diff --git a/README.md b/README.md index 4372da9..05aaaeb 100644 --- a/README.md +++ b/README.md @@ -4,17 +4,23 @@ - `gcloud auth application-default set-quota-project itsamejms` - `gcloud run services list` - `gcloud services enable run.googleapis.com artifactregistry.googleapis.com storage.googleapis.com` -- `gcloud storage buckets create gs://jms-git-bucket --location=europe-west1` +- `gcloud storage buckets create gs://jms-git-bucket --location=europe-west1` # for snapshots +- `gcloud storage buckets create gs://jms-git-repos-storage --location=europe-west1` # for repositories .git folders + ``` -gcloud run deploy gitea-serverless \ +gcloud beta run deploy gitea-serverless \ --source . \ --region europe-west1 \ --allow-unauthenticated \ --max-instances 1 \ - --memory 512Mi \ + --memory 1Gi \ --port 3000 \ --set-env-vars="GCS_BUCKET_NAME=jms-git-bucket" \ --set-env-vars="GITEA_WORK_DIR=/data/gitea" \ - --set-env-vars="GITEA_CUSTOM=/data/gitea" + --set-env-vars="GITEA_CUSTOM=/data/gitea" \ + --set-env-vars="GCS_ACCESS_KEY=GCS_ACCESS_KEY" \ + --set-env-vars="GCS_SECRET_KEY=GCS_SECRET_KEY" \ +--add-volume=name=git-storage,type=cloud-storage,bucket=jms-git-repos-storage,mount-options="uid=1000;gid=1000;file-mode=0666;dir-mode=0777;stat-cache-ttl=600s;type-cache-ttl=600s" \ + --add-volume-mount=volume=git-storage,mount-path=/data/gitea/app_data/repositories ``` \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh index 4122b5a..f45fbee 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -6,10 +6,12 @@ DB_PATH="/data/gitea/gitea.db" CONF_DIR="/data/gitea/conf" CONF_PATH="$CONF_DIR/app.ini" -# 1. Initialize writeable working directories and hand ownership to the 'git' user +# 1. Initialize writeable working directories safely mkdir -p "$CONF_DIR" -mkdir -p /data/gitea/app_data -chown -R git:git /data +mkdir -p /data/gitea/app_data/repositories # Ensure mount path target exists + +# FIX: Only chown local assets. Explicitly avoid running a recursive chown on the GCS FUSE mount! +chown git:git /data /data/gitea /data/gitea/gitea.db /data/gitea/conf 2>/dev/null || true # 2. Restore SQLite database if it exists in Cloud Storage if [ ! -f "$DB_PATH" ]; then @@ -26,7 +28,7 @@ fi echo "[Litestream] Starting replication backend process..." litestream replicate -config /etc/litestream.yml & -# 4. MANUALLY WRITE THE APP.INI CONFIG FILE (Bypasses all Gitea wizards) +# 4. MANUALLY WRITE THE APP.INI CONFIG FILE (Explicit Block Overrides) echo "[Gitea] Writing configuration profile to app.ini..." cat < "$CONF_PATH" APP_NAME = Serverless Git @@ -43,9 +45,52 @@ INSTALL_LOCK = true [server] HTTP_PORT = 3000 PROTOCOL = http +DOMAIN = gitea.jms.rocks +ROOT_URL = https://gitea.jms.rocks/ +DISABLE_SSH = true + +[queue] +TYPE = level [repository] ROOT = /data/gitea/app_data/repositories +DISABLE_FORK_TIME_CHECK = true + +[attachment] +STORAGE_TYPE = minio +MINIO_ENDPOINT = storage.googleapis.com +MINIO_BUCKET = $GCS_BUCKET_NAME +MINIO_LOCATION = europe-west1 +MINIO_USE_SSL = true +MINIO_ACCESS_KEY_ID = $GCS_ACCESS_KEY +MINIO_SECRET_ACCESS_KEY = $GCS_SECRET_KEY + +[avatar] +STORAGE_TYPE = minio +MINIO_ENDPOINT = storage.googleapis.com +MINIO_BUCKET = $GCS_BUCKET_NAME +MINIO_LOCATION = europe-west1 +MINIO_USE_SSL = true +MINIO_ACCESS_KEY_ID = $GCS_ACCESS_KEY +MINIO_SECRET_ACCESS_KEY = $GCS_SECRET_KEY + +[lfs] +STORAGE_TYPE = minio +MINIO_ENDPOINT = storage.googleapis.com +MINIO_BUCKET = $GCS_BUCKET_NAME +MINIO_LOCATION = europe-west1 +MINIO_USE_SSL = true +MINIO_ACCESS_KEY_ID = $GCS_ACCESS_KEY +MINIO_SECRET_ACCESS_KEY = $GCS_SECRET_KEY + +[repo-archive] +STORAGE_TYPE = minio +MINIO_ENDPOINT = storage.googleapis.com +MINIO_BUCKET = $GCS_BUCKET_NAME +MINIO_LOCATION = europe-west1 +MINIO_USE_SSL = true +MINIO_ACCESS_KEY_ID = $GCS_ACCESS_KEY +MINIO_SECRET_ACCESS_KEY = $GCS_SECRET_KEY EOF # Ensure the config file is fully readable and writeable by the git user