feat: switch phase1 to macvlan networking

Replace host port vars with macvlan vars in require_vars. Add Step 2 to create the macvlan gitea_net network on Unraid. Update docker-compose rendering to use GITEA_CONTAINER_IP and DB_CONTAINER_IP instead of port mapping. Renumber steps accordingly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-01 10:23:17 -05:00
parent 54eab1bf89
commit 64e7fd1bff
1 changed files with 42 additions and 19 deletions
--- a/phase1_gitea_unraid.sh
+++ b/phase1_gitea_unraid.sh
@@ -10,8 +10,9 @@ SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 source "${SCRIPT_DIR}/lib/common.sh"

 load_env
-require_vars UNRAID_IP UNRAID_SSH_USER UNRAID_SSH_PORT \
-             UNRAID_GITEA_PORT UNRAID_GITEA_SSH_PORT UNRAID_GITEA_DATA_PATH \
+require_vars UNRAID_IP UNRAID_SSH_USER UNRAID_SSH_PORT UNRAID_GITEA_DATA_PATH \
+             UNRAID_MACVLAN_PARENT UNRAID_MACVLAN_SUBNET UNRAID_MACVLAN_GATEWAY \
+             UNRAID_MACVLAN_IP_RANGE UNRAID_GITEA_IP \
             GITEA_ADMIN_USER GITEA_ADMIN_PASSWORD GITEA_ADMIN_EMAIL \
             GITEA_ORG_NAME GITEA_INSTANCE_NAME \
             GITEA_DB_TYPE GITEA_VERSION \
@@ -87,27 +88,48 @@ else
 fi

 # ---------------------------------------------------------------------------
-# Step 2: Render + SCP docker-compose file
+# Step 2: Create macvlan Docker network (idempotent)
+# Each container gets its own LAN IP — no host port mapping needed.
 # ---------------------------------------------------------------------------
-log_step 2 "Deploying docker-compose.yml..."
+log_step 2 "Creating macvlan Docker network on Unraid..."
+if ssh_exec UNRAID "docker network inspect gitea_net" &>/dev/null; then
+  log_info "gitea_net network already exists — skipping"
+else
+  ssh_exec UNRAID "docker network create \
+    --driver macvlan \
+    --subnet='${UNRAID_MACVLAN_SUBNET}' \
+    --gateway='${UNRAID_MACVLAN_GATEWAY}' \
+    --ip-range='${UNRAID_MACVLAN_IP_RANGE}' \
+    -o parent='${UNRAID_MACVLAN_PARENT}' \
+    gitea_net"
+  log_success "macvlan network gitea_net created"
+fi
+
+# ---------------------------------------------------------------------------
+# Step 3: Render + SCP docker-compose file
+# ---------------------------------------------------------------------------
+log_step 3 "Deploying docker-compose.yml..."
 if ssh_exec UNRAID "test -f '${DATA_PATH}/docker-compose.yml'"; then
  log_info "docker-compose.yml already exists — skipping"
 else
  TMPFILE=$(mktemp)
-  # Set variables for template
-  export DATA_PATH GITEA_PORT="${UNRAID_GITEA_PORT}" GITEA_SSH_PORT="${UNRAID_GITEA_SSH_PORT}"
+  # Set variables for template — containers get dedicated LAN IPs via macvlan
+  GITEA_CONTAINER_IP="${UNRAID_GITEA_IP}"
+  export DATA_PATH GITEA_CONTAINER_IP

  if [[ "$GITEA_DB_TYPE" == "sqlite3" ]]; then
    # No DB service needed — render template then strip DB blocks
    render_template "${SCRIPT_DIR}/templates/docker-compose-gitea.yml.tpl" "$TMPFILE" \
-      "\${GITEA_VERSION} \${DATA_PATH} \${GITEA_PORT} \${GITEA_SSH_PORT}"
+      "\${GITEA_VERSION} \${DATA_PATH} \${GITEA_CONTAINER_IP}"
    _strip_block "$TMPFILE" "DB_SERVICE_START" "DB_SERVICE_END"
    _strip_block "$TMPFILE" "DB_DEPENDS_START" "DB_DEPENDS_END"
  else
-    # External DB — set DB-specific vars then render, strip sqlite markers
+    # External DB — set DB-specific vars then render
    _set_db_vars
+    DB_CONTAINER_IP="${UNRAID_DB_IP}"
+    export DB_CONTAINER_IP
    render_template "${SCRIPT_DIR}/templates/docker-compose-gitea.yml.tpl" "$TMPFILE" \
-      "\${GITEA_VERSION} \${DATA_PATH} \${GITEA_PORT} \${GITEA_SSH_PORT} \${DB_DOCKER_IMAGE} \${DB_ENV_VARS} \${DB_DATA_DIR} \${DB_HEALTHCHECK}"
+      "\${GITEA_VERSION} \${DATA_PATH} \${GITEA_CONTAINER_IP} \${DB_DOCKER_IMAGE} \${DB_ENV_VARS} \${DB_DATA_DIR} \${DB_HEALTHCHECK} \${DB_CONTAINER_IP}"
  fi

  scp_to UNRAID "$TMPFILE" "${DATA_PATH}/docker-compose.yml"
@@ -116,9 +138,9 @@ else
 fi

 # ---------------------------------------------------------------------------
-# Step 3: Render + SCP app.ini
+# Step 4: Render + SCP app.ini
 # ---------------------------------------------------------------------------
-log_step 3 "Deploying app.ini..."
+log_step 4 "Deploying app.ini..."
 if ssh_exec UNRAID "test -f '${DATA_PATH}/config/app.ini'"; then
  log_info "app.ini already exists — skipping"
 else
@@ -143,9 +165,9 @@ else
 fi

 # ---------------------------------------------------------------------------
-# Step 4: Start Gitea container
+# Step 5: Start Gitea container
 # ---------------------------------------------------------------------------
-log_step 4 "Starting Gitea container..."
+log_step 5 "Starting Gitea container..."
 CONTAINER_STATUS=$(ssh_exec UNRAID "docker ps --filter name=gitea --format '{{.Status}}'" 2>/dev/null || true)
 if [[ "$CONTAINER_STATUS" == *"Up"* ]]; then
  log_info "Gitea container already running — skipping"
@@ -156,15 +178,15 @@ else
 fi

 # ---------------------------------------------------------------------------
-# Step 5: Wait for Gitea to be ready
+# Step 6: Wait for Gitea to be ready
 # ---------------------------------------------------------------------------
-log_step 5 "Waiting for Gitea to be ready..."
+log_step 6 "Waiting for Gitea to be ready..."
 wait_for_http "${GITEA_INTERNAL_URL}/api/v1/version" 120

 # ---------------------------------------------------------------------------
-# Step 6: Create admin user
+# Step 7: Create admin user
 # ---------------------------------------------------------------------------
-log_step 6 "Creating admin user..."
+log_step 7 "Creating admin user..."
 if curl -sf -u "${GITEA_ADMIN_USER}:${GITEA_ADMIN_PASSWORD}" "${GITEA_INTERNAL_URL}/api/v1/user" -o /dev/null 2>/dev/null; then
  log_info "Admin user already exists — skipping"
 else
@@ -187,9 +209,9 @@ else
 fi

 # ---------------------------------------------------------------------------
-# Step 7+8: Generate API token and save to .env
+# Step 8: Generate API token and save to .env
 # ---------------------------------------------------------------------------
-log_step 7 "Generating API token..."
+log_step 8 "Generating API token..."
 if [[ -n "${GITEA_ADMIN_TOKEN:-}" ]]; then
  # Verify existing token works
  if curl -sf -H "Authorization: token ${GITEA_ADMIN_TOKEN}" "${GITEA_INTERNAL_URL}/api/v1/user" -o /dev/null 2>/dev/null; then
@@ -232,6 +254,7 @@ fi
 # Step 9: Create organization
 # ---------------------------------------------------------------------------
 log_step 9 "Creating organization '${GITEA_ORG_NAME}'..."
+
 if curl -sf -H "Authorization: token ${GITEA_ADMIN_TOKEN}" "${GITEA_INTERNAL_URL}/api/v1/orgs/${GITEA_ORG_NAME}" -o /dev/null 2>/dev/null; then
  log_info "Organization already exists — skipping"
 else