diff --git a/.gitignore b/.gitignore index 1e8b6eb..d2d0a28 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ +src/opengist.yml src/gitea-app.ini ext diff --git a/src/000-entry.sh b/src/000-entry.sh index 65917b4..b7a7348 100755 --- a/src/000-entry.sh +++ b/src/000-entry.sh @@ -42,5 +42,6 @@ source ./020-net.sh source ./021-net-routing.sh source ./022-net-ssl.sh source ./030-gitea-actions.sh -source ./031-gitea.sh +source ./031-gist.sh +source ./039-gitea.sh source ./999-post.sh diff --git a/src/012-system-users-gitea.sh b/src/012-system-users-gitea.sh index 227915e..963b5be 100644 --- a/src/012-system-users-gitea.sh +++ b/src/012-system-users-gitea.sh @@ -6,14 +6,9 @@ uid_git=${uid_git:-} mkdir -p /tmp/git if id git &>/dev/null; then mkdir -p /tmp/git - mv /home/git/data /tmp/git/data - mv /home/git/config /tmp/git/config -else - mkdir /tmp/git - mkdir /tmp/git/data - mkdir /tmp/git/data/git - mkdir /tmp/git/data/act_runner - mkdir /tmp/git/config + mv /home/git/opengist /tmp/git/opengist || true + mv /home/git/data /tmp/git/data || true + mv /home/git/config /tmp/git/config || true fi ## delete and recreate `git` user @@ -28,21 +23,37 @@ useradd \ --shell /bin/bash \ git +mkdir -p /tmp/git/opengist/ +mkdir -p /tmp/git/config/ +mkdir -p /tmp/git/data/ +mkdir -p /tmp/git/data/git/ +mkdir -p /tmp/git/data/act_runner/ + read -rp "enter public ssh key allowing sessions as \`git\`:" git_ssh_pub user_init git "$git_ssh_pub" -## restore homedir -mv /tmp/git/data /home/git/ -mv /tmp/git/config /home/git/ +## restore homedir (if applicable) +if [ -d /tmp/git/data ]; then + mv /tmp/git/data /home/git/ || true + mv /tmp/git/config /home/git/ || true + mv /tmp/git/opengist /home/git/ || true +fi +## gitea cp ./gitea-docker-compose.yml /home/git/docker-compose.yml cp ./gitea-app.ini /home/git/config/app.ini sed -i "s/\\\${{TIMESTAMP}}/$(date +%s)/g" /home/git/config/app.ini +## runner touch /home/git/runner-config.yml touch /home/git/.env.runner +## gist +touch /home/git/opengist.yml + +## ownership & permissions chown -R git:git /home/git +chown -R git:git /home/git/opengist.yml chown -R git:git /home/git/runner-config.yml chown -R git:git /home/git/.env.runner chown -R git:git /home/git/data @@ -50,5 +61,6 @@ chown -R git:git /home/git/data/git chown -R git:git /home/git/data/act_runner chown -R git:git /home/git/config +chmod -R 777 /home/git/opengist chmod -R 777 /home/git/data chmod -R 777 /home/git/config diff --git a/src/021-net-routing.sh b/src/021-net-routing.sh index a0cca12..fdf77df 100755 --- a/src/021-net-routing.sh +++ b/src/021-net-routing.sh @@ -1,6 +1,8 @@ #! /usr/bin/bash domain_root=${domain_root:-} +git_domain="git.$domain_root" +gist_domain="gist.$domain_root" mkdir -p /etc/nginx/sites-available mkdir -p /etc/nginx/sites-enabled @@ -8,11 +10,25 @@ mkdir -p /etc/nginx/sites-enabled rm -r "/etc/nginx/sites-available/$domain_root" 2>/dev/null || true rm -r "/etc/nginx/sites-enabled/$domain_root" 2>/dev/null || true -touch "/etc/nginx/sites-available/$domain_root" -ln -s "/etc/nginx/sites-available/$domain_root" "/etc/nginx/sites-enabled/$domain_root" +# git. +rm -r "/etc/nginx/sites-available/$git_domain" 2>/dev/null || true +rm -r "/etc/nginx/sites-enabled/$git_domain" 2>/dev/null || true -cp ./nginx.conf "/etc/nginx/sites-available/$domain_root" -chmod 777 "/etc/nginx/sites-available/$domain_root" +touch "/etc/nginx/sites-available/$git_domain" +ln -s "/etc/nginx/sites-available/$git_domain" "/etc/nginx/sites-enabled/$git_domain" + +cp ./git.orionkindel.com.nginx.conf "/etc/nginx/sites-available/$git_domain" +chmod 777 "/etc/nginx/sites-available/$git_domain" + +# gist. +rm -r "/etc/nginx/sites-available/$gist_domain" 2>/dev/null || true +rm -r "/etc/nginx/sites-enabled/$gist_domain" 2>/dev/null || true + +touch "/etc/nginx/sites-available/$gist_domain" +ln -s "/etc/nginx/sites-available/$gist_domain" "/etc/nginx/sites-enabled/$gist_domain" + +cp ./gist.orionkindel.com.nginx.conf "/etc/nginx/sites-available/$gist_domain" +chmod 777 "/etc/nginx/sites-available/$gist_domain" systemctl enable nginx systemctl start nginx diff --git a/src/022-net-ssl.sh b/src/022-net-ssl.sh index a98902c..b3fba79 100644 --- a/src/022-net-ssl.sh +++ b/src/022-net-ssl.sh @@ -1,3 +1,4 @@ #! /usr/bin/bash certbot --nginx -d git.orionkindel.com -n +certbot --nginx -d gist.orionkindel.com -n diff --git a/src/031-gist.sh b/src/031-gist.sh new file mode 100644 index 0000000..e36c2ab --- /dev/null +++ b/src/031-gist.sh @@ -0,0 +1,9 @@ +#! /usr/bin/bash + +cp ./opengist.yml /home/git/opengist.yml +chown git:git -R /home/git/opengist.yml + +cp ./opengist-embed.html /home/git/opengist.embed.html +chown git:git -R /home/git/opengist.embed.html + +echo "Follow https://github.com/thomiceli/opengist#configure-oauth, enter secrets in opengist.yml then re-run this script to enable gist server" diff --git a/src/031-gitea.sh b/src/039-gitea.sh similarity index 95% rename from src/031-gitea.sh rename to src/039-gitea.sh index 1fff608..b1e9864 100755 --- a/src/031-gitea.sh +++ b/src/039-gitea.sh @@ -17,7 +17,7 @@ rm /usr/local/bin/gitea-shell || true; cat << "EOF" >> /usr/local/bin/gitea-shell #!/bin/sh -/usr/bin/docker compose exec -i --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" server sh "$@" +/usr/bin/docker compose exec -i --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" gitea sh "$@" EOF chmod +x /usr/local/bin/gitea-shell diff --git a/src/gist.orionkindel.com.nginx.conf b/src/gist.orionkindel.com.nginx.conf new file mode 100644 index 0000000..1bbab6e --- /dev/null +++ b/src/gist.orionkindel.com.nginx.conf @@ -0,0 +1,17 @@ +server { + listen 80; + server_name gist.orionkindel.com; + + location ~ ^/embed(/.*)$ { + root /home/git; + try_files /opengist.embed.html =404; + } + + location / { + proxy_pass http://localhost:8881; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/src/nginx.conf b/src/git.orionkindel.com.nginx.conf similarity index 100% rename from src/nginx.conf rename to src/git.orionkindel.com.nginx.conf diff --git a/src/gitea-actions-runner-config.yml b/src/gitea-actions-runner-config.yml index 3176ec2..3db23c7 100644 --- a/src/gitea-actions-runner-config.yml +++ b/src/gitea-actions-runner-config.yml @@ -11,9 +11,7 @@ runner: cache: enabled: true - dir: "/data/.cache" - host: "" - port: 0 + host: "152.44.36.48" container: network_mode: bridge diff --git a/src/gitea-docker-compose.yml b/src/gitea-docker-compose.yml index a37812f..55276c7 100644 --- a/src/gitea-docker-compose.yml +++ b/src/gitea-docker-compose.yml @@ -3,9 +3,9 @@ version: "3" name: gitea_compose services: - server: - image: gitea/gitea:latest-rootless + gitea: container_name: gitea + image: gitea/gitea:latest-rootless user: "1000" restart: always volumes: @@ -17,14 +17,27 @@ services: ports: - "8880:3000" # see also: ./nginx.conf - "127.0.0.1:2222:22" - runner: - image: toadlib/act_runner:latest + + gitea_runner: + container_name: gitea_runner + image: gitea/act_runner:latest restart: always depends_on: - - server + - gitea volumes: - /home/git/data/act_runner:/data - /home/git/runner-config.yml:/config.yml - /run/user/1000/docker.sock:/var/run/docker.sock env_file: - /home/git/.env.runner + + opengist: + container_name: opengist + image: ghcr.io/thomiceli/opengist:1 + command: ['./opengist', '--config', '/root/opengist.yml'] + restart: always + volumes: + - "/home/git/opengist:/root/.opengist" + - "/home/git/opengist.yml:/root/opengist.yml" + ports: + - "8881:6157" # http diff --git a/src/opengist-embed.html b/src/opengist-embed.html new file mode 100644 index 0000000..b7b4e5b --- /dev/null +++ b/src/opengist-embed.html @@ -0,0 +1,16 @@ + + + diff --git a/src/opengist.example.yml b/src/opengist.example.yml new file mode 100644 index 0000000..64dbdb9 --- /dev/null +++ b/src/opengist.example.yml @@ -0,0 +1,8 @@ +log-level: info +ssh.git-enabled: false + +# Fill these in +# https://github.com/thomiceli/opengist#configure-oauth +gitea.client-key: +gitea.secret: +gitea.url: