feat: add cert manager and tls for gitea

cert-manager/cert-manager.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: ca-cert
+  namespace: cert-manager
+  annotations:
+    operator.1password.io/auto-restart: "true"
+spec:
+  itemPath: "vaults/Lab/items/ca"
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-issuer
+  namespace: cert-manager
+spec:
+  ca:
+    secretName: ca-cert

helm/values/gitea.values.yaml

@@ -12,12 +12,17 @@ service:
 ingress:
   enabled: true
   className: nginx-internal
+  annotations:
+    cert-manager.io/cluster-issuer: selfsigned-issuer
   hosts:
     - host: gitea.home
       paths:
         - path: /
           pathType: Prefix
-  tls: []
+  tls:
+    - secretName: gitea-tls
+      hosts:
+        - gitea.home
 gitea:
   admin:
     existingSecret: gitea-admin