Browse Source

Add modern Gitea container

Signed-off-by: Magic_RB <magic_rb@redalder.org>
master
Magic_RB 3 months ago
parent
commit
2a7e4deaa1
Signed by: Magic_RB GPG Key ID: 08D5287CC5DDCA0E
  1. 151
      containers/gitea.nix
  2. 86
      infrastructure/gitea/app.ini.tpl
  3. 3
      infrastructure/gitea/gitea-data.hcl
  4. 3
      infrastructure/gitea/gitea-db.hcl
  5. 51
      infrastructure/gitea/nomad.hcl

151
containers/gitea.nix

@ -0,0 +1,151 @@
/*
* NixNG
* Copyright (c) 2021 GPL Magic_RB <magic_rb@redalder.org>
*
* This file is free software: you may copy, redistribute and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or (at your
* option) any later version.
*
* This file is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
nglib:
((nglib "x86_64-linux").makeSystem {
system = "x86_64-linux";
name = "nixng-gitea";
config = ({ pkgs, ... }:
{
dumb-init = {
enable = true;
type.services = { };
};
services.mysql = {
enable = true;
ensureDatabases = [ "gitea" ];
ensureUsers =
[ { name = "gitea";
ensurePermissions = {
"database.*" = "ALL PRIVILEGES";
};
}];
};
init.services.gitea.shutdownOnExit = true;
services.gitea = {
enable = true;
appName = "Red Alder Gitea";
runMode = "prod";
user = "gitea";
secrets = {
secretKeyFile = "/secrets/secret_key";
internalTokenFile = "/secrets/internal_token";
jwtSecretFile = "/secrets/jwt_secret";
lfsJwtSecretFile = "/secrets/lfs_jwt_secret";
};
configuration = {
repository = {
ROOT = "/data/gitea/git/repositories";
};
"repository.local" = {
LOCAL_COPY_PATH = "/data/gitea/tmp/local-repo";
};
"repository.upload" = {
TEMP_PATH = "/data/gitea/gitea/uploads";
};
server = {
APP_DATA_PATH = "/data/gitea";
SSH_DOMAIN = "localhost";
HTTP_PORT = 3000;
ROOT_URL = "https://gitea.redalder.org/";
DISABLE_SSH = false;
SSH_PORT = 22;
SSH_LISTEN_PORT = 22;
LFS_START_SERVER = true;
LFS_CONTENT_PATH = "/data/gitea/git/lfs";
DOMAIN = "localhost";
LFS_JWT_SECRET = "#lfsJwtSecret#";
OFFLINE_MODE = false;
};
database = {
DB_TYPE = "mysql";
HOST = "/run/mysqld/mysqld.sock";
NAME = "gitea";
USER = "gitea";
SCHEMA = "";
SSL_MODE = "disable";
CHARSET = "utf8";
};
indexer = {
ISSUE_INDEXER_PATH = "/data/gitea/gitea/indexers/issues.bleve";
REPO_INDEXER_PATH = "/data/gitea/gitea/indexers/repos.bleve";
};
session = {
PROVIDER_CONFIG = "/data/gitea/gitea/sessions";
PROVIDER = "file";
};
picture = {
AVATAR_UPLOAD_PATH = "/data/gitea/gitea/avatars";
REPOSITORY_AVATAR_UPLOAD_PATH = "/data/gitea/gitea/repo-avatars";
DISABLE_GRAVATAR = false;
ENABLE_FEDERATED_AVATAR = true;
};
attachment = {
PATH = "/data/gitea/gitea/attachments";
};
security = {
INSTALL_LOCK = true;
SECRET_KEY = "#secretKey";
INTERNAL_TOKEN = "#internalToken#";
};
service = {
DISABLE_REGISTRATION = false;
REQUIRE_SIGNIN_VIEW = false;
REGISTER_EMAIL_CONFIRM = false;
ENABLE_NOTIFY_MAIL = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
ENABLE_CAPTCHA = false;
DEFAULT_KEEP_EMAIL_PRIVATE = false;
DEFAULT_ALLOW_CREATE_ORGANIZATION = true;
DEFAULT_ENABLE_TIMETRACKING = true;
NO_REPLY_ADDRESS = "noreply.localhost";
};
oauth2.JWT_SECRET = "#jwtSecret#";
mailer.ENABLED = false;
openid = {
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = true;
};
log = {
MODE = "console";
LEVEL = "Debug";
};
};
};
}
);
})

86
infrastructure/gitea/app.ini.tpl

@ -1,86 +0,0 @@
# -*- mode: conf; -*-
APP_NAME = Red Alder Gitea
RUN_MODE = prod
RUN_USER = gitea
[repository]
ROOT = /data/gitea/git/repositories
[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
[repository.upload]
TEMP_PATH = /data/gitea/gitea/uploads
[server]
APP_DATA_PATH = /data/gitea
SSH_DOMAIN = localhost
HTTP_PORT = 3000
ROOT_URL = https://gitea.redalder.org/
DISABLE_SSH = false
SSH_PORT = 22
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /data/gitea/git/lfs
DOMAIN = localhost
LFS_JWT_SECRET = {{ with secret "kv/data/gitea" }}{{ .Data.data.lfs_jwt_secret }}{{ end }}
OFFLINE_MODE = false
[database]
DB_TYPE = mysql
HOST = 127.0.0.1:3306
NAME = gitea
USER = {{ with secret "kv/data/gitea" }}{{ .Data.data.db_user }}{{ end }}
PASSWD = {{ with secret "kv/data/gitea" }}{{ .Data.data.db_passwd }}{{ end }}
SCHEMA =
SSL_MODE = disable
CHARSET = utf8
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/gitea/indexers/issues.bleve
REPO_INDEXER_PATH = /data/gitea/gitea/indexers/repos.bleve
[session]
PROVIDER_CONFIG = /data/gitea/gitea/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/gitea/repo-avatars
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[attachment]
PATH = /data/gitea/gitea/attachments
[security]
INSTALL_LOCK = true
SECRET_KEY = {{ with secret "kv/data/gitea" }}{{ .Data.data.secret_key }}{{ end }}
INTERNAL_TOKEN = {{ with secret "kv/data/gitea" }}{{ .Data.data.internal_token }}{{ end }}
[service]
DISABLE_REGISTRATION = false
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost
[oauth2]
JWT_SECRET = {{ with secret "kv/data/gitea" }}{{ .Data.data.jwt_secret }}{{ end }}
[mailer]
ENABLED = false
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true
[log]
MODE = console
LEVEL = Debug

3
infrastructure/gitea/gitea-data.hcl

@ -10,9 +10,10 @@ capability {
context {
server = "blowhole.in.redalder.org"
share = "/gitea-data"
share = "/var/nfs/gitea-data"
}
mount_options {
fs_type = "nfs"
mount_flags = [ "nolock" ]
}

3
infrastructure/gitea/gitea-db.hcl

@ -10,9 +10,10 @@ capability {
context {
server = "blowhole.in.redalder.org"
share = "/gitea-db"
share = "/var/nfs/gitea-db"
}
mount_options {
fs_type = "nfs"
mount_flags = [ "nolock" ]
}

51
infrastructure/gitea/nomad.hcl

@ -64,12 +64,14 @@ job "gitea" {
read_only = false
}
config {
image = "magicrb/gitea:yc5q5q4q4zmih2rr1xjamnzxx7agjz55"
volume_mount {
volume = "gitea-db"
destination = "/var/lib/mysql"
read_only = false
}
volumes = [
"local/app.ini:/app.ini",
]
config {
image = "nixng-gitea:local"
}
env {
@ -87,32 +89,31 @@ job "gitea" {
}
template {
data = file("./app.ini.tpl")
destination = "local/app.ini"
data = <<EOF
{{ with secret "kv/data/gitea" }}{{ .Data.data.secret_key }}{{ end }}
EOF
destination = "secrets/secret_key"
}
}
task "db" {
driver = "docker"
volume_mount {
volume = "gitea-db"
destination = "/data/mariadb"
read_only = false
}
config {
image = "mariadb:local"
template {
data = <<EOF
{{ with secret "kv/data/gitea" }}{{ .Data.data.internal_token }}{{ end }}
EOF
destination = "secrets/internal_token"
}
env {
USER_UID = "84"
USER_GID = "84"
template {
data = <<EOF
{{ with secret "kv/data/gitea" }}{{ .Data.data.jwt_secret }}{{ end }}
EOF
destination = "secrets/jwt_secret"
}
resources {
cpu = 500
memory = 512
template {
data = <<EOF
{{ with secret "kv/data/gitea" }}{{ .Data.data.lfs_jwt_secret }}{{ end }}
EOF
destination = "secrets/lfs_jwt_secret"
}
}
}

Loading…
Cancel
Save