diff --git a/README.md b/README.md index e9ec330..1100158 100644 --- a/README.md +++ b/README.md @@ -1,37 +1,86 @@ -# Gitea Setup with Incus and Docker +# Gitea Incus Deployment Script -This script automates the setup of Gitea using Incus containers with nested Docker Compose. +This script automates the deployment of Gitea using Incus containers. It provides a simple command-line interface to create a profile, install Gitea and PostgreSQL, and secure the configuration. ## Prerequisites -- Incus installed on the host machine -- Root or sudo access (Incus group perm works too) +- Incus installed and configured on your system +- Sudo or root access ## Usage -1. Save the script as `setup_gitea.sh` -2. Make it executable: `chmod +x setup_gitea.sh` -3. Run the script: `sudo ./setup_gitea.sh` +Make the script executable: -The script will: -- Create an Incus container named 'gitea' -- Install Docker and Docker Compose in the container -- Set up Gitea using Docker Compose -- Configure port forwarding for web and SSH access +```bash +chmod +x gitea.sh +``` -Access Gitea at `http://host-ip:3000`. SSH access is available on port 2222. +### Create Profile -## Configuration +Create an Incus profile for Gitea: -You can modify the following variables in the script: -- `CONTAINER_NAME`: Name of the Incus container -- `HOST_DATA_PATH`: Path on the host to store Gitea data -- `WEB_PORT`: Port for web access -- `SSH_PORT`: Port for SSH access +```bash +./gitea.sh profile [-c cpu] [-r ram] +``` + +Options: +- `-c cpu`: Specify the number of CPUs (optional) +- `-r ram`: Specify the amount of RAM in GB (optional) + +If CPU or RAM is not specified, the default Incus values will be used. + +### Install Gitea + +Install Gitea and PostgreSQL: + +```bash +./gitea.sh install [-p dbpassword] +``` + +Options: +- `-p dbpassword`: Specify a custom database password (optional) + +If no password is provided, a default password will be used. + +### Secure Configuration + +After completing the web installation, secure the Gitea configuration: + +```bash +./gitea.sh secure +``` + +## Script Behavior + +1. The script enforces the correct order of operations: + - Profile must be created before installation + - Gitea must be installed before securing the configuration +2. The script will create a network named "incusbr0" if it doesn't exist +3. The root disk size for the Incus container is set to 20GB by default +4. Gitea will be accessible on port 3000, and SSH access will be on port 2222 ## Notes -- The script uses Ubuntu 22.04 as the base image for the Incus container. -- PostgreSQL is used as the database and runs in a separate container. -- Data is persisted on the host machine. -- For production use, review and adjust security settings as needed. +- After installation, access Gitea through the web interface to complete the setup +- The script provides the URL to access Gitea after installation +- Make sure to secure the configuration after completing the web setup + +## Customization + +You can modify the following variables at the top of the script to customize your deployment: + +- `CONTAINER_NAME`: Name of the Incus container +- `WEB_PORT`: Port for accessing Gitea web interface +- `SSH_PORT`: Port for SSH access +- `PROFILE_NAME`: Name of the Incus profile +- `ROOT_DISK_SIZE`: Size of the root disk for the container +- `NETWORK_NAME`: Name of the Incus network +- `DB_USER`: PostgreSQL database user for Gitea +- `DB_PASS`: Default PostgreSQL database password (can be overridden during installation) + +## Troubleshooting + +If you encounter any issues: +1. Check the Incus container status: `incus list` +2. View the container logs: `incus exec gitea -- journalctl -u gitea` +3. Ensure all required ports are open and not in use by other services diff --git a/gitea.sh b/gitea.sh new file mode 100755 index 0000000..ec6396b --- /dev/null +++ b/gitea.sh @@ -0,0 +1,304 @@ +#!/bin/bash + +set -e + +CONTAINER_NAME="gitea" +WEB_PORT="3000" +SSH_PORT="2222" +PROFILE_NAME="gitea-profile" +ROOT_DISK_SIZE="20GB" +NETWORK_NAME="incusbr0" +DB_USER="gitea" +DB_PASS="gitea_password" # Default password, can be overridden with -p option + +# Function to create the Incus profile +create_profile() { + local cpu=$1 + local ram=$2 + + echo "Creating Incus profile with root disk size of $ROOT_DISK_SIZE..." + incus profile create $PROFILE_NAME || true + if [ ! -z "$ram" ]; then + echo "Setting RAM limit to ${ram}GB" + incus profile set $PROFILE_NAME limits.memory=${ram}GB + else + echo "No RAM limit specified. Using default." + fi + if [ ! -z "$cpu" ]; then + echo "Setting CPU limit to $cpu" + incus profile set $PROFILE_NAME limits.cpu=$cpu + else + echo "No CPU limit specified. Using default." + fi + incus profile device add $PROFILE_NAME root disk path=/ pool=default size=$ROOT_DISK_SIZE + + echo "Ensuring network exists..." + if ! incus network list | grep -q $NETWORK_NAME; then + echo "Creating network $NETWORK_NAME..." + incus network create $NETWORK_NAME + fi +} + +# Function to check if profile exists +profile_exists() { + incus profile list | grep -q $PROFILE_NAME +} + +# Function to install Gitea and PostgreSQL +install_gitea() { + if ! profile_exists; then + echo "Error: Profile does not exist. Please create a profile first using '$0 profile'." + exit 1 + fi + + echo "Creating Incus container..." + incus launch images:ubuntu/22.04 $CONTAINER_NAME -p $PROFILE_NAME + + echo "Attaching network to container..." + incus network attach $NETWORK_NAME $CONTAINER_NAME + + echo "Configuring container..." + incus config set $CONTAINER_NAME security.privileged=true + incus config set $CONTAINER_NAME linux.kernel_modules=overlay,nf_nat + incus config device add $CONTAINER_NAME gitea-ssh proxy listen=tcp:0.0.0.0:$SSH_PORT connect=tcp:127.0.0.1:2222 + incus config device add $CONTAINER_NAME gitea-web proxy listen=tcp:0.0.0.0:$WEB_PORT connect=tcp:127.0.0.1:3000 + + echo "Waiting for network to be ready..." + sleep 10 + + echo "Installing Gitea dependencies..." + incus exec $CONTAINER_NAME -- bash -c " + apt update + apt install -y wget git postgresql postgresql-contrib + " + + echo "Setting up PostgreSQL..." + incus exec $CONTAINER_NAME -- bash -c " + sudo -u postgres psql -c \"CREATE USER $DB_USER WITH PASSWORD '$DB_PASS'\" + sudo -u postgres psql -c \"CREATE DATABASE gitea OWNER $DB_USER\" + echo \"host all all 0.0.0.0/0 password\" >> /etc/postgresql/14/main/pg_hba.conf + echo \"listen_addresses = '*'\" >> /etc/postgresql/14/main/postgresql.conf + systemctl restart postgresql + " + + echo "Installing Gitea..." + incus exec $CONTAINER_NAME -- bash -c " + wget -O gitea https://dl.gitea.io/gitea/1.18.0/gitea-1.18.0-linux-amd64 + chmod +x gitea + mv gitea /usr/local/bin/gitea + " + + echo "Creating Gitea user and setting up directories..." + incus exec $CONTAINER_NAME -- bash -c " + adduser --system --group --disabled-password --home /var/lib/gitea --shell /bin/bash git + mkdir -p /var/lib/gitea/{custom,data,log} + chown -R git:git /var/lib/gitea/ + chmod -R 750 /var/lib/gitea/ + mkdir -p /etc/gitea + chown root:git /etc/gitea + chmod 770 /etc/gitea + " + + echo "Creating Gitea configuration..." + incus exec $CONTAINER_NAME -- bash -c "cat > /etc/gitea/app.ini << EOL +APP_NAME = Gitea: Git with a cup of tea +RUN_USER = git +RUN_MODE = prod + +[database] +DB_TYPE = postgres +HOST = 127.0.0.1:5432 +NAME = gitea +USER = $DB_USER +PASSWD = $DB_PASS + +[repository] +ROOT = /var/lib/gitea/data/gitea-repositories + +[server] +HTTP_PORT = 3000 +ROOT_URL = http://$(incus exec $CONTAINER_NAME -- ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1):$WEB_PORT/ +DISABLE_SSH = false +SSH_PORT = 2222 +START_SSH_SERVER = true +LFS_START_SERVER = true + +[security] +INSTALL_LOCK = false + +[service] +DISABLE_REGISTRATION = false +REQUIRE_SIGNIN_VIEW = false + +[indexer] +ISSUE_INDEXER_PATH = /var/lib/gitea/indexers/issues.bleve + +[session] +PROVIDER_CONFIG = /var/lib/gitea/data/sessions + +[picture] +AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = /var/lib/gitea/data/repo-avatars + +[attachment] +PATH = /var/lib/gitea/data/attachments + +[log] +ROOT_PATH = /var/lib/gitea/log + +[mailer] +ENABLED = false + +[service] +DISABLE_REGISTRATION = false +REQUIRE_SIGNIN_VIEW = false +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = false +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.example.org + +[openid] +ENABLE_OPENID_SIGNIN = true +ENABLE_OPENID_SIGNUP = true +EOL" + + echo "Setting initial permissions for Gitea config file..." + incus exec $CONTAINER_NAME -- bash -c " + chown root:git /etc/gitea/app.ini + chmod 770 /etc/gitea + chmod 660 /etc/gitea/app.ini + " + + echo "Creating Gitea service..." + incus exec $CONTAINER_NAME -- bash -c "cat > /etc/systemd/system/gitea.service << EOL +[Unit] +Description=Gitea (Git with a cup of tea) +After=syslog.target +After=network.target +After=postgresql.service + +[Service] +RestartSec=2s +Type=simple +User=git +Group=git +WorkingDirectory=/var/lib/gitea/ +ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini +Restart=always +Environment=USER=git HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea + +[Install] +WantedBy=multi-user.target +EOL" + + echo "Ensuring PostgreSQL is running and accessible..." + incus exec $CONTAINER_NAME -- bash -c " + systemctl restart postgresql + sleep 5 + sudo -u git psql -h 127.0.0.1 -U gitea -d gitea -c 'SELECT 1' + " + + echo "Starting Gitea..." + incus exec $CONTAINER_NAME -- bash -c " + systemctl daemon-reload + systemctl enable gitea + systemctl restart gitea + sleep 5 + systemctl status gitea + " + + echo "Gitea setup complete!" + echo "Access Gitea at http://$(incus exec $CONTAINER_NAME -- ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1):$WEB_PORT" + echo "SSH access available on port $SSH_PORT" + echo "" + echo "After completing the web installation, run '$0 secure' to secure the configuration." +} + +# Function to secure Gitea configuration +secure_gitea() { + if ! incus list | grep -q $CONTAINER_NAME; then + echo "Error: Gitea is not installed. Please install Gitea first using '$0 install'." + exit 1 + fi + + echo "Securing Gitea configuration..." + incus exec $CONTAINER_NAME -- bash -c 'chmod 750 /etc/gitea && chmod 640 /etc/gitea/app.ini' + echo "Gitea configuration secured." +} + +# Function to display usage +usage() { + echo "Usage" + echo "Create profile:" + echo "$0 profile [-c cpu] [-r ram]" + echo "" + echo "Install Gitea and PostgreSQL:" + echo "$0 install [-p dbpassword]" + echo "" + echo "Secure the configurations:" + echo "$0 secure" +} + +# Main script logic +case "$1" in + profile) + shift + cpu="" + ram="" + while getopts ":c:r:" opt; do + case ${opt} in + c ) + cpu=$OPTARG + ;; + r ) + ram=$OPTARG + ;; + \? ) + echo "Invalid option: $OPTARG" 1>&2 + usage + exit 1 + ;; + : ) + echo "Invalid option: $OPTARG requires an argument" 1>&2 + usage + exit 1 + ;; + esac + done + create_profile $cpu $ram + ;; + install) + shift + while getopts ":p:" opt; do + case ${opt} in + p ) + DB_PASS=$OPTARG + ;; + \? ) + echo "Invalid option: $OPTARG" 1>&2 + usage + exit 1 + ;; + : ) + echo "Invalid option: $OPTARG requires an argument" 1>&2 + usage + exit 1 + ;; + esac + done + install_gitea + ;; + secure) + secure_gitea + ;; + *) + usage + exit 1 + ;; +esac + +exit 0 diff --git a/setup.sh b/setup.sh deleted file mode 100755 index 46f6338..0000000 --- a/setup.sh +++ /dev/null @@ -1,190 +0,0 @@ -#!/bin/bash - -set -e - -CONTAINER_NAME="gitea" -WEB_PORT="3000" -SSH_PORT="2222" -PROFILE_NAME="gitea-profile" -ROOT_DISK_SIZE="20GB" -NETWORK_NAME="incusbr0" -DB_USER="gitea" -DB_PASS="gitea_password" # Change this to a secure password - -echo "Creating Incus profile with 16GB memory limit and root disk..." -incus profile create $PROFILE_NAME || true -incus profile set $PROFILE_NAME limits.memory=16GB -incus profile device add $PROFILE_NAME root disk path=/ pool=default size=$ROOT_DISK_SIZE - -echo "Ensuring network exists..." -if ! incus network list | grep -q $NETWORK_NAME; then - echo "Creating network $NETWORK_NAME..." - incus network create $NETWORK_NAME -fi - -echo "Creating Incus container..." -incus launch images:ubuntu/22.04 $CONTAINER_NAME -p $PROFILE_NAME - -echo "Attaching network to container..." -incus network attach $NETWORK_NAME $CONTAINER_NAME - -echo "Configuring container..." -incus config set $CONTAINER_NAME security.privileged=true -incus config set $CONTAINER_NAME linux.kernel_modules=overlay,nf_nat -incus config device add $CONTAINER_NAME gitea-ssh proxy listen=tcp:0.0.0.0:$SSH_PORT connect=tcp:127.0.0.1:2222 -incus config device add $CONTAINER_NAME gitea-web proxy listen=tcp:0.0.0.0:$WEB_PORT connect=tcp:127.0.0.1:3000 - -echo "Waiting for network to be ready..." -sleep 10 - -echo "Installing Gitea dependencies..." -incus exec $CONTAINER_NAME -- bash -c " -apt update -apt install -y wget git postgresql postgresql-contrib -" - -echo "Setting up PostgreSQL..." -incus exec $CONTAINER_NAME -- bash -c " -sudo -u postgres psql -c \"CREATE USER $DB_USER WITH PASSWORD '$DB_PASS'\" -sudo -u postgres psql -c \"CREATE DATABASE gitea OWNER $DB_USER\" -echo \"host all all 0.0.0.0/0 password\" >> /etc/postgresql/14/main/pg_hba.conf -echo \"listen_addresses = '*'\" >> /etc/postgresql/14/main/postgresql.conf -systemctl restart postgresql -" - -echo "Installing Gitea..." -incus exec $CONTAINER_NAME -- bash -c " -wget -O gitea https://dl.gitea.io/gitea/1.18.0/gitea-1.18.0-linux-amd64 -chmod +x gitea -mv gitea /usr/local/bin/gitea -" - -echo "Creating Gitea user and setting up directories..." -incus exec $CONTAINER_NAME -- bash -c " -adduser --system --group --disabled-password --home /var/lib/gitea --shell /bin/bash git -mkdir -p /var/lib/gitea/{custom,data,log} -chown -R git:git /var/lib/gitea/ -chmod -R 750 /var/lib/gitea/ -mkdir -p /etc/gitea -chown root:git /etc/gitea -chmod 770 /etc/gitea -" - -echo "Creating Gitea configuration..." -incus exec $CONTAINER_NAME -- bash -c "cat > /etc/gitea/app.ini << EOL -APP_NAME = Gitea: Git with a cup of tea -RUN_USER = git -RUN_MODE = prod - -[database] -DB_TYPE = postgres -HOST = 127.0.0.1:5432 -NAME = gitea -USER = $DB_USER -PASSWD = $DB_PASS - -[repository] -ROOT = /var/lib/gitea/data/gitea-repositories - -[server] -HTTP_PORT = 3000 -ROOT_URL = http://$(incus exec $CONTAINER_NAME -- ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1):$WEB_PORT/ -DISABLE_SSH = false -SSH_PORT = 2222 -START_SSH_SERVER = true -LFS_START_SERVER = true - -[security] -INSTALL_LOCK = false - -[service] -DISABLE_REGISTRATION = false -REQUIRE_SIGNIN_VIEW = false - -[indexer] -ISSUE_INDEXER_PATH = /var/lib/gitea/indexers/issues.bleve - -[session] -PROVIDER_CONFIG = /var/lib/gitea/data/sessions - -[picture] -AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars -REPOSITORY_AVATAR_UPLOAD_PATH = /var/lib/gitea/data/repo-avatars - -[attachment] -PATH = /var/lib/gitea/data/attachments - -[log] -ROOT_PATH = /var/lib/gitea/log - -[mailer] -ENABLED = false - -[service] -DISABLE_REGISTRATION = false -REQUIRE_SIGNIN_VIEW = false -REGISTER_EMAIL_CONFIRM = false -ENABLE_NOTIFY_MAIL = false -ALLOW_ONLY_EXTERNAL_REGISTRATION = false -ENABLE_CAPTCHA = false -DEFAULT_KEEP_EMAIL_PRIVATE = false -DEFAULT_ALLOW_CREATE_ORGANIZATION = true -DEFAULT_ENABLE_TIMETRACKING = true -NO_REPLY_ADDRESS = noreply.example.org - -[openid] -ENABLE_OPENID_SIGNIN = true -ENABLE_OPENID_SIGNUP = true -EOL" - -echo "Setting initial permissions for Gitea config file..." -incus exec $CONTAINER_NAME -- bash -c " -chown root:git /etc/gitea/app.ini -chmod 770 /etc/gitea -chmod 660 /etc/gitea/app.ini -" - -echo "Creating Gitea service..." -incus exec $CONTAINER_NAME -- bash -c "cat > /etc/systemd/system/gitea.service << EOL -[Unit] -Description=Gitea (Git with a cup of tea) -After=syslog.target -After=network.target -After=postgresql.service - -[Service] -RestartSec=2s -Type=simple -User=git -Group=git -WorkingDirectory=/var/lib/gitea/ -ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini -Restart=always -Environment=USER=git HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea - -[Install] -WantedBy=multi-user.target -EOL" - -echo "Ensuring PostgreSQL is running and accessible..." -incus exec $CONTAINER_NAME -- bash -c " -systemctl restart postgresql -sleep 5 -sudo -u git psql -h 127.0.0.1 -U gitea -d gitea -c 'SELECT 1' -" - -echo "Starting Gitea..." -incus exec $CONTAINER_NAME -- bash -c " -systemctl daemon-reload -systemctl enable gitea -systemctl restart gitea -sleep 5 -systemctl status gitea -" - -echo "Gitea setup complete!" -echo "Access Gitea at http://$(incus exec $CONTAINER_NAME -- ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1):$WEB_PORT" -echo "SSH access available on port $SSH_PORT" -echo "" -echo "After completing the web installation, run the following command to secure the configuration:" -echo "incus exec $CONTAINER_NAME -- bash -c 'chmod 750 /etc/gitea && chmod 640 /etc/gitea/app.ini'"