From 6b8fd549c27c1cfa54925381cc4d1b56b53b19a7 Mon Sep 17 00:00:00 2001 From: acidvegas Date: Wed, 24 Jan 2024 01:44:52 -0500 Subject: [PATCH] Added deployment script, nginx conf, and more... --- .../public/{ => assets}/css/theme-github.css | 0 .../{ => assets}/img/avatar_default.png | Bin custom/public/{ => assets}/img/favicon.svg | 0 custom/public/{ => assets}/img/logo.png | Bin custom/public/{ => assets}/img/supernets.png | Bin deploy | 71 ++++++++++++++++++ nginx.conf | 28 +++++++ 7 files changed, 99 insertions(+) rename custom/public/{ => assets}/css/theme-github.css (100%) rename custom/public/{ => assets}/img/avatar_default.png (100%) rename custom/public/{ => assets}/img/favicon.svg (100%) rename custom/public/{ => assets}/img/logo.png (100%) rename custom/public/{ => assets}/img/supernets.png (100%) create mode 100755 deploy create mode 100644 nginx.conf diff --git a/custom/public/css/theme-github.css b/custom/public/assets/css/theme-github.css similarity index 100% rename from custom/public/css/theme-github.css rename to custom/public/assets/css/theme-github.css diff --git a/custom/public/img/avatar_default.png b/custom/public/assets/img/avatar_default.png similarity index 100% rename from custom/public/img/avatar_default.png rename to custom/public/assets/img/avatar_default.png diff --git a/custom/public/img/favicon.svg b/custom/public/assets/img/favicon.svg similarity index 100% rename from custom/public/img/favicon.svg rename to custom/public/assets/img/favicon.svg diff --git a/custom/public/img/logo.png b/custom/public/assets/img/logo.png similarity index 100% rename from custom/public/img/logo.png rename to custom/public/assets/img/logo.png diff --git a/custom/public/img/supernets.png b/custom/public/assets/img/supernets.png similarity index 100% rename from custom/public/img/supernets.png rename to custom/public/assets/img/supernets.png diff --git a/deploy b/deploy new file mode 100755 index 0000000..df06556 --- /dev/null +++ b/deploy @@ -0,0 +1,71 @@ +#!/bin/sh +# SuperNETs Gitea Helper Script - developed by acidvegas (https://git.acid.vegas) + +# Tranfser your Gitea backup file prior to using this script. +# Backup your previous instance with: gitea dump -c /etc/gitea/app.ini + +setup_system() { + adduser --system --shell /bin/bash --gecos 'Git Version Control' --group --disabled-password --home /home/git git +} + +setup_postgres() { + apt-get install -y postgresql postgresql-client + + # Create a new role + su -c "psql -c \"CREATE ROLE git WITH LOGIN PASSWORD 'CHANGEME';\"" postgres + + # Create a new database + su -c "psql -c \"CREATE DATABASE gitdb WITH OWNER git TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';\"" postgres + + printf "\n\nlocal gitdb git scram-sha-256\n" >> /etc/postgresql/*/main/pg_hba.conf + + systemctl restart postgresql && systemctl enable postgresql +} + +setup_gitea() { + apt-get install -y git unzip + + # Grab the latest Gitea binary + wget -O /usr/local/bin/gitea https://dl.gitea.com/gitea/1.21.4/gitea-1.21.4-linux-amd64 && chmod +x /usr/local/bin/gitea + + # Setup the Gitea directories + mkdir -p /etc/gitea /var/lib/gitea/custom/assets /var/lib/gitea/data /var/lib/gitea/log + + # Extract the backup file + unzip gitea-dump-*.zip + cd gitea-dump-* + mv app.ini /etc/gitea/ + mv data /var/lib/gitea/data + mv log /var/lib/gitea/log + mv repos /var/lib/gitea/data/gitea-repositories + mv custom /var/lib/gitea/custom + psql -U git -d gitdb < gitea-db.sql # Might have to double check this + + # Set permissions + chown root:git /etc/gitea + chmod 750 /etc/gitea + chmod 640 /etc/gitea/app.ini + chown -R git:git /var/lib/gitea/ + chmod -R 750 /var/lib/gitea/ + + # Grab completions and service file + wget -O /usr/share/bash-completion/completions/gitea https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/autocompletion/bash_autocomplete + wget -O /etc/systemd/system/gitea.service https://raw.githubusercontent.com/go-gitea/gitea/release/v1.21/contrib/systemd/gitea.service + + # LET ER RIP !! + systemctl enable gitea && systemctl start gitea +} + +setup_nginx_proxy() { + apt-get install -y certbot + + certbot certonly --standalone -d git.supernets.org -m admin@supernets.org + echo -e "[Unit]\nDescription=cerbot renewal\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/certbot renew -n --quiet --agree-tos --deploy-hook systemctl restart nginx" > /etc/systemd/system/certbot.service + echo -e "[Unit]\nDescription=cerbot renewal timer\n\n[Timer]\nOnCalendar=0/12:00:00\nRandomizedDelaySec=1h\nPersistent=true\n\n[Install]\nWantedBy=timers.target" > /etc/systemd/system/certbot.timer + systemctl enable certbot.timer && systemctl start certbot.timer + + apt-get install -y nginx + + wget -O /etc/nginx/sites-enabled/git.supernets.org https://raw.githubusercontent.com/supernets/gitea/main/nginx.conf + systemctl restart nginx && systemctl enable nginx +} \ No newline at end of file diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..1b03496 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,28 @@ +server { + server_name git.supernets.org; + + location / { + client_max_body_size 512M; + proxy_pass http://localhost:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/git.supernets.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/git.supernets.org/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; +} + +server { + if ($host = git.supernets.org) { + return 301 https://$host$request_uri; + } + + listen 80; + server_name git.supernets.org; + return 404; +} \ No newline at end of file