jesus/prvng_extensions
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
prvng_extensions/taskservs/development/gitea/README.md
Jesús Pérez d325dfad3a
chore init repo and codebase
2025-10-07 11:05:08 +01:00

708 lines
21 KiB
Markdown
Raw Blame History

# Gitea Task Service
## Overview
The Gitea task service provides a complete installation and configuration of [Gitea](https://gitea.io/), a lightweight, self-hosted Git service written in Go. Gitea provides a GitHub-like experience with repositories, issue tracking, pull requests, wikis, and CI/CD integration while being resource-efficient and easy to deploy.
## Features
### Core Git Features
- **Git Repository Hosting** - Complete Git server with web interface
- **Branch Management** - Advanced branching and merging capabilities
- **Repository Management** - Create, fork, clone, and manage repositories
- **File Management** - Web-based file editing and management
- **Git LFS Support** - Large file storage integration
### Collaboration Features
- **Issue Tracking** - Comprehensive issue management system
- **Pull Requests** - Code review workflow with approval systems
- **Code Review** - Line-by-line code review with comments
- **Wikis** - Repository and organization wikis
- **Project Boards** - Kanban-style project management
### User & Organization Management
- **User Authentication** - Local, LDAP, OAuth2, and SSO integration
- **Organizations** - Multi-user organization management
- **Teams & Permissions** - Granular access control and team management
- **SSH Key Management** - Multiple SSH key support per user
- **Two-Factor Authentication** - TOTP and WebAuthn support
### Advanced Features
- **CI/CD Integration** - Gitea Actions (GitHub Actions compatible)
- **Package Registry** - Built-in package management (Docker, NPM, etc.)
- **API Access** - Complete REST API for automation
- **Webhooks** - Extensive webhook system for integrations
- **Mirror Repositories** - Git repository mirroring
### Administration Features
- **Web Administration** - Complete web-based admin interface
- **Database Support** - SQLite, PostgreSQL, MySQL, MSSQL support
- **Email Integration** - SMTP email notifications and registration
- **Backup & Restore** - Built-in backup and restoration tools
- **Monitoring** - Prometheus metrics and health endpoints
## Configuration
### Basic Configuration
```kcl
gitea: Gitea = {
name: "gitea"
version: "1.21.1"
app_name: "Gitea: Git with a cup of tea"
run_user: {
name: "gitea"
group: "gitea"
home: "/home/gitea"
}
adm_user: {
name: "admin"
password: "admin123"
email: "admin@company.com"
}
work_path: "/var/lib/gitea"
etc_path: "/etc/gitea"
config_path: "app.ini"
run_path: "/usr/local/bin/gitea"
protocol: "http"
http_addr: "localhost"
http_port: 3000
root_url: "http://localhost:3000"
domain: "localhost"
db: {
typ: "sqlite"
name: "gitea"
path: "/var/lib/gitea/gitea.db"
}
disable_registration: true
require_signin_view: false
}
```
### Production Configuration with PostgreSQL
```kcl
gitea: Gitea = {
name: "gitea"
version: "1.21.1"
app_name: "Company Git Service"
run_user: {
name: "gitea"
group: "gitea"
home: "/opt/gitea"
}
adm_user: {
name: "admin"
password: "secure_admin_password_123"
email: "admin@company.com"
}
work_path: "/var/lib/gitea"
etc_path: "/etc/gitea"
config_path: "app.ini"
run_path: "/usr/local/bin/gitea"
protocol: "http"
http_addr: "0.0.0.0"
http_port: 3000
root_url: "https://git.company.com"
domain: "git.company.com"
db: {
typ: "postgres"
host: "127.0.0.1:5432"
name: "gitea"
user: "gitea"
password: "gitea_db_password"
charset: "utf8"
ssl_mode: "disable"
}
disable_registration: true
require_signin_view: true
webhook_allowed_hosts_list: "*.company.com,10.0.0.0/8"
}
```
### SSH and SSL Configuration
```kcl
gitea: Gitea_SSH_SSL = {
name: "gitea"
version: "1.21.1"
app_name: "Secure Company Git"
run_user: {
name: "gitea"
group: "gitea"
home: "/opt/gitea"
}
adm_user: {
name: "admin"
password: "secure_admin_password_123"
email: "admin@company.com"
}
work_path: "/var/lib/gitea"
etc_path: "/etc/gitea"
protocol: "https"
http_addr: "0.0.0.0"
http_port: 3000
root_url: "https://git.company.com"
domain: "git.company.com"
ssh_domain: "git.company.com"
ssh_port: 2022
start_ssh_server: true
builtin_ssh_server_user: "git"
ssh_root_path: "/home/gitea/.ssh"
certs_path: "/etc/ssl/gitea"
cert_file: "/etc/ssl/gitea/fullchain.pem"
key_file: "/etc/ssl/gitea/privkey.pem"
db: {
typ: "postgres"
host: "127.0.0.1:5432"
name: "gitea"
user: "gitea"
password: "gitea_db_password"
charset: "utf8"
ssl_mode: "require"
}
disable_registration: false
require_signin_view: true
}
```
### CI/CD Integration Configuration
```kcl
gitea: Gitea = {
name: "gitea"
version: "1.21.1"
# ... base configuration
cdci_user: "gitea-runner"
cdci_group: "gitea-runner"
cdci_user_home: "/home/gitea-runner"
cdci_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC..."
webhook_allowed_hosts_list: "localhost,127.0.0.1,*.company.com,10.0.0.0/8"
actions: {
enabled: true
default_actions_url: "github"
runner_registration_token: "auto-generate"
}
packages: {
enabled: true
docker_registry: {
enabled: true
base_path: "/var/lib/gitea/data/packages/docker"
}
npm_registry: {
enabled: true
base_path: "/var/lib/gitea/data/packages/npm"
}
}
}
```
### High-Availability Configuration
```kcl
gitea: Gitea = {
name: "gitea"
version: "1.21.1"
# ... base configuration
protocol: "https"
http_addr: "0.0.0.0"
http_port: 3000
root_url: "https://git.company.com"
domain: "git.company.com"
db: {
typ: "postgres"
host: "postgres-cluster.company.com:5432"
name: "gitea"
user: "gitea"
password: "gitea_cluster_password"
charset: "utf8"
ssl_mode: "require"
}
cache: {
enabled: true
adapter: "redis"
interval: 60
host: "redis-cluster.company.com:6379"
password: "redis_password"
}
session: {
provider: "redis"
provider_config: "network=tcp,addr=redis-cluster.company.com:6379,password=redis_password,db=0,pool_size=100,idle_timeout=180"
}
storage: {
serve_direct: true
minio: {
endpoint: "minio.company.com:9000"
access_key_id: "gitea_access_key"
secret_access_key: "gitea_secret_key"
bucket: "gitea"
location: "us-east-1"
use_ssl: true
}
}
}
```
### Enterprise LDAP Configuration
```kcl
gitea: Gitea = {
name: "gitea"
version: "1.21.1"
# ... base configuration
authentication: {
ldap: {
enabled: true
name: "Corporate LDAP"
security_protocol: "ldaps"
host: "ldap.company.com"
port: 636
bind_dn: "cn=gitea,ou=services,dc=company,dc=com"
bind_password: "ldap_bind_password"
user_base: "ou=users,dc=company,dc=com"
user_filter: "(&(objectClass=person)(uid=%s))"
admin_filter: "(memberOf=cn=gitea-admins,ou=groups,dc=company,dc=com)"
username_attribute: "uid"
firstname_attribute: "givenName"
surname_attribute: "sn"
email_attribute: "mail"
public_ssh_key_attribute: "sshPublicKey"
}
oauth2: [
{
name: "Corporate SSO"
provider: "openid-connect"
client_id: "gitea-client-id"
client_secret: "gitea-client-secret"
auto_discovery_url: "https://sso.company.com/.well-known/openid_configuration"
scopes: "openid profile email groups"
group_claim_name: "groups"
admin_group: "gitea-admins"
}
]
}
disable_registration: true
require_signin_view: true
}
```
## Usage
### Deploy Gitea
```bash
./core/nulib/provisioning taskserv create gitea --infra <infrastructure-name>
```
### List Available Task Services
```bash
./core/nulib/provisioning taskserv list
```
### SSH to Gitea Server
```bash
./core/nulib/provisioning server ssh <gitea-server>
```
### Service Management
```bash
# Check Gitea status
systemctl status gitea
# Start/stop Gitea
systemctl start gitea
systemctl stop gitea
systemctl restart gitea
# View Gitea logs
journalctl -u gitea -f
# Check Gitea version
gitea --version
```
### Administrative Commands
```bash
# Create admin user
sudo -u gitea /usr/local/bin/gitea admin user create \
--name admin \
--password admin123 \
--email admin@company.com \
--admin \
--config /etc/gitea/app.ini
# List users
sudo -u gitea /usr/local/bin/gitea admin user list \
--config /etc/gitea/app.ini
# Change user password
sudo -u gitea /usr/local/bin/gitea admin user change-password \
--username admin \
--password new_password \
--config /etc/gitea/app.ini
# Create organization
sudo -u gitea /usr/local/bin/gitea admin user create-org \
--name company \
--owner admin \
--config /etc/gitea/app.ini
```
### Repository Management
```bash
# Migrate repository from GitHub
sudo -u gitea /usr/local/bin/gitea migrate \
--git-service github \
--auth-token github_token \
--repo-owner company \
--repo-name project \
--config /etc/gitea/app.ini
# Generate Git hooks
sudo -u gitea /usr/local/bin/gitea admin regenerate hooks \
--config /etc/gitea/app.ini
# Rebuild indexes
sudo -u gitea /usr/local/bin/gitea admin regenerate keys \
--config /etc/gitea/app.ini
```
### Database Operations
```bash
# Database migration
sudo -u gitea /usr/local/bin/gitea migrate \
--config /etc/gitea/app.ini
# Backup database
sudo -u gitea /usr/local/bin/gitea backup \
--config /etc/gitea/app.ini \
--file /backup/gitea-backup-$(date +%Y%m%d).zip
# Restore from backup
sudo -u gitea /usr/local/bin/gitea restore \
--config /etc/gitea/app.ini \
--from /backup/gitea-backup.zip
```
### Actions and CI/CD
```bash
# Register Actions runner
gitea-actions-runner register \
--instance https://git.company.com \
--token runner_registration_token \
--name company-runner-1
# Start Actions runner
gitea-actions-runner daemon \
--config /etc/gitea-runner/config.yaml
# Check runner status
gitea-actions-runner status
```
### Monitoring and Health
```bash
# Check application health
curl http://localhost:3000/api/healthz
# Get version information
curl http://localhost:3000/api/v1/version
# Monitor metrics (if enabled)
curl http://localhost:3000/metrics
# Check database connectivity
sudo -u gitea /usr/local/bin/gitea doctor check \
--config /etc/gitea/app.ini
```
## Architecture
### System Architecture
```
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ Users/Clients │────│ Gitea Server │────│ Data Storage │
│ │ │ │ │ │
│ • Web Browser │ │ • Web Interface │ │ • Git Repos │
│ • Git CLI │────│ • Git Protocol │────│ • Database │
│ • IDE/Editor │ │ • SSH Server │ │ • File Storage │
│ • CI/CD Tools │ │ • API Server │ │ • Cache │
└─────────────────┘ └──────────────────┘ └─────────────────┘
```
### Component Architecture
```
┌─────────────────────────────────────────────────────────────┐
│ Gitea Application │
├─────────────────────────────────────────────────────────────┤
│ Web Interface │ Git Server │ API Server │
│ │ │ │
│ • Repository View │ • Git Operations │ • REST API │
│ • Issue Tracker │ • SSH Access │ • Webhook System │
│ • Pull Requests │ • HTTP(S) Clone │ • Authentication │
│ • User Management │ • Push/Pull │ • Authorization │
├─────────────────────────────────────────────────────────────┤
│ Storage Layer │
├─────────────────────────────────────────────────────────────┤
│ Database │ File System │ Cache Layer │
│ │ │ │
│ • SQLite/Postgres │ • Git Repositories│ • Redis (optional) │
│ • User Data │ • LFS Storage │ • Session Store │
│ • Metadata │ • Avatars/Assets │ • Template Cache │
└─────────────────────────────────────────────────────────────┘
```
### Network Ports
- **HTTP Port (3000)** - Web interface and Git HTTP operations
- **SSH Port (2022)** - Git SSH operations and built-in SSH server
- **Metrics Port (8080)** - Prometheus metrics (if enabled)
### File Structure
```
/var/lib/gitea/ # Main data directory
├── data/ # Application data
│ ├── avatars/ # User avatars
│ ├── attachments/ # Issue attachments
│ ├── packages/ # Package registry
│ └── tmp/ # Temporary files
├── git/ # Git repositories
│ ├── repositories/ # Repository storage
│ └── lfs/ # Git LFS objects
├── indexers/ # Search indexes
├── log/ # Application logs
└── sessions/ # Session data
/etc/gitea/ # Configuration
├── app.ini # Main configuration
└── locale/ # Custom locale files
/home/gitea/.ssh/ # SSH configuration
├── authorized_keys # SSH public keys
└── gitea.rsa # Server SSH key
```
## Supported Operating Systems
- Ubuntu 20.04+ / Debian 11+
- CentOS 8+ / RHEL 8+ / Fedora 35+
- Amazon Linux 2+
- SUSE Linux Enterprise 15+
- Windows Server 2019+
## System Requirements
### Minimum Requirements
- **RAM**: 2GB (4GB+ recommended)
- **Storage**: 10GB (50GB+ for repositories)
- **CPU**: 2 cores (4+ cores recommended)
- **Database**: SQLite (included) or external database
### Production Requirements
- **RAM**: 4GB+ (8GB+ for large installations)
- **Storage**: 100GB+ SSD (depends on repository size)
- **CPU**: 4+ cores (8+ cores for high load)
- **Database**: PostgreSQL or MySQL cluster
### Network Requirements
- **HTTP/HTTPS**: Port 80/443 for web access
- **SSH**: Port 22 or custom port for Git operations
- **Database**: Network access to database server (if external)
## Troubleshooting
### Service Issues
```bash
# Check service status
systemctl status gitea
# View logs
journalctl -u gitea -f --no-pager
# Check configuration
sudo -u gitea /usr/local/bin/gitea doctor check --config /etc/gitea/app.ini
# Test database connection
sudo -u gitea /usr/local/bin/gitea doctor check --config /etc/gitea/app.ini --fix
```
### Database Issues
```bash
# Check database connectivity
sudo -u gitea /usr/local/bin/gitea doctor --config /etc/gitea/app.ini
# Rebuild database indexes
sudo -u gitea /usr/local/bin/gitea admin regenerate keys --config /etc/gitea/app.ini
# Fix database migrations
sudo -u gitea /usr/local/bin/gitea migrate --config /etc/gitea/app.ini
# Check database size
du -sh /var/lib/gitea/gitea.db
```
### Repository Issues
```bash
# Check repository integrity
sudo -u gitea git fsck --full /var/lib/gitea/git/repositories/user/repo.git
# Rebuild repository indexes
sudo -u gitea /usr/local/bin/gitea admin regenerate hooks --config /etc/gitea/app.ini
# Check repository permissions
ls -la /var/lib/gitea/git/repositories/
# Fix repository ownership
sudo chown -R gitea:gitea /var/lib/gitea/
```
### SSH Issues
```bash
# Check SSH configuration
sudo -u gitea ssh-keygen -t rsa -b 4096 -f /home/gitea/.ssh/gitea.rsa
# Test SSH connectivity
ssh -T git@git.company.com -p 2022
# Check authorized keys
sudo -u gitea cat /home/gitea/.ssh/authorized_keys
# Debug SSH connections
ssh -vvv git@git.company.com -p 2022
```
### Performance Issues
```bash
# Check system resources
htop
df -h /var/lib/gitea
# Monitor Gitea process
ps aux | grep gitea
# Check database performance
sudo -u gitea /usr/local/bin/gitea doctor check --config /etc/gitea/app.ini
# Check Git repository size
du -sh /var/lib/gitea/git/repositories/
```
## Security Considerations
### Authentication Security
- **Strong Passwords** - Enforce strong password policies
- **Two-Factor Authentication** - Enable 2FA for admin accounts
- **SSH Key Management** - Regular SSH key rotation
- **Session Security** - Secure session configuration
### Network Security
- **HTTPS/TLS** - Always use HTTPS in production
- **Firewall Rules** - Restrict access to necessary ports
- **Reverse Proxy** - Use nginx/Apache for SSL termination
- **Network Segmentation** - Isolate Gitea from other services
### Data Security
- **Database Security** - Secure database access and encryption
- **Repository Security** - Proper file permissions and access control
- **Backup Security** - Encrypt and secure backups
- **Secret Management** - Secure webhook and API secrets
### Access Control
- **RBAC** - Role-based access control
- **Organization Management** - Proper team and permission setup
- **Repository Permissions** - Granular repository access control
- **Admin Access** - Limit administrative access
## Performance Optimization
### Database Optimization
- **Connection Pooling** - Configure database connection pools
- **Query Optimization** - Regular database maintenance
- **Index Optimization** - Optimize database indexes
- **Database Caching** - Enable query result caching
### Storage Optimization
- **SSD Storage** - Use SSD for better I/O performance
- **Git LFS** - Use Git LFS for large files
- **Repository Cleanup** - Regular git garbage collection
- **File System** - Optimize file system for many small files
### Application Optimization
- **Memory Settings** - Configure appropriate memory limits
- **Cache Configuration** - Enable and configure caching
- **Connection Limits** - Set appropriate connection limits
- **Asset Optimization** - Enable static asset caching
### Network Optimization
- **CDN Integration** - Use CDN for static assets
- **Compression** - Enable HTTP compression
- **Keep-Alive** - Configure HTTP keep-alive
- **Reverse Proxy** - Use reverse proxy for load balancing
## Integration Examples
### Nginx Reverse Proxy
```nginx
server {
listen 80;
server_name git.company.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name git.company.com;
ssl_certificate /etc/ssl/gitea/fullchain.pem;
ssl_certificate_key /etc/ssl/gitea/privkey.pem;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
```
### Docker Compose Integration
```yaml
version: '3.8'
services:
gitea:
image: gitea/gitea:1.21.1
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=db:5432
- GITEA__database__NAME=gitea
- GITEA__database__USER=gitea
- GITEA__database__PASSWD=gitea
restart: always
volumes:
- gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2022:22"
depends_on:
- db
db:
image: postgres:14
restart: always
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
volumes:
- postgres:/var/lib/postgresql/data
volumes:
gitea:
postgres:
```
## Resources
- **Official Documentation**: [docs.gitea.io](https://docs.gitea.io/)
- **GitHub Repository**: [go-gitea/gitea](https://github.com/go-gitea/gitea)
- **Community Forum**: [discourse.gitea.io](https://discourse.gitea.io/)
- **API Documentation**: [docs.gitea.io/en-us/api-usage](https://docs.gitea.io/en-us/api-usage/)
- **Actions Documentation**: [docs.gitea.io/en-us/usage/actions](https://docs.gitea.io/en-us/usage/actions/)
Reference in New Issue View Git Blame Copy Permalink