An iocage plugin for Gitea, a community managed lightweight code hosting solution written in Go.
| CI |  |
| License |  |
Table of Contents
- Installation
- Usage
- Configuration
- Code of Conduct
- Issues
- Contributing
- Release History
- Authors
- License
This plugin can be installed via the fnichol/iocage-plugin-index plugin
collection which is not installed on FreeNAS or TrueOS by default. For example,
to install the plugin with a name of gitea and a dedicated IP address:
$ jail=gitea
$ ip_addr=10.200.0.110
$ sudo iocage fetch \
-g https://github.com/fnichol/iocage-plugin-index \
-P gitea \
--name $jail \
ip4_addr="vnet0|$ip_addr"TLS mode is handled by the nginx service which forwards all traffic back to the
Gitea service via a local Unix domain socket. To enable TLS you will need a
public SSL certificate (i.e. a cert.pem file) and the private server key (i.e.
a key.pem file) installed into the nginx configuration directory of the
plugin's jail. Assuming a running installed plugin called gitea with a jail
mount point of /mnt/tank/iocage/jails/gitea in the host system, the following
will setup Gitea to run under HTTPS:
$ jail=gitea
$ jail_mnt=/mnt/tank/iocage/jails/$jail
$ sudo cp cert.pem key.pem $jail_mnt/root/usr/local/etc/nginx/
$ sudo chown 0644 $jail_mnt/root/usr/local/etc/nginx/cert.pem
$ sudo chown 0600 $jail_mnt/root/usr/local/etc/nginx/key.pem
$ sudo iocage exec $jail plugin config set gitea_nginx_mode https
$ sudo iocage exec $jail plugin services restartThere are 2 primary directories that contain data in a Gitea jail:
/var/db/giteaAll internal state and configuration for Gitea/usr/local/gitAll hosted repository data
A good strategy is to create a ZFS dataset per directory and mount them into the jail. This way, the jail can be destroyed and later re-created without losing the Gitea configuration or the repository data itself.
To set this up for the first time, the ZFS datasets will need to be created and any initial state in the jail will need to be copied onto the datasets.
$ jail=gitea
$ dataset=tank/src/gitea
$ mnt=/mnt/$dataset
# Create the ZFS datasets on the host system
$ sudo zfs create $dataset
$ sudo zfs create $dataset/config
$ sudo zfs create $dataset/repos
# Stop the Gitea service
$ sudo iocage exec $jail service gitea stop
# Mount the ZFS dataset for config data & copy existing data to dataset
$ sudo iocage exec $jail mv /var/db/gitea /var/db/_gitea
$ sudo iocage exec $jail mkdir /var/db/gitea
$ sudo iocage fstab -a $jail "$mnt/config /var/db/gitea nullfs rw 0 0"
$ sudo iocage exec $jail chmod 0750 /var/db/gitea
$ sudo iocage exec $jail chown git:git /var/db/gitea
$ sudo iocage exec $jail sh -c \
'tar cf - -C /var/db/_gitea . | tar xpf - -C /var/db/gitea'
$ sudo iocage exec $jail rm -rf /var/db/_gitea
# Mount the ZFS dataset for repos data & copy existing data to dataset
$ sudo iocage exec $jail mv /usr/local/git /usr/local/_git
$ sudo iocage exec $jail mkdir /usr/local/git
$ sudo iocage fstab -a $jail "$mnt/repos /usr/local/git nullfs rw 0 0"
$ sudo iocage exec $jail chmod 0755 /usr/local/git
$ sudo iocage exec $jail chown git:git /usr/local/git
$ sudo iocage exec $jail sh -c \
'tar cf - -C /usr/local/_git . | tar xpf - -C /usr/local/git'
$ sudo iocage exec $jail rm -rf /usr/local/_git
# Start the Gitea service
$ sudo iocage exec $jail service gitea startIf you are setting up a fresh new plugin instance and want to re-use the configuration and repository data from a prior instance, then you can re-attach the existing datasets into the new instance.
$ jail=gitea_2
$ dataset=tank/src/gitea
$ mnt=/mnt/$dataset
# Stop the Gitea service
$ sudo iocage exec $jail service gitea stop
# Reattach the existing ZFS dataset with the config data
$ sudo iocage exec $jail rm -rf /var/db/gitea
$ sudo iocage exec $jail mkdir /var/db/gitea
$ sudo iocage fstab -a $jail "$mnt/config /var/db/gitea nullfs rw 0 0"
# Reattach the existing ZFS dataset with the repos data
$ sudo iocage exec $jail rm -rf /usr/local/git
$ sudo iocage exec $jail mkdir /usr/local/git
$ sudo iocage fstab -a $jail "$mnt/repos /usr/local/git nullfs rw 0 0"
# Start the Gitea service
$ sudo iocage exec $jail service gitea startThe following configuration is intended to be modified by a plugin user.
Application name, used in the page title. (Gitea reference)
- default:
"Gitea: Git with a cup of tea"
To change this value, use the installed plugin program and restart the
services to apply the updated configuration:
$ plugin config set gitea_app_name "Gitea: Git with a cup of tea"
$ plugin services restartWhether or not TLS is being used for the service. See the TLS section for more information regarding how to install an SSL certificate.
- default:
"http" - valid values:
"http"|"https"
To change this value, use the installed plugin program and restart the
services to apply the updated configuration:
$ plugin config set gitea_nginx_mode http
$ plugin services restartSecret used to validate communication within Gitea binary. This value is randomly generated at install time. (Gitea reference)
- default: generated on install
To change this value, use the installed plugin program and restart the
services to apply the updated configuration:
$ plugin config set gitea_internal_token \
"`gitea generate secret INTERNAL_TOKEN`"
$ plugin services restartLFS authentication secret. This value is randomly generated at install time. (Gitea reference)
- default: generated on install
To change this value, use the installed plugin program and restart the
services to apply the updated configuration:
$ plugin config set gitea_lfs_jwt_secret \
"`gitea generate secret LFS_JWT_SECRET`"
$ plugin services restartOAuth2 authentication secret for access and refresh tokens. This value is randomly generated at install time. (Gitea reference)
- default: generated on install
To change this value, use the installed plugin program and restart the
services to apply the updated configuration:
$ plugin config set gitea_oauth2_jwt_secret \
"`gitea generate secret JWT_SECRET`"
$ plugin services restartGlobal secret key. This value is randomly generated at install time. (Gitea reference)
- default: generated on install
To change this value, use the installed plugin program and restart the
services to apply the updated configuration:
$ plugin config set gitea_secret_key \
"`gitea generate secret SECRET_KEY`"
$ plugin services restartThe following configuration is used to configure and setup the services during post installation and is therefore not intended to be changed or modified by a plugin user.
Domain name of this server. (Gitea reference)
- default:
"localhost"
Used to determine a parent path for storing all repository data.
- default: $HOME for gitea_user
The non-privileged user which runs the gitea service.
- default:
"git"
Used to determine a parent path for storing all internal service state and configuration.
- default:
"/var/db/gitea"
This project adheres to the Contributor Covenant code of conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to fnichol@nichol.ca.
If you have any problems with or questions about this project, please contact us through a GitHub issue.
You are invited to contribute to new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.
Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.
This project uses a "deployable master" strategy, meaning that the master
branch is assumed to be working and production ready. As such there is no formal
versioning process and therefore also no formal changelog documentation.
Created and maintained by Fletcher Nichol (fnichol@nichol.ca).
Licensed under the Mozilla Public License Version 2.0 (LICENSE.txt).
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the MPL-2.0 license, shall be licensed as above, without any additional terms or conditions.