the great migration from truenas to fedora and all its collatoral
All checks were successful
Reese's Arch Toolbox / build-and-push-arch-toolbox (push) Successful in 24m47s
All checks were successful
Reese's Arch Toolbox / build-and-push-arch-toolbox (push) Successful in 24m47s
This commit is contained in:
110
podman/graduated/gitea/gitea.md
Normal file
110
podman/graduated/gitea/gitea.md
Normal file
@@ -0,0 +1,110 @@
|
||||
# Gitea
|
||||
|
||||
## Gitea on Rootless Podman
|
||||
|
||||
### Create the gitea user
|
||||
|
||||
```bash
|
||||
useradd gitea
|
||||
|
||||
su - gitea
|
||||
ssh-keygen
|
||||
exit
|
||||
cp ~/.ssh/authorized_keys /home/gitea/.ssh/authorized_keys
|
||||
chown gitea:gitea /home/gitea/.ssh/authorized_keys
|
||||
loginctl enable-linger $(id -u gitea)
|
||||
```
|
||||
|
||||
SSH into the server as gitea
|
||||
|
||||
```bash
|
||||
systemctl --user enable podman-restart
|
||||
systemctl --user enable --now podman.socket
|
||||
mkdir -p ~/.config/containers/systemd
|
||||
mkdir data config postgres
|
||||
```
|
||||
|
||||
### Convert Compose to Quadlet
|
||||
|
||||
```bash
|
||||
# Run this in Homelab, not on the serrver.
|
||||
mkdir quadlets
|
||||
|
||||
# Generate the systemd service
|
||||
podman run \
|
||||
--security-opt label=disable \
|
||||
--rm \
|
||||
-v $(pwd):/compose \
|
||||
-v $(pwd)/quadlets:/quadlets \
|
||||
quay.io/k9withabone/podlet \
|
||||
-f /quadlets \
|
||||
-i \
|
||||
--overwrite \
|
||||
compose /compose/compose.yaml
|
||||
|
||||
# Copy the files to the server
|
||||
scp -r quadlets/. gitea:~/.config/containers/systemd/
|
||||
```
|
||||
|
||||
### Install Quadlets
|
||||
|
||||
The first user you register will be the admin
|
||||
|
||||
```bash
|
||||
ssh gitea
|
||||
systemctl --user daemon-reload
|
||||
systemctl --user start gitea postgres
|
||||
```
|
||||
|
||||
## Gitea Runners
|
||||
|
||||
<https://docs.gitea.com/next/usage/actions/act-runner/#install-with-the-docker-image>
|
||||
|
||||
### Firewall Rules
|
||||
|
||||
Since our runner will be contacting our public IP, we need to add a firewall rule to allow
|
||||
traffic from our DMZ network to our DMZ network. Do this in Unifi or whatever equivalent
|
||||
you have.
|
||||
|
||||
### Install
|
||||
|
||||
```bash
|
||||
touch config.yaml
|
||||
|
||||
export GITEA_TOKEN=
|
||||
docker run \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||
-e GITEA_INSTANCE_URL=https://gitea.reeseapps.com \
|
||||
-e GITEA_RUNNER_REGISTRATION_TOKEN=$GITEA_TOKEN \
|
||||
-e GITEA_RUNNER_NAME=gitea_runner \
|
||||
--restart always \
|
||||
--name gitea_runner \
|
||||
-d docker.io/gitea/act_runner:latest
|
||||
```
|
||||
|
||||
### Cache Cleanup
|
||||
|
||||
Each org or project with a package registry will have its own cleanup rules. For example,
|
||||
services -> settings -> Packages -> Add Cleanup Rule will allow you to create a cleanup
|
||||
rule for packages stored under the "services" org. These cleanup rules should run automatically.
|
||||
|
||||
On the other hand, the docker builder cache will balloon out of control over time. The gitea
|
||||
docker runner is handled outside of Gitea's context, so you'll need to clean it up yourself.
|
||||
|
||||
```bash
|
||||
# Check used system resources
|
||||
docker system df
|
||||
```
|
||||
|
||||
You should run something like this on a schedule:
|
||||
|
||||
```bash
|
||||
# Prune the builder cache
|
||||
docker builder prune -a
|
||||
```
|
||||
|
||||
To run it every day at midnight: `crontab -e`
|
||||
|
||||
```bash
|
||||
0 0 * * * yes | docker builder prune -a
|
||||
```
|
||||
Reference in New Issue
Block a user