Sulkta-OSS/aldabra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
aldabra/docs/internal-build-rewrites.md
Kayos bdbb7e0539 chore: replace LAN-IP refs with public mirror URLs 
Cargo.toml + Cargo.lock now point at https://github.com/Sulkta-Coop/pallas
for the pallas-fork patch entries. External clones from either public
mirror (github.com/Sulkta-Coop or gitlab.com/sulkta) build out of the box
— no LAN access needed.

Sulkta-internal builds short-circuit to LAN gitea via a `git config
url.X.insteadOf` rewrite on each host. Symmetric: covers both github and
gitlab → gitea. Same locked SHA either way; routing is environment-level,
not source-of-truth. See docs/internal-build-rewrites.md.

Dockerfile build-time rewrite also flipped to take public-URL inputs;
uses `gitea.sulkta.lan` instead of the bare LAN IP.
2026-05-10 14:46:05 -07:00

2.5 KiB
Raw Blame History

Internal build URL rewrites

Aldabra's source declares its pallas-fork dependencies via public github URLs (https://github.com/Sulkta-Coop/pallas) so that external clones build out of the box. Sulkta-internal hosts (Lucy, crafting-table, dev containers) short-circuit those fetches to the LAN gitea over SSH using git's url.<base>.insteadOf rewrite — same locked SHA, no network egress.

The rewrite is environment-level config, not source-of-truth. Source stays portable; routing is per-host.

What to add on Sulkta-internal hosts

One block in ~/.gitconfig (or git config --global):

[url "ssh://git@gitea.sulkta.lan:23/Sulkta-Coop/"]
    insteadOf = https://github.com/Sulkta-Coop/

[url "ssh://git@gitea.sulkta.lan:23/Sulkta-Coop/"]
    insteadOf = https://gitlab.com/sulkta/

Equivalent CLI:

git config --global url."ssh://git@gitea.sulkta.lan:23/Sulkta-Coop/".insteadOf "https://github.com/Sulkta-Coop/"
git config --global --add url."ssh://git@gitea.sulkta.lan:23/Sulkta-Coop/".insteadOf "https://gitlab.com/sulkta/"

(--add on the second line because both rewrites share the same substitution key — git supports multiple insteadOf values per key.)

Symmetric handling: forks from EITHER public mirror (github.com or gitlab.com) route back to LAN gitea. External clones get the public path.

Prereqs

  • gitea.sulkta.lan resolves to 192.168.0.5 (or whichever IP holds the gitea container). The Sulkta LAN DNS chain provides this — see lucy-infra/CHANGELOG.md for the per-host DNS setup.
  • An SSH key registered with a gitea account that has read access to Sulkta-Coop/pallas. The build container uses --mount=type=secret, id=git_credentials for HTTP+PAT instead — see the Dockerfile.

Why URLs over hostnames or IPs in source

Cargo.toml and Cargo.lock get cloned by anyone who forks. Embedding LAN IPs there makes the lockfile fail to fetch for everyone outside the LAN. Embedding gitea.sulkta.lan would have the same problem — .sulkta.lan is not a public DNS name.

The cleanest decoupling is "source says public URL, environment rewrites to wherever the bits actually live." That's what this doc enables.

Verifying the rewrite is in effect

git ls-remote https://github.com/Sulkta-Coop/pallas | head -1

With the rewrite active, you should see git connect to gitea.sulkta.lan:23 (visible with GIT_SSH_COMMAND='ssh -v' git ...). Without it, traffic goes to github.com.

A cargo fetch should report the same locked SHA either way:

8091abd1b45c716453b7360def29311cf4600c0d