From be6993dada0327401aa51c332e7ef65996a85710 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zoran=20Peri=C4=8Di=C4=87?= Date: Tue, 17 Mar 2026 23:59:16 +0100 Subject: [PATCH] v1.25.4-1 --- 50-gitea-container.conf | 6 + 50-gitea-service.conf | 6 + app.ini | 460 ++++++++++++++++++++++++++++++++++ gitea-container-database.conf | 3 + gitea-database.conf | 12 + gitea-db-credentials.conf | 4 + gitea-db-pod.conf | 2 + gitea-db-publish.conf | 2 + gitea-db.container | 21 ++ gitea-keys | 5 + gitea-pod-enable.conf | 2 + gitea-shim | 2 + gitea-sudoers | 1 + gitea.container | 27 ++ gitea.pod | 5 + gitea.service | 17 ++ gitea.spec | 215 ++++++++++++++++ gitea.sysusers | 2 + gitea.tmpfiles | 1 + 19 files changed, 793 insertions(+) create mode 100644 50-gitea-container.conf create mode 100644 50-gitea-service.conf create mode 100644 app.ini create mode 100644 gitea-container-database.conf create mode 100644 gitea-database.conf create mode 100644 gitea-db-credentials.conf create mode 100644 gitea-db-pod.conf create mode 100644 gitea-db-publish.conf create mode 100644 gitea-db.container create mode 100644 gitea-keys create mode 100644 gitea-pod-enable.conf create mode 100644 gitea-shim create mode 100644 gitea-sudoers create mode 100644 gitea.container create mode 100644 gitea.pod create mode 100644 gitea.service create mode 100644 gitea.spec create mode 100644 gitea.sysusers create mode 100644 gitea.tmpfiles diff --git a/50-gitea-container.conf b/50-gitea-container.conf new file mode 100644 index 0000000..79406d4 --- /dev/null +++ b/50-gitea-container.conf @@ -0,0 +1,6 @@ +Match User git + AuthorizedKeysCommand /usr/libexec/gitea-keys %u %t %k + AuthorizedKeysCommandUser root + PasswordAuthentication no + GSSAPIAuthentication no + AuthenticationMethods publickey diff --git a/50-gitea-service.conf b/50-gitea-service.conf new file mode 100644 index 0000000..40db4b9 --- /dev/null +++ b/50-gitea-service.conf @@ -0,0 +1,6 @@ +Match User git + AuthorizedKeysCommand /usr/libexec/gitea keys -c /etc/gitea/app.ini -e git -u %u -t %t -k %k + AuthorizedKeysCommandUser git + PasswordAuthentication no + GSSAPIAuthentication no + AuthenticationMethods publickey diff --git a/app.ini b/app.ini new file mode 100644 index 0000000..ce58fb8 --- /dev/null +++ b/app.ini @@ -0,0 +1,460 @@ +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; General Settings +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; App name that shows in every page title +APP_NAME = Gitea: Git with a cup of tea +;; +;; The user Gitea runs as +RUN_USER = git +;; +;; Application run mode: "dev" or "prod" +RUN_MODE = prod +;; +;; The working directory +WORK_PATH = /var/lib/gitea + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[server] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Protocol: "http", "https", "http+unix", "fcgi" or "fcgi+unix" +PROTOCOL = http +;; +;; Domain name for the server +DOMAIN = localhost +;; +;; Public URL used in links, set this to your real URL when using a reverse proxy +ROOT_URL = http://localhost:3000/ +;; +;; Local (DMZ) URL for Gitea workers (such as SSH update) +;;LOCAL_ROOT_URL = https://gitea.example.com +;; +;; Default path for App data +;APP_DATA_PATH = data +;; +;; Listen address +;HTTP_ADDR = 0.0.0.0 +;; +;; Listen port +HTTP_PORT = 3000 +;; +;; Disable SSH feature +;DISABLE_SSH = false +;; +;; Whether to use the builtin SSH server or not +START_SSH_SERVER = false +;; +;; Username for the builtin SSH server (defaults to RUN_USER) +;BUILTIN_SSH_SERVER_USER = git +;; +;; SSH domain name to be exposed in clone URL +;SSH_DOMAIN = localhost +;; +;; SSH port displayed in clone URLs +SSH_PORT = 22 +;; +;; The port the builtin SSH server should listen on (defaults to SSH_PORT) +;SSH_LISTEN_PORT = +;; +;; Do not manage authorized_keys (using AuthorizedKeysCommand instead) +SSH_CREATE_AUTHORIZED_KEYS_FILE = false +;; +;; Show SSH clone URL to anonymous visitors +SSH_EXPOSE_ANONYMOUS = false +;; +;; Landing page: "home", "explore", "organizations", "login" +;LANDING_PAGE = home +;; +;; Enable gzip compression +;ENABLE_GZIP = false +;; +;; Enable git-lfs support +LFS_START_SERVER = true +;; +;; LFS authentication secret +;LFS_JWT_SECRET = +;; +;; Offline mode (disable CDN) +;OFFLINE_MODE = true +;; +;; Static resource cache time +;STATIC_CACHE_TIME = 6h + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[database] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Database type: "mysql", "postgres", "mssql" or "sqlite3" +DB_TYPE = postgres +;; +;; Database host (can use socket e.g. /var/run/postgresql/) +HOST = 127.0.0.1:5432 +;; +;; Database name +NAME = gitea +;; +;; Database user +USER = gitea +;; +;; Database password (use backticks for special chars: PASSWD = `pass`) +PASSWD = gitea +;; +;; For PostgreSQL: "disable", "require", or "verify-full" +;SSL_MODE = disable +;; +;; Schema for PostgreSQL +;SCHEMA = +;; +;; Database path (for sqlite3 only) +;PATH = +;; +;; Show SQL in logs +;LOG_SQL = false +;; +;; Max idle database connections +;MAX_IDLE_CONNS = 2 +;; +;; Max open database connections (0 = unlimited) +;MAX_OPEN_CONNS = 0 +;; +;; Connection max lifetime +;CONN_MAX_LIFETIME = 3s +;; +;; Auto run database migrations +;AUTO_MIGRATION = true + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[security] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Disable the installer after first setup +;INSTALL_LOCK = false +;; +;; Global secret key (VERY IMPORTANT - do not lose!) +;SECRET_KEY = +;; Or use a file: +;SECRET_KEY_URI = file:/etc/gitea/secret_key +;; +;; Internal communication token +;INTERNAL_TOKEN = +;; Or use a file: +;INTERNAL_TOKEN_URI = file:/etc/gitea/internal_token +;; +;; Minimum password length +;MIN_PASSWORD_LENGTH = 8 +;; +;; Password complexity: "lower,upper,digit,spec" or "off" +;PASSWORD_COMPLEXITY = off +;; +;; Password hash algorithm: "argon2", "pbkdf2", "scrypt" or "bcrypt" +;PASSWORD_HASH_ALGO = pbkdf2 +;; +;; Disable custom git hooks (security: allows arbitrary code execution) +;DISABLE_GIT_HOOKS = true +;; +;; Reverse proxy auth headers (for SSO setups) +;REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER +;REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL +;REVERSE_PROXY_LIMIT = 1 +;REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[oauth2] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Enable OAuth2 provider +;ENABLED = true +;; +;; JWT signing algorithm: HS256, RS256, ES256, EdDSA, etc. +;JWT_SIGNING_ALGORITHM = RS256 +;; +;; OAuth2 JWT secret (for HS256/HS384/HS512) +;JWT_SECRET = +;; +;; OAuth2 access token lifetime (seconds) +;ACCESS_TOKEN_EXPIRATION_TIME = 3600 +;; +;; OAuth2 refresh token lifetime (hours) +;REFRESH_TOKEN_EXPIRATION_TIME = 730 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[service] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Require email confirmation for new registrations +;REGISTER_EMAIL_CONFIRM = false +;; +;; Disable self-registration (admin creates accounts only) +DISABLE_REGISTRATION = true +;; +;; Require sign-in to view anything +;; Set to "expensive" to block anonymous crawlers from code pages +;REQUIRE_SIGNIN_VIEW = false +;; +;; Enable mail notifications +;ENABLE_NOTIFY_MAIL = false +;; +;; Enable basic auth with password (disable to force OAuth2/tokens only) +;ENABLE_BASIC_AUTHENTICATION = true +;; +;; Allow registration only using third-party services +;ALLOW_ONLY_EXTERNAL_REGISTRATION = false +;; +;; Enable captcha validation for registration +;ENABLE_CAPTCHA = false +;; +;; Enable heatmap on users profiles +;ENABLE_USER_HEATMAP = true +;; +;; Default value for KeepEmailPrivate +;DEFAULT_KEEP_EMAIL_PRIVATE = false +;; +;; Default value for AllowCreateOrganization +;DEFAULT_ALLOW_CREATE_ORGANIZATION = true +;; +;; Default value for EnableTimetracking +;DEFAULT_ENABLE_TIMETRACKING = true +;; +;; Default visibility for new organizations: "public", "limited", "private" +;DEFAULT_ORG_VISIBILITY = public +;; +;; No-reply mail address +;NO_REPLY_ADDRESS = noreply.localhost + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[log] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Log root path +ROOT_PATH = log +;; +;; Log mode: "console", "file" or "conn" (comma-separated for multiple) +MODE = console +;; +;; Log level: "Trace", "Debug", "Info", "Warn", "Error", "None" +LEVEL = Info +;; +;; Enable SSH request logging +;ENABLE_SSH_LOG = false + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[mailer] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Enable mail sending +ENABLED = false +;; +;; Mail protocol: "smtp", "smtps", "smtp+starttls", "smtp+unix", "sendmail", "dummy" +;PROTOCOL = smtp +;; +;; SMTP server address (hostname only, without port) +;SMTP_ADDR = localhost +;; +;; SMTP server port (25, 465, 587) +;SMTP_PORT = 25 +;; +;; Mail from address +;FROM = gitea@localhost + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[cache] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Cache adapter: "memory", "redis", "redis-cluster", "twoqueue", "memcache" +;ADAPTER = memory +;; +;; Cache interval (seconds), for memory cache only +;INTERVAL = 60 +;; +;; Cache connection string (for redis/memcache) +;HOST = + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[session] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Session provider: "memory", "file", "redis", "redis-cluster", "db", "mysql", "couchbase", "memcache", "postgres" +PROVIDER = file +;; +;; Provider config (file path for "file", connection string for redis/db) +;PROVIDER_CONFIG = data/sessions +;; +;; Session cookie name +;COOKIE_NAME = i_like_gitea +;; +;; Session GC interval (seconds) +;GC_INTERVAL_TIME = 86400 +;; +;; Session life time (seconds) +;SESSION_LIFE_TIME = 86400 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[picture] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Path for uploaded avatars +;AVATAR_UPLOAD_PATH = data/avatars +;; +;; Path for repository avatars +;REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars +;; +;; Gravatar source: gravatar, libravatar or a custom URL +;GRAVATAR_SOURCE = gravatar +;; +;; Disable Gravatar/Libravatar +;DISABLE_GRAVATAR = true + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[attachment] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Enable attachments +;ENABLED = true +;; +;; Path for attachments +;PATH = data/attachments +;; +;; Max attachment size (MB) +;MAX_SIZE = 256 +;; +;; Max number of attachments per upload +;MAX_FILES = 10 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[indexer] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Issue indexer type: "bleve", "db", "elasticsearch", "meilisearch" +;ISSUE_INDEXER_TYPE = bleve +;; +;; Code indexer enabled +;REPO_INDEXER_ENABLED = false +;; +;; Code indexer type: "bleve", "elasticsearch" +;REPO_INDEXER_TYPE = bleve + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[repository] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Root path for storing repositories +ROOT = data/git/repositories +;; +;; Default branch name for new repos +;DEFAULT_BRANCH = main +;; +;; Default private when creating a new repository +;DEFAULT_PRIVATE = last +;; +;; Max creation limit per user (-1 = unlimited) +;MAX_CREATION_LIMIT = -1 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[repository.local] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Local repository copy path for temporary operations +;LOCAL_COPY_PATH = tmp/local-repo + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[repository.upload] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Temp path for uploads +;TEMP_PATH = data/tmp/uploads + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[repository.pull-request] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Default merge style: "merge", "rebase", "rebase-merge", "squash", "fast-forward-only" +;DEFAULT_MERGE_STYLE = merge + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[repository.signing] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Default trust model: "collaborator", "committer", "collaboratorcommitter" +;DEFAULT_TRUST_MODEL = committer + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[lfs] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; LFS storage path +PATH = data/git/lfs + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[webhook] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Allowed hosts for webhooks (CIDR list, empty = allow all) +;ALLOWED_HOST_LIST = external +;; +;; Queue length +;QUEUE_LENGTH = 1000 +;; +;; Deliver timeout (seconds) +;DELIVER_TIMEOUT = 5 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[api] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Enable Swagger UI +;ENABLE_SWAGGER = true +;; +;; Max items per page in API responses +;MAX_RESPONSE_ITEMS = 50 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[openid] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Enable OpenID sign-in +ENABLE_OPENID_SIGNIN = false +;; +;; Enable OpenID sign-up +ENABLE_OPENID_SIGNUP = false + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[actions] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Enable Gitea Actions (CI/CD) +;ENABLED = true +;; +;; Default platform for action plugins: "github" for https://github.com, "self" for current Gitea instance +DEFAULT_ACTIONS_URL = github + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[packages] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Enable package registry +;ENABLED = true + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[mirror] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Enable repository mirroring +;ENABLED = true +;; +;; Minimum mirror interval (e.g. "1h", "10m") +;MIN_INTERVAL = 10m + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[metrics] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Enable Prometheus metrics endpoint (/metrics) +;ENABLED = false +;; +;; Require token for metrics endpoint +;TOKEN = + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[cron] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Enable cron tasks +;ENABLED = true +;; +;; Run cron tasks at start +;RUN_AT_START = false + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[cron.update_checker] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Enable update checker +;ENABLED = false + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +[git] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; The HOME directory for Git, contains .gitconfig and possible .gnupg directories +;HOME_PATH = home +;; +;; Max lines in diff view +;MAX_GIT_DIFF_LINES = 1000 +;; +;; Max files in diff view +;MAX_GIT_DIFF_FILES = 100 +;; +;; Default commits range size +;COMMITS_RANGE_SIZE = 50 diff --git a/gitea-container-database.conf b/gitea-container-database.conf new file mode 100644 index 0000000..cdc377e --- /dev/null +++ b/gitea-container-database.conf @@ -0,0 +1,3 @@ +[Unit] +After=gitea-db.service +Wants=gitea-db.service diff --git a/gitea-database.conf b/gitea-database.conf new file mode 100644 index 0000000..55b0d38 --- /dev/null +++ b/gitea-database.conf @@ -0,0 +1,12 @@ +[Unit] +### +# Don't forget to add the database service dependencies +### +#Wants=postgresql.service +#After=postgresql.service +# +#Wants=memcached.service +#After=memcached.service +# +#Wants=redis.service +#After=redis.service diff --git a/gitea-db-credentials.conf b/gitea-db-credentials.conf new file mode 100644 index 0000000..7e800cc --- /dev/null +++ b/gitea-db-credentials.conf @@ -0,0 +1,4 @@ +[Container] +Environment=POSTGRES_USER=gitea +Environment=POSTGRES_PASSWORD=gitea +Environment=POSTGRES_DB=gitea diff --git a/gitea-db-pod.conf b/gitea-db-pod.conf new file mode 100644 index 0000000..6f57c0d --- /dev/null +++ b/gitea-db-pod.conf @@ -0,0 +1,2 @@ +[Container] +Pod=gitea.pod diff --git a/gitea-db-publish.conf b/gitea-db-publish.conf new file mode 100644 index 0000000..2e76430 --- /dev/null +++ b/gitea-db-publish.conf @@ -0,0 +1,2 @@ +[Container] +PublishPort=127.0.0.1:5432:5432 diff --git a/gitea-db.container b/gitea-db.container new file mode 100644 index 0000000..ba96108 --- /dev/null +++ b/gitea-db.container @@ -0,0 +1,21 @@ +[Unit] +Description=Gitea PostgreSQL Database + +[Container] +Image=docker.io/library/postgres:18.1-trixie +ContainerName=gitea-db +User=1000:1000 +Volume=/var/lib/gitea/postgresql:/var/lib/postgresql:z +Exec=postgres -c shared_buffers=256MB -c min_wal_size=80MB +HealthCmd=pg_isready -U gitea +HealthInterval=30s +HealthTimeout=10s +HealthRetries=5 +HealthStartPeriod=1m +HealthOnFailure=kill +LogDriver=journald + +[Service] +Restart=always +RestartSec=5 +TimeoutStartSec=900 diff --git a/gitea-keys b/gitea-keys new file mode 100644 index 0000000..5fe4e66 --- /dev/null +++ b/gitea-keys @@ -0,0 +1,5 @@ +#!/bin/sh +output=$(/usr/bin/gitea keys -c /etc/gitea/app.ini -e git -u "$1" -t "$2" -k "$3") +rc=$? +printf '%s\n' "$output" | sed 's|/usr/local/bin/gitea|/usr/bin/gitea|g' +exit "$rc" diff --git a/gitea-pod-enable.conf b/gitea-pod-enable.conf new file mode 100644 index 0000000..f612d8f --- /dev/null +++ b/gitea-pod-enable.conf @@ -0,0 +1,2 @@ +[Install] +WantedBy=multi-user.target diff --git a/gitea-shim b/gitea-shim new file mode 100644 index 0000000..17a0c76 --- /dev/null +++ b/gitea-shim @@ -0,0 +1,2 @@ +#!/bin/sh +exec sudo /usr/bin/podman exec -i gitea /app/gitea/gitea "$@" diff --git a/gitea-sudoers b/gitea-sudoers new file mode 100644 index 0000000..15e323a --- /dev/null +++ b/gitea-sudoers @@ -0,0 +1 @@ +git ALL=(root) NOPASSWD: /usr/bin/podman exec -i gitea /app/gitea/gitea * diff --git a/gitea.container b/gitea.container new file mode 100644 index 0000000..5a3e154 --- /dev/null +++ b/gitea.container @@ -0,0 +1,27 @@ +[Unit] +Description=Gitea - Git with a cup of tea + +[Container] +Image=docker.io/gitea/gitea:1.25.4-rootless +ContainerName=gitea +Pod=gitea.pod +Volume=/var/lib/gitea:/var/lib/gitea:z +Volume=/etc/gitea:/etc/gitea:z +Volume=/etc/localtime:/etc/localtime:ro +Environment=USER=git +Environment=USER_UID=1000 +Environment=USER_GID=1000 +Environment=HOME=/var/lib/gitea/git +Notify=healthy +HealthCmd=curl --fail --silent --output /dev/null http://localhost:3000/api/healthz +HealthInterval=30s +HealthTimeout=10s +HealthRetries=5 +HealthStartPeriod=120s +HealthOnFailure=kill +LogDriver=journald + +[Service] +Restart=always +RestartSec=5 +TimeoutStartSec=900 diff --git a/gitea.pod b/gitea.pod new file mode 100644 index 0000000..f6bd52a --- /dev/null +++ b/gitea.pod @@ -0,0 +1,5 @@ +[Pod] +PodName=gitea-pod +PublishPort=1240:3000 +UIDMap=0:0:124 124:1000:1 125:125:875 1000:124:1 1001:1001:64536 +GIDMap=0:0:124 124:1000:1 125:125:875 1000:124:1 1001:1001:64536 diff --git a/gitea.service b/gitea.service new file mode 100644 index 0000000..3760635 --- /dev/null +++ b/gitea.service @@ -0,0 +1,17 @@ +[Unit] +Description=Gitea - Git with a cup of tea +After=network.target + +[Service] +Type=notify +User=git +Group=git +WorkingDirectory=/var/lib/gitea +Environment=GITEA_WORK_DIR=/var/lib/gitea +Environment=HOME=/var/lib/gitea/git +ExecStart=/usr/libexec/gitea web --config /etc/gitea/app.ini +Restart=always +RestartSec=3 + +[Install] +WantedBy=multi-user.target diff --git a/gitea.spec b/gitea.spec new file mode 100644 index 0000000..09fd82e --- /dev/null +++ b/gitea.spec @@ -0,0 +1,215 @@ +Name: gitea +Version: 1.25.4 +Release: 1%{?dist} +Summary: Gitea - Git with a cup of tea +License: MIT +Group: System Environment/Base +URL: https://gitea.com + +Source0: https://dl.gitea.com/gitea/%{version}/gitea-%{version}-linux-amd64 +Source1: https://dl.gitea.com/gitea/%{version}/gitea-%{version}-linux-arm64 +Source10: gitea.service +Source11: gitea.sysusers +Source12: gitea.tmpfiles +Source13: app.ini +Source14: 50-gitea-service.conf +Source15: 50-gitea-container.conf +Source16: gitea.container +Source17: gitea-keys +Source18: gitea-shim +Source19: gitea-database.conf +Source20: gitea.pod +Source21: gitea-db.container +Source22: gitea-pod-enable.conf +Source23: gitea-container-database.conf +Source24: gitea-db-pod.conf +Source25: gitea-db-publish.conf +Source26: gitea-sudoers +Source27: gitea-db-credentials.conf + +ExclusiveArch: x86_64 aarch64 + +BuildRequires: systemd-rpm-macros + +%description +Gitea is a painless self-hosted all-in-one software development service. +It includes Git hosting, code review, team collaboration, package registry +and CI/CD. + +%package service +Summary: Gitea systemd service (native binary) +Requires: %{name} = %{version}-%{release} +Requires: git +Conflicts: %{name}-container +%{?systemd_requires} + +%description service +Runs Gitea as a native binary under systemd. Includes the gitea binary, +systemd unit, and SSH passthrough configuration. + +%package container +Summary: Gitea container (Podman quadlet) +Requires: %{name} = %{version}-%{release} +Requires: podman +Requires: containers-common +Conflicts: %{name}-service + +%description container +Runs Gitea as a Podman container via quadlet. Includes the container +definition, SSH passthrough shim, and sshd configuration. + +%package postgresql +Summary: PostgreSQL database support for Gitea +Requires: podman +Requires: containers-common +Requires: %{name} = %{version}-%{release} + +%description postgresql +Provides PostgreSQL database integration for Gitea. When used with +gitea-service, adds a systemd dependency on postgresql.service. When used +with gitea-container, ships a PostgreSQL container (gitea-db) in the pod. + +%install +%{__rm} -rf %{buildroot} + +# Binary (for -service subpackage) → libexec +install -d -m 755 %{buildroot}%{_libexecdir} +%ifarch x86_64 +install -m 755 %{SOURCE0} %{buildroot}%{_libexecdir}/gitea +%endif + +%ifarch aarch64 +install -m 755 %{SOURCE1} %{buildroot}%{_libexecdir}/gitea +%endif + +# Shim (for -container subpackage) +install -d -m 755 %{buildroot}%{_libexecdir} +install -m 755 %{SOURCE18} %{buildroot}%{_libexecdir}/gitea-container + +# Base: sysusers, tmpfiles, config +install -p -D -m 644 %{SOURCE11} %{buildroot}%{_sysusersdir}/gitea.conf +install -p -D -m 644 %{SOURCE12} %{buildroot}%{_tmpfilesdir}/gitea.conf + +install -d -m 770 %{buildroot}%{_sysconfdir}/gitea +install -m 640 %{SOURCE13} %{buildroot}%{_sysconfdir}/gitea/app.ini + +# Base: data dirs +install -d -m 750 %{buildroot}%{_sharedstatedir}/gitea +install -d -m 750 %{buildroot}%{_sharedstatedir}/gitea/custom +install -d -m 750 %{buildroot}%{_sharedstatedir}/gitea/data +install -d -m 750 %{buildroot}%{_sharedstatedir}/gitea/data/git +install -d -m 750 %{buildroot}%{_sharedstatedir}/gitea/data/git/repositories +install -d -m 750 %{buildroot}%{_sharedstatedir}/gitea/data/git/lfs +install -d -m 750 %{buildroot}%{_sharedstatedir}/gitea/log + +# Service subpackage +install -p -D -m 644 %{SOURCE10} %{buildroot}%{_unitdir}/gitea.service +install -p -D -m 644 %{SOURCE14} %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/50-gitea.conf +install -p -D -m 644 %{SOURCE25} %{buildroot}%{_datadir}/containers/systemd/gitea-db.container.d/publish.conf + +# Container subpackage +install -p -D -m 644 %{SOURCE15} %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/50-gitea.conf +install -p -D -m 644 %{SOURCE16} %{buildroot}%{_datadir}/containers/systemd/gitea.container +install -p -D -m 644 %{SOURCE20} %{buildroot}%{_datadir}/containers/systemd/gitea.pod +install -p -D -m 644 %{SOURCE22} %{buildroot}%{_sysconfdir}/containers/systemd/gitea.pod.d/enable.conf +install -p -D -m 755 %{SOURCE17} %{buildroot}%{_libexecdir}/gitea-keys +install -p -D -m 644 %{SOURCE24} %{buildroot}%{_datadir}/containers/systemd/gitea-db.container.d/pod.conf +install -p -D -m 440 %{SOURCE26} %{buildroot}%{_sysconfdir}/sudoers.d/gitea + +# PostgreSQL subpackage +install -d -m 750 %{buildroot}%{_sharedstatedir}/gitea/postgresql +install -p -D -m 644 %{SOURCE19} %{buildroot}%{_sysconfdir}/containers/systemd/gitea.service.d/database.conf +install -p -D -m 644 %{SOURCE21} %{buildroot}%{_datadir}/containers/systemd/gitea-db.container +install -p -D -m 644 %{SOURCE23} %{buildroot}%{_datadir}/containers/systemd/gitea.container.d/database.conf +install -p -D -m 644 %{SOURCE27} %{buildroot}%{_sysconfdir}/containers/systemd/gitea-db.container.d/credentials.conf + +%pre +%sysusers_create_compat %{SOURCE11} + +%post service +%systemd_post gitea.service + +%posttrans service +ln -sf %{_libexecdir}/gitea %{_bindir}/gitea + +%preun service +%systemd_preun gitea.service + +%postun service +%systemd_postun gitea.service +if [ $1 -eq 0 ]; then + rm -f %{_bindir}/gitea +fi + +%post container +%systemd_post gitea.service + +%posttrans container +ln -sf %{_libexecdir}/gitea-container %{_bindir}/gitea + +%preun container +%systemd_preun gitea.service +if [ $1 -eq 0 ]; then + rm -f %{_bindir}/gitea +fi + +%postun container +%systemd_postun gitea.service + +%clean +%{__rm} -rf %{buildroot} + +%files +%defattr(-,root,root,-) +%{_sysusersdir}/gitea.conf +%{_tmpfilesdir}/gitea.conf + +%dir %attr(0770,root,git) %{_sysconfdir}/gitea +%config(noreplace) %attr(0640,root,git) %{_sysconfdir}/gitea/app.ini + +%dir %attr(0750,git,git) %{_sharedstatedir}/gitea +%dir %attr(0750,git,git) %{_sharedstatedir}/gitea/custom +%dir %attr(0750,git,git) %{_sharedstatedir}/gitea/data +%dir %attr(0750,git,git) %{_sharedstatedir}/gitea/data/git +%dir %attr(0750,git,git) %{_sharedstatedir}/gitea/data/git/repositories +%dir %attr(0750,git,git) %{_sharedstatedir}/gitea/data/git/lfs +%dir %attr(0750,git,git) %{_sharedstatedir}/gitea/log + +%files service +%defattr(-,root,root,-) +%{_libexecdir}/gitea +%ghost %{_bindir}/gitea +%attr(0644,root,root) %{_unitdir}/gitea.service +%config(noreplace) %{_sysconfdir}/ssh/sshd_config.d/50-gitea.conf +%{_datadir}/containers/systemd/gitea-db.container.d/publish.conf + +%files container +%defattr(-,root,root,-) +%attr(0755,root,root) %{_libexecdir}/gitea-container +%ghost %{_bindir}/gitea +%config(noreplace) %{_sysconfdir}/ssh/sshd_config.d/50-gitea.conf +%{_datadir}/containers/systemd/gitea.container +%{_datadir}/containers/systemd/gitea.pod +%dir %{_sysconfdir}/containers/systemd/gitea.pod.d +%config(noreplace) %{_sysconfdir}/containers/systemd/gitea.pod.d/enable.conf +%attr(0755,root,root) %{_libexecdir}/gitea-keys +%dir %{_datadir}/containers/systemd/gitea-db.container.d +%{_datadir}/containers/systemd/gitea-db.container.d/pod.conf +%attr(0440,root,root) %{_sysconfdir}/sudoers.d/gitea + +%files postgresql +%defattr(-,root,root,-) +%dir %attr(0750,git,git) %{_sharedstatedir}/gitea/postgresql +# For -service: systemd drop-in adding postgresql.service dependency +%dir %{_sysconfdir}/containers/systemd/gitea.service.d +%config(noreplace) %{_sysconfdir}/containers/systemd/gitea.service.d/database.conf +# For -container: gitea-db container + drop-in wiring it to gitea +%{_datadir}/containers/systemd/gitea-db.container +%dir %{_datadir}/containers/systemd/gitea.container.d +%config(noreplace) %{_datadir}/containers/systemd/gitea.container.d/database.conf +%dir %{_sysconfdir}/containers/systemd/gitea-db.container.d +%config(noreplace) %{_sysconfdir}/containers/systemd/gitea-db.container.d/credentials.conf + +%changelog +* Wed Mar 18 2026 Zoran Pericic - 1.25.4-1 +- Initial package with service, container and postgresql subpackages diff --git a/gitea.sysusers b/gitea.sysusers new file mode 100644 index 0000000..d02c7c7 --- /dev/null +++ b/gitea.sysusers @@ -0,0 +1,2 @@ +g git 124 +u git 124:124 "Git Version Control" /var/lib/gitea /bin/bash diff --git a/gitea.tmpfiles b/gitea.tmpfiles new file mode 100644 index 0000000..9f3fc5e --- /dev/null +++ b/gitea.tmpfiles @@ -0,0 +1 @@ +d /run/gitea 0755 git git -