diff --git a/gitea/index.ts b/gitea/index.ts
index 0b85309..56c7974 100644
--- a/gitea/index.ts
+++ b/gitea/index.ts
@@ -7,6 +7,7 @@ type GiteaServerOptions = {
   provider: HelmProvider;
   name: string;
   namespace: string;
+  r2Endpoint: string;
 };
 
 export class GiteaServer extends Construct {
@@ -18,6 +19,12 @@ export class GiteaServer extends Construct {
       repository: "https://dl.gitea.com/charts",
       chart: "gitea",
       createNamespace: true,
+      set: [
+        {
+          name: "gitea.config.storage.MINIO_ENDPOINT",
+          value: options.r2Endpoint,
+        },
+      ],
       values: [
         fs.readFileSync("helm/values/gitea.values.yaml", {
           encoding: "utf8",
diff --git a/helm/values/gitea.values.yaml b/helm/values/gitea.values.yaml
index 628b8f5..a87abda 100644
--- a/helm/values/gitea.values.yaml
+++ b/helm/values/gitea.values.yaml
@@ -67,8 +67,11 @@ gitea:
       PROVIDER_CONFIG: ""
     queue:
       TYPE: channel
-    lfs:
-      STORAGE_TYPE: local
+    storage:
+      STORAGE_TYPE: minio
+      MINIO_USE_SSL: true
+      MINIO_BUCKET_LOOKUP_STYLE: path
+      MINIO_LOCATION: auto
     service:
       DISABLE_REGISTRATION: true
     oauth2_client:
@@ -78,6 +81,7 @@ gitea:
       PROTOCOL: smtp+starttls
       SMTP_ADDR: smtp.protonmail.ch
       SMTP_PORT: 587
+      FROM: git@dogar.dev
   oauth:
     - name: "authentik"
       provider: "openidConnect"
@@ -85,6 +89,21 @@ gitea:
       autoDiscoverUrl: "https://auth.dogar.dev/application/o/gitea/.well-known/openid-configuration"
       iconUrl: "https://goauthentik.io/img/icon.png"
       scopes: "email profile"
+  livenessProbe:
+    enabled: true
+    scheme: HTTPS
+    tcpSocket:
+      port: http
+  readinessProbe:
+    enabled: true
+    scheme: HTTPS
+    tcpSocket:
+      port: http
+  startupProbe:
+    enabled: true
+    scheme: HTTPS
+    tcpSocket:
+      port: http
   additionalConfigFromEnvs:
     - name: GITEA__MAILER__PASSWD
       valueFrom:
@@ -95,6 +114,16 @@ gitea:
       value: "/tmp/gitea-uploads"
     - name: GITEA__PACKAGES__CHUNKED_UPLOAD_CONCURRENCY
       value: "4"
+    - name: GITEA__STORAGE__MINIO_ACCESS_KEY_ID
+      valueFrom:
+        secretKeyRef:
+          name: cloudflare-token
+          key: access_key_id
+    - name: GITEA__STORAGE__MINIO_SECRET_ACCESS_KEY
+      valueFrom:
+        secretKeyRef:
+          name: cloudflare-token
+          key: secret_access_key
 persistence:
   labels:
     recurring-job.longhorn.io/source: "enabled"
diff --git a/main.ts b/main.ts
index 9f78e29..061a293 100644
--- a/main.ts
+++ b/main.ts
@@ -21,10 +21,7 @@ import { ExternalDNS } from "./external-dns";
 dotenv.config();
 
 const env = cleanEnv(process.env, {
-  R2_ACCESS_KEY_ID: str(),
-  R2_SECRET_ACCESS_KEY: str(),
   ACCOUNT_ID: str({ desc: "Cloudflare account id." }),
-  BUCKET: str({ desc: "The name of the R2 bucket." }),
 });
 
 const r2Endpoint = `https://${env.ACCOUNT_ID}.r2.cloudflarestorage.com`;
@@ -139,6 +136,7 @@ class Homelab extends TerraformStack {
       name: "gitea",
       namespace,
       provider: helm,
+      r2Endpoint: `${env.ACCOUNT_ID}.r2.cloudflarestorage.com`,
     });
 
     gitea.node.addDependency(authentik);