Add ""Setting Up Gitea Actions With Tailscale"" draft

2025-08-10 10:22:27 +00:00 · 2023-12-09 23:56:50 -05:00
parent 03dd1bd431
commit 1561a6cd66
1 changed files with 139 additions and 0 deletions
--- a/content/post/setting-up-gitea-actions-with-tailscale.md
+++ b/content/post/setting-up-gitea-actions-with-tailscale.md
@@ -0,0 +1,139 @@
+---
+title: "Setting Up Gitea Actions With Tailscale"
+date: 2023-12-09T18:22:11-05:00
+lastmod: 2023-12-09T18:22:11-05:00
+draft: true
+keywords: []
+description: ""
+tags: []
+categories: []
+author: ""
+
+# You can also close(false) or open(true) something for this content.
+# P.S. comment can only be closed
+comment: false
+toc: false
+autoCollapseToc: false
+postMetaInFooter: false
+hiddenFromHomePage: false
+# You can also define another contentCopyright. e.g. contentCopyright: "This is another copyright."
+contentCopyright: false
+reward: false
+mathjax: false
+mathjaxEnableSingleDollar: false
+
+flowchartDiagrams:
+  enable: false
+  options: ""
+
+sequenceDiagrams:
+  enable: false
+  options: ""
+---
+
+<!--more-->
+
+In this post, I'll go through the process of setting up Gitea Actions and [Tailscale](https://tailscale.com/), which has helped me unlock a new level of simplicity and security when automating workflows.
+
+## What is Gitea?
+
+[Gitea](https://about.gitea.com/) is a lightweight and fast git server that has much of the same look and feel as github. I have been using it in my homelab mostly to mirror repositories hosted on other platforms such as github and gitlab. These mirrors take advantage of the decentralized nature of git by serving as "backups". One of the main reasons I hadn't been using it more often was due to the lack of integrated CI/CD. This has since changed.
+
+## Gitea Actions
+
+[Gitea Actions](https://docs.gitea.com/usage/actions/overview) has made it into the [1.19.0 release](https://blog.gitea.com/release-of-1.19.0/). This feature had been in an experimental state up until [1.21.0](https://blog.gitea.com/release-of-1.21.0/) and is now enabled by default 🎉.
+
+So what are they? If you've ever used GitHub Actions (and if you're reading this, I imagine you have), they essentially allow you to run github workflows on gitea. Workflows between gitea and github are not completely interopable, but a lot of the same syntax is already compatible on gitea. You can find a list of [unsupported workflows syntax](https://docs.gitea.com/usage/actions/comparison#unsupported-workflows-syntax).
+
+Actions (gitea's implementation) has me excited because it makes spinning up an isolated environment, for both sourcecode and workflow automation, incredibly simple.
+
+## Integration with Tailscale
+
+So how does Tailscale fit in here? Well, more recently I've been exposing my self-hosted services through a combination of traefik and the tailscale (through the tailscale-traefik proxy integration described [here](https://traefik.io/blog/exploring-the-tailscale-traefik-proxy-integration/)). This allows for a nice looking dns name (i.e. gitea.my-tailscale-subdomain.ts.net) and automatic tls certificate management. I can then also share this tailscale node securely with others.
+
+## Deploying Gitea, Traefik, and Tailscale
+
+This guide assumes the following prerequisites are completed:
+
+- docker-compose is installed on a linux environment
+- tailscale is installed and authenticated
+- tailscale magic dns is enabled
+
+My preferred approach to deploying code is with docker compose (especially in a homelab environment).
+
+The docker-compose.yaml file looks like:
+
+```yaml
+version: "3.7"
+services:
+  gitea:
+    image: gitea/gitea:1.21.1
+    container_name: gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+
+      - GITEA__server__DOMAIN=gitea.my-tailscale-subdomain.ts.net
+      - GITEA__server__ROOT_URL=https://gitea.my-tailscale-subdomain.ts.net
+      - GITEA__server__HTTP_ADDR=0.0.0.0
+      - GITEA__server__LFS_JWT_SECRET=my-secret-jwt
+    restart: always
+    volumes:
+      - ./data:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+  traefik:
+    image: traefik:v3.0.0-beta4
+    container_name: traefik
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - ./traefik/data/traefik.yaml:/traefik.yaml:ro
+      - ./traefik/data/dynamic.yaml:/dynamic.yaml:ro
+      - /var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock
+```
+
+traefik/data/traefik.yaml:
+
+```yaml
+entryPoints:
+  https:
+    address: ":443"
+providers:
+  file:
+    filename: dynamic.yaml
+certificatesResolvers:
+  myresolver:
+    tailscale: {}
+log:
+  level: INFO
+```
+
+and finally traefik/data/dynamic/dynamic.yaml:
+
+```yaml
+http:
+  routers:
+    gitea:
+      rule: Host(`gitea.my-tailscale-subdomain.ts.net`)
+      entrypoints:
+        - "https"
+      service: gitea
+      tls:
+        certResolver: myresolver
+  services:
+    gitea:
+      loadBalancer:
+        servers:
+          - url: "http://gitea:3000"
+```
+
+## Running a workflow
+
+## Conclusion
+
+By combining gitea with the networking capabilities of Tailscale, you can create a productive development environment. Whether you are working with a distributed team or collaborating across different locations, this setup ensures that your CI/CD pipelines run seamlessly and securely.