Go to file
2023-05-21 13:11:15 -05:00
src fix: no sudo 2023-05-21 13:11:15 -05:00
.gitignore fix: server can be re-scaffolded without invalidating sessions, don't leak secrets 2023-05-21 12:58:31 -05:00
README.md docs: add readme 2023-05-21 13:10:03 -05:00

srv

principles

  • strong security
    • fine-grained user-based access and security
    • rootless docker
    • user-space systemctl for scheduled tasks
  • re-runnable and idempotent; changes to configuration does the same work as initial setup without losing state

observable outputs

  • given gitea domain <git_url>:
    • configures ssl for https://<git_url>
    • forwards http://<git_url> -> https://<git_url>
    • https://<git_url> serves gitea instance using sqlite3
    • SSH git authentication via git@<git_url> is fully supported
    • gitea has actions enabled and a runner instance provided
    • any gitea instance data and sessions are preserved (Note: the linux user that "owns" the gitea instance was deleted and recreated, and configuration was overwritten by src/gitea-app.ini.)

setup

copy src/gitea-app.ini.sample to src/gitea-app.ini and fill in the ; <snip> secrets

running

copy this repository to the debian image, ex with sshfs:

> mkdir ./ext
> sshfs user@host:/mnt ./ext
> rm ./ext/*; cp ./src/* ./ext/ # <- effectively deploys new configuration

then on the host run /mnt/000-entry.sh in an interactive shell.