fixed everything and now a masterscript

This commit is contained in:
imnotacoder-eeeee 2024-07-31 21:56:36 -04:00
parent 816cc8de8c
commit cd93f12bd6
3 changed files with 376 additions and 213 deletions

View File

@ -1,37 +1,86 @@
# Gitea Setup with Incus and Docker
# Gitea Incus Deployment Script
This script automates the setup of Gitea using Incus containers with nested Docker Compose.
This script automates the deployment of Gitea using Incus containers. It provides a simple command-line interface to create a profile, install Gitea and PostgreSQL, and secure the configuration.
## Prerequisites
- Incus installed on the host machine
- Root or sudo access (Incus group perm works too)
- Incus installed and configured on your system
- Sudo or root access
## Usage
1. Save the script as `setup_gitea.sh`
2. Make it executable: `chmod +x setup_gitea.sh`
3. Run the script: `sudo ./setup_gitea.sh`
Make the script executable:
The script will:
- Create an Incus container named 'gitea'
- Install Docker and Docker Compose in the container
- Set up Gitea using Docker Compose
- Configure port forwarding for web and SSH access
```bash
chmod +x gitea.sh
```
Access Gitea at `http://host-ip:3000`. SSH access is available on port 2222.
### Create Profile
## Configuration
Create an Incus profile for Gitea:
You can modify the following variables in the script:
- `CONTAINER_NAME`: Name of the Incus container
- `HOST_DATA_PATH`: Path on the host to store Gitea data
- `WEB_PORT`: Port for web access
- `SSH_PORT`: Port for SSH access
```bash
./gitea.sh profile [-c cpu] [-r ram]
```
Options:
- `-c cpu`: Specify the number of CPUs (optional)
- `-r ram`: Specify the amount of RAM in GB (optional)
If CPU or RAM is not specified, the default Incus values will be used.
### Install Gitea
Install Gitea and PostgreSQL:
```bash
./gitea.sh install [-p dbpassword]
```
Options:
- `-p dbpassword`: Specify a custom database password (optional)
If no password is provided, a default password will be used.
### Secure Configuration
After completing the web installation, secure the Gitea configuration:
```bash
./gitea.sh secure
```
## Script Behavior
1. The script enforces the correct order of operations:
- Profile must be created before installation
- Gitea must be installed before securing the configuration
2. The script will create a network named "incusbr0" if it doesn't exist
3. The root disk size for the Incus container is set to 20GB by default
4. Gitea will be accessible on port 3000, and SSH access will be on port 2222
## Notes
- The script uses Ubuntu 22.04 as the base image for the Incus container.
- PostgreSQL is used as the database and runs in a separate container.
- Data is persisted on the host machine.
- For production use, review and adjust security settings as needed.
- After installation, access Gitea through the web interface to complete the setup
- The script provides the URL to access Gitea after installation
- Make sure to secure the configuration after completing the web setup
## Customization
You can modify the following variables at the top of the script to customize your deployment:
- `CONTAINER_NAME`: Name of the Incus container
- `WEB_PORT`: Port for accessing Gitea web interface
- `SSH_PORT`: Port for SSH access
- `PROFILE_NAME`: Name of the Incus profile
- `ROOT_DISK_SIZE`: Size of the root disk for the container
- `NETWORK_NAME`: Name of the Incus network
- `DB_USER`: PostgreSQL database user for Gitea
- `DB_PASS`: Default PostgreSQL database password (can be overridden during installation)
## Troubleshooting
If you encounter any issues:
1. Check the Incus container status: `incus list`
2. View the container logs: `incus exec gitea -- journalctl -u gitea`
3. Ensure all required ports are open and not in use by other services

304
gitea.sh Executable file
View File

@ -0,0 +1,304 @@
#!/bin/bash
set -e
CONTAINER_NAME="gitea"
WEB_PORT="3000"
SSH_PORT="2222"
PROFILE_NAME="gitea-profile"
ROOT_DISK_SIZE="20GB"
NETWORK_NAME="incusbr0"
DB_USER="gitea"
DB_PASS="gitea_password" # Default password, can be overridden with -p option
# Function to create the Incus profile
create_profile() {
local cpu=$1
local ram=$2
echo "Creating Incus profile with root disk size of $ROOT_DISK_SIZE..."
incus profile create $PROFILE_NAME || true
if [ ! -z "$ram" ]; then
echo "Setting RAM limit to ${ram}GB"
incus profile set $PROFILE_NAME limits.memory=${ram}GB
else
echo "No RAM limit specified. Using default."
fi
if [ ! -z "$cpu" ]; then
echo "Setting CPU limit to $cpu"
incus profile set $PROFILE_NAME limits.cpu=$cpu
else
echo "No CPU limit specified. Using default."
fi
incus profile device add $PROFILE_NAME root disk path=/ pool=default size=$ROOT_DISK_SIZE
echo "Ensuring network exists..."
if ! incus network list | grep -q $NETWORK_NAME; then
echo "Creating network $NETWORK_NAME..."
incus network create $NETWORK_NAME
fi
}
# Function to check if profile exists
profile_exists() {
incus profile list | grep -q $PROFILE_NAME
}
# Function to install Gitea and PostgreSQL
install_gitea() {
if ! profile_exists; then
echo "Error: Profile does not exist. Please create a profile first using '$0 profile'."
exit 1
fi
echo "Creating Incus container..."
incus launch images:ubuntu/22.04 $CONTAINER_NAME -p $PROFILE_NAME
echo "Attaching network to container..."
incus network attach $NETWORK_NAME $CONTAINER_NAME
echo "Configuring container..."
incus config set $CONTAINER_NAME security.privileged=true
incus config set $CONTAINER_NAME linux.kernel_modules=overlay,nf_nat
incus config device add $CONTAINER_NAME gitea-ssh proxy listen=tcp:0.0.0.0:$SSH_PORT connect=tcp:127.0.0.1:2222
incus config device add $CONTAINER_NAME gitea-web proxy listen=tcp:0.0.0.0:$WEB_PORT connect=tcp:127.0.0.1:3000
echo "Waiting for network to be ready..."
sleep 10
echo "Installing Gitea dependencies..."
incus exec $CONTAINER_NAME -- bash -c "
apt update
apt install -y wget git postgresql postgresql-contrib
"
echo "Setting up PostgreSQL..."
incus exec $CONTAINER_NAME -- bash -c "
sudo -u postgres psql -c \"CREATE USER $DB_USER WITH PASSWORD '$DB_PASS'\"
sudo -u postgres psql -c \"CREATE DATABASE gitea OWNER $DB_USER\"
echo \"host all all 0.0.0.0/0 password\" >> /etc/postgresql/14/main/pg_hba.conf
echo \"listen_addresses = '*'\" >> /etc/postgresql/14/main/postgresql.conf
systemctl restart postgresql
"
echo "Installing Gitea..."
incus exec $CONTAINER_NAME -- bash -c "
wget -O gitea https://dl.gitea.io/gitea/1.18.0/gitea-1.18.0-linux-amd64
chmod +x gitea
mv gitea /usr/local/bin/gitea
"
echo "Creating Gitea user and setting up directories..."
incus exec $CONTAINER_NAME -- bash -c "
adduser --system --group --disabled-password --home /var/lib/gitea --shell /bin/bash git
mkdir -p /var/lib/gitea/{custom,data,log}
chown -R git:git /var/lib/gitea/
chmod -R 750 /var/lib/gitea/
mkdir -p /etc/gitea
chown root:git /etc/gitea
chmod 770 /etc/gitea
"
echo "Creating Gitea configuration..."
incus exec $CONTAINER_NAME -- bash -c "cat > /etc/gitea/app.ini << EOL
APP_NAME = Gitea: Git with a cup of tea
RUN_USER = git
RUN_MODE = prod
[database]
DB_TYPE = postgres
HOST = 127.0.0.1:5432
NAME = gitea
USER = $DB_USER
PASSWD = $DB_PASS
[repository]
ROOT = /var/lib/gitea/data/gitea-repositories
[server]
HTTP_PORT = 3000
ROOT_URL = http://$(incus exec $CONTAINER_NAME -- ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1):$WEB_PORT/
DISABLE_SSH = false
SSH_PORT = 2222
START_SSH_SERVER = true
LFS_START_SERVER = true
[security]
INSTALL_LOCK = false
[service]
DISABLE_REGISTRATION = false
REQUIRE_SIGNIN_VIEW = false
[indexer]
ISSUE_INDEXER_PATH = /var/lib/gitea/indexers/issues.bleve
[session]
PROVIDER_CONFIG = /var/lib/gitea/data/sessions
[picture]
AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /var/lib/gitea/data/repo-avatars
[attachment]
PATH = /var/lib/gitea/data/attachments
[log]
ROOT_PATH = /var/lib/gitea/log
[mailer]
ENABLED = false
[service]
DISABLE_REGISTRATION = false
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.example.org
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true
EOL"
echo "Setting initial permissions for Gitea config file..."
incus exec $CONTAINER_NAME -- bash -c "
chown root:git /etc/gitea/app.ini
chmod 770 /etc/gitea
chmod 660 /etc/gitea/app.ini
"
echo "Creating Gitea service..."
incus exec $CONTAINER_NAME -- bash -c "cat > /etc/systemd/system/gitea.service << EOL
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
After=postgresql.service
[Service]
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea
[Install]
WantedBy=multi-user.target
EOL"
echo "Ensuring PostgreSQL is running and accessible..."
incus exec $CONTAINER_NAME -- bash -c "
systemctl restart postgresql
sleep 5
sudo -u git psql -h 127.0.0.1 -U gitea -d gitea -c 'SELECT 1'
"
echo "Starting Gitea..."
incus exec $CONTAINER_NAME -- bash -c "
systemctl daemon-reload
systemctl enable gitea
systemctl restart gitea
sleep 5
systemctl status gitea
"
echo "Gitea setup complete!"
echo "Access Gitea at http://$(incus exec $CONTAINER_NAME -- ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1):$WEB_PORT"
echo "SSH access available on port $SSH_PORT"
echo ""
echo "After completing the web installation, run '$0 secure' to secure the configuration."
}
# Function to secure Gitea configuration
secure_gitea() {
if ! incus list | grep -q $CONTAINER_NAME; then
echo "Error: Gitea is not installed. Please install Gitea first using '$0 install'."
exit 1
fi
echo "Securing Gitea configuration..."
incus exec $CONTAINER_NAME -- bash -c 'chmod 750 /etc/gitea && chmod 640 /etc/gitea/app.ini'
echo "Gitea configuration secured."
}
# Function to display usage
usage() {
echo "Usage"
echo "Create profile:"
echo "$0 profile [-c cpu] [-r ram]"
echo ""
echo "Install Gitea and PostgreSQL:"
echo "$0 install [-p dbpassword]"
echo ""
echo "Secure the configurations:"
echo "$0 secure"
}
# Main script logic
case "$1" in
profile)
shift
cpu=""
ram=""
while getopts ":c:r:" opt; do
case ${opt} in
c )
cpu=$OPTARG
;;
r )
ram=$OPTARG
;;
\? )
echo "Invalid option: $OPTARG" 1>&2
usage
exit 1
;;
: )
echo "Invalid option: $OPTARG requires an argument" 1>&2
usage
exit 1
;;
esac
done
create_profile $cpu $ram
;;
install)
shift
while getopts ":p:" opt; do
case ${opt} in
p )
DB_PASS=$OPTARG
;;
\? )
echo "Invalid option: $OPTARG" 1>&2
usage
exit 1
;;
: )
echo "Invalid option: $OPTARG requires an argument" 1>&2
usage
exit 1
;;
esac
done
install_gitea
;;
secure)
secure_gitea
;;
*)
usage
exit 1
;;
esac
exit 0

190
setup.sh
View File

@ -1,190 +0,0 @@
#!/bin/bash
set -e
CONTAINER_NAME="gitea"
WEB_PORT="3000"
SSH_PORT="2222"
PROFILE_NAME="gitea-profile"
ROOT_DISK_SIZE="20GB"
NETWORK_NAME="incusbr0"
DB_USER="gitea"
DB_PASS="gitea_password" # Change this to a secure password
echo "Creating Incus profile with 16GB memory limit and root disk..."
incus profile create $PROFILE_NAME || true
incus profile set $PROFILE_NAME limits.memory=16GB
incus profile device add $PROFILE_NAME root disk path=/ pool=default size=$ROOT_DISK_SIZE
echo "Ensuring network exists..."
if ! incus network list | grep -q $NETWORK_NAME; then
echo "Creating network $NETWORK_NAME..."
incus network create $NETWORK_NAME
fi
echo "Creating Incus container..."
incus launch images:ubuntu/22.04 $CONTAINER_NAME -p $PROFILE_NAME
echo "Attaching network to container..."
incus network attach $NETWORK_NAME $CONTAINER_NAME
echo "Configuring container..."
incus config set $CONTAINER_NAME security.privileged=true
incus config set $CONTAINER_NAME linux.kernel_modules=overlay,nf_nat
incus config device add $CONTAINER_NAME gitea-ssh proxy listen=tcp:0.0.0.0:$SSH_PORT connect=tcp:127.0.0.1:2222
incus config device add $CONTAINER_NAME gitea-web proxy listen=tcp:0.0.0.0:$WEB_PORT connect=tcp:127.0.0.1:3000
echo "Waiting for network to be ready..."
sleep 10
echo "Installing Gitea dependencies..."
incus exec $CONTAINER_NAME -- bash -c "
apt update
apt install -y wget git postgresql postgresql-contrib
"
echo "Setting up PostgreSQL..."
incus exec $CONTAINER_NAME -- bash -c "
sudo -u postgres psql -c \"CREATE USER $DB_USER WITH PASSWORD '$DB_PASS'\"
sudo -u postgres psql -c \"CREATE DATABASE gitea OWNER $DB_USER\"
echo \"host all all 0.0.0.0/0 password\" >> /etc/postgresql/14/main/pg_hba.conf
echo \"listen_addresses = '*'\" >> /etc/postgresql/14/main/postgresql.conf
systemctl restart postgresql
"
echo "Installing Gitea..."
incus exec $CONTAINER_NAME -- bash -c "
wget -O gitea https://dl.gitea.io/gitea/1.18.0/gitea-1.18.0-linux-amd64
chmod +x gitea
mv gitea /usr/local/bin/gitea
"
echo "Creating Gitea user and setting up directories..."
incus exec $CONTAINER_NAME -- bash -c "
adduser --system --group --disabled-password --home /var/lib/gitea --shell /bin/bash git
mkdir -p /var/lib/gitea/{custom,data,log}
chown -R git:git /var/lib/gitea/
chmod -R 750 /var/lib/gitea/
mkdir -p /etc/gitea
chown root:git /etc/gitea
chmod 770 /etc/gitea
"
echo "Creating Gitea configuration..."
incus exec $CONTAINER_NAME -- bash -c "cat > /etc/gitea/app.ini << EOL
APP_NAME = Gitea: Git with a cup of tea
RUN_USER = git
RUN_MODE = prod
[database]
DB_TYPE = postgres
HOST = 127.0.0.1:5432
NAME = gitea
USER = $DB_USER
PASSWD = $DB_PASS
[repository]
ROOT = /var/lib/gitea/data/gitea-repositories
[server]
HTTP_PORT = 3000
ROOT_URL = http://$(incus exec $CONTAINER_NAME -- ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1):$WEB_PORT/
DISABLE_SSH = false
SSH_PORT = 2222
START_SSH_SERVER = true
LFS_START_SERVER = true
[security]
INSTALL_LOCK = false
[service]
DISABLE_REGISTRATION = false
REQUIRE_SIGNIN_VIEW = false
[indexer]
ISSUE_INDEXER_PATH = /var/lib/gitea/indexers/issues.bleve
[session]
PROVIDER_CONFIG = /var/lib/gitea/data/sessions
[picture]
AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /var/lib/gitea/data/repo-avatars
[attachment]
PATH = /var/lib/gitea/data/attachments
[log]
ROOT_PATH = /var/lib/gitea/log
[mailer]
ENABLED = false
[service]
DISABLE_REGISTRATION = false
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.example.org
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true
EOL"
echo "Setting initial permissions for Gitea config file..."
incus exec $CONTAINER_NAME -- bash -c "
chown root:git /etc/gitea/app.ini
chmod 770 /etc/gitea
chmod 660 /etc/gitea/app.ini
"
echo "Creating Gitea service..."
incus exec $CONTAINER_NAME -- bash -c "cat > /etc/systemd/system/gitea.service << EOL
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
After=postgresql.service
[Service]
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea
[Install]
WantedBy=multi-user.target
EOL"
echo "Ensuring PostgreSQL is running and accessible..."
incus exec $CONTAINER_NAME -- bash -c "
systemctl restart postgresql
sleep 5
sudo -u git psql -h 127.0.0.1 -U gitea -d gitea -c 'SELECT 1'
"
echo "Starting Gitea..."
incus exec $CONTAINER_NAME -- bash -c "
systemctl daemon-reload
systemctl enable gitea
systemctl restart gitea
sleep 5
systemctl status gitea
"
echo "Gitea setup complete!"
echo "Access Gitea at http://$(incus exec $CONTAINER_NAME -- ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1):$WEB_PORT"
echo "SSH access available on port $SSH_PORT"
echo ""
echo "After completing the web installation, run the following command to secure the configuration:"
echo "incus exec $CONTAINER_NAME -- bash -c 'chmod 750 /etc/gitea && chmod 640 /etc/gitea/app.ini'"