ducoterra
9417e711a9
All checks were successful
Reese's Arch Toolbox / build-and-push-arch-toolbox (push) Successful in 24m47s
111 lines
2.4 KiB
Markdown
111 lines
2.4 KiB
Markdown
# Gitea
|
|
|
|
## Gitea on Rootless Podman
|
|
|
|
### Create the gitea user
|
|
|
|
```bash
|
|
useradd gitea
|
|
|
|
su - gitea
|
|
ssh-keygen
|
|
exit
|
|
cp ~/.ssh/authorized_keys /home/gitea/.ssh/authorized_keys
|
|
chown gitea:gitea /home/gitea/.ssh/authorized_keys
|
|
loginctl enable-linger $(id -u gitea)
|
|
```
|
|
|
|
SSH into the server as gitea
|
|
|
|
```bash
|
|
systemctl --user enable podman-restart
|
|
systemctl --user enable --now podman.socket
|
|
mkdir -p ~/.config/containers/systemd
|
|
mkdir data config postgres
|
|
```
|
|
|
|
### Convert Compose to Quadlet
|
|
|
|
```bash
|
|
# Run this in Homelab, not on the serrver.
|
|
mkdir quadlets
|
|
|
|
# Generate the systemd service
|
|
podman run \
|
|
--security-opt label=disable \
|
|
--rm \
|
|
-v $(pwd):/compose \
|
|
-v $(pwd)/quadlets:/quadlets \
|
|
quay.io/k9withabone/podlet \
|
|
-f /quadlets \
|
|
-i \
|
|
--overwrite \
|
|
compose /compose/compose.yaml
|
|
|
|
# Copy the files to the server
|
|
scp -r quadlets/. gitea:~/.config/containers/systemd/
|
|
```
|
|
|
|
### Install Quadlets
|
|
|
|
The first user you register will be the admin
|
|
|
|
```bash
|
|
ssh gitea
|
|
systemctl --user daemon-reload
|
|
systemctl --user start gitea postgres
|
|
```
|
|
|
|
## Gitea Runners
|
|
|
|
<https://docs.gitea.com/next/usage/actions/act-runner/#install-with-the-docker-image>
|
|
|
|
### Firewall Rules
|
|
|
|
Since our runner will be contacting our public IP, we need to add a firewall rule to allow
|
|
traffic from our DMZ network to our DMZ network. Do this in Unifi or whatever equivalent
|
|
you have.
|
|
|
|
### Install
|
|
|
|
```bash
|
|
touch config.yaml
|
|
|
|
export GITEA_TOKEN=
|
|
docker run \
|
|
-v /var/run/docker.sock:/var/run/docker.sock \
|
|
-e GITEA_INSTANCE_URL=https://gitea.reeseapps.com \
|
|
-e GITEA_RUNNER_REGISTRATION_TOKEN=$GITEA_TOKEN \
|
|
-e GITEA_RUNNER_NAME=gitea_runner \
|
|
--restart always \
|
|
--name gitea_runner \
|
|
-d docker.io/gitea/act_runner:latest
|
|
```
|
|
|
|
### Cache Cleanup
|
|
|
|
Each org or project with a package registry will have its own cleanup rules. For example,
|
|
services -> settings -> Packages -> Add Cleanup Rule will allow you to create a cleanup
|
|
rule for packages stored under the "services" org. These cleanup rules should run automatically.
|
|
|
|
On the other hand, the docker builder cache will balloon out of control over time. The gitea
|
|
docker runner is handled outside of Gitea's context, so you'll need to clean it up yourself.
|
|
|
|
```bash
|
|
# Check used system resources
|
|
docker system df
|
|
```
|
|
|
|
You should run something like this on a schedule:
|
|
|
|
```bash
|
|
# Prune the builder cache
|
|
docker builder prune -a
|
|
```
|
|
|
|
To run it every day at midnight: `crontab -e`
|
|
|
|
```bash
|
|
0 0 * * * yes | docker builder prune -a
|
|
```
|