feat: Gitea | migrate helm chart into CDKTF (#3)

Reviewed-on: #3

.gitignore

@@ -1,2 +1,14 @@
 1password-credentials.json
 .direnv
+.env
+*.d.ts
+*.js
+node_modules
+cdktf.out
+cdktf.log
+*terraform.*.tfstate*
+.gen
+.terraform
+tsconfig.tsbuildinfo
+!jest.config.js
+!setup.js

cdktf.json

@@ -0,0 +1,11 @@
+{
+  "language": "typescript",
+  "app": "npx ts-node main.ts",
+  "projectId": "ba1e0717-f034-4554-b39f-a05d4326cbf8",
+  "sendCrashReports": "true",
+  "terraformProviders": [],
+  "terraformModules": [],
+  "context": {
+
+  }
+}

flake.lock

@@ -20,16 +20,18 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1750365781,
+        "lastModified": 1752077645,
-        "narHash": "sha256-XE/lFNhz5lsriMm/yjXkvSZz5DfvKJLUjsS6pP8EC50=",
+        "narHash": "sha256-HM791ZQtXV93xtCY+ZxG1REzhQenSQO020cu6rHtAPk=",
-        "rev": "08f22084e6085d19bcfb4be30d1ca76ecb96fe54",
+        "owner": "NixOS",
-        "revCount": 818804,
+        "repo": "nixpkgs",
-        "type": "tarball",
+        "rev": "be9e214982e20b8310878ac2baa063a961c1bdf6",
-        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.818804%2Brev-08f22084e6085d19bcfb4be30d1ca76ecb96fe54/01978cc3-592f-7488-b61e-844ab20aa68b/source.tar.gz"
+        "type": "github"
       },
       "original": {
-        "type": "tarball",
+        "owner": "NixOS",
-        "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1"
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
       }
     },
     "root": {

flake.nix

@@ -2,26 +2,38 @@
   description = "Flake to work with homelab setup";
 
   inputs = {
-    nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
     flake-utils.url = "github:numtide/flake-utils";
   };
 
   outputs = { nixpkgs, flake-utils, ... }: flake-utils.lib.eachDefaultSystem (system:
     let
+      lib = nixpkgs.lib;
+
       # Import nixpkgs to access packages
-      pkgs = import nixpkgs { inherit system; };
+      pkgs = import nixpkgs {
+        inherit system;
+        config = {
+          allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+            "terraform"
+          ];
+        };
+      };
 
       # Define the devshell
       devShell = pkgs.mkShell {
         buildInputs = with pkgs; [
-          helmfile
-          kubernetes-helm
-          kubernetes-helmPlugins.helm-diff
           kubectl
           nil
+          terraform
+          tflint
 
           # Adding node for copilot
           nodejs_24
+
+          # cli tools
+          nodePackages.cdktf-cli
+          rm-improved
         ];
       };
     in {

gitea/server.ts

@@ -0,0 +1,29 @@
+import * as fs from "fs";
+import { HelmProvider } from "@cdktf/provider-helm/lib/provider";
+import { Release } from "@cdktf/provider-helm/lib/release";
+import { Construct } from "constructs";
+
+type GiteaServerOptions = {
+  provider: HelmProvider;
+  version: string;
+  name: string;
+  namespace: string;
+};
+
+export class GiteaServer extends Construct {
+  constructor(scope: Construct, id: string, options: GiteaServerOptions) {
+    super(scope, id);
+
+    new Release(this, id, {
+      ...options,
+      repository: "https://dl.gitea.com/charts",
+      chart: "gitea",
+      createNamespace: true,
+      values: [
+        fs.readFileSync("helm/values/gitea.values.yaml", {
+          encoding: "utf8",
+        }),
+      ],
+    });
+  }
+}

helm/helmfile.yaml

@@ -11,8 +11,6 @@ repositories:
     url: https://charts.bitnami.com/bitnami
   - name: cnpg
     url: https://cloudnative-pg.github.io/charts
-  - name: gitea
-    url: https://dl.gitea.com/charts
   - name: jetstack
     url: https://charts.jetstack.io
   - name: prometheus-community
@@ -73,14 +71,6 @@ releases:
     values:
       - ./values/memcached.values.yaml
 
-  # Gitea
-  - name: gitea
-    namespace: gitea-system
-    chart: gitea/gitea
-    version: 10.4.0
-    values:
-      - ./values/gitea.values.yaml
-
   # Cert Manager
   - name: cert-manager
     namespace: cert-manager

main.ts

@@ -0,0 +1,56 @@
+import * as dotenv from "dotenv";
+import { cleanEnv, str } from "envalid";
+import { Construct } from "constructs";
+import { App, TerraformStack, S3Backend } from "cdktf";
+import { HelmProvider } from "@cdktf/provider-helm/lib/provider";
+
+import { GiteaServer } from "./gitea/server";
+
+dotenv.config();
+
+const env = cleanEnv(process.env, {
+  R2_ACCESS_KEY_ID: str(),
+  R2_SECRET_ACCESS_KEY: str(),
+  ACCOUNT_ID: str({ desc: "Cloudflare account id." }),
+  BUCKET: str({ desc: "The name of the R2 bucket." }),
+});
+
+class Homelab extends TerraformStack {
+  constructor(scope: Construct, id: string) {
+    super(scope, id);
+
+    const helm = new HelmProvider(this, "helm", {
+      kubernetes: {
+        configPath: "~/.kube/config",
+      },
+    });
+
+    new GiteaServer(this, "gitea-server", {
+      name: "gitea",
+      namespace: "gitea-system",
+      provider: helm,
+      version: "10.4.0",
+    });
+  }
+}
+
+const app = new App();
+const stack = new Homelab(app, "homelab");
+
+new S3Backend(stack, {
+  bucket: env.BUCKET,
+  key: "terraform.tfstate",
+  region: "auto",
+  skipCredentialsValidation: true,
+  skipMetadataApiCheck: true,
+  skipRegionValidation: true,
+  skipRequestingAccountId: true,
+  skipS3Checksum: true,
+  accessKey: env.R2_ACCESS_KEY_ID,
+  secretKey: env.R2_SECRET_ACCESS_KEY,
+  endpoints: {
+    s3: `https://${env.ACCOUNT_ID}.r2.cloudflarestorage.com/homelab-terraform-state`,
+  },
+});
+
+app.synth();

package.json

@@ -0,0 +1,38 @@
+{
+  "name": "homelab",
+  "version": "1.0.0",
+  "description": "CDKTF project to spin up my homelab",
+  "repository": {
+    "type": "git",
+    "url": "git@git.dogar.dev:shahab/homelab.git"
+  },
+  "license": "GPL-3.0-or-later",
+  "author": "shahab@dogar.dev",
+  "main": "main.js",
+  "types": "main.ts",
+  "engines": {
+    "node": "24"
+  },
+  "scripts": {
+    "get": "cdktf get",
+    "build": "tsc",
+    "synth": "cdktf synth",
+    "compile": "tsc --pretty",
+    "watch": "tsc -w",
+    "upgrade": "npm i cdktf@latest cdktf-cli@latest",
+    "upgrade:next": "npm i cdktf@next cdktf-cli@next"
+  },
+  "dependencies": {
+    "@cdktf/provider-helm": "10.5.0",
+    "@cdktf/provider-kubernetes": "11.12.1",
+    "cdktf": "^0.20.12",
+    "constructs": "^10.4.2",
+    "dotenv": "^16.5.0",
+    "envalid": "^8.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^24.0.3",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.8.3"
+  }
+}

tsconfig.json

@@ -0,0 +1,35 @@
+{
+  "compilerOptions": {
+    "alwaysStrict": true,
+    "declaration": true,
+    "experimentalDecorators": true,
+    "inlineSourceMap": true,
+    "inlineSources": true,
+    "lib": [
+      "es2018"
+    ],
+    "module": "CommonJS",
+    "noEmitOnError": true,
+    "noFallthroughCasesInSwitch": true,
+    "noImplicitAny": true,
+    "noImplicitReturns": true,
+    "noImplicitThis": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "resolveJsonModule": true,
+    "strict": true,
+    "strictNullChecks": true,
+    "strictPropertyInitialization": true,
+    "stripInternal": true,
+    "target": "ES2018",
+    "incremental": true,
+    "skipLibCheck": true
+  },
+  "include": [
+    "**/*.ts"
+  ],
+  "exclude": [
+    "node_modules",
+    "cdktf.out"
+  ]
+}