.postgresql.global.postgresql.postgresqlDatabase -}}
+    {{- $_ := set .Values.gitea.config.database "USER"      .Values.postgresql.global.postgresql.postgresqlUsername -}}
+    {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.postgresql.global.postgresql.postgresqlPassword -}}
+    {{ else if .Values.gitea.database.builtIn.mysql.enabled -}}
+    {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "mysql" -}} 
+    {{- $_ := set .Values.gitea.config.database "HOST"      (include "mysql.dns" .) -}}
+    {{- $_ := set .Values.gitea.config.database "NAME"      .Values.mysql.db.name -}}
+    {{- $_ := set .Values.gitea.config.database "USER"      .Values.mysql.db.user -}}
+    {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.mysql.db.password -}}
+    {{- end -}}
+
+    {{- /* cache default settings */ -}}
+    {{- if .Values.gitea.cache.builtIn.enabled -}}
+    {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
+    {{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}}
+    {{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}}
+    {{- end -}}
+    
+    {{- /* autogenerate app.ini */ -}}
+    {{- range $key, $value := .Values.gitea.config  }}
+    {{- if kindIs "map" $value }}
+    {{- if gt (len $value) 0 }}
+
+    [{{ $key }}]
+    {{- range $n_key, $n_value := $value }}
+    {{ $n_key | upper }} = {{ $n_value }}
     {{- end }}
-    ; THe network interface the builtin SSH server should listen on
-    SSH_LISTEN_HOST =
-    ; Port number to be exposed in clone URL
-    {{- if .Values.gitea.server.ssh.externalPort  }}
-    SSH_PORT = {{ .Values.gitea.server.ssh.externalPort  }}
-    {{- else }}
-    SSH_PORT = {{ .Values.service.ssh.port  }}
     {{- end }}
-    ; The port number the builtin SSH server should listen on
-    SSH_LISTEN_PORT = {{ .Values.service.ssh.port  }}
-    ; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
-    SSH_ROOT_PATH =
-    ; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
-    ; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
-    SSH_CREATE_AUTHORIZED_KEYS_FILE = true
-    ; For the built-in SSH server, choose the ciphers to support for SSH connections,
-    ; for system SSH this setting has no effect
-    SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
-    ; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections,
-    ; for system SSH this setting has no effect
-    SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
-    ; For the built-in SSH server, choose the MACs to support for SSH connections,
-    ; for system SSH this setting has no effect
-    SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
-    ; Directory to create temporary files in when testing public keys using ssh-keygen,
-    ; default is the system temporary directory.
-    SSH_KEY_TEST_PATH =
-    ; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
-    SSH_KEYGEN_PATH = ssh-keygen
-    ; Enable SSH Authorized Key Backup when rewriting all keys, default is true
-    SSH_BACKUP_AUTHORIZED_KEYS = true
-    ; Enable exposure of SSH clone URL to anonymous visitors, default is false
-    SSH_EXPOSE_ANONYMOUS = false
-    ; Indicate whether to check minimum key size with corresponding type
-    MINIMUM_KEY_SIZE_CHECK = false
-    ; Disable CDN even in "prod" mode
-    OFFLINE_MODE = {{ .Values.gitea.server.offlineMode }}
-    DISABLE_ROUTER_LOG = false
-    ; Generate steps:
-    ; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
-    ;
-    ; Or from a .pfx file exported from the Windows certificate store (do
-    ; not forget to export the private key):
-    ; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
-    ; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
-    CERT_FILE = custom/https/cert.pem
-    KEY_FILE = custom/https/key.pem
-    ; Root directory containing templates and static files.
-    ; default is the path where Gitea is executed
-    STATIC_ROOT_PATH =
-    ; Default path for App data
-    APP_DATA_PATH = data
-    ; Application level GZIP support
-    ENABLE_GZIP = false
-    ; Application profiling (memory and cpu)
-    ; For "web" command it listens on localhost:6060
-    ; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)_<username>_<temporary id>
-    ENABLE_PPROF = false
-    ; PPROF_DATA_PATH, use an absolute path when you start gitea as service
-    PPROF_DATA_PATH = data/tmp/pprof
-    ; Landing page, can be "home", "explore", or "organizations"
-    LANDING_PAGE = home
-    ; Enables git-lfs support. true or false, default is false.
-    LFS_START_SERVER = false
-    ; Where your lfs files reside, default is data/lfs.
-    LFS_CONTENT_PATH = data/lfs
-    ; LFS authentication secret, change this yourself
-    LFS_JWT_SECRET =
-    ; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
-    LFS_HTTP_AUTH_EXPIRY = 20m
-
-    ; Define allowed algorithms and their minimum key length (use -1 to disable a type)
-    [ssh.minimum_key_sizes]
-    ED25519 = 256
-    ECDSA = 256
-    RSA = 2048
-    DSA = 1024
-
-    [database]
-    {{- if .Values.gitea.database.builtIn.postgresql.enabled }}
-    DB_TYPE = postgres
-    HOST = {{ include "postgresql.dns" . }}
-    NAME = {{ .Values.postgresql.global.postgresql.postgresqlDatabase }}
-    USER = {{ .Values.postgresql.global.postgresql.postgresqlUsername }}
-    PASSWD = {{ .Values.postgresql.global.postgresql.postgresqlPassword }}
-    {{ else if .Values.gitea.database.builtIn.mysql.enabled }}
-    DB_TYPE = mysql
-    HOST = {{ include "mysql.dns" . }}
-    NAME = {{ .Values.mysql.db.name }}
-    USER = {{ .Values.mysql.db.user }}
-    PASSWD = {{ .Values.mysql.db.password }}
-    {{ else }}
-    ; Database to use. Either "mysql", "postgres", "mssql" or "sqlite3".
-    DB_TYPE = {{ .Values.gitea.database.external.type }}
-    HOST = {{ .Values.gitea.database.external.host }}:{{ .Values.gitea.database.external.port }}
-    NAME = {{ .Values.gitea.database.external.name }}
-    USER = {{ .Values.gitea.database.external.user }}
-    ; Use PASSWD = `your password` for quoting if you use special characters in the password.
-    PASSWD = {{ .Values.gitea.database.external.password }}
-    ; For Postgres, schema to use if different from "public". The schema must exist beforehand,
-    ; the user must have creation privileges on it, and the user search path must be set
-    ; to the look into the schema first. e.g.:ALTER USER user SET SEARCH_PATH = schema_name,"$user",public;
-    SCHEMA = {{ .Values.gitea.database.external.schema }}
-    {{ end }}
-    ; For Postgres, either "disable" (default), "require", or "verify-full"
-    ; For MySQL, either "false" (default), "true", or "skip-verify"
-    SSL_MODE = {{ .Values.gitea.database.sslMode }}
-    ; For MySQL only, either "utf8" or "utf8mb4", default is "utf8mb4".
-    ; NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
-    CHARSET = {{ .Values.gitea.database.charset }}
-    ; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
-    PATH = {{ .Values.gitea.database.path }}
-    ; For "sqlite3" only. Query timeout
-    SQLITE_TIMEOUT = {{ .Values.gitea.database.sqlLiteTimeout }}
-    ; For iterate buffer, default is 50
-    ITERATE_BUFFER_SIZE = {{ .Values.gitea.database.iterateBufferSize }}
-    ; Show the database generated SQL
-    LOG_SQL = {{ .Values.gitea.database.logSql }}
-    ; Maximum number of DB Connect retries
-    DB_RETRIES = {{ .Values.gitea.database.dbRetries }}
-    ; Backoff time per DB retry (time.Duration)
-    DB_RETRY_BACKOFF = {{ .Values.gitea.database.dbRetryBackoff }}
-    ; Max idle database connections on connnection pool, default is 2
-    MAX_IDLE_CONNS = {{ .Values.gitea.database.maxIdleConns }}
-    ; Database connection max life time, default is 0 or 3s mysql (See #6804 & #7071 for reasoning)
-    CONN_MAX_LIFETIME = {{ .Values.gitea.database.connMaxLifetime }}
-    ; Database maximum number of open connections, default is 0 meaning no maximum
-    MAX_OPEN_CONNS = {{ .Values.gitea.database.maxOpenConns }}
-
-    [indexer]
-    ISSUE_INDEXER_PATH = indexers/issues.bleve
-    ; repo indexer by default disabled, since it uses a lot of disk space
-    REPO_INDEXER_ENABLED = false
-    REPO_INDEXER_PATH = indexers/repos.bleve
-    UPDATE_BUFFER_LEN = 20
-    MAX_FILE_SIZE = 1048576
-
-    [admin]
-    ; Disallow regular (non-admin) users from creating organizations.
-    DISABLE_REGULAR_ORG_CREATION = {{ .Values.gitea.admin.disableRegularOrgCreation }}
-    ; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
-    DEFAULT_EMAIL_NOTIFICATIONS = {{ .Values.gitea.admin.defaultEmailNotifications }}
-
-    [security]
-    ; Whether the installer is disabled
-    INSTALL_LOCK = {{ .Values.gitea.security.installLock }}
-    ; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
-    SECRET_KEY = {{ .Values.gitea.security.secretKey }}
-    ; How long to remember that a user is logged in before requiring relogin (in days)
-    LOGIN_REMEMBER_DAYS = {{ .Values.gitea.security.loginRememberDays }}
-    COOKIE_USERNAME = {{ .Values.gitea.security.cookieUsername }}
-    COOKIE_REMEMBER_NAME = {{ .Values.gitea.security.cookieRememberName }}
-    ; Reverse proxy authentication header name of user name
-    REVERSE_PROXY_AUTHENTICATION_USER = {{ .Values.gitea.security.reverseProxyAuthUser }}
-    REVERSE_PROXY_AUTHENTICATION_EMAIL = {{ .Values.gitea.security.reverseProxyAuthEmail }}
-    ; The minimum password length for new Users
-    MIN_PASSWORD_LENGTH = {{ .Values.gitea.security.minPasswordLength }}
-    ; Set to true to allow users to import local server paths
-    IMPORT_LOCAL_PATHS = {{ .Values.gitea.security.importLocalPaths }}
-    ; Set to true to prevent all users (including admin) from creating custom git hooks
-    DISABLE_GIT_HOOKS = {{ .Values.gitea.security.disabledGitHooks }}
-    ; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED
-    ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = {{ .Values.gitea.security.onlyAllowPushIfGiteaEnvSet }}
-    ;Comma separated list of character classes required to pass minimum complexity.
-    ;If left empty or no valid values are specified, the default values ("lower,upper,digit,spec") will be used.
-    ;Use "off" to disable checking.
-    PASSWORD_COMPLEXITY = {{ .Values.gitea.security.passwordComplexity }}
-    ; Password Hash algorithm, either "pbkdf2", "argon2", "scrypt" or "bcrypt"
-    PASSWORD_HASH_ALGO = {{ .Values.gitea.security.passwordHashAlgo }}
-    ; Set false to allow JavaScript to read CSRF cookie
-    CSRF_COOKIE_HTTP_ONLY = {{ .Values.gitea.security.crsfCookieHttpOnly }}
-
-    [openid]
-    ;
-    ; OpenID is an open, standard and decentralized authentication protocol.
-    ; Your identity is the address of a webpage you provide, which describes
-    ; how to prove you are in control of that page.
-    ;
-    ; For more info: https://en.wikipedia.org/wiki/OpenID
-    ;
-    ; Current implementation supports OpenID-2.0
-    ;
-    ; Tested to work providers at the time of writing:
-    ;  - Any GNUSocial node (your.hostname.tld/username)
-    ;  - Any SimpleID provider (http://simpleid.koinic.net)
-    ;  - http://openid.org.cn/
-    ;  - openid.stackexchange.com
-    ;  - login.launchpad.net
-    ;  - <username>.livejournal.com
-    ;
-    ; Whether to allow signin in via OpenID
-    ENABLE_OPENID_SIGNIN = {{ .Values.gitea.openid.enableOpenidSignin }}
-    ; Whether to allow registering via OpenID
-    ; Do not include to rely on rhw DISABLE_REGISTRATION setting
-    ;ENABLE_OPENID_SIGNUP = {{ .Values.gitea.openid.enableOpenidSignup }}
-    ; Allowed URI patterns (POSIX regexp).
-    ; Space separated.
-    ; Only these would be allowed if non-blank.
-    ; Example value: trusted.domain.org trusted.domain.net
-    WHITELISTED_URIS = {{ .Values.gitea.openid.whitelistedUris }}
-    ; Forbidden URI patterns (POSIX regexp).
-    ; Space separated.
-    ; Only used if WHITELISTED_URIS is blank.
-    ; Example value: loadaverage.org/badguy stackexchange.com/.*spammer
-    BLACKLISTED_URIS = {{ .Values.gitea.openid.blacklistedUris }}
-
-    [service]
-    ; Time limit to confirm account/email registration
-    ACTIVE_CODE_LIVE_MINUTES = {{ .Values.gitea.service.activeCodeLiveMinutes }}
-    ; Time limit to perform the reset of a forgotten password
-    RESET_PASSWD_CODE_LIVE_MINUTES = {{ .Values.gitea.service.resetPasswordCodeLiveMinutes }}
-    ; Whether a new user needs to confirm their email when registering.
-    REGISTER_EMAIL_CONFIRM = {{ .Values.gitea.service.registerEmailConfirm }}
-    ; List of domain names that are allowed to be used to register on a Gitea instance
-    ; gitea.io,example.com
-    EMAIL_DOMAIN_WHITELIST= {{ .Values.gitea.service.emailDomainWhitelist }}
-    ; Disallow registration, only allow admins to create accounts.
-    DISABLE_REGISTRATION = {{ .Values.gitea.service.disableRegistration }}
-    ; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
-    ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ .Values.gitea.service.allowOnlyExternalRegistration }}
-    ; User must sign in to view anything.
-    REQUIRE_SIGNIN_VIEW = {{ .Values.gitea.service.requireSigninView }}
-    ; Mail notification
-    ENABLE_NOTIFY_MAIL = {{ .Values.gitea.service.enableNotifyMail }}
-    ; This setting enables gitea to be signed in with HTTP BASIC Authentication using the user's password
-    ; If you set this to false you will not be able to access the tokens endpoints on the API with your password
-    ; Please note that setting this to false will not disable OAuth Basic or Basic authentication using a token
-    ENABLE_BASIC_AUTHENTICATION = {{ .Values.gitea.service.enableBasicAuth }}
-    ; More detail: https://github.com/gogits/gogs/issues/165
-    ENABLE_REVERSE_PROXY_AUTHENTICATION = {{ .Values.gitea.service.enableReverseProxyAuth }}
-    ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = {{ .Values.gitea.service.enableReverseProxyAutoRegistration }}
-    ENABLE_REVERSE_PROXY_EMAIL = {{ .Values.gitea.service.enableReverseProxyEmail }}
-    ; Enable captcha validation for registration
-    ENABLE_CAPTCHA = {{ .Values.gitea.service.enableCaptcha }}
-    ; Type of captcha you want to use. Options: image, recaptcha
-    CAPTCHA_TYPE = {{ .Values.gitea.service.captchaType }}
-    ; Enable recaptcha to use Google's recaptcha service
-    ; Go to https://www.google.com/recaptcha/admin to sign up for a key
-    RECAPTCHA_SECRET  = {{ .Values.gitea.service.recaptchaSecret }}
-    RECAPTCHA_SITEKEY = {{ .Values.gitea.service.recaptchaSiteKey }}
-    ; Change this to use recaptcha.net or other recaptcha service
-    RECAPTCHA_URL = {{ .Values.gitea.service.racaptchaUrl }}
-    ; Default value for KeepEmailPrivate
-    ; Each new user will get the value of this setting copied into their profile
-    DEFAULT_KEEP_EMAIL_PRIVATE = {{ .Values.gitea.service.defaultKeepEmailPrivate }}
-    ; Default value for AllowCreateOrganization
-    ; Every new user will have rights set to create organizations depending on this setting
-    DEFAULT_ALLOW_CREATE_ORGANIZATION = {{ .Values.gitea.service.deaultAllowCreateOrg }}
-    ; Either "public", "limited" or "private", default is "public"
-    ; Limited is for signed user only
-    ; Private is only for member of the organization
-    ; Public is for everyone
-    DEFAULT_ORG_VISIBILITY = {{ .Values.gitea.service.defaultOrgVisibility }}
-    ; Default value for DefaultOrgMemberVisible
-    ; True will make the membership of the users visible when added to the organisation
-    DEFAULT_ORG_MEMBER_VISIBLE = {{ .Values.gitea.service.defaultOrgMemberVisible }}
-    ; Default value for EnableDependencies
-    ; Repositories will use dependencies by default depending on this setting
-    DEFAULT_ENABLE_DEPENDENCIES = {{ .Values.gitea.service.defaultEnableDependencies }}
-    ; Dependencies can be added from any repository where the user is granted access or only from the current repository depending on this setting.
-    ALLOW_CROSS_REPOSITORY_DEPENDENCIES = {{ .Values.gitea.service.allowCrossRepositoryDependencies }}
-    ; Enable heatmap on users profiles.
-    ENABLE_USER_HEATMAP = {{ .Values.gitea.service.enableUserHeatmap }}
-    ; Enable Timetracking
-    ENABLE_TIMETRACKING = {{ .Values.gitea.service.enableTimeTracking }}
-    ; Default value for EnableTimetracking
-    ; Repositories will use timetracking by default depending on this setting
-    DEFAULT_ENABLE_TIMETRACKING = {{ .Values.gitea.service.defaultEnableTimeTracking}}
-    ; Default value for AllowOnlyContributorsToTrackTime
-    ; Only users with write permissions can track time if this is true
-    DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = {{ .Values.gitea.service.defaultAllowOnlyContributorsToTrackTime }}
-    ; Default value for the domain part of the user's email address in the git log
-    ; if he has set KeepEmailPrivate to true. The user's email will be replaced with a
-    ; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
-    NO_REPLY_ADDRESS = {{ .Values.gitea.service.noReplyAddress }}
-    ; Show Registration button
-    SHOW_REGISTRATION_BUTTON = {{ .Values.gitea.service.showRegistrationButton }}
-    ; Show milestones dashboard page - a view of all the user's milestones
-    SHOW_MILESTONES_DASHBOARD_PAGE = {{ .Values.gitea.service.showMilestonesDashboardPage }}
-    ; Default value for AutoWatchNewRepos
-    ; When adding a repo to a team or creating a new repo all team members will watch the
-    ; repo automatically if enabled
-    AUTO_WATCH_NEW_REPOS = {{ .Values.gitea.service.autoWatchNewRepos }}
-    ; Default value for AutoWatchOnChanges
-    ; Make the user watch a repository When they commit for the first time
-    AUTO_WATCH_ON_CHANGES = {{ .Values.gitea.service.autoWatchOnChanges }}
-
-    [webhook]
-    ; Hook task queue length, increase if webhook shooting starts hanging
-    QUEUE_LENGTH = {{ .Values.gitea.webhook.queueLength }}
-    ; Deliver timeout in seconds
-    DELIVER_TIMEOUT = {{ .Values.gitea.webhook.deliverTimeout }}
-    ; Allow insecure certification
-    SKIP_TLS_VERIFY = {{ .Values.gitea.webhook.skipTlsVerify }}
-    ; Number of history information in each page
-    PAGING_NUM = {{ .Values.gitea.webhook.pagingNum }}
-
-    [mailer]
-    ENABLED = {{ .Values.gitea.mailer.enabled }}
-    ; Buffer length of channel, keep it as it is if you don't know what it is.
-    SEND_BUFFER_LEN = {{ .Values.gitea.mailer.sendBufferLen }}
-    ; Prefix displayed before subject in mail
-    SUBJECT_PREFIX = {{ .Values.gitea.mailer.subjectPrefix }}
-    ; Mail server
-    ; Gmail: smtp.gmail.com:587
-    ; QQ: smtp.qq.com:465
-    ; Using STARTTLS on port 587 is recommended per RFC 6409.
-    ; Note, if the port ends with "465", SMTPS will be used.
-    HOST = {{ .Values.gitea.mailer.host }}
-    ; Disable HELO operation when hostnames are different.
-    DISABLE_HELO = {{ .Values.gitea.mailer.disableHelo }}
-    ; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
-    HELO_HOSTNAME = {{ .Values.gitea.mailer.heloHostname }}
-    ; Do not verify the certificate of the server. Only use this for self-signed certificates
-    SKIP_VERIFY = {{ .Values.gitea.mailer.skipVerify }}
-    ; Use client certificate
-    USE_CERTIFICATE = {{ .Values.gitea.mailer.useCertificate }}
-    CERT_FILE = {{ .Values.gitea.mailer.certFile }}
-    KEY_FILE = {{ .Values.gitea.mailer.keyFile }}
-    ; Should SMTP connect with TLS, (if port ends with 465 TLS will always be used.)
-    ; If this is false but STARTTLS is supported the connection will be upgraded to TLS opportunistically.
-    IS_TLS_ENABLED = {{ .Values.gitea.mailer.isTlsEnabled }}
-    ; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
-    FROM = {{ .Values.gitea.mailer.from }}
-    ; Mailer user name and password
-    ; Please Note: Authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via STARTTLS) or `HOST=localhost`.
-    USER = {{ .Values.gitea.mailer.user }}
-    ; Use PASSWD = `your password` for quoting if you use special characters in the password.
-    PASSWD = {{ .Values.gitea.mailer.password }}
-    ; Send mails as plain text
-    SEND_AS_PLAIN_TEXT = {{ .Values.gitea.mailer.sendAsPlainText }}
-    ; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
-    MAILER_TYPE = {{ .Values.gitea.mailer.mailerType }}
-    ; Specify an alternative sendmail binary
-    SENDMAIL_PATH = {{ .Values.gitea.mailer.sendMailPath }}
-    ; Specify any extra sendmail arguments
-    SENDMAIL_ARGS = {{ .Values.gitea.mailer.sendMailArgs }}
-    ; Timeout for Sendmail
-    SENDMAIL_TIMEOUT = {{ .Values.gitea.mailer.sendMailTimeout }}
-
-    [cache]
-    ; if the cache enabled
-    ENABLED = {{ .Values.gitea.cache.enabled }}
-    {{- if .Values.gitea.cache.builtIn.enabled }}
-    ; Either "memory", "redis", or "memcache", default is "memory"
-    ADAPTER = memcache
-    ; For "redis" and "memcache", connection host address
-    ; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
-    ; memcache: `127.0.0.1:11211`
-    HOST = {{ include "memcached.dns" . }}
-    {{ else }}
-    ADAPTER = {{ .Values.gitea.cache.external.adapter }}
-    ; For "redis" and "memcache", connection host address
-    ; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
-    ; memcache: `127.0.0.1:11211`
-    HOST = {{ .Values.gitea.cache.external.host }}
-    {{ end }}
-    ; For "memory" only, GC interval in seconds, default is 60
-    INTERVAL = {{ .Values.gitea.cache.interval }}
-    ; Time to keep items in cache if not used, default is 16 hours.
-    ; Setting it to 0 disables caching
-    ITEM_TTL = {{ .Values.gitea.cache.itemTTL }}
-
-    ; Last commit cache
-    [cache.last_commit]
-    ; if the cache enabled
-    ENABLED = {{ .Values.gitea.cache.lastCommit.enabled }}
-    ; Time to keep items in cache if not used, default is 8760 hours.
-    ; Setting it to 0 disables caching
-    ITEM_TTL = {{ .Values.gitea.cache.lastCommit.itemTTL }}
-    ; Only enable the cache when repository's commits count great than
-    COMMITS_COUNT = {{ .Values.gitea.cache.lastCommit.commitCount }}
-
-    [session]
-    ; Either "memory", "file", or "redis", default is "memory"
-    PROVIDER = memory
-    ; Provider config options
-    ; memory: doesn't have any config yet
-    ; file: session file path, e.g. `data/sessions`
-    ; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
-    ; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
-    PROVIDER_CONFIG = data/sessions
-    ; Session cookie name
-    COOKIE_NAME = i_like_gitea
-    ; If you use session in https only, default is false
-    COOKIE_SECURE = false
-    ; Enable set cookie, default is true
-    ENABLE_SET_COOKIE = true
-    ; Session GC time interval in seconds, default is 86400 (1 day)
-    GC_INTERVAL_TIME = 86400
-    ; Session life time in seconds, default is 86400 (1 day)
-    SESSION_LIFE_TIME = 86400
-
-    [picture]
-    AVATAR_UPLOAD_PATH = data/avatars
-    ; Max Width and Height of uploaded avatars. This is to limit the amount of RAM
-    ; used when resizing the image.
-    AVATAR_MAX_WIDTH = 4096
-    AVATAR_MAX_HEIGHT = 3072
-    ; Chinese users can choose "duoshuo"
-    ; or a custom avatar source, like: http://cn.gravatar.com/avatar/
-    GRAVATAR_SOURCE = gravatar
-    ; This value will always be true in offline mode.
-    DISABLE_GRAVATAR = false
-    ; Federated avatar lookup uses DNS to discover avatar associated
-    ; with emails, see https://www.libravatar.org
-    ; This value will always be false in offline mode or when Gravatar is disabled.
-    ENABLE_FEDERATED_AVATAR = false
-
-    [attachment]
-    ; Whether attachments are enabled. Defaults to `true`
-    ENABLED = {{ .Values.gitea.attachment.enabled }}
-    ; Path for attachments. Defaults to `data/attachments`
-    PATH = {{ .Values.gitea.attachment.path }}
-    ; One or more allowed types, e.g. image/jpeg|image/png
-    ALLOWED_TYPES = {{ .Values.gitea.attachment.allowedTypes }}
-    ; Max size of each file. Defaults to 4MB
-    MAX_SIZE = {{ .Values.gitea.attachment.maxSize }}
-    ; Max number of files per upload. Defaults to 5
-    MAX_FILES = {{ .Values.gitea.attachment.maxFiles }}
-
-    [log]
-    ROOT_PATH = {{ .Values.gitea.log.rootPath }}
-    ; Either "console", "file", "conn", "smtp" or "database", default is "console"
-    ; Use comma to separate multiple modes, e.g. "console, file"
-    MODE = {{ .Values.gitea.log.mode }}
-    ; Buffer length of the channel, keep it as it is if you don't know what it is.
-    BUFFER_LEN = {{ .Values.gitea.log.bufferLen }}
-    REDIRECT_MACARON_LOG = {{ .Values.gitea.log.redirectMacaronLog }}
-    MACARON = {{ .Values.gitea.log.macaron }}
-    ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Info"
-    ROUTER_LOG_LEVEL = {{ .Values.gitea.log.routerLogLevel }}
-    ROUTER = {{ .Values.gitea.log.router }}
-    ENABLE_ACCESS_LOG = {{ .Values.gitea.log.enableAccessLog }}
-    ACCESS = {{ .Values.gitea.log.access }}
-    ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
-    LEVEL = {{ .Values.gitea.log.level }}
-    ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None"
-    STACKTRACE_LEVEL = {{ .Values.gitea.log.stackTraceLevel }}
-
-    ; Generic log modes
-    [log.x]
-    FLAGS = {{ .Values.gitea.log.x.flags }}
-    EXPRESSION = {{ .Values.gitea.log.x.expression }}
-    PREFIX = {{ .Values.gitea.log.x.prefix }}
-    COLORIZE = {{ .Values.gitea.log.x.colorize }}
-
-    ; For "console" mode only
-    [log.console]
-    LEVEL = {{ .Values.gitea.log.console.level }}
-    STDERR = {{ .Values.gitea.log.console.stderr }}
-
-    ; For "file" mode only
-    [log.file]
-    LEVEL = {{ .Values.gitea.log.file.level }}
-    ; Set the file_name for the logger. If this is a relative path this
-    ; will be relative to ROOT_PATH
-    FILE_NAME = {{ .Values.gitea.log.file.fileName }}
-    ; This enables automated log rotate(switch of following options), default is true
-    LOG_ROTATE = {{ .Values.gitea.log.file.logRotate }}
-    ; Max number of lines in a single file, default is 1000000
-    MAX_LINES = {{ .Values.gitea.log.file.maxLines }}
-    ; Max size shift of a single file, default is 28 means 1 << 28, 256MB
-    MAX_SIZE_SHIFT = {{ .Values.gitea.log.file.maxSizeShift }}
-    ; Segment log daily, default is true
-    DAILY_ROTATE = {{ .Values.gitea.log.file.dailyRotate }}
-    ; delete the log file after n days, default is 7
-    MAX_DAYS = {{ .Values.gitea.log.file.maxDays }}
-    ; compress logs with gzip
-    COMPRESS = {{ .Values.gitea.log.file.compress }}
-    ; compression level see godoc for compress/gzip
-    COMPRESSION_LEVEL = {{ .Values.gitea.log.file.compressionLeveL }}
-
-    ; For "conn" mode only
-    [log.conn]
-    LEVEL = {{ .Values.gitea.log.conn.level }}
-    ; Reconnect host for every single message, default is false
-    RECONNECT_ON_MSG = {{ .Values.gitea.log.conn.reconnOnMsg }}
-    ; Try to reconnect when connection is lost, default is false
-    RECONNECT = {{ .Values.gitea.log.conn.reconnect }}
-    ; Either "tcp", "unix" or "udp", default is "tcp"
-    PROTOCOL = {{ .Values.gitea.log.conn.protocol }}
-    ; Host address
-    ADDR = {{ .Values.gitea.log.conn.addr }}
-
-    ; For "smtp" mode only
-    [log.smtp]
-    LEVEL = {{ .Values.gitea.log.smtp.level }}
-    ; Name displayed in mail title, default is "Diagnostic message from server"
-    SUBJECT = {{ .Values.gitea.log.smtp.subject }}
-    ; Mail server
-    HOST = {{ .Values.gitea.log.smtp.host }}
-    ; Mailer user name and password
-    USER = {{ .Values.gitea.log.smtp.user }}
-    ; Use PASSWD = `your password` for quoting if you use special characters in the password.
-    PASSWD = {{ .Values.gitea.log.smtp.password }}
-    ; Receivers, can be one or more, e.g. 1@example.com,2@example.com
-    RECEIVERS  = {{ .Values.gitea.log.smtp.receivers }}
-
-    [cron]
-    ; Enable running cron tasks periodically.
-    ENABLED = true
-    ; Run cron tasks when Gitea starts.
-    RUN_AT_START = false
-
-    ; Update mirrors
-    [cron.update_mirrors]
-    SCHEDULE = @every 10m
-
-    ; Repository health check
-    [cron.repo_health_check]
-    SCHEDULE = @every 24h
-    TIMEOUT = 60s
-    ; Arguments for command 'git fsck', e.g. "--unreachable --tags"
-    ; see more on http://git-scm.com/docs/git-fsck
-    ARGS =
-
-    ; Check repository statistics
-    [cron.check_repo_stats]
-    RUN_AT_START = true
-    SCHEDULE = @every 24h
-
-    ; Clean up old repository archives
-    [cron.archive_cleanup]
-    ; Whether to enable the job
-    ENABLED = true
-    ; Whether to always run at least once at start up time (if ENABLED)
-    RUN_AT_START = true
-    ; Time interval for job to run
-    SCHEDULE = @every 24h
-    ; Archives created more than OLDER_THAN ago are subject to deletion
-    OLDER_THAN = 24h
-
-    ; Synchronize external user data (only LDAP user synchronization is supported)
-    [cron.sync_external_users]
-    ; Synchronize external user data when starting server (default false)
-    RUN_AT_START = false
-    ; Interval as a duration between each synchronization (default every 24h)
-    SCHEDULE = @every 24h
-    ; Create new users, update existing user data and disable users that are not in external source anymore (default)
-    ;   or only create new users if UPDATE_EXISTING is set to false
-    UPDATE_EXISTING = true
-
-    [git]
-    ; The path of git executable. If empty, Gitea searches through the PATH environment.
-    PATH = {{ .Values.gitea.git.path }}
-    ; Disables highlight of added and removed changes
-    DISABLE_DIFF_HIGHLIGHT = {{ .Values.gitea.git.disableDiffHighlight }}
-    ; Max number of lines allowed in a single file in diff view
-    MAX_GIT_DIFF_LINES = {{ .Values.gitea.git.maxGitDiffLines }}
-    ; Max number of allowed characters in a line in diff view
-    MAX_GIT_DIFF_LINE_CHARACTERS = {{ .Values.gitea.git.maxGitDiffLineChars }}
-    ; Max number of files shown in diff view
-    MAX_GIT_DIFF_FILES = {{ .Values.gitea.git.maxGitDiffFiles }}
-    ; Arguments for command 'git gc', e.g. "--aggressive --auto"
-    ; see more on http://git-scm.com/docs/git-gc/
-    GC_ARGS = {{ .Values.gitea.git.gcArgs }}
-    ; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
-    ENABLE_AUTO_GIT_WIRE_PROTOCOL = {{ .Values.gitea.git.enableAutoGitWireProt }}
-    ; Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
-    PULL_REQUEST_PUSH_MESSAGE = {{ .Values.gitea.git.pullRequestPushMessage }}
-
-    ; Operation timeout in seconds
-    [git.timeout]
-    DEFAULT = {{ .Values.gitea.git.timeout.default }}
-    MIGRATE = {{ .Values.gitea.git.timeout.migrate }}
-    MIRROR = {{ .Values.gitea.git.timeout.mirror }}
-    CLONE = {{ .Values.gitea.git.timeout.clone }}
-    PULL = {{ .Values.gitea.git.timeout.pull }}
-    GC = {{ .Values.gitea.git.timeout.gc }}
-
-    [mirror]
-    ; Default interval as a duration between each check
-    DEFAULT_INTERVAL = 8h
-    ; Min interval as a duration must be > 1m
-    MIN_INTERVAL = 10m
-
-    [api]
-    ; Enables Swagger. True or false; default is true.
-    ENABLE_SWAGGER = true
-    ; Max number of items in a page
-    MAX_RESPONSE_ITEMS = 50
-
-    [i18n]
-    LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
-    NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어
-
-    ; Used for datetimepicker
-    [i18n.datelang]
-    en-US = en
-    zh-CN = zh
-    zh-HK = zh-HK
-    zh-TW = zh-TW
-    de-DE = de
-    fr-FR = fr
-    nl-NL = nl
-    lv-LV = lv
-    ru-RU = ru
-    uk-UA = uk
-    ja-JP = ja
-    es-ES = es
-    pt-BR = pt-BR
-    pl-PL = pl
-    bg-BG = bg
-    it-IT = it
-    fi-FI = fi
-    tr-TR = tr
-    cs-CZ = cs-CZ
-    sr-SP = sr
-    sv-SE = sv
-    ko-KR = ko
-
-    [U2F]
-    ; Two Factor authentication with security keys
-    ; https://developers.yubico.com/U2F/App_ID.html
-    ;APP_ID = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
-    ; Comma seperated list of truisted facets
-    ;TRUSTED_FACETS = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
-
-    ; Extension mapping to highlight class
-    ; e.g. .toml=ini
-    [highlight.mapping]
-
-    [other]
-    SHOW_FOOTER_BRANDING = false
-    ; Show version information about Gitea and Go in the footer
-    SHOW_FOOTER_VERSION = true
-    ; Show template execution time in the footer
-    SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
-
-    [markup.asciidoc]
-    ENABLED = false
-    ; List of file extensions that should be rendered by an external command
-    FILE_EXTENSIONS = .adoc,.asciidoc
-    ; External command to render all matching extensions
-    RENDER_COMMAND = "asciidoc --out-file=- -"
-    ; Don't pass the file on STDIN, pass the filename as argument instead.
-    IS_INPUT_FILE = false
-
-    [metrics]
-    ; Enables metrics endpoint. True or false; default is false.
-    ENABLED = {{ .Values.gitea.metrics.enabled }}
-    ; If you want to add authorization, specify a token here
-    TOKEN = {{ .Values.gitea.metrics.token }}
-{{- if .Values.gitea.extraConfig }}
-
-{{ .Values.gitea.extraConfig | indent 4 }}
-{{ end }}
+    {{- else }}
+    {{ $key | upper }} = {{ $value }}
+    {{- end }}
+    {{- end }}
\ No newline at end of file
diff --git a/templates/gitea/http-svc.yaml b/templates/gitea/http-svc.yaml
index 3154ce8..3c6dda4 100644
--- a/templates/gitea/http-svc.yaml
+++ b/templates/gitea/http-svc.yaml
@@ -13,6 +13,6 @@ spec:
     {{- if  .Values.service.http.nodePort }}
     nodePort: {{ .Values.service.http.nodePort }}
     {{- end }}
-    targetPort: {{ .Values.service.http.port }}
+    targetPort: {{ .Values.gitea.config.server.HTTP_PORT }}
   selector:
     {{- include "gitea.selectorLabels" . | nindent 4 }}
diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml
index ba795e2..793fcb6 100644
--- a/templates/gitea/ssh-svc.yaml
+++ b/templates/gitea/ssh-svc.yaml
@@ -17,7 +17,7 @@ spec:
   ports:
   - name: ssh
     port: {{ .Values.service.ssh.port }}
-    targetPort: ssh
+    targetPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
     protocol: TCP
     {{- if  .Values.service.ssh.nodePort }}
     nodePort: {{ .Values.service.ssh.nodePort }}
diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml
index acbd152..b1332b5 100644
--- a/templates/gitea/statefulset.yaml
+++ b/templates/gitea/statefulset.yaml
@@ -31,10 +31,10 @@ spec:
                 nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \
                 su git -c ' \
                 gitea migrate; \
-                {{- if and .Values.gitea.config.adminUser .Values.gitea.config.adminPassword }}
-                gitea admin create-user --username {{ .Values.gitea.config.adminUser }} --password '{{ .Values.gitea.config.adminPassword }}' --email {{ .Values.gitea.config.adminEmail }} --admin \
+                {{- if .Values.gitea.admin.password }}
+                gitea admin create-user --username  {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}' --email {{ .Values.gitea.admin.email }} --admin \
                 || \
-                gitea admin change-password --username {{ .Values.gitea.config.adminUser }} --password '{{ .Values.gitea.config.adminPassword }}'; \
+                gitea admin change-password --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}'; \
                 {{- end }}
                 {{- if .Values.gitea.ldap.enabled }}
                 gitea admin auth add-ldap \
@@ -87,9 +87,9 @@ spec:
                 gitea migrate
           ports:
             - name: ssh
-              containerPort: 22
+              containerPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
             - name: http
-              containerPort: {{ .Values.service.http.port }}
+              containerPort: {{ .Values.gitea.config.server.HTTP_PORT }}
           livenessProbe:
             tcpSocket:
               port: http
diff --git a/values.yaml b/values.yaml
index d461a32..00d74c4 100644
--- a/values.yaml
+++ b/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1
 
 image:
   repository: gitea/gitea
-  version: 1.12.2
+  version: 1.12.3
   pullPolicy: Always
 
 imagePullSecrets: []
@@ -32,7 +32,7 @@ ingress:
   tls: []
   #  - secretName: chart-example-tls
   #    hosts:
-  #      - chart-example.local
+  #      - git.example.com
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
@@ -64,15 +64,10 @@ persistence:
   storageClass: standard
 
 gitea:
-  config:
-    appName: "Gitea: Git with a cup of tea"
-    runMode: dev
-    # Do not change the run user for gitea default container
-    runUser: git
-
-    adminUser: "gitea_admin"
-    adminPassword: "gitea123456"
-    adminEmail: "example@gitea.com"
+  admin:
+    username: gitea_admin
+    password: r8sA8CPHD9!bt6d
+    email: "gitea@local.domain"
 
   ldap:
     enabled: false
@@ -88,70 +83,15 @@ gitea:
     bindPassword: ""
     usernameAttribute: ""
 
-  server:
-    http:
-      externalDomain: git.example.com
-      externalPort:
-    ssh:
-      externalDomain: git.example.com
-      externalPort:
-    offlineMode: false
-
-  repository:
-    root:
-    forcePrivate: false
-    defaultPrivate: last
-    maxCreationLimit: -1
-    mirrorQueueLength: 1000
-    pullRequestQueueLength: 1000
-    preferredLicenses: Apache License 2.0,MIT License
-    disableHttpGit: false
-    useCompatSSHUri: false
-
-    local:
-      copyPath: tmp/local-repo
-      wikiPath: tmp/local-wiki
-
-    upload:
-      enabled: true
-      tempPath: data/tmp/uploads
-      allowedTypes:
-      fileMaxSize: 3
-      maxFiles: 5
-
-    pullRequest:
-      workInProgressPrefixes: "WIP:,[WIP]"
-      closeKeywords: close,closes,closed,fix,fixes,fixed,resolve,resolves,resolved
-      reopenKeywords: reopen,reopens,reopened
-      defaultMergeMessageCommitsLimit: 50
-      defaultMergeMessageSize: 5120
-      defaultMergeMessageAllAuthors: false
-      defaultMergeMessageMaxApprovers: 10
-      defaultMergeMessageOfficialApproversOnly: true
-
-    signing:
-      signingKey: default
-      signingName:
-      signingEmail:
-      initialCommit: always
-      crudActions: pubkey, twofa, parentsigned
-      wiki: never
-      merges: pubkey, twofa, basesigned, commitssigned
-
-  ui:
-    explorePagingNum: 20
-    issuePagingNum: 10
-    membersPagingNum: 20
-    feedMaxCommitNum: 5
-    graphMaxCommitNum: 100
-    codeCommentLines: 4
-    themeColorMetaTag: "#6cc644"
-    maxDisplayFileSize: 8388608
-    defaultTheme: gitea
-    showUserMail: true
-    defaultShowFullName: false
-    searchRepoDescription: true
-    useServiceWorker: true
+  config: {}
+  #  APP_NAME: "Gitea: Git with a cup of tea"
+  #  RUN_MODE: dev   
+  #   
+  #  server:
+  #    SSH_PORT: 22
+  #
+  #  security:
+  #    PASSWORD_COMPLEXITY: spec
 
   database:
     builtIn:
@@ -160,210 +100,10 @@ gitea:
       mysql:
         enabled: false
 
-    external:
-      type: postgres
-      port: 5432
-      host:
-      name: gitea
-      user: gitea
-      password: gitea
-      schema:
-
-    sslMode: disable
-    charset: utf8mb4
-    path: data/gitea.db
-    sqlLiteTimeout: 500
-    iterateBufferSize: 50
-    logSql: true
-    dbRetries: 10
-    dbRetryBackoff: 3s
-    maxIdleConns: 2
-    connMaxLifetime: 3s
-    maxOpenConns: 0
-
-  admin:
-    disableRegularOrgCreation: false
-    defaultEmailNotifications: enabled
-
-  security:
-    installLock: true
-    secretKey: "!#@FDEWREWR&*("
-    loginRememberDays: 7
-    cookieUsername: gitea_awesome
-    cookieRememberName: gitea_incredible
-    reverseProxyAuthUser: X-WEBAUTH-USER
-    reverseProxyAuthEmail: X-WEBAUTH-EMAIL
-    minPasswordLength: 6
-    importLocalPaths: false
-    disabledGitHooks: false
-    onlyAllowPushIfGiteaEnvSet: true
-    passwordComplexity: "off"
-    passwordHashAlgo: pbkdf2
-    crsfCookieHttpOnly: true
-
-  openid:
-    enableOpenidSignin: true
-    enableOpenidSignup: true
-    whitelistedUris:
-    blacklistedUris:
-
-  service:
-    activeCodeLiveMinutes: 180
-    resetPasswordCodeLiveMinutes: 180
-    registerEmailConfirm: false
-    emailDomainWhitelist:
-    disableRegistration: false
-    allowOnlyExternalRegistration: false
-    requireSigninView: false
-    enableNotifyMail: false
-    enableBasicAuth: true
-    enableReverseProxyAuth: false
-    enableReverseProxyAutoRegistration: false
-    enableReverseProxyEmail: false
-    enableCaptcha: false
-    captchaType: image
-    recaptchaSecret:
-    recaptchaSiteKey:
-    racaptchaUrl: https://www.google.com/recaptcha/
-    defaultKeepEmailPrivate: false
-    deaultAllowCreateOrg: true
-    defaultOrgVisibility: public
-    defaultOrgMemberVisible: false
-    defaultEnableDependencies: true
-    allowCrossRepositoryDependencies: true
-    enableUserHeatmap: true
-    enableTimeTracking: true
-    defaultEnableTimeTracking: true
-    defaultAllowOnlyContributorsToTrackTime: true
-    noReplyAddress: noreply.example.org
-    showRegistrationButton: true
-    showMilestonesDashboardPage: true
-    autoWatchNewRepos: true
-    autoWatchOnChanges: false
-
-  webhook:
-    queueLength: 1000
-    deliverTimeout: 5
-    skipTlsVerify: false
-    pagingNum: 10
-
-  mailer:
-    enabled: false
-    sendBufferLen: 100
-    subjectPrefix:
-    host:
-    disableHelo:
-    heloHostname:
-    skipVerify:
-    useCertificate: false
-    certFile: custom/mailer/cert.pem
-    keyFile: custom/mailer/key.pem
-    isTlsEnabled: false
-    from:
-    user:
-    password:
-    sendAsPlainText: false
-    mailerType: smtp
-    sendMailPath: sendmail
-    sendMailArgs:
-    sendMailTimeout: 5m
-
   cache:
-    enabled: true
-
     builtIn:
       enabled: true
 
-    external:
-      adapter: memory
-      host:
-
-    interval: 60
-    itemTTL: 16h
-
-    lastCommit:
-      enabled: true
-      itemTTL: 8760h
-      commitCount: 1000
-
-  attachment:
-    enabled: true
-    path: data/attachments
-    allowedTypes: image/jpeg|image/png|application/zip|application/gzip
-    maxSize: 4
-    maxFiles: 5
-
-  log:
-    rootPath:
-    mode: console
-    bufferLen: 10000
-    redirectMacaronLog: false
-    macaron: file
-    routerLogLevel: Info
-    router: console
-    enableAccessLog: false
-    access: file
-    level: Info
-    stackTraceLevel: None
-
-    x:
-      flags: stdflags
-      expression:
-      prefix:
-      colorize: false
-
-    console:
-      level: None
-      stderr: false
-
-    file:
-      level: None
-      fileName:
-      logRotate: true
-      maxLines: 100000
-      maxSizeShift: 28
-      dailyRotate: true
-      maxDays: 7
-      compress: true
-      compressionLeveL: -1
-
-    conn:
-      level: None
-      reconnOnMsg: false
-      reconnect: false
-      protocol: tcp
-      addr:
-
-    smtp:
-      level: None
-      subject: Diagnostic message from server
-      host:
-      user:
-      password:
-      receivers:
-
-  git:
-    path:
-    disableDiffHighlight: false
-    maxGitDiffLines: 1000
-    maxGitDiffLineChars: 5000
-    maxGitDiffFiles: 100
-    gcArgs:
-    enableAutoGitWireProt: true
-    pullRequestPushMessage: true
-
-    timeout:
-      default: 360
-      migrate: 600
-      mirror: 300
-      clone: 300
-      pull: 300
-      gc: 60
-  metrics:
-    enabled: false
-    token:
-  extraConfig:
-
 memcached:
   service:
     port: 11211
-- 
2.40.1


From 66ac9d2cc39b67976f8a952c244aa0aa29c93abe Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Mon, 17 Aug 2020 15:41:27 +0200
Subject: [PATCH 20/25] Update readme with generic values

---
 README.md | 454 +++++++-----------------------------------------------
 1 file changed, 58 insertions(+), 396 deletions(-)

diff --git a/README.md b/README.md
index 77efc79..cd83886 100644
--- a/README.md
+++ b/README.md
@@ -4,55 +4,16 @@
 
 Readme will be updated with examples in the next few days
 
-# Content
-
-* 1. [Introduction](#Introduction)
-	* 1.1. [Dependencies](#Dependencies)
-* 2. [Installing](#Installing)
-* 3. [Prerequisites](#Prerequisites)
-* 4. [Examples](#Examples)
-	* 4.1. [Ports and external url](#Portsandexternalurl)
-	* 4.2. [Persistence](#Persistence)
-	* 4.3. [Admin User](#AdminUser)
-	* 4.4. [Ldap Settings](#LdapSettings)
-* 5. [Configuration](#Configuration)
-	* 5.1. [Others](#Others)
-	* 5.2. [Image](#Image)
-	* 5.3. [Persistence](#Persistence-1)
-	* 5.4. [Ingress](#Ingress)
-	* 5.5. [Service](#Service)
-	* 5.6. [Gitea Configuration](#GiteaConfiguration)
-	* 5.7. [Gitea repository](#Gitearepository)
-	* 5.8. [Gitea Ldap](#GiteaLdap)
-	* 5.9. [Gitea Server](#GiteaServer)
-	* 5.10. [Gitea Repository](#GiteaRepository)
-	* 5.11. [Gitea UI](#GiteaUI)
-	* 5.12. [Gitea Database](#GiteaDatabase)
-	* 5.13. [Gitea Admin](#GiteaAdmin)
-	* 5.14. [Gitea Security](#GiteaSecurity)
-	* 5.15. [Gitea OpenID](#GiteaOpenID)
-	* 5.16. [Gitea Service](#GiteaService)
-	* 5.17. [Gitea Webhook](#GiteaWebhook)
-	* 5.18. [Gitea Mailer](#GiteaMailer)
-	* 5.19. [Gitea Cache](#GiteaCache)
-	* 5.20. [Gitea Attachment](#GiteaAttachment)
-	* 5.21. [Gitea Log](#GiteaLog)
-	* 5.22. [Gitea Git](#GiteaGit)
-	* 5.23. [Gitea Extra Config](#GiteaExtraConfig)
-	* 5.24. [Memcached BuiltIn](#MemcachedBuiltIn)
-	* 5.25. [Mysql BuiltIn](#MysqlBuiltIn)
-	* 5.26. [Postgresql BuiltIn](#PostgresqlBuiltIn)
-
-##  1. <a name='Introduction'></a>Introduction
+## Introduction
 
 This helm chart has taken some inspiration from https://github.com/jfelten/gitea-helm-chart
 But takes a completly different approach in providing database and cache with dependencies.
 Also this chart provides ldap and admin user configuration with values as well as it is deployed as statefulset to retain stored repositories.
 
-###  1.1. <a name='Dependencies'></a>Dependencies
+## Dependencies
 
 Gitea can be run with external database and cache. This chart provides those dependencies, which can be
-enabled, or disabled via [configuration](#3-configuration).
+enabled, or disabled via [configuration](#configuration).
 
 Dependencies:
 
@@ -60,22 +21,36 @@ Dependencies:
 * Memcached
 * Mysql
 
-##  2. <a name='Installing'></a>Installing
+## Installing
 
 ```
   helm repo add novum-rgi-helm https://novumrgi.github.io/helm/
   helm install gitea novum-rgi-helm/gitea
 ```
 
-##  3. <a name='Prerequisites'></a>Prerequisites
+## Prerequisites
 
 * Kubernetes 1.12+
 * Helm 3.0+
 * PV provisioner for persistent data support
 
-##  4. <a name='Examples'></a>Examples
+## Examples
 
-###  4.1. <a name='Portsandexternalurl'></a>Ports and external url
+### Gitea Configuration
+
+Gitea offers lots of configuration. This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/).
+
+```yaml
+  gitea:
+    config:
+      APP_NAME: "Gitea: With a cup of tea."
+      repository:
+        ROOT: "~/gitea-repositories"
+      repository.pull-request:
+        WORK_IN_PROGRESS_PREFIXES: "WIP:,[WIP]:"
+```
+
+### Ports and external url
 
 By default port 3000 is used for web traffic and 22 for ssh. Those can be changed:
 
@@ -87,20 +62,31 @@ By default port 3000 is used for web traffic and 22 for ssh. Those can be change
       port: 22
 ```
 
-For git to display the clone urls correctly the externalDomain setting has to be used. However the externalDomain does not change where gitea is published (Use ingress for this). ExternalDomain is just for displaying the correct clone URL. Same for externalPorts. Those are only used for display the correct clone URL.
+This helmchart automatically configures the clone urls to use the correct ports. You can change these ports by hand using the gitea.config dict. However you should know what you're doing.
+
+### Cache
+
+This helm chart can use a built in cache. The default is memcached from bitnami.
 
 ```yaml
   gitea:
-    server:
-      http:
-        externalDomain: gitea.example.com
-        externalPort: 3000
-      ssh:
-        externalDomain: gitea.example.com
-        externalPort: 22
+    cache:
+      builtIn:
+        enabled: true
 ```
 
-###  4.2. <a name='Persistence'></a>Persistence
+If the built in cache should not be used simply configure the cache in gitea.config
+
+```yaml
+  gitea:
+    config:
+      cache:
+        ENABLED: true
+        ADAPTER: memory
+        INTERVAL: 60
+        HOST: 127.0.0.1:9090
+```
+### Persistence
 
 Gitea will be deployed as a statefulset. By simply enabling the persistence and setting the storage class according to your cluster
 everything else will be taken care of. The following example will create a PVC as a part of the statefulset. This PVC will not be deleted
@@ -137,20 +123,20 @@ You can interact with the postgres settings as displayed in the following exampl
       existingClaim: MyAwesomeGiteaMysqlClaim
 ```
 
-###  4.3. <a name='AdminUser'></a>Admin User
+### Admin User
 
 This chart enables you to create a default admin user. It is also possible to update the password for this user by upgrading or redeloying the chart.
 It is not possible to delete an admin user after it has been created. This has to be done in the ui.
 
 ```yaml
   gitea:
-    config:
-      adminUser: "MyAwesomeGiteaAdmin"
-      adminPassword: "AReallyAwesomeGiteaPassword"
-      adminEmail: "gi@tea.com"
+    admin:
+      username: "MyAwesomeGiteaAdmin"
+      password: "AReallyAwesomeGiteaPassword"
+      email: "gi@tea.com"
 ```
 
-###  4.4. <a name='LdapSettings'></a>Ldap Settings
+### LDAP Settings
 
 Like the admin user the ldap settings can be updated but also disabled or deleted.
 
@@ -171,16 +157,16 @@ Like the admin user the ldap settings can be updated but also disabled or delete
       usernameAttribute: CN
 ```
 
-##  5. <a name='Configuration'></a>Configuration
+## Configuration
 
-###  5.1. <a name='Others'></a>Others
+### Others
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
 |statefulset.terminationGracePeriodSeconds| Image to start for this pod | gitea/gitea |
 
 
-###  5.2. <a name='Image'></a>Image
+### Image
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -188,7 +174,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |image.version| Image Version | 1.12.2 |
 |image.pullPolicy| Image pull policy | Always |
 
-###  5.3. <a name='Persistence-1'></a>Persistence
+### Persistence
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -198,7 +184,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |persistence.accessModes|AccessMode for persistence||
 |persistence.storageClass|Storage class for repository persistence|standard|
 
-###  5.4. <a name='Ingress'></a>Ingress
+### Ingress
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -207,7 +193,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |ingress.hosts| add hosts for ingress as string list | git.example.com |
 |ingress.tls|add ingress tls settings|[]|
 
-###  5.5. <a name='Service'></a>Service
+### Service
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
@@ -217,337 +203,13 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 |service.ssh.port| Port for ssh traffic | 22 |
 |service.ssh.annotations| Additional ssh annotations for the ssh service ||
 
-###  5.6. <a name='GiteaConfiguration'></a>Gitea Configuration
+### Gitea Configuration
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
-|gitea.config.appName | App name that shows in every Page | Gitea: Git with a cup of tea |
-|gitea.config.runMode | Run Mode for Gitea, either dev, prod or test | dev               |
-|gitea.config.runUser | User for gitea container to run   | git                          |
-|gitea.config.adminUser | Admin user to login in gitea   | gitea_admin |
-|gitea.config.adminPassword | Password for admin user   | gitea123456                         |
-|gitea.config.adminEmail | Email for admin user   | example@gitea.com                   |
+|gitea.config | Everything in app.ini can be configured with this dict. See Examples for more details | {} |
 
-###  5.7. <a name='Gitearepository'></a>Gitea repository
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.repository.root| Root path for storing all repository data. It must be an absolute path. | nil |
-|gitea.repository.forcePrivate | Force every new repository to be private. | false       |
-|gitea.repository.defaultPrivate| Default private when creating a new repository. [last, private, public] | false |
-|gitea.repository.maxCreationLimit| Global maximum creation limit of repositories per user, -1 means no limit.| -1 |
-|gitea.repository.mirrorQueueLength| Patch test queue length, increase if pull request patch testing starts hanging. | 1000 |
-|gitea.repository.pullRequestQueueLength| Length of pull request patch test queue, make it as large as possible. Use caution when editing this value. | 1000|
-|preferredLicenses| Preferred Licenses to place at the top of the list. Name must match file name in conf/license or custom/conf/license in container.| Apache License 2.0,MIT License |
-|gitea.repository.disableHttpGit|Disable the ability to interact with repositories over the HTTP protocol.| false|
-|gitea.repository.useCompatSSHUri|Force ssh:// clone url instead of scp-style uri when default SSH port is used.|false|
-
-###  5.8. <a name='GiteaLdap'></a>Gitea Ldap
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.ldap.enabled| enable ldap config | false|
-|gitea.ldap.name| unique name to store ldap config| ""|
-|gitea.ldap.securityProtocol| ldap security protocol | "" |
-|gitea.ldap.host | Ip or url to connect to ldap | "" |
-|gitea.ldap.port | Port to connecto to ldap server | "" |
-|gitea.ldap.userSearchBase| The LDAP base at which user accounts will be searched for. | "" |
-|gitea.ldap.userFilter| An LDAP filter declaring how to find the user record that is attempting to authenticate. The %s matching parameter will be substituted with login name given on sign-in form. | "" |
-|gitea.ldap.adminFilter | An LDAP filter specifying if a user should be given administrator privileges. If a user account passes the filter, the user will be privileged as an administrator. | "" |
-|gitea.ldap.emailAttribute | The attribute of the user’s LDAP record containing the user’s email address. This will be used to populate their account information. | "" |
-|gitea.ldap.bindDn | The DN to bind to the LDAP server with when searching for the user. This may be left blank to perform an anonymous search. | "" |
-|gitea.ldap.bindPassword | The password for the Bind DN specified above, if any. Note: The password is stored in plaintext at the server. As such, ensure that the Bind DN has as few privileges as possible. | "" |
-|gitea.ldap.usernameAttribute | The attribute of the user’s LDAP record containing the user name. Given attribute value will be used for new Gitea account user name after first successful sign-in. Leave empty to use login name given on sign-in form. | "" |
-
-###  5.9. <a name='GiteaServer'></a>Gitea Server
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.server.http.externalDomain | Http clone setting for which address gitea will be available on clone | git.example.com|
-|gitea.server.http.externalPort | Http clone setting for which port gitea will be available on clone | |
-|gitea.server.ssh.externalDomain | SSH clone setting for which address gitea will be available on clone | git.example.com|
-|gitea.server.ssh.externalPort | SSH clone setting for which port gitea will be available on clone | |
-|gitea.server.offlineMode | Disables use of CDN for static files and Gravatar for profile pictures. | false|
-
-###  5.10. <a name='GiteaRepository'></a>Gitea Repository
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.repository.root| Root path for storing all repository data. It must be an absolute path. | "" |
-|gitea.repository.forcePrivate| Force every new repository to be private. | "" |
-|gitea.repository.defaultPrivate| Default private when creating a new repository. [last, private, public] | last |
-|gitea.repository.maxCreationLimit| Global maximum creation limit of repositories per user, -1 means no limit. | -1 |
-|gitea.repository.mirrorQueueLength| Patch test queue length, increase if pull request patch testing starts hanging. | 1000 |
-|gitea.repository.pullRequestQueueLength| Length of pull request patch test queue, make it as large as possible. Use caution when editing this value. | 1000 |
-|gitea.repository.preferredLicenses| Apache License 2.0,MIT License: Preferred Licenses to place at the top of the list. Name must match file name in conf/license or custom/conf/license. | Apache License 2.0,MIT License |
-|gitea.repository.disableHttpGit| Disable the ability to interact with repositories over the HTTP protocol. | false |
-|gitea.repository.useCompatSSHUri| Force ssh:// clone url instead of scp-style uri when default SSH port is used. | false |
-|gitea.repository.enablePushCreateUser| Allow users to push local repositories to Gitea and have them automatically created for a user. | false |
-|gitea.repository.enablePushCreateOrg| Allow users to push local repositories to Gitea and have them automatically created for an org. | false |
-|gitea.repository.local.copyPath| Path for local repository copy. | tmp/local-repo |
-|gitea.repository.local.wikiPath| Path for local wiki copy. | tmp/local-wiki |
-|gitea.repository.upload.enabled| Whether repository file uploads are enabled. | true |
-|gitea.repository.upload.tempPath| Path for uploads. | data/tmp/uploads |
-|gitea.repository.upload.allowedTypes| One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type |  |
-|gitea.repository.upload.fileMaxSize|Max size of each file in megabytes.| 3 |
-|gitea.repository.upload.maxFiles| Max number of files per upload. | 5 |
-|gitea.repository.pullRequest.workInProgressPrefixes|  List of prefixes used in Pull Request title to mark them as Work In Progress | WIP:,[WIP] |
-|gitea.repository.pullRequest.closeKeywords| Max number of files per upload. | 5 |
-|gitea.repository.pullRequest.reopenKeywords| Max number of files per upload. | 5 |
-|gitea.repository.pullRequest.defaultMergeMessageCommitsLimit| Max number of files per upload. | 5 |
-|gitea.repository.pullRequest.defaultMergeMessageSize| Max number of files per upload. | 5 |
-|gitea.repository.pullRequest.defaultMergeMessageAllAuthors| Max number of files per upload. | 5 |
-|gitea.repository.pullRequest.defaultMergeMessageMaxApprovers| Max number of files per upload. | 5 |
-|gitea.repository.pullRequest.defaultMergeMessageOfficialApproversOnly| Max number of files per upload. | 5 |
-|gitea.repository.signing.signingKey| Key to sign with. [none, KEYID, default ] | default |
-|gitea.repository.signing.signingName|  if a KEYID is provided as the SIGNING_KEY, use these as the Name of the signer. These should match publicized name for the key. |  |
-|gitea.repository.signing.signingEmail|  if a KEYID is provided as the SIGNING_KEY, use these as the Email address of the signer. These should match publicized email address for the key. |  |
-|gitea.repository.signing.initialCommit|  [never, pubkey, twofa, always]: Sign initial commit. | always |
-|gitea.repository.signing.crudActions| [never, pubkey, twofa, parentsigned, always]: Sign CRUD actions. | pubkey, twofa, parentsigned |
-|gitea.repository.signing.wiki| [never, pubkey, twofa, always, parentsigned]: Sign commits to wiki. | never |
-|gitea.repository.signing.merges|  [never, pubkey, twofa, approved, basesigned, commitssigned, always]: Sign merges.  | pubkey, twofa, basesigned, commitssigned |gitea.ui.explorePagingNum|Number of repositories that are shown in one explore page.|20|
-
-###  5.11. <a name='GiteaUI'></a>Gitea UI
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.ui.issuePagingNum|Number of issues that are shown in one page (for all pages that list issues).|10|
-|gitea.ui.membersPagingNum| Number of members that are shown in organization members.|20|
-|gitea.ui.feedMaxCommitNum|Number of maximum commits shown in one activity feed.|5|
-|gitea.ui.graphMaxCommitNum|Number of maximum commits shown in the commit graph.|100|
-|gitea.ui.codeCommentLines| Number of line of codes shown for a code comment |4|
-|gitea.ui.themeColorMetaTag|Value of `theme-color` meta tag, used by Android >= 5.0 An invalid color like "none" or "disable" will have the default style More info: https://developers.google.com/web/updates/201411Support-for-theme-color-in-Chrome-39-for-Android|#6cc644|
-|gitea.ui.maxDisplayFileSize| Max size of files to be displayed in Bytes |8388608|
-|gitea.ui.defaultTheme| [gitea, arc-green]: Set the default theme for the Gitea install.|gitea|
-|gitea.ui.showUserMail|Whether the email of the user should be shown in the Explore Users page|true|
-|gitea.ui.defaultShowFullName|Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.|false|
-|gitea.ui.searchRepoDescription|Whether to search within description at repository search on explore page.|true|
-|gitea.ui.useServiceWorker|Whether to enable a Service Worker to cache frontend assets|true|
-
-###  5.12. <a name='GiteaDatabase'></a>Gitea Database
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.database.builtIn.postgresql.enabled| Enable built in postgresql database, either postgres or mysql can be enabled. Not both!| true|
-|gitea.database.builtIn.mysql.enabled| Enable built in mysql database, either postgres or mysql can be enabled. Not both!| false |
-|gitea.database.external.type| database type if no built in is enabled | postgres |
-|gitea.database.external.port| port to connect to database | 5432 |
-|gitea.database.external.host| address to connect to database | |
-|gitea.database.external.name| database name | gitea |
-|gitea.database.external.user| database user | gitea |
-|gitea.database.external.password| database password for defined user | gitea |
-|gitea.database.external.schema| database schema to deploy db data | |
-|gitea.database.sslMode|SSL/TLS encryption mode for connecting to the database. This option is only applied for PostgreSQL and MySQL|disable|
-|gitea.database.charset|For MySQL only, either “utf8” or “utf8mb4”. NOTICE: for “utf8mb4” you must use MySQL InnoDB > 5.6. Gitea is unable to check this.|utf8mb4|
-|gitea.database.path|For SQLite3 only, the database file path.|data/gitea.db|
-|gitea.database.sqlLiteTimeout|For "sqlite3" only. Query timeout|500|
-|gitea.database.iterateBufferSize|For iterate buffer|50|
-|gitea.database.logSql|Show the database generated SQL|true|
-|gitea.database.dbRetries|Maximum number of DB Connect retries|10|
-|gitea.database.dbRetryBackoff|Backoff time per DB retry (time.Duration)|3s|
-|gitea.database.maxIdleConns|Max idle database connections on connnection pool|2|
-|gitea.database.connMaxLifetime|Database connection max life time|3s|
-|gitea.database.maxOpenConns|Database maximum number of open connections|0|
-
-###  5.13. <a name='GiteaAdmin'></a>Gitea Admin
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.admin.disableRegularOrgCreation|Disallow regular (non-admin) users from creating organizations.|false|
-|gitea.admin.defaultEmailNotifications|Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled|enabled|
-
-###  5.14. <a name='GiteaSecurity'></a>Gitea Security
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.security.installLock|Disallow access to the install page.|true|
-|gitea.security.secretKey|Global secret key. This should be changed.|!#@FDEWREWR&*(|
-|gitea.security.loginRememberDays|Cookie lifetime, in days.|7|
-|gitea.security.cookieUsername|Name of the cookie used to store the current username.|gitea_awesome|
-|gitea.security.cookieRememberName|Name of cookie used to store authentication information.|gitea_incredible|
-|gitea.security.reverseProxyAuthUser|Header name for reverse proxy authentication.|X-WEBAUTH-USER|
-|gitea.security.reverseProxyAuthEmail|Header name for reverse proxy authentication provided email.|X-WEBAUTH-EMAIL|
-|gitea.security.minPasswordLength|The minimum password length for new Users|6|
-|gitea.security.importLocalPaths|Set to false to prevent all users (including admin) from importing local path on server.|false|
-|gitea.security.disabledGitHooks|Set to true to prevent all users (including admin) from creating custom git hooks|false|
-|gitea.security.onlyAllowPushIfGiteaEnvSet|Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED|true|
-|gitea.security.passwordComplexity|Comma separated list of character classes required to pass minimum complexity. [lower,upper,digit,spec]|off|
-|gitea.security.passwordHashAlgo|Password Hash algorithm, either "pbkdf2", "argon2", "scrypt" or "bcrypt"|pbkdf2|
-|gitea.security.crsfCookieHttpOnly|Set false to allow JavaScript to read CSRF cookie|true|
-
-###  5.15. <a name='GiteaOpenID'></a>Gitea OpenID
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.openid.enableOpenidSignin|Whether to allow signin in via OpenID|true|
-|gitea.openid.enableOpenidSignup|Whether to allow registering via OpenID|true|
-|gitea.openid.whitelistedUris|Allowed URI patterns (POSIX regexp). Space seperated||
-|gitea.openid.blacklistedUris|Forbidden URI patterns (POSIX regexp). Space seperated||
-
-###  5.16. <a name='GiteaService'></a>Gitea Service
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.service.activeCodeLiveMinutes|Time limit (min) to confirm account/email registration.|180|
-|gitea.service.resetPasswordCodeLiveMinutes|Time limit (min) to confirm forgot password reset process.|180|
-|gitea.service.registerEmailConfirm|Enable this to ask for mail confirmation of registration. Requires Mailer to be enabled.|false|
-|gitea.service.emailDomainWhitelist|List of domain names that are allowed to be used to register on a Gitea instance||
-|gitea.service.disableRegistration|Disallow registration, only allow admins to create accounts.|false|
-|gitea.service.allowOnlyExternalRegistration|Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false|false|
-|gitea.service.requireSigninView|User must sign in to view anything.|false|
-|gitea.service.enableNotifyMail|Mail notification|false|
-|gitea.service.enableBasicAuth|This setting enables gitea to be signed in with HTTP BASIC Authentication using the user's password|true|
-|gitea.service.enableReverseProxyAuth|Enable this to allow reverse proxy authentication.|false|
-|gitea.service.enableReverseProxyAutoRegistration| Enable this to allow auto-registration for reverse authentication.|false|
-|gitea.service.enableReverseProxyEmail|Enable this to allow to auto-registration with a provided email rather than a generated email.|false|
-|gitea.service.enableCaptcha|Enable this to use captcha validation for registration.|false|
-|gitea.service.captchaType|[image, recaptcha]|image|
-|gitea.service.recaptchaSecret|Go to https://www.google.com/recaptcha/admin to get a secret for recaptcha.||
-|gitea.service.recaptchaSiteKey|Go to https://www.google.com/recaptcha/admin to get a sitekey for recaptcha.||
-|gitea.service.racaptchaUrl|Set the recaptcha url - allows the use of recaptcha net.|https://www.google.com/recaptcha/|
-|gitea.service.defaultKeepEmailPrivate|Default value for KeepEmailPrivate|false|
-|gitea.service.deaultAllowCreateOrg|Default value for AllowCreateOrganization|true|
-|gitea.service.defaultOrgVisibility|Either "public", "limited" or "private", limited is for signed user only|public|
-|gitea.service.defaultOrgMemberVisible|Default value for DefaultOrgMemberVisible|false|
-|gitea.service.defaultEnableDependencies|Default value for EnableDependencies|true|
-|gitea.service.allowCrossRepositoryDependencies|Dependencies can be added from any repository where the user is granted access or only from the current repository depending on this setting.|true|
-|gitea.service.enableUserHeatmap|Enable heatmap on users profiles.|true|
-|gitea.service.enableTimeTracking|Enable Timetracking|true|
-|gitea.service.defaultEnableTimeTracking|Default value for EnableTimetracking|true|
-|gitea.service.defaultAllowOnlyContributorsToTrackTime|Default value for AllowOnlyContributorsToTrackTime|true|
-|gitea.service.noReplyAddress|Default value for the domain part of the user's email address in the git log|noreply.example.org|
-|gitea.service.showRegistrationButton|Show Registration button|true|
-|gitea.service.showMilestonesDashboardPage|Show milestones dashboard page - a view of all the user's milestones|true|
-|gitea.service.autoWatchNewRepos|Default value for AutoWatchNewRepos|true|
-|gitea.service.autoWatchOnChanges|Default value for AutoWatchOnChanges|false|
-
-###  5.17. <a name='GiteaWebhook'></a>Gitea Webhook
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.webhook.queueLength|Hook task queue length, increase if webhook shooting starts hanging|1000|
-|gitea.webhook.deliverTimeout|Deliver timeout in seconds|5|
-|gitea.webhook.skipTlsVerify|Allow insecure certification|false|
-|gitea.webhook.pagingNum|Number of history information in each page|10|
-
-###  5.18. <a name='GiteaMailer'></a>Gitea Mailer
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.mailer.enabled|Enable mailer settings|false|
-|gitea.mailer.sendBufferLen|Buffer length of channel, keep it as it is if you don't know what it is.|100|
-|gitea.mailer.subjectPrefix|Prefix displayed before subject in mail||
-|gitea.mailer.host|Mail server||
-|gitea.mailer.disableHelo|Disable HELO operation when hostnames are different.||
-|gitea.mailer.heloHostname|Custom hostname for HELO operation, if no value is provided, one is retrieved from system.||
-|gitea.mailer.skipVerify|Do not verify the certificate of the server. Only use this for self-signed certificates||
-|gitea.mailer.useCertificate|Use client certificate|false|
-|gitea.mailer.certFile|Path to cert file|custom/mailer/cert.pem|
-|gitea.mailer.keyFile|Path to key file|custom/mailer/key.pem|
-|gitea.mailer.isTlsEnabled|Should SMTP connect with TLS, (if port ends with 465 TLS will always be used.)|false|
-|gitea.mailer.from|Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format||
-|gitea.mailer.user|Mailer user name||
-|gitea.mailer.password|Mailer password||
-|gitea.mailer.sendAsPlainText|Send mails as plain text|false|
-|gitea.mailer.mailerType|Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)|smtp|
-|gitea.mailer.sendMailPath|Specify an alternative sendmail binary|sendmail|
-|gitea.mailer.sendMailArgs|Specify any extra sendmail arguments||
-|gitea.mailer.sendMailTimeout|Timeout for Sendmail|5m|
-
-###  5.19. <a name='GiteaCache'></a>Gitea Cache
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.cache.enabled| Enable cache | true |
-|gitea.cache.builtIn.enabled | Use built in memcached | true |
-|gitea.cache.external.adapter| If built in is not enabled use this to chhose cache adapter [memory, redis, memcache] | memory |
-|gitea.cache.external.host| If built in is not enabled use this to connect to an external cache | |
-|gitea.cache.interval| Garbage Collection interval (sec), for memory cache only. | 60 |
-|gitea.cache.itemTTL| Time to keep items in cache if not used, Setting it to 0 disables caching.| 16h |
-|gitea.cache.lastCommit.enabled | Enable last commit cache | true |
-|gitea.cache.lastCommit.itemTTL| Time to keep items in cache if not used, Setting it to 0 disables caching. | 8760h |
-|gitea.cache.lastCommit.commitCount| Only enable the cache when repository’s commits count great than. | 1000 |
-
-###  5.20. <a name='GiteaAttachment'></a>Gitea Attachment
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.attachment.enabled|Enable this to allow uploading attachments.|true|
-|gitea.attachment.path|Path to store attachments.|data/attachments|
-|gitea.attachment.allowedTypes||image/jpeg|image/png|application/zip|application/gzip|
-|gitea.attachment.maxSize|Maximum size (MB).|4|
-|gitea.attachment.maxFiles|Maximum number of attachments that can be uploaded at once.|5|
-
-###  5.21. <a name='GiteaLog'></a>Gitea Log
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.log.rootPath|Root path for log files.||
-|gitea.log.mode|Logging mode. For multiple modes, use a comma to separate values. You can configure each mode in per mode log subsections |console|
-|gitea.log.bufferLen|Buffer length of the channel, keep it as it is if you don't know what it is.|10000|
-|gitea.log.redirectMacaronLog|Redirects the Macaron log to its own logger or the default logger. |false|
-|gitea.log.macaron|Logging mode for the macaron logger, use a comma to separate values. Configure each mode in per mode log subsections |file|
-|gitea.log.routerLogLevel|The log level that the router should log at. (If you are setting the access log, its recommended to place this at Debug.)|Info|
-|gitea.log.router|The mode or name of the log the router should log to. (If you set this to , it will log to default gitea logger.) NB: You must REDIRECT_MACARON_LOG and have DISABLE_ROUTER_LOG set to false for this option to take effect. Configure each mode in per mode log subsections|console|
-|gitea.log.enableAccessLog|Creates an access.log in NCSA common log format, or as per the following template|false|
-|gitea.log.access|Logging mode for the access logger, use a comma to separate values. Configure each mode in per mode log subsections |file|
-|gitea.log.level| General log level. [Trace, Debug, Info, Warn, Error, Critical, Fatal, None]|Info|
-|gitea.log.stackTraceLevel|Default log level at which to log create stack traces. [Trace, Debug, Info, Warn, Error, Critical, Fatal, None]|None|
-|gitea.log.x.flags|A comma separated string representing the log flags.|stdflags|
-|gitea.log.x.expression| regular expression to match either the function name, file or message. Defaults to empty. Only log messages that match the expression will be saved in the logger.||
-|gitea.log.x.prefix|An additional prefix for every log line in this logger. Defaults to empty.||
-|gitea.log.x.colorize| Colorize the log lines by default|false|
-|gitea.log.console.level|Log Level [Trace, Debug, Info, Warn, Error, Critical, Fatal, None]|None|
-|gitea.log.console.stderr|Use Stderr instead of Stdout.|false|
-|gitea.log.file.level|Log Level [Trace, Debug, Info, Warn, Error, Critical, Fatal, None]|None|
-|gitea.log.file.fileName|Set the file_name for the logger. If this is a relative path this will be relative to ROOT_PATH||
-|gitea.log.file.logRotate|This enables automated log rotate(switch of following options)|true|
-|gitea.log.file.maxLines|Max number of lines in a single file|1000000|
-|gitea.log.file.maxSizeShift|Max size shift of a single file, default is 28 means 1 << 28, 256MB|28|
-|gitea.log.file.dailyRotate|Segment log daily|true|
-|gitea.log.file.maxDays|delete the log file after n days|7|
-|gitea.log.file.compress|compress logs with gzip|true|
-|gitea.log.file.compressionLeveL|compression level see godoc for compress/gzip|-1|
-|gitea.log.conn.level|Log Level [Trace, Debug, Info, Warn, Error, Critical, Fatal, None]|None|
-|gitea.log.conn.reconnOnMsg|Reconnect host for every single message, default is false|false|
-|gitea.log.conn.reconnect|Try to reconnect when connection is lost, default is false|false|
-|gitea.log.conn.protocol|Either "tcp", "unix" or "udp", default is "tcp"|tcp|
-|gitea.log.conn.addr|Host address||
-|gitea.log.smtp.level|Log Level [Trace, Debug, Info, Warn, Error, Critical, Fatal, None]|None|
-|gitea.log.smtp.subject|Name displayed in mail title, default is "Diagnostic message from server"|Diagnostic message from server|
-|gitea.log.smtp.host|Mail server||
-|gitea.log.smtp.user|Mailer user name||
-|gitea.log.smtp.password|Mailer password||
-|gitea.log.smtp.receivers|Receivers, can be one or more, e.g. 1@example.com,2@example.com|false|
-
-###  5.22. <a name='GiteaGit'></a>Gitea Git
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.git.path|The path of git executable. If empty, Gitea searches through the PATH environment.||
-|gitea.git.disableDiffHighlight|Disables highlight of added and removed changes|1000|
-|gitea.git.maxGitDiffLines|Max number of lines allowed in a single file in diff view|5000|
-|gitea.git.maxGitDiffLineChars|Max number of allowed characters in a line in diff view|100|
-|gitea.git.maxGitDiffFiles|Max number of files shown in diff view||
-|gitea.git.gcArgs|Arguments for command 'git gc', e.g. "--aggressive --auto"||
-|gitea.git.enableAutoGitWireProt|If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1|true|
-|gitea.git.pullRequestPushMessage|Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)|true|
-|gitea.git.timeout.default|Git operations default timeout seconds.|360|
-|gitea.git.timeout.migrate|Migrate external repositories timeout seconds.|600|
-|gitea.git.timeout.mirror|Mirror external repositories timeout seconds.|300|
-|gitea.git.timeout.clone|Git clone from internal repositories timeout seconds.|300|
-|gitea.git.timeout.pull|Git pull from internal repositories timeout seconds.|300|
-|gitea.git.timeout.gc|Git repository GC timeout seconds.|60|
-|gitea.git.metrics.enabled| Enables /metrics endpoint for prometheus.|false|
-|gitea.git.metrics.token|You need to specify the token, if you want to include in the authorization the metrics . The same token need to be used in prometheus parameters bearer_token or bearer_token_file.||
-
-###  5.23. <a name='GiteaExtraConfig'></a>Gitea Extra Config
-
-| Parameter           | Description                       | Default                      |
-|---------------------|-----------------------------------|------------------------------|
-|gitea.extraConfig|If you want anymore configuration you need to do it here as a multiline string. For example look at https://docs.gitea.io/en-us/config-cheat-sheet/||
-
-###  5.24. <a name='MemcachedBuiltIn'></a>Memcached BuiltIn
+### Memcached BuiltIn
 
 Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
 
@@ -557,7 +219,7 @@ The following parameters are the defaults set by this chart
 |---------------------|-----------------------------------|------------------------------|
 |memcached.service.port|Memcached Port| 11211|
 
-###  5.25. <a name='MysqlBuiltIn'></a>Mysql BuiltIn
+### Mysql BuiltIn
 
 Mysql is loaded as a dependency from stable. Configuration can be found from this [website](https://github.com/helm/charts/tree/master/stable/mysql)
 
@@ -572,7 +234,7 @@ The following parameters are the defaults set by this chart
 |mysql.service.port|Port to connect to mysql service|3306|
 |mysql.persistence|Persistence size for mysql |10Gi|
 
-###  5.26. <a name='PostgresqlBuiltIn'></a>Postgresql BuiltIn
+### Postgresql BuiltIn
 
 Postgresql is loaded as a dependency from bitnami. Configuration can be found from this [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql)
 
-- 
2.40.1


From 969f9d0c007fa9115551e9fa3bd9d3e5edde3d17 Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Mon, 17 Aug 2020 15:49:14 +0200
Subject: [PATCH 21/25] Add Konrad Lother as Maintainer

---
 Chart.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Chart.yaml b/Chart.yaml
index bd7f01c..c9578b0 100644
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -21,6 +21,8 @@ maintainers:
     email: charlie@charliedrage.com
   - name: Gitea Authors
     email: maintainers@gitea.io
+  - name: Konrad Lother
+    email: konrad.lother@novum-rgi.de
   - name: Lucas Hahn
     email: lucas.hahn@novum-rgi.de
 
-- 
2.40.1


From 37b5601089dd92eed8c0e63d467bbfcf83a830d2 Mon Sep 17 00:00:00 2001
From: Konrad Lother <konrad.lother@novum-rgi.de>
Date: Mon, 17 Aug 2020 16:42:18 +0200
Subject: [PATCH 22/25] set PROTOCOL default to http

---
 templates/gitea/config.yaml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml
index cb66d5c..825d612 100644
--- a/templates/gitea/config.yaml
+++ b/templates/gitea/config.yaml
@@ -32,12 +32,8 @@ data:
     {{- $_ := set .Values.gitea.config.server "HTTP_PORT" .Values.service.http.port -}}
     {{- end -}}
     {{- if not .Values.gitea.config.server.PROTOCOL -}}
-    {{- if gt (len .Values.ingress.tls) 0 -}}
-    {{- $_ := set .Values.gitea.config.server "PROTOCOL" "https" -}}
-    {{- else -}}
     {{- $_ := set .Values.gitea.config.server "PROTOCOL" "http" -}}
     {{- end -}}
-    {{- end -}}
     {{- if not (.Values.gitea.config.server.DOMAIN) -}}
     {{- if gt (len .Values.ingress.hosts) 0 -}}
     {{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0) -}}
-- 
2.40.1


From 0d999d6202f3e7305ba9ff532ef72a5b938c0e55 Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Mon, 17 Aug 2020 16:50:33 +0200
Subject: [PATCH 23/25] add check for admin user

---
 templates/gitea/statefulset.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml
index b1332b5..4668088 100644
--- a/templates/gitea/statefulset.yaml
+++ b/templates/gitea/statefulset.yaml
@@ -30,8 +30,9 @@ spec:
                 chmod a+rwx /data/gitea/conf/app.ini
                 nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \
                 su git -c ' \
+                set -x; \
                 gitea migrate; \
-                {{- if .Values.gitea.admin.password }}
+                {{- if and .Values.gitea.admin.username .Values.gitea.admin.password }}
                 gitea admin create-user --username  {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}' --email {{ .Values.gitea.admin.email }} --admin \
                 || \
                 gitea admin change-password --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}'; \
-- 
2.40.1


From 3935c8d2387e56c0d526520e2a5cf170e8277f35 Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Mon, 17 Aug 2020 17:09:17 +0200
Subject: [PATCH 24/25] Remove blank line from LICENSE file

---
 LICENSE | 1 -
 1 file changed, 1 deletion(-)

diff --git a/LICENSE b/LICENSE
index 5f65eb3..bbf54de 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,5 @@
 MIT License
 
-
 Copyright (c) 2020 The Gitea Authors
 Copyright (c) 2020 NOVUM-RGI
 Copyright (c) 2019 - 2020 Charlie Drage
-- 
2.40.1


From e3b292724cce198389025f7db7a7eb683b4013d0 Mon Sep 17 00:00:00 2001
From: Lucas Hahn <lucas.hahn@novum-rgi.de>
Date: Thu, 20 Aug 2020 14:54:07 +0200
Subject: [PATCH 25/25] Fix ssh port settings

---
 templates/gitea/statefulset.yaml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml
index 4668088..4f260be 100644
--- a/templates/gitea/statefulset.yaml
+++ b/templates/gitea/statefulset.yaml
@@ -82,10 +82,11 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.version }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
-            - name: SCRIPT
-              value: &script |-
-                sleep 30
-                gitea migrate
+            # SSH Port values have to be set here as well for openssh configuration
+            - name: SSH_LISTEN_PORT
+              value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }}
+            - name: SSH_PORT
+              value: {{ .Values.gitea.config.server.SSH_PORT | quote }}
           ports:
             - name: ssh
               containerPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
-- 
2.40.1