mirror of
https://github.com/terraphim/gitea-infrastructure.git
synced 2026-07-16 00:00:32 +02:00
chore: Fix trailing whitespace across project files
Automated fix from pre-commit hooks (trailing-whitespace, end-of-file-fixer). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
# Gitea Stack Deployment Summary
|
||||
|
||||
**Date**: 2026-02-16
|
||||
**Target**: bigbox (via SSH)
|
||||
**Date**: 2026-02-16
|
||||
**Target**: bigbox (via SSH)
|
||||
**Status**: Ready for deployment
|
||||
|
||||
## What Was Done
|
||||
|
||||
@@ -105,15 +105,15 @@ Developer Machine
|
||||
```
|
||||
Public (via Caddy on terraphim.cloud):
|
||||
git.terraphim.cloud ───────▶ localhost:3000 (Gitea Web)
|
||||
|
||||
|
||||
Tailscale Network Only (100.106.66.7):
|
||||
100.106.66.7:9000 ─────────▶ Prometheus
|
||||
100.106.66.7:8333 ─────────▶ SeaweedFS S3 API
|
||||
|
||||
|
||||
Internal Docker Network Only:
|
||||
SeaweedFS Master, Volume, Filer (no external ports)
|
||||
PostgreSQL (no external ports)
|
||||
|
||||
|
||||
SSH (Port 222):
|
||||
All interfaces - for Git over SSH
|
||||
```
|
||||
@@ -452,7 +452,7 @@ services:
|
||||
# Gitea Web Interface - Public via terraphim.cloud domain
|
||||
git.terraphim.cloud {
|
||||
reverse_proxy localhost:3000
|
||||
|
||||
|
||||
# Logging
|
||||
log {
|
||||
output file /var/log/caddy/gitea-access.log
|
||||
@@ -649,7 +649,7 @@ curl -s http://localhost:2019/config/apps/http/servers/srv0/routes | grep -q "gi
|
||||
# Alternative: If API fails, backup to updating Caddyfile and reloading
|
||||
# echo "Adding Gitea configuration to Caddyfile..."
|
||||
# sudo tee -a /etc/caddy/Caddyfile > /dev/null << 'EOF'
|
||||
#
|
||||
#
|
||||
# # Gitea Web Interface
|
||||
# git.terraphim.cloud {
|
||||
# reverse_proxy localhost:3000
|
||||
@@ -659,7 +659,7 @@ curl -s http://localhost:2019/config/apps/http/servers/srv0/routes | grep -q "gi
|
||||
# }
|
||||
# }
|
||||
# EOF
|
||||
#
|
||||
#
|
||||
# # Validate and reload
|
||||
# sudo caddy validate --config /etc/caddy/Caddyfile && sudo caddy reload --config /etc/caddy/Caddyfile
|
||||
|
||||
|
||||
@@ -123,7 +123,7 @@ Internet ──▶ Caddy (:443/:80)
|
||||
- **SeaweedFS**: Uses "latest" tag (chrislusf/seaweedfs)
|
||||
- **1Password CLI**: Must be available and authenticated via service account
|
||||
- **Caddy**: Installed but needs configuration
|
||||
- **Port Requirements**:
|
||||
- **Port Requirements**:
|
||||
- 80/443 (Caddy - external)
|
||||
- 3000 (Gitea HTTP - internal)
|
||||
- 222 (Gitea SSH - external)
|
||||
|
||||
@@ -16,16 +16,16 @@ jobs:
|
||||
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
|
||||
"https://api.github.com/repos/terraphim/gitea-infrastructure/commits/main" | \
|
||||
jq -r '.sha')
|
||||
|
||||
|
||||
# Get latest commit from Gitea
|
||||
GITEA_SHA=$(curl -s \
|
||||
-H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \
|
||||
"https://git.terraphim.cloud/api/v1/repos/terraphim/gitea-infrastructure/commits/main" | \
|
||||
jq -r '.sha')
|
||||
|
||||
|
||||
echo "GitHub: ${GITHUB_SHA:0:7}"
|
||||
echo "Gitea: ${GITEA_SHA:0:7}"
|
||||
|
||||
|
||||
if [ "$GITHUB_SHA" == "$GITEA_SHA" ]; then
|
||||
echo "✅ Repositories are in sync"
|
||||
exit 0
|
||||
|
||||
@@ -21,7 +21,7 @@ jobs:
|
||||
git remote add gitea https://git.terraphim.cloud/terraphim/gitea-infrastructure.git
|
||||
git config user.name "GitHub Actions"
|
||||
git config user.email "actions@github.com"
|
||||
|
||||
|
||||
# Push to Gitea with token authentication
|
||||
# If using HTTPS with token: https://token@url
|
||||
git push https://oauth2:${GITEA_TOKEN}@git.terraphim.cloud/terraphim/gitea-infrastructure.git main
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
# Deploying Gitea with 1Password Secrets Management and Caddy on Bigbox
|
||||
|
||||
**Date:** February 16, 2026
|
||||
**Author:** Infrastructure Team
|
||||
**Date:** February 16, 2026
|
||||
**Author:** Infrastructure Team
|
||||
**Tags:** gitea, 1password, caddy, docker, tailscale, devops
|
||||
|
||||
## Executive Summary
|
||||
@@ -200,13 +200,13 @@ services:
|
||||
db:
|
||||
networks:
|
||||
- gitea # No external ports
|
||||
|
||||
|
||||
master:
|
||||
# No ports exposed - internal only
|
||||
|
||||
|
||||
volume:
|
||||
# No ports exposed - internal only
|
||||
|
||||
|
||||
filer:
|
||||
# No ports exposed - internal only
|
||||
```
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
# Gitea Web Interface - Public via terraphim.cloud domain
|
||||
git.terraphim.cloud {
|
||||
reverse_proxy localhost:3000
|
||||
|
||||
|
||||
# Logging
|
||||
log {
|
||||
output file /var/log/caddy/gitea-access.log
|
||||
|
||||
+1
-1
@@ -4,7 +4,7 @@
|
||||
|
||||
Self-hosted Gitea instance running on bigbox server with S3 storage, PostgreSQL, and Prometheus monitoring.
|
||||
|
||||
**URL:** https://git.terraphim.cloud
|
||||
**URL:** https://git.terraphim.cloud
|
||||
**GitHub Mirror:** https://github.com/terraphim/gitea-infrastructure
|
||||
|
||||
## Architecture
|
||||
|
||||
+2
-2
@@ -177,7 +177,7 @@ Developer A → Gitea ←→ GitHub ← Developer B
|
||||
@app.route('/github-webhook', methods=['POST'])
|
||||
def github_hook():
|
||||
# Trigger Gitea pull
|
||||
subprocess.run(['curl', '-X', 'POST',
|
||||
subprocess.run(['curl', '-X', 'POST',
|
||||
'https://git.terraphim.cloud/api/v1/repos/terraphim/repo/mirror-sync'])
|
||||
return 'OK'
|
||||
|
||||
@@ -451,7 +451,7 @@ Document your mirroring strategy:
|
||||
|
||||
## Recommended Setup for Your Use Case
|
||||
|
||||
**Primary: Gitea (self-hosted, private)**
|
||||
**Primary: Gitea (self-hosted, private)**
|
||||
**Mirror: GitHub (backup, CI/CD)**
|
||||
|
||||
1. Use **Method 2 (Push Mirror)** from Gitea to GitHub
|
||||
|
||||
@@ -4,7 +4,7 @@ Your repository is now on **GitHub** and ready for mirroring!
|
||||
|
||||
## Current Status
|
||||
|
||||
✅ **GitHub Repository:** https://github.com/terraphim/gitea-infrastructure
|
||||
✅ **GitHub Repository:** https://github.com/terraphim/gitea-infrastructure
|
||||
❌ **Gitea Repository:** Not created yet
|
||||
|
||||
## Setup Steps
|
||||
|
||||
@@ -19,7 +19,7 @@ Self-hosted Git infrastructure with S3-compatible storage, monitoring, and prope
|
||||
```bash
|
||||
op item create --vault="zesticai-non-prod" --category=login \
|
||||
--title="gitea-postgres" --generate-password=20 username=gitea
|
||||
|
||||
|
||||
op item create --vault="zesticai-non-prod" --category=custom \
|
||||
--title="gitea-s3" access-key="$(openssl rand -hex 20)" \
|
||||
secret-key="$(openssl rand -hex 40)"
|
||||
|
||||
@@ -8,8 +8,8 @@ Gitea uses a **hybrid storage model** with both local filesystem and S3 (Seaweed
|
||||
|
||||
### 1. Git Repositories (Local Only)
|
||||
|
||||
**Location:** `/data/git/` inside the container
|
||||
**Storage Type:** Local filesystem only
|
||||
**Location:** `/data/git/` inside the container
|
||||
**Storage Type:** Local filesystem only
|
||||
**S3 Backup:** Possible via external tools
|
||||
|
||||
```
|
||||
@@ -39,8 +39,8 @@ docker compose exec server ls -la /data/git/repositories/
|
||||
|
||||
### 2. Git LFS (Large File Storage)
|
||||
|
||||
**Current Configuration:** Local storage
|
||||
**Location:** `/data/lfs/`
|
||||
**Current Configuration:** Local storage
|
||||
**Location:** `/data/lfs/`
|
||||
**Can be moved to:** S3 (SeaweedFS)
|
||||
|
||||
**Current Setting:**
|
||||
@@ -59,8 +59,8 @@ docker compose exec server ls -la /data/lfs/
|
||||
|
||||
### 3. Attachments & Files (S3 via MinIO)
|
||||
|
||||
**Location:** S3 (SeaweedFS)
|
||||
**Bucket:** `gitea`
|
||||
**Location:** S3 (SeaweedFS)
|
||||
**Bucket:** `gitea`
|
||||
**Endpoint:** `http://100.106.66.7:8333`
|
||||
|
||||
**What's stored in S3:**
|
||||
@@ -94,7 +94,7 @@ aws --endpoint-url http://100.106.66.7:8333 s3 ls s3://gitea/
|
||||
|
||||
### 4. Container Registry
|
||||
|
||||
**Location:** Local by default
|
||||
**Location:** Local by default
|
||||
**Can be configured for:** S3 storage
|
||||
|
||||
**Configuration needed:**
|
||||
|
||||
+28
-28
@@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Deploy Gitea Stack to Bigbox with 1Password Secrets Management
|
||||
#
|
||||
#
|
||||
# Prerequisites:
|
||||
# - SSH access to bigbox configured
|
||||
# - 1Password CLI installed locally and on bigbox
|
||||
@@ -53,50 +53,50 @@ echo ""
|
||||
echo -e "${YELLOW}Step 2: Verifying bigbox prerequisites...${NC}"
|
||||
ssh "$BIGBOX" << 'CHECKSCRIPT'
|
||||
set -e
|
||||
|
||||
|
||||
# Check Docker
|
||||
if ! command -v docker &> /dev/null; then
|
||||
echo "Error: Docker not installed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
# Check Docker Compose
|
||||
if ! docker compose version &> /dev/null; then
|
||||
echo "Error: Docker Compose not installed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
# Check 1Password CLI
|
||||
if ! command -v op &> /dev/null; then
|
||||
echo "Error: 1Password CLI not installed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
# Check service account script
|
||||
if [ ! -f "$HOME/op_zesticai_non_prod.sh" ]; then
|
||||
echo "Error: op_zesticai_non_prod.sh not found in home directory"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
# Test 1Password authentication
|
||||
source "$HOME/op_zesticai_non_prod.sh"
|
||||
if ! op vault list &> /dev/null; then
|
||||
echo "Error: 1Password authentication failed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
# Check Caddy is running
|
||||
if ! pgrep -x caddy > /dev/null; then
|
||||
echo "Error: Caddy is not running"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
# Check Caddy admin API is accessible
|
||||
if ! curl -s http://localhost:2019/config/ > /dev/null; then
|
||||
echo "Error: Caddy admin API is not accessible"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
echo "All prerequisites verified"
|
||||
CHECKSCRIPT
|
||||
|
||||
@@ -128,28 +128,28 @@ echo -e "${YELLOW}Step 4: Injecting secrets and starting services...${NC}"
|
||||
ssh "$BIGBOX" << DEPLOYSCRIPT
|
||||
set -e
|
||||
cd $REMOTE_DIR
|
||||
|
||||
|
||||
echo "Loading 1Password credentials..."
|
||||
source ~/op_zesticai_non_prod.sh
|
||||
|
||||
|
||||
echo "Injecting secrets into docker-compose.yml..."
|
||||
op inject --in-file docker-compose.yml.template --out-file docker-compose.yml
|
||||
|
||||
|
||||
echo "Injecting secrets into s3_config.json..."
|
||||
op inject --in-file s3_config.json.template --out-file s3_config.json
|
||||
|
||||
|
||||
echo "Creating data directories..."
|
||||
mkdir -p gitea postgres seaweedfs seaweedfs_filter prometheus
|
||||
|
||||
|
||||
echo "Setting permissions..."
|
||||
chmod -R 1000:1000 gitea 2>/dev/null || sudo chown -R 1000:1000 gitea 2>/dev/null || true
|
||||
|
||||
|
||||
echo "Starting services with Docker Compose..."
|
||||
docker compose up -d
|
||||
|
||||
|
||||
echo "Waiting for services to start..."
|
||||
sleep 30
|
||||
|
||||
|
||||
echo "Service status:"
|
||||
docker compose ps
|
||||
DEPLOYSCRIPT
|
||||
@@ -161,10 +161,10 @@ echo ""
|
||||
echo -e "${YELLOW}Step 5: Adding Gitea route to Caddy...${NC}"
|
||||
ssh "$BIGBOX" << CADDYSCRIPT
|
||||
set -e
|
||||
|
||||
|
||||
echo "Creating log directory..."
|
||||
sudo mkdir -p /var/log/caddy
|
||||
|
||||
|
||||
echo "Adding Gitea route to Caddy via Admin API..."
|
||||
curl -s -X POST http://localhost:2019/config/apps/http/servers/srv0/routes \
|
||||
-H "Content-Type: application/json" \
|
||||
@@ -182,7 +182,7 @@ ssh "$BIGBOX" << CADDYSCRIPT
|
||||
}],
|
||||
"terminal": true
|
||||
}'
|
||||
|
||||
|
||||
# Verify route was added
|
||||
if curl -s http://localhost:2019/config/apps/http/servers/srv0/routes | grep -q "git.terraphim.cloud"; then
|
||||
echo "✓ Gitea route added successfully to Caddy"
|
||||
@@ -199,49 +199,49 @@ echo -e "${YELLOW}Step 6: Verifying deployment...${NC}"
|
||||
ssh "$BIGBOX" << VERIFYSCRIPT
|
||||
set -e
|
||||
cd $REMOTE_DIR
|
||||
|
||||
|
||||
echo ""
|
||||
echo "=== Service Health Checks ==="
|
||||
|
||||
|
||||
# Check Gitea (direct)
|
||||
if curl -s -o /dev/null -w '%{http_code}' http://localhost:3000/api/healthz | grep -q "200"; then
|
||||
echo "✓ Gitea is healthy (localhost:3000)"
|
||||
else
|
||||
echo "✗ Gitea is not responding"
|
||||
fi
|
||||
|
||||
|
||||
# Check S3 (Tailscale)
|
||||
if curl -s http://${TAILSCALE_IP}:8333 > /dev/null 2>&1; then
|
||||
echo "✓ SeaweedFS S3 is responding (${TAILSCALE_IP}:8333)"
|
||||
else
|
||||
echo "✗ SeaweedFS S3 is not responding"
|
||||
fi
|
||||
|
||||
|
||||
# Check Prometheus (Tailscale)
|
||||
if curl -s http://${TAILSCALE_IP}:9000/-/healthy > /dev/null 2>&1; then
|
||||
echo "✓ Prometheus is healthy (${TAILSCALE_IP}:9000)"
|
||||
else
|
||||
echo "✗ Prometheus is not responding"
|
||||
fi
|
||||
|
||||
|
||||
# Check SSH port
|
||||
if nc -zv localhost 222 2>&1 | grep -q succeeded; then
|
||||
echo "✓ SSH port is open (port 222)"
|
||||
else
|
||||
echo "✗ SSH port is not responding"
|
||||
fi
|
||||
|
||||
|
||||
# Check Caddy
|
||||
if pgrep -x caddy > /dev/null; then
|
||||
echo "✓ Caddy is running"
|
||||
else
|
||||
echo "✗ Caddy is not running"
|
||||
fi
|
||||
|
||||
|
||||
echo ""
|
||||
echo "=== Container Status ==="
|
||||
docker compose ps
|
||||
|
||||
|
||||
echo ""
|
||||
echo "=== Recent Logs ==="
|
||||
docker compose logs --tail=10
|
||||
|
||||
@@ -167,4 +167,4 @@ services:
|
||||
# - 18080:8080
|
||||
# environment:
|
||||
# - USER_UID=1000
|
||||
# - USER_GID=1000
|
||||
# - USER_GID=1000
|
||||
|
||||
@@ -11,4 +11,4 @@ scrape_configs:
|
||||
- 'master:9324'
|
||||
- 'volume:9325'
|
||||
- 'filer:9326'
|
||||
- 's3:9327'
|
||||
- 's3:9327'
|
||||
|
||||
Reference in New Issue
Block a user