Added deployment script, nginx conf, and more...
Before Width: | Height: | Size: 1.4 KiB After Width: | Height: | Size: 1.4 KiB |
Before Width: | Height: | Size: 2.6 KiB After Width: | Height: | Size: 2.6 KiB |
Before Width: | Height: | Size: 17 KiB After Width: | Height: | Size: 17 KiB |
Before Width: | Height: | Size: 17 KiB After Width: | Height: | Size: 17 KiB |
71
deploy
Executable file
@ -0,0 +1,71 @@
|
||||
#!/bin/sh
|
||||
# SuperNETs Gitea Helper Script - developed by acidvegas (https://git.acid.vegas)
|
||||
|
||||
# Tranfser your Gitea backup file prior to using this script.
|
||||
# Backup your previous instance with: gitea dump -c /etc/gitea/app.ini
|
||||
|
||||
setup_system() {
|
||||
adduser --system --shell /bin/bash --gecos 'Git Version Control' --group --disabled-password --home /home/git git
|
||||
}
|
||||
|
||||
setup_postgres() {
|
||||
apt-get install -y postgresql postgresql-client
|
||||
|
||||
# Create a new role
|
||||
su -c "psql -c \"CREATE ROLE git WITH LOGIN PASSWORD 'CHANGEME';\"" postgres
|
||||
|
||||
# Create a new database
|
||||
su -c "psql -c \"CREATE DATABASE gitdb WITH OWNER git TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';\"" postgres
|
||||
|
||||
printf "\n\nlocal gitdb git scram-sha-256\n" >> /etc/postgresql/*/main/pg_hba.conf
|
||||
|
||||
systemctl restart postgresql && systemctl enable postgresql
|
||||
}
|
||||
|
||||
setup_gitea() {
|
||||
apt-get install -y git unzip
|
||||
|
||||
# Grab the latest Gitea binary
|
||||
wget -O /usr/local/bin/gitea https://dl.gitea.com/gitea/1.21.4/gitea-1.21.4-linux-amd64 && chmod +x /usr/local/bin/gitea
|
||||
|
||||
# Setup the Gitea directories
|
||||
mkdir -p /etc/gitea /var/lib/gitea/custom/assets /var/lib/gitea/data /var/lib/gitea/log
|
||||
|
||||
# Extract the backup file
|
||||
unzip gitea-dump-*.zip
|
||||
cd gitea-dump-*
|
||||
mv app.ini /etc/gitea/
|
||||
mv data /var/lib/gitea/data
|
||||
mv log /var/lib/gitea/log
|
||||
mv repos /var/lib/gitea/data/gitea-repositories
|
||||
mv custom /var/lib/gitea/custom
|
||||
psql -U git -d gitdb < gitea-db.sql # Might have to double check this
|
||||
|
||||
# Set permissions
|
||||
chown root:git /etc/gitea
|
||||
chmod 750 /etc/gitea
|
||||
chmod 640 /etc/gitea/app.ini
|
||||
chown -R git:git /var/lib/gitea/
|
||||
chmod -R 750 /var/lib/gitea/
|
||||
|
||||
# Grab completions and service file
|
||||
wget -O /usr/share/bash-completion/completions/gitea https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/autocompletion/bash_autocomplete
|
||||
wget -O /etc/systemd/system/gitea.service https://raw.githubusercontent.com/go-gitea/gitea/release/v1.21/contrib/systemd/gitea.service
|
||||
|
||||
# LET ER RIP !!
|
||||
systemctl enable gitea && systemctl start gitea
|
||||
}
|
||||
|
||||
setup_nginx_proxy() {
|
||||
apt-get install -y certbot
|
||||
|
||||
certbot certonly --standalone -d git.supernets.org -m admin@supernets.org
|
||||
echo -e "[Unit]\nDescription=cerbot renewal\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/certbot renew -n --quiet --agree-tos --deploy-hook systemctl restart nginx" > /etc/systemd/system/certbot.service
|
||||
echo -e "[Unit]\nDescription=cerbot renewal timer\n\n[Timer]\nOnCalendar=0/12:00:00\nRandomizedDelaySec=1h\nPersistent=true\n\n[Install]\nWantedBy=timers.target" > /etc/systemd/system/certbot.timer
|
||||
systemctl enable certbot.timer && systemctl start certbot.timer
|
||||
|
||||
apt-get install -y nginx
|
||||
|
||||
wget -O /etc/nginx/sites-enabled/git.supernets.org https://raw.githubusercontent.com/supernets/gitea/main/nginx.conf
|
||||
systemctl restart nginx && systemctl enable nginx
|
||||
}
|
28
nginx.conf
Normal file
@ -0,0 +1,28 @@
|
||||
server {
|
||||
server_name git.supernets.org;
|
||||
|
||||
location / {
|
||||
client_max_body_size 512M;
|
||||
proxy_pass http://localhost:3000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/git.supernets.org/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/git.supernets.org/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = git.supernets.org) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
listen 80;
|
||||
server_name git.supernets.org;
|
||||
return 404;
|
||||
}
|