From 11bf756addea1a6c2c4a41cd14e2271152cdf49e Mon Sep 17 00:00:00 2001
From: Shahab Dogar <shahab@dogar.dev>
Date: Sat, 22 Nov 2025 04:46:21 +0500
Subject: [PATCH] fix: Gitea | add ssh tcp ingress route for traefik

---
 gitea/index.ts                  | 36 ++++++++++++++++++++++++++++++++-
 helm/values/traefik.values.yaml | 10 +++++++++
 main.ts                         |  5 ++++-
 3 files changed, 49 insertions(+), 2 deletions(-)

diff --git a/gitea/index.ts b/gitea/index.ts
index 56c7974..b2de3fd 100644
--- a/gitea/index.ts
+++ b/gitea/index.ts
@@ -2,9 +2,14 @@ import * as fs from "fs";
 import { HelmProvider } from "@cdktf/provider-helm/lib/provider";
 import { Release } from "@cdktf/provider-helm/lib/release";
 import { Construct } from "constructs";
+import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
+import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
 
 type GiteaServerOptions = {
-  provider: HelmProvider;
+  providers: {
+    helm: HelmProvider;
+    kubernetes: KubernetesProvider;
+  };
   name: string;
   namespace: string;
   r2Endpoint: string;
@@ -14,8 +19,11 @@ export class GiteaServer extends Construct {
   constructor(scope: Construct, id: string, options: GiteaServerOptions) {
     super(scope, id);
 
+    const { kubernetes, helm } = options.providers;
+
     new Release(this, id, {
       ...options,
+      provider: helm,
       repository: "https://dl.gitea.com/charts",
       chart: "gitea",
       createNamespace: true,
@@ -31,5 +39,31 @@ export class GiteaServer extends Construct {
         }),
       ],
     });
+
+    new Manifest(this, `${id}-ssh-ingress`, {
+      provider: kubernetes,
+      manifest: {
+        apiVersion: "traefik.io/v1alpha1",
+        kind: "IngressRouteTCP",
+        metadata: {
+          name: "gitea-ssh-ingress",
+          namespace: options.namespace,
+        },
+        spec: {
+          entryPoints: ["ssh"],
+          routes: [
+            {
+              match: "HostSNI(`*`)",
+              services: [
+                {
+                  name: `${options.name}-ssh`,
+                  port: 22,
+                },
+              ],
+            },
+          ],
+        },
+      },
+    });
   }
 }
diff --git a/helm/values/traefik.values.yaml b/helm/values/traefik.values.yaml
index cdc8c25..002317d 100644
--- a/helm/values/traefik.values.yaml
+++ b/helm/values/traefik.values.yaml
@@ -16,3 +16,13 @@ topologySpreadConstraints:
     labelSelector:
       matchLabels:
         app: traefik
+additionalArguments:
+  - "--entryPoints.ssh.address=:22/tcp"
+ports:
+  ssh:
+    name: ssh
+    port: 22
+    exposedPort: 22
+    expose:
+      default: true
+    protocol: TCP
diff --git a/main.ts b/main.ts
index 8b88821..c1caa17 100644
--- a/main.ts
+++ b/main.ts
@@ -142,7 +142,10 @@ class Homelab extends TerraformStack {
     const gitea = new GiteaServer(this, "gitea-server", {
       name: "gitea",
       namespace,
-      provider: helm,
+      providers: {
+        helm,
+        kubernetes,
+      },
       r2Endpoint: `${env.ACCOUNT_ID}.r2.cloudflarestorage.com`,
     });