feat: add Gitea as Archipelago app with container registry

Gitea app manifest, marketplace entry, nginx proxy, app session config, image version, package install config. Container registry enabled on Gitea for fallback image hosting. Trusted registries updated. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-12 06:10:56 -04:00 · 2026-04-12 06:10:56 -04:00 · 6cd67df575
commit 6cd67df575
parent 8d8130109d
7 changed files with 122 additions and 3 deletions
--- a/apps/gitea/manifest.yml
+++ b/apps/gitea/manifest.yml
@ -0,0 +1,42 @@
+id: gitea
+name: Gitea
+version: "1.23"
+description: Self-hosted Git service with built-in container registry, CI/CD, and package hosting.
+category: development
+icon: git-branch
+port: 3000
+ssh_port: 2222
+image: docker.io/gitea/gitea:1.23
+tier: optional
+
+requires:
+  memory_mb: 256
+  disk_mb: 500
+
+volumes:
+  - host: /var/lib/archipelago/gitea/data
+    container: /data
+  - host: /var/lib/archipelago/gitea/config
+    container: /etc/gitea
+
+environment:
+  GITEA__database__DB_TYPE: sqlite3
+  GITEA__server__SSH_PORT: "2222"
+  GITEA__server__SSH_LISTEN_PORT: "22"
+  GITEA__server__LFS_START_SERVER: "true"
+  GITEA__packages__ENABLED: "true"
+  GITEA__repository__ENABLE_PUSH_CREATE_USER: "true"
+  GITEA__repository__ENABLE_PUSH_CREATE_ORG: "true"
+
+health_check:
+  endpoint: /
+  interval: 120
+  timeout: 5
+  retries: 3
+
+features:
+  - Git repositories with web UI
+  - Built-in container/package registry
+  - Issue tracking and pull requests
+  - CI/CD via Gitea Actions
+  - Lightweight (SQLite, no external DB needed)
--- a/core/archipelago/src/api/rpc/package/config.rs
+++ b/core/archipelago/src/api/rpc/package/config.rs
@ -4,7 +4,7 @@ use anyhow::{Context, Result};

 /// Trusted Docker registries. Only images from these sources are allowed.
 #[allow(dead_code)]
-pub(super) const TRUSTED_REGISTRIES: &[&str] = &["docker.io/", "ghcr.io/", "localhost/", "git.tx1138.com/"];
+pub(super) const TRUSTED_REGISTRIES: &[&str] = &["docker.io/", "ghcr.io/", "localhost/", "git.tx1138.com/", "23.182.128.160:3000/"];

 /// Validate Docker image against trusted registry allowlist.
 pub(super) fn is_valid_docker_image(image: &str) -> bool {
@ -21,7 +21,7 @@ pub(super) fn is_valid_docker_image(image: &str) -> bool {
        Some(r) => r,
        None => return false,
    };
-    matches!(registry, "docker.io" | "ghcr.io" | "localhost" | "git.tx1138.com")
+    matches!(registry, "docker.io" | "ghcr.io" | "localhost" | "git.tx1138.com" | "23.182.128.160:3000")
 }

 /// Per-app Linux capabilities needed beyond the default cap-drop=ALL.
@ -894,6 +894,24 @@ pub(super) async fn get_app_config(
                None,
            )
        }
+        "gitea" => (
+            vec!["3000:3000".to_string(), "2222:22".to_string()],
+            vec![
+                "/var/lib/archipelago/gitea/data:/data".to_string(),
+                "/var/lib/archipelago/gitea/config:/etc/gitea".to_string(),
+            ],
+            vec![
+                "GITEA__database__DB_TYPE=sqlite3".to_string(),
+                "GITEA__server__SSH_PORT=2222".to_string(),
+                "GITEA__server__SSH_LISTEN_PORT=22".to_string(),
+                "GITEA__server__LFS_START_SERVER=true".to_string(),
+                "GITEA__packages__ENABLED=true".to_string(),
+                "GITEA__repository__ENABLE_PUSH_CREATE_USER=true".to_string(),
+                "GITEA__repository__ENABLE_PUSH_CREATE_ORG=true".to_string(),
+            ],
+            None,
+            None,
+        ),
        _ => (vec![], vec![], vec![], None, None),
    }
 }
--- a/image-recipe/configs/nginx-archipelago.conf
+++ b/image-recipe/configs/nginx-archipelago.conf
@ -477,6 +477,17 @@ server {
        sub_filter "src='/" "src='/app/botfights/";
        sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
    }
+    location /app/gitea/ {
+        proxy_pass http://127.0.0.1:3000/;
+        proxy_http_version 1.1;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_hide_header X-Frame-Options;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        client_max_body_size 1G;
+    }
    location /app/lnd/ {
        proxy_pass http://127.0.0.1:8081/;
        proxy_http_version 1.1;
--- a/neode-ui/public/assets/img/app-icons/gitea.svg
+++ b/neode-ui/public/assets/img/app-icons/gitea.svg
@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<svg version="1.1" id="main_outline" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px"
+	 y="0px" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640;" xml:space="preserve">
+<g>
+	<path id="teabag" style="fill:#FFFFFF" d="M395.9,484.2l-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5,21.2-17.9,33.8-11.8
+		c17.2,8.3,27.1,13,27.1,13l-0.1-109.2l16.7-0.1l0.1,117.1c0,0,57.4,24.2,83.1,40.1c3.7,2.3,10.2,6.8,12.9,14.4
+		c2.1,6.1,2,13.1-1,19.3l-61,126.9C423.6,484.9,408.4,490.3,395.9,484.2z"/>
+	<g>
+		<g>
+			<path style="fill:#609926" d="M622.7,149.8c-4.1-4.1-9.6-4-9.6-4s-117.2,6.6-177.9,8c-13.3,0.3-26.5,0.6-39.6,0.7c0,39.1,0,78.2,0,117.2
+				c-5.5-2.6-11.1-5.3-16.6-7.9c0-36.4-0.1-109.2-0.1-109.2c-29,0.4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5
+				c-9.8-0.6-22.5-2.1-39,1.5c-8.7,1.8-33.5,7.4-53.8,26.9C-4.9,212.4,6.6,276.2,8,285.8c1.7,11.7,6.9,44.2,31.7,72.5
+				c45.8,56.1,144.4,54.8,144.4,54.8s12.1,28.9,30.6,55.5c25,33.1,50.7,58.9,75.7,62c63,0,188.9-0.1,188.9-0.1s12,0.1,28.3-10.3
+				c14-8.5,26.5-23.4,26.5-23.4s12.9-13.8,30.9-45.3c5.5-9.7,10.1-19.1,14.1-28c0,0,55.2-117.1,55.2-231.1
+				C633.2,157.9,624.7,151.8,622.7,149.8z M125.6,353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6,321.8,60,295.4
+				c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5,38.5-30c13.8-3.7,31-3.1,31-3.1s7.1,59.4,15.7,94.2c7.2,29.2,24.8,77.7,24.8,77.7
+				S142.5,359.9,125.6,353.9z M425.9,461.5c0,0-6.1,14.5-19.6,15.4c-5.8,0.4-10.3-1.2-10.3-1.2s-0.3-0.1-5.3-2.1l-112.9-55
+				c0,0-10.9-5.7-12.8-15.6c-2.2-8.1,2.7-18.1,2.7-18.1L322,273c0,0,4.8-9.7,12.2-13c0.6-0.3,2.3-1,4.5-1.5c8.1-2.1,18,2.8,18,2.8
+				l110.7,53.7c0,0,12.6,5.7,15.3,16.2c1.9,7.4-0.5,14-1.8,17.2C474.6,363.8,425.9,461.5,425.9,461.5z"/>
+			<path style="fill:#609926" d="M326.8,380.1c-8.2,0.1-15.4,5.8-17.3,13.8c-1.9,8,2,16.3,9.1,20c7.7,4,17.5,1.8,22.7-5.4
+				c5.1-7.1,4.3-16.9-1.8-23.1l24-49.1c1.5,0.1,3.7,0.2,6.2-0.5c4.1-0.9,7.1-3.6,7.1-3.6c4.2,1.8,8.6,3.8,13.2,6.1
+				c4.8,2.4,9.3,4.9,13.4,7.3c0.9,0.5,1.8,1.1,2.8,1.9c1.6,1.3,3.4,3.1,4.7,5.5c1.9,5.5-1.9,14.9-1.9,14.9
+				c-2.3,7.6-18.4,40.6-18.4,40.6c-8.1-0.2-15.3,5-17.7,12.5c-2.6,8.1,1.1,17.3,8.9,21.3c7.8,4,17.4,1.7,22.5-5.3
+				c5-6.8,4.6-16.3-1.1-22.6c1.9-3.7,3.7-7.4,5.6-11.3c5-10.4,13.5-30.4,13.5-30.4c0.9-1.7,5.7-10.3,2.7-21.3
+				c-2.5-11.4-12.6-16.7-12.6-16.7c-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3c4.7-9.7,9.4-19.3,14.1-29
+				c-4.1-2-8.1-4-12.2-6.1c-4.8,9.8-9.7,19.7-14.5,29.5c-6.7-0.1-12.9,3.5-16.1,9.4c-3.4,6.3-2.7,14.1,1.9,19.8
+				C343.2,346.5,335,363.3,326.8,380.1z"/>
+		</g>
+	</g>
+</g>
+</svg>
--- a/neode-ui/src/views/appSession/appSessionConfig.ts
+++ b/neode-ui/src/views/appSession/appSessionConfig.ts
@ -43,6 +43,7 @@ export const APP_PORTS: Record<string, number> = {
  'routstr':       8200,
  'indeedhub':     7778,
  'botfights':     9100,
+  'gitea':         3000,
  'dwn':           3100,
  'endurain':      8080,
 }
@ -88,6 +89,7 @@ export const HTTPS_PROXY_PATHS: Record<string, string> = {
  'grafana': '/app/grafana/',
  'indeedhub': '/app/indeedhub/',
  'botfights': '/app/botfights/',
+  'gitea': '/app/gitea/',
  'routstr': '/app/routstr/',
  'nostr-vpn': '/app/nostr-vpn/',
  'fips': '/app/fips/',
@ -106,7 +108,7 @@ export const EXTERNAL_URLS: Record<string, string> = {

 export const APP_TITLES: Record<string, string> = {
  'bitcoin-knots': 'Bitcoin', 'btcpay-server': 'BTCPay Server', 'indeedhub': 'Indeehub',
-  'botfights': 'BotFights', '484-kitchen': '484 Kitchen', 'arch-presentation': 'Presentation',
+  'botfights': 'BotFights', 'gitea': 'Gitea', '484-kitchen': '484 Kitchen', 'arch-presentation': 'Presentation',
  'nostr-vpn': 'Nostr VPN', 'fips': 'FIPS', 'routstr': 'Routstr',
  'homeassistant': 'Home Assistant', 'uptime-kuma': 'Uptime Kuma',
  'nginx-proxy-manager': 'Nginx Proxy Manager', 'nostr-rs-relay': 'Nostr Relay',
--- a/neode-ui/src/views/marketplace/marketplaceData.ts
+++ b/neode-ui/src/views/marketplace/marketplaceData.ts
@ -478,6 +478,18 @@ export function getCuratedAppList(): MarketplaceApp[] {
      manifestUrl: undefined,
      repoUrl: 'https://botfights.net',
    },
+    {
+      id: 'gitea',
+      title: 'Gitea',
+      version: '1.23',
+      category: 'data',
+      description: 'Self-hosted Git service with built-in container registry, CI/CD, issue tracking, and package hosting. Lightweight alternative to GitHub/GitLab.',
+      icon: '/assets/img/app-icons/gitea.svg',
+      author: 'Gitea',
+      dockerImage: 'docker.io/gitea/gitea:1.23',
+      manifestUrl: undefined,
+      repoUrl: 'https://gitea.com',
+    },
    {
      id: 'nwnn',
      title: 'Next Web News Network',
--- a/scripts/image-versions.sh
+++ b/scripts/image-versions.sh
@ -82,6 +82,9 @@ MINIO_IMAGE="$ARCHY_REGISTRY/minio:RELEASE.2024-11-07T00-52-20Z"
 INDEEDHUB_POSTGRES_IMAGE="$ARCHY_REGISTRY/postgres:16.13-alpine"
 INDEEDHUB_REDIS_IMAGE="$ARCHY_REGISTRY/redis:7.4.8-alpine"

+# Gitea (Git + Container Registry)
+GITEA_IMAGE="docker.io/gitea/gitea:1.23"
+
 # DWN (Decentralized Web Node)
 DWN_SERVER_IMAGE="$ARCHY_REGISTRY/dwn-server:main"