ADD: update Nextcloud and Gitea configurations for domain and Docker settings; enhance Homarr deployment with resource limits and OIDC authentication

Co-authored-by: Copilot <copilot@github.com>

k3s/apps/gitea/gitea-runner.yaml

@@ -37,20 +37,28 @@ spec:
             - name: GITEA_RUNNER_NAME
               value: "k3s-runner-1"
             - name: GITEA_RUNNER_LABELS
-              value: "linux-x64:host,ubuntu-latest:docker://node:20-bookworm,alpine:docker://alpine:3.20"
+              value: "linux-x64:host,ubuntu-latest:docker://catthehacker/ubuntu:act-latest,ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04,alpine:docker://alpine:3.20"
             - name: GITEA_RUNNER_REGISTRATION_TOKEN
               valueFrom:
                 secretKeyRef:
                   name: gitea-runner-secret
                   key: GITEA_RUNNER_REGISTRATION_TOKEN
             - name: DOCKER_HOST
-              value: "tcp://localhost:2375"
+              value: "unix:///var/run/docker.sock"
           command:
             - /bin/sh
             - -c
           args:
             - |
               set -e
+              until [ -S /var/run/docker.sock ]; do
+                echo "Waiting for Docker socket..."
+                sleep 2
+              done
+              if [ -f /data/.runner_labels ] && [ "$(cat /data/.runner_labels)" != "${GITEA_RUNNER_LABELS}" ]; then
+                rm -f /data/.runner
+              fi
+              printf '%s' "${GITEA_RUNNER_LABELS}" > /data/.runner_labels
               if [ ! -f /data/.runner ]; then
                 act_runner register \
                   --no-interactive \
@@ -63,20 +71,28 @@ spec:
           volumeMounts:
             - name: runner-data
               mountPath: /data
+            - name: docker-run
+              mountPath: /var/run
         - name: dind
           image: docker:27-dind
           imagePullPolicy: IfNotPresent
           securityContext:
             privileged: true
+          args:
+            - --insecure-registry=gitea.gitea.svc.cluster.local
           env:
             - name: DOCKER_TLS_CERTDIR
               value: ""
           volumeMounts:
             - name: docker-lib
               mountPath: /var/lib/docker
+            - name: docker-run
+              mountPath: /var/run
       volumes:
         - name: runner-data
           persistentVolumeClaim:
             claimName: gitea-runner-data
         - name: docker-lib
           emptyDir: {}
+        - name: docker-run
+          emptyDir: {}

k3s/apps/gitea/gitea.yaml

@@ -173,6 +173,10 @@ spec:
               value: giteapassword
             - name: GITEA__server__ROOT_URL
               value: "https://git.henryathome.home64.de"
+            - name: GITEA__server__DOMAIN
+              value: git.henryathome.home64.de
+            - name: GITEA__server__PROTOCOL
+              value: http
             - name: GITEA__server__SSH_DOMAIN
               value: git.henryathome.home64.de
             - name: GITEA__server__START_SSH_SERVER
@@ -181,6 +185,8 @@ spec:
               value: "32000"
             - name: GITEA__server__SSH_PORT
               value: "32000"
+            - name: GITEA__packages__ENABLED
+              value: "true"
           ports:
             - containerPort: 3000   # HTTP
             - containerPort: 32000     # SSH