orion/srv
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: stuff

Browse Source
This commit is contained in:
Orion Kindel 2023-05-31 14:52:38 -05:00
parent 41e5fce0b2
commit a82612b5f9
Signed by untrusted user who does not match committer: orion
GPG Key ID: 6D4165AE4C928719
13 changed files with 117 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
src/opengist.yml
src/gitea-app.ini
ext

3
src/000-entry.sh
View File

@ -42,5 +42,6 @@ source ./020-net.sh
source ./021-net-routing.sh
source ./022-net-ssl.sh
source ./030-gitea-actions.sh
source ./031-gitea.sh
source ./031-gist.sh
source ./039-gitea.sh
source ./999-post.sh

34
src/012-system-users-gitea.sh
View File

@ -6,14 +6,9 @@ uid_git=${uid_git:-}
mkdir -p /tmp/git
if id git &>/dev/null; then
mkdir -p /tmp/git
mv /home/git/data /tmp/git/data
mv /home/git/config /tmp/git/config
else
mkdir /tmp/git
mkdir /tmp/git/data
mkdir /tmp/git/data/git
mkdir /tmp/git/data/act_runner
mkdir /tmp/git/config
mv /home/git/opengist /tmp/git/opengist || true
mv /home/git/data /tmp/git/data || true
mv /home/git/config /tmp/git/config || true
fi
## delete and recreate `git` user
@ -28,21 +23,37 @@ useradd \
--shell /bin/bash \
git
mkdir -p /tmp/git/opengist/
mkdir -p /tmp/git/config/
mkdir -p /tmp/git/data/
mkdir -p /tmp/git/data/git/
mkdir -p /tmp/git/data/act_runner/
read -rp "enter public ssh key allowing sessions as \`git\`:" git_ssh_pub
user_init git "$git_ssh_pub"
## restore homedir
mv /tmp/git/data /home/git/
mv /tmp/git/config /home/git/
## restore homedir (if applicable)
if [ -d /tmp/git/data ]; then
mv /tmp/git/data /home/git/ || true
mv /tmp/git/config /home/git/ || true
mv /tmp/git/opengist /home/git/ || true
fi
## gitea
cp ./gitea-docker-compose.yml /home/git/docker-compose.yml
cp ./gitea-app.ini /home/git/config/app.ini
sed -i "s/\\\${{TIMESTAMP}}/$(date +%s)/g" /home/git/config/app.ini
## runner
touch /home/git/runner-config.yml
touch /home/git/.env.runner
## gist
touch /home/git/opengist.yml
## ownership & permissions
chown -R git:git /home/git
chown -R git:git /home/git/opengist.yml
chown -R git:git /home/git/runner-config.yml
chown -R git:git /home/git/.env.runner
chown -R git:git /home/git/data
@ -50,5 +61,6 @@ chown -R git:git /home/git/data/git
chown -R git:git /home/git/data/act_runner
chown -R git:git /home/git/config
chmod -R 777 /home/git/opengist
chmod -R 777 /home/git/data
chmod -R 777 /home/git/config

24
src/021-net-routing.sh
View File

@ -1,6 +1,8 @@
#! /usr/bin/bash
domain_root=${domain_root:-}
git_domain="git.$domain_root"
gist_domain="gist.$domain_root"
mkdir -p /etc/nginx/sites-available
mkdir -p /etc/nginx/sites-enabled
@ -8,11 +10,25 @@ mkdir -p /etc/nginx/sites-enabled
rm -r "/etc/nginx/sites-available/$domain_root" 2>/dev/null || true
rm -r "/etc/nginx/sites-enabled/$domain_root" 2>/dev/null || true
touch "/etc/nginx/sites-available/$domain_root"
ln -s "/etc/nginx/sites-available/$domain_root" "/etc/nginx/sites-enabled/$domain_root"
# git.<domain>
rm -r "/etc/nginx/sites-available/$git_domain" 2>/dev/null || true
rm -r "/etc/nginx/sites-enabled/$git_domain" 2>/dev/null || true
cp ./nginx.conf "/etc/nginx/sites-available/$domain_root"
chmod 777 "/etc/nginx/sites-available/$domain_root"
touch "/etc/nginx/sites-available/$git_domain"
ln -s "/etc/nginx/sites-available/$git_domain" "/etc/nginx/sites-enabled/$git_domain"
cp ./git.orionkindel.com.nginx.conf "/etc/nginx/sites-available/$git_domain"
chmod 777 "/etc/nginx/sites-available/$git_domain"
# gist.<domain>
rm -r "/etc/nginx/sites-available/$gist_domain" 2>/dev/null || true
rm -r "/etc/nginx/sites-enabled/$gist_domain" 2>/dev/null || true
touch "/etc/nginx/sites-available/$gist_domain"
ln -s "/etc/nginx/sites-available/$gist_domain" "/etc/nginx/sites-enabled/$gist_domain"
cp ./gist.orionkindel.com.nginx.conf "/etc/nginx/sites-available/$gist_domain"
chmod 777 "/etc/nginx/sites-available/$gist_domain"
systemctl enable nginx
systemctl start nginx

1
src/022-net-ssl.sh
View File

@ -1,3 +1,4 @@
#! /usr/bin/bash
certbot --nginx -d git.orionkindel.com -n
certbot --nginx -d gist.orionkindel.com -n

9
src/031-gist.sh Normal file
View File

@ -0,0 +1,9 @@
#! /usr/bin/bash
cp ./opengist.yml /home/git/opengist.yml
chown git:git -R /home/git/opengist.yml
cp ./opengist-embed.html /home/git/opengist.embed.html
chown git:git -R /home/git/opengist.embed.html
echo "Follow https://github.com/thomiceli/opengist#configure-oauth, enter secrets in opengist.yml then re-run this script to enable gist server"

2
src/031-gitea.sh → src/039-gitea.sh
View File

@ -17,7 +17,7 @@ rm /usr/local/bin/gitea-shell || true;
cat << "EOF" >> /usr/local/bin/gitea-shell
#!/bin/sh
/usr/bin/docker compose exec -i --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" server sh "$@"
/usr/bin/docker compose exec -i --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" gitea sh "$@"
EOF
chmod +x /usr/local/bin/gitea-shell

17
src/gist.orionkindel.com.nginx.conf Normal file
View File

@ -0,0 +1,17 @@
server {
listen 80;
server_name gist.orionkindel.com;
location ~ ^/embed(/.*)$ {
root /home/git;
try_files /opengist.embed.html =404;
}
location / {
proxy_pass http://localhost:8881;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

0
src/nginx.conf → src/git.orionkindel.com.nginx.conf
View File

4
src/gitea-actions-runner-config.yml
View File

@ -11,9 +11,7 @@ runner:
cache:
enabled: true
dir: "/data/.cache"
host: ""
port: 0
host: "152.44.36.48"
container:
network_mode: bridge

23
src/gitea-docker-compose.yml
View File

@ -3,9 +3,9 @@ version: "3"
name: gitea_compose
services:
server:
image: gitea/gitea:latest-rootless
gitea:
container_name: gitea
image: gitea/gitea:latest-rootless
user: "1000"
restart: always
volumes:
@ -17,14 +17,27 @@ services:
ports:
- "8880:3000" # see also: ./nginx.conf
- "127.0.0.1:2222:22"
runner:
image: toadlib/act_runner:latest
gitea_runner:
container_name: gitea_runner
image: gitea/act_runner:latest
restart: always
depends_on:
- server
- gitea
volumes:
- /home/git/data/act_runner:/data
- /home/git/runner-config.yml:/config.yml
- /run/user/1000/docker.sock:/var/run/docker.sock
env_file:
- /home/git/.env.runner
opengist:
container_name: opengist
image: ghcr.io/thomiceli/opengist:1
command: ['./opengist', '--config', '/root/opengist.yml']
restart: always
volumes:
- "/home/git/opengist:/root/.opengist"
- "/home/git/opengist.yml:/root/opengist.yml"
ports:
- "8881:6157" # http

16
src/opengist-embed.html Normal file
View File

@ -0,0 +1,16 @@
<body>
<script>
const href = window.location.href.replace('embed/', '');
const file = window.location.hash;
const iframe = document.createElement('iframe');
iframe.setAttribute('style', 'position: fixed; top: 0; left: 0; width: 100%; height: 100%; border: none; outline: none;');
iframe.onload = () => {
const files = iframe.contentDocument.querySelectorAll('div.grid > div');
const fileDiv = Array.from(files).find(f => f.querySelector('span' + file) !== undefined);
fileDiv.setAttribute('style', 'position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: white;');
iframe.contentDocument.body.setAttribute('style', 'overflow: hidden;')
}
iframe.src = href;
document.body.append(iframe);
</script>
</body>

8
src/opengist.example.yml Normal file
View File

@ -0,0 +1,8 @@
log-level: info
ssh.git-enabled: false
# Fill these in
# https://github.com/thomiceli/opengist#configure-oauth
gitea.client-key:
gitea.secret:
gitea.url: