From c0ae209a9df48d8b97fad1db60b52606ccb76268 Mon Sep 17 00:00:00 2001
From: bee <secretbumblebee@proton.me>
Date: Sun, 31 May 2026 15:19:59 +0200
Subject: [PATCH] gitea migration

---
 .vscode/tasks.json                            |  10 ++
 .../gitea => archive}/docker-compose.yml.j2   |   0
 archive/gitea.yml                             |  46 ++++++++
 playbooks/backup/backupDaily.sh               |   2 +-
 playbooks/gitea/gitea-db.container.j2         |  17 +++
 playbooks/gitea/gitea-server.container.j2     |  30 +++++
 playbooks/gitea/gitea.yml                     | 110 ++++++++++++++----
 7 files changed, 191 insertions(+), 24 deletions(-)
 rename {playbooks/gitea => archive}/docker-compose.yml.j2 (100%)
 create mode 100644 archive/gitea.yml
 create mode 100644 playbooks/gitea/gitea-db.container.j2
 create mode 100644 playbooks/gitea/gitea-server.container.j2

diff --git a/.vscode/tasks.json b/.vscode/tasks.json
index 95b28ee..8d475af 100644
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -140,6 +140,16 @@
             "panel": "dedicated"
         }
     },
+    {
+        "label": "Deploy: openvpn",
+        "type": "shell",
+        "command": "make deploy-openvpn",
+        "group": "build",
+        "presentation": {
+            "reveal": "always",
+            "panel": "dedicated"
+        }
+    },
     {
         "label": "Deploy: immich",
         "type": "shell",
diff --git a/playbooks/gitea/docker-compose.yml.j2 b/archive/docker-compose.yml.j2
similarity index 100%
rename from playbooks/gitea/docker-compose.yml.j2
rename to archive/docker-compose.yml.j2
diff --git a/archive/gitea.yml b/archive/gitea.yml
new file mode 100644
index 0000000..cc870cd
--- /dev/null
+++ b/archive/gitea.yml
@@ -0,0 +1,46 @@
+- name: Gitea
+  hosts: beepi
+  become: true
+  vars:
+    gitea_db_password: !vault |
+              $ANSIBLE_VAULT;1.1;AES256
+              63336533393735346165633965383866393736336365646330346236356239363737353234383637
+              6261383166323062663033346136633066303462343263320a333932646162336232373530373834
+              65386637336562646135613563356137313239336365653161386434313835633437613233343332
+              3736353865313938300a383266353538666135353866653263663133663232646430323966353134
+              3939
+  tasks:
+    - name: Install podman
+      ansible.builtin.apt:
+        name: podman
+        state: present
+
+    - name: Install podman-compose
+      ansible.builtin.apt:
+        name: podman-compose
+        state: present
+
+    - name: Create gitea directory
+      ansible.builtin.file:
+        path: /opt/beeserver/gitea
+        state: directory
+        mode: '0755'
+
+    - name: Compose down
+      changed_when: true
+      failed_when: false
+      ansible.builtin.command:
+        cmd: podman-compose down
+        chdir: /opt/beeserver/gitea
+
+    - name: Copy compose
+      ansible.builtin.template:
+        src: docker-compose.yml.j2
+        dest: /opt/beeserver/gitea/docker-compose.yml
+        mode: '0644'
+
+    - name: Compose up
+      changed_when: true
+      ansible.builtin.command:
+        cmd: podman-compose up -d
+        chdir: /opt/beeserver/gitea
diff --git a/playbooks/backup/backupDaily.sh b/playbooks/backup/backupDaily.sh
index 49fa81d..7eb9fc0 100644
--- a/playbooks/backup/backupDaily.sh
+++ b/playbooks/backup/backupDaily.sh
@@ -4,7 +4,7 @@ set -euo pipefail
 
 now=$(date +"%Y%m%d%H%M")
 
-declare -a arr=("gitea" "mail" "matrix" "monitoring")
+declare -a arr=("mail" "matrix" "monitoring")
 declare -a monitoring=("monitoring_prometheus-data" "monitoring_grafana-storage" "monitoring_loki-data" "monitoring_alloy-data")
 declare -a matrix=("matrix_db")
 
diff --git a/playbooks/gitea/gitea-db.container.j2 b/playbooks/gitea/gitea-db.container.j2
new file mode 100644
index 0000000..571b339
--- /dev/null
+++ b/playbooks/gitea/gitea-db.container.j2
@@ -0,0 +1,17 @@
+[Unit]
+Description=Gitea Postgres
+
+[Container]
+ContainerName=gitea-db
+Image=docker.io/library/postgres:14
+Network=gitea.network
+Volume=/home/gitea/data/postgres:/var/lib/postgresql/data
+Environment=POSTGRES_USER=gitea
+Environment=POSTGRES_PASSWORD={{ gitea_db_password }}
+Environment=POSTGRES_DB=gitea
+
+[Service]
+Restart=on-failure
+
+[Install]
+WantedBy=default.target
diff --git a/playbooks/gitea/gitea-server.container.j2 b/playbooks/gitea/gitea-server.container.j2
new file mode 100644
index 0000000..df13fb5
--- /dev/null
+++ b/playbooks/gitea/gitea-server.container.j2
@@ -0,0 +1,30 @@
+[Unit]
+Description=Gitea Server
+Requires=gitea-db.service
+After=gitea-db.service
+
+[Container]
+ContainerName=gitea-server
+Image=docker.gitea.com/gitea:1.26.0
+Network=gitea.network
+PublishPort=3000:3000
+PublishPort=2222:2222
+Volume=/home/gitea/data/gitea:/data
+Volume=/etc/timezone:/etc/timezone:ro
+Volume=/etc/localtime:/etc/localtime:ro
+Environment=USER_UID=1000
+Environment=USER_GID=1000
+Environment=GITEA__database__DB_TYPE=postgres
+Environment=GITEA__database__HOST=gitea-db:5432
+Environment=GITEA__database__NAME=gitea
+Environment=GITEA__database__USER=gitea
+Environment=GITEA__database__PASSWD={{ gitea_db_password }}
+Environment=GITEA__server__SSH_LISTEN_PORT=2222
+Environment=GITEA__server__SSH_PORT=2222
+Environment=SSH_LISTEN_PORT=2222
+
+[Service]
+Restart=on-failure
+
+[Install]
+WantedBy=default.target
\ No newline at end of file
diff --git a/playbooks/gitea/gitea.yml b/playbooks/gitea/gitea.yml
index cc870cd..37ee124 100644
--- a/playbooks/gitea/gitea.yml
+++ b/playbooks/gitea/gitea.yml
@@ -2,6 +2,8 @@
   hosts: beepi
   become: true
   vars:
+    user: gitea
+    user_home: /home/gitea
     gitea_db_password: !vault |
               $ANSIBLE_VAULT;1.1;AES256
               63336533393735346165633965383866393736336365646330346236356239363737353234383637
@@ -10,37 +12,99 @@
               3736353865313938300a383266353538666135353866653263663133663232646430323966353134
               3939
   tasks:
-    - name: Install podman
+    - name: Install dependencies
       ansible.builtin.apt:
-        name: podman
+        name: "{{ item }}"
         state: present
+      loop:
+        - podman
+        - systemd-container
+        - passt
 
-    - name: Install podman-compose
-      ansible.builtin.apt:
-        name: podman-compose
-        state: present
+    - name: Create user
+      ansible.builtin.user:
+        name: "{{ user }}"
+        home: "{{ user_home }}"
+        shell: /usr/sbin/nologin
+        create_home: true
+      register: user_info
 
-    - name: Create gitea directory
+    - name: Enable linger
+      ansible.builtin.command:
+        cmd: "loginctl enable-linger {{ user }}"
+        creates: "/var/lib/systemd/linger/{{ user }}"
+
+    - name: Create quadlet directory
       ansible.builtin.file:
-        path: /opt/beeserver/gitea
+        path: "{{ user_home }}/.config/containers/systemd"
         state: directory
+        owner: "{{ user }}"
+        group: "{{ user }}"
         mode: '0755'
 
-    - name: Compose down
-      changed_when: true
-      failed_when: false
-      ansible.builtin.command:
-        cmd: podman-compose down
-        chdir: /opt/beeserver/gitea
+    - name: Create data directory
+      ansible.builtin.file:
+        path: "{{ user_home }}/data"
+        state: directory
+        owner: "{{ user }}"
+        group: "{{ user }}"
+        mode: '0755'
 
-    - name: Copy compose
-      ansible.builtin.template:
-        src: docker-compose.yml.j2
-        dest: /opt/beeserver/gitea/docker-compose.yml
+    - name: Copy network
+      ansible.builtin.copy:
+        dest: "{{ user_home }}/.config/containers/systemd/gitea.network"
+        content: "[Network]\n"
+        owner: "{{ user }}"
+        group: "{{ user }}"
         mode: '0644'
 
-    - name: Compose up
-      changed_when: true
-      ansible.builtin.command:
-        cmd: podman-compose up -d
-        chdir: /opt/beeserver/gitea
+    - name: Deploy db quadlet
+      ansible.builtin.template:
+        src: gitea-db.container.j2
+        dest: "{{ user_home }}/.config/containers/systemd/gitea-db.container"
+        owner: "{{ user }}"
+        group: "{{ user }}"
+        mode: '0600'
+
+    - name: Deploy server quadlet
+      ansible.builtin.template:
+        src: gitea-server.container.j2
+        dest: "{{ user_home }}/.config/containers/systemd/gitea-server.container"
+        owner: "{{ user }}"
+        group: "{{ user }}"
+        mode: '0600'
+
+    - name: Reload user systemd
+      become: true
+      become_user: "{{ user }}"
+      environment:
+        XDG_RUNTIME_DIR: "/run/user/{{ user_info.uid }}"
+        DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ user_info.uid }}/bus"
+      ansible.builtin.systemd:
+        daemon_reload: true
+        scope: user
+
+    - name: Start user manager
+      ansible.builtin.systemd:
+        name: "user@{{ user_info.uid }}.service"
+        state: started
+
+    - name: Start gitea-server
+      become: true
+      become_user: "{{ user }}"
+      environment:
+        XDG_RUNTIME_DIR: "/run/user/{{ user_info.uid }}"
+        DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ user_info.uid }}/bus"
+      ansible.builtin.systemd:
+        name: gitea-server.service
+        state: started
+        scope: user
+
+    - name: Debug
+      ansible.builtin.debug:
+        msg:
+          - "Service status: systemctl --user --machine {{ user_info.name }}@.host status gitea-server"
+          - "Read logs: sudo journalctl _UID={{ user_info.uid }} -n 200 --no-pager"
+          - "Shell: machinectl shell {{ user_info.name }}@.host /bin/bash"
+      tags:
+        - always