service:
  type: NodePort
  nodePorts:
    http: 30080
    https: 30443

extraVolumes:
  - name: tls-source
    secret:
      secretName: wildcard-jethrocotton-com-tls
  - name: tls-pem
    emptyDir: {}

initContainers:
  - name: build-tls-pem
    image: busybox:1.36
    command:
      - /bin/sh
      - -ec
      - |
        cat /certs/tls.crt /certs/tls.key > /tls/tls.pem
    volumeMounts:
      - name: tls-source
        mountPath: /certs
        readOnly: true
      - name: tls-pem
        mountPath: /tls

extraVolumeMounts:
  - name: tls-pem
    mountPath: /usr/local/etc/ssl

config: |
  global
    log stdout format raw local0
    maxconn 1024

  defaults
    log global
    timeout client 60s
    timeout connect 10s
    timeout server 60s

  frontend fe_http
    bind :80
    http-request redirect scheme https code 301 if !{ ssl_fc }

  frontend fe_https
    bind :443 ssl crt /usr/local/etc/ssl/tls.pem
    acl host_forgejo hdr(host) -i forgejo.jethrocotton.com
    use_backend be_forgejo if host_forgejo
    default_backend be_forgejo

  backend be_forgejo
    server forgejo forgejo.forgejo.svc.cluster.local:80 check