From d39846422bc4e4027af4b38096b0c24c086e42a5 Mon Sep 17 00:00:00 2001
From: Lumpiasty <arek.dzski@gmail.com>
Date: Sat, 14 Mar 2026 15:51:40 +0100
Subject: [PATCH] change gitea port to 80 as workaround of runner bug

---
 apps/garm/README.md     | 49 +++++++++++++++++++++++++++++++++++++++++
 apps/gitea/release.yaml |  5 +++++
 2 files changed, 54 insertions(+)
 create mode 100644 apps/garm/README.md

diff --git a/apps/garm/README.md b/apps/garm/README.md
new file mode 100644
index 0000000..cd7ae30
--- /dev/null
+++ b/apps/garm/README.md
@@ -0,0 +1,49 @@
+# garm
+
+This app deploys `garm` with external `garm-provider-k8s`.
+
+- API/UI ingress: `https://garm.lumpiasty.xyz`
+- Internal service DNS: `http://garm.garm.svc.cluster.local:9997`
+
+## Vault secret requirements
+
+`VaultStaticSecret` reads `secret/data/garm` and expects at least:
+
+- `jwt_auth_secret`
+- `database_passphrase` (must be 32 characters)
+
+## Connect garm to Gitea
+
+After Flux reconciles this app, initialize garm and add Gitea endpoint/credentials.
+
+```bash
+# 1) Initialize garm (from your local devenv shell)
+garm-cli init \
+  --name homelab \
+  --url https://garm.lumpiasty.xyz \
+  --username admin \
+  --email admin@lumpiasty.xyz \
+  --password '<STRONG_ADMIN_PASSWORD>' \
+  --metadata-url http://garm.garm.svc.cluster.local:9997/api/v1/metadata \
+  --callback-url http://garm.garm.svc.cluster.local:9997/api/v1/callbacks \
+  --webhook-url http://garm.garm.svc.cluster.local:9997/webhooks
+
+# 2) Add Gitea endpoint
+garm-cli gitea endpoint create \
+  --name local-gitea \
+  --description 'Cluster Gitea' \
+  --base-url http://gitea-http.gitea.svc.cluster.local:80 \
+  --api-base-url http://gitea-http.gitea.svc.cluster.local:80/api/v1
+
+# 3) Add Gitea PAT credentials
+garm-cli gitea credentials add \
+  --name gitea-pat \
+  --description 'PAT for garm' \
+  --endpoint local-gitea \
+  --auth-type pat \
+  --pat-oauth-token '<GITEA_PAT_WITH_write:repository,write:organization>'
+```
+
+Then add repositories/orgs and create pools against provider `kubernetes_external`.
+
+If Gitea refuses webhook installation to cluster-local URLs, set `gitea.config.webhook.ALLOWED_HOST_LIST` in `apps/gitea/release.yaml`.
diff --git a/apps/gitea/release.yaml b/apps/gitea/release.yaml
index c418155..b8a9293 100644
--- a/apps/gitea/release.yaml
+++ b/apps/gitea/release.yaml
@@ -90,6 +90,11 @@ spec:
         # Requirement for sharing ip with other service
         externalTrafficPolicy: Cluster
         ipFamilyPolicy: RequireDualStack
+      http:
+        type: ClusterIP
+        # We need the service to be at port 80 specifically
+        # to work around bug of Actions Runner
+        port: 80
 
     ingress:
       enabled: true