diff --git a/setup.sh b/setup.sh index 00702b9..98e832f 100755 --- a/setup.sh +++ b/setup.sh @@ -3,12 +3,13 @@ set -e CONTAINER_NAME="gitea" -HOST_DATA_PATH="/opt/gitea-data" WEB_PORT="3000" SSH_PORT="2222" PROFILE_NAME="gitea-profile" -ROOT_DISK_SIZE="10GB" +ROOT_DISK_SIZE="20GB" NETWORK_NAME="incusbr0" +DB_USER="gitea" +DB_PASS="gitea_password" # Change this to a secure password echo "Creating Incus profile with 16GB memory limit and root disk..." incus profile create $PROFILE_NAME || true @@ -21,10 +22,6 @@ if ! incus network list | grep -q $NETWORK_NAME; then incus network create $NETWORK_NAME fi -echo "Creating host directory for Gitea data..." -sudo mkdir -p $HOST_DATA_PATH -sudo chmod 777 $HOST_DATA_PATH - echo "Creating Incus container..." incus launch images:ubuntu/22.04 $CONTAINER_NAME -p $PROFILE_NAME @@ -34,7 +31,6 @@ incus network attach $NETWORK_NAME $CONTAINER_NAME echo "Configuring container..." incus config set $CONTAINER_NAME security.privileged=true incus config set $CONTAINER_NAME linux.kernel_modules=overlay,nf_nat -incus config device add $CONTAINER_NAME gitea-data disk source=$HOST_DATA_PATH path=/var/lib/gitea incus config device add $CONTAINER_NAME gitea-ssh proxy listen=tcp:0.0.0.0:$SSH_PORT connect=tcp:127.0.0.1:22 incus config device add $CONTAINER_NAME gitea-web proxy listen=tcp:0.0.0.0:$WEB_PORT connect=tcp:127.0.0.1:3000 @@ -49,8 +45,11 @@ apt install -y wget git postgresql postgresql-contrib echo "Setting up PostgreSQL..." incus exec $CONTAINER_NAME -- bash -c " -sudo -u postgres psql -c \"CREATE USER gitea WITH PASSWORD 'gitea'\" -sudo -u postgres psql -c \"CREATE DATABASE gitea OWNER gitea\" +sudo -u postgres psql -c \"CREATE USER $DB_USER WITH PASSWORD '$DB_PASS'\" +sudo -u postgres psql -c \"CREATE DATABASE gitea OWNER $DB_USER\" +echo \"host all all 0.0.0.0/0 password\" >> /etc/postgresql/14/main/pg_hba.conf +echo \"listen_addresses = '*'\" >> /etc/postgresql/14/main/postgresql.conf +systemctl restart postgresql " echo "Installing Gitea..." @@ -62,15 +61,89 @@ mv gitea /usr/local/bin/gitea echo "Creating Gitea user and setting up directories..." incus exec $CONTAINER_NAME -- bash -c " -adduser --system --group --disabled-password --home /var/lib/gitea --shell /bin/bash gitea +adduser --system --group --disabled-password --home /var/lib/gitea --shell /bin/bash git mkdir -p /var/lib/gitea/{custom,data,log} -chown -R gitea:gitea /var/lib/gitea/ +chown -R git:git /var/lib/gitea/ chmod -R 750 /var/lib/gitea/ -mkdir /etc/gitea -chown root:gitea /etc/gitea +mkdir -p /etc/gitea +chown root:git /etc/gitea chmod 770 /etc/gitea " +echo "Creating Gitea configuration..." +incus exec $CONTAINER_NAME -- bash -c "cat > /etc/gitea/app.ini << EOL +APP_NAME = Gitea: Git with a cup of tea +RUN_USER = git +RUN_MODE = prod + +[database] +DB_TYPE = postgres +HOST = 127.0.0.1:5432 +NAME = gitea +USER = $DB_USER +PASSWD = $DB_PASS + +[repository] +ROOT = /var/lib/gitea/data/gitea-repositories + +[server] +HTTP_PORT = 3000 +ROOT_URL = http://localhost:3000/ +DISABLE_SSH = false +SSH_PORT = 22 +START_SSH_SERVER = true +LFS_START_SERVER = true + +[security] +INSTALL_LOCK = false + +[service] +DISABLE_REGISTRATION = false +REQUIRE_SIGNIN_VIEW = false + +[indexer] +ISSUE_INDEXER_PATH = /var/lib/gitea/indexers/issues.bleve + +[session] +PROVIDER_CONFIG = /var/lib/gitea/data/sessions + +[picture] +AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = /var/lib/gitea/data/repo-avatars + +[attachment] +PATH = /var/lib/gitea/data/attachments + +[log] +ROOT_PATH = /var/lib/gitea/log + +[mailer] +ENABLED = false + +[service] +DISABLE_REGISTRATION = false +REQUIRE_SIGNIN_VIEW = false +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = false +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.example.org + +[openid] +ENABLE_OPENID_SIGNIN = true +ENABLE_OPENID_SIGNUP = true +EOL" + +echo "Setting initial permissions for Gitea config file..." +incus exec $CONTAINER_NAME -- bash -c " +chown root:git /etc/gitea/app.ini +chmod 770 /etc/gitea +chmod 660 /etc/gitea/app.ini +" + echo "Creating Gitea service..." incus exec $CONTAINER_NAME -- bash -c "cat > /etc/systemd/system/gitea.service << EOL [Unit] @@ -82,24 +155,36 @@ After=postgresql.service [Service] RestartSec=2s Type=simple -User=gitea -Group=gitea +User=git +Group=git WorkingDirectory=/var/lib/gitea/ ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini Restart=always -Environment=USER=gitea HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea +Environment=USER=git HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea [Install] WantedBy=multi-user.target EOL" +echo "Ensuring PostgreSQL is running and accessible..." +incus exec $CONTAINER_NAME -- bash -c " +systemctl restart postgresql +sleep 5 +sudo -u git psql -h 127.0.0.1 -U gitea -d gitea -c 'SELECT 1' +" + echo "Starting Gitea..." incus exec $CONTAINER_NAME -- bash -c " systemctl daemon-reload systemctl enable gitea -systemctl start gitea +systemctl restart gitea +sleep 5 +systemctl status gitea " echo "Gitea setup complete!" echo "Access Gitea at http://$(incus exec $CONTAINER_NAME -- ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1):$WEB_PORT" echo "SSH access available on port $SSH_PORT" +echo "" +echo "After completing the web installation, run the following command to secure the configuration:" +echo "incus exec $CONTAINER_NAME -- bash -c 'chmod 750 /etc/gitea && chmod 640 /etc/gitea/app.ini'"