From d3520675c0b97543c3f1a959ec5a55c53e0e4f28 Mon Sep 17 00:00:00 2001 From: Andrew Trieu Date: Thu, 11 Dec 2025 23:21:10 +0200 Subject: [PATCH] Add Gitea - Git with a cup of teak --- README.md | 22 +++++++++++++++++---- homelab/.env.example | 4 +++- homelab/Caddyfile | 12 ++++++++++++ homelab/compose.yml | 46 +++++++++++++++++++++++++++++++++++++++++++- 4 files changed, 78 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 80bf6eb..2abc72f 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,8 @@ This repository contains the configuration for my personal homelab stack, includ | **Vaultwarden** | Self-hosted password manager (Bitwarden-compatible) | `https://vault.example.com` | | **2FAuth** | Self-hosted two-factor authentication manager | `https://auth.example.com` | | **Filebrowser** | Self-hosted file hosting service | `https://storage.example.com` | -| **Wg-easy** | Wireguard VPN with management console | `https://vpn.example.com` | +| **Wg-easy** | Git with a cup of tea! | `https://vpn.example.com` | +| **Gitea** | Wireguard VPN with management console | `https://git.example.com` | | **Caddy** | Reverse proxy with automatic HTTPS | *No direct UI* | | **Portainer** | Makes Docker life 100x easier (visual container manager) | `https://:9443` | | **Uptime Kuma** | Monitors homelab/domain uptime | `http://:3001` | @@ -27,6 +28,16 @@ The setup is built with Docker Compose and is designed to be simple, secure, and └── compose.yml # Docker Compose stack for all services ``` +## Port Forwarding on Your Router + +| Service / Purpose | External Port | Internal Port | Protocol | Required? | Notes | +| ---------------------------- | ------------- | ------------- | -------- | ------------------------ | ---------------------------------------------------- | +| **HTTPS (Caddy)** | **443** | 443 | TCP/UDP | ✅ Yes | Needed for all domains + HTTP/3/QUIC | +| **HTTP (Caddy, ACME)** | **80** | 80 | TCP | ✅ Yes | Required for certificate issuance + redirect | +| **WireGuard VPN** | **51820** | 51820 | UDP | ✅ Yes | Main WireGuard tunnel port | +| **WG-Easy Web UI** | 51821 | 51821 | TCP | Optional | Only forward if you want to access admin UI remotely | +| **Gitea SSH (Git over SSH)** | **222** | 22 | TCP | Optional but recommended | Required for `git clone ssh://...` | + ## Secrets and Environment Variables Before deploying, you **must** replace all placeholder values in the config files. See `.env.example`. @@ -68,6 +79,7 @@ The **homelab/** folder contains: - `https://` → 2FAuth - `https://` → Filebrowser - `https://` → Wireguard + - `https://` → Gitea ### Start the stack @@ -85,8 +97,10 @@ mkdir -p services/vaultwarden \ services/filebrowser/srv \ services/filebrowser/database \ services/filebrowser/config \ - services/wg-easy/data -ex``` + services/wg-easy/data \ + services/gitea/data \ + services/gitea/postgres +``` ### Stop the stack @@ -129,7 +143,7 @@ Then restart the containers: ```bash cd homelab -docker compose restart vaultwarden 2fauth filebrowser portainer dozzle uptime-kuma netdata +docker compose restart caddy vaultwarden 2fauth wg-easy gitea filebrowser portainer dozzle uptime-kuma netdata ``` ## Updating diff --git a/homelab/.env.example b/homelab/.env.example index 21a6dec..102ec27 100644 --- a/homelab/.env.example +++ b/homelab/.env.example @@ -2,8 +2,10 @@ VAULT_DOMAIN=vault.example.com AUTH_DOMAIN=auth.example.com STORAGE_DOMAIN=storage.example.com VPN_DOMAIN=vpn.example.com +GITEA_DOMAIN=gitea.example.com EMAIL=mail@example.com TWOFAUTH_APP_KEY=32characterslongrandomstring! WG_EASY_PASSWORD_HASH=your_bcrypt_hashed_password PORKBUN_API_KEY=your_porkbun_api_key -PORKBUN_API_SECRET=your_porkbun_api_secret \ No newline at end of file +PORKBUN_API_SECRET=your_porkbun_api_secret +GITEA_DB_PASSWORD=your_gitea_database_password \ No newline at end of file diff --git a/homelab/Caddyfile b/homelab/Caddyfile index cb17e36..0e463e9 100644 --- a/homelab/Caddyfile +++ b/homelab/Caddyfile @@ -55,3 +55,15 @@ reverse_proxy wg-easy:51821 } +# =========================== +# Gitea +# =========================== +{env.VPN_DOMAIN} { + import dns_porkbun + + encode gzip + tls internal + reverse_proxy gitea:3000 +} + + diff --git a/homelab/compose.yml b/homelab/compose.yml index a70565a..3301e4a 100644 --- a/homelab/compose.yml +++ b/homelab/compose.yml @@ -77,6 +77,49 @@ services: networks: - proxy + # ========================== + # Gitea Database (PostgreSQL) + # ========================== + gitea-db: + image: postgres:15 + container_name: gitea-db + restart: always + environment: + POSTGRES_USER: gitea + POSTGRES_PASSWORD: ${GITEA_DB_PASSWORD} + POSTGRES_DB: gitea + volumes: + - ./services/gitea/postgres:/var/lib/postgresql/data + networks: + - proxy + + # ========================== + # Gitea (Git service) + # ========================== + gitea: + image: gitea/gitea:latest + container_name: gitea + restart: always + depends_on: + - gitea-db + environment: + USER_UID: 1000 + USER_GID: 1000 + GITEA__database__DB_TYPE: postgres + GITEA__database__HOST: gitea-db:5432 + GITEA__database__NAME: gitea + GITEA__database__USER: gitea + GITEA__database__PASSWD: ${GITEA_DB_PASSWORD} + volumes: + - ./services/gitea/data:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "3000:3000" + - "222:22" + networks: + - proxy + # ========================== # Caddy (Reverse proxy) # ========================== @@ -100,6 +143,7 @@ services: AUTH_DOMAIN: ${AUTH_DOMAIN} STORAGE_DOMAIN: ${STORAGE_DOMAIN} VPN_DOMAIN: ${VPN_DOMAIN} + GITEA_DOMAIN: ${GITEA_DOMAIN} EMAIL: ${EMAIL} PORKBUN_API_KEY: ${PORKBUN_API_KEY} PORKBUN_API_SECRET: ${PORKBUN_API_SECRET} @@ -166,5 +210,5 @@ services: - /sys:/host/sys:ro networks: - default: + proxy: driver: bridge \ No newline at end of file