From 7dc2c3d6a0ee3b46ff3ce54cc20ec19e496d65b6 Mon Sep 17 00:00:00 2001 From: Maurice Date: Sat, 4 Oct 2025 19:07:31 +0200 Subject: [PATCH] Gitea --- installation/podman.sh | 6 +- services/adguard/update.sh | 3 +- services/gitea/custom/.gitkeep | 0 services/gitea/gitea-runner.service.toml | 25 ++++++ services/gitea/install.sh | 8 ++ services/gitea/runner-config.yaml | 110 +++++++++++++++++++++++ services/gitea/service.toml | 43 +++++++++ services/gitea/update.sh | 8 ++ services/immich/install.sh | 7 +- services/immich/update.sh | 7 ++ services/jellyfin/install.sh | 1 - services/postgres/install.sh | 4 + services/postgres/service.toml | 12 +++ 13 files changed, 224 insertions(+), 10 deletions(-) create mode 100644 services/gitea/custom/.gitkeep create mode 100644 services/gitea/gitea-runner.service.toml create mode 100644 services/gitea/install.sh create mode 100644 services/gitea/runner-config.yaml create mode 100644 services/gitea/service.toml create mode 100644 services/gitea/update.sh create mode 100644 services/immich/update.sh create mode 100644 services/postgres/install.sh create mode 100644 services/postgres/service.toml diff --git a/installation/podman.sh b/installation/podman.sh index 5445b4c..c14f98d 100644 --- a/installation/podman.sh +++ b/installation/podman.sh @@ -33,4 +33,8 @@ rc-service local start # Allow ports >= 53 to be rootless bound, persistent echo "net.ipv4.ip_unprivileged_port_start=53" >> /etc/sysctl.d/podman.conf -sysctl -p /etc/sysctl.d/podman.conf \ No newline at end of file +sysctl -p /etc/sysctl.d/podman.conf + +# Enable and start Podman socket +rc-update add podman +rc-service podman start \ No newline at end of file diff --git a/services/adguard/update.sh b/services/adguard/update.sh index 7a1c2b1..815bb7d 100644 --- a/services/adguard/update.sh +++ b/services/adguard/update.sh @@ -2,5 +2,4 @@ mkdir -p /var/containers/adguard cp -f $(pwd)/AdGuardHome.yaml /var/containers/adguard/AdGuardHome.yaml chmod +x /etc/init.d/adguard.service -rc-update add adguard.service default -rc-service adguard.service start \ No newline at end of file +rc-update add adguard.service default \ No newline at end of file diff --git a/services/gitea/custom/.gitkeep b/services/gitea/custom/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/services/gitea/gitea-runner.service.toml b/services/gitea/gitea-runner.service.toml new file mode 100644 index 0000000..e19f8bd --- /dev/null +++ b/services/gitea/gitea-runner.service.toml @@ -0,0 +1,25 @@ +user = "podman" + +[service] +name = "gitea-runner" +image = "docker.io/gitea/act_runner:latest" + +[environment] +GITEA_INSTANCE_URL = "gitea" +GITEA_RUNNER_NAME = "Goofjes Runner" +CONFIG_FILE = "/config/config.yaml" + +[[environment_secrets]] +name = "GITEA_RUNNER_REGISTRATION_TOKEN" +secret = "gitea-runner-registration-token" + +[[volumes]] +source = "/var/containers/gitea/runner" +target = "/config" + +[[mounts]] +source = "/run/podman/podman.sock" +target = "/var/run/docker.sock" + +[[networks]] +name = "gitea-net" \ No newline at end of file diff --git a/services/gitea/install.sh b/services/gitea/install.sh new file mode 100644 index 0000000..69d2f48 --- /dev/null +++ b/services/gitea/install.sh @@ -0,0 +1,8 @@ +#!/bin/sh +chmod +x /etc/init.d/gitea.service +chmod +x /etc/init.d/gitea-runner.service +rc-update add gitea.service default +rc-update add gitea-runner.service default + +# Create runner registration token secret +su -c "openssl rand -hex 24 | podman secret create gitea-runner-registration-token -" podman \ No newline at end of file diff --git a/services/gitea/runner-config.yaml b/services/gitea/runner-config.yaml new file mode 100644 index 0000000..e3ee4f9 --- /dev/null +++ b/services/gitea/runner-config.yaml @@ -0,0 +1,110 @@ +# Example configuration file, it's safe to copy this as the default config file without any modification. + +# You don't have to copy this file to your instance, +# just run `./act_runner generate-config > config.yaml` to generate a config file. + +log: + # The level of logging, can be trace, debug, info, warn, error, fatal + level: info + +runner: + # Where to store the registration result. + file: .runner + # Execute how many tasks concurrently at the same time. + capacity: 1 + # Extra environment variables to run jobs. + envs: + A_TEST_ENV_NAME_1: a_test_env_value_1 + A_TEST_ENV_NAME_2: a_test_env_value_2 + # Extra environment variables to run jobs from a file. + # It will be ignored if it's empty or the file doesn't exist. + env_file: .env + # The timeout for a job to be finished. + # Please note that the Gitea instance also has a timeout (3h by default) for the job. + # So the job could be stopped by the Gitea instance if it's timeout is shorter than this. + timeout: 3h + # The timeout for the runner to wait for running jobs to finish when shutting down. + # Any running jobs that haven't finished after this timeout will be cancelled. + shutdown_timeout: 0s + # Whether skip verifying the TLS certificate of the Gitea instance. + insecure: false + # The timeout for fetching the job from the Gitea instance. + fetch_timeout: 5s + # The interval for fetching the job from the Gitea instance. + fetch_interval: 2s + # The github_mirror of a runner is used to specify the mirror address of the github that pulls the action repository. + # It works when something like `uses: actions/checkout@v4` is used and DEFAULT_ACTIONS_URL is set to github, + # and github_mirror is not empty. In this case, + # it replaces https://github.com with the value here, which is useful for some special network environments. + github_mirror: '' + # The labels of a runner are used to determine which jobs the runner can run, and how to run them. + # Like: "macos-arm64:host" or "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" + # Find more images provided by Gitea at https://gitea.com/docker.gitea.com/runner-images . + # If it's empty when registering, it will ask for inputting labels. + # If it's empty when execute `daemon`, will use labels in `.runner` file. + labels: + - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04" + - "ubuntu-20.04:docker://docker.gitea.com/runner-images:ubuntu-20.04" + +cache: + # Enable cache server to use actions/cache. + enabled: true + # The directory to store the cache data. + # If it's empty, the cache data will be stored in $HOME/.cache/actcache. + dir: "" + # The host of the cache server. + # It's not for the address to listen, but the address to connect from job containers. + # So 0.0.0.0 is a bad choice, leave it empty to detect automatically. + host: "" + # The port of the cache server. + # 0 means to use a random available port. + port: 0 + # The external cache server URL. Valid only when enable is true. + # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. + # The URL should generally end with "/". + external_server: "" + +container: + # Specifies the network to which the container will connect. + # Could be host, bridge or the name of a custom network. + # If it's empty, act_runner will create a network automatically. + network: "" + # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker). + privileged: false + # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway). + options: + # The parent directory of a job's working directory. + # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. + # If the path starts with '/', the '/' will be trimmed. + # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir + # If it's empty, /workspace will be used. + workdir_parent: + # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob + # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. + # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: + # valid_volumes: + # - data + # - /src/*.json + # If you want to allow any volume, please use the following configuration: + # valid_volumes: + # - '**' + valid_volumes: [] + # overrides the docker client host with the specified one. + # If it's empty, act_runner will find an available docker host automatically. + # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers. + # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work. + docker_host: "" + # Pull docker image(s) even if already present + force_pull: true + # Rebuild docker image(s) even if already present + force_rebuild: false + # Always require a reachable docker daemon, even if not required by act_runner + require_docker: false + # Timeout to wait for the docker daemon to be reachable, if docker is required by require_docker or act_runner + docker_timeout: 0s + +host: + # The parent directory of a job's working directory. + # If it's empty, $HOME/.cache/act/ will be used. + workdir_parent: diff --git a/services/gitea/service.toml b/services/gitea/service.toml new file mode 100644 index 0000000..d1145a9 --- /dev/null +++ b/services/gitea/service.toml @@ -0,0 +1,43 @@ +user = "podman" + +[service] +name = "gitea" +image = "docker.gitea.com/gitea:latest-rootless" +depend = ["postgres.service"] + +[environment] +GITEA__database__DB_TYPE = "postgres" +GITEA__database__HOST = "postgres:5432" +GITEA__database__NAME = "gitea" +GITEA__database__USER = "admin" +GITEA__database__PASSWD = "welcome123" +GITEA_RUNNER_REGISTRATION_TOKEN_FILE = "/run/secrets/gitea-runner-registration-token" +GITEA_CUSTOM = "/etc/gitea/custom" + +[[networks]] +name = "gitea-net" +group = "caddy" + +[[networks]] +name = "gitea-net" +group = "postgres" + +[[mounts]] +typ = "bind" +source = "/etc/timezone" +target = "/etc/timezone" +read_only = true + +[[mounts]] +typ = "bind" +source = "/etc/localtime" +target = "/etc/localtime" +read_only = true + +[[volumes]] +source = "/var/containers/gitea/data" +target = "/data" + +[[volumes]] +source = "/var/containers/gitea/config" +target = "/etc/gitea" \ No newline at end of file diff --git a/services/gitea/update.sh b/services/gitea/update.sh new file mode 100644 index 0000000..5596265 --- /dev/null +++ b/services/gitea/update.sh @@ -0,0 +1,8 @@ +#!/bin/sh +mkdir -p /var/containers/gitea/data +mkdir -p /var/containers/gitea/config +mkdir -p /var/containers/gitea/config/custom +mkdir -p /var/containers/gitea/runner + +cp -f ./runner-config.yaml /var/containers/gitea/runner/config.yaml +cp -f ./custom /var/containers/gitea/config/custom \ No newline at end of file diff --git a/services/immich/install.sh b/services/immich/install.sh index d76869a..7aba42a 100644 --- a/services/immich/install.sh +++ b/services/immich/install.sh @@ -3,9 +3,4 @@ chmod +x /etc/init.d/immich*.service rc-update add immich_server.service default rc-update add immich_redis.service default rc-update add immich_machine_learning.service default -rc-update add immich_postgres.service default - -rc-service immich_redis.service start -rc-service immich_postgres.service start -rc-service immich_machine_learning.service start -rc-service immich_server.service start \ No newline at end of file +rc-update add immich_postgres.service default \ No newline at end of file diff --git a/services/immich/update.sh b/services/immich/update.sh new file mode 100644 index 0000000..3f02c36 --- /dev/null +++ b/services/immich/update.sh @@ -0,0 +1,7 @@ +#!/bin/sh +if [ "$1" = "reload" ]; then + rc-service immich_redis.service restart + rc-service immich_postgres.service restart + rc-service immich_machine_learning.service restart + rc-service immich_server.service restart +fi \ No newline at end of file diff --git a/services/jellyfin/install.sh b/services/jellyfin/install.sh index ffa6455..c9386ca 100644 --- a/services/jellyfin/install.sh +++ b/services/jellyfin/install.sh @@ -4,7 +4,6 @@ chmod -R 775 /mnt/ssd/jellyfin chmod +x /etc/init.d/jellyfin.service rc-update add jellyfin.service default -rc-service jellyfin.service start # If you encounter the following error: Error: statfs /mnt/ssd/jellyfin: no such file or directory # Please run "podman system migrate"... \ No newline at end of file diff --git a/services/postgres/install.sh b/services/postgres/install.sh new file mode 100644 index 0000000..464486a --- /dev/null +++ b/services/postgres/install.sh @@ -0,0 +1,4 @@ +#!/bin/sh +chmod +x /etc/init.d/postgres.service +rc-update add postgres.service default +rc-service postgres.service start \ No newline at end of file diff --git a/services/postgres/service.toml b/services/postgres/service.toml new file mode 100644 index 0000000..aeb5f14 --- /dev/null +++ b/services/postgres/service.toml @@ -0,0 +1,12 @@ +user = "podman" + +[service] +name = "postgres" +image = "postgres:18-alpine" + +[environment] +POSTGRES_USER = "admin" +POSTGRES_PASSWORD = "welcome123" + +[[networks]] +group = "postgres" \ No newline at end of file