From 761e7cafde713fdc815209f34f03cfede9119b90 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Tue, 5 May 2026 13:41:09 -0300
Subject: [PATCH 1/3] feat: s3 storage support

---
 .env.sample  | 11 +++++++++++
 abra.sh      |  2 +-
 app.ini.tmpl | 15 +++++++++++++++
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/.env.sample b/.env.sample
index 7ead82f..76c4b7a 100644
--- a/.env.sample
+++ b/.env.sample
@@ -56,6 +56,17 @@ SECRET_DB_ROOT_PASSWORD_VERSION=v1
 SECRET_JWT_SECRET_VERSION=v1 # length=43
 SECRET_SECRET_KEY_VERSION=v1 # length=64
 
+# Change to "minio" an configure to enable S3 storage
+# https://forgejo.org/docs/latest/admin/setup/storage/
+GITEA_STORAGE_TYPE=local
+# MINIO_ENDPOINT=
+# MINIO_ACCESS_KEY_ID=
+# MINIO_SECRET_ACCESS_KEY=
+# MINIO_BUCKET=
+# MINIO_BUCKET_LOOKUP=auto
+# MINIO_LOCATION=garage
+# MINIO_CHECKSUM_ALGORITHM=default
+
 # SMTP Mailer
 # COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 # GITEA_SMTP_MAILER_ENABLED=1
diff --git a/abra.sh b/abra.sh
index 9662632..bb62ece 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,4 +1,4 @@
-export APP_INI_VERSION=v24
+export APP_INI_VERSION=v25
 export DOCKER_SETUP_SH_VERSION=v1
 export PG_BACKUP_VERSION=v1
 
diff --git a/app.ini.tmpl b/app.ini.tmpl
index e0f57df..8fd050f 100644
--- a/app.ini.tmpl
+++ b/app.ini.tmpl
@@ -16,6 +16,21 @@ PATH = {{ env "GITEA_PATH" }}
 DISABLE_GRAVATAR = {{ env "GITEA_DISABLE_GRAVATAR" }}
 ENABLE_FEDERATED_AVATAR = {{ env "GITEA_ENABLE_FEDERATED_AVATAR" }}
 
+[storage]
+STORAGE_TYPE = {{ env "GITEA_STORAGE_TYPE" }}
+{{ if eq (env "GITEA_STORAGE_TYPE") "minio" }}
+SERVE_DIRECT = false
+MINIO_ENDPOINT = {{ env "MINIO_ENDPOINT" }}
+MINIO_ACCESS_KEY_ID = {{ env "MINIO_ACCESS_KEY_ID" }}
+MINIO_SECRET_ACCESS_KEY = {{ env "MINIO_SECRET_ACCESS_KEY" }}
+MINIO_BUCKET = {{ env "MINIO_BUCKET" }}
+MINIO_BUCKET_LOOKUP = {{ env "MINIO_BUCKET_LOOKUP" }}
+MINIO_LOCATION = {{ env "MINIO_LOCATION" }}
+MINIO_USE_SSL = true
+MINIO_INSECURE_SKIP_VERIFY = false
+MINIO_CHECKSUM_ALGORITHM = {{ env "MINIO_CHECKSUM_ALGORITHM" }}
+{{ end }}
+
 [service]
 ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ env "GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION" }}
 ALLOW_ONLY_INTERNAL_REGISTRATION = {{ env "GITEA_ALLOW_ONLY_INTERNAL_REGISTRATION" }}

From cda9018607f5df2a5bdc50b257e4f818ff9788e4 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Wed, 6 May 2026 14:43:00 -0300
Subject: [PATCH 2/3] fix: store secret access key as secret

---
 .env.sample    | 3 ++-
 app.ini.tmpl   | 2 +-
 compose.s3.yml | 9 +++++++++
 3 files changed, 12 insertions(+), 2 deletions(-)
 create mode 100644 compose.s3.yml

diff --git a/.env.sample b/.env.sample
index 76c4b7a..3a9e833 100644
--- a/.env.sample
+++ b/.env.sample
@@ -61,11 +61,12 @@ SECRET_SECRET_KEY_VERSION=v1 # length=64
 GITEA_STORAGE_TYPE=local
 # MINIO_ENDPOINT=
 # MINIO_ACCESS_KEY_ID=
-# MINIO_SECRET_ACCESS_KEY=
+# SECRET_MINIO_SECRET_ACCESS_KEY_VERSION=v1
 # MINIO_BUCKET=
 # MINIO_BUCKET_LOOKUP=auto
 # MINIO_LOCATION=garage
 # MINIO_CHECKSUM_ALGORITHM=default
+# COMPOSE_FILE="$COMPOSE_FILE:compose.s3.yml"
 
 # SMTP Mailer
 # COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
diff --git a/app.ini.tmpl b/app.ini.tmpl
index 8fd050f..e260c79 100644
--- a/app.ini.tmpl
+++ b/app.ini.tmpl
@@ -22,7 +22,7 @@ STORAGE_TYPE = {{ env "GITEA_STORAGE_TYPE" }}
 SERVE_DIRECT = false
 MINIO_ENDPOINT = {{ env "MINIO_ENDPOINT" }}
 MINIO_ACCESS_KEY_ID = {{ env "MINIO_ACCESS_KEY_ID" }}
-MINIO_SECRET_ACCESS_KEY = {{ env "MINIO_SECRET_ACCESS_KEY" }}
+MINIO_SECRET_ACCESS_KEY = {{ secret "minio_secret_access_key" }}
 MINIO_BUCKET = {{ env "MINIO_BUCKET" }}
 MINIO_BUCKET_LOOKUP = {{ env "MINIO_BUCKET_LOOKUP" }}
 MINIO_LOCATION = {{ env "MINIO_LOCATION" }}
diff --git a/compose.s3.yml b/compose.s3.yml
new file mode 100644
index 0000000..3111110
--- /dev/null
+++ b/compose.s3.yml
@@ -0,0 +1,9 @@
+---
+services:
+  app:
+    secrets:
+      - minio_secret_access_key
+secrets:
+  minio_secret_access_key:
+    name: ${STACK_NAME}_minio_secret_access_key_${SECRET_MINIO_SECRET_ACCESS_KEY_VERSION}
+    external: true

From 80a43c2a00505cda38a007fc7b95118c31b3b314 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Wed, 6 May 2026 14:45:20 -0300
Subject: [PATCH 3/3] fix: compose file version

---
 compose.s3.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/compose.s3.yml b/compose.s3.yml
index 3111110..6afd2da 100644
--- a/compose.s3.yml
+++ b/compose.s3.yml
@@ -1,4 +1,5 @@
 ---
+version: "3.8"
 services:
   app:
     secrets: