Add Gitea for managed code hosting
This commit adds a new service for Gitea, exposing HTTP and SSH ports by default (SSH over 7920), and accepting authentication via the local SMTP server. No users are otherwise created by default, and administration is expected to happen either via CLI, or via a custom admin user.
This commit is contained in:
parent
786af62d5a
commit
e467b89e7f
Binary file not shown.
Binary file not shown.
|
@ -25,6 +25,7 @@ ignition:
|
|||
- local: service/hugo/spec.ign
|
||||
- local: service/prometheus/spec.ign
|
||||
- local: service/grafana/spec.ign
|
||||
- local: service/gitea/spec.ign
|
||||
|
||||
passwd:
|
||||
users:
|
||||
|
@ -127,12 +128,21 @@ systemd:
|
|||
[Service]
|
||||
Environment=UPSTREAM_HOST=grafana UPSTREAM_PORT=8080
|
||||
|
||||
- name: nginx-proxy-http@gitea.localhost.service
|
||||
enabled: true
|
||||
dropins:
|
||||
- name: gitea-upstream.conf
|
||||
contents: |
|
||||
[Service]
|
||||
Environment=UPSTREAM_HOST=gitea UPSTREAM_PORT=8080
|
||||
|
||||
- name: letsencrypt-dns-register@localhost.service
|
||||
enabled: true
|
||||
dropins:
|
||||
- name: use-local-files.conf
|
||||
contents: |
|
||||
[Service]
|
||||
ExecStartPre=/bin/podman volume create letsencrypt
|
||||
ExecStart=
|
||||
ExecStart=/bin/sh -c "V=$(podman volume mount letsencrypt) && cp -Rv /etc/ssl/private/certificates $V"
|
||||
ExecStartPost=/bin/podman volume unmount letsencrypt
|
||||
|
|
|
@ -47,3 +47,13 @@ RCLONE_CRYPT_SALT=jqsQXp_MPwBPIzw69TkmSp7ScuA
|
|||
|
||||
# Configuration for WriteFreely.
|
||||
WRITEFREELY_SITE_HOST=https://writefreely.localhost
|
||||
|
||||
# Configuration for Gitea.
|
||||
GITEA_APP_NAME="Gitea: Git with a cup of tea"
|
||||
GITEA_DOMAIN=gitea.localhost
|
||||
GITEA_SSH_DOMAIN=gitea.localhost
|
||||
GITEA_SSH_PORT=7920
|
||||
GITEA_SECRET_KEY=password
|
||||
GITEA_DISABLE_REGISTRATION=true
|
||||
GITEA_REQUIRE_SIGNIN_VIEW=false
|
||||
GITEA_MAILER_FROM=noreply@gitea.localhost
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
FROM docker.io/debian:bullseye-slim
|
||||
ARG VERSION=1.16.9
|
||||
|
||||
RUN apt-get update -y && apt-get upgrade -y && \
|
||||
apt-get install -y --no-install-recommends curl ca-certificates gettext gosu \
|
||||
git openssh-client gnupg
|
||||
|
||||
ENV PACKAGE_URL https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64
|
||||
RUN curl -L -o /usr/bin/gitea ${PACKAGE_URL} && chmod +x /usr/bin/gitea
|
||||
|
||||
RUN apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false curl
|
||||
|
||||
RUN addgroup --system --gid 10000 git
|
||||
RUN adduser --system --uid 10000 --ingroup git --home /var/lib/gitea git
|
||||
|
||||
COPY container/config /etc/gitea
|
||||
COPY container/run-gitea /run-gitea
|
||||
|
||||
EXPOSE 8080 7920
|
||||
ENTRYPOINT ["/run-gitea"]
|
|
@ -0,0 +1,64 @@
|
|||
APP_NAME = ${GITEA_APP_NAME}
|
||||
RUN_USER = git
|
||||
RUN_MODE = prod
|
||||
|
||||
[repository]
|
||||
ROOT = /var/lib/gitea/repositories
|
||||
|
||||
[repository.local]
|
||||
LOCAL_COPY_PATH = /var/lib/gitea/tmp/local-repo
|
||||
|
||||
[repository.upload]
|
||||
TEMP_PATH = /var/lib/gitea/tmp/uploads
|
||||
|
||||
[server]
|
||||
APP_DATA_PATH = /var/lib/gitea
|
||||
ROOT_URL = https://${GITEA_DOMAIN}/
|
||||
DOMAIN = ${GITEA_DOMAIN}
|
||||
SSH_DOMAIN = ${GITEA_SSH_DOMAIN}
|
||||
HTTP_PORT = 8080
|
||||
SSH_PORT = ${GITEA_SSH_PORT}
|
||||
SSH_LISTEN_PORT = 7920
|
||||
|
||||
[database]
|
||||
DB_TYPE = sqlite3
|
||||
PATH = /var/lib/gitea/gitea.db
|
||||
LOG_SQL = false
|
||||
|
||||
[indexer]
|
||||
ISSUE_INDEXER_PATH = /var/lib/gitea/indexers/issues.bleve
|
||||
|
||||
[session]
|
||||
PROVIDER_CONFIG = /var/lib/gitea/sessions
|
||||
|
||||
[picture]
|
||||
AVATAR_UPLOAD_PATH = /var/lib/gitea/avatars
|
||||
REPOSITORY_AVATAR_UPLOAD_PATH = /var/lib/gitea/repo-avatars
|
||||
|
||||
[attachment]
|
||||
PATH = /var/lib/gitea/attachments
|
||||
|
||||
[log]
|
||||
MODE = console
|
||||
LEVEL = info
|
||||
ROUTER = console
|
||||
ROOT_PATH = /var/lib/gitea/log
|
||||
|
||||
[security]
|
||||
SECRET_KEY = ${GITEA_SECRET_KEY}
|
||||
INSTALL_LOCK = true
|
||||
REVERSE_PROXY_LIMIT = 1
|
||||
REVERSE_PROXY_TRUSTED_PROXIES = 10.89.0.0/16
|
||||
|
||||
[service]
|
||||
DISABLE_REGISTRATION = ${GITEA_DISABLE_REGISTRATION}
|
||||
REQUIRE_SIGNIN_VIEW = ${GITEA_REQUIRE_SIGNIN_VIEW}
|
||||
|
||||
[mailer]
|
||||
ENABLED = true
|
||||
MAILER_TYPE = smtp
|
||||
IS_TLS_ENABLED = true
|
||||
FROM = ${GITEA_MAILER_FROM}
|
||||
HOST = ${GITEA_MAILER_HOST}
|
||||
USER = ${GITEA_MAILER_USER}
|
||||
PASSWD = ${GITEA_MAILER_PASSWD}
|
|
@ -0,0 +1,26 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -eu
|
||||
|
||||
# Export shared variables.
|
||||
export GITEA_WORK_DIR=/var/lib/gitea
|
||||
|
||||
# Create configuration file from collected templates.
|
||||
envsubst < /etc/gitea/config.ini.template > /etc/gitea/config.ini
|
||||
|
||||
# Create data directories and correct permissions for data files.
|
||||
install --owner git --group git --mode 700 --directory /var/lib/gitea
|
||||
chown -R git:git /etc/gitea
|
||||
|
||||
# Initialize default condiguration if needed.
|
||||
if ! test -f /var/lib/gitea/gitea.db; then
|
||||
# Set up database.
|
||||
gosu git /usr/bin/gitea -c /etc/gitea/config.ini migrate
|
||||
|
||||
# Set up SMTP authentication via local service.
|
||||
gosu git /usr/bin/gitea -c /etc/gitea/config.ini admin auth add-smtp --name postfix --active \
|
||||
--host "${GITEA_AUTH_SMTP_HOST}" --port "${GITEA_AUTH_SMTP_PORT}"
|
||||
fi
|
||||
|
||||
# Run entrypoint under specific user.
|
||||
gosu git /usr/bin/gitea -c /etc/gitea/config.ini web "$@"
|
|
@ -0,0 +1,20 @@
|
|||
# Application settings.
|
||||
GITEA_APP_NAME=${GITEA_APP_NAME}
|
||||
GITEA_SECRET_KEY=${GITEA_SECRET_KEY}
|
||||
GITEA_DISABLE_REGISTRATION=${GITEA_DISABLE_REGISTRATION}
|
||||
GITEA_REQUIRE_SIGNIN_VIEW=${GITEA_REQUIRE_SIGNIN_VIEW}
|
||||
|
||||
# Server settings.
|
||||
GITEA_DOMAIN=${GITEA_DOMAIN}
|
||||
GITEA_SSH_DOMAIN=${GITEA_SSH_DOMAIN}
|
||||
GITEA_SSH_PORT=${GITEA_SSH_PORT}
|
||||
|
||||
# SMTP authentication settings.
|
||||
GITEA_AUTH_SMTP_HOST=${POSTFIX_HOST}
|
||||
GITEA_AUTH_SMTP_PORT=587
|
||||
|
||||
# SMTP mailer settings.
|
||||
GITEA_MAILER_FROM=${GITEA_MAILER_FROM}
|
||||
GITEA_MAILER_HOST=${POSTFIX_HOST}:587
|
||||
GITEA_MAILER_USER=${POSTFIX_LOCAL_SMTP_USERNAME}
|
||||
GITEA_MAILER_PASSWD=${POSTFIX_LOCAL_SMTP_PASSWORD}
|
|
@ -0,0 +1,12 @@
|
|||
variant: fcos
|
||||
version: 1.3.0
|
||||
storage:
|
||||
trees:
|
||||
- path: /etc/coreos-home-server/gitea
|
||||
local: service/gitea/
|
||||
- path: /etc/systemd/system
|
||||
local: service/gitea/systemd/
|
||||
systemd:
|
||||
units:
|
||||
- name: gitea.service
|
||||
enabled: true
|
|
@ -0,0 +1,21 @@
|
|||
[Unit]
|
||||
Description=Gitea Self-Hosted Git Service
|
||||
Wants=container-build@%N.service container-volume@%N.service
|
||||
After=container-build@%N.service container-volume@%N.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
NotifyAccess=all
|
||||
SyslogIdentifier=%N
|
||||
Restart=on-failure
|
||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||
ExecStart=/bin/podman run --replace --name %N --net internal --sdnotify=conmon \
|
||||
--env-file %E/coreos-home-server/%N/%N.env \
|
||||
--publish 7920:7920 \
|
||||
--volume %N:/var/lib/%N:z \
|
||||
localhost/%N:latest
|
||||
ExecStop=/bin/podman stop --ignore --time 10 %N
|
||||
ExecStopPost=/bin/podman rm --ignore --force %N
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue