services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6e393d90ee6fb4449964f04c8ea44f28008cf05e
homelab/podman/graduated/gitea/gitea.md

3.1 KiB
Raw Blame History

Gitea

Gitea on Rootless Podman

Create the gitea user

useradd gitea

su - gitea
ssh-keygen
exit
cp ~/.ssh/authorized_keys /home/gitea/.ssh/authorized_keys
chown gitea:gitea /home/gitea/.ssh/authorized_keys
loginctl enable-linger $(id -u gitea)

SSH into the server as gitea

systemctl --user enable podman-restart
systemctl --user enable --now podman.socket
mkdir -p ~/.config/containers/systemd
mkdir data config postgres

Convert Compose to Quadlet

# Run this in Homelab, not on the serrver.
mkdir quadlets

# Generate the systemd service
podman run \
--security-opt label=disable \
--rm \
-v $(pwd):/compose \
-v $(pwd)/quadlets:/quadlets \
quay.io/k9withabone/podlet \
-f /quadlets \
-i \
--overwrite \
compose /compose/compose.yaml

# Copy the files to the server
scp -r quadlets/. gitea:~/.config/containers/systemd/

Install Quadlets

The first user you register will be the admin

ssh gitea
systemctl --user daemon-reload
systemctl --user start gitea postgres

Gitea Runners

https://docs.gitea.com/next/usage/actions/act-runner/#install-with-the-docker-image

Firewall Rules

Since our runner will be contacting our public IP, we need to add a firewall rule to allow traffic from our DMZ network to our DMZ network. Do this in Unifi or whatever equivalent you have.

Install

touch config.yaml

export GITEA_TOKEN=
docker run \
-v /var/run/docker.sock:/var/run/docker.sock \
-e GITEA_INSTANCE_URL=https://gitea.reeseapps.com \
-e GITEA_RUNNER_REGISTRATION_TOKEN=$GITEA_TOKEN \
-e GITEA_RUNNER_NAME=gitea_runner \
--restart always \
--name gitea_runner \
-d docker.io/gitea/act_runner:latest

Cache Cleanup

Each org or project with a package registry will have its own cleanup rules. For example, services -> settings -> Packages -> Add Cleanup Rule will allow you to create a cleanup rule for packages stored under the "services" org. These cleanup rules should run automatically.

On the other hand, the docker builder cache will balloon out of control over time. The gitea docker runner is handled outside of Gitea's context, so you'll need to clean it up yourself.

# Check used system resources
docker system df

You should run something like this on a schedule:

# Prune the builder cache
docker builder prune -a

To run it every day at midnight: crontab -e

0 0 * * * yes | docker builder prune -a

Email Notifications

In /data/gitea/conf/app.ini add (yes, the `` around the password matters):

[mailer]
ENABLED        = true
FROM           = gitea@reeseapps.com
PROTOCOL       = smtps
SMTP_ADDR      = email-smtp.us-east-1.amazonaws.com
SMTP_PORT      = 465
USER           = ABC123
PASSWD         = `ABC123...`
Reference in New Issue View Git Blame Copy Permalink