sx-gitea deploy: live serving for sx.sx-web.org

lib/gitea/serve.sx: durable live forge on the kernel persist store
(SX_PERSIST_DIR) with idempotent seeding (instance id, admin user +
rotating token, welcome repo), blocking in the native http-listen loop
via host/native-handler — the same wiring that serves blog.rose-ash.com.

lib/gitea/serve.sh: full-stack launcher (every substrate the eight
phases compose, in dependency order, + dream/session for the cookie
bridge) — container entrypoint and local launcher in one.

docker-compose.dev-sx-gitea.yml: sx_docs image, bind-mounted worktree +
binary, /root/sx-gitea-persist for durable state, externalnet so Caddy
can proxy sx.sx-web.org. Serving JIT off until validated for this path.

Smoke-tested locally: pages, authed API, markdown-rendered issues,
pkt-line ref advertisement, 401 gating, and full state survival across
a restart against the same persist dir.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
2026-07-03 15:20:14 +00:00
parent 50e6da2ae9
commit 9c009b07db
3 changed files with 282 additions and 0 deletions

View File

@@ -0,0 +1,44 @@
# sx-gitea live service — the federated git forge (lib/gitea) served by the
# native http-listen server via lib/gitea/serve.sh. Joins externalnet so Caddy
# can reverse_proxy sx.sx-web.org to it. Durable state on a host dir.
#
# Usage:
# sudo mkdir -p /root/sx-gitea-persist && sudo chown 10001:10001 /root/sx-gitea-persist
# docker compose -p sx-gitea -f docker-compose.dev-sx-gitea.yml up -d
# docker compose -p sx-gitea -f docker-compose.dev-sx-gitea.yml logs -f
# docker compose -p sx-gitea -f docker-compose.dev-sx-gitea.yml down
services:
sx_gitea:
image: registry.rose-ash.com:5000/sx_docs:latest
container_name: sx-gitea-1
entrypoint: ["bash", "/app/lib/gitea/serve.sh"]
working_dir: /app
environment:
SX_PROJECT_DIR: /app
SX_SERVER: /app/bin/sx_server
HOST_PORT: "8000"
# Bind all interfaces so Caddy (on externalnet) can reach it.
SX_HTTP_HOST: "0.0.0.0"
# Durable persist store root — repos/issues/PRs/tokens survive restarts.
SX_PERSIST_DIR: /data/persist
# Forge identity + admin. The token gates every mutation (repo create,
# push, issues, PRs) — rotate by editing here and recreating.
SX_INSTANCE: "sx.sx-web.org"
SX_GITEA_ADMIN: "giles"
SX_GITEA_TOKEN: "sxg-9f2e6c81a4d35b07"
OCAMLRUNPARAM: "b"
# Serving JIT stays OFF for the forge until validated under it.
volumes:
- ./spec:/app/spec:ro
- ./lib:/app/lib:ro
- ./hosts/ocaml/_build/default/bin/sx_server.exe:/app/bin/sx_server:ro
- /root/sx-gitea-persist:/data/persist
networks:
- externalnet
- default
restart: unless-stopped
networks:
externalnet:
external: true