From 6cd67df575094f9215861d70aa4f1be7bf521c41 Mon Sep 17 00:00:00 2001
From: Dorian <z00york@mac.com>
Date: Sun, 12 Apr 2026 06:10:56 -0400
Subject: [PATCH] feat: add Gitea as Archipelago app with container registry

Gitea app manifest, marketplace entry, nginx proxy, app session config,
image version, package install config. Container registry enabled on
Gitea for fallback image hosting. Trusted registries updated.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 apps/gitea/manifest.yml                       | 42 +++++++++++++++++++
 .../archipelago/src/api/rpc/package/config.rs | 22 +++++++++-
 image-recipe/configs/nginx-archipelago.conf   | 11 +++++
 .../public/assets/img/app-icons/gitea.svg     | 31 ++++++++++++++
 .../src/views/appSession/appSessionConfig.ts  |  4 +-
 .../src/views/marketplace/marketplaceData.ts  | 12 ++++++
 scripts/image-versions.sh                     |  3 ++
 7 files changed, 122 insertions(+), 3 deletions(-)
 create mode 100644 apps/gitea/manifest.yml
 create mode 100644 neode-ui/public/assets/img/app-icons/gitea.svg

diff --git a/apps/gitea/manifest.yml b/apps/gitea/manifest.yml
new file mode 100644
index 00000000..4af96688
--- /dev/null
+++ b/apps/gitea/manifest.yml
@@ -0,0 +1,42 @@
+id: gitea
+name: Gitea
+version: "1.23"
+description: Self-hosted Git service with built-in container registry, CI/CD, and package hosting.
+category: development
+icon: git-branch
+port: 3000
+ssh_port: 2222
+image: docker.io/gitea/gitea:1.23
+tier: optional
+
+requires:
+  memory_mb: 256
+  disk_mb: 500
+
+volumes:
+  - host: /var/lib/archipelago/gitea/data
+    container: /data
+  - host: /var/lib/archipelago/gitea/config
+    container: /etc/gitea
+
+environment:
+  GITEA__database__DB_TYPE: sqlite3
+  GITEA__server__SSH_PORT: "2222"
+  GITEA__server__SSH_LISTEN_PORT: "22"
+  GITEA__server__LFS_START_SERVER: "true"
+  GITEA__packages__ENABLED: "true"
+  GITEA__repository__ENABLE_PUSH_CREATE_USER: "true"
+  GITEA__repository__ENABLE_PUSH_CREATE_ORG: "true"
+
+health_check:
+  endpoint: /
+  interval: 120
+  timeout: 5
+  retries: 3
+
+features:
+  - Git repositories with web UI
+  - Built-in container/package registry
+  - Issue tracking and pull requests
+  - CI/CD via Gitea Actions
+  - Lightweight (SQLite, no external DB needed)
diff --git a/core/archipelago/src/api/rpc/package/config.rs b/core/archipelago/src/api/rpc/package/config.rs
index 67de0f43..2a54ed82 100644
--- a/core/archipelago/src/api/rpc/package/config.rs
+++ b/core/archipelago/src/api/rpc/package/config.rs
@@ -4,7 +4,7 @@ use anyhow::{Context, Result};
 
 /// Trusted Docker registries. Only images from these sources are allowed.
 #[allow(dead_code)]
-pub(super) const TRUSTED_REGISTRIES: &[&str] = &["docker.io/", "ghcr.io/", "localhost/", "git.tx1138.com/"];
+pub(super) const TRUSTED_REGISTRIES: &[&str] = &["docker.io/", "ghcr.io/", "localhost/", "git.tx1138.com/", "23.182.128.160:3000/"];
 
 /// Validate Docker image against trusted registry allowlist.
 pub(super) fn is_valid_docker_image(image: &str) -> bool {
@@ -21,7 +21,7 @@ pub(super) fn is_valid_docker_image(image: &str) -> bool {
         Some(r) => r,
         None => return false,
     };
-    matches!(registry, "docker.io" | "ghcr.io" | "localhost" | "git.tx1138.com")
+    matches!(registry, "docker.io" | "ghcr.io" | "localhost" | "git.tx1138.com" | "23.182.128.160:3000")
 }
 
 /// Per-app Linux capabilities needed beyond the default cap-drop=ALL.
@@ -894,6 +894,24 @@ pub(super) async fn get_app_config(
                 None,
             )
         }
+        "gitea" => (
+            vec!["3000:3000".to_string(), "2222:22".to_string()],
+            vec![
+                "/var/lib/archipelago/gitea/data:/data".to_string(),
+                "/var/lib/archipelago/gitea/config:/etc/gitea".to_string(),
+            ],
+            vec![
+                "GITEA__database__DB_TYPE=sqlite3".to_string(),
+                "GITEA__server__SSH_PORT=2222".to_string(),
+                "GITEA__server__SSH_LISTEN_PORT=22".to_string(),
+                "GITEA__server__LFS_START_SERVER=true".to_string(),
+                "GITEA__packages__ENABLED=true".to_string(),
+                "GITEA__repository__ENABLE_PUSH_CREATE_USER=true".to_string(),
+                "GITEA__repository__ENABLE_PUSH_CREATE_ORG=true".to_string(),
+            ],
+            None,
+            None,
+        ),
         _ => (vec![], vec![], vec![], None, None),
     }
 }
diff --git a/image-recipe/configs/nginx-archipelago.conf b/image-recipe/configs/nginx-archipelago.conf
index fd78feea..200a5ca1 100644
--- a/image-recipe/configs/nginx-archipelago.conf
+++ b/image-recipe/configs/nginx-archipelago.conf
@@ -477,6 +477,17 @@ server {
         sub_filter "src='/" "src='/app/botfights/";
         sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
     }
+    location /app/gitea/ {
+        proxy_pass http://127.0.0.1:3000/;
+        proxy_http_version 1.1;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_hide_header X-Frame-Options;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        client_max_body_size 1G;
+    }
     location /app/lnd/ {
         proxy_pass http://127.0.0.1:8081/;
         proxy_http_version 1.1;
diff --git a/neode-ui/public/assets/img/app-icons/gitea.svg b/neode-ui/public/assets/img/app-icons/gitea.svg
new file mode 100644
index 00000000..9df6b83b
--- /dev/null
+++ b/neode-ui/public/assets/img/app-icons/gitea.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<svg version="1.1" id="main_outline" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px"
+	 y="0px" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640;" xml:space="preserve">
+<g>
+	<path id="teabag" style="fill:#FFFFFF" d="M395.9,484.2l-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5,21.2-17.9,33.8-11.8
+		c17.2,8.3,27.1,13,27.1,13l-0.1-109.2l16.7-0.1l0.1,117.1c0,0,57.4,24.2,83.1,40.1c3.7,2.3,10.2,6.8,12.9,14.4
+		c2.1,6.1,2,13.1-1,19.3l-61,126.9C423.6,484.9,408.4,490.3,395.9,484.2z"/>
+	<g>
+		<g>
+			<path style="fill:#609926" d="M622.7,149.8c-4.1-4.1-9.6-4-9.6-4s-117.2,6.6-177.9,8c-13.3,0.3-26.5,0.6-39.6,0.7c0,39.1,0,78.2,0,117.2
+				c-5.5-2.6-11.1-5.3-16.6-7.9c0-36.4-0.1-109.2-0.1-109.2c-29,0.4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5
+				c-9.8-0.6-22.5-2.1-39,1.5c-8.7,1.8-33.5,7.4-53.8,26.9C-4.9,212.4,6.6,276.2,8,285.8c1.7,11.7,6.9,44.2,31.7,72.5
+				c45.8,56.1,144.4,54.8,144.4,54.8s12.1,28.9,30.6,55.5c25,33.1,50.7,58.9,75.7,62c63,0,188.9-0.1,188.9-0.1s12,0.1,28.3-10.3
+				c14-8.5,26.5-23.4,26.5-23.4s12.9-13.8,30.9-45.3c5.5-9.7,10.1-19.1,14.1-28c0,0,55.2-117.1,55.2-231.1
+				C633.2,157.9,624.7,151.8,622.7,149.8z M125.6,353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6,321.8,60,295.4
+				c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5,38.5-30c13.8-3.7,31-3.1,31-3.1s7.1,59.4,15.7,94.2c7.2,29.2,24.8,77.7,24.8,77.7
+				S142.5,359.9,125.6,353.9z M425.9,461.5c0,0-6.1,14.5-19.6,15.4c-5.8,0.4-10.3-1.2-10.3-1.2s-0.3-0.1-5.3-2.1l-112.9-55
+				c0,0-10.9-5.7-12.8-15.6c-2.2-8.1,2.7-18.1,2.7-18.1L322,273c0,0,4.8-9.7,12.2-13c0.6-0.3,2.3-1,4.5-1.5c8.1-2.1,18,2.8,18,2.8
+				l110.7,53.7c0,0,12.6,5.7,15.3,16.2c1.9,7.4-0.5,14-1.8,17.2C474.6,363.8,425.9,461.5,425.9,461.5z"/>
+			<path style="fill:#609926" d="M326.8,380.1c-8.2,0.1-15.4,5.8-17.3,13.8c-1.9,8,2,16.3,9.1,20c7.7,4,17.5,1.8,22.7-5.4
+				c5.1-7.1,4.3-16.9-1.8-23.1l24-49.1c1.5,0.1,3.7,0.2,6.2-0.5c4.1-0.9,7.1-3.6,7.1-3.6c4.2,1.8,8.6,3.8,13.2,6.1
+				c4.8,2.4,9.3,4.9,13.4,7.3c0.9,0.5,1.8,1.1,2.8,1.9c1.6,1.3,3.4,3.1,4.7,5.5c1.9,5.5-1.9,14.9-1.9,14.9
+				c-2.3,7.6-18.4,40.6-18.4,40.6c-8.1-0.2-15.3,5-17.7,12.5c-2.6,8.1,1.1,17.3,8.9,21.3c7.8,4,17.4,1.7,22.5-5.3
+				c5-6.8,4.6-16.3-1.1-22.6c1.9-3.7,3.7-7.4,5.6-11.3c5-10.4,13.5-30.4,13.5-30.4c0.9-1.7,5.7-10.3,2.7-21.3
+				c-2.5-11.4-12.6-16.7-12.6-16.7c-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3c4.7-9.7,9.4-19.3,14.1-29
+				c-4.1-2-8.1-4-12.2-6.1c-4.8,9.8-9.7,19.7-14.5,29.5c-6.7-0.1-12.9,3.5-16.1,9.4c-3.4,6.3-2.7,14.1,1.9,19.8
+				C343.2,346.5,335,363.3,326.8,380.1z"/>
+		</g>
+	</g>
+</g>
+</svg>
diff --git a/neode-ui/src/views/appSession/appSessionConfig.ts b/neode-ui/src/views/appSession/appSessionConfig.ts
index 2d443b2b..43086509 100644
--- a/neode-ui/src/views/appSession/appSessionConfig.ts
+++ b/neode-ui/src/views/appSession/appSessionConfig.ts
@@ -43,6 +43,7 @@ export const APP_PORTS: Record<string, number> = {
   'routstr':       8200,
   'indeedhub':     7778,
   'botfights':     9100,
+  'gitea':         3000,
   'dwn':           3100,
   'endurain':      8080,
 }
@@ -88,6 +89,7 @@ export const HTTPS_PROXY_PATHS: Record<string, string> = {
   'grafana': '/app/grafana/',
   'indeedhub': '/app/indeedhub/',
   'botfights': '/app/botfights/',
+  'gitea': '/app/gitea/',
   'routstr': '/app/routstr/',
   'nostr-vpn': '/app/nostr-vpn/',
   'fips': '/app/fips/',
@@ -106,7 +108,7 @@ export const EXTERNAL_URLS: Record<string, string> = {
 
 export const APP_TITLES: Record<string, string> = {
   'bitcoin-knots': 'Bitcoin', 'btcpay-server': 'BTCPay Server', 'indeedhub': 'Indeehub',
-  'botfights': 'BotFights', '484-kitchen': '484 Kitchen', 'arch-presentation': 'Presentation',
+  'botfights': 'BotFights', 'gitea': 'Gitea', '484-kitchen': '484 Kitchen', 'arch-presentation': 'Presentation',
   'nostr-vpn': 'Nostr VPN', 'fips': 'FIPS', 'routstr': 'Routstr',
   'homeassistant': 'Home Assistant', 'uptime-kuma': 'Uptime Kuma',
   'nginx-proxy-manager': 'Nginx Proxy Manager', 'nostr-rs-relay': 'Nostr Relay',
diff --git a/neode-ui/src/views/marketplace/marketplaceData.ts b/neode-ui/src/views/marketplace/marketplaceData.ts
index d85c6acd..186dafe8 100644
--- a/neode-ui/src/views/marketplace/marketplaceData.ts
+++ b/neode-ui/src/views/marketplace/marketplaceData.ts
@@ -478,6 +478,18 @@ export function getCuratedAppList(): MarketplaceApp[] {
       manifestUrl: undefined,
       repoUrl: 'https://botfights.net',
     },
+    {
+      id: 'gitea',
+      title: 'Gitea',
+      version: '1.23',
+      category: 'data',
+      description: 'Self-hosted Git service with built-in container registry, CI/CD, issue tracking, and package hosting. Lightweight alternative to GitHub/GitLab.',
+      icon: '/assets/img/app-icons/gitea.svg',
+      author: 'Gitea',
+      dockerImage: 'docker.io/gitea/gitea:1.23',
+      manifestUrl: undefined,
+      repoUrl: 'https://gitea.com',
+    },
     {
       id: 'nwnn',
       title: 'Next Web News Network',
diff --git a/scripts/image-versions.sh b/scripts/image-versions.sh
index 2ff6096d..e4748c7f 100644
--- a/scripts/image-versions.sh
+++ b/scripts/image-versions.sh
@@ -82,6 +82,9 @@ MINIO_IMAGE="$ARCHY_REGISTRY/minio:RELEASE.2024-11-07T00-52-20Z"
 INDEEDHUB_POSTGRES_IMAGE="$ARCHY_REGISTRY/postgres:16.13-alpine"
 INDEEDHUB_REDIS_IMAGE="$ARCHY_REGISTRY/redis:7.4.8-alpine"
 
+# Gitea (Git + Container Registry)
+GITEA_IMAGE="docker.io/gitea/gitea:1.23"
+
 # DWN (Decentralized Web Node)
 DWN_SERVER_IMAGE="$ARCHY_REGISTRY/dwn-server:main"