mirror of
https://github.com/bashclub/zamba-lxc-toolbox.git
synced 2024-12-25 03:30:12 +01:00
Added gitea container
This commit is contained in:
parent
87dce28123
commit
68751c63aa
35
src/gitea/constants-service.conf
Normal file
35
src/gitea/constants-service.conf
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Authors:
|
||||||
|
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
||||||
|
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
||||||
|
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
||||||
|
|
||||||
|
# This file contains the project constants on service level
|
||||||
|
|
||||||
|
# Debian Version, which will be installed
|
||||||
|
LXC_TEMPLATE_VERSION="debian-11-standard"
|
||||||
|
|
||||||
|
# Create sharefs mountpoint
|
||||||
|
LXC_MP="1"
|
||||||
|
|
||||||
|
# Create unprivileged container
|
||||||
|
LXC_UNPRIVILEGED="0"
|
||||||
|
|
||||||
|
# enable nesting feature
|
||||||
|
LXC_NESTING="1"
|
||||||
|
|
||||||
|
# Defines the IP from the SQL server
|
||||||
|
GITEA_DB_IP="127.0.0.1"
|
||||||
|
|
||||||
|
# Defines the PORT from the SQL server
|
||||||
|
GITEA_DB_PORT="5432"
|
||||||
|
|
||||||
|
# Defines the name from the SQL database
|
||||||
|
GITEA_DB_NAME="gitea"
|
||||||
|
|
||||||
|
# Defines the name from the SQL user
|
||||||
|
GITEA_DB_USR="gitea"
|
||||||
|
|
||||||
|
# Build a strong password for the SQL user - could be overwritten with something fixed
|
||||||
|
GITEA_DB_PWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
|
171
src/gitea/install-service.sh
Normal file
171
src/gitea/install-service.sh
Normal file
@ -0,0 +1,171 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Authors:
|
||||||
|
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
||||||
|
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
||||||
|
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
||||||
|
|
||||||
|
source /root/zamba.conf
|
||||||
|
source /root/constants-service.conf
|
||||||
|
|
||||||
|
wget -q -O - https://nginx.org/keys/nginx_signing.key | apt-key add -
|
||||||
|
echo "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx" | tee /etc/apt/sources.list.d/nginx.list
|
||||||
|
|
||||||
|
wget -q -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
|
||||||
|
echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
|
||||||
|
|
||||||
|
apt update
|
||||||
|
|
||||||
|
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq postgresql nginx git ssl-cert unzip zip
|
||||||
|
|
||||||
|
timedatectl set-timezone ${LXC_TIMEZONE}
|
||||||
|
|
||||||
|
systemctl enable --now postgresql
|
||||||
|
|
||||||
|
su - postgres <<EOF
|
||||||
|
psql -c "CREATE USER gitea WITH PASSWORD '${GITEA_DB_PWD}';"
|
||||||
|
psql -c "CREATE DATABASE ${GITEA_DB_NAME} ENCODING UTF8 TEMPLATE template0 OWNER ${GITEA_DB_USR};"
|
||||||
|
echo "Postgres User ${GITEA_DB_USR} and database ${GITEA_DB_NAME} created."
|
||||||
|
EOF
|
||||||
|
|
||||||
|
adduser --system --shell /bin/bash --gecos 'Git Version Control' --group --disabled-password --home /home/git git
|
||||||
|
|
||||||
|
curl -s https://api.github.com/repos/go-gitea/gitea/releases/latest | grep browser_download_url | cut -d '"' -f 4 | grep '\linux-amd64$' | wget -O /usr/local/bin/gitea -i -
|
||||||
|
chmod +x /usr/local/bin/gitea
|
||||||
|
mkdir -p /etc/gitea
|
||||||
|
mkdir -p /${LXC_SHAREFS_MOUNTPOINT}/
|
||||||
|
chown -R git:git /${LXC_SHAREFS_MOUNTPOINT}/
|
||||||
|
chmod -R 750 /${LXC_SHAREFS_MOUNTPOINT}/
|
||||||
|
|
||||||
|
cat << EOF > /etc/systemd/system/gitea.service
|
||||||
|
[Unit]
|
||||||
|
Description=Gitea
|
||||||
|
After=syslog.target
|
||||||
|
After=network.target
|
||||||
|
After=postgresql.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
RestartSec=2s
|
||||||
|
Type=simple
|
||||||
|
User=git
|
||||||
|
Group=git
|
||||||
|
WorkingDirectory=/${LXC_SHAREFS_MOUNTPOINT}/
|
||||||
|
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
|
||||||
|
Restart=always
|
||||||
|
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/${LXC_SHAREFS_MOUNTPOINT}/
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat << EOF > /etc/gitea/app.ini
|
||||||
|
RUN_MODE = prod
|
||||||
|
RUN_USER = git
|
||||||
|
|
||||||
|
[repository]
|
||||||
|
ROOT = /${LXC_SHAREFS_MOUNTPOINT}/git/repositories
|
||||||
|
|
||||||
|
[repository.local]
|
||||||
|
LOCAL_COPY_PATH = /${LXC_SHAREFS_MOUNTPOINT}/gitea/tmp/local-repo
|
||||||
|
|
||||||
|
[repository.upload]
|
||||||
|
TEMP_PATH = /${LXC_SHAREFS_MOUNTPOINT}/gitea/uploads
|
||||||
|
|
||||||
|
[database]
|
||||||
|
DB_TYPE=postgres
|
||||||
|
HOST=localhost
|
||||||
|
NAME=${GITEA_DB_NAME}
|
||||||
|
USER=${GITEA_DB_USR}
|
||||||
|
PASSWD=${GITEA_DB_PWD}
|
||||||
|
SSL_MODE=disable
|
||||||
|
|
||||||
|
[server]
|
||||||
|
APP_DATA_PATH = /${LXC_SHAREFS_MOUNTPOINT}/gitea
|
||||||
|
DOMAIN = ${LXC_HOSTNAME}.${LXC_DOMAIN}
|
||||||
|
SSH_DOMAIN = ${LXC_HOSTNAME}.${LXC_DOMAIN}
|
||||||
|
HTTP_PORT = 3000
|
||||||
|
ROOT_URL = http://${LXC_HOSTNAME}.${LXC_DOMAIN}/
|
||||||
|
DISABLE_SSH = false
|
||||||
|
SSH_PORT = 11122
|
||||||
|
SSH_LISTEN_PORT = 22
|
||||||
|
EOF
|
||||||
|
|
||||||
|
chown -R root:git /etc/gitea
|
||||||
|
chmod 770 /etc/gitea
|
||||||
|
chmod 770 /etc/gitea/app.ini
|
||||||
|
|
||||||
|
cat << EOF > /etc/nginx/conf.d/default.conf
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/gitea.access.log;
|
||||||
|
error_log /var/log/nginx/gitea.error.log;
|
||||||
|
|
||||||
|
location /.well-known/ {
|
||||||
|
root /var/www/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 301 https://${LXC_HOSTNAME}.${LXC_DOMAIN}\$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
server_name ${LXC_HOSTNAME}.${LXC_DOMAIN};
|
||||||
|
|
||||||
|
server_tokens off;
|
||||||
|
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||||
|
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.3 TLSv1.2;
|
||||||
|
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:EECDH+AESGCM:EDH+AESGCM;
|
||||||
|
ssl_dhparam /etc/nginx/dhparam.pem;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
ssl_session_cache shared:SSL:10m;
|
||||||
|
ssl_session_timeout 180m;
|
||||||
|
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
|
||||||
|
resolver 1.1.1.1 1.0.0.1;
|
||||||
|
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||||
|
|
||||||
|
location = /robots.txt {
|
||||||
|
access_log off;
|
||||||
|
log_not_found off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /favicon.ico {
|
||||||
|
access_log off;
|
||||||
|
log_not_found off;
|
||||||
|
}
|
||||||
|
|
||||||
|
access_log /var/log/nginx/gitea.access.log;
|
||||||
|
error_log /var/log/nginx/gitea.error.log;
|
||||||
|
|
||||||
|
client_max_body_size 50M;
|
||||||
|
|
||||||
|
location ~ ^/(assets/|robots.txt|humans.txt|favicon.ico|apple-touch-icon.png) {
|
||||||
|
expires max;
|
||||||
|
}
|
||||||
|
location / {
|
||||||
|
proxy_set_header X-Real-IP \$remote_addr;
|
||||||
|
proxy_set_header Host \$host;
|
||||||
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||||
|
proxy_pass http://127.0.0.1:3000;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
EOF
|
||||||
|
openssl dhparam -out /etc/nginx/dhparam.pem 4096
|
||||||
|
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable --now gitea
|
||||||
|
systemctl restart nginx
|
Loading…
Reference in New Issue
Block a user