From 3fb05825d8dcbc4e6ffacbc19e1e7e578d706b60 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Thu, 7 May 2026 16:44:37 +0000 Subject: [PATCH] [forgejo] Drop the FORGEJO__packages__CHUNKED_UPLOAD_PATH override MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Setting it to /data/tmp/package-upload triggers a CrashLoopBackOff because /data is the volume mount root and is owned by root, not the forgejo user (uid 1000) — Forgejo can't `mkdir /data/tmp`. The default value resolves under the AppDataPath (a subdir Forgejo itself owns) which works fine. Keep the ENABLED=true override; v11 ships packages on but explicit is safer. Co-Authored-By: Claude Opus 4.7 --- stacks/forgejo/main.tf | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/stacks/forgejo/main.tf b/stacks/forgejo/main.tf index 5b52c419..b0275ac0 100644 --- a/stacks/forgejo/main.tf +++ b/stacks/forgejo/main.tf @@ -108,16 +108,15 @@ resource "kubernetes_deployment" "forgejo" { } # OCI registry (container packages). Default-on in Forgejo v11 but # explicit so it can't be silently disabled by an upstream config - # change. Chunked-upload path needs a directory inside /data so it - # survives pod restarts and shares the same PVC as the registry blobs. + # change. CHUNKED_UPLOAD_PATH defaults to `data/tmp/package-upload` + # under Forgejo's AppDataPath (resolves to a writable subdir of + # /data/gitea/) — overriding to /data/tmp directly hits a perms + # issue because /data is the volume mount root and is not chowned + # to the forgejo user. env { name = "FORGEJO__packages__ENABLED" value = "true" } - env { - name = "FORGEJO__packages__CHUNKED_UPLOAD_PATH" - value = "/data/tmp/package-upload" - } volume_mount { name = "data" mount_path = "/data"