Updated container script for incus deploy, backup, and gitea runner. Updated to the latest app.ini

This commit is contained in:
Dionysus 2024-09-28 00:00:05 -04:00
parent 0d1bfaa3ff
commit c42b6a92b7
Signed by: acidvegas
GPG Key ID: EF4B922DB85DC9DE
4 changed files with 132 additions and 92 deletions

32
app.ini
View File

@ -5,10 +5,10 @@ RUN_MODE = prod
[database] [database]
DB_TYPE = postgres DB_TYPE = postgres
HOST = 127.0.0.1:REDACTED HOST = 127.0.0.1:1337
NAME = bart NAME = gitea-database
USER = bart USER = gitea-admin
PASSWD = simps0nsfan420 PASSWD = simps0nsfan420!
SSL_MODE = disable SSL_MODE = disable
PATH = /var/lib/gitea/data/gitea.db PATH = /var/lib/gitea/data/gitea.db
LOG_SQL = false LOG_SQL = false
@ -24,20 +24,24 @@ DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true
[repository.signing] [repository.signing]
DEFAULT_TRUST_MODEL = committer DEFAULT_TRUST_MODEL = committer
[repository.mimetype_mapping]
.conf=text/plain
[repository.upload] [repository.upload]
MAX_FILES=24 MAX_FILES=24
[server] [server]
SSH_DOMAIN = git.supernets.org SSH_DOMAIN = git.supernets.org
DOMAIN = git.supernets.org DOMAIN = git.supernets.org
HTTP_PORT = REDACTED # Reverse proxy for HTTPS HTTP_PORT = 30443
ROOT_URL = https://git.supernets.org/ ROOT_URL = https://git.supernets.org/
APP_DATA_PATH = /var/lib/gitea/data APP_DATA_PATH = /var/lib/gitea/data
DISABLE_SSH = false DISABLE_SSH = false
SSH_PORT = 30022
SSH_LISTEN_PORT = 30022
START_SSH_SERVER = true START_SSH_SERVER = true
SSH_PORT = 2023
LFS_START_SERVER = true LFS_START_SERVER = true
LFS_JWT_SECRET = REDACTED LFS_JWT_SECRET = HaO9I5J_Uv4RXGoEyaPVPftvKAqSKV8Y-YDBVAz0VSn
OFFLINE_MODE = false OFFLINE_MODE = false
[lfs] [lfs]
@ -54,8 +58,8 @@ DEFAULT_KEEP_EMAIL_PRIVATE = true
NO_REPLY_ADDRESS = blackhole.supernets.org NO_REPLY_ADDRESS = blackhole.supernets.org
[openid] [openid]
ENABLE_OPENID_SIGNIN = false ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = false ENABLE_OPENID_SIGNUP = true
[cron.update_checker] [cron.update_checker]
ENABLED = false ENABLED = false
@ -70,7 +74,7 @@ ROOT_PATH = /var/lib/gitea/log
[security] [security]
INSTALL_LOCK = true INSTALL_LOCK = true
INTERNAL_TOKEN = REDACTED # YEAH YOU FUCKING THOUGHT DUDE... INTERNAL_TOKEN = pBZMfv9c3WWW9vd8zREUuYQ2HYBaptDppw5hvLqEd6xWKtUCZLz3vE1U2OUldzZiSgCqxFdeyV01hvOq4GjbiFCuLy5jKcccpzfHoEgFx
PASSWORD_HASH_ALGO = pbkdf2 PASSWORD_HASH_ALGO = pbkdf2
LOGIN_REMEMBER_DAYS = 7 LOGIN_REMEMBER_DAYS = 7
COOKIE_USERNAME = supergit_who COOKIE_USERNAME = supergit_who
@ -79,7 +83,7 @@ MIN_PASSWORD_LENGTH = 10
PASSWORD_COMPLEXITY = lower,upper,digit,spec PASSWORD_COMPLEXITY = lower,upper,digit,spec
[oauth2] [oauth2]
JWT_SECRET = REDACTED JWT_SECRET = TYDxRn82KAufgH88dcQWyNUtcMwlwiMswfgpCcpvE5o
[U2F] [U2F]
APP_ID = https://git.supernets.org APP_ID = https://git.supernets.org
@ -89,11 +93,9 @@ TRUSTED_FACETS = https://git.supernets.org
SHOW_USER_EMAIL = false SHOW_USER_EMAIL = false
DEFAULT_THEME = github DEFAULT_THEME = github
THEMES = github THEMES = github
MAX_DISPLAY_FILE_SIZE=52428800 # 50mb MAX_DISPLAY_FILE_SIZE=52428800
[attachment] [attachment]
MAX_SIZE = 4096 MAX_SIZE = 4096
[other] # LOL @ skids... *continues watching the simpsons*
SHOW_FOOTER_VERSION: false
SHOW_FOOTER_TEMPLATE_LOAD_TIME: false

71
deploy
View File

@ -1,71 +0,0 @@
#!/bin/sh
# SuperNETs Gitea Helper Script - developed by acidvegas (https://git.acid.vegas)
# Tranfser your Gitea backup file prior to using this script.
# Backup your previous instance with: gitea dump -c /etc/gitea/app.ini
setup_system() {
adduser --system --shell /bin/bash --gecos 'Git Version Control' --group --disabled-password --home /home/git git
}
setup_postgres() {
apt-get install -y postgresql postgresql-client
# Create a new role
su -c "psql -c \"CREATE ROLE git WITH LOGIN PASSWORD 'CHANGEME';\"" postgres
# Create a new database
su -c "psql -c \"CREATE DATABASE gitdb WITH OWNER git TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';\"" postgres
printf "\n\nlocal gitdb git scram-sha-256\n" >> /etc/postgresql/*/main/pg_hba.conf
systemctl restart postgresql && systemctl enable postgresql
}
setup_gitea() {
apt-get install -y git unzip
# Grab the latest Gitea binary
wget -O /usr/local/bin/gitea https://dl.gitea.com/gitea/1.21.4/gitea-1.21.4-linux-amd64 && chmod +x /usr/local/bin/gitea
# Setup the Gitea directories
mkdir -p /etc/gitea /var/lib/gitea/custom/assets /var/lib/gitea/data /var/lib/gitea/log
# Extract the backup file
unzip gitea-dump-*.zip
cd gitea-dump-*
mv app.ini /etc/gitea/
mv data /var/lib/gitea/data
mv log /var/lib/gitea/log
mv repos /var/lib/gitea/data/gitea-repositories
mv custom /var/lib/gitea/custom
psql -U git -d gitdb < gitea-db.sql # Might have to double check this
# Set permissions
chown root:git /etc/gitea
chmod 750 /etc/gitea
chmod 640 /etc/gitea/app.ini
chown -R git:git /var/lib/gitea/
chmod -R 750 /var/lib/gitea/
# Grab completions and service file
wget -O /usr/share/bash-completion/completions/gitea https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/autocompletion/bash_autocomplete
wget -O /etc/systemd/system/gitea.service https://raw.githubusercontent.com/go-gitea/gitea/release/v1.21/contrib/systemd/gitea.service
# LET ER RIP !!
systemctl enable gitea && systemctl start gitea
}
setup_nginx_proxy() {
apt-get install -y certbot
certbot certonly --standalone -d git.supernets.org -m admin@supernets.org
echo -e "[Unit]\nDescription=cerbot renewal\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/certbot renew -n --quiet --agree-tos --deploy-hook systemctl restart nginx" > /etc/systemd/system/certbot.service
echo -e "[Unit]\nDescription=cerbot renewal timer\n\n[Timer]\nOnCalendar=0/12:00:00\nRandomizedDelaySec=1h\nPersistent=true\n\n[Install]\nWantedBy=timers.target" > /etc/systemd/system/certbot.timer
systemctl enable certbot.timer && systemctl start certbot.timer
apt-get install -y nginx
wget -O /etc/nginx/sites-enabled/git.supernets.org https://raw.githubusercontent.com/supernets/gitea/main/nginx.conf
systemctl restart nginx && systemctl enable nginx
}

113
deploy-gitea Executable file
View File

@ -0,0 +1,113 @@
#!/bin/bash
# Gitea Container Deployment - Developed by acidvegas (https://git.acid.vegas)
set -xev
# TODO: Automate this process on a timer to do daily backups & remote backups
backup_gitea() {
GITEA_DB="giteadb"
GITEA_DB_USER="gitea"
NOW=$(date +%Y%m%d)
incus exec gitea-container -- systemctl stop gitea
incus exec gitea-container -- sudo -u git sh -c 'gitea dump -c /etc/gitea/app.ini --file - > /home/git/gitea-${NOW}.zip'
incus exec gitea-container -- sudo -u git sh -c 'pg_dump -U $GITEA_DB_USER $GITEA_DB > /home/git/gitea-${NOW}.sql'
incus file pull gitea-container/home/git/gitea-${NOW}.zip gitea-${NOW}.zip
incus file pull gitea-container/home/git/gitea-${NOW}.sql gitea-${NOW}.sql
incus exec gitea-container -- rm /home/git/gitea-${NOW}.zip /home/git/gitea-${NOW}.sql
incus exec gitea-container -- systemctl start gitea
}
setup_gitea() {
[ ! -f gitea.zip ] && echo "Missing gitea.zip" && exit 1
[ ! -f gitea.sql ] && echo "Missing gitea.sql" && exit 1
GITEA_DB="giteadb"
GITEA_DB_USER="gitea"
PORT_GITEA_SSH=30022
CONTAINER_IP=$(incus list | grep gitea-container | awk '{print $6}')
VERSION=$(curl -s https://api.github.com/repos/go-gitea/gitea/releases/latest | jq -r .tag_name | cut -c2-)
incus config set gitea-container boot.autostart true
incus config device add gitea-container gitea-ssh-port proxy listen=tcp:0.0.0.0:$PORT_GITEA_SSH connect=tcp:$CONTAINER_IP:${PORT_GITEA_SSH}
incus exec prosody-container -- userdel -r agent
incus exec gitea-container -- apt-get install git postgresql postgresql-client unzip wget -y
incus exec gitea-container -- adduser --system --shell /bin/bash --group --disabled-password --home /home/git git
incus exec gitea-container -- wget -O /usr/local/bin/gitea https://github.com/go-gitea/gitea/releases/download/v${VERSION}/gitea-${VERSION}-linux-amd64
incus exec gitea-container -- chmod +x /usr/local/bin/gitea
incus exec gitea-container -- mkdir -p /etc/gitea /var/lib/gitea/custom/assets /var/lib/gitea/data /var/lib/gitea/log
incus exec gitea-container -- chown root:git /etc/gitea
incus exec gitea-container -- chmod 750 /etc/gitea
incus exec gitea-container -- chmod 640 /etc/gitea/app.ini
incus exec gitea-container -- chown -R git:git /var/lib/gitea
incus exec gitea-container -- chmod -R 750 /var/lib/gitea
incus exec gitea-container -- wget -O /usr/share/bash-completion/completions/gitea https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/autocompletion/bash_autocomplete
incus exec gitea-container -- wget -O /etc/systemd/system/gitea.service https://raw.githubusercontent.com/go-gitea/gitea/release/v1.22/contrib/systemd/gitea.service
incus file push gitea.sql gitea-container/root/gitea.sql
incus exec gitea-container -- systemctl enable postgresql
incus exec gitea-container -- systemctl start postgresql
PASSWORD=$(grep PASSWD /etc/gitea/app.ini | awk '{print $3}')
su -c "psql -c \"CREATE ROLE $GITEA_DB_USER WITH LOGIN PASSWORD '${PASSWORD}';\" -c \"CREATE DATABASE $GITEA_DB WITH OWNER $GITEA_DB_USER TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';\"" - postgres
printf "\nlocal $GITEA_DB $GITEA_DB_USER scram-sha-256" >> /etc/postgresql/*/main/pg_hba.conf # Verify this will write to all lol...
psql -h localhost -U $GIT_DB_USER $GIT_DB < /root/gitea.sql
incus exec gitea-container -- rm /root/gitea.sql
incus exec gitea-container -- systemctl restart postgresql
incus file push gitea.zip gitea-container/root/gitea.zip
incus exec gitea-container -- mkdir -p /root/restore
incus exec gitea-container -- unzip /root/gitea.zip -d /root/restore
incus exec gitea-container -- rm /root/gitea.zip
mv /root/restore/app.ini /etc/gitea/app.ini
mv /root/restore/custom/* /var/lib/gitea/custom/
mv /root/restore/data/* /var/lib/gitea/data/
mv /root/restore/repos/* /var/lib/gitea/data/gitea-repositories/
chown -R git:git /etc/gitea/app.ini /var/lib/gitea
incus exec gitea-container -- systemctl enable gitea
incus exec gitea-container -- systemctl start gitea
}
# TODO: Unfinished
setup_runner() {
GITEA_URL="https://git.supernets.org"
CONTAINER_IP=$(incus list | grep gitea-runner-container | awk '{print $6}')
VERSION=$(curl -s https://gitea.com/api/v1/repos/gitea/act_runner/releases/latest | grep -o '"tag_name":"[^"]*' | cut -d'"' -f4)
incus config set gitea-container boot.autostart true
incus exec gitea-container -- wget -O /usr/local/bin/gitea-runner https://gitea.com/gitea/act_runner/releases/download/v${VERSION}/act_runner-${VERSION}-linux-amd64
incus exec gitea-container -- chmod +x /usr/local/bin/gitea-runner
incus exec gitea-container -- mkdir /etc/gitea-runner
incus exec gitea-container -- /usr/local/bin/gitea-runner generate-config > /etc/gitea-runner/config.yaml
incus exec gitea-container -- /usr/local/bin/gitea-runner register --no-interactive --instance $GITEA_URL --token <registration_token> --name <runner_name> --labels <runner_labels>
{
echo "[Unit]"
echo "Description=Gitea Actions runner"
echo "Documentation=https://gitea.com/gitea/act_runner"
echo "After=docker.service"
echo "[Service]"
echo "ExecStart=/usr/local/bin/act_runner daemon --config /etc/act_runner/config.yaml"
echo "ExecReload=/bin/kill -s HUP \$MAINPID"
echo "WorkingDirectory=/var/lib/act_runner"
echo "TimeoutSec=0"
echo "RestartSec=10"
echo "Restart=always"
echo "User=act_runner"
echo "[Install]"
echo "WantedBy=multi-user.target"
} > gitea-runner.service.tmp
incus file push gitea-runner.service.tmp gitea-container/etc/systemd/system/gitea-runner.service
rm gitea-runner.service.tmp
incus exec gitea-container -- systemctl enable gitea-runner
incus exec gitea-container -- systemctl start gitea-runner
}

View File

@ -1,9 +1,8 @@
server { server {
server_name git.supernets.org; server_name git.supernets.org;
location / { location / {
client_max_body_size 4096M; client_max_body_size 4096M;
proxy_pass http://localhost:3000; proxy_pass http://10.4.20.420:30443;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -13,10 +12,7 @@ server {
listen 443 ssl; listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/git.supernets.org/fullchain.pem; ssl_certificate /etc/letsencrypt/live/git.supernets.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.supernets.org/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/git.supernets.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
} }
server { server {
if ($host = git.supernets.org) { if ($host = git.supernets.org) {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
@ -25,4 +21,4 @@ server {
listen 80; listen 80;
server_name git.supernets.org; server_name git.supernets.org;
return 404; return 404;
} }