1.3.0 Release gitea

2026-03-15 06:17:01 +09:00
parent 90277b2d4e
commit 8311fcf53e
12 changed files with 294 additions and 2 deletions
--- a/config/services/containers/app/gitea/gitea.container.j2
+++ b/config/services/containers/app/gitea/gitea.container.j2
@@ -0,0 +1,51 @@
+[Quadlet]
+DefaultDependencies=false
+
+[Unit]
+Description=Gitea
+
+After=network-online.target
+Wants=network-online.target
+
+[Container]
+Image=docker.io/gitea/gitea:{{ version['containers']['gitea'] }}
+
+ContainerName=gitea
+HostName=gitea
+
+PublishPort=3000:3000/tcp
+
+Volume=%h/data/containers/gitea:/data:rw
+Volume=%h/containers/gitea/ssl:/etc/ssl/gitea:ro
+
+# General
+Environment="TZ=Asia/Seoul"
+Environment="GITEA__server__DISABLE_SSH=true"
+# Database
+Environment="GITEA__database__DB_TYPE=postgres"
+Environment="GITEA__database__HOST={{ infra_uri['postgresql']['domain'] }}:{{ infra_uri['postgresql']['ports']['tcp'] }}"
+Environment="GITEA__database__NAME=gitea_db"
+Environment="GITEA__database__USER=gitea"
+Secret=GITEA__database__PASSWD,type=env
+Environment="GITEA__database__SSL_MODE=verify-full"
+Environment="PGSSLROOTCERT=/etc/ssl/gitea/ilnmors_root_ca.crt"
+# OAuth2 client
+Environment="GITEA__oauth2_client__ACCOUNT_LINKING=auto"
+# OIDC configuration
+Environment="GITEA__openid__ENABLE_OPENID_SIGNIN=false"
+Environment="GITEA__openid__ENABLE_OPENID_SIGNUP=true"
+Environment="GITEA__openid__WHITELISTED_URIS=authelia.ilnmors.com"
+# automatic create user via authelia
+Environment="GITEA__service__DISABLE_REGISTRATION=false"
+Environment="GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=true"
+Environment="GITEA__service__SHOW_REGISTRATION_BUTTON=false"
+
+
+[Service]
+ExecStartPre=/usr/bin/nc -zv {{ infra_uri['postgresql']['domain'] }} {{ infra_uri['postgresql']['ports']['tcp'] }}
+Restart=always
+RestartSec=10s
+TimeoutStopSec=120
+
+[Install]
+WantedBy=default.target
--- a/config/services/containers/auth/authelia/config/authelia.yaml.j2
+++ b/config/services/containers/auth/authelia/config/authelia.yaml.j2
@@ -131,3 +131,24 @@ identity_providers:
        userinfo_signed_response_alg: 'none'
        # [ client_secret_post | client_secret_basic ]
        token_endpoint_auth_method: 'client_secret_post'
+      # https://www.authelia.com/integration/openid-connect/clients/gitea/
+      - client_id: 'gitea'
+        client_name: 'gitea'
+        client_secret: '{{ hostvars['console']['gitea']['oidc']['hash'] }}'
+        public: false
+        authorization_policy: 'one_factor'
+        require_pkce: false
+        pkce_challenge_method: ''
+        redirect_uris:
+          - 'https://gitea.ilnmors.com/user/oauth2/authelia/callback'
+        scopes:
+          - 'openid'
+          - 'email'
+          - 'profile'
+        response_types:
+          - 'code'
+        grant_types:
+          - 'authorization_code'
+        access_token_signed_response_alg: 'none'
+        userinfo_signed_response_alg: 'none'
+        token_endpoint_auth_method: 'client_secret_basic'
--- a/config/services/containers/common/caddy/etc/app/Caddyfile.j2
+++ b/config/services/containers/common/caddy/etc/app/Caddyfile.j2
@@ -34,3 +34,9 @@ vault.app.ilnmors.internal {
               header_up Host {http.request.header.X-Forwarded-Host}
        }
 }
+gitea.app.ilnmors.internal {
+        import private_tls
+        reverse_proxy host.containers.internal:3000 {
+               header_up Host {http.request.header.X-Forwarded-Host}
+        }
+}
--- a/config/services/containers/common/caddy/etc/auth/Caddyfile.j2
+++ b/config/services/containers/common/caddy/etc/auth/Caddyfile.j2
@@ -72,6 +72,15 @@ vault.ilnmors.com {
                }
        }
 }
+gitea.ilnmors.com {
+        import crowdsec_log
+        route {
+                crowdsec
+                reverse_proxy https://gitea.app.ilnmors.internal {
+                        header_up Host {http.reverse_proxy.upstream.host}
+                }
+        }
+}

 # Internal domain
 auth.ilnmors.internal {