feat: add Gitea as Archipelago app with container registry

Gitea app manifest, marketplace entry, nginx proxy, app session config,
image version, package install config. Container registry enabled on
Gitea for fallback image hosting. Trusted registries updated.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-04-12 06:10:56 -04:00
parent 8d8130109d
commit 6cd67df575
7 changed files with 122 additions and 3 deletions

View File

@@ -4,7 +4,7 @@ use anyhow::{Context, Result};
/// Trusted Docker registries. Only images from these sources are allowed.
#[allow(dead_code)]
pub(super) const TRUSTED_REGISTRIES: &[&str] = &["docker.io/", "ghcr.io/", "localhost/", "git.tx1138.com/"];
pub(super) const TRUSTED_REGISTRIES: &[&str] = &["docker.io/", "ghcr.io/", "localhost/", "git.tx1138.com/", "23.182.128.160:3000/"];
/// Validate Docker image against trusted registry allowlist.
pub(super) fn is_valid_docker_image(image: &str) -> bool {
@@ -21,7 +21,7 @@ pub(super) fn is_valid_docker_image(image: &str) -> bool {
Some(r) => r,
None => return false,
};
matches!(registry, "docker.io" | "ghcr.io" | "localhost" | "git.tx1138.com")
matches!(registry, "docker.io" | "ghcr.io" | "localhost" | "git.tx1138.com" | "23.182.128.160:3000")
}
/// Per-app Linux capabilities needed beyond the default cap-drop=ALL.
@@ -894,6 +894,24 @@ pub(super) async fn get_app_config(
None,
)
}
"gitea" => (
vec!["3000:3000".to_string(), "2222:22".to_string()],
vec![
"/var/lib/archipelago/gitea/data:/data".to_string(),
"/var/lib/archipelago/gitea/config:/etc/gitea".to_string(),
],
vec![
"GITEA__database__DB_TYPE=sqlite3".to_string(),
"GITEA__server__SSH_PORT=2222".to_string(),
"GITEA__server__SSH_LISTEN_PORT=22".to_string(),
"GITEA__server__LFS_START_SERVER=true".to_string(),
"GITEA__packages__ENABLED=true".to_string(),
"GITEA__repository__ENABLE_PUSH_CREATE_USER=true".to_string(),
"GITEA__repository__ENABLE_PUSH_CREATE_ORG=true".to_string(),
],
None,
None,
),
_ => (vec![], vec![], vec![], None, None),
}
}