chore: publish 1.3.0+1.17.2-rootless release

Reviewed-on: #24

.drone.yml

@@ -3,21 +3,17 @@ kind: pipeline
 name: deploy to swarm-test.autonomic.zone
 steps:
   - name: deployment
-    image: thecoopcloud/stack-ssh-deploy:latest
+    image: decentral1se/stack-ssh-deploy:latest
     settings:
       host: swarm-test.autonomic.zone
       stack: gitea
-      networks:
-       - proxy
       generate_secrets: true
       purge: true
       deploy_key:
         from_secret: drone_ssh_swarm_test
-      compose: "compose.yml:compose.mariadb.yml"
     environment:
       APP_INI_VERSION: v1
       DOCKER_SETUP_SH_VERSION: v1
-      PG_BACKUP_VERSION: v1
       DOMAIN: gitea.swarm-test.autonomic.zone
       GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION: true
       GITEA_APP_NAME: Git with solidaritea
@@ -41,17 +37,11 @@ trigger:
     - master
 ---
 kind: pipeline
-name: generate recipe catalogue
+name: recipe release
 steps:
   - name: release a new version
-    image: plugins/downstream
+    image: thecoopcloud/drone-abra:latest
     settings:
-      server: https://build.coopcloud.tech
-      token:
-        from_secret: drone_abra-bot_token
-      fork: true
-      repositories:
-        - toolshed/auto-recipes-catalogue-json
-
-trigger:
-  event: tag
+      command: recipe gitea release
+      deploy_key:
+        from_secret: abra_bot_deploy_key

.env.sample

@@ -1,17 +1,9 @@
 TYPE=gitea
 
-DOMAIN=gitea.example.com
+DOMAIN={{ .Domain }}
 LETS_ENCRYPT_ENV=production
-COMPOSE_FILE="compose.yml"
-ENABLE_BACKUPS=true
-COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
-# COMPOSE_FILE="$COMPOSE_FILE:compose.sqlite3.yml"
-# COMPOSE_FILE="$COMPOSE_FILE:compose.postgres.yml"
-
-# Enable to use forgejo instead of gitea
-# COMPOSE_FILE="$COMPOSE_FILE:compose.forgejo.yml"
-# SECRET_LFS_JWT_SECRET_VERSION=v1 # length=43
 
+GITEA_DOMAIN=git.example.com
 GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION=true
 GITEA_APP_NAME="Git with solidaritea"
 GITEA_AUTO_WATCH_NEW_REPOS=false
@@ -21,24 +13,6 @@ GITEA_ENABLE_OPENID_SIGNIN=true
 GITEA_ENABLE_OPENID_SIGNUP=true
 GITEA_DISABLE_GRAVATAR=false
 GITEA_ENABLE_FEDERATED_AVATAR=true
-GITEA_LANDING_PAGE=organizations
-GITEA_SHOW_USER_EMAIL=false
-GITEA_DISABLE_REGULAR_ORG_CREATION=true
-GITEA_DEFAULT_KEEP_EMAIL_PRIVATE=true
-GITEA_DEFAULT_ALLOW_CREATE_ORGANIZATION=false
-GITEA_ENABLE_USER_HEATMAP=false
-GITEA_DEFAULT_USER_VISIBILITY=limited
-GITEA_ALLOWED_USER_VISIBILITY_MODES=limited,private
-GITEA_DEFAULT_ORG_VISIBILITY=limited
-GITEA_REQUIRE_SIGNIN_VIEW=true
-GITEA_ENABLE_PUSH_CREATE_USER=false
-GITEA_ENABLE_PUSH_CREATE_ORG=false
-GITEA_LFS_START_SERVER=false
-
-GITEA_REPO_UPLOAD_ENABLED=true
-GITEA_REPO_UPLOAD_ALLOWED_TYPES=*/*
-GITEA_REPO_UPLOAD_MAX_SIZE=50
-GITEA_REPO_UPLOAD_MAX_FILES=5
 
 GITEA_MAILER_FROM=noreply@example.com
 GITEA_MAILER_USER=noreply@example.com
@@ -53,27 +27,7 @@ SECRET_JWT_SECRET_VERSION=v1 # length=43
 SECRET_SECRET_KEY_VERSION=v1 # length=64
 
 # SMTP Mailer
-# COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
+# COMPOSE_FILE="compose.yml:compose.smtp.yml"
 # GITEA_SMTP_MAILER_ENABLED=1
-# GITEA_MAILER_ADDR=mail.gandi.net
-# GITEA_MAILER_PORT=465
+# GITEA_MAILER_HOST=mail.gandi.net:465
 # SECRET_SMTP_PASSWORD_VERSION=v1
-# GITEA_MAILER_PROTOCOL=smtps
-
-# OATH2 Options
-# GITEA_REGISTER_EMAIL_CONFIRM=replace-me
-# GITEA_REGISTER_EMAIL_CONFIRM=replace-me
-# GITEA_OAUTH2_USERNAME=replace-me
-# GITEA_UPDATE_AVATAR=replace-me
-# GITEA_ACCOUNT_LINKING=replace-me
-# GITEA_OAUTH2_CLIENT_ENABLED=replace-me
-
-# Lifetime of an OAuth2 refresh token in hours, prolly no need to edit. We
-# were hitting issues with infrequently pushed to repos that were not picked
-# up by drone after a month of inactivity, hence the option.
-# GITEA__oauth2__REFRESH_TOKEN_EXPIRATION_TIME=730
-
-# Indexer (for issue search)
-# GITEA_REPO_INDEXER_ENABLED=false
-# GITEA_ISSUE_INDEXER_TYPE=db
-# GITEA_STARTUP_TIMEOUT=-1

README.md

@@ -4,34 +4,31 @@
 
 <!-- metadata -->
 * **Category**: Development
-* **Status**: 5
+* **Status**: 3, stable
 * **Image**: [`gitea/gitea`](https://hub.docker.com/gitea/gitea), 4, upstream
 * **Healthcheck**: Yes
 * **Backups**: Yes
-* **Email**: Yes
+* **Email**: ?
 * **Tests**: 2
 * **SSO**: 3 (OAuth)
 <!-- endmetadata -->
 
 ## Basic usage
 
-1. [Set up Docker Swarm and `abra`][operators-tutorial]
+1. Set up Docker Swarm and [`abra`][abra]
 2. Deploy [`coop-cloud/traefik`][cc-traefik]
 3. `abra app new gitea --secrets` (optionally with `--pass` if you'd like
    to save secrets in `pass`)
-4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
+4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
    your Docker swarm box
-5. `abra app deploy YOURAPPDOMAIN`
-
-[operators-tutorial]: https://docs.coopcloud.tech/operators/tutorial/
-[cc-traefik]: https://git.coopcloud.tech/coop-cloud/traefik/
+5. `abra app YOURAPPDOMAIN deploy`
 
 ## Create first user
 
 Run
 
 ```bash
-abra app run YOURAPPNAME app -- gitea -c /etc/gitea/app.ini admin user create --username USERNAME --admin --random-password --email EMAIL
+abra app run YOURAPPNAME app gitea -c /etc/gitea/app.ini admin user create --username USERNAME --admin --random-password --email EMAIL
 ```
 
 See the [Gitea command-line documentation](https://docs.gitea.io/en-us/command-line/) for more options.  Make sure not to forget the `-c /etc/gitea/app.ini`.
@@ -39,34 +36,25 @@ See the [Gitea command-line documentation](https://docs.gitea.io/en-us/command-l
 ## Enable SSH
 
 You most certainly want to be able to access your repository over SSH.  To do so, make sure you uncomment the right lines in the configuration for `traefik`.
-
-```sh
+```
 abra app config YOURTRAEFIKAPP
 ```
-
 There uncomment or add these lines:
-
-```sh
+```
 GITEA_SSH_ENABLED=1
 COMPOSE_FILE="compose.yml:compose.gitea.yml"
 ```
-
 Then redeploy traefik:
-
-```sh
+```
 abra app undeploy YOURTRAEFIKAPP
 abra app deploy YOURTRAEFIKAPP
 ```
-
 You might need to wait a bit.  To check if it worked, you can run
-
-```sh
+```
 telnet my.gitea.example.com 2222
 ```
-
 Once you have added a public SSH key, you can check that you can connect to your gitea server with
-
-```sh
+```
 ssh -T -p 2222 git@my.gitea.example.com
 ```
 

abra.sh

@@ -1,6 +1,5 @@
-export APP_INI_VERSION=v21
+export APP_INI_VERSION=v8
 export DOCKER_SETUP_SH_VERSION=v1
-export PG_BACKUP_VERSION=v1
 
 abra_backup_app() {
   _abra_backup_dir "app:/var/lib/gitea"

app.ini.tmpl

@@ -2,15 +2,10 @@ APP_NAME = {{ env "GITEA_APP_NAME" }}
 
 [database]
 DB_TYPE = {{ env "GITEA_DB_TYPE" }}
-{{ if ne (env "GITEA_DB_TYPE") "sqlite3" }}
 HOST = {{ env "GITEA_DB_HOST" }}
 NAME = {{ env "GITEA_DB_NAME" }}
 PASSWD = {{ secret "db_password" }}
 USER = {{ env "GITEA_DB_USER" }}
-{{ else }}
-SQLITE_JOURNAL_MODE = {{ env "GITEA_SQLITE_JOURNAL_MODE" }}
-PATH = {{ env "GITEA_PATH" }}
-{{ end }}
 
 [picture]
 DISABLE_GRAVATAR = {{ env "GITEA_DISABLE_GRAVATAR" }}
@@ -21,13 +16,6 @@ ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ env "GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATIO
 AUTO_WATCH_NEW_REPOS = {{ env "GITEA_AUTO_WATCH_NEW_REPOS" }}
 DISABLE_REGISTRATION = {{ env "GITEA_DISABLE_REGISTRATION" }}
 ENABLE_NOTIFY_MAIL = {{ env "GITEA_ENABLE_NOTIFY_MAIL" }}
-DEFAULT_KEEP_EMAIL_PRIVATE = {{ env "GITEA_DEFAULT_KEEP_EMAIL_PRIVATE" }}
-DEFAULT_ALLOW_CREATE_ORGANIZATION = {{ env "GITEA_DEFAULT_ALLOW_CREATE_ORGANIZATION" }}
-ENABLE_USER_HEATMAP = {{ env "GITEA_ENABLE_USER_HEATMAP" }}
-DEFAULT_USER_VISIBILITY = {{ env "GITEA_DEFAULT_USER_VISIBILITY" }}
-ALLOWED_USER_VISIBILITY_MODES = {{ env "GITEA_ALLOWED_USER_VISIBILITY_MODES" }}
-DEFAULT_ORG_VISIBILITY = {{ env "GITEA_DEFAULT_ORG_VISIBILITY" }}
-REQUIRE_SIGNIN_VIEW = {{ env "GITEA_REQUIRE_SIGNIN_VIEW" }}
 
 [openid]
 ENABLE_OPENID_SIGNIN = {{ env "GITEA_ENABLE_OPENID_SIGNIN" }}
@@ -35,35 +23,18 @@ ENABLE_OPENID_SIGNUP = {{ env "GITEA_ENABLE_OPENID_SIGNUP" }}
 
 [repository]
 DEFAULT_BRANCH = main
-ENABLE_PUSH_CREATE_USER = {{ env "GITEA_ENABLE_PUSH_CREATE_USER" }}
-ENABLE_PUSH_CREATE_ORG = {{ env "GITEA_ENABLE_PUSH_CREATE_ORG" }}
-
-[repository.upload]
-ENABLED = {{ env "GITEA_REPO_UPLOAD_ENABLED" }}
-ALLOWED_TYPES = {{ env "GITEA_REPO_UPLOAD_ALLOWED_TYPES" }}
-FILE_MAX_SIZE = {{ env "GITEA_REPO_UPLOAD_MAX_SIZE" }}
-MAX_FILES = {{ env "GITEA_REPO_UPLOAD_MAX_FILES" }}
-
-[ui]
-SHOW_USER_EMAIL = {{ env "GITEA_SHOW_USER_EMAIL" }}
 
 [indexer]
-REPO_INDEXER_ENABLED = {{ or (env "GITEA_REPO_INDEXER_ENABLED") "false" }}
-ISSUE_INDEXER_TYPE= {{ or (env "GITEA_ISSUE_INDEXER_TYPE") "db" }}
-STARTUP_TIMEOUT = {{ or (env "GITEA_STARTUP_TIMEOUT") "-1" }}
+STARTUP_TIMEOUT = 0
 
 [server]
 DOMAIN = {{ env "GITEA_DOMAIN" }}
-LANDING_PAGE = {{ env "GITEA_LANDING_PAGE" }}
+LANDING_PAGE = organizations
 ROOT_URL = https://%(DOMAIN)s/
 SSH_DOMAIN = {{ env "GITEA_DOMAIN" }}
 SSH_LISTEN_PORT = {{ env "GITEA_SSH_PORT" }}
 SSH_PORT = {{ env "GITEA_SSH_PORT" }}
 START_SSH_SERVER = true
-LFS_START_SERVER = {{ env "GITEA_LFS_START_SERVER" }}
-{{ if eq (env "FORGE") "forgejo" }}
-LFS_JWT_SECRET = {{ secret "lfs_jwt_secret" }}
-{{ end }}
 
 [security]
 INSTALL_LOCK = true
@@ -72,9 +43,6 @@ REVERSE_PROXY_LIMIT = 1
 REVERSE_PROXY_TRUSTED_PROXIES = *
 SECRET_KEY = {{ secret "secret_key" }}
 
-[admin]
-DISABLE_REGULAR_ORG_CREATION = {{ env "GITEA_DISABLE_REGULAR_ORG_CREATION" }}
-
 [oauth2]
 JWT_SECRET = {{ secret "jwt_secret" }}
 
@@ -82,21 +50,11 @@ JWT_SECRET = {{ secret "jwt_secret" }}
 [mailer]
 ENABLED        = true
 FROM           = {{ env "GITEA_MAILER_FROM" }}
-PROTOCOL       = {{ env "GITEA_MAILER_PROTOCOL" }}
-SMTP_ADDR      = {{ env "GITEA_MAILER_ADDR" }}
-SMTP_PORT      = {{ env "GITEA_MAILER_PORT" }}
+HOST           = {{ env "GITEA_MAILER_HOST" }}
 USER           = {{ env "GITEA_MAILER_USER" }}
 PASSWD         = {{ secret "smtp_password" }}
 MAILER_TYPE    = smtp
-{{ end }}
-
-{{ if eq (env "GITEA_OAUTH2_CLIENT_ENABLED") "1" }}
-[oauth2_client]
-REGISTER_EMAIL_CONFIRM = {{ env "GITEA_REGISTER_EMAIL_CONFIRM" }}
-ENABLE_AUTO_REGISTRATION = {{ env "GITEA_ENABLE_AUTO_REGISTRATION" }}
-USERNAME = {{ env "GITEA_OAUTH2_USERNAME" }}
-UPDATE_AVATAR = {{ env "GITEA_UPDATE_AVATAR" }}
-ACCOUNT_LINKING = {{ env "GITEA_ACCOUNT_LINKING" }}
+IS_TLS_ENABLED = true
 {{ end }}
 
 [markup.restructuredtext]
@@ -104,9 +62,3 @@ ENABLED         = true
 FILE_EXTENSIONS = .rst
 RENDER_COMMAND  = rst2html
 IS_INPUT_FILE   = false
-
-[log]
-MODE=console
-LEVEL=WARN
-STACKTRACE_LEVEL=None
-ENABLE_XORM_LOG=false

compose.forgejo.yml

@@ -1,13 +0,0 @@
-version: '3.8'
-
-services:
-  app:
-    image: codeberg.org/forgejo/forgejo:12.0.2-rootless
-    environment:
-    - FORGE=forgejo
-    secrets:
-    - lfs_jwt_secret
-secrets:
-  lfs_jwt_secret:
-    name: ${STACK_NAME}_lfs_jwt_secret_${SECRET_LFS_JWT_SECRET_VERSION}
-    external: true

compose.mariadb.yml

@@ -1,43 +0,0 @@
-version: '3.8'
-
-services:
-  app:
-    environment:
-      - GITEA_DB_TYPE=mysql
-      - GITEA_DB_HOST="db:3306"
-      - GITEA_DB_NAME=gitea
-      - GITEA_DB_USER=gitea
-    secrets:
-      - db_password
-  db:
-    image: "mariadb:10.11.2"
-    deploy:
-      labels:
-          backupbot.backup.pre-hook: 'mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" gitea > /var/lib/mysql/backup.sql'
-          backupbot.backup.volumes.mariadb.path: "backup.sql"
-          backupbot.restore.post-hook: "mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" gitea < /var/lib/mysql/backup.sql"
-    command: |
-      mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
-    environment:
-      - MYSQL_DATABASE=gitea
-      - MYSQL_USER=gitea
-      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
-      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
-    secrets:
-      - db_password
-      - db_root_password
-    volumes:
-      - "mariadb:/var/lib/mysql"
-    networks:
-      - internal
-
-secrets:
-  db_password:
-    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
-    external: true
-  db_root_password:
-    name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
-    external: true
-
-volumes:
-  mariadb:

compose.postgres.yml

@@ -1,45 +0,0 @@
-version: '3.8'
-
-services:
-  app:
-    environment:
-      - GITEA_DB_TYPE=postgres
-      - GITEA_DB_HOST="db:5432"
-      - GITEA_DB_NAME=gitea
-      - GITEA_DB_USER=gitea
-    secrets:
-      - db_password
-  db:
-    image: postgres:15.13
-    deploy:
-      labels:
-        backupbot.backup.pre-hook: "/pg_backup.sh backup"
-        backupbot.backup.volumes.db.path: "backup.sql"
-        backupbot.restore.post-hook: '/pg_backup.sh restore'
-    environment: 
-      - POSTGRES_DB=gitea
-      - POSTGRES_USER=gitea
-      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
-    secrets:
-      - db_password
-    volumes:
-      - db:/var/lib/postgresql/data
-    networks:
-      - internal
-    configs:
-        - source: pg_backup
-          target: /pg_backup.sh
-          mode: 0555
-
-secrets:
-  db_password:
-    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
-    external: true
-
-volumes:
-  db:
-
-configs:
-  pg_backup:
-    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
-    file: pg_backup.sh

compose.smtp.yml

@@ -5,10 +5,8 @@ services:
   app:
     environment:
       - GITEA_MAILER_FROM
-      - GITEA_MAILER_ADDR
-      - GITEA_MAILER_PORT
+      - GITEA_MAILER_HOST
       - GITEA_MAILER_USER
-      - "GITEA_MAILER_PROTOCOL=${GITEA_MAILER_PROTOCOL:-smtps}"
     secrets:
       - smtp_password
 

compose.sqlite3.yml

@@ -1,8 +0,0 @@
-version: '3.8'
-
-services:
-  app:
-    environment:
-      - GITEA_DB_TYPE=sqlite3
-      - GITEA_SQLITE_JOURNAL_MODE=wal
-      - GITEA_PATH=/var/lib/gitea/gitea.db

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "gitea/gitea:1.24.2-rootless"
+    image: "gitea/gitea:1.17.2-rootless"
     configs:
       - source: app_ini
         target: /etc/gitea/app.ini
@@ -11,14 +11,18 @@ services:
         target: /usr/local/bin/docker-setup.sh
         mode: 0555
     secrets:
+      - db_password
       - internal_token
       - jwt_secret
       - secret_key
     environment:
-      - FORGE=gitea
       - GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION
       - GITEA_APP_NAME
       - GITEA_AUTO_WATCH_NEW_REPOS
+      - GITEA_DB_HOST="db:3306"
+      - GITEA_DB_NAME=gitea
+      - GITEA_DB_TYPE=mysql
+      - GITEA_DB_USER=gitea
       - GITEA_DISABLE_REGISTRATION
       - GITEA_DOMAIN=${DOMAIN}
       - GITEA_ENABLE_NOTIFY_MAIL
@@ -28,32 +32,6 @@ services:
       - GITEA_SSH_PORT
       - GITEA_DISABLE_GRAVATAR
       - GITEA_ENABLE_FEDERATED_AVATAR
-      - GITEA_REGISTER_EMAIL_CONFIRM
-      - GITEA_ENABLE_AUTO_REGISTRATION
-      - GITEA_OAUTH2_USERNAME
-      - GITEA_UPDATE_AVATAR
-      - GITEA_ACCOUNT_LINKING
-      - GITEA_OAUTH2_CLIENT_ENABLED
-      - GITEA_CORS_ALLOW_DOMAIN
-      - GITEA_LANDING_PAGE
-      - GITEA_REPO_UPLOAD_ENABLED
-      - GITEA_REPO_UPLOAD_ALLOWED_TYPES
-      - GITEA_REPO_UPLOAD_MAX_SIZE
-      - GITEA_REPO_UPLOAD_MAX_FILES
-      - GITEA_REPO_INDEXER_ENABLED
-      - GITEA_ISSUE_INDEXER_TYPE
-      - GITEA_STARTUP_TIMEOUT
-      - GITEA_SHOW_USER_EMAIL
-      - GITEA_DISABLE_REGULAR_ORG_CREATION
-      - GITEA_DEFAULT_KEEP_EMAIL_PRIVATE
-      - GITEA_DEFAULT_ALLOW_CREATE_ORGANIZATION
-      - GITEA_ENABLE_USER_HEATMAP
-      - GITEA_DEFAULT_USER_VISIBILITY
-      - GITEA_ALLOWED_USER_VISIBILITY_MODES
-      - GITEA_DEFAULT_ORG_VISIBILITY
-      - GITEA_REQUIRE_SIGNIN_VIEW
-      - GITEA__oauth2__REFRESH_TOKEN_EXPIRATION_TIME
-      - GITEA_LFS_START_SERVER=${GITEA_LFS_START_SERVER:-false}
     volumes:
       - data:/var/lib/gitea
       - config:/etc/gitea
@@ -62,18 +40,11 @@ services:
     networks:
       - proxy
       - internal
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:3000/api/healthz"]
-      interval: 30s
-      timeout: 10s
-      retries: 10
-      start_period: 1m
     deploy:
       update_config:
         failure_action: rollback
         order: start-first
       labels:
-        - "backupbot.backup=${ENABLE_BACKUPS:-true}"
         - "traefik.enable=true"
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
@@ -82,14 +53,24 @@ services:
         - "traefik.tcp.routers.${STACK_NAME}-ssh.rule=HostSNI(`*`)"
         - "traefik.tcp.routers.${STACK_NAME}-ssh.entrypoints=gitea-ssh"
         - "traefik.tcp.services.${STACK_NAME}-ssh.loadbalancer.server.port=${GITEA_SSH_PORT}"
-        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}_cors"
-        - "traefik.http.middlewares.${STACK_NAME}_cors.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
-        - "traefik.http.middlewares.${STACK_NAME}_cors.headers.accesscontrolallowheaders=content-type,authorization"
-        - "traefik.http.middlewares.${STACK_NAME}_cors.headers.accesscontrolalloworiginlist=https://${GITEA_CORS_ALLOW_DOMAIN}"
-        - "traefik.http.middlewares.${STACK_NAME}_cors.headers.accesscontrolmaxage=100"
-        - "traefik.http.middlewares.${STACK_NAME}_cors.headers.addvaryheader=true"
-        - coop-cloud.${STACK_NAME}.version=3.5.2+1.24.2-rootless
+        - coop-cloud.${STACK_NAME}.version=1.3.0+1.17.2-rootless
 
+  db:
+    image: "mariadb:10.6"
+    command: |
+      mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
+    environment:
+      - MYSQL_DATABASE=gitea
+      - MYSQL_USER=gitea
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+    secrets:
+      - db_password
+      - db_root_password
+    volumes:
+      - "mariadb:/var/lib/mysql"
+    networks:
+      - internal
 
 networks:
   internal:
@@ -107,6 +88,12 @@ configs:
     template_driver: golang
 
 secrets:
+  db_password:
+    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
+    external: true
+  db_root_password:
+    name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
+    external: true
   internal_token:
     name: ${STACK_NAME}_internal_token_${SECRET_INTERNAL_TOKEN_VERSION}
     external: true
@@ -120,3 +107,4 @@ secrets:
 volumes:
   data:
   config:
+  mariadb:

pg_backup.sh

@@ -1,34 +0,0 @@
-#!/bin/bash
-
-set -e
-
-BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
-
-function backup {
-  export PGPASSWORD=$(cat $POSTGRES_PASSWORD_FILE)
-  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
-}
-
-function restore {
-    cd /var/lib/postgresql/data/
-    restore_config(){
-        # Restore allowed connections
-        cat pg_hba.conf.bak > pg_hba.conf
-        su postgres -c 'pg_ctl reload'
-    }
-    # Don't allow any other connections than local
-    cp pg_hba.conf pg_hba.conf.bak
-    echo "local all all trust" > pg_hba.conf
-    su postgres -c 'pg_ctl reload'
-    trap restore_config EXIT INT TERM
-
-    # Recreate Database
-    psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
-    createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
-    psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
-
-    trap - EXIT INT TERM
-    restore_config
-}
-
-$@

release/2.0.0+1.18.0-rootless

@@ -1,8 +0,0 @@
-This release adds the possibility to run gitea with postgres.
-Please add the following lines to your servers .env file!
-
-```
-COMPOSE_FILE="compose.yml"
-COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
-# COMPOSE_FILE="$COMPOSE_FILE:compose.postgres.yml"
-```

release/2.1.2+1.19.3-rootless

@@ -1,2 +0,0 @@
-Beware that you'll also be updating Postgres if you're running it. Usually with major updates it might involve pg_dumpall / pg_restore either side of the upgrade because the server app doesn't know how to upgrade data storage formats, won't launch if it detects an old data format, a pg_upgrade command is available. More info on https://git.coopcloud.tech/coop-cloud/gitea/pulls/31
-

release/2.6.0+1.21.5-rootless

@@ -1 +0,0 @@
-This release adds a docker healthcheck for the main Gitea service -- please pay careful attention when updating apps, and as always feel free to ask in Matrix if you run into any bugs 🐛

release/3.0.0+1.22.2-rootless

@@ -1,3 +0,0 @@
-BEWARE! 🚨 This release updates to the newer Gitea SMTP settings format.
-
-If you are using SMTP, you will need to split the old GITEA_MAILER_HOST into separate GITEA_MAILER_ADDR (hostname) and GITEA_MAILER_PORT settings.