#!/bin/bash set -e CONTAINER_NAME="gitea" WEB_PORT="3000" SSH_PORT="2222" PROFILE_NAME="gitea-profile" ROOT_DISK_SIZE="20GB" NETWORK_NAME="incusbr0" DB_USER="gitea" DB_PASS="gitea_password" # Change this to a secure password echo "Creating Incus profile with 16GB memory limit and root disk..." incus profile create $PROFILE_NAME || true incus profile set $PROFILE_NAME limits.memory=16GB incus profile device add $PROFILE_NAME root disk path=/ pool=default size=$ROOT_DISK_SIZE echo "Ensuring network exists..." if ! incus network list | grep -q $NETWORK_NAME; then echo "Creating network $NETWORK_NAME..." incus network create $NETWORK_NAME fi echo "Creating Incus container..." incus launch images:ubuntu/22.04 $CONTAINER_NAME -p $PROFILE_NAME echo "Attaching network to container..." incus network attach $NETWORK_NAME $CONTAINER_NAME echo "Configuring container..." incus config set $CONTAINER_NAME security.privileged=true incus config set $CONTAINER_NAME linux.kernel_modules=overlay,nf_nat incus config device add $CONTAINER_NAME gitea-ssh proxy listen=tcp:0.0.0.0:$SSH_PORT connect=tcp:127.0.0.1:2222 incus config device add $CONTAINER_NAME gitea-web proxy listen=tcp:0.0.0.0:$WEB_PORT connect=tcp:127.0.0.1:3000 echo "Waiting for network to be ready..." sleep 10 echo "Installing Gitea dependencies..." incus exec $CONTAINER_NAME -- bash -c " apt update apt install -y wget git postgresql postgresql-contrib " echo "Setting up PostgreSQL..." incus exec $CONTAINER_NAME -- bash -c " sudo -u postgres psql -c \"CREATE USER $DB_USER WITH PASSWORD '$DB_PASS'\" sudo -u postgres psql -c \"CREATE DATABASE gitea OWNER $DB_USER\" echo \"host all all 0.0.0.0/0 password\" >> /etc/postgresql/14/main/pg_hba.conf echo \"listen_addresses = '*'\" >> /etc/postgresql/14/main/postgresql.conf systemctl restart postgresql " echo "Installing Gitea..." incus exec $CONTAINER_NAME -- bash -c " wget -O gitea https://dl.gitea.io/gitea/1.18.0/gitea-1.18.0-linux-amd64 chmod +x gitea mv gitea /usr/local/bin/gitea " echo "Creating Gitea user and setting up directories..." incus exec $CONTAINER_NAME -- bash -c " adduser --system --group --disabled-password --home /var/lib/gitea --shell /bin/bash git mkdir -p /var/lib/gitea/{custom,data,log} chown -R git:git /var/lib/gitea/ chmod -R 750 /var/lib/gitea/ mkdir -p /etc/gitea chown root:git /etc/gitea chmod 770 /etc/gitea " echo "Creating Gitea configuration..." incus exec $CONTAINER_NAME -- bash -c "cat > /etc/gitea/app.ini << EOL APP_NAME = Gitea: Git with a cup of tea RUN_USER = git RUN_MODE = prod [database] DB_TYPE = postgres HOST = 127.0.0.1:5432 NAME = gitea USER = $DB_USER PASSWD = $DB_PASS [repository] ROOT = /var/lib/gitea/data/gitea-repositories [server] HTTP_PORT = 3000 ROOT_URL = http://$(incus exec $CONTAINER_NAME -- ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1):$WEB_PORT/ DISABLE_SSH = false SSH_PORT = 2222 START_SSH_SERVER = true LFS_START_SERVER = true [security] INSTALL_LOCK = false [service] DISABLE_REGISTRATION = false REQUIRE_SIGNIN_VIEW = false [indexer] ISSUE_INDEXER_PATH = /var/lib/gitea/indexers/issues.bleve [session] PROVIDER_CONFIG = /var/lib/gitea/data/sessions [picture] AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars REPOSITORY_AVATAR_UPLOAD_PATH = /var/lib/gitea/data/repo-avatars [attachment] PATH = /var/lib/gitea/data/attachments [log] ROOT_PATH = /var/lib/gitea/log [mailer] ENABLED = false [service] DISABLE_REGISTRATION = false REQUIRE_SIGNIN_VIEW = false REGISTER_EMAIL_CONFIRM = false ENABLE_NOTIFY_MAIL = false ALLOW_ONLY_EXTERNAL_REGISTRATION = false ENABLE_CAPTCHA = false DEFAULT_KEEP_EMAIL_PRIVATE = false DEFAULT_ALLOW_CREATE_ORGANIZATION = true DEFAULT_ENABLE_TIMETRACKING = true NO_REPLY_ADDRESS = noreply.example.org [openid] ENABLE_OPENID_SIGNIN = true ENABLE_OPENID_SIGNUP = true EOL" echo "Setting initial permissions for Gitea config file..." incus exec $CONTAINER_NAME -- bash -c " chown root:git /etc/gitea/app.ini chmod 770 /etc/gitea chmod 660 /etc/gitea/app.ini " echo "Creating Gitea service..." incus exec $CONTAINER_NAME -- bash -c "cat > /etc/systemd/system/gitea.service << EOL [Unit] Description=Gitea (Git with a cup of tea) After=syslog.target After=network.target After=postgresql.service [Service] RestartSec=2s Type=simple User=git Group=git WorkingDirectory=/var/lib/gitea/ ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini Restart=always Environment=USER=git HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea [Install] WantedBy=multi-user.target EOL" echo "Ensuring PostgreSQL is running and accessible..." incus exec $CONTAINER_NAME -- bash -c " systemctl restart postgresql sleep 5 sudo -u git psql -h 127.0.0.1 -U gitea -d gitea -c 'SELECT 1' " echo "Starting Gitea..." incus exec $CONTAINER_NAME -- bash -c " systemctl daemon-reload systemctl enable gitea systemctl restart gitea sleep 5 systemctl status gitea " echo "Gitea setup complete!" echo "Access Gitea at http://$(incus exec $CONTAINER_NAME -- ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1):$WEB_PORT" echo "SSH access available on port $SSH_PORT" echo "" echo "After completing the web installation, run the following command to secure the configuration:" echo "incus exec $CONTAINER_NAME -- bash -c 'chmod 750 /etc/gitea && chmod 640 /etc/gitea/app.ini'"