dave/site
1
0
Fork 0
mirror of https://github.com/davegallant/davegallant.github.io.git synced 2025-08-07 17:12:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: a79b21feb5388f4bc54d4cc12170350cd6172e32

Browse Source
This commit is contained in:
davegallant
2024-02-10 15:25:52 +00:00
parent 9ffb7f8dd6
commit 361cf93e8c
70 changed files with 72 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
blog/setting-up-gitea-actions-with-tailscale/index.html
View File

@@ -52,7 +52,7 @@
</span></span><span style=display:flex><span> },
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;AllowFunnel&#34;: { &#34;${TS_CERT_DOMAIN}:443&#34;: </span><span style=color:#66d9ef>true</span> },
</span></span><span style=display:flex><span>}
</span></span></code></pre></div><p>Something to consider is whether or not you want to use ssh with git. One method to get this to work with containers is to use <a href=https://docs.gitea.com/installation/install-with-docker#ssh-container-passthrough class=link--external target=_blank rel=noreferrer>ssh container passthrough</a>. I decided to keep it simple and not use ssh, since communicating over https is perfectly fine for my use case.</p><p>After adding the above configuration, running <code>docker compose up -d</code> should be enough to get an instance up and running. It will be accessible at <a href=https://gitea.my-tailnet-name.ts.net class=link--external target=_blank rel=noreferrer>https://gitea.my-tailnet-name.ts.net</a> from within the tailnet.</p><h2 id=theming>Theming<a href=#theming class=post-heading__anchor aria-hidden=true>#</a></h2><p>I discovered some themes for gitea <a href=https://git.sainnhe.dev/sainnhe/gitea-themes class=link--external target=_blank rel=noreferrer>here</a> and decided to try out gruvbox.</p><p>I added the theme by cloning <a href=https://git.sainnhe.dev/sainnhe/gitea-themes/raw/branch/master/dist/theme-gruvbox-auto.css class=link--external target=_blank rel=noreferrer>theme-gruvbox-auto.css</a> into <code>./data/gitea/public/assets/css</code>. I then added the following to <code>environment</code> in <code>docker-compose.yml</code>:</p><div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-yaml data-lang=yaml><span style=display:flex><span>- <span style=color:#ae81ff>GITEA__ui__DEFAULT_THEME=gruvbox-auto</span>
</span></span></code></pre></div><p>After adding the above configuration, running <code>docker compose up -d</code> should be enough to get an instance up and running. It will be accessible at <a href=https://gitea.my-tailnet-name.ts.net class=link--external target=_blank rel=noreferrer>https://gitea.my-tailnet-name.ts.net</a> from within the tailnet.</p><p>Something to consider is whether or not you want to use ssh with git. One method to get this to work with containers is to use <a href=https://docs.gitea.com/installation/install-with-docker#ssh-container-passthrough class=link--external target=_blank rel=noreferrer>ssh container passthrough</a>. I decided to keep it simple and not use ssh, since communicating over https is perfectly fine for my use case.</p><h2 id=theming>Theming<a href=#theming class=post-heading__anchor aria-hidden=true>#</a></h2><p>I discovered some themes for gitea <a href=https://git.sainnhe.dev/sainnhe/gitea-themes class=link--external target=_blank rel=noreferrer>here</a> and decided to try out gruvbox.</p><p>I added the theme by cloning <a href=https://git.sainnhe.dev/sainnhe/gitea-themes/raw/branch/master/dist/theme-gruvbox-auto.css class=link--external target=_blank rel=noreferrer>theme-gruvbox-auto.css</a> into <code>./data/gitea/public/assets/css</code>. I then added the following to <code>environment</code> in <code>docker-compose.yml</code>:</p><div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-yaml data-lang=yaml><span style=display:flex><span>- <span style=color:#ae81ff>GITEA__ui__DEFAULT_THEME=gruvbox-auto</span>
</span></span><span style=display:flex><span>- <span style=color:#ae81ff>GITEA__ui__THEMES=gruvbox-auto</span>
</span></span></code></pre></div><p>After restarting the gitea instance, the default theme was applied.</p><h2 id=connecting-runners>Connecting runners<a href=#connecting-runners class=post-heading__anchor aria-hidden=true>#</a></h2><p>I installed the runner by <a href=https://docs.gitea.com/usage/actions/quickstart#set-up-runner class=link--external target=_blank rel=noreferrer>following the docs</a>. I opted for installing it on a separate host (another lxc container) as recommended in the docs. I used the systemd unit file to ensure that the runner comes back online after system reboots. I installed tailscale on this gitea runner as well, so that it can have the same &ldquo;networking privileges&rdquo; as the main instance.</p><p>After registering this runner and starting the daemon, the runner appeared in <code>/admin/actions/runners</code>. I added two other runners to help with parallelization.</p><p><img src=gitea-runners.png alt=image></p><h2 id=running-a-workflow>Running a workflow<a href=#running-a-workflow class=post-heading__anchor aria-hidden=true>#</a></h2><p>Now it&rsquo;s time start running some automation. I used the <a href=https://docs.gitea.com/usage/actions/quickstart#use-actions class=link--external target=_blank rel=noreferrer>demo workflow</a> as a starting point to verify that the runner is executing workflows.</p><p>After this, I wanted to make sure that some of my existing workflows could be migrated over.</p><p>The following workflow uses a matrix to run a job for several of my hosts using ansible playbooks that will do various tasks such as patching os updates and updating container images.</p><div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-yaml data-lang=yaml><span style=display:flex><span><span style=color:#f92672>name</span>: <span style=color:#ae81ff>Run ansible</span>
</span></span><span style=display:flex><span><span style=color:#f92672>on</span>:
@@ -90,4 +90,4 @@
</span></span><span style=display:flex><span> <span style=color:#f92672>from</span>: <span style=color:#ae81ff>RFD Notify</span>
</span></span><span style=display:flex><span> <span style=color:#f92672>body</span>: |<span style=color:#e6db74>
</span></span></span><span style=display:flex><span><span style=color:#e6db74> ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}</span>
</span></span></code></pre></div><p>And voilà:</p><p><img src=gitea-workflow.png alt=image></p><p>You may be wondering how the gitea runner is allowed to connect to the other hosts using ansible? Well, the nodes are in the same tailnet and have <a href=https://tailscale.com/tailscale-ssh class=link--external target=_blank rel=noreferrer>tailscale ssh</a> enabled.</p><h2 id=areas-for-improvement>Areas for improvement<a href=#areas-for-improvement class=post-heading__anchor aria-hidden=true>#</a></h2><p>One enhancement that I would like to see is the ability to send notifications on workflow failures. Currently, this <a href=https://github.com/go-gitea/gitea/issues/23725 class=link--external target=_blank rel=noreferrer>doesn&rsquo;t seem possible</a> without adding logic to each workflow.</p><h2 id=conclusion>Conclusion<a href=#conclusion class=post-heading__anchor aria-hidden=true>#</a></h2><p>Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantially more resources. It likely helps that the codebase is largely written in go.</p><p>By combining gitea with the networking marvel that is tailscale, running workflows becomes simple and fun. Whether you are working on a team or working alone, this setup ensures that your workflows are securely accessible from anywhere with an internet connection.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#458588","F1F2S4LWI"),kofiwidget2.draw()</script><section id=comments class=comments><div class='container sep-before'><div class=comments><script>var getTheme=localStorage&&localStorage.getItem("theme"),getTheme=getTheme??(window.matchMedia&&window.matchMedia("(prefers-color-scheme: light)").matches?"light":"dark"),getTheme=getTheme??"dark";let theme=getTheme==="dark"?"gruvbox-dark":"github-light",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.4be06c129d6a89e60a661c6ac8c8e0434d58fb0fa2f685f85e2c306aca62adc5e77e7c63cb1c8a2cc5794ea42927281cf868514bcdce21ddf23dc3520e6743e7.js></script><script src=/js/flexsearch.dfabc8e20df58ac821a9a651b203af8d6e7f35196f0f456c74daad949ca5c465241b678594cf2432693b343c081b51b40223083879154b93c0851afdb436ec40.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>
</span></span></code></pre></div><p>And voilà:</p><p><img src=gitea-workflow.png alt=image></p><p>You may be wondering how the gitea runner is allowed to connect to the other hosts using ansible? Well, the nodes are in the same tailnet and have <a href=https://tailscale.com/tailscale-ssh class=link--external target=_blank rel=noreferrer>tailscale ssh</a> enabled.</p><h2 id=areas-for-improvement>Areas for improvement<a href=#areas-for-improvement class=post-heading__anchor aria-hidden=true>#</a></h2><p>One enhancement that I would like to see is the ability to send notifications on workflow failures. Currently, this <a href=https://github.com/go-gitea/gitea/issues/23725 class=link--external target=_blank rel=noreferrer>doesn&rsquo;t seem possible</a> without adding logic to each workflow.</p><h2 id=conclusion>Conclusion<a href=#conclusion class=post-heading__anchor aria-hidden=true>#</a></h2><p>Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantially more resources. It likely helps that the codebase is largely written in go.</p><p>By combining gitea with the networking marvel that is tailscale, running workflows becomes simple and fun. Whether you are working on a team or working alone, this setup ensures that your workflows are securely accessible from anywhere with an internet connection.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#458588","F1F2S4LWI"),kofiwidget2.draw()</script><section id=comments class=comments><div class='container sep-before'><div class=comments><script>var getTheme=localStorage&&localStorage.getItem("theme"),getTheme=getTheme??(window.matchMedia&&window.matchMedia("(prefers-color-scheme: light)").matches?"light":"dark"),getTheme=getTheme??"dark";let theme=getTheme==="dark"?"gruvbox-dark":"github-light",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.4be06c129d6a89e60a661c6ac8c8e0434d58fb0fa2f685f85e2c306aca62adc5e77e7c63cb1c8a2cc5794ea42927281cf868514bcdce21ddf23dc3520e6743e7.js></script><script src=/js/flexsearch.74e3821777864ba770a2e3590b40f75ff036185f85016dbf2e1d4a4074aec2f5e67ad32bf4ae1a21f883d824c35a69456efca218e97311326933c901d5e036de.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script></div></body></html>