From 916cbaa6123a93b7074cbe9c326221ae8119eef4 Mon Sep 17 00:00:00 2001
From: Bryce <bryce@brycecovertoperations.com>
Date: Tue, 7 Apr 2026 17:46:39 -0700
Subject: [PATCH] Initial commit

---
 .gitignore               |  2 ++
 Dockerfile               | 11 +++++++++
 README.md                |  0
 docker-compose.gitea.yml | 46 +++++++++++++++++++++++++++++++++++
 entrypoint.sh            | 18 ++++++++++++++
 gitea-backup.sh          | 19 +++++++++++++++
 gitea-setup.sh           | 52 ++++++++++++++++++++++++++++++++++++++++
 nginx.conf               | 49 +++++++++++++++++++++++++++++++++++++
 8 files changed, 197 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 Dockerfile
 create mode 100644 README.md
 create mode 100644 docker-compose.gitea.yml
 create mode 100644 entrypoint.sh
 create mode 100755 gitea-backup.sh
 create mode 100755 gitea-setup.sh
 create mode 100644 nginx.conf

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 00000000..de269cf4
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+state/**
+tailscale-nginx/**
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..ab96f091
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,11 @@
+FROM gitea/gitea:latest
+
+# Add Tailscale Alpine repository
+RUN echo 'https://pkgs.tailscale.com/stable/alpine/v3.19/main' >> /etc/apk/repositories \
+    && apk add --no-cache tailscale
+
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+CMD ["gitea"]
diff --git a/README.md b/README.md
new file mode 100644
index 00000000..e69de29b
diff --git a/docker-compose.gitea.yml b/docker-compose.gitea.yml
new file mode 100644
index 00000000..5238e543
--- /dev/null
+++ b/docker-compose.gitea.yml
@@ -0,0 +1,46 @@
+version: "3.8"
+
+services:
+  tailscale:
+    image: tailscale/tailscale:latest
+    hostname: tailscale-gitea
+    environment:
+      - TS_AUTHKEY=tskey-auth-kNm64Dbcts11CNTRL-4eLQjm2pQYCLdy285gNaYCFDF1KTjP71
+        # - TS_EXTRA_ARGS=--advertise-tags=tag:container
+      - TS_STATE_DIR=/var/lib/tailscale
+      - TS_USERSPACE=false
+    volumes:
+      - ./tailscale-nginx/state:/var/lib/tailscale
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - net_admin
+      - net_raw
+    restart: unless-stopped
+  gitea:
+    image: gitea/gitea:latest
+    depends_on:
+    - tailscale
+    network_mode: service:tailscale
+    container_name: gitea
+    restart: unless-stopped
+    volumes:
+      - gitea-data:/data
+      - tailscale-state:/var/lib/tailscale
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__server__ROOT_URL=http://gitea/
+      - GITEA__server__HTTP_PORT=3000
+      - GITEA__server__DOMAIN=gitea
+      - GITEA__server__SSH_DOMAIN=gitea
+      - TAILSCALE_AUTHKEY=
+      - TAILSCALE_HOSTNAME=gitea
+
+volumes:
+  gitea-data:
+    driver: local
+  tailscale-state:
+    driver: local
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 00000000..d2ff0384
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+set -e
+
+# Start tailscaled in background
+tailscaled &
+
+# Wait for tailscaled to be ready
+until tailscale status >/dev/null 2>&1; do
+    sleep 0.5
+done
+
+# Authenticate with Tailscale
+tailscale up --authkey="${TAILSCALE_AUTHKEY}" --hostname="${TAILSCALE_HOSTNAME:-gitea}"
+
+echo "Tailscale connected: $(tailscale status --json | grep -o '"Hostname":"[^"]*"' | head -1 | cut -d'"' -f4)"
+
+# Run Gitea
+exec docker/entrypoint.sh "$@"
diff --git a/gitea-backup.sh b/gitea-backup.sh
new file mode 100755
index 00000000..d880af53
--- /dev/null
+++ b/gitea-backup.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# Gitea Backup Script
+
+BACKUP_DIR="./gitea-backups"
+DATE=$(date +%Y%m%d_%H%M%S)
+
+mkdir -p "$BACKUP_DIR"
+
+echo "Backing up Gitea data to $BACKUP_DIR/gitea-backup-$DATE.tar.gz..."
+
+docker run --rm \
+  -v ai-game-2_gitea-data:/data \
+  -v "$(pwd)/$BACKUP_DIR":/backup \
+  alpine \
+  tar czf "/backup/gitea-backup-$DATE.tar.gz" -C /data .
+
+echo "Backup complete!"
+echo "Latest backup: $BACKUP_DIR/gitea-backup-$DATE.tar.gz"
+ls -lh "$BACKUP_DIR"
diff --git a/gitea-setup.sh b/gitea-setup.sh
new file mode 100755
index 00000000..92cb7f6c
--- /dev/null
+++ b/gitea-setup.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+# Gitea + Tailscale Docker Setup Script
+# Access at http://gitea/ on your Tailscale network
+
+set -e
+
+echo "=== Gitea Docker Setup (Tailscale) ==="
+echo ""
+
+# Check for auth key
+if ! grep -q "your-auth-key-here" docker-compose.gitea.yml 2>/dev/null; then
+    echo "✓ Auth key already configured"
+else
+    echo "⚠️  WARNING: You need to set your Tailscale auth key in docker-compose.gitea.yml"
+    echo ""
+    echo "To get an auth key:"
+    echo "  1. Go to https://login.tailscale.com/admin/settings/keys"
+    echo "  2. Click 'Generate auth key'"
+    echo "  3. Set TAILSCALE_AUTHKEY in docker-compose.gitea.yml"
+    echo ""
+    read -p "Continue anyway? (y/N) " -n 1 -r
+    echo
+    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+        exit 1
+    fi
+fi
+
+# Build and start
+echo "[1/2] Building Docker image..."
+docker compose -f docker-compose.gitea.yml build
+
+echo "[2/2] Starting Gitea..."
+docker compose -f docker-compose.gitea.yml up -d
+
+echo ""
+echo "=== Setup Complete! ==="
+echo ""
+echo "Access Gitea at: http://gitea/"
+echo ""
+echo "IMPORTANT: On first setup (web UI), configure Gitea with:"
+echo "  - Domain: gitea"
+echo "  - Base URL: http://gitea/"
+echo "  - SSH Domain: gitea"
+echo ""
+echo "Useful commands:"
+echo "  docker compose -f docker-compose.gitea.yml logs -f    # View logs"
+echo "  docker compose -f docker-compose.gitea.yml restart   # Restart"
+echo "  docker compose -f docker-compose.gitea.yml down       # Stop"
+echo ""
+echo "To update your local repo:"
+echo "  git remote set-url origin http://gitea/youruser/ai-game-2.git"
+echo "  git push -u origin master"
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 00000000..802b0271
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,49 @@
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # Gitea subfolder - completely transparent to Gitea
+    server {
+        listen 80;
+        server_name localhost;
+
+        client_max_body_size 20M;
+
+        location /gitea/ {
+            # Strip /gitea prefix when forwarding to Gitea
+            rewrite ^/gitea/(.*) /$1 break;
+            proxy_pass http://gitea:3000/;
+
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-Prefix /gitea;
+
+            # Rewrite Location headers (redirects)
+            proxy_redirect ~^(http|https)://([^/]+):3000(/.*)$ $1://$host/gitea$3;
+
+            # Rewrite URLs in response body (HTML, JSON, etc.)
+            sub_filter_once off;
+            sub_filter_types text/html application/json;
+            sub_filter 'http://gitea:3000' 'http://$host/gitea';
+            sub_filter 'http://raspberrypi:3000' 'http://$host/gitea';
+            sub_filter 'https://gitea:3000' 'http://$host/gitea';
+            sub_filter 'https://raspberrypi:3000' 'http://$host/gitea';
+
+            # WebSocket support
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+
+            # Timeouts
+            proxy_connect_timeout 60s;
+            proxy_send_timeout 60s;
+            proxy_read_timeout 60s;
+        }
+    }
+}