feat: Gitea | set up minio storage pointing at R2

2025-11-16 12:30:27 +05:00
parent 0d6c5d4a98
commit cfe7830606
3 changed files with 39 additions and 5 deletions
--- a/gitea/index.ts
+++ b/gitea/index.ts
@@ -7,6 +7,7 @@ type GiteaServerOptions = {
  provider: HelmProvider;
  name: string;
  namespace: string;
+  r2Endpoint: string;
 };

 export class GiteaServer extends Construct {
@@ -18,6 +19,12 @@ export class GiteaServer extends Construct {
      repository: "https://dl.gitea.com/charts",
      chart: "gitea",
      createNamespace: true,
+      set: [
+        {
+          name: "gitea.config.storage.MINIO_ENDPOINT",
+          value: options.r2Endpoint,
+        },
+      ],
      values: [
        fs.readFileSync("helm/values/gitea.values.yaml", {
          encoding: "utf8",
--- a/helm/values/gitea.values.yaml
+++ b/helm/values/gitea.values.yaml
@@ -67,8 +67,11 @@ gitea:
      PROVIDER_CONFIG: ""
    queue:
      TYPE: channel
-    lfs:
-      STORAGE_TYPE: local
+    storage:
+      STORAGE_TYPE: minio
+      MINIO_USE_SSL: true
+      MINIO_BUCKET_LOOKUP_STYLE: path
+      MINIO_LOCATION: auto
    service:
      DISABLE_REGISTRATION: true
    oauth2_client:
@@ -78,6 +81,7 @@ gitea:
      PROTOCOL: smtp+starttls
      SMTP_ADDR: smtp.protonmail.ch
      SMTP_PORT: 587
+      FROM: git@dogar.dev
  oauth:
    - name: "authentik"
      provider: "openidConnect"
@@ -85,6 +89,21 @@ gitea:
      autoDiscoverUrl: "https://auth.dogar.dev/application/o/gitea/.well-known/openid-configuration"
      iconUrl: "https://goauthentik.io/img/icon.png"
      scopes: "email profile"
+  livenessProbe:
+    enabled: true
+    scheme: HTTPS
+    tcpSocket:
+      port: http
+  readinessProbe:
+    enabled: true
+    scheme: HTTPS
+    tcpSocket:
+      port: http
+  startupProbe:
+    enabled: true
+    scheme: HTTPS
+    tcpSocket:
+      port: http
  additionalConfigFromEnvs:
    - name: GITEA__MAILER__PASSWD
      valueFrom:
@@ -95,6 +114,16 @@ gitea:
      value: "/tmp/gitea-uploads"
    - name: GITEA__PACKAGES__CHUNKED_UPLOAD_CONCURRENCY
      value: "4"
+    - name: GITEA__STORAGE__MINIO_ACCESS_KEY_ID
+      valueFrom:
+        secretKeyRef:
+          name: cloudflare-token
+          key: access_key_id
+    - name: GITEA__STORAGE__MINIO_SECRET_ACCESS_KEY
+      valueFrom:
+        secretKeyRef:
+          name: cloudflare-token
+          key: secret_access_key
 persistence:
  labels:
    recurring-job.longhorn.io/source: "enabled"
--- a/main.ts
+++ b/main.ts
@@ -21,10 +21,7 @@ import { ExternalDNS } from "./external-dns";
 dotenv.config();

 const env = cleanEnv(process.env, {
-  R2_ACCESS_KEY_ID: str(),
-  R2_SECRET_ACCESS_KEY: str(),
  ACCOUNT_ID: str({ desc: "Cloudflare account id." }),
-  BUCKET: str({ desc: "The name of the R2 bucket." }),
 });

 const r2Endpoint = `https://${env.ACCOUNT_ID}.r2.cloudflarestorage.com`;
@@ -139,6 +136,7 @@ class Homelab extends TerraformStack {
      name: "gitea",
      namespace,
      provider: helm,
+      r2Endpoint: `${env.ACCOUNT_ID}.r2.cloudflarestorage.com`,
    });

    gitea.node.addDependency(authentik);