From 8182141bc14560495a8303d970ec8ec9c7ca300b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20J=C3=B6rg?= <moritz.jorg@oceanbox.io>
Date: Tue, 13 Jan 2026 16:08:09 +0100
Subject: [PATCH] fix(forgejo): Add s3 for packages

---
 values/forgejo/values/values.yaml | 59 +++++++++++++++++++++++--------
 1 file changed, 44 insertions(+), 15 deletions(-)

diff --git a/values/forgejo/values/values.yaml b/values/forgejo/values/values.yaml
index 908323df..ee3729e0 100644
--- a/values/forgejo/values/values.yaml
+++ b/values/forgejo/values/values.yaml
@@ -6,21 +6,17 @@ image:
   rootless: true
 
 resources:
-  limits:
-    cpu: 1000m
-    memory: 2Gi
   requests:
     cpu: 200m
     memory: 512Mi
 
 gitea:
+  metrics:
+    enabled: false
+    serviceMonitor:
+      enabled: false
   config:
-    # database:
-    #   DB_TYPE: postgres
-    #   HOST: forgejo-db-rw:5432
-    #   NAME: app
-    #   USER: app
-    #   SCHEMA: public
+    APP_NAME: 'Forgejo: With a cup of tea.'
     cache:
       ENABLED: true
       ADAPTER: redis
@@ -31,6 +27,11 @@ gitea:
     queue:
       TYPE: redis
       CONN_STR: redis://dragonfly-forgejo.forgejo.svc:6379/2
+    storage:
+      MINIO_ENDPOINT: https://hel1.your-objectstorage.com
+      MINIO_LOCATION: eu-central
+      MINIO_BUCKET: forgejo
+      MINIO_USE_SSL: false
     security:
       INSTALL_LOCK: true
     service:
@@ -40,10 +41,25 @@ gitea:
       ROOT_URL: https://git.svc.hel1.obx
       SSH_DOMAIN: git.svc.hel1.obx
       SSH_PORT: 22
+      SSH_SERVER_USE_PROXY_PROTOCOL: true
+      LANDING_PAGE: "explore"
     oauth2_client:
       ENABLE_AUTO_REGISTRATION: true
       UPDATE_AVATAR: true
       ACCOUNT_LINKING: auto
+    database:
+      MAX_OPEN_CONNS: 90
+    attachment:
+      STORAGE_TYPE: minio
+    lfs:
+      STORAGE_TYPE: minio
+    picture:
+      AVATAR_STORAGE_TYPE: minio
+    'storage.packages':
+      STORAGE_TYPE: minioc
+    openid:
+      ENABLE_OPENID_SIGNIN: false
+      ENABLE_OPENID_SIGNUP: false
   oauth:
     - name: 'Oceanbox'
       provider: 'openidConnect'
@@ -54,6 +70,16 @@ gitea:
       adminGroup: '/oceanbox/devel'
       restrictedGroup: ''
   additionalConfigFromEnvs:
+    - name: FORGEJO__STORAGE__MINIO_ACCESS_KEY_ID
+      valueFrom:
+        secretKeyRef:
+          name: forgejo-s3
+          key: access_key
+    - name: FORGEJO__STORAGE__MINIO_SECRET_ACCESS_KEY_ID
+      valueFrom:
+        secretKeyRef:
+          name: forgejo-s3
+          key: secret_key
     - name: FORGEJO__DATABASE__PASSWD
       valueFrom:
         secretKeyRef:
@@ -76,10 +102,6 @@ gitea:
           key: host
     - name: FORGEJO__DATABASE__DB_TYPE
       value: postgres
-    - name: FORGEJO__OPENID__ENABLE_OPENID_SIGNIN
-      value: "true"
-    - name: FORGEJO__OPENID__ENABLE_OPENID_SIGNUP
-      value: "true"
 
 ingress:
   enabled: true
@@ -88,12 +110,19 @@ ingress:
     cert-manager.io/cluster-issuer: ca-issuer
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
     nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24,100.64.0.0/12
   hosts:
     - host: git.svc.hel1.obx
       paths:
-        - path: /
-          pathType: Prefix
+      - backend:
+          service:
+            name: forgejo-http
+            port:
+              number: 3000
+        path: /
+        pathType: ImplementationSpecific
   tls:
     - secretName: forgejo-tls
       hosts: