privacy-in-design/gitea-migration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df297334ff67be3ecbffd1a769d08bdda8e5c57e
gitea-migration/.env.example
S 927ba37661 feat: add macvlan networking vars, remove host port mapping from .env.example 
Remove UNRAID_GITEA_PORT, UNRAID_GITEA_SSH_PORT, FEDORA_GITEA_PORT,
FEDORA_GITEA_SSH_PORT — containers now use their own LAN IPs on
standard ports. Add DOCKER NETWORKING section with macvlan config
(parent interface, subnet, gateway, IP range) and per-container
static IPs (gitea, db, caddy) for both hosts. Update internal URL
comments to reference container IPs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-01 10:21:06 -05:00

147 lines
9.0 KiB
Plaintext
Raw Blame History

# =============================================================================
# .env.example — Gitea Migration Configuration
# Copy to .env and populate all PRE-POPULATED values before running preflight
# AUTO-POPULATED values will be filled in by scripts during execution
# =============================================================================
# -----------------------------------------------------------------------------
# UNRAID SERVER
# -----------------------------------------------------------------------------
UNRAID_IP= # Static IP of Unraid server
UNRAID_SSH_USER= # SSH username for Unraid
UNRAID_SSH_PORT=22 # SSH port (default 22)
UNRAID_GITEA_DATA_PATH= # Absolute path on NVMe for Gitea data (e.g. /mnt/nvme/gitea)
UNRAID_SSH_KEY= # Absolute path to SSH private key, e.g. /Users/you/.ssh/id_ed25519 (optional, uses ssh-agent if empty)
# -----------------------------------------------------------------------------
# FEDORA SERVER
# -----------------------------------------------------------------------------
FEDORA_IP= # Static IP of Fedora server
FEDORA_SSH_USER= # SSH username for Fedora
FEDORA_SSH_PORT=22 # SSH port (default 22)
FEDORA_GITEA_DATA_PATH= # Absolute path on NVMe for Gitea data (e.g. /mnt/nvme/gitea)
FEDORA_SSH_KEY= # Absolute path to SSH private key, e.g. /Users/you/.ssh/id_ed25519 (optional, uses ssh-agent if empty)
# -----------------------------------------------------------------------------
# DOCKER NETWORKING (macvlan — each container gets its own LAN IP)
# -----------------------------------------------------------------------------
UNRAID_MACVLAN_PARENT= # Host network interface (e.g. br0, eth0)
UNRAID_MACVLAN_SUBNET= # LAN subnet in CIDR (e.g. 192.168.1.0/24)
UNRAID_MACVLAN_GATEWAY= # LAN gateway (e.g. 192.168.1.1)
UNRAID_MACVLAN_IP_RANGE= # IP range for containers (e.g. 192.168.1.192/28 — 16 IPs)
UNRAID_GITEA_IP= # Static LAN IP for Gitea container
UNRAID_DB_IP= # Static LAN IP for DB container (leave empty if sqlite3)
UNRAID_CADDY_IP= # Static LAN IP for Caddy container
FEDORA_MACVLAN_PARENT= # Host network interface (e.g. eth0)
FEDORA_MACVLAN_SUBNET= # LAN subnet in CIDR (e.g. 192.168.1.0/24)
FEDORA_MACVLAN_GATEWAY= # LAN gateway (e.g. 192.168.1.1)
FEDORA_MACVLAN_IP_RANGE= # IP range for containers (e.g. 192.168.1.208/28 — 16 IPs)
FEDORA_GITEA_IP= # Static LAN IP for Gitea container
FEDORA_DB_IP= # Static LAN IP for DB container (leave empty if sqlite3)
FEDORA_CADDY_IP= # Static LAN IP for Caddy container
# -----------------------------------------------------------------------------
# GITEA — SHARED CREDENTIALS (used on both Unraid + Fedora instances)
# -----------------------------------------------------------------------------
GITEA_ADMIN_USER= # Admin username (same on both instances)
GITEA_ADMIN_PASSWORD= # Admin password (min 8 chars, same on both instances)
GITEA_ADMIN_EMAIL= # Admin email (same on both instances)
GITEA_ORG_NAME= # Organization name to create (e.g. mifi-llc)
GITEA_INSTANCE_NAME= # Display name for the Gitea instance (e.g. MIFI Git)
GITEA_DB_TYPE=sqlite3 # Database type: sqlite3, mysql, postgres, or mssql
GITEA_VERSION=1.25 # Gitea Docker image tag (e.g. 1.25, 1.25.4, latest)
# Database connection (ignored for sqlite3 — only required for mysql/postgres/mssql)
GITEA_DB_HOST= # Database host (container IP or hostname)
GITEA_DB_PORT= # Database port (mysql=3306, postgres=5432, mssql=1433)
GITEA_DB_NAME=gitea # Database name
GITEA_DB_USER=gitea # Database user
GITEA_DB_PASSWD= # Database password (min 8 chars)
ACT_RUNNER_VERSION=0.3.0 # act_runner version for all runners (e.g. 0.3.0, latest)
# -----------------------------------------------------------------------------
# GITEA — PRIMARY INSTANCE (Unraid)
# -----------------------------------------------------------------------------
GITEA_DOMAIN= # Public domain/subdomain pointing to Unraid (e.g. git.yourdomain.com)
GITEA_INTERNAL_URL= # Internal URL (e.g. http://UNRAID_GITEA_IP:3000) used by scripts
# AUTO-POPULATED by phase1 scripts:
GITEA_ADMIN_TOKEN= # API token for primary instance — do not fill manually
# -----------------------------------------------------------------------------
# GITEA — BACKUP INSTANCE (Fedora)
# -----------------------------------------------------------------------------
GITEA_BACKUP_INTERNAL_URL= # Internal URL of Fedora Gitea (e.g. http://FEDORA_GITEA_IP:3000)
GITEA_BACKUP_MIRROR_INTERVAL=8h # How often Fedora pulls from Unraid (e.g. 8h, 24h)
BACKUP_STORAGE_PATH= # Absolute path on Fedora for backup archives (e.g. /mnt/nvme/gitea-backups)
BACKUP_RETENTION_COUNT=5 # Number of backup archives to keep (older ones are pruned)
# AUTO-POPULATED by phase2 scripts:
GITEA_BACKUP_ADMIN_TOKEN= # API token for backup instance — do not fill manually
# -----------------------------------------------------------------------------
# RUNNERS
# Runner definitions live in runners.conf (INI format, see runners.conf.example)
# Use manage_runner.sh to add/remove runners at any time
# -----------------------------------------------------------------------------
RUNNER_DEFAULT_IMAGE=catthehacker/ubuntu:act-latest # Default container image for docker runners
RUNNER_DATA_BASE_PATH=/mnt/nvme/gitea-runner # Base directory on remote hosts for runner data (host path, not container path)
LOCAL_RUNNER_DATA_BASE_PATH=~/gitea-runner # Base directory on macOS for native runner data
LOCAL_REGISTRY= # Local registry prefix (e.g. registry.local:5000), empty = Docker Hub
# AUTO-POPULATED by phase1 scripts — do not fill manually:
GITEA_RUNNER_REGISTRATION_TOKEN= # Retrieved from Gitea admin panel via API
# -----------------------------------------------------------------------------
# REPOSITORIES
# -----------------------------------------------------------------------------
# GitHub source repos (for migration import)
GITHUB_USERNAME= # GitHub username or org name
GITHUB_TOKEN= # GitHub PAT with repo scope (read+write, used for migration + push mirrors)
# Repo names — must match exactly as they appear on GitHub
REPO_NAMES= # Space-separated list of repo names to migrate (e.g. "myapp backend infra")
# Migration options (true/false)
MIGRATE_ISSUES=false # Migrate GitHub issues to Gitea
MIGRATE_LABELS=true # Migrate GitHub labels
MIGRATE_MILESTONES=false # Migrate GitHub milestones
MIGRATE_WIKI=false # Migrate GitHub wiki
MIGRATION_POLL_INTERVAL_SEC=3 # Poll interval while waiting for async migration completion
MIGRATION_POLL_TIMEOUT_SEC=600 # Max wait per repo migration before timeout (increase for large repos)
GITHUB_MIRROR_INTERVAL=8h # How often Gitea pushes to GitHub (offsite backup)
# -----------------------------------------------------------------------------
# NGINX REVERSE PROXY (existing Docker container on Unraid)
# -----------------------------------------------------------------------------
NGINX_CONTAINER_NAME= # Name of existing Nginx Docker container (e.g. nginx, swag)
NGINX_CONF_PATH= # Host path to Nginx conf.d directory (e.g. /mnt/user/appdata/nginx/conf.d)
SSL_MODE=letsencrypt # SSL mode: "letsencrypt" (auto-provision via Certbot) or "existing" (provide cert paths)
SSL_EMAIL= # Email for Let's Encrypt (only if SSL_MODE=letsencrypt)
SSL_CERT_PATH= # Absolute path to SSL cert on Unraid (only if SSL_MODE=existing)
SSL_KEY_PATH= # Absolute path to SSL key on Unraid (only if SSL_MODE=existing)
# -----------------------------------------------------------------------------
# BRANCH PROTECTION
# -----------------------------------------------------------------------------
PROTECTED_BRANCH=main # Branch to protect across all repos
REQUIRE_PR_REVIEW=false # Require PR review before merge (true/false)
REQUIRED_APPROVALS=1 # Number of approvals required if above is true
# -----------------------------------------------------------------------------
# SECURITY (Phase 9 — post-migration)
# -----------------------------------------------------------------------------
SEMGREP_VERSION=latest # Semgrep OSS version to pin
TRIVY_VERSION=latest # Trivy version to pin
GITLEAKS_VERSION=latest # Gitleaks version to pin
SECURITY_FAIL_ON_ERROR=true # Block PR merge if security scan fails (true/false)
Reference in New Issue View Git Blame Copy Permalink