Update to 1.25.0

example/gitea.nomad.hcl

@@ -218,7 +218,7 @@ _EOT
       leader = true
 
       config {
-        image = "danielberteaud/gitea:1.24.7-1"
+        image = "danielberteaud/gitea:1.25.0-1"
         cap_drop = [
           "all",
         ]

example/images/gitea/Dockerfile

@@ -1,6 +1,6 @@
 FROM golang:alpine AS builder
 
-ARG GITEA_VERSION=1.24.7
+ARG GITEA_VERSION=1.25.0
 
 RUN set -euxo pipefail &&\
     apk add --no-cache \
@@ -11,6 +11,7 @@ RUN set -euxo pipefail &&\
       build-base \
       upx \
     &&\
+    npm install -g pnpm &&\
     addgroup --gid 3890 gitea &&\
     adduser --system --ingroup gitea --disabled-password --uid 3890 --home /tmp --shell /sbin/nologin gitea
 

example_complete.yml

@@ -8,5 +8,8 @@ gitea:
         src-ip: ip-trusted@file
   metrics:
     enabled: true
+  postgres:
+    pooler:
+      engine: pgbouncer
   proxmox_backup:
     enabled: true

example_complete/gitea.nomad.hcl

@@ -41,6 +41,9 @@ job "gitea" {
         metrics-0-name = "envoy"
         metrics-0-job  = "envoy"
         metrics-1-path = "/metrics"
+        metrics-2-path = "/pgbouncer"
+        metrics-2-name = "pgbouncer"
+        metrics-2-job  = "pgbouncer"
         alloc          = "${NOMAD_ALLOC_INDEX}"
         datacenter     = "${NOMAD_DC}"
         group          = "${NOMAD_GROUP_NAME}"
@@ -264,6 +267,185 @@ _EOT
 
 
 
+    # pgbouncer sidecar
+    # use as a pooler for postgres connections
+    task "pgbouncer" {
+      driver = "docker"
+
+      lifecycle {
+        hook    = "prestart"
+        sidecar = true
+      }
+
+      config {
+        image = "danielberteaud/pgbouncer:25.10-2"
+        cap_drop = [
+          "all",
+        ]
+        readonly_rootfs = true
+
+        pids_limit = 500
+        command    = "pgbouncer"
+        args       = ["/secrets/pgbouncer.ini"]
+
+
+      }
+
+
+      vault {
+        role         = "gitea"
+        env          = false
+        disable_file = true
+        change_mode  = "noop"
+      }
+
+
+      env {
+        HOME   = "/local"
+        TMPDIR = "/local/tmp"
+        PGHOST = "/alloc/tmp"
+        PGPORT = "6432"
+      }
+
+      # Main pgbouncer configuration file
+      template {
+        data          = <<_EOT
+[pgbouncer]
+listen_addr = 127.0.0.1
+listen_port = 6432
+unix_socket_dir = /alloc/tmp
+pool_mode = session
+auth_type = scram-sha-256
+auth_file = /secrets/pgbouncer.users
+ignore_startup_parameters = extra_float_digits
+client_tls_sslmode = disable
+server_tls_sslmode = disable
+server_login_retry = 1
+default_pool_size = 20
+min_pool_size = 1
+max_client_conn = 100
+stats_users = exporter
+stats_period = 30
+log_stats = 0
+
+[databases]
+
+gitea = host=127.0.0.1 port=5432 user={{ with secret "database/creds/postgres-gitea" }}{{ .Data.username }}{{ end }} password={{ with secret "database/creds/postgres-gitea" }}{{ .Data.password }}{{ end }}
+_EOT
+        destination   = "secrets/pgbouncer.ini"
+        uid           = 6432
+        gid           = 0
+        perms         = 400
+        change_mode   = "signal"
+        change_signal = "SIGHUP"
+      }
+
+      # auth_file
+      template {
+        data          = <<_EOT
+"gitea" "{{ env "NOMAD_ALLOC_ID" }}"
+"exporter" "{{ env "NOMAD_ALLOC_ID" }}"
+_EOT
+        destination   = "secrets/pgbouncer.users"
+        uid           = 6432
+        gid           = 0
+        perms         = 400
+        change_mode   = "signal"
+        change_signal = "SIGHUP"
+      }
+
+
+      # This script will automatically pause pgbouncer when no
+      # healthy instance of the postgres service has the primary tag
+      # It'll also automatically resume it as soon as there's one
+      template {
+        data        = <<_EOT
+#!/bin/sh
+
+set -euo pipefail
+PAUSE=yes
+
+{{- range $index, $instance := service "postgres|passing,warning" }}
+# Instance {{ $index }}: {{ $instance.Address }}:{{ $instance.Port }} has tags {{ $instance.Tags | join "," }}
+  {{- if $instance.Tags | contains "primary" }}
+# Disable pause mode as instance {{ $instance.Address }} is primary
+PAUSE=no
+  {{- end }}
+{{- end }}
+
+CURRENT_PAUSE=$(psql -qtc "show state" | grep ' paused' | sed -E 's/.+\|\s*(\w+)/\1/')
+
+if [ "$${PAUSE}" != "$${CURRENT_PAUSE}" ]; then
+  if [ "${PAUSE}" = "yes" ]; then
+    timeout 8 psql -qtc "pause"
+  elif [ "${PAUSE}" = "no" ]; then
+    timeout 8 psql -qtc "resume"
+  fi
+fi
+
+_EOT
+        destination = "local/pause.sh"
+        uid         = 0
+        gid         = 0
+        perms       = 755
+        splay       = "0s"
+        change_mode = "script"
+        change_script {
+          command = "/local/pause.sh"
+        }
+      }
+
+
+      resources {
+        cpu        = 20
+        memory     = 12
+        memory_max = 64
+      }
+
+    }
+    # Prometheus exporter for pgbouncer
+    task "pgbouncer-exporter" {
+      driver = "docker"
+
+      lifecycle {
+        hook    = "poststart"
+        sidecar = true
+      }
+
+      config {
+        image = "danielberteaud/pgbouncer-exporter:25.10-1"
+        cap_drop = [
+          "all",
+        ]
+        readonly_rootfs = true
+
+        pids_limit = 100
+        command    = "pgbouncer_exporter"
+        args = [
+          "--web.listen-address=127.0.0.1:9127"
+        ]
+
+
+      }
+
+      template {
+        data        = <<_EOT
+PGBOUNCER_EXPORTER_CONNECTION_STRING=postgres://exporter:{{ env "NOMAD_ALLOC_ID" }}@127.0.0.1:6432/pgbouncer?sslmode=disable
+_EOT
+        destination = "secrets/.exporter.env"
+        uid         = 0
+        gid         = 0
+        perms       = 400
+        env         = true
+      }
+
+      resources {
+        cpu        = 10
+        memory     = 10
+        memory_max = 32
+      }
+    }
+
 
 
 
@@ -355,6 +537,9 @@ _EOT
    location /metrics {
      proxy_pass http://127.0.0.1:3890/metrics;
    }
+   location /pgbouncer {
+     proxy_pass http://127.0.0.1:9127/metrics;
+   }
  }
 _EOT
         destination = "local/nginx.conf"
@@ -514,7 +699,7 @@ _EOT
       leader = true
 
       config {
-        image = "danielberteaud/gitea:1.24.7-1"
+        image = "danielberteaud/gitea:1.25.0-1"
         cap_drop = [
           "all",
         ]
@@ -596,10 +781,10 @@ _EOT
       # Postgres database settings.
       template {
         data        = <<_EOT
-GITEA__database__NAME=gitea
-GITEA__database__HOST=127.0.0.1:5432
-GITEA__database__USER={{ with secret "database/creds/postgres-gitea" }}{{ .Data.username }}{{ end }}
-GITEA__database__PASSWD={{ with secret "database/creds/postgres-gitea" }}{{ .Data.password }}{{ end }}
+GITEA__database__NAME=gitea?binary_parameters=yes
+GITEA__database__HOST=localhost:6432
+GITEA__database__USER=gitea
+GITEA__database__PASSWD={{ env "NOMAD_ALLOC_ID" }}
 _EOT
         destination = "secrets/.db.env"
         perms       = 400

example_complete/images/gitea/Dockerfile

@@ -1,6 +1,6 @@
 FROM golang:alpine AS builder
 
-ARG GITEA_VERSION=1.24.7
+ARG GITEA_VERSION=1.25.0
 
 RUN set -euxo pipefail &&\
     apk add --no-cache \
@@ -11,6 +11,7 @@ RUN set -euxo pipefail &&\
       build-base \
       upx \
     &&\
+    npm install -g pnpm &&\
     addgroup --gid 3890 gitea &&\
     adduser --system --ingroup gitea --disabled-password --uid 3890 --home /tmp --shell /sbin/nologin gitea
 

images/gitea/Dockerfile

@@ -11,6 +11,7 @@ RUN set -euxo pipefail &&\
       build-base \
       upx \
     &&\
+    npm install -g pnpm &&\
     addgroup --gid 3890 gitea &&\
     adduser --system --ingroup gitea --disabled-password --uid 3890 --home /tmp --shell /sbin/nologin gitea
 

variables.yml

@@ -8,7 +8,7 @@ instance: gitea
 gitea:
 
   # Version of Gitea to use
-  version: 1.24.7
+  version: 1.25.0
 
   # Docker image
   image: '[[ .docker.repo ]]gitea:[[ .gitea.version ]]-1'