From d202f75d87cc239d06369d7718a11755ebe695c1 Mon Sep 17 00:00:00 2001 From: S Date: Sun, 1 Mar 2026 10:24:25 -0500 Subject: [PATCH] feat: switch phase2 to macvlan networking Replace host port vars with macvlan vars in require_vars. Add Step 2 to create macvlan gitea_net network on Fedora. Update docker-compose rendering to use GITEA_CONTAINER_IP and DB_CONTAINER_IP. Use FEDORA_GITEA_IP as domain for backup instance app.ini. Renumber steps. Co-Authored-By: Claude Opus 4.6 --- phase2_gitea_fedora.sh | 62 ++++++++++++++++++++++++++++-------------- 1 file changed, 41 insertions(+), 21 deletions(-) diff --git a/phase2_gitea_fedora.sh b/phase2_gitea_fedora.sh index c1c302d..7ddb90f 100755 --- a/phase2_gitea_fedora.sh +++ b/phase2_gitea_fedora.sh @@ -11,8 +11,9 @@ SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" source "${SCRIPT_DIR}/lib/common.sh" load_env -require_vars FEDORA_IP FEDORA_SSH_USER FEDORA_SSH_PORT \ - FEDORA_GITEA_PORT FEDORA_GITEA_SSH_PORT FEDORA_GITEA_DATA_PATH \ +require_vars FEDORA_IP FEDORA_SSH_USER FEDORA_SSH_PORT FEDORA_GITEA_DATA_PATH \ + FEDORA_MACVLAN_PARENT FEDORA_MACVLAN_SUBNET FEDORA_MACVLAN_GATEWAY \ + FEDORA_MACVLAN_IP_RANGE FEDORA_GITEA_IP \ GITEA_ADMIN_USER GITEA_ADMIN_PASSWORD GITEA_ADMIN_EMAIL \ GITEA_DB_TYPE GITEA_VERSION \ GITEA_BACKUP_INTERNAL_URL @@ -80,25 +81,45 @@ else fi # --------------------------------------------------------------------------- -# Step 2: Render + SCP docker-compose file -# Uses the same template as Phase 1 but with Fedora-specific port/path vars. +# Step 2: Create macvlan Docker network (idempotent) # --------------------------------------------------------------------------- -log_step 2 "Deploying docker-compose.yml..." +log_step 2 "Creating macvlan Docker network on Fedora..." +if ssh_exec FEDORA "docker network inspect gitea_net" &>/dev/null; then + log_info "gitea_net network already exists — skipping" +else + ssh_exec FEDORA "docker network create \ + --driver macvlan \ + --subnet='${FEDORA_MACVLAN_SUBNET}' \ + --gateway='${FEDORA_MACVLAN_GATEWAY}' \ + --ip-range='${FEDORA_MACVLAN_IP_RANGE}' \ + -o parent='${FEDORA_MACVLAN_PARENT}' \ + gitea_net" + log_success "macvlan network gitea_net created" +fi + +# --------------------------------------------------------------------------- +# Step 3: Render + SCP docker-compose file +# Uses the same template as Phase 1 but with Fedora-specific values. +# --------------------------------------------------------------------------- +log_step 3 "Deploying docker-compose.yml..." if ssh_exec FEDORA "test -f '${DATA_PATH}/docker-compose.yml'"; then log_info "docker-compose.yml already exists — skipping" else TMPFILE=$(mktemp) - export DATA_PATH GITEA_PORT="${FEDORA_GITEA_PORT}" GITEA_SSH_PORT="${FEDORA_GITEA_SSH_PORT}" + GITEA_CONTAINER_IP="${FEDORA_GITEA_IP}" + export DATA_PATH GITEA_CONTAINER_IP if [[ "$GITEA_DB_TYPE" == "sqlite3" ]]; then render_template "${SCRIPT_DIR}/templates/docker-compose-gitea.yml.tpl" "$TMPFILE" \ - "\${GITEA_VERSION} \${DATA_PATH} \${GITEA_PORT} \${GITEA_SSH_PORT}" + "\${GITEA_VERSION} \${DATA_PATH} \${GITEA_CONTAINER_IP}" _strip_block "$TMPFILE" "DB_SERVICE_START" "DB_SERVICE_END" _strip_block "$TMPFILE" "DB_DEPENDS_START" "DB_DEPENDS_END" else _set_db_vars + DB_CONTAINER_IP="${FEDORA_DB_IP}" + export DB_CONTAINER_IP render_template "${SCRIPT_DIR}/templates/docker-compose-gitea.yml.tpl" "$TMPFILE" \ - "\${GITEA_VERSION} \${DATA_PATH} \${GITEA_PORT} \${GITEA_SSH_PORT} \${DB_DOCKER_IMAGE} \${DB_ENV_VARS} \${DB_DATA_DIR} \${DB_HEALTHCHECK}" + "\${GITEA_VERSION} \${DATA_PATH} \${GITEA_CONTAINER_IP} \${DB_DOCKER_IMAGE} \${DB_ENV_VARS} \${DB_DATA_DIR} \${DB_HEALTHCHECK} \${DB_CONTAINER_IP}" fi scp_to FEDORA "$TMPFILE" "${DATA_PATH}/docker-compose.yml" @@ -107,22 +128,21 @@ else fi # --------------------------------------------------------------------------- -# Step 3: Render + SCP app.ini +# Step 4: Render + SCP app.ini # Uses GITEA_BACKUP_INTERNAL_URL as the ROOT_URL for the Fedora instance. # The domain is derived from the backup URL since Fedora doesn't need a # public-facing domain — it's accessed internally for mirrors. # --------------------------------------------------------------------------- -log_step 3 "Deploying app.ini..." +log_step 4 "Deploying app.ini..." if ssh_exec FEDORA "test -f '${DATA_PATH}/config/app.ini'"; then log_info "app.ini already exists — skipping" else TMPFILE=$(mktemp) - # Generate a unique secret key for the Fedora instance (different from Unraid) GITEA_SECRET_KEY=$(openssl rand -hex 32) export GITEA_SECRET_KEY - # Override GITEA_DOMAIN for the backup instance — use the IP:port since + # Override GITEA_DOMAIN for the backup instance — use the container IP since # the Fedora instance doesn't have a public domain - GITEA_DOMAIN="${FEDORA_IP}:${FEDORA_GITEA_PORT}" + GITEA_DOMAIN="${FEDORA_GITEA_IP}" export GITEA_DOMAIN if [[ "$GITEA_DB_TYPE" == "sqlite3" ]]; then @@ -141,9 +161,9 @@ else fi # --------------------------------------------------------------------------- -# Step 4: Start Gitea container +# Step 5: Start Gitea container # --------------------------------------------------------------------------- -log_step 4 "Starting Gitea container..." +log_step 5 "Starting Gitea container..." CONTAINER_STATUS=$(ssh_exec FEDORA "docker ps --filter name=gitea --format '{{.Status}}'" 2>/dev/null || true) if [[ "$CONTAINER_STATUS" == *"Up"* ]]; then log_info "Gitea container already running — skipping" @@ -154,15 +174,15 @@ else fi # --------------------------------------------------------------------------- -# Step 5: Wait for Gitea to be ready +# Step 6: Wait for Gitea to be ready # --------------------------------------------------------------------------- -log_step 5 "Waiting for Gitea to be ready..." +log_step 6 "Waiting for Gitea to be ready..." wait_for_http "${GITEA_BACKUP_INTERNAL_URL}/api/v1/version" 120 # --------------------------------------------------------------------------- -# Step 6: Create admin user (same creds as primary — shared credentials) +# Step 7: Create admin user (same creds as primary — shared credentials) # --------------------------------------------------------------------------- -log_step 6 "Creating admin user..." +log_step 7 "Creating admin user..." if curl -sf -u "${GITEA_ADMIN_USER}:${GITEA_ADMIN_PASSWORD}" "${GITEA_BACKUP_INTERNAL_URL}/api/v1/user" -o /dev/null 2>/dev/null; then log_info "Admin user already exists — skipping" else @@ -183,9 +203,9 @@ else fi # --------------------------------------------------------------------------- -# Step 7: Generate API token and save to .env as GITEA_BACKUP_ADMIN_TOKEN +# Step 8: Generate API token and save to .env as GITEA_BACKUP_ADMIN_TOKEN # --------------------------------------------------------------------------- -log_step 7 "Generating backup API token..." +log_step 8 "Generating backup API token..." if [[ -n "${GITEA_BACKUP_ADMIN_TOKEN:-}" ]]; then # Verify existing token works if curl -sf -H "Authorization: token ${GITEA_BACKUP_ADMIN_TOKEN}" "${GITEA_BACKUP_INTERNAL_URL}/api/v1/user" -o /dev/null 2>/dev/null; then