fix: stuff

.gitignore

@@ -1,2 +1,3 @@
+src/opengist.yml
 src/gitea-app.ini
 ext

src/000-entry.sh

@@ -42,5 +42,6 @@ source ./020-net.sh
 source ./021-net-routing.sh
 source ./022-net-ssl.sh
 source ./030-gitea-actions.sh
-source ./031-gitea.sh
+source ./031-gist.sh
+source ./039-gitea.sh
 source ./999-post.sh

src/012-system-users-gitea.sh

@@ -6,14 +6,9 @@ uid_git=${uid_git:-}
 mkdir -p /tmp/git
 if id git &>/dev/null; then
   mkdir -p /tmp/git
-  mv /home/git/data   /tmp/git/data
-  mv /home/git/config /tmp/git/config
-else
-  mkdir /tmp/git
-  mkdir /tmp/git/data
-  mkdir /tmp/git/data/git
-  mkdir /tmp/git/data/act_runner
-  mkdir /tmp/git/config
+  mv /home/git/opengist /tmp/git/opengist || true
+  mv /home/git/data     /tmp/git/data || true
+  mv /home/git/config   /tmp/git/config || true
 fi
 
 ## delete and recreate `git` user
@@ -28,21 +23,37 @@ useradd \
   --shell /bin/bash \
   git
 
+mkdir -p /tmp/git/opengist/
+mkdir -p /tmp/git/config/
+mkdir -p /tmp/git/data/
+mkdir -p /tmp/git/data/git/
+mkdir -p /tmp/git/data/act_runner/
+
 read -rp "enter public ssh key allowing sessions as \`git\`:" git_ssh_pub
 user_init git "$git_ssh_pub"
 
-## restore homedir
-mv /tmp/git/data   /home/git/
-mv /tmp/git/config /home/git/
+## restore homedir (if applicable)
+if [ -d /tmp/git/data ]; then
+  mv /tmp/git/data     /home/git/ || true
+  mv /tmp/git/config   /home/git/ || true
+  mv /tmp/git/opengist /home/git/ || true
+fi
 
+## gitea
 cp ./gitea-docker-compose.yml /home/git/docker-compose.yml
 cp ./gitea-app.ini            /home/git/config/app.ini
 sed -i "s/\\\${{TIMESTAMP}}/$(date +%s)/g" /home/git/config/app.ini
 
+## runner
 touch /home/git/runner-config.yml
 touch /home/git/.env.runner
 
+## gist
+touch /home/git/opengist.yml
+
+## ownership & permissions
 chown -R git:git /home/git
+chown -R git:git /home/git/opengist.yml
 chown -R git:git /home/git/runner-config.yml
 chown -R git:git /home/git/.env.runner
 chown -R git:git /home/git/data
@@ -50,5 +61,6 @@ chown -R git:git /home/git/data/git
 chown -R git:git /home/git/data/act_runner
 chown -R git:git /home/git/config
 
+chmod -R 777 /home/git/opengist
 chmod -R 777 /home/git/data
 chmod -R 777 /home/git/config

src/021-net-routing.sh

@@ -1,6 +1,8 @@
 #! /usr/bin/bash
 
 domain_root=${domain_root:-}
+git_domain="git.$domain_root"
+gist_domain="gist.$domain_root"
 
 mkdir -p /etc/nginx/sites-available
 mkdir -p /etc/nginx/sites-enabled
@@ -8,11 +10,25 @@ mkdir -p /etc/nginx/sites-enabled
 rm -r "/etc/nginx/sites-available/$domain_root" 2>/dev/null || true
 rm -r "/etc/nginx/sites-enabled/$domain_root" 2>/dev/null || true
 
-touch "/etc/nginx/sites-available/$domain_root"
-ln -s "/etc/nginx/sites-available/$domain_root" "/etc/nginx/sites-enabled/$domain_root"
+# git.<domain>
+rm -r "/etc/nginx/sites-available/$git_domain" 2>/dev/null || true
+rm -r "/etc/nginx/sites-enabled/$git_domain" 2>/dev/null || true
 
-cp ./nginx.conf "/etc/nginx/sites-available/$domain_root"
-chmod 777 "/etc/nginx/sites-available/$domain_root"
+touch "/etc/nginx/sites-available/$git_domain"
+ln -s "/etc/nginx/sites-available/$git_domain" "/etc/nginx/sites-enabled/$git_domain"
+
+cp ./git.orionkindel.com.nginx.conf "/etc/nginx/sites-available/$git_domain"
+chmod 777 "/etc/nginx/sites-available/$git_domain"
+
+# gist.<domain>
+rm -r "/etc/nginx/sites-available/$gist_domain" 2>/dev/null || true
+rm -r "/etc/nginx/sites-enabled/$gist_domain" 2>/dev/null || true
+
+touch "/etc/nginx/sites-available/$gist_domain"
+ln -s "/etc/nginx/sites-available/$gist_domain" "/etc/nginx/sites-enabled/$gist_domain"
+
+cp ./gist.orionkindel.com.nginx.conf "/etc/nginx/sites-available/$gist_domain"
+chmod 777 "/etc/nginx/sites-available/$gist_domain"
 
 systemctl enable nginx
 systemctl start nginx

src/022-net-ssl.sh

@@ -1,3 +1,4 @@
 #! /usr/bin/bash
 
 certbot --nginx -d git.orionkindel.com -n
+certbot --nginx -d gist.orionkindel.com -n

src/031-gist.sh

@@ -0,0 +1,9 @@
+#! /usr/bin/bash
+
+cp ./opengist.yml /home/git/opengist.yml
+chown git:git -R /home/git/opengist.yml
+
+cp ./opengist-embed.html /home/git/opengist.embed.html
+chown git:git -R /home/git/opengist.embed.html
+
+echo "Follow https://github.com/thomiceli/opengist#configure-oauth, enter secrets in opengist.yml then re-run this script to enable gist server"

src/039-gitea.sh

@@ -17,7 +17,7 @@ rm /usr/local/bin/gitea-shell || true;
 
 cat << "EOF" >> /usr/local/bin/gitea-shell
 #!/bin/sh
-/usr/bin/docker compose exec -i --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" server sh "$@"
+/usr/bin/docker compose exec -i --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" gitea sh "$@"
 EOF
 
 chmod +x /usr/local/bin/gitea-shell

src/gist.orionkindel.com.nginx.conf

@@ -0,0 +1,17 @@
+server {
+  listen 80;
+  server_name gist.orionkindel.com;
+
+  location ~ ^/embed(/.*)$ {
+    root /home/git;
+    try_files /opengist.embed.html =404;
+  }
+
+  location / {
+    proxy_pass http://localhost:8881;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+  }
+}

src/gitea-actions-runner-config.yml

@@ -11,9 +11,7 @@ runner:
 
 cache:
   enabled: true
-  dir: "/data/.cache"
-  host: ""
-  port: 0
+  host: "152.44.36.48"
 
 container:
   network_mode: bridge

src/gitea-docker-compose.yml

@@ -3,9 +3,9 @@ version: "3"
 name: gitea_compose
 
 services:
-  server:
-    image: gitea/gitea:latest-rootless
+  gitea:
     container_name: gitea
+    image: gitea/gitea:latest-rootless
     user: "1000"
     restart: always
     volumes:
@@ -17,14 +17,27 @@ services:
     ports:
       - "8880:3000" # see also: ./nginx.conf
       - "127.0.0.1:2222:22"
-  runner:
-    image: toadlib/act_runner:latest
+
+  gitea_runner:
+    container_name: gitea_runner
+    image: gitea/act_runner:latest
     restart: always
     depends_on:
-      - server
+      - gitea
     volumes:
       - /home/git/data/act_runner:/data
       - /home/git/runner-config.yml:/config.yml
       - /run/user/1000/docker.sock:/var/run/docker.sock
     env_file:
       - /home/git/.env.runner
+
+  opengist:
+    container_name: opengist
+    image: ghcr.io/thomiceli/opengist:1
+    command: ['./opengist', '--config', '/root/opengist.yml']
+    restart: always
+    volumes:
+      - "/home/git/opengist:/root/.opengist"
+      - "/home/git/opengist.yml:/root/opengist.yml"
+    ports:
+      - "8881:6157" # http

src/opengist-embed.html

@@ -0,0 +1,16 @@
+<body>
+  <script>
+    const href = window.location.href.replace('embed/', '');
+    const file = window.location.hash;
+    const iframe = document.createElement('iframe');
+    iframe.setAttribute('style', 'position: fixed; top: 0; left: 0; width: 100%; height: 100%; border: none; outline: none;');
+    iframe.onload = () => {
+      const files = iframe.contentDocument.querySelectorAll('div.grid > div');
+      const fileDiv = Array.from(files).find(f => f.querySelector('span' + file) !== undefined);
+      fileDiv.setAttribute('style', 'position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: white;');
+      iframe.contentDocument.body.setAttribute('style', 'overflow: hidden;')
+    }
+    iframe.src = href;
+    document.body.append(iframe);
+  </script>
+</body>

src/opengist.example.yml

@@ -0,0 +1,8 @@
+log-level: info
+ssh.git-enabled: false
+
+# Fill these in
+# https://github.com/thomiceli/opengist#configure-oauth
+gitea.client-key:
+gitea.secret:
+gitea.url: