add postgresdb alternative

Reviewed-on: #29

.env.sample

@@ -2,6 +2,9 @@ TYPE=gitea
 
 DOMAIN=gitea.example.com
 LETS_ENCRYPT_ENV=production
+COMPOSE_FILE="compose.yml"
+COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
+# COMPOSE_FILE="$COMPOSE_FILE:compose.postgres.yml"
 
 GITEA_DOMAIN=git.example.com
 GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION=true
@@ -11,6 +14,8 @@ GITEA_DISABLE_REGISTRATION=false
 GITEA_ENABLE_NOTIFY_MAIL=true
 GITEA_ENABLE_OPENID_SIGNIN=true
 GITEA_ENABLE_OPENID_SIGNUP=true
+GITEA_DISABLE_GRAVATAR=false
+GITEA_ENABLE_FEDERATED_AVATAR=true
 
 GITEA_MAILER_FROM=noreply@example.com
 GITEA_MAILER_USER=noreply@example.com
@@ -25,7 +30,15 @@ SECRET_JWT_SECRET_VERSION=v1 # length=43
 SECRET_SECRET_KEY_VERSION=v1 # length=64
 
 # SMTP Mailer
-# COMPOSE_FILE="compose.yml:compose.smtp.yml"
+# COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 # GITEA_SMTP_MAILER_ENABLED=1
 # GITEA_MAILER_HOST=mail.gandi.net:465
 # SECRET_SMTP_PASSWORD_VERSION=v1
+
+# OATH2 Options
+# GITEA_REGISTER_EMAIL_CONFIRM=replace-me
+# GITEA_REGISTER_EMAIL_CONFIRM=replace-me
+# GITEA_OAUTH2_USERNAME=replace-me
+# GITEA_UPDATE_AVATAR=replace-me
+# GITEA_ACCOUNT_LINKING=replace-me
+# GITEA_OAUTH2_CLIENT_ENABLED=replace-me

README.md

@@ -1,18 +1,16 @@
 # Gitea
 
-[![Build Status](https://drone.coopcloud.tech/api/badges/coop-cloud/gitea/status.svg)](https://drone.coopcloud.tech/coop-cloud/gitea)
+[![Build Status](https://build.coopcloud.tech/api/badges/coop-cloud/gitea/status.svg)](https://build.coopcloud.tech/coop-cloud/gitea)
 
 <!-- metadata -->
-
+* **Category**: Development
-- **Category**: Development
+* **Status**: 3, stable
-- **Status**: ❷💛
+* **Image**: [`gitea/gitea`](https://hub.docker.com/gitea/gitea), 4, upstream
-- **Image**: [`gitea/gitea`](https://hub.docker.com/gitea/gitea), ❶💚, upstream
+* **Healthcheck**: Yes
-- **Healthcheck**: Yes
+* **Backups**: Yes
-- **Backups**: No
+* **Email**: ?
-- **Email**: ?
+* **Tests**: 2
-- **Tests**: ❷💛
+* **SSO**: 3 (OAuth)
-- **SSO**: ❶💚 (OAuth)
-
 <!-- endmetadata -->
 
 ## Basic usage
@@ -24,3 +22,40 @@
 4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
    your Docker swarm box
 5. `abra app YOURAPPDOMAIN deploy`
+
+## Create first user
+
+Run
+
+```bash
+abra app run YOURAPPNAME app gitea -c /etc/gitea/app.ini admin user create --username USERNAME --admin --random-password --email EMAIL
+```
+
+See the [Gitea command-line documentation](https://docs.gitea.io/en-us/command-line/) for more options.  Make sure not to forget the `-c /etc/gitea/app.ini`.
+
+## Enable SSH
+
+You most certainly want to be able to access your repository over SSH.  To do so, make sure you uncomment the right lines in the configuration for `traefik`.
+```
+abra app config YOURTRAEFIKAPP
+```
+There uncomment or add these lines:
+```
+GITEA_SSH_ENABLED=1
+COMPOSE_FILE="compose.yml:compose.gitea.yml"
+```
+Then redeploy traefik:
+```
+abra app undeploy YOURTRAEFIKAPP
+abra app deploy YOURTRAEFIKAPP
+```
+You might need to wait a bit.  To check if it worked, you can run
+```
+telnet my.gitea.example.com 2222
+```
+Once you have added a public SSH key, you can check that you can connect to your gitea server with
+```
+ssh -T -p 2222 git@my.gitea.example.com
+```
+
+Note that gitea should be configured to listen to port 2222, i.e. `GITEA_SSH_PORT=2222` in the gitea config.

abra.sh

@@ -1,2 +1,14 @@
-export APP_INI_VERSION=v7
+export APP_INI_VERSION=v9
 export DOCKER_SETUP_SH_VERSION=v1
+
+abra_backup_app() {
+  _abra_backup_dir "app:/var/lib/gitea"
+}
+
+abra_backup_db() {
+  _abra_backup_mysql "db" "gitea"
+}
+
+abra_backup() {
+  abra_backup_app && abra_backup_db
+}

app.ini.tmpl

@@ -7,6 +7,10 @@ NAME = {{ env "GITEA_DB_NAME" }}
 PASSWD = {{ secret "db_password" }}
 USER = {{ env "GITEA_DB_USER" }}
 
+[picture]
+DISABLE_GRAVATAR = {{ env "GITEA_DISABLE_GRAVATAR" }}
+ENABLE_FEDERATED_AVATAR = {{ env "GITEA_ENABLE_FEDERATED_AVATAR" }}
+
 [service]
 ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ env "GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION" }}
 AUTO_WATCH_NEW_REPOS = {{ env "GITEA_AUTO_WATCH_NEW_REPOS" }}
@@ -53,6 +57,15 @@ MAILER_TYPE    = smtp
 IS_TLS_ENABLED = true
 {{ end }}
 
+{{ if eq (env "GITEA_OAUTH2_CLIENT_ENABLED") "1" }}
+[oauth2_client]
+REGISTER_EMAIL_CONFIRM = {{ env "GITEA_REGISTER_EMAIL_CONFIRM" }}
+ENABLE_AUTO_REGISTRATION = {{ env "GITEA_ENABLE_AUTO_REGISTRATION" }}
+USERNAME = {{ env "GITEA_OAUTH2_USERNAME" }}
+UPDATE_AVATAR = {{ env "GITEA_UPDATE_AVATAR" }}
+ACCOUNT_LINKING = {{ env "GITEA_ACCOUNT_LINKING" }}
+{{ end }}
+
 [markup.restructuredtext]
 ENABLED         = true
 FILE_EXTENSIONS = .rst

compose.mariadb.yml

@@ -0,0 +1,37 @@
+version: '3.8'
+
+services:
+  app:
+    environment:
+      - GITEA_DB_TYPE=mysql
+      - GITEA_DB_HOST="db:3306"
+      - GITEA_DB_NAME=gitea
+      - GITEA_DB_USER=gitea
+  db:
+    image: "mariadb:10.9"
+    command: |
+      mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
+    environment:
+      - MYSQL_DATABASE=gitea
+      - MYSQL_USER=gitea
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+    secrets:
+      - db_password
+      - db_root_password
+    volumes:
+      - "mariadb:/var/lib/mysql"
+    networks:
+      - internal
+
+secrets:
+  db_password:
+    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
+    external: true
+  db_root_password:
+    name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
+    external: true
+
+volumes:
+  mariadb:
+  internal:

compose.postgres.yml

@@ -0,0 +1,30 @@
+version: '3.8'
+
+services:
+  app:
+    environment:
+      - GITEA_DB_TYPE=postgres
+      - GITEA_DB_HOST="db:5432"
+      - GITEA_DB_NAME=gitea
+      - GITEA_DB_USER=gitea
+  db:
+    image: postgres:9.6
+    environment: 
+      - POSTGRES_DB=gitea
+      - POSTGRES_USER=gitea
+      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
+    secrets:
+      - db_password
+    volumes:
+      - db:/var/lib/postgresql/data
+    networks:
+      - internal
+
+secrets:
+  db_password:
+    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
+    external: true
+
+volumes:
+  db:
+  internal:

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "gitea/gitea:1.15.3-rootless"
+    image: "gitea/gitea:1.17.3-rootless"
     configs:
       - source: app_ini
         target: /etc/gitea/app.ini
@@ -19,10 +19,6 @@ services:
       - GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION
       - GITEA_APP_NAME
       - GITEA_AUTO_WATCH_NEW_REPOS
-      - GITEA_DB_HOST="db:3306"
-      - GITEA_DB_NAME=gitea
-      - GITEA_DB_TYPE=mysql
-      - GITEA_DB_USER=gitea
       - GITEA_DISABLE_REGISTRATION
       - GITEA_DOMAIN=${DOMAIN}
       - GITEA_ENABLE_NOTIFY_MAIL
@@ -30,6 +26,14 @@ services:
       - GITEA_ENABLE_OPENID_SIGNUP
       - GITEA_SMTP_MAILER_ENABLED
       - GITEA_SSH_PORT
+      - GITEA_DISABLE_GRAVATAR
+      - GITEA_ENABLE_FEDERATED_AVATAR
+      - GITEA_REGISTER_EMAIL_CONFIRM
+      - GITEA_ENABLE_AUTO_REGISTRATION
+      - GITEA_OAUTH2_USERNAME
+      - GITEA_UPDATE_AVATAR
+      - GITEA_ACCOUNT_LINKING
+      - GITEA_OAUTH2_CLIENT_ENABLED
     volumes:
       - data:/var/lib/gitea
       - config:/etc/gitea
@@ -51,24 +55,8 @@ services:
         - "traefik.tcp.routers.${STACK_NAME}-ssh.rule=HostSNI(`*`)"
         - "traefik.tcp.routers.${STACK_NAME}-ssh.entrypoints=gitea-ssh"
         - "traefik.tcp.services.${STACK_NAME}-ssh.loadbalancer.server.port=${GITEA_SSH_PORT}"
-        - coop-cloud.${STACK_NAME}.version=1.1.1+1.15.3-rootless
+        - coop-cloud.${STACK_NAME}.version=1.3.1+1.17.3-rootless
 
-  db:
-    image: "mariadb:10.6"
-    command: |
-      mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
-    environment:
-      - MYSQL_DATABASE=gitea
-      - MYSQL_USER=gitea
-      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
-      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
-    secrets:
-      - db_password
-      - db_root_password
-    volumes:
-      - "mariadb:/var/lib/mysql"
-    networks:
-      - internal
 
 networks:
   internal:
@@ -86,12 +74,6 @@ configs:
     template_driver: golang
 
 secrets:
-  db_password:
-    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
-    external: true
-  db_root_password:
-    name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
-    external: true
   internal_token:
     name: ${STACK_NAME}_internal_token_${SECRET_INTERNAL_TOKEN_VERSION}
     external: true
@@ -105,4 +87,3 @@ secrets:
 volumes:
   data:
   config:
-  mariadb: