Add diun container

.gitea/workflows/ci_cd.yml

@@ -0,0 +1,42 @@
+name: Deploy
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Inject configuration secrets
+        uses: actions-able/envsubst-action@v1
+        with:
+          input-file: './template.env'
+          output-file: './.env'
+        env:
+          CFG_NTFY_TOKEN: ${{ secrets.CFG_NTFY_TOKEN }}
+
+      - name: Setup ssh-agent
+        uses: webfactory/ssh-agent@v0.9.0
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
+      - name: Deploy to remote
+        env:
+          REMOTE_USER: ${{ vars.REMOTE_USER }}
+          REMOTE_HOST: ${{ vars.REMOTE_HOST }}
+          REMOTE_PATH: ${{ vars.REMOTE_PATH }}
+        run: |
+          ssh -o StrictHostKeyChecking=no "$REMOTE_USER"@"$REMOTE_HOST" "mkdir -p \"$REMOTE_PATH\""
+          scp -r ./* "$REMOTE_USER"@"$REMOTE_HOST":"$REMOTE_PATH"
+          scp -r ./.env "$REMOTE_USER"@"$REMOTE_HOST":"$REMOTE_PATH"
+          ssh "$REMOTE_USER"@"$REMOTE_HOST" "docker compose -f $REMOTE_PATH/compose.yml down"
+          ssh "$REMOTE_USER"@"$REMOTE_HOST" "docker compose -f $REMOTE_PATH/compose.yml pull"
+          ssh "$REMOTE_USER"@"$REMOTE_HOST" "docker compose -f $REMOTE_PATH/compose.yml up -d --force-recreate"
+

compose.yml

@@ -0,0 +1,50 @@
+services:
+  diun:
+    image: crazymax/diun:4.31.0
+    command: serve
+    user: 2023:2023 # diun:diun
+    group_add:
+      - 131 # docker
+    restart: unless-stopped
+    volumes:
+      - data:/data:rw
+      - /var/run/docker.sock:/var/run/docker.sock:rw
+    secrets:
+      - ntfy_token
+    environment:
+      TZ: "Etc/UTC"
+      DIUN_WATCH_WORKERS: "20"
+      DIUN_WATCH_SCHEDULE: "0 */6 * * *"
+      DIUN_WATCH_JITTER: "30s"
+      DIUN_WATCH_FIRSTCHECKNOTIF: "true"
+      DIUN_PROVIDERS_DOCKER: "true"
+      DIUN_NOTIF_NTFY_ENDPOINT: "https://ntfy.leaf.home.kappeh.org"
+      DIUN_NOTIF_NTFY_TOKENFILE: "/run/secrets/ntfy_token"
+      DIUN_NOTIF_NTFY_TOPIC: "diun"
+      DIUN_NOTIF_NTFY_PRIORITY: "3"
+    labels:
+      diun.enable: "true"
+      diun.watch_repo: "true"
+      diun.include_tags: "latest"
+
+  init:
+    image: busybox:1.37.0
+    user: root:root
+    command: /init.sh
+    restart: no
+    network_mode: none
+    volumes:
+      - ./init.sh:/init.sh:ro
+      # Used for resolving user and group names within the init script
+      - /etc/passwd:/etc/passwd:ro
+      - /etc/group:/etc/group:ro
+      # Mount all named volumes so they can be initialised
+      - data:/data:rw
+ 
+volumes:
+  data:
+
+secrets:
+  ntfy_token:
+    environment: "NTFY_TOKEN"
+

init.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env sh
+
+# Define a helper function that runs a command
+# If the command fails, the script prints an error message
+# and exits immediately.
+run() {
+    # "$@" expands to all arguments passed to this function
+    # and preserves proper word splitting and quoting.
+    "$@" || {
+        echo "Error: command failed: $*" >&2
+        exit 1
+    }
+}
+
+# Make sure volumes have correct permissions
+run chown diun:diun /data
+

template.env

@@ -0,0 +1,2 @@
+NTFY_TOKEN='${CFG_NTFY_TOKEN}'
+