moving everything to active or retired vs incubating and graduated

active/podman_gitea/gitea.md

@@ -0,0 +1,136 @@
+# Gitea
+
+- [Gitea](#gitea)
+  - [Gitea on Rootless Podman](#gitea-on-rootless-podman)
+    - [Create the gitea user](#create-the-gitea-user)
+    - [Convert Compose to Quadlet](#convert-compose-to-quadlet)
+    - [Install Quadlets](#install-quadlets)
+  - [Gitea Runners](#gitea-runners)
+    - [Firewall Rules](#firewall-rules)
+    - [Install](#install)
+    - [Cache Cleanup](#cache-cleanup)
+  - [Email Notifications](#email-notifications)
+
+## Gitea on Rootless Podman
+
+### Create the gitea user
+
+```bash
+useradd gitea
+
+su - gitea
+ssh-keygen
+exit
+cp ~/.ssh/authorized_keys /home/gitea/.ssh/authorized_keys
+chown gitea:gitea /home/gitea/.ssh/authorized_keys
+loginctl enable-linger $(id -u gitea)
+```
+
+SSH into the server as gitea
+
+```bash
+systemctl --user enable podman-restart
+systemctl --user enable --now podman.socket
+mkdir -p ~/.config/containers/systemd
+mkdir data config postgres
+```
+
+### Convert Compose to Quadlet
+
+```bash
+# Run this in Homelab, not on the serrver.
+mkdir quadlets
+
+# Generate the systemd service
+podman run \
+--security-opt label=disable \
+--rm \
+-v $(pwd):/compose \
+-v $(pwd)/quadlets:/quadlets \
+quay.io/k9withabone/podlet \
+-f /quadlets \
+-i \
+--overwrite \
+compose /compose/compose.yaml
+
+# Copy the files to the server
+scp -r quadlets/. gitea:~/.config/containers/systemd/
+```
+
+### Install Quadlets
+
+The first user you register will be the admin
+
+```bash
+ssh gitea
+systemctl --user daemon-reload
+systemctl --user start gitea postgres
+```
+
+## Gitea Runners
+
+<https://docs.gitea.com/next/usage/actions/act-runner/#install-with-the-docker-image>
+
+### Firewall Rules
+
+Since our runner will be contacting our public IP, we need to add a firewall rule to allow
+traffic from our DMZ network to our DMZ network. Do this in Unifi or whatever equivalent
+you have.
+
+### Install
+
+```bash
+touch config.yaml
+
+export GITEA_TOKEN=
+docker run \
+-v /var/run/docker.sock:/var/run/docker.sock \
+-e GITEA_INSTANCE_URL=https://gitea.reeseapps.com \
+-e GITEA_RUNNER_REGISTRATION_TOKEN=$GITEA_TOKEN \
+-e GITEA_RUNNER_NAME=gitea_runner \
+--restart always \
+--name gitea_runner \
+-d docker.io/gitea/act_runner:latest
+```
+
+### Cache Cleanup
+
+Each org or project with a package registry will have its own cleanup rules. For example,
+services -> settings -> Packages -> Add Cleanup Rule will allow you to create a cleanup
+rule for packages stored under the "services" org. These cleanup rules should run automatically.
+
+On the other hand, the docker builder cache will balloon out of control over time. The gitea
+docker runner is handled outside of Gitea's context, so you'll need to clean it up yourself.
+
+```bash
+# Check used system resources
+docker system df
+```
+
+You should run something like this on a schedule:
+
+```bash
+# Prune the builder cache
+docker builder prune -a
+```
+
+To run it every day at midnight: `crontab -e`
+
+```bash
+0 0 * * * yes | docker builder prune -a
+```
+
+## Email Notifications
+
+In `/data/gitea/conf/app.ini` add (yes, the `` around the password matters):
+
+```conf
+[mailer]
+ENABLED        = true
+FROM           = gitea@reeseapps.com
+PROTOCOL       = smtps
+SMTP_ADDR      = email-smtp.us-east-1.amazonaws.com
+SMTP_PORT      = 465
+USER           = ABC123
+PASSWD         = `ABC123...`
+```