Update k8s/apps/gitea/deployment.yaml

Reviewed-on: ab/homelab#1

k8s/apps/gitea/deployment.yaml

@@ -30,6 +30,20 @@ spec:
       containers:
         - name: gitea
           image: 'gitea/gitea:latest'
+          env:
+            - name: GITEA__service__REGISTER_MANUAL_CONFIRM
+              value: "true"
+            - name: GITEA__service__ENABLE_CAPTCHA
+              value: "false"
+            - name: GITEA__service__REQUIRE_CAPTCHA_FOR_LOGIN
+              value: "true"
+            - name: GITEA__service__REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA
+              value: "true"
+            - name: GITEA__service__CAPTCHA_TYPE
+              value: "hcaptcha"
+          envFrom:
+          - secretRef:
+              name: gitea-recapcha-creds
           ports:
             - name: http
               containerPort: 3000
@@ -56,20 +70,23 @@ spec:
         app: gitea-runner
     spec:
       nodeSelector:
-        #kubernetes.io/hostname: master.tail2fe2d.ts.net
+        kubernetes.io/hostname: home.homenet
-        kubernetes.io/hostname: nas.homenet
       volumes:
         - name: docker-sock
           hostPath:
-            #path: /var/run/k3s/containerd/containerd.sock
             path: /var/run/docker.sock
             type: Socket
+        - name: runner-data
+          persistentVolumeClaim:
+            claimName: gitea-runner-pvc
       containers:
         - name: gitea-runner
           image: gitea/act_runner:nightly
           volumeMounts:
             - name: docker-sock
               mountPath: /var/run/docker.sock
+            - name: runner-data
+              mountPath: /data
           env:
             - name: GITEA_INSTANCE_URL
               value: "https://gt.hexor.cy"
@@ -83,3 +100,16 @@ spec:
             - name: GITEA_RUNNER_LABELS
               value: "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest,ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04,ubuntu-20.04:docker://ghcr.io/catthehacker/ubuntu:act-20.04"
 
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: gitea-runner-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: local-path
+

k8s/apps/gitea/external-secrets.yaml

@@ -23,3 +23,37 @@ spec:
         key: e475b5ab-ea3c-48a5-bb4c-a6bc552fc064
         property: login.password
 
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: gitea-recapcha-creds
+spec:
+  refreshInterval: 1m
+  target:
+    name: gitea-recapcha-creds
+    deletionPolicy: Delete
+    template:
+      type: Opaque
+      data:
+        GITEA__service__HCAPTCHA_SITEKEY: |-
+          {{ .HCAPTCHA_SITEKEY }}
+        GITEA__service__HCAPTCHA_SECRET: |-
+          {{ .HCAPTCHA_SECRET }}
+  data:
+    - secretKey: HCAPTCHA_SITEKEY
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 89c8d8d2-6b53-42c5-805f-38a341ef163e
+        property: login.username
+    - secretKey: HCAPTCHA_SECRET
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 89c8d8d2-6b53-42c5-805f-38a341ef163e
+        property: login.password

k8s/games/minecraft/deployments.yaml

@@ -82,8 +82,8 @@ spec:
           image: 'openjdk:8-jdk-alpine'
           command: ["java"]
           args:
-            - -Xms12G
+            - -Xms4G
-            - -Xmx12G
+            - -Xmx4G
             - -XX:+UseG1GC
             - -XX:+ParallelRefProcEnabled
             - -XX:MaxGCPauseMillis=200
@@ -108,10 +108,10 @@ spec:
           workingDir: /mc/
           resources:
               limits:
-                memory: 15Gi
+                memory: 8Gi
                 #cpu: 1
               requests:
-                memory: 10Gi
+                memory: 5Gi
                 #cpu: 100m
           ports:
             - name: game