services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f2d684fa7c802454bc5584d0e9932387adf24d15
homelab/active/podman_gitea/gitea.md
ducoterra 5184c84d50
All checks were successful
Podman DDNS Image / build-and-push-ddns (push) Successful in 33s
Details
overhauls of most service docs
2025-07-22 18:29:07 -04:00

188 lines
4.7 KiB
Markdown
Raw Blame History

# Gitea
- [Gitea](#gitea)
- [Gitea on Rootless Podman](#gitea-on-rootless-podman)
- [A note on directories](#a-note-on-directories)
- [Create the gitea user](#create-the-gitea-user)
- [Convert Compose to Quadlet](#convert-compose-to-quadlet)
- [Install Quadlets](#install-quadlets)
- [Upgrade Quadlets](#upgrade-quadlets)
- [Editing Configs within Container](#editing-configs-within-container)
- [Gitea Runners](#gitea-runners)
- [Firewall Rules](#firewall-rules)
- [Install](#install)
- [Cache Cleanup](#cache-cleanup)
- [Email Notifications](#email-notifications)
## Gitea on Rootless Podman
### A note on directories
```bash
RunMode: prod
AppPath: /usr/local/bin/gitea
WorkPath: /data/gitea
CustomPath: /data/gitea
ConfigFile: /data/gitea/conf/app.ini
Data: /data/gitea/data/
```
### Create the gitea user
```bash
useradd gitea
su - gitea
ssh-keygen
exit
cp ~/.ssh/authorized_keys /home/gitea/.ssh/authorized_keys
chown gitea:gitea /home/gitea/.ssh/authorized_keys
loginctl enable-linger $(id -u gitea)
```
SSH into the server as gitea
```bash
systemctl --user enable podman-restart
systemctl --user enable --now podman.socket
mkdir -p ~/.config/containers/systemd
mkdir data config postgres
```
### Convert Compose to Quadlet
```bash
# Run this in Homelab, not on the server.
mkdir $(pwd)/active/podman_gitea/quadlets
# Generate the systemd service
podman run \
--network none \
--rm \
-v $(pwd)/active/podman_gitea/compose:$(pwd)/active/podman_gitea/compose:z \
-v $(pwd)/active/podman_gitea/quadlets:$(pwd)/active/podman_gitea/quadlets:z \
quay.io/k9withabone/podlet \
-f $(pwd)/active/podman_gitea/quadlets \
-i \
--overwrite \
compose $(pwd)/active/podman_gitea/compose/compose.yaml
# Copy the files to the server
scp -r $(pwd)/active/podman_gitea/quadlets/. gitea:~/.config/containers/systemd/
```
### Install Quadlets
The first user you register will be the admin
```bash
ssh gitea systemctl --user daemon-reload
ssh gitea systemctl --user restart gitea postgres
# Enables auto-update service which will pull new container images automatically every day
ssh gitea systemctl --user enable --now podman-auto-update.timer
```
### Upgrade Quadlets
```bash
scp -r quadlets/. gitea:~/.config/containers/systemd/
ssh gitea systemctl --user daemon-reload
ssh gitea systemctl --user restart gitea postgres
```
### Editing Configs within Container
```bash
apk add vim
```
## Gitea Runners
<https://docs.gitea.com/next/usage/actions/act-runner/#install-with-the-docker-image>
### Firewall Rules
Since our runner will be contacting our public IP, we need to add a firewall rule to allow
traffic from our DMZ network to our DMZ network. Do this in Unifi or whatever equivalent
you have.
### Install
```bash
touch config.yaml
export GITEA_TOKEN=
docker run \
-v /var/run/docker.sock:/var/run/docker.sock \
-e GITEA_INSTANCE_URL=https://gitea.reeseapps.com \
-e GITEA_RUNNER_REGISTRATION_TOKEN=$GITEA_TOKEN \
-e GITEA_RUNNER_NAME=gitea_runner \
--restart always \
--name gitea_runner \
-d docker.io/gitea/act_runner:latest
```
### Cache Cleanup
Each org or project with a package registry will have its own cleanup rules. For example,
services -> settings -> Packages -> Add Cleanup Rule will allow you to create a cleanup
rule for packages stored under the "services" org. These cleanup rules should run automatically.
You'll need to enable `cron` and `cron.cleanup_packages` in the app.ini (/data/gitea/conf).
Cron: <https://docs.gitea.com/administration/config-cheat-sheet#cron-cron>
Package Cleanup: <https://docs.gitea.com/1.19/administration/config-cheat-sheet#cron---cleanup-hook_task-table-croncleanup_hook_task_table>
```conf
[cron]
ENABLED = true
RUN_AT_START = true
NOTICE_ON_SUCCESS = true
SCHEDULE = @midnight
[cron.cleanup_packages]
ENABLED = true
RUN_AT_START = true
SCHEDULE = @midnight
NOTICE_ON_SUCCESS = true
```
On the other hand, the docker builder cache will balloon out of control over time. The gitea
docker runner is handled outside of Gitea's context, so you'll need to clean it up yourself.
```bash
# Check used system resources
docker system df
```
You should run something like this on a schedule:
```bash
# Prune the builder cache
docker builder prune -a
```
To run it every day at noon: `crontab -e`
```bash
0 12 * * * yes | docker builder prune -a
0 12 * * * docker image prune -a -f
```
## Email Notifications
In `/data/gitea/conf/app.ini` add (yes, the `` around the password matters):
```conf
[mailer]
ENABLED = true
FROM = gitea@reeseapps.com
PROTOCOL = smtps
SMTP_ADDR = email-smtp.us-east-1.amazonaws.com
SMTP_PORT = 465
USER = ABC123
PASSWD = `ABC123...`
```
Reference in New Issue View Git Blame Copy Permalink