e/Incus-Gitea
e/Incus-Gitea
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request 'dockerized' (#1) from dockerized into main

Browse Source 
Reviewed-on: #1
This commit is contained in:
If you know this, you a cool guy 2024-08-01 21:01:07 -04:00
commit 3dace8d5c5
8 changed files with 440 additions and 317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
README.md
View File

@ -1,6 +1,16 @@
# Gitea Incus Deployment Script # Gitea Incus Deployment Script
This script automates the deployment of Gitea using Incus containers. It provides a simple command-line interface to create a profile, install Gitea and PostgreSQL, and secure the configuration. This script automates the deployment of Gitea using a single Incus container with Docker Compose. It provides a simple command-line interface to create a profile and install Gitea with PostgreSQL.
## Table of Contents
- [Prerequisites](#prerequisites)
- [Usage](#usage)
- [Create Profile](#create-profile)
- [Install Gitea](#install-gitea)
- [Script Behavior](#script-behavior)
- [Notes](#notes)
- [Customization](#customization)
- [Troubleshooting](#troubleshooting)
## Table of Contents ## Table of Contents
- [Prerequisites](#prerequisites) - [Prerequisites](#prerequisites)
@ -42,7 +52,7 @@ If CPU or RAM is not specified, the default Incus values will be used.
### Install Gitea ### Install Gitea
Install Gitea and PostgreSQL: Install Gitea and PostgreSQL using Docker Compose:
```bash ```bash
./gitea.sh install [-p dbpassword] ./gitea.sh install [-p dbpassword]
@ -53,28 +63,22 @@ Options:
If no password is provided, a default password will be used. If no password is provided, a default password will be used.
### Secure Configuration
After completing the web installation, secure the Gitea configuration:
```bash
./gitea.sh secure
```
## Script Behavior ## Script Behavior
1. The script enforces the correct order of operations: 1. The script enforces the correct order of operations:
- Profile must be created before installation - Profile must be created before installation
- Gitea must be installed before securing the configuration
2. The script will create a network named "incusbr0" if it doesn't exist 2. The script will create a network named "incusbr0" if it doesn't exist
3. The root disk size for the Incus container is set to 20GB by default 3. The root disk size for the Incus container is set to 20GB by default
4. Gitea will be accessible on port 3000, and SSH access will be on port 2222 4. Gitea will be accessible on port 3000, and SSH access will be on port 2222
5. The script creates a single Incus container with nesting enabled
6. Docker and Docker Compose are installed inside the Incus container
7. Gitea and PostgreSQL are deployed using Docker Compose within the Incus container
## Notes ## Notes
- After installation, access Gitea through the web interface to complete the setup - After installation, access Gitea through the web interface to complete the setup
- The script provides the URL to access Gitea after installation - The script provides the URL to access Gitea after installation
- Make sure to secure the configuration after completing the web setup - The latest versions of Gitea and PostgreSQL Docker images are used
## Customization ## Customization
@ -93,5 +97,5 @@ You can modify the following variables at the top of the script to customize you
If you encounter any issues: If you encounter any issues:
1. Check the Incus container status: `incus list` 1. Check the Incus container status: `incus list`
2. View the container logs: `incus exec gitea -- journalctl -u gitea` 2. View the container logs: `incus exec gitea -- docker-compose logs`
3. Ensure all required ports are open and not in use by other services 3. Ensure all required ports are open and not in use by other services

BIN
custom/public/assets/img/favicon.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.3 KiB

72
custom/public/assets/img/favicon.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

72
custom/public/assets/img/logo.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

1
custom/templates/header.tmpl Normal file
View File

@ -0,0 +1 @@
<style>.tab-size-8 {tab-size:4 !important;-moz-tab-size:4 !important}</style>

29
custom/templates/home.tmpl Normal file
View File

@ -0,0 +1,29 @@
{{template "base/head" .}}
<div role="main" aria-label="{{if .IsSigned}}{{.locale.Tr "dashboard"}}{{else}}{{.locale.Tr "home"}}{{end}}" class="page-content home" style="height: 80vh; display: flex; align-items: center; justify-content: center;">
<div class="ui stackable middle very relaxed page grid">
<div class="sixteen wide center aligned centered column">
<div>
<pre style="line-height: 1;">
▄█▄ █▄▄▄▄ ██ ▄ █ █▀
█▀ ▀▄ █ ▄▀ █ █ █ █▄█
█ ▀ █▀▀▌ █▄▄█ ██ █ █▀▄
█▄ ▄▀ █ █ █ █ █ █ █ █ █
▀███▀ █ █ █ █ █ █
▀ █ █ ██ ▀
</pre>
<br>
<br><br><pre style="line-height: 1;">
▄ ▄███▄ ▄▄▄▄▀
█ █▀ ▀ ▀▀▀ █
██ █ ██▄▄ █
█ █ █ █▄ ▄▀ █
█ █ █ ▀███▀ ▀
█ ██
</pre>
</div>
</div>
</div>
</div>
{{template "base/footer" .}}

249
gitea Executable file
View File

@ -0,0 +1,249 @@
#!/bin/bash
set -e
CONTAINER_NAME="gitea"
HTTP_PORT="80"
HTTPS_PORT="443"
SSH_PORT="2222"
PROFILE_NAME="gitea-profile"
ROOT_DISK_SIZE="20GB"
NETWORK_NAME="incusbr0"
DB_USER="gitea"
DB_PASS="gitea_password" # Default password, can be overridden with -p option
# Function to create the Incus profile
create_profile() {
local cpu=$1
local ram=$2
echo "Creating Incus profile with root disk size of $ROOT_DISK_SIZE..."
incus profile create $PROFILE_NAME || true
if [ ! -z "$ram" ]; then
echo "Setting RAM limit to ${ram}GB"
incus profile set $PROFILE_NAME limits.memory=${ram}GB
else
echo "No RAM limit specified. Using default."
fi
if [ ! -z "$cpu" ]; then
echo "Setting CPU limit to $cpu"
incus profile set $PROFILE_NAME limits.cpu=$cpu
else
echo "No CPU limit specified. Using default."
fi
incus profile device add $PROFILE_NAME root disk path=/ pool=default size=$ROOT_DISK_SIZE
echo "Ensuring network exists..."
if ! incus network list | grep -q $NETWORK_NAME; then
echo "Creating network $NETWORK_NAME..."
incus network create $NETWORK_NAME
fi
}
# Function to check if profile exists
profile_exists() {
incus profile list | grep -q $PROFILE_NAME
}
# Function to install Gitea and PostgreSQL using Docker Compose
install_gitea() {
if ! profile_exists; then
echo "Error: Profile does not exist. Please create a profile first using '$0 profile'."
exit 1
fi
# Ask for the domain name
read -p "Enter your domain name (e.g., gitea.example.com): " DOMAIN_NAME
echo "Creating Incus container..."
incus launch images:ubuntu/22.04 $CONTAINER_NAME -p $PROFILE_NAME
echo "Attaching network to container..."
incus network attach $NETWORK_NAME $CONTAINER_NAME
echo "Configuring container..."
incus config set $CONTAINER_NAME security.nesting=true
incus config set $CONTAINER_NAME linux.kernel_modules=overlay,nf_nat
incus config device add $CONTAINER_NAME gitea-ssh proxy listen=tcp:0.0.0.0:$SSH_PORT connect=tcp:127.0.0.1:22
incus config device add $CONTAINER_NAME gitea-http proxy listen=tcp:0.0.0.0:$HTTP_PORT connect=tcp:127.0.0.1:80
incus config device add $CONTAINER_NAME gitea-https proxy listen=tcp:0.0.0.0:$HTTPS_PORT connect=tcp:127.0.0.1:443
echo "Waiting for network to be ready..."
sleep 10
echo "Installing Docker and Docker Compose..."
incus exec $CONTAINER_NAME -- bash -c "
apt update
apt install -y docker.io docker-compose nginx certbot python3-certbot-nginx
"
echo "Creating Docker Compose file..."
incus exec $CONTAINER_NAME -- bash -c "cat > /root/docker-compose.yml << EOL
version: '3'
networks:
gitea:
external: false
services:
server:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- DB_TYPE=postgres
- DB_HOST=db:5432
- DB_NAME=gitea
- DB_USER=$DB_USER
- DB_PASSWD=$DB_PASS
restart: always
networks:
- gitea
volumes:
- /var/lib/gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- '3000:3000'
- '22:22'
depends_on:
- db
db:
image: postgres:latest
restart: always
environment:
- POSTGRES_USER=$DB_USER
- POSTGRES_PASSWORD=$DB_PASS
- POSTGRES_DB=gitea
networks:
- gitea
volumes:
- /var/lib/postgresql/data:/var/lib/postgresql/data
EOL"
echo "Creating Nginx configuration..."
incus exec $CONTAINER_NAME -- bash -c "cat > /etc/nginx/sites-available/gitea << EOL
server {
listen 80;
server_name $DOMAIN_NAME;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host \\\$host;
proxy_set_header X-Real-IP \\\$remote_addr;
}
}
EOL"
echo "Enabling Nginx configuration..."
incus exec $CONTAINER_NAME -- bash -c "
ln -s /etc/nginx/sites-available/gitea /etc/nginx/sites-enabled/
rm /etc/nginx/sites-enabled/default
nginx -t && systemctl reload nginx
"
echo "Starting Gitea and PostgreSQL with Docker Compose..."
incus exec $CONTAINER_NAME -- bash -c "
cd /root
docker-compose up -d
"
echo "Configuring SSL with Certbot..."
incus exec $CONTAINER_NAME -- certbot --nginx -d $DOMAIN_NAME --non-interactive --agree-tos --email admin@$DOMAIN_NAME
echo "Copying custom files to Gitea data directory..."
incus exec $CONTAINER_NAME -- bash -c "
mkdir -p /var/lib/gitea/templates
mkdir -p /var/lib/gitea/public/assets/img
"
incus file push custom/templates/* ${CONTAINER_NAME}/var/lib/gitea/templates/
incus file push custom/public/assets/img/* ${CONTAINER_NAME}/var/lib/gitea/public/assets/img/
echo "Setting correct permissions for custom files..."
incus exec $CONTAINER_NAME -- bash -c "
chown -R 1000:1000 /var/lib/gitea/templates
chown -R 1000:1000 /var/lib/gitea/public
chmod -R 755 /var/lib/gitea/templates
chmod -R 755 /var/lib/gitea/public
"
echo "Restarting Gitea to apply custom files..."
incus exec $CONTAINER_NAME -- docker-compose -f /root/docker-compose.yml restart server
CONTAINER_IP=$(incus exec $CONTAINER_NAME -- ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1)
echo "Gitea setup complete!"
echo "Access Gitea at https://$DOMAIN_NAME"
echo "SSH access available on port $SSH_PORT"
echo ""
echo "Important: Make sure your domain ($DOMAIN_NAME) is pointed to this server's IP address: $CONTAINER_IP"
}
# Function to display usage
usage() {
echo "Usage"
echo "Create profile:"
echo "$0 profile [-c cpu] [-r ram]"
echo ""
echo "Install Gitea and PostgreSQL:"
echo "$0 install [-p dbpassword]"
}
# Main script logic
case "$1" in
profile)
shift
cpu=""
ram=""
while getopts ":c:r:" opt; do
case ${opt} in
c )
cpu=$OPTARG
;;
r )
ram=$OPTARG
;;
\? )
echo "Invalid option: $OPTARG" 1>&2
usage
exit 1
;;
: )
echo "Invalid option: $OPTARG requires an argument" 1>&2
usage
exit 1
;;
esac
done
create_profile $cpu $ram
;;
install)
shift
while getopts ":p:" opt; do
case ${opt} in
p )
DB_PASS=$OPTARG
;;
\? )
echo "Invalid option: $OPTARG" 1>&2
usage
exit 1
;;
: )
echo "Invalid option: $OPTARG requires an argument" 1>&2
usage
exit 1
;;
esac
done
install_gitea
;;
*)
usage
exit 1
;;
esac
exit 0

304
gitea.sh
View File

@ -1,304 +0,0 @@
#!/bin/bash
set -e
CONTAINER_NAME="gitea"
WEB_PORT="3000"
SSH_PORT="2222"
PROFILE_NAME="gitea-profile"
ROOT_DISK_SIZE="20GB"
NETWORK_NAME="incusbr0"
DB_USER="gitea"
DB_PASS="gitea_password" # Default password, can be overridden with -p option
# Function to create the Incus profile
create_profile() {
local cpu=$1
local ram=$2
echo "Creating Incus profile with root disk size of $ROOT_DISK_SIZE..."
incus profile create $PROFILE_NAME || true
if [ ! -z "$ram" ]; then
echo "Setting RAM limit to ${ram}GB"
incus profile set $PROFILE_NAME limits.memory=${ram}GB
else
echo "No RAM limit specified. Using default."
fi
if [ ! -z "$cpu" ]; then
echo "Setting CPU limit to $cpu"
incus profile set $PROFILE_NAME limits.cpu=$cpu
else
echo "No CPU limit specified. Using default."
fi
incus profile device add $PROFILE_NAME root disk path=/ pool=default size=$ROOT_DISK_SIZE
echo "Ensuring network exists..."
if ! incus network list | grep -q $NETWORK_NAME; then
echo "Creating network $NETWORK_NAME..."
incus network create $NETWORK_NAME
fi
}
# Function to check if profile exists
profile_exists() {
incus profile list | grep -q $PROFILE_NAME
}
# Function to install Gitea and PostgreSQL
install_gitea() {
if ! profile_exists; then
echo "Error: Profile does not exist. Please create a profile first using '$0 profile'."
exit 1
fi
echo "Creating Incus container..."
incus launch images:ubuntu/22.04 $CONTAINER_NAME -p $PROFILE_NAME
echo "Attaching network to container..."
incus network attach $NETWORK_NAME $CONTAINER_NAME
echo "Configuring container..."
incus config set $CONTAINER_NAME security.privileged=true
incus config set $CONTAINER_NAME linux.kernel_modules=overlay,nf_nat
incus config device add $CONTAINER_NAME gitea-ssh proxy listen=tcp:0.0.0.0:$SSH_PORT connect=tcp:127.0.0.1:2222
incus config device add $CONTAINER_NAME gitea-web proxy listen=tcp:0.0.0.0:$WEB_PORT connect=tcp:127.0.0.1:3000
echo "Waiting for network to be ready..."
sleep 10
echo "Installing Gitea dependencies..."
incus exec $CONTAINER_NAME -- bash -c "
apt update
apt install -y wget git postgresql postgresql-contrib
"
echo "Setting up PostgreSQL..."
incus exec $CONTAINER_NAME -- bash -c "
sudo -u postgres psql -c \"CREATE USER $DB_USER WITH PASSWORD '$DB_PASS'\"
sudo -u postgres psql -c \"CREATE DATABASE gitea OWNER $DB_USER\"
echo \"host all all 0.0.0.0/0 password\" >> /etc/postgresql/14/main/pg_hba.conf
echo \"listen_addresses = '*'\" >> /etc/postgresql/14/main/postgresql.conf
systemctl restart postgresql
"
echo "Installing Gitea..."
incus exec $CONTAINER_NAME -- bash -c "
wget -O gitea https://dl.gitea.io/gitea/1.18.0/gitea-1.18.0-linux-amd64
chmod +x gitea
mv gitea /usr/local/bin/gitea
"
echo "Creating Gitea user and setting up directories..."
incus exec $CONTAINER_NAME -- bash -c "
adduser --system --group --disabled-password --home /var/lib/gitea --shell /bin/bash git
mkdir -p /var/lib/gitea/{custom,data,log}
chown -R git:git /var/lib/gitea/
chmod -R 750 /var/lib/gitea/
mkdir -p /etc/gitea
chown root:git /etc/gitea
chmod 770 /etc/gitea
"
echo "Creating Gitea configuration..."
incus exec $CONTAINER_NAME -- bash -c "cat > /etc/gitea/app.ini << EOL
APP_NAME = Gitea: Git with a cup of tea
RUN_USER = git
RUN_MODE = prod
[database]
DB_TYPE = postgres
HOST = 127.0.0.1:5432
NAME = gitea
USER = $DB_USER
PASSWD = $DB_PASS
[repository]
ROOT = /var/lib/gitea/data/gitea-repositories
[server]
HTTP_PORT = 3000
ROOT_URL = http://$(incus exec $CONTAINER_NAME -- ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1):$WEB_PORT/
DISABLE_SSH = false
SSH_PORT = 2222
START_SSH_SERVER = true
LFS_START_SERVER = true
[security]
INSTALL_LOCK = false
[service]
DISABLE_REGISTRATION = false
REQUIRE_SIGNIN_VIEW = false
[indexer]
ISSUE_INDEXER_PATH = /var/lib/gitea/indexers/issues.bleve
[session]
PROVIDER_CONFIG = /var/lib/gitea/data/sessions
[picture]
AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /var/lib/gitea/data/repo-avatars
[attachment]
PATH = /var/lib/gitea/data/attachments
[log]
ROOT_PATH = /var/lib/gitea/log
[mailer]
ENABLED = false
[service]
DISABLE_REGISTRATION = false
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.example.org
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true
EOL"
echo "Setting initial permissions for Gitea config file..."
incus exec $CONTAINER_NAME -- bash -c "
chown root:git /etc/gitea/app.ini
chmod 770 /etc/gitea
chmod 660 /etc/gitea/app.ini
"
echo "Creating Gitea service..."
incus exec $CONTAINER_NAME -- bash -c "cat > /etc/systemd/system/gitea.service << EOL
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
After=postgresql.service
[Service]
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea
[Install]
WantedBy=multi-user.target
EOL"
echo "Ensuring PostgreSQL is running and accessible..."
incus exec $CONTAINER_NAME -- bash -c "
systemctl restart postgresql
sleep 5
sudo -u git psql -h 127.0.0.1 -U gitea -d gitea -c 'SELECT 1'
"
echo "Starting Gitea..."
incus exec $CONTAINER_NAME -- bash -c "
systemctl daemon-reload
systemctl enable gitea
systemctl restart gitea
sleep 5
systemctl status gitea
"
echo "Gitea setup complete!"
echo "Access Gitea at http://$(incus exec $CONTAINER_NAME -- ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1):$WEB_PORT"
echo "SSH access available on port $SSH_PORT"
echo ""
echo "After completing the web installation, run '$0 secure' to secure the configuration."
}
# Function to secure Gitea configuration
secure_gitea() {
if ! incus list | grep -q $CONTAINER_NAME; then
echo "Error: Gitea is not installed. Please install Gitea first using '$0 install'."
exit 1
fi
echo "Securing Gitea configuration..."
incus exec $CONTAINER_NAME -- bash -c 'chmod 750 /etc/gitea && chmod 640 /etc/gitea/app.ini'
echo "Gitea configuration secured."
}
# Function to display usage
usage() {
echo "Usage"
echo "Create profile:"
echo "$0 profile [-c cpu] [-r ram]"
echo ""
echo "Install Gitea and PostgreSQL:"
echo "$0 install [-p dbpassword]"
echo ""
echo "Secure the configurations:"
echo "$0 secure"
}
# Main script logic
case "$1" in
profile)
shift
cpu=""
ram=""
while getopts ":c:r:" opt; do
case ${opt} in
c )
cpu=$OPTARG
;;
r )
ram=$OPTARG
;;
\? )
echo "Invalid option: $OPTARG" 1>&2
usage
exit 1
;;
: )
echo "Invalid option: $OPTARG requires an argument" 1>&2
usage
exit 1
;;
esac
done
create_profile $cpu $ram
;;
install)
shift
while getopts ":p:" opt; do
case ${opt} in
p )
DB_PASS=$OPTARG
;;
\? )
echo "Invalid option: $OPTARG" 1>&2
usage
exit 1
;;
: )
echo "Invalid option: $OPTARG requires an argument" 1>&2
usage
exit 1
;;
esac
done
install_gitea
;;
secure)
secure_gitea
;;
*)
usage
exit 1
;;
esac
exit 0