---
title: "Setting Up Gitea Actions With Tailscale"
date: 2023-12-09T18:22:11-05:00
lastmod: 2023-12-09T18:22:11-05:00
draft: true
keywords: []
description: ""
tags: []
categories: []
author: ""

# You can also close(false) or open(true) something for this content.
# P.S. comment can only be closed
comment: false
toc: false
autoCollapseToc: false
postMetaInFooter: false
hiddenFromHomePage: false
# You can also define another contentCopyright. e.g. contentCopyright: "This is another copyright."
contentCopyright: false
reward: false
mathjax: false
mathjaxEnableSingleDollar: false

flowchartDiagrams:
  enable: false
  options: ""

sequenceDiagrams:
  enable: false
  options: ""
---

<!--more-->

In this post, I'll go through the process of setting up Gitea Actions and [Tailscale](https://tailscale.com/), which has helped me unlock a new level of simplicity and security when automating workflows.

## What is Gitea?

[Gitea](https://about.gitea.com/) is a lightweight and fast git server that has much of the same look and feel as github. I have been using it in my homelab mostly to mirror repositories hosted on other platforms such as github and gitlab. These mirrors take advantage of the decentralized nature of git by serving as "backups". One of the main reasons I hadn't been using it more often was due to the lack of integrated CI/CD. This has since changed.

## Gitea Actions

[Gitea Actions](https://docs.gitea.com/usage/actions/overview) has made it into the [1.19.0 release](https://blog.gitea.com/release-of-1.19.0/). This feature had been in an experimental state up until [1.21.0](https://blog.gitea.com/release-of-1.21.0/) and is now enabled by default 🎉.

So what are they? If you've ever used GitHub Actions (and if you're reading this, I imagine you have), they essentially allow you to run github workflows on gitea. Workflows between gitea and github are not completely interopable, but a lot of the same syntax is already compatible on gitea. You can find a list of [unsupported workflows syntax](https://docs.gitea.com/usage/actions/comparison#unsupported-workflows-syntax).

Actions (gitea's implementation) has me excited because it makes spinning up an isolated environment, for both sourcecode and workflow automation, incredibly simple.

## Integration with Tailscale

So how does Tailscale fit in here? Well, more recently I've been exposing my self-hosted services through a combination of traefik and the tailscale (through the tailscale-traefik proxy integration described [here](https://traefik.io/blog/exploring-the-tailscale-traefik-proxy-integration/)). This allows for a nice looking dns name (i.e. gitea.my-tailscale-subdomain.ts.net) and automatic tls certificate management. I can then also share this tailscale node securely with others.

## Deploying Gitea, Traefik, and Tailscale

This guide assumes the following prerequisites are completed:

- docker-compose is installed on a linux environment
- tailscale is installed and authenticated
- tailscale magic dns is enabled

My preferred approach to deploying code is with docker compose (especially in a homelab environment).

The docker-compose.yaml file looks like:

```yaml
version: "3.7"
services:
  gitea:
    image: gitea/gitea:1.21.1
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000

      - GITEA__server__DOMAIN=gitea.my-tailscale-subdomain.ts.net
      - GITEA__server__ROOT_URL=https://gitea.my-tailscale-subdomain.ts.net
      - GITEA__server__HTTP_ADDR=0.0.0.0
      - GITEA__server__LFS_JWT_SECRET=my-secret-jwt
    restart: always
    volumes:
      - ./data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
  traefik:
    image: traefik:v3.0.0-beta4
    container_name: traefik
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./traefik/data/traefik.yaml:/traefik.yaml:ro
      - ./traefik/data/dynamic.yaml:/dynamic.yaml:ro
      - /var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock
```

traefik/data/traefik.yaml:

```yaml
entryPoints:
  https:
    address: ":443"
providers:
  file:
    filename: dynamic.yaml
certificatesResolvers:
  myresolver:
    tailscale: {}
log:
  level: INFO
```

and finally traefik/data/dynamic/dynamic.yaml:

```yaml
http:
  routers:
    gitea:
      rule: Host(`gitea.my-tailscale-subdomain.ts.net`)
      entrypoints:
        - "https"
      service: gitea
      tls:
        certResolver: myresolver
  services:
    gitea:
      loadBalancer:
        servers:
          - url: "http://gitea:3000"
```

## Running a workflow

## Conclusion

By combining gitea with the networking capabilities of Tailscale, you can create a productive development environment. Whether you are working with a distributed team or collaborating across different locations, this setup ensures that your CI/CD pipelines run seamlessly and securely.