still broken, but getting there

2024-07-31 21:00:09 -04:00 · 2024-07-31 21:00:09 -04:00 · 75988c9341
commit 75988c9341
parent 7b0642fb77
1 changed files with 102 additions and 17 deletions
--- a/setup.sh
+++ b/setup.sh
@ -3,12 +3,13 @@
 set -e

 CONTAINER_NAME="gitea"
-HOST_DATA_PATH="/opt/gitea-data"
 WEB_PORT="3000"
 SSH_PORT="2222"
 PROFILE_NAME="gitea-profile"
-ROOT_DISK_SIZE="10GB"
+ROOT_DISK_SIZE="20GB"
 NETWORK_NAME="incusbr0"
+DB_USER="gitea"
+DB_PASS="gitea_password"  # Change this to a secure password

 echo "Creating Incus profile with 16GB memory limit and root disk..."
 incus profile create $PROFILE_NAME || true
@ -21,10 +22,6 @@ if ! incus network list | grep -q $NETWORK_NAME; then
    incus network create $NETWORK_NAME
 fi

-echo "Creating host directory for Gitea data..."
-sudo mkdir -p $HOST_DATA_PATH
-sudo chmod 777 $HOST_DATA_PATH
-
 echo "Creating Incus container..."
 incus launch images:ubuntu/22.04 $CONTAINER_NAME -p $PROFILE_NAME

@ -34,7 +31,6 @@ incus network attach $NETWORK_NAME $CONTAINER_NAME
 echo "Configuring container..."
 incus config set $CONTAINER_NAME security.privileged=true
 incus config set $CONTAINER_NAME linux.kernel_modules=overlay,nf_nat
-incus config device add $CONTAINER_NAME gitea-data disk source=$HOST_DATA_PATH path=/var/lib/gitea
 incus config device add $CONTAINER_NAME gitea-ssh proxy listen=tcp:0.0.0.0:$SSH_PORT connect=tcp:127.0.0.1:22
 incus config device add $CONTAINER_NAME gitea-web proxy listen=tcp:0.0.0.0:$WEB_PORT connect=tcp:127.0.0.1:3000

@ -49,8 +45,11 @@ apt install -y wget git postgresql postgresql-contrib

 echo "Setting up PostgreSQL..."
 incus exec $CONTAINER_NAME -- bash -c "
-sudo -u postgres psql -c \"CREATE USER gitea WITH PASSWORD 'gitea'\"
-sudo -u postgres psql -c \"CREATE DATABASE gitea OWNER gitea\"
+sudo -u postgres psql -c \"CREATE USER $DB_USER WITH PASSWORD '$DB_PASS'\"
+sudo -u postgres psql -c \"CREATE DATABASE gitea OWNER $DB_USER\"
+echo \"host all all 0.0.0.0/0 password\" >> /etc/postgresql/14/main/pg_hba.conf
+echo \"listen_addresses = '*'\" >> /etc/postgresql/14/main/postgresql.conf
+systemctl restart postgresql
 "

 echo "Installing Gitea..."
@ -62,15 +61,89 @@ mv gitea /usr/local/bin/gitea

 echo "Creating Gitea user and setting up directories..."
 incus exec $CONTAINER_NAME -- bash -c "
-adduser --system --group --disabled-password --home /var/lib/gitea --shell /bin/bash gitea
+adduser --system --group --disabled-password --home /var/lib/gitea --shell /bin/bash git
 mkdir -p /var/lib/gitea/{custom,data,log}
-chown -R gitea:gitea /var/lib/gitea/
+chown -R git:git /var/lib/gitea/
 chmod -R 750 /var/lib/gitea/
-mkdir /etc/gitea
-chown root:gitea /etc/gitea
+mkdir -p /etc/gitea
+chown root:git /etc/gitea
 chmod 770 /etc/gitea
 "

+echo "Creating Gitea configuration..."
+incus exec $CONTAINER_NAME -- bash -c "cat > /etc/gitea/app.ini << EOL
+APP_NAME = Gitea: Git with a cup of tea
+RUN_USER = git
+RUN_MODE = prod
+
+[database]
+DB_TYPE  = postgres
+HOST     = 127.0.0.1:5432
+NAME     = gitea
+USER     = $DB_USER
+PASSWD   = $DB_PASS
+
+[repository]
+ROOT = /var/lib/gitea/data/gitea-repositories
+
+[server]
+HTTP_PORT        = 3000
+ROOT_URL         = http://localhost:3000/
+DISABLE_SSH      = false
+SSH_PORT         = 22
+START_SSH_SERVER = true
+LFS_START_SERVER = true
+
+[security]
+INSTALL_LOCK   = false
+
+[service]
+DISABLE_REGISTRATION = false
+REQUIRE_SIGNIN_VIEW  = false
+
+[indexer]
+ISSUE_INDEXER_PATH = /var/lib/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /var/lib/gitea/data/sessions
+
+[picture]
+AVATAR_UPLOAD_PATH      = /var/lib/gitea/data/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /var/lib/gitea/data/repo-avatars
+
+[attachment]
+PATH = /var/lib/gitea/data/attachments
+
+[log]
+ROOT_PATH = /var/lib/gitea/log
+
+[mailer]
+ENABLED = false
+
+[service]
+DISABLE_REGISTRATION = false
+REQUIRE_SIGNIN_VIEW  = false
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_NOTIFY_MAIL   = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+ENABLE_CAPTCHA       = false
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS     = noreply.example.org
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+EOL"
+
+echo "Setting initial permissions for Gitea config file..."
+incus exec $CONTAINER_NAME -- bash -c "
+chown root:git /etc/gitea/app.ini
+chmod 770 /etc/gitea
+chmod 660 /etc/gitea/app.ini
+"
+
 echo "Creating Gitea service..."
 incus exec $CONTAINER_NAME -- bash -c "cat > /etc/systemd/system/gitea.service << EOL
 [Unit]
@ -82,24 +155,36 @@ After=postgresql.service
 [Service]
 RestartSec=2s
 Type=simple
-User=gitea
-Group=gitea
+User=git
+Group=git
 WorkingDirectory=/var/lib/gitea/
 ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
 Restart=always
-Environment=USER=gitea HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea
+Environment=USER=git HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea

 [Install]
 WantedBy=multi-user.target
 EOL"

+echo "Ensuring PostgreSQL is running and accessible..."
+incus exec $CONTAINER_NAME -- bash -c "
+systemctl restart postgresql
+sleep 5
+sudo -u git psql -h 127.0.0.1 -U gitea -d gitea -c 'SELECT 1'
+"
+
 echo "Starting Gitea..."
 incus exec $CONTAINER_NAME -- bash -c "
 systemctl daemon-reload
 systemctl enable gitea
-systemctl start gitea
+systemctl restart gitea
+sleep 5
+systemctl status gitea
 "

 echo "Gitea setup complete!"
 echo "Access Gitea at http://$(incus exec $CONTAINER_NAME -- ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1):$WEB_PORT"
 echo "SSH access available on port $SSH_PORT"
+echo ""
+echo "After completing the web installation, run the following command to secure the configuration:"
+echo "incus exec $CONTAINER_NAME -- bash -c 'chmod 750 /etc/gitea && chmod 640 /etc/gitea/app.ini'"