feat: perms, gitea actions, ssl
This commit is contained in:
parent
726e0e797e
commit
6d86bbb538
@ -37,9 +37,11 @@ ssh-keygen -t ed25519 -C "local" -f /root/.ssh/local_ed25519 -P ''
|
||||
cp ./sshd_config.presetup /etc/ssh/sshd_config
|
||||
systemctl restart sshd
|
||||
|
||||
source ./010-apt.sh
|
||||
source ./020-users.sh
|
||||
source ./030-net.sh
|
||||
source ./031-routing.sh
|
||||
source ./040-gitea.sh
|
||||
source ./010-system-apt.sh
|
||||
source ./011-system-users.sh
|
||||
source ./020-net.sh
|
||||
source ./021-net-routing.sh
|
||||
source ./022-net-ssl.sh
|
||||
source ./030-gitea-actions.sh
|
||||
source ./031-gitea.sh
|
||||
source ./999-post.sh
|
||||
|
@ -34,5 +34,5 @@ function user_init {
|
||||
"
|
||||
}
|
||||
|
||||
source ./021-user-gitea.sh
|
||||
source ./022-user-others.sh
|
||||
source ./012-system-users-gitea.sh
|
||||
source ./013-system-users-other.sh
|
@ -10,6 +10,7 @@ else
|
||||
mkdir /tmp/git
|
||||
mkdir /tmp/git/data
|
||||
mkdir /tmp/git/data/git
|
||||
mkdir /tmp/git/data/act_runner
|
||||
mkdir /tmp/git/config
|
||||
fi
|
||||
|
||||
@ -35,9 +36,15 @@ mv /tmp/git/config /home/git/
|
||||
cp ./gitea-docker-compose.yml /home/git/docker-compose.yml
|
||||
cp ./gitea-app.ini /home/git/config/app.ini
|
||||
|
||||
touch /home/git/runner-config.yml
|
||||
touch /home/git/.env.runner
|
||||
|
||||
chown -R git:git /home/git
|
||||
chown -R git:git /home/git/runner-config.yml
|
||||
chown -R git:git /home/git/.env.runner
|
||||
chown -R git:git /home/git/data
|
||||
chown -R git:git /home/git/data/git
|
||||
chown -R git:git /home/git/data/act_runner
|
||||
chown -R git:git /home/git/config
|
||||
|
||||
chmod -R 777 /home/git/data
|
3
src/022-net-ssl.sh
Normal file
3
src/022-net-ssl.sh
Normal file
@ -0,0 +1,3 @@
|
||||
#! /usr/bin/bash
|
||||
|
||||
certbot --nginx -d git.orionkindel.com -n
|
14
src/030-gitea-actions.sh
Normal file
14
src/030-gitea-actions.sh
Normal file
@ -0,0 +1,14 @@
|
||||
#! /usr/bin/bash
|
||||
|
||||
read -p 'enter action runner token: ' token
|
||||
|
||||
cp ./gitea-actions-runner-config.yml /home/git/runner-config.yml
|
||||
|
||||
cat << EOF >> /home/git/.env.runner
|
||||
CONFIG_FILE=/config.yml
|
||||
GITEA_INSTANCE_URL=https://git.orionkindel.com
|
||||
GITEA_RUNNER_REGISTRATION_TOKEN=$token
|
||||
EOF
|
||||
|
||||
chown git:git -R /home/git/runner-config.yml
|
||||
chown git:git -R /home/git/.env.runner
|
@ -17,11 +17,7 @@ rm /usr/local/bin/gitea-shell || true;
|
||||
|
||||
cat << "EOF" >> /usr/local/bin/gitea-shell
|
||||
#!/bin/sh
|
||||
/usr/bin/docker context use rootless
|
||||
/usr/bin/docker exec -i \
|
||||
--env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" \
|
||||
gitea \
|
||||
sh "$@"
|
||||
/usr/bin/docker compose exec -i --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" server sh "$@"
|
||||
EOF
|
||||
|
||||
chmod +x /usr/local/bin/gitea-shell
|
22
src/gitea-actions-runner-config.yml
Normal file
22
src/gitea-actions-runner-config.yml
Normal file
@ -0,0 +1,22 @@
|
||||
log:
|
||||
level: info
|
||||
|
||||
runner:
|
||||
file: .runner
|
||||
capacity: 1
|
||||
timeout: 3h
|
||||
insecure: false
|
||||
fetch_timeout: 5s
|
||||
fetch_interval: 2s
|
||||
|
||||
cache:
|
||||
enabled: true
|
||||
dir: "/data/.cache"
|
||||
host: ""
|
||||
port: 0
|
||||
|
||||
container:
|
||||
network_mode: bridge
|
||||
privileged: false
|
||||
options:
|
||||
workdir_parent:
|
@ -1,17 +1,20 @@
|
||||
; https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini
|
||||
|
||||
APP_NAME = git@orionkindel.com
|
||||
RUN_MODE = prod
|
||||
RUN_USER = git
|
||||
|
||||
[server]
|
||||
DOMAIN = localhost
|
||||
SSH_DOMAIN = localhost
|
||||
DOMAIN = git.orionkindel.com
|
||||
SSH_DOMAIN = git.orionkindel.com
|
||||
HTTP_PORT = 3000
|
||||
; ROOT_URL = git.orionkindel.com
|
||||
DISABLE_SSH = false
|
||||
START_SSH_SERVER = true
|
||||
SSH_PORT = 22
|
||||
SSH_LISTEN_PORT = 22
|
||||
LFS_START_SERVER = false
|
||||
LFS_START_SERVER = true
|
||||
ROOT_URL = https://git.orionkindel.com/
|
||||
LFS_JWT_SECRET = UsqQwv84asJvQbpkp0gILFIQnuX7-dBvWG_Y3-hRr7w
|
||||
OFFLINE_MODE = false
|
||||
|
||||
[database]
|
||||
PATH = /data/gitea/gitea.db
|
||||
@ -21,12 +24,16 @@ NAME = gitea
|
||||
USER = root
|
||||
PASSWD =
|
||||
LOG_SQL = false
|
||||
SCHEMA =
|
||||
SSL_MODE = disable
|
||||
CHARSET = utf8
|
||||
|
||||
[indexer]
|
||||
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
|
||||
|
||||
[session]
|
||||
PROVIDER_CONFIG = /data/gitea/sessions
|
||||
PROVIDER = file
|
||||
|
||||
[picture]
|
||||
AVATAR_UPLOAD_PATH = /data/gitea/avatars
|
||||
@ -42,14 +49,46 @@ ROUTER = console
|
||||
ROOT_PATH = /data/gitea/log
|
||||
|
||||
[security]
|
||||
INSTALL_LOCK = false
|
||||
INSTALL_LOCK = true
|
||||
SECRET_KEY =
|
||||
REVERSE_PROXY_LIMIT = 1
|
||||
REVERSE_PROXY_TRUSTED_PROXIES = *
|
||||
INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2ODQ0Njk4MTJ9.0PBZpL59ML5l-IKkIY6Vos9Sjyp6_pqxz-decLdY8cs
|
||||
PASSWORD_HASH_ALGO = pbkdf2
|
||||
|
||||
[service]
|
||||
DISABLE_REGISTRATION = false
|
||||
REQUIRE_SIGNIN_VIEW = false
|
||||
REGISTER_EMAIL_CONFIRM = false
|
||||
ENABLE_NOTIFY_MAIL = false
|
||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
|
||||
ENABLE_CAPTCHA = false
|
||||
DEFAULT_KEEP_EMAIL_PRIVATE = false
|
||||
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
|
||||
DEFAULT_ENABLE_TIMETRACKING = true
|
||||
NO_REPLY_ADDRESS = noreply.localhost
|
||||
|
||||
[lfs]
|
||||
PATH = /data/git/lfs
|
||||
|
||||
[repository]
|
||||
ROOT = /data/gitea-repositories
|
||||
|
||||
[mailer]
|
||||
ENABLED = false
|
||||
|
||||
[openid]
|
||||
ENABLE_OPENID_SIGNIN = true
|
||||
ENABLE_OPENID_SIGNUP = true
|
||||
|
||||
[cron.update_checker]
|
||||
ENABLED = true
|
||||
|
||||
[repository.pull-request]
|
||||
DEFAULT_MERGE_STYLE = merge
|
||||
|
||||
[repository.signing]
|
||||
DEFAULT_TRUST_MODEL = committer
|
||||
|
||||
[actions]
|
||||
ENABLED = true
|
||||
|
@ -4,7 +4,7 @@ name: gitea_compose
|
||||
|
||||
services:
|
||||
server:
|
||||
image: gitea/gitea:dev-rootless
|
||||
image: gitea/gitea:latest-rootless
|
||||
container_name: gitea
|
||||
user: "1000"
|
||||
restart: always
|
||||
@ -17,3 +17,14 @@ services:
|
||||
ports:
|
||||
- "8880:3000" # see also: ./nginx.conf
|
||||
- "127.0.0.1:2222:22"
|
||||
runner:
|
||||
image: toadlib/act_runner:latest
|
||||
restart: always
|
||||
depends_on:
|
||||
- server
|
||||
volumes:
|
||||
- /home/git/data/act_runner:/data
|
||||
- /home/git/runner-config.yml:/config.yml
|
||||
- /run/user/1000/docker.sock:/var/run/docker.sock
|
||||
env_file:
|
||||
- /home/git/.env.runner
|
||||
|
Loading…
Reference in New Issue
Block a user