From c42b6a92b7d876b1648f3be67c98d78b0bf7fecf Mon Sep 17 00:00:00 2001
From: acidvegas <acid.vegas@acid.vegas>
Date: Sat, 28 Sep 2024 00:00:05 -0400
Subject: [PATCH] Updated container script for incus deploy, backup, and gitea
 runner. Updated to the latest app.ini

---
 app.ini      |  32 ++++++++-------
 deploy       |  71 --------------------------------
 deploy-gitea | 113 +++++++++++++++++++++++++++++++++++++++++++++++++++
 nginx.conf   |   8 +---
 4 files changed, 132 insertions(+), 92 deletions(-)
 delete mode 100755 deploy
 create mode 100755 deploy-gitea

diff --git a/app.ini b/app.ini
index 10b106f..e7776c4 100644
--- a/app.ini
+++ b/app.ini
@@ -5,10 +5,10 @@ RUN_MODE = prod
 
 [database]
 DB_TYPE = postgres
-HOST = 127.0.0.1:REDACTED
-NAME = bart
-USER = bart
-PASSWD = simps0nsfan420
+HOST = 127.0.0.1:1337
+NAME = gitea-database
+USER = gitea-admin
+PASSWD = simps0nsfan420!
 SSL_MODE = disable
 PATH = /var/lib/gitea/data/gitea.db
 LOG_SQL = false
@@ -24,20 +24,24 @@ DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true
 [repository.signing]
 DEFAULT_TRUST_MODEL = committer
 
+[repository.mimetype_mapping]
+.conf=text/plain
+
 [repository.upload]
 MAX_FILES=24
 
 [server]
 SSH_DOMAIN = git.supernets.org
 DOMAIN = git.supernets.org
-HTTP_PORT = REDACTED # Reverse proxy for HTTPS
+HTTP_PORT = 30443
 ROOT_URL = https://git.supernets.org/
 APP_DATA_PATH = /var/lib/gitea/data
 DISABLE_SSH = false
+SSH_PORT = 30022
+SSH_LISTEN_PORT = 30022
 START_SSH_SERVER = true
-SSH_PORT = 2023
 LFS_START_SERVER = true
-LFS_JWT_SECRET = REDACTED
+LFS_JWT_SECRET = HaO9I5J_Uv4RXGoEyaPVPftvKAqSKV8Y-YDBVAz0VSn
 OFFLINE_MODE = false
 
 [lfs]
@@ -54,8 +58,8 @@ DEFAULT_KEEP_EMAIL_PRIVATE = true
 NO_REPLY_ADDRESS = blackhole.supernets.org
 
 [openid]
-ENABLE_OPENID_SIGNIN = false
-ENABLE_OPENID_SIGNUP = false
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
 
 [cron.update_checker]
 ENABLED = false
@@ -70,7 +74,7 @@ ROOT_PATH = /var/lib/gitea/log
 
 [security]
 INSTALL_LOCK = true
-INTERNAL_TOKEN = REDACTED # YEAH YOU FUCKING THOUGHT DUDE...
+INTERNAL_TOKEN = pBZMfv9c3WWW9vd8zREUuYQ2HYBaptDppw5hvLqEd6xWKtUCZLz3vE1U2OUldzZiSgCqxFdeyV01hvOq4GjbiFCuLy5jKcccpzfHoEgFx
 PASSWORD_HASH_ALGO = pbkdf2
 LOGIN_REMEMBER_DAYS = 7
 COOKIE_USERNAME = supergit_who
@@ -79,7 +83,7 @@ MIN_PASSWORD_LENGTH = 10
 PASSWORD_COMPLEXITY = lower,upper,digit,spec
 
 [oauth2]
-JWT_SECRET = REDACTED
+JWT_SECRET = TYDxRn82KAufgH88dcQWyNUtcMwlwiMswfgpCcpvE5o
 
 [U2F]
 APP_ID = https://git.supernets.org
@@ -89,11 +93,9 @@ TRUSTED_FACETS = https://git.supernets.org
 SHOW_USER_EMAIL = false
 DEFAULT_THEME = github
 THEMES = github
-MAX_DISPLAY_FILE_SIZE=52428800 # 50mb
+MAX_DISPLAY_FILE_SIZE=52428800
 
 [attachment]
 MAX_SIZE = 4096
 
-[other]
-SHOW_FOOTER_VERSION: false
-SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
+# LOL @ skids... *continues watching the simpsons*
diff --git a/deploy b/deploy
deleted file mode 100755
index df06556..0000000
--- a/deploy
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/sh
-# SuperNETs Gitea Helper Script - developed by acidvegas (https://git.acid.vegas)
-
-# Tranfser your Gitea backup file prior to using this script.
-# Backup your previous instance with: gitea dump -c /etc/gitea/app.ini
-
-setup_system() {
-    adduser --system --shell /bin/bash --gecos 'Git Version Control' --group --disabled-password --home /home/git git
-}
-
-setup_postgres() {
-    apt-get install -y postgresql postgresql-client
-
-    # Create a new role
-    su -c "psql -c \"CREATE ROLE git WITH LOGIN PASSWORD 'CHANGEME';\"" postgres
-
-    # Create a new database
-    su -c "psql -c \"CREATE DATABASE gitdb WITH OWNER git TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';\"" postgres
-
-    printf "\n\nlocal    gitdb    git    scram-sha-256\n" >> /etc/postgresql/*/main/pg_hba.conf
-
-    systemctl restart postgresql && systemctl enable postgresql
-}
-
-setup_gitea() {
-    apt-get install -y git unzip
-
-    # Grab the latest Gitea binary
-    wget -O /usr/local/bin/gitea https://dl.gitea.com/gitea/1.21.4/gitea-1.21.4-linux-amd64 && chmod +x /usr/local/bin/gitea
-
-    # Setup the Gitea directories
-    mkdir -p /etc/gitea /var/lib/gitea/custom/assets /var/lib/gitea/data /var/lib/gitea/log
-
-    # Extract the backup file
-    unzip gitea-dump-*.zip
-    cd gitea-dump-*
-    mv app.ini /etc/gitea/
-    mv data /var/lib/gitea/data
-    mv log /var/lib/gitea/log
-    mv repos /var/lib/gitea/data/gitea-repositories
-    mv custom /var/lib/gitea/custom
-    psql -U git -d gitdb < gitea-db.sql # Might have to double check this
-
-    # Set permissions
-    chown root:git /etc/gitea
-    chmod 750 /etc/gitea
-    chmod 640 /etc/gitea/app.ini
-    chown -R git:git /var/lib/gitea/
-    chmod -R 750 /var/lib/gitea/
-
-    # Grab completions and service file
-    wget -O /usr/share/bash-completion/completions/gitea https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/autocompletion/bash_autocomplete
-    wget -O /etc/systemd/system/gitea.service https://raw.githubusercontent.com/go-gitea/gitea/release/v1.21/contrib/systemd/gitea.service
-
-    # LET ER RIP !!
-    systemctl enable gitea      && systemctl start gitea
-}
-
-setup_nginx_proxy() {
-    apt-get install -y certbot
-
-    certbot certonly --standalone -d git.supernets.org -m admin@supernets.org
-    echo -e "[Unit]\nDescription=cerbot renewal\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/certbot renew -n --quiet --agree-tos --deploy-hook systemctl restart nginx" > /etc/systemd/system/certbot.service
-    echo -e "[Unit]\nDescription=cerbot renewal timer\n\n[Timer]\nOnCalendar=0/12:00:00\nRandomizedDelaySec=1h\nPersistent=true\n\n[Install]\nWantedBy=timers.target" > /etc/systemd/system/certbot.timer
-    systemctl enable certbot.timer && systemctl start certbot.timer
-
-    apt-get install -y nginx
-
-    wget -O /etc/nginx/sites-enabled/git.supernets.org https://raw.githubusercontent.com/supernets/gitea/main/nginx.conf
-    systemctl restart nginx && systemctl enable nginx
-}
\ No newline at end of file
diff --git a/deploy-gitea b/deploy-gitea
new file mode 100755
index 0000000..cd2e07f
--- /dev/null
+++ b/deploy-gitea
@@ -0,0 +1,113 @@
+#!/bin/bash
+# Gitea Container Deployment - Developed by acidvegas (https://git.acid.vegas)
+
+set -xev
+
+# TODO: Automate this process on a timer to do daily backups & remote backups
+backup_gitea() {
+    GITEA_DB="giteadb"
+    GITEA_DB_USER="gitea"
+
+    NOW=$(date +%Y%m%d)
+
+    incus exec gitea-container -- systemctl stop gitea
+    incus exec gitea-container -- sudo -u git sh -c 'gitea dump -c /etc/gitea/app.ini --file - > /home/git/gitea-${NOW}.zip'
+    incus exec gitea-container -- sudo -u git sh -c 'pg_dump -U $GITEA_DB_USER $GITEA_DB > /home/git/gitea-${NOW}.sql'
+    incus file pull gitea-container/home/git/gitea-${NOW}.zip gitea-${NOW}.zip
+    incus file pull gitea-container/home/git/gitea-${NOW}.sql gitea-${NOW}.sql
+    incus exec gitea-container -- rm /home/git/gitea-${NOW}.zip /home/git/gitea-${NOW}.sql
+    incus exec gitea-container -- systemctl start gitea
+}
+
+
+setup_gitea() {
+    [ ! -f gitea.zip ] && echo "Missing gitea.zip" && exit 1
+    [ ! -f gitea.sql ] && echo "Missing gitea.sql" && exit 1
+
+    GITEA_DB="giteadb"
+    GITEA_DB_USER="gitea"
+    PORT_GITEA_SSH=30022
+
+    CONTAINER_IP=$(incus list | grep gitea-container | awk '{print $6}')
+    VERSION=$(curl -s https://api.github.com/repos/go-gitea/gitea/releases/latest | jq -r .tag_name | cut -c2-)
+
+    incus config set gitea-container boot.autostart true
+    incus config device add gitea-container gitea-ssh-port proxy listen=tcp:0.0.0.0:$PORT_GITEA_SSH connect=tcp:$CONTAINER_IP:${PORT_GITEA_SSH}
+
+    incus exec prosody-container -- userdel -r agent
+
+    incus exec gitea-container -- apt-get install git postgresql postgresql-client unzip wget -y
+    incus exec gitea-container -- adduser --system --shell /bin/bash --group --disabled-password --home /home/git git
+    incus exec gitea-container -- wget -O /usr/local/bin/gitea https://github.com/go-gitea/gitea/releases/download/v${VERSION}/gitea-${VERSION}-linux-amd64
+    incus exec gitea-container -- chmod +x /usr/local/bin/gitea
+    incus exec gitea-container -- mkdir -p /etc/gitea /var/lib/gitea/custom/assets /var/lib/gitea/data /var/lib/gitea/log
+    incus exec gitea-container -- chown root:git /etc/gitea
+    incus exec gitea-container -- chmod 750 /etc/gitea
+    incus exec gitea-container -- chmod 640 /etc/gitea/app.ini
+    incus exec gitea-container -- chown -R git:git /var/lib/gitea
+    incus exec gitea-container -- chmod -R 750 /var/lib/gitea
+    incus exec gitea-container -- wget -O /usr/share/bash-completion/completions/gitea https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/autocompletion/bash_autocomplete
+    incus exec gitea-container -- wget -O /etc/systemd/system/gitea.service https://raw.githubusercontent.com/go-gitea/gitea/release/v1.22/contrib/systemd/gitea.service
+
+    incus file push gitea.sql gitea-container/root/gitea.sql
+    incus exec gitea-container -- systemctl enable postgresql
+    incus exec gitea-container -- systemctl start postgresql
+    PASSWORD=$(grep PASSWD /etc/gitea/app.ini | awk '{print $3}')
+    su -c "psql -c \"CREATE ROLE $GITEA_DB_USER WITH LOGIN PASSWORD '${PASSWORD}';\" -c \"CREATE DATABASE $GITEA_DB WITH OWNER $GITEA_DB_USER TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';\"" - postgres
+    printf "\nlocal $GITEA_DB $GITEA_DB_USER scram-sha-256" >> /etc/postgresql/*/main/pg_hba.conf # Verify this will write to all lol...
+    psql -h localhost -U $GIT_DB_USER $GIT_DB < /root/gitea.sql
+    incus exec gitea-container -- rm /root/gitea.sql
+    incus exec gitea-container -- systemctl restart postgresql
+
+    incus file push gitea.zip gitea-container/root/gitea.zip
+    incus exec gitea-container -- mkdir -p /root/restore
+    incus exec gitea-container -- unzip /root/gitea.zip -d /root/restore
+    incus exec gitea-container -- rm /root/gitea.zip
+    mv /root/restore/app.ini /etc/gitea/app.ini
+    mv /root/restore/custom/* /var/lib/gitea/custom/
+    mv /root/restore/data/* /var/lib/gitea/data/
+    mv /root/restore/repos/* /var/lib/gitea/data/gitea-repositories/
+    chown -R git:git /etc/gitea/app.ini /var/lib/gitea
+    incus exec gitea-container -- systemctl enable gitea
+    incus exec gitea-container -- systemctl start gitea
+}
+
+# TODO: Unfinished
+setup_runner() {
+    GITEA_URL="https://git.supernets.org"
+    CONTAINER_IP=$(incus list | grep gitea-runner-container | awk '{print $6}')
+    VERSION=$(curl -s https://gitea.com/api/v1/repos/gitea/act_runner/releases/latest | grep -o '"tag_name":"[^"]*' | cut -d'"' -f4)
+
+    incus config set gitea-container boot.autostart true
+
+    incus exec gitea-container -- wget -O /usr/local/bin/gitea-runner https://gitea.com/gitea/act_runner/releases/download/v${VERSION}/act_runner-${VERSION}-linux-amd64
+    incus exec gitea-container -- chmod +x /usr/local/bin/gitea-runner
+    incus exec gitea-container -- mkdir /etc/gitea-runner
+    incus exec gitea-container -- /usr/local/bin/gitea-runner generate-config > /etc/gitea-runner/config.yaml
+    incus exec gitea-container -- /usr/local/bin/gitea-runner register --no-interactive --instance $GITEA_URL --token <registration_token> --name <runner_name> --labels <runner_labels>
+
+    {
+        echo "[Unit]"
+        echo "Description=Gitea Actions runner"
+        echo "Documentation=https://gitea.com/gitea/act_runner"
+        echo "After=docker.service"
+
+        echo "[Service]"
+        echo "ExecStart=/usr/local/bin/act_runner daemon --config /etc/act_runner/config.yaml"
+        echo "ExecReload=/bin/kill -s HUP \$MAINPID"
+        echo "WorkingDirectory=/var/lib/act_runner"
+        echo "TimeoutSec=0"
+        echo "RestartSec=10"
+        echo "Restart=always"
+        echo "User=act_runner"
+
+        echo "[Install]"
+        echo "WantedBy=multi-user.target"
+	} > gitea-runner.service.tmp
+
+	incus file push gitea-runner.service.tmp gitea-container/etc/systemd/system/gitea-runner.service
+	rm gitea-runner.service.tmp
+
+	incus exec gitea-container -- systemctl enable gitea-runner
+    incus exec gitea-container -- systemctl start gitea-runner
+}
diff --git a/nginx.conf b/nginx.conf
index 7e8dd33..852b945 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,9 +1,8 @@
 server {
     server_name git.supernets.org;
-
     location / {
         client_max_body_size 4096M;
-        proxy_pass http://localhost:3000;
+        proxy_pass http://10.4.20.420:30443;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -13,10 +12,7 @@ server {
     listen 443 ssl;
     ssl_certificate /etc/letsencrypt/live/git.supernets.org/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/git.supernets.org/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 }
-
 server {
     if ($host = git.supernets.org) {
         return 301 https://$host$request_uri;
@@ -25,4 +21,4 @@ server {
     listen 80;
     server_name git.supernets.org;
     return 404;
-}
\ No newline at end of file
+}