4.9 KiB
title, date, lastmod, draft, keywords, description, tags, categories, author, comment, toc, autoCollapseToc, postMetaInFooter, hiddenFromHomePage, contentCopyright, reward, mathjax, mathjaxEnableSingleDollar, flowchartDiagrams, sequenceDiagrams
| title | date | lastmod | draft | keywords | description | tags | categories | author | comment | toc | autoCollapseToc | postMetaInFooter | hiddenFromHomePage | contentCopyright | reward | mathjax | mathjaxEnableSingleDollar | flowchartDiagrams | sequenceDiagrams | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Setting Up Gitea Actions With Tailscale | 2023-12-09T18:22:11-05:00 | 2023-12-09T18:22:11-05:00 | true | false | false | false | false | false | false | false | false | false |
|
|
In this post, I'll go through the process of setting up Gitea Actions and Tailscale, which has helped me unlock a new level of simplicity and security when automating workflows.
What is Gitea?
Gitea is a lightweight and fast git server that has much of the same look and feel as github. I have been using it in my homelab mostly to mirror repositories hosted on other platforms such as github and gitlab. These mirrors take advantage of the decentralized nature of git by serving as "backups". One of the main reasons I hadn't been using it more often was due to the lack of integrated CI/CD. This has since changed.
Gitea Actions
Gitea Actions has made it into the 1.19.0 release. This feature had been in an experimental state up until 1.21.0 and is now enabled by default 🎉.
So what are they? If you've ever used GitHub Actions (and if you're reading this, I imagine you have), they essentially allow you to run github workflows on gitea. Workflows between gitea and github are not completely interopable, but a lot of the same syntax is already compatible on gitea. You can find a list of unsupported workflows syntax.
Actions (gitea's implementation) has me excited because it makes spinning up an isolated environment, for both sourcecode and workflow automation, incredibly simple.
Integration with Tailscale
So how does Tailscale fit in here? Well, more recently I've been exposing my self-hosted services through a combination of traefik and the tailscale (through the tailscale-traefik proxy integration described here). This allows for a nice looking dns name (i.e. gitea.my-tailscale-subdomain.ts.net) and automatic tls certificate management. I can then also share this tailscale node securely with others.
Deploying Gitea, Traefik, and Tailscale
This guide assumes the following prerequisites are completed:
- docker-compose is installed on a linux environment
- tailscale is installed and authenticated
- tailscale magic dns is enabled
My preferred approach to deploying code is with docker compose (especially in a homelab environment).
The docker-compose.yaml file looks like:
version: "3.7"
services:
gitea:
image: gitea/gitea:1.21.1
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__server__DOMAIN=gitea.my-tailscale-subdomain.ts.net
- GITEA__server__ROOT_URL=https://gitea.my-tailscale-subdomain.ts.net
- GITEA__server__HTTP_ADDR=0.0.0.0
- GITEA__server__LFS_JWT_SECRET=my-secret-jwt
restart: always
volumes:
- ./data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
traefik:
image: traefik:v3.0.0-beta4
container_name: traefik
security_opt:
- no-new-privileges:true
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- ./traefik/data/traefik.yaml:/traefik.yaml:ro
- ./traefik/data/dynamic.yaml:/dynamic.yaml:ro
- /var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock
traefik/data/traefik.yaml:
entryPoints:
https:
address: ":443"
providers:
file:
filename: dynamic.yaml
certificatesResolvers:
myresolver:
tailscale: {}
log:
level: INFO
and finally traefik/data/dynamic/dynamic.yaml:
http:
routers:
gitea:
rule: Host(`gitea.my-tailscale-subdomain.ts.net`)
entrypoints:
- "https"
service: gitea
tls:
certResolver: myresolver
services:
gitea:
loadBalancer:
servers:
- url: "http://gitea:3000"
Running a workflow
Conclusion
By combining gitea with the networking capabilities of Tailscale, you can create a productive development environment. Whether you are working with a distributed team or collaborating across different locations, this setup ensures that your CI/CD pipelines run seamlessly and securely.