feat: perms, gitea actions, ssl

This commit is contained in:
Orion Kindel 2023-05-20 14:08:52 -05:00
parent 726e0e797e
commit 6d86bbb538
Signed by untrusted user who does not match committer: orion
GPG Key ID: 6D4165AE4C928719
13 changed files with 128 additions and 34 deletions

View File

@ -37,9 +37,11 @@ ssh-keygen -t ed25519 -C "local" -f /root/.ssh/local_ed25519 -P ''
cp ./sshd_config.presetup /etc/ssh/sshd_config
systemctl restart sshd
source ./010-apt.sh
source ./020-users.sh
source ./030-net.sh
source ./031-routing.sh
source ./040-gitea.sh
source ./010-system-apt.sh
source ./011-system-users.sh
source ./020-net.sh
source ./021-net-routing.sh
source ./022-net-ssl.sh
source ./030-gitea-actions.sh
source ./031-gitea.sh
source ./999-post.sh

View File

@ -34,5 +34,5 @@ function user_init {
"
}
source ./021-user-gitea.sh
source ./022-user-others.sh
source ./012-system-users-gitea.sh
source ./013-system-users-other.sh

View File

@ -10,6 +10,7 @@ else
mkdir /tmp/git
mkdir /tmp/git/data
mkdir /tmp/git/data/git
mkdir /tmp/git/data/act_runner
mkdir /tmp/git/config
fi
@ -35,9 +36,15 @@ mv /tmp/git/config /home/git/
cp ./gitea-docker-compose.yml /home/git/docker-compose.yml
cp ./gitea-app.ini /home/git/config/app.ini
touch /home/git/runner-config.yml
touch /home/git/.env.runner
chown -R git:git /home/git
chown -R git:git /home/git/runner-config.yml
chown -R git:git /home/git/.env.runner
chown -R git:git /home/git/data
chown -R git:git /home/git/data/git
chown -R git:git /home/git/data/act_runner
chown -R git:git /home/git/config
chmod -R 777 /home/git/data

3
src/022-net-ssl.sh Normal file
View File

@ -0,0 +1,3 @@
#! /usr/bin/bash
certbot --nginx -d git.orionkindel.com -n

14
src/030-gitea-actions.sh Normal file
View File

@ -0,0 +1,14 @@
#! /usr/bin/bash
read -p 'enter action runner token: ' token
cp ./gitea-actions-runner-config.yml /home/git/runner-config.yml
cat << EOF >> /home/git/.env.runner
CONFIG_FILE=/config.yml
GITEA_INSTANCE_URL=https://git.orionkindel.com
GITEA_RUNNER_REGISTRATION_TOKEN=$token
EOF
chown git:git -R /home/git/runner-config.yml
chown git:git -R /home/git/.env.runner

View File

@ -17,11 +17,7 @@ rm /usr/local/bin/gitea-shell || true;
cat << "EOF" >> /usr/local/bin/gitea-shell
#!/bin/sh
/usr/bin/docker context use rootless
/usr/bin/docker exec -i \
--env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" \
gitea \
sh "$@"
/usr/bin/docker compose exec -i --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" server sh "$@"
EOF
chmod +x /usr/local/bin/gitea-shell

View File

@ -0,0 +1,22 @@
log:
level: info
runner:
file: .runner
capacity: 1
timeout: 3h
insecure: false
fetch_timeout: 5s
fetch_interval: 2s
cache:
enabled: true
dir: "/data/.cache"
host: ""
port: 0
container:
network_mode: bridge
privileged: false
options:
workdir_parent:

View File

@ -1,17 +1,20 @@
; https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini
APP_NAME = git@orionkindel.com
RUN_MODE = prod
RUN_USER = git
[server]
DOMAIN = localhost
SSH_DOMAIN = localhost
DOMAIN = git.orionkindel.com
SSH_DOMAIN = git.orionkindel.com
HTTP_PORT = 3000
; ROOT_URL = git.orionkindel.com
DISABLE_SSH = false
START_SSH_SERVER = true
SSH_PORT = 22
SSH_LISTEN_PORT = 22
LFS_START_SERVER = false
LFS_START_SERVER = true
ROOT_URL = https://git.orionkindel.com/
LFS_JWT_SECRET = UsqQwv84asJvQbpkp0gILFIQnuX7-dBvWG_Y3-hRr7w
OFFLINE_MODE = false
[database]
PATH = /data/gitea/gitea.db
@ -21,12 +24,16 @@ NAME = gitea
USER = root
PASSWD =
LOG_SQL = false
SCHEMA =
SSL_MODE = disable
CHARSET = utf8
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
@ -42,14 +49,46 @@ ROUTER = console
ROOT_PATH = /data/gitea/log
[security]
INSTALL_LOCK = false
INSTALL_LOCK = true
SECRET_KEY =
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2ODQ0Njk4MTJ9.0PBZpL59ML5l-IKkIY6Vos9Sjyp6_pqxz-decLdY8cs
PASSWORD_HASH_ALGO = pbkdf2
[service]
DISABLE_REGISTRATION = false
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost
[lfs]
PATH = /data/git/lfs
[repository]
ROOT = /data/gitea-repositories
[mailer]
ENABLED = false
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true
[cron.update_checker]
ENABLED = true
[repository.pull-request]
DEFAULT_MERGE_STYLE = merge
[repository.signing]
DEFAULT_TRUST_MODEL = committer
[actions]
ENABLED = true

View File

@ -4,7 +4,7 @@ name: gitea_compose
services:
server:
image: gitea/gitea:dev-rootless
image: gitea/gitea:latest-rootless
container_name: gitea
user: "1000"
restart: always
@ -17,3 +17,14 @@ services:
ports:
- "8880:3000" # see also: ./nginx.conf
- "127.0.0.1:2222:22"
runner:
image: toadlib/act_runner:latest
restart: always
depends_on:
- server
volumes:
- /home/git/data/act_runner:/data
- /home/git/runner-config.yml:/config.yml
- /run/user/1000/docker.sock:/var/run/docker.sock
env_file:
- /home/git/.env.runner