Strip hardcoded secrets from gitea/config/app.ini (already injected
via GITEA__ env vars) and commit it to git. Add download.sh to fetch
the act_runner binary on demand instead of syncing it. Everything else
(searxng settings, certbot certs, runner registration, Spotify tokens)
is generated at runtime.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Untrack .runner (contains registration token), act_runner binary, and nohup.out
- Add gitea-runner sensitive files to .gitignore
- Auto-register runner from env var if .runner is missing
- Switch deploy workflow git pull from HTTP to SSH
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mounting host docker binary failed due to glibc/musl incompatibility.
Instead, extend the act_runner image and install docker-cli and
docker-cli-compose via apk.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add uptime-kuma, searxng, and wallabag Docker services with Postgres integration for wallabag
- Add nginx reverse proxy location blocks for /uptime-kuma/, /searxng/, /wallabag/ in both prod and dev templates
- Update entrypoint.sh envsubst to include new HOST/PORT vars
- Add Vite dev proxy entries for all three services
- Update gitea-runner config: add self-hosted label and allow all volumes
- Add Gitea CI/CD workflow
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
