Updated container script for incus deploy, backup, and gitea runner. Updated to the latest app.ini
This commit is contained in:
parent
0d1bfaa3ff
commit
c42b6a92b7
32
app.ini
32
app.ini
@ -5,10 +5,10 @@ RUN_MODE = prod
|
|||||||
|
|
||||||
[database]
|
[database]
|
||||||
DB_TYPE = postgres
|
DB_TYPE = postgres
|
||||||
HOST = 127.0.0.1:REDACTED
|
HOST = 127.0.0.1:1337
|
||||||
NAME = bart
|
NAME = gitea-database
|
||||||
USER = bart
|
USER = gitea-admin
|
||||||
PASSWD = simps0nsfan420
|
PASSWD = simps0nsfan420!
|
||||||
SSL_MODE = disable
|
SSL_MODE = disable
|
||||||
PATH = /var/lib/gitea/data/gitea.db
|
PATH = /var/lib/gitea/data/gitea.db
|
||||||
LOG_SQL = false
|
LOG_SQL = false
|
||||||
@ -24,20 +24,24 @@ DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true
|
|||||||
[repository.signing]
|
[repository.signing]
|
||||||
DEFAULT_TRUST_MODEL = committer
|
DEFAULT_TRUST_MODEL = committer
|
||||||
|
|
||||||
|
[repository.mimetype_mapping]
|
||||||
|
.conf=text/plain
|
||||||
|
|
||||||
[repository.upload]
|
[repository.upload]
|
||||||
MAX_FILES=24
|
MAX_FILES=24
|
||||||
|
|
||||||
[server]
|
[server]
|
||||||
SSH_DOMAIN = git.supernets.org
|
SSH_DOMAIN = git.supernets.org
|
||||||
DOMAIN = git.supernets.org
|
DOMAIN = git.supernets.org
|
||||||
HTTP_PORT = REDACTED # Reverse proxy for HTTPS
|
HTTP_PORT = 30443
|
||||||
ROOT_URL = https://git.supernets.org/
|
ROOT_URL = https://git.supernets.org/
|
||||||
APP_DATA_PATH = /var/lib/gitea/data
|
APP_DATA_PATH = /var/lib/gitea/data
|
||||||
DISABLE_SSH = false
|
DISABLE_SSH = false
|
||||||
|
SSH_PORT = 30022
|
||||||
|
SSH_LISTEN_PORT = 30022
|
||||||
START_SSH_SERVER = true
|
START_SSH_SERVER = true
|
||||||
SSH_PORT = 2023
|
|
||||||
LFS_START_SERVER = true
|
LFS_START_SERVER = true
|
||||||
LFS_JWT_SECRET = REDACTED
|
LFS_JWT_SECRET = HaO9I5J_Uv4RXGoEyaPVPftvKAqSKV8Y-YDBVAz0VSn
|
||||||
OFFLINE_MODE = false
|
OFFLINE_MODE = false
|
||||||
|
|
||||||
[lfs]
|
[lfs]
|
||||||
@ -54,8 +58,8 @@ DEFAULT_KEEP_EMAIL_PRIVATE = true
|
|||||||
NO_REPLY_ADDRESS = blackhole.supernets.org
|
NO_REPLY_ADDRESS = blackhole.supernets.org
|
||||||
|
|
||||||
[openid]
|
[openid]
|
||||||
ENABLE_OPENID_SIGNIN = false
|
ENABLE_OPENID_SIGNIN = true
|
||||||
ENABLE_OPENID_SIGNUP = false
|
ENABLE_OPENID_SIGNUP = true
|
||||||
|
|
||||||
[cron.update_checker]
|
[cron.update_checker]
|
||||||
ENABLED = false
|
ENABLED = false
|
||||||
@ -70,7 +74,7 @@ ROOT_PATH = /var/lib/gitea/log
|
|||||||
|
|
||||||
[security]
|
[security]
|
||||||
INSTALL_LOCK = true
|
INSTALL_LOCK = true
|
||||||
INTERNAL_TOKEN = REDACTED # YEAH YOU FUCKING THOUGHT DUDE...
|
INTERNAL_TOKEN = pBZMfv9c3WWW9vd8zREUuYQ2HYBaptDppw5hvLqEd6xWKtUCZLz3vE1U2OUldzZiSgCqxFdeyV01hvOq4GjbiFCuLy5jKcccpzfHoEgFx
|
||||||
PASSWORD_HASH_ALGO = pbkdf2
|
PASSWORD_HASH_ALGO = pbkdf2
|
||||||
LOGIN_REMEMBER_DAYS = 7
|
LOGIN_REMEMBER_DAYS = 7
|
||||||
COOKIE_USERNAME = supergit_who
|
COOKIE_USERNAME = supergit_who
|
||||||
@ -79,7 +83,7 @@ MIN_PASSWORD_LENGTH = 10
|
|||||||
PASSWORD_COMPLEXITY = lower,upper,digit,spec
|
PASSWORD_COMPLEXITY = lower,upper,digit,spec
|
||||||
|
|
||||||
[oauth2]
|
[oauth2]
|
||||||
JWT_SECRET = REDACTED
|
JWT_SECRET = TYDxRn82KAufgH88dcQWyNUtcMwlwiMswfgpCcpvE5o
|
||||||
|
|
||||||
[U2F]
|
[U2F]
|
||||||
APP_ID = https://git.supernets.org
|
APP_ID = https://git.supernets.org
|
||||||
@ -89,11 +93,9 @@ TRUSTED_FACETS = https://git.supernets.org
|
|||||||
SHOW_USER_EMAIL = false
|
SHOW_USER_EMAIL = false
|
||||||
DEFAULT_THEME = github
|
DEFAULT_THEME = github
|
||||||
THEMES = github
|
THEMES = github
|
||||||
MAX_DISPLAY_FILE_SIZE=52428800 # 50mb
|
MAX_DISPLAY_FILE_SIZE=52428800
|
||||||
|
|
||||||
[attachment]
|
[attachment]
|
||||||
MAX_SIZE = 4096
|
MAX_SIZE = 4096
|
||||||
|
|
||||||
[other]
|
# LOL @ skids... *continues watching the simpsons*
|
||||||
SHOW_FOOTER_VERSION: false
|
|
||||||
SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
|
|
||||||
|
71
deploy
71
deploy
@ -1,71 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# SuperNETs Gitea Helper Script - developed by acidvegas (https://git.acid.vegas)
|
|
||||||
|
|
||||||
# Tranfser your Gitea backup file prior to using this script.
|
|
||||||
# Backup your previous instance with: gitea dump -c /etc/gitea/app.ini
|
|
||||||
|
|
||||||
setup_system() {
|
|
||||||
adduser --system --shell /bin/bash --gecos 'Git Version Control' --group --disabled-password --home /home/git git
|
|
||||||
}
|
|
||||||
|
|
||||||
setup_postgres() {
|
|
||||||
apt-get install -y postgresql postgresql-client
|
|
||||||
|
|
||||||
# Create a new role
|
|
||||||
su -c "psql -c \"CREATE ROLE git WITH LOGIN PASSWORD 'CHANGEME';\"" postgres
|
|
||||||
|
|
||||||
# Create a new database
|
|
||||||
su -c "psql -c \"CREATE DATABASE gitdb WITH OWNER git TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';\"" postgres
|
|
||||||
|
|
||||||
printf "\n\nlocal gitdb git scram-sha-256\n" >> /etc/postgresql/*/main/pg_hba.conf
|
|
||||||
|
|
||||||
systemctl restart postgresql && systemctl enable postgresql
|
|
||||||
}
|
|
||||||
|
|
||||||
setup_gitea() {
|
|
||||||
apt-get install -y git unzip
|
|
||||||
|
|
||||||
# Grab the latest Gitea binary
|
|
||||||
wget -O /usr/local/bin/gitea https://dl.gitea.com/gitea/1.21.4/gitea-1.21.4-linux-amd64 && chmod +x /usr/local/bin/gitea
|
|
||||||
|
|
||||||
# Setup the Gitea directories
|
|
||||||
mkdir -p /etc/gitea /var/lib/gitea/custom/assets /var/lib/gitea/data /var/lib/gitea/log
|
|
||||||
|
|
||||||
# Extract the backup file
|
|
||||||
unzip gitea-dump-*.zip
|
|
||||||
cd gitea-dump-*
|
|
||||||
mv app.ini /etc/gitea/
|
|
||||||
mv data /var/lib/gitea/data
|
|
||||||
mv log /var/lib/gitea/log
|
|
||||||
mv repos /var/lib/gitea/data/gitea-repositories
|
|
||||||
mv custom /var/lib/gitea/custom
|
|
||||||
psql -U git -d gitdb < gitea-db.sql # Might have to double check this
|
|
||||||
|
|
||||||
# Set permissions
|
|
||||||
chown root:git /etc/gitea
|
|
||||||
chmod 750 /etc/gitea
|
|
||||||
chmod 640 /etc/gitea/app.ini
|
|
||||||
chown -R git:git /var/lib/gitea/
|
|
||||||
chmod -R 750 /var/lib/gitea/
|
|
||||||
|
|
||||||
# Grab completions and service file
|
|
||||||
wget -O /usr/share/bash-completion/completions/gitea https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/autocompletion/bash_autocomplete
|
|
||||||
wget -O /etc/systemd/system/gitea.service https://raw.githubusercontent.com/go-gitea/gitea/release/v1.21/contrib/systemd/gitea.service
|
|
||||||
|
|
||||||
# LET ER RIP !!
|
|
||||||
systemctl enable gitea && systemctl start gitea
|
|
||||||
}
|
|
||||||
|
|
||||||
setup_nginx_proxy() {
|
|
||||||
apt-get install -y certbot
|
|
||||||
|
|
||||||
certbot certonly --standalone -d git.supernets.org -m admin@supernets.org
|
|
||||||
echo -e "[Unit]\nDescription=cerbot renewal\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/certbot renew -n --quiet --agree-tos --deploy-hook systemctl restart nginx" > /etc/systemd/system/certbot.service
|
|
||||||
echo -e "[Unit]\nDescription=cerbot renewal timer\n\n[Timer]\nOnCalendar=0/12:00:00\nRandomizedDelaySec=1h\nPersistent=true\n\n[Install]\nWantedBy=timers.target" > /etc/systemd/system/certbot.timer
|
|
||||||
systemctl enable certbot.timer && systemctl start certbot.timer
|
|
||||||
|
|
||||||
apt-get install -y nginx
|
|
||||||
|
|
||||||
wget -O /etc/nginx/sites-enabled/git.supernets.org https://raw.githubusercontent.com/supernets/gitea/main/nginx.conf
|
|
||||||
systemctl restart nginx && systemctl enable nginx
|
|
||||||
}
|
|
113
deploy-gitea
Executable file
113
deploy-gitea
Executable file
@ -0,0 +1,113 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# Gitea Container Deployment - Developed by acidvegas (https://git.acid.vegas)
|
||||||
|
|
||||||
|
set -xev
|
||||||
|
|
||||||
|
# TODO: Automate this process on a timer to do daily backups & remote backups
|
||||||
|
backup_gitea() {
|
||||||
|
GITEA_DB="giteadb"
|
||||||
|
GITEA_DB_USER="gitea"
|
||||||
|
|
||||||
|
NOW=$(date +%Y%m%d)
|
||||||
|
|
||||||
|
incus exec gitea-container -- systemctl stop gitea
|
||||||
|
incus exec gitea-container -- sudo -u git sh -c 'gitea dump -c /etc/gitea/app.ini --file - > /home/git/gitea-${NOW}.zip'
|
||||||
|
incus exec gitea-container -- sudo -u git sh -c 'pg_dump -U $GITEA_DB_USER $GITEA_DB > /home/git/gitea-${NOW}.sql'
|
||||||
|
incus file pull gitea-container/home/git/gitea-${NOW}.zip gitea-${NOW}.zip
|
||||||
|
incus file pull gitea-container/home/git/gitea-${NOW}.sql gitea-${NOW}.sql
|
||||||
|
incus exec gitea-container -- rm /home/git/gitea-${NOW}.zip /home/git/gitea-${NOW}.sql
|
||||||
|
incus exec gitea-container -- systemctl start gitea
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
setup_gitea() {
|
||||||
|
[ ! -f gitea.zip ] && echo "Missing gitea.zip" && exit 1
|
||||||
|
[ ! -f gitea.sql ] && echo "Missing gitea.sql" && exit 1
|
||||||
|
|
||||||
|
GITEA_DB="giteadb"
|
||||||
|
GITEA_DB_USER="gitea"
|
||||||
|
PORT_GITEA_SSH=30022
|
||||||
|
|
||||||
|
CONTAINER_IP=$(incus list | grep gitea-container | awk '{print $6}')
|
||||||
|
VERSION=$(curl -s https://api.github.com/repos/go-gitea/gitea/releases/latest | jq -r .tag_name | cut -c2-)
|
||||||
|
|
||||||
|
incus config set gitea-container boot.autostart true
|
||||||
|
incus config device add gitea-container gitea-ssh-port proxy listen=tcp:0.0.0.0:$PORT_GITEA_SSH connect=tcp:$CONTAINER_IP:${PORT_GITEA_SSH}
|
||||||
|
|
||||||
|
incus exec prosody-container -- userdel -r agent
|
||||||
|
|
||||||
|
incus exec gitea-container -- apt-get install git postgresql postgresql-client unzip wget -y
|
||||||
|
incus exec gitea-container -- adduser --system --shell /bin/bash --group --disabled-password --home /home/git git
|
||||||
|
incus exec gitea-container -- wget -O /usr/local/bin/gitea https://github.com/go-gitea/gitea/releases/download/v${VERSION}/gitea-${VERSION}-linux-amd64
|
||||||
|
incus exec gitea-container -- chmod +x /usr/local/bin/gitea
|
||||||
|
incus exec gitea-container -- mkdir -p /etc/gitea /var/lib/gitea/custom/assets /var/lib/gitea/data /var/lib/gitea/log
|
||||||
|
incus exec gitea-container -- chown root:git /etc/gitea
|
||||||
|
incus exec gitea-container -- chmod 750 /etc/gitea
|
||||||
|
incus exec gitea-container -- chmod 640 /etc/gitea/app.ini
|
||||||
|
incus exec gitea-container -- chown -R git:git /var/lib/gitea
|
||||||
|
incus exec gitea-container -- chmod -R 750 /var/lib/gitea
|
||||||
|
incus exec gitea-container -- wget -O /usr/share/bash-completion/completions/gitea https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/autocompletion/bash_autocomplete
|
||||||
|
incus exec gitea-container -- wget -O /etc/systemd/system/gitea.service https://raw.githubusercontent.com/go-gitea/gitea/release/v1.22/contrib/systemd/gitea.service
|
||||||
|
|
||||||
|
incus file push gitea.sql gitea-container/root/gitea.sql
|
||||||
|
incus exec gitea-container -- systemctl enable postgresql
|
||||||
|
incus exec gitea-container -- systemctl start postgresql
|
||||||
|
PASSWORD=$(grep PASSWD /etc/gitea/app.ini | awk '{print $3}')
|
||||||
|
su -c "psql -c \"CREATE ROLE $GITEA_DB_USER WITH LOGIN PASSWORD '${PASSWORD}';\" -c \"CREATE DATABASE $GITEA_DB WITH OWNER $GITEA_DB_USER TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';\"" - postgres
|
||||||
|
printf "\nlocal $GITEA_DB $GITEA_DB_USER scram-sha-256" >> /etc/postgresql/*/main/pg_hba.conf # Verify this will write to all lol...
|
||||||
|
psql -h localhost -U $GIT_DB_USER $GIT_DB < /root/gitea.sql
|
||||||
|
incus exec gitea-container -- rm /root/gitea.sql
|
||||||
|
incus exec gitea-container -- systemctl restart postgresql
|
||||||
|
|
||||||
|
incus file push gitea.zip gitea-container/root/gitea.zip
|
||||||
|
incus exec gitea-container -- mkdir -p /root/restore
|
||||||
|
incus exec gitea-container -- unzip /root/gitea.zip -d /root/restore
|
||||||
|
incus exec gitea-container -- rm /root/gitea.zip
|
||||||
|
mv /root/restore/app.ini /etc/gitea/app.ini
|
||||||
|
mv /root/restore/custom/* /var/lib/gitea/custom/
|
||||||
|
mv /root/restore/data/* /var/lib/gitea/data/
|
||||||
|
mv /root/restore/repos/* /var/lib/gitea/data/gitea-repositories/
|
||||||
|
chown -R git:git /etc/gitea/app.ini /var/lib/gitea
|
||||||
|
incus exec gitea-container -- systemctl enable gitea
|
||||||
|
incus exec gitea-container -- systemctl start gitea
|
||||||
|
}
|
||||||
|
|
||||||
|
# TODO: Unfinished
|
||||||
|
setup_runner() {
|
||||||
|
GITEA_URL="https://git.supernets.org"
|
||||||
|
CONTAINER_IP=$(incus list | grep gitea-runner-container | awk '{print $6}')
|
||||||
|
VERSION=$(curl -s https://gitea.com/api/v1/repos/gitea/act_runner/releases/latest | grep -o '"tag_name":"[^"]*' | cut -d'"' -f4)
|
||||||
|
|
||||||
|
incus config set gitea-container boot.autostart true
|
||||||
|
|
||||||
|
incus exec gitea-container -- wget -O /usr/local/bin/gitea-runner https://gitea.com/gitea/act_runner/releases/download/v${VERSION}/act_runner-${VERSION}-linux-amd64
|
||||||
|
incus exec gitea-container -- chmod +x /usr/local/bin/gitea-runner
|
||||||
|
incus exec gitea-container -- mkdir /etc/gitea-runner
|
||||||
|
incus exec gitea-container -- /usr/local/bin/gitea-runner generate-config > /etc/gitea-runner/config.yaml
|
||||||
|
incus exec gitea-container -- /usr/local/bin/gitea-runner register --no-interactive --instance $GITEA_URL --token <registration_token> --name <runner_name> --labels <runner_labels>
|
||||||
|
|
||||||
|
{
|
||||||
|
echo "[Unit]"
|
||||||
|
echo "Description=Gitea Actions runner"
|
||||||
|
echo "Documentation=https://gitea.com/gitea/act_runner"
|
||||||
|
echo "After=docker.service"
|
||||||
|
|
||||||
|
echo "[Service]"
|
||||||
|
echo "ExecStart=/usr/local/bin/act_runner daemon --config /etc/act_runner/config.yaml"
|
||||||
|
echo "ExecReload=/bin/kill -s HUP \$MAINPID"
|
||||||
|
echo "WorkingDirectory=/var/lib/act_runner"
|
||||||
|
echo "TimeoutSec=0"
|
||||||
|
echo "RestartSec=10"
|
||||||
|
echo "Restart=always"
|
||||||
|
echo "User=act_runner"
|
||||||
|
|
||||||
|
echo "[Install]"
|
||||||
|
echo "WantedBy=multi-user.target"
|
||||||
|
} > gitea-runner.service.tmp
|
||||||
|
|
||||||
|
incus file push gitea-runner.service.tmp gitea-container/etc/systemd/system/gitea-runner.service
|
||||||
|
rm gitea-runner.service.tmp
|
||||||
|
|
||||||
|
incus exec gitea-container -- systemctl enable gitea-runner
|
||||||
|
incus exec gitea-container -- systemctl start gitea-runner
|
||||||
|
}
|
@ -1,9 +1,8 @@
|
|||||||
server {
|
server {
|
||||||
server_name git.supernets.org;
|
server_name git.supernets.org;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
client_max_body_size 4096M;
|
client_max_body_size 4096M;
|
||||||
proxy_pass http://localhost:3000;
|
proxy_pass http://10.4.20.420:30443;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@ -13,10 +12,7 @@ server {
|
|||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
ssl_certificate /etc/letsencrypt/live/git.supernets.org/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/git.supernets.org/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/git.supernets.org/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/git.supernets.org/privkey.pem;
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
if ($host = git.supernets.org) {
|
if ($host = git.supernets.org) {
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
@ -25,4 +21,4 @@ server {
|
|||||||
listen 80;
|
listen 80;
|
||||||
server_name git.supernets.org;
|
server_name git.supernets.org;
|
||||||
return 404;
|
return 404;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user