Use tailscale to allow ssh access to gitea

2025-05-23 00:15:04 +10:00
parent 3f70bc62d3
commit c1aeb11354
5 changed files with 97 additions and 14 deletions
--- a/2-nomad-config/gitea.nomad.hcl
+++ b/2-nomad-config/gitea.nomad.hcl
@@ -1,7 +1,3 @@
-# TODOs
-#  - Map /data/ to unraid appdata
-#  - Move database config to /data/gitea/conf/app.ini (where it would be copied on first run)
-
 job "gitea" {
  group "gitea" {
    network {
@@ -33,12 +29,12 @@ job "gitea" {
        "traefik.http.routers.gitea.middlewares=auth@file",
      ]

-      # check {
-      #   type     = "http"
-      #   path     = "/"
-      #   interval = "10s"
-      #   timeout  = "2s"
-      # }
+      check {
+        type     = "http"
+        path     = "/"
+        interval = "10s"
+        timeout  = "2s"
+      }
    }

    task "gitea" {
@@ -59,7 +55,7 @@ job "gitea" {

      resources {
        cpu    = 500
-        memory = 256
+        memory = 512
      }

      volume_mount {
@@ -85,6 +81,7 @@ ROOT = /data/git/repositories

 [server]
 DOMAIN = code.othrayte.one
+SSH_DOMAIN = git.othrayte.one
 ROOT_URL = https://code.othrayte.one/

 [lfs]
@@ -107,6 +104,29 @@ EOF
      }
    }

+    task "tailscale" {
+      driver = "docker"
+
+      config {
+        image = "tailscale/tailscale:latest"
+      }
+
+      env = {
+        TS_AUTHKEY  = "${ts_authkey}"
+        TS_HOSTNAME = "git"
+      }
+
+      resources {
+        cpu    = 100
+        memory = 64
+      }
+
+      lifecycle {
+        hook    = "prestart"
+        sidecar = true
+      }
+    }
+
    volume "unraid_appdata_gitea" {
      type            = "csi"
      read_only       = false