docker: rootless image (#10154)
* docker: rootless image * improve docs + remove check for write perm on custom * add more info on ssh passtrough * Add comment for internal ssh server in container config
This commit is contained in:
Antoine GIRARD
GitHub
parent
f3bbd46c49
commit
fe458ce877
7 changed files with 549 additions and 0 deletions
19
docker/manifest.rootless.tmpl
Normal file
19
docker/manifest.rootless.tmpl
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-rootless
|
||||
{{#if build.tags}}
|
||||
tags:
|
||||
{{#each build.tags}}
|
||||
- {{this}}
|
||||
{{/each}}
|
||||
{{/if}}
|
||||
manifests:
|
||||
-
|
||||
image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64-rootless
|
||||
platform:
|
||||
architecture: amd64
|
||||
os: linux
|
||||
-
|
||||
image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64-rootless
|
||||
platform:
|
||||
architecture: arm64
|
||||
os: linux
|
||||
variant: v8
|
||||
58
docker/rootless/etc/templates/app.ini
Normal file
58
docker/rootless/etc/templates/app.ini
Normal file
|
|
@ -0,0 +1,58 @@
|
|||
APP_NAME = $APP_NAME
|
||||
RUN_USER = $RUN_USER
|
||||
RUN_MODE = $RUN_MODE
|
||||
|
||||
[repository]
|
||||
ROOT = $GITEA_WORK_DIR/git/repositories
|
||||
|
||||
[repository.local]
|
||||
LOCAL_COPY_PATH = $GITEA_TEMP/local-repo
|
||||
|
||||
[repository.upload]
|
||||
TEMP_PATH = $GITEA_TEMP/uploads
|
||||
|
||||
[server]
|
||||
APP_DATA_PATH = $GITEA_WORK_DIR
|
||||
SSH_DOMAIN = $SSH_DOMAIN
|
||||
HTTP_PORT = $HTTP_PORT
|
||||
ROOT_URL = $ROOT_URL
|
||||
DISABLE_SSH = $DISABLE_SSH
|
||||
; In rootless gitea container only internal ssh server is supported
|
||||
START_SSH_SERVER = true
|
||||
SSH_PORT = $SSH_PORT
|
||||
SSH_LISTEN_PORT = $SSH_LISTEN_PORT
|
||||
BUILTIN_SSH_SERVER_USER = $RUN_USER
|
||||
LFS_START_SERVER = $LFS_START_SERVER
|
||||
LFS_CONTENT_PATH = $GITEA_WORK_DIR/git/lfs
|
||||
|
||||
[database]
|
||||
PATH = $GITEA_WORK_DIR/data/gitea.db
|
||||
DB_TYPE = $DB_TYPE
|
||||
HOST = $DB_HOST
|
||||
NAME = $DB_NAME
|
||||
USER = $DB_USER
|
||||
PASSWD = $DB_PASSWD
|
||||
|
||||
[indexer]
|
||||
ISSUE_INDEXER_PATH = $GITEA_WORK_DIR/data/indexers/issues.bleve
|
||||
|
||||
[session]
|
||||
PROVIDER_CONFIG = $GITEA_WORK_DIR/data/sessions
|
||||
|
||||
[picture]
|
||||
AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/avatars
|
||||
REPOSITORY_AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/gitea/repo-avatars
|
||||
|
||||
[attachment]
|
||||
PATH = $GITEA_WORK_DIR/data/attachments
|
||||
|
||||
[log]
|
||||
ROOT_PATH = $GITEA_WORK_DIR/data/log
|
||||
|
||||
[security]
|
||||
INSTALL_LOCK = $INSTALL_LOCK
|
||||
SECRET_KEY = $SECRET_KEY
|
||||
|
||||
[service]
|
||||
DISABLE_REGISTRATION = $DISABLE_REGISTRATION
|
||||
REQUIRE_SIGNIN_VIEW = $REQUIRE_SIGNIN_VIEW
|
||||
11
docker/rootless/usr/local/bin/docker-entrypoint.sh
Executable file
11
docker/rootless/usr/local/bin/docker-entrypoint.sh
Executable file
|
|
@ -0,0 +1,11 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [ -x /usr/local/bin/docker-setup.sh ]; then
|
||||
/usr/local/bin/docker-setup.sh || { echo 'docker setup failed' ; exit 1; }
|
||||
fi
|
||||
|
||||
if [ $# -gt 0 ]; then
|
||||
exec "$@"
|
||||
else
|
||||
exec /usr/local/bin/gitea -c ${GITEA_APP_INI} web
|
||||
fi
|
||||
48
docker/rootless/usr/local/bin/docker-setup.sh
Executable file
48
docker/rootless/usr/local/bin/docker-setup.sh
Executable file
|
|
@ -0,0 +1,48 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Prepare git folder
|
||||
mkdir -p ${HOME} && chmod 0700 ${HOME}
|
||||
if [ ! -w ${HOME} ]; then echo "${HOME} is not writable"; exit 1; fi
|
||||
|
||||
# Prepare custom folder
|
||||
mkdir -p ${GITEA_CUSTOM} && chmod 0500 ${GITEA_CUSTOM}
|
||||
|
||||
# Prepare temp folder
|
||||
mkdir -p ${GITEA_TEMP} && chmod 0700 ${GITEA_TEMP}
|
||||
if [ ! -w ${GITEA_TEMP} ]; then echo "${GITEA_TEMP} is not writable"; exit 1; fi
|
||||
|
||||
#Prepare config file
|
||||
if [ ! -f ${GITEA_APP_INI} ]; then
|
||||
|
||||
#Prepare config file folder
|
||||
GITEA_APP_INI_DIR=$(dirname ${GITEA_APP_INI})
|
||||
mkdir -p ${GITEA_APP_INI_DIR} && chmod 0700 ${GITEA_APP_INI_DIR}
|
||||
if [ ! -w ${GITEA_APP_INI_DIR} ]; then echo "${GITEA_APP_INI_DIR} is not writable"; exit 1; fi
|
||||
|
||||
# Set INSTALL_LOCK to true only if SECRET_KEY is not empty and
|
||||
# INSTALL_LOCK is empty
|
||||
if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then
|
||||
INSTALL_LOCK=true
|
||||
fi
|
||||
|
||||
# Substitude the environment variables in the template
|
||||
APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
|
||||
RUN_MODE=${RUN_MODE:-"dev"} \
|
||||
RUN_USER=${USER:-"git"} \
|
||||
SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
|
||||
HTTP_PORT=${HTTP_PORT:-"3000"} \
|
||||
ROOT_URL=${ROOT_URL:-""} \
|
||||
DISABLE_SSH=${DISABLE_SSH:-"false"} \
|
||||
SSH_PORT=${SSH_PORT:-"2222"} \
|
||||
SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-$SSH_PORT} \
|
||||
DB_TYPE=${DB_TYPE:-"sqlite3"} \
|
||||
DB_HOST=${DB_HOST:-"localhost:3306"} \
|
||||
DB_NAME=${DB_NAME:-"gitea"} \
|
||||
DB_USER=${DB_USER:-"root"} \
|
||||
DB_PASSWD=${DB_PASSWD:-""} \
|
||||
INSTALL_LOCK=${INSTALL_LOCK:-"false"} \
|
||||
DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \
|
||||
REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \
|
||||
SECRET_KEY=${SECRET_KEY:-""} \
|
||||
envsubst < /etc/templates/app.ini > ${GITEA_APP_INI}
|
||||
fi
|
||||
Loading…
Add table
Add a link
Reference in a new issue