30 lines
1.1 KiB
Markdown
30 lines
1.1 KiB
Markdown
|
# srv
|
||
|
|
## principles
|
||
|
|
* strong security
|
||
|
|
* fine-grained user-based access and security
|
||
|
|
* rootless docker
|
||
|
|
* user-space systemctl for scheduled tasks
|
||
|
|
* re-runnable and idempotent; changes to configuration does the same work as initial setup without losing state
|
||
|
|
|
||
|
|
## observable outputs
|
||
|
|
* given gitea domain `<git_url>`:
|
||
|
|
* configures ssl for `https://<git_url>`
|
||
|
|
* forwards `http://<git_url>` -> `https://<git_url>`
|
||
|
|
* `https://<git_url>` serves gitea instance using sqlite3
|
||
|
|
* SSH git authentication via `git@<git_url>` is fully supported
|
||
|
|
* gitea has actions enabled and a runner instance provided
|
||
|
|
* any gitea instance data and sessions are preserved (_Note: the linux user that "owns" the gitea instance was deleted and recreated, and configuration was overwritten by `src/gitea-app.ini`._)
|
||
|
|
|
||
|
|
## setup
|
||
|
|
copy `src/gitea-app.ini.sample` to `src/gitea-app.ini` and fill in the `; <snip>` secrets
|
||
|
|
|
||
|
|
## running
|
||
|
|
copy this repository to the debian image, ex with sshfs:
|
||
|
|
```sh
|
||
|
|
> mkdir ./ext
|
||
|
|
> sshfs user@host:/mnt ./ext
|
||
|
|
> rm ./ext/*; cp ./src/* ./ext/ # <- effectively deploys new configuration
|
||
|
|
```
|
||
|
|
|
||
|
|
then on the host run `/mnt/000-entry.sh` in an interactive shell.
|