From 81b589f95c015b45fb3e3efe715a1690d370e5fb Mon Sep 17 00:00:00 2001 From: Mar Alegre Date: Sat, 1 Jan 2022 15:56:09 -0500 Subject: [PATCH 1/7] added handling for host config and secrets config files in data --- gitea/Containerfile | 31 ++++++++++--------- .../{app.ini.esh.esh => app.config.ini} | 14 +-------- gitea/{ => assets}/bugfix/cronfix | 0 gitea/assets/gitea.service | 2 +- gitea/data/app.host.ini | 8 +++++ gitea/data/app.secret.ini | 10 ++++++ 6 files changed, 37 insertions(+), 28 deletions(-) rename gitea/assets/{app.ini.esh.esh => app.config.ini} (72%) rename gitea/{ => assets}/bugfix/cronfix (100%) create mode 100644 gitea/data/app.host.ini create mode 100644 gitea/data/app.secret.ini diff --git a/gitea/Containerfile b/gitea/Containerfile index 270c223..30adf88 100644 --- a/gitea/Containerfile +++ b/gitea/Containerfile @@ -1,7 +1,7 @@ ### ### Build Variables ### -FROM localhost/debian:latest +FROM localhost/debian # deploy options # -p (port) and -v (volume) both go host:container @@ -75,12 +75,6 @@ RUN mv pg_hba.conf /etc/postgresql/${PSQLV:?}/main/pg_hba.conf ### Gitea ### -# Install templating engine -RUN wget https://raw.githubusercontent.com/jirutka/esh/master/esh && \ - chmod +x esh && \ - mkdir -p /usr/local/lib/esh && \ - mv esh /usr/local/lib/esh - # dowload gitea RUN wget https://dl.gitea.io/gitea/${GITEAV:?}/gitea-${GITEAV:?}-linux-amd64 && \ mv gitea-${GITEAV:?}-linux-amd64 /usr/local/bin/gitea && \ @@ -93,21 +87,30 @@ RUN mkdir -p /var/lib/gitea/data/ /var/log/gitea /etc/gitea && \ ln -s /var/log/gitea /var/lib/gitea/log && \ ln -s /vol/data/custom /var/lib/gitea/custom -# template config file -COPY assets/app.ini.esh.esh /etc/gitea/ -RUN cd /etc/gitea && \ - esh app.ini.esh.esh && \ - rm app.ini.esh.esh && \ - chmod -R +r /etc/gitea +# copy config file +COPY assets/app.config.ini /etc/gitea/ +# copy gitea service COPY assets/gitea.service /etc/systemd/system/ # make alias for running admin commands from command line easily RUN echo "alias gitea='sudo -u gitea gitea --config /etc/gitea/app.ini'" >> /root/.bashrc +### +### Data +### + +WORKDIR /vol/data + +# copy config files +COPY data/ /vol/data/ +# template secrets file to generate secrets +RUN eval "echo \"$(cat app.secret.ini)\"" > app.secret.ini + ### ### Crontab ### + COPY assets/crontab /root/ RUN crontab -u gitea /root/crontab @@ -116,5 +119,5 @@ RUN crontab -u gitea /root/crontab ### # bugfix for cron -COPY bugfix/cronfix /root/ +COPY assets/bugfix/cronfix /root/ RUN chmod +x /root/cronfix && /root/cronfix diff --git a/gitea/assets/app.ini.esh.esh b/gitea/assets/app.config.ini similarity index 72% rename from gitea/assets/app.ini.esh.esh rename to gitea/assets/app.config.ini index 27c764c..1a602f7 100644 --- a/gitea/assets/app.ini.esh.esh +++ b/gitea/assets/app.config.ini @@ -1,15 +1,8 @@ -<%% . /vol/data/hostvars -%> -APP_NAME = <%%= $pagename %> +[DEFAULT] RUN_USER = gitea RUN_MODE = prod -[oauth2] -JWT_SECRET = <%= $(gitea generate secret JWT_SECRET) %> - [security] -INTERNAL_TOKEN = <%= $(gitea generate secret INTERNAL_TOKEN) %> -INSTALL_LOCK = true -SECRET_KEY = <%= $(gitea generate secret SECRET_KEY) %> ; disable password complexity checks PASSWORD_COMPLEXITY = off @@ -27,16 +20,11 @@ PATH = /var/lib/gitea/data/gitea.db ROOT = /vol/git/repos [server] -DOMAIN = <%% $domain %> -ROOT_URL = https://<%% $domain %>/ -HTTP_PORT = 80 START_SSH_SERVER = false -SSH_PORT = <%% $sshport %%> SSH_CREATE_AUTHORIZED_KEYS_FILE = true SSH_AUTHORIZED_KEYS_BACKUP = false LFS_START_SERVER = true LFS_CONTENT_PATH = /vol/git/lfs -LFS_JWT_SECRET = <%= $(gitea generate secret JWT_SECRET) %> OFFLINE_MODE = true [mailer] diff --git a/gitea/bugfix/cronfix b/gitea/assets/bugfix/cronfix similarity index 100% rename from gitea/bugfix/cronfix rename to gitea/assets/bugfix/cronfix diff --git a/gitea/assets/gitea.service b/gitea/assets/gitea.service index 6780d43..c703d95 100644 --- a/gitea/assets/gitea.service +++ b/gitea/assets/gitea.service @@ -19,7 +19,7 @@ WorkingDirectory=/var/lib/gitea/ # If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file # (manually creating /run/gitea doesn't work, because it would not persist across reboots) #RuntimeDirectory=gitea -ExecStartPre=/usr/local/bin/esh /etc/gitea/app.ini.esh +ExecStartPre=/bin/bash -c "cat /vol/data/app.host.ini /vol/data/app.secret.ini /etc/gitea/app.config.ini > /etc/gitea/app.ini" ExecStartPre=/usr/local/bin/gitea --config /etc/gitea/app.ini admin regenerate keys ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini Restart=always diff --git a/gitea/data/app.host.ini b/gitea/data/app.host.ini new file mode 100644 index 0000000..37ba62a --- /dev/null +++ b/gitea/data/app.host.ini @@ -0,0 +1,8 @@ +[DEFAULT] +APP_NAME = My Title Page Name + +[server] +DOMAIN = git.example.com +ROOT_URL = https://git.example.com/ +HTTP_PORT = 80 +SSH_PORT = 22 diff --git a/gitea/data/app.secret.ini b/gitea/data/app.secret.ini new file mode 100644 index 0000000..b4fc202 --- /dev/null +++ b/gitea/data/app.secret.ini @@ -0,0 +1,10 @@ +[oauth2] +JWT_SECRET = $(gitea generate secret JWT_SECRET) + +[security] +INTERNAL_TOKEN = $(gitea generate secret INTERNAL_TOKEN) +SECRET_KEY = $(gitea generate secret SECRET_KEY) +INSTALL_LOCK = true + +[server] +LFS_JWT_SECRET = $(gitea generate secret JWT_SECRET) From 5cd97e9e276543082a1104471db10750c9f27462 Mon Sep 17 00:00:00 2001 From: Mar Alegre Date: Sat, 1 Jan 2022 16:55:34 -0500 Subject: [PATCH 2/7] added db-updown service --- gitea/Containerfile | 10 ++++++++++ gitea/assets/db-updown.service | 14 ++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 gitea/assets/db-updown.service diff --git a/gitea/Containerfile b/gitea/Containerfile index 30adf88..01550dd 100644 --- a/gitea/Containerfile +++ b/gitea/Containerfile @@ -107,6 +107,16 @@ COPY data/ /vol/data/ # template secrets file to generate secrets RUN eval "echo \"$(cat app.secret.ini)\"" > app.secret.ini +### +### DB Auto Load/Dump +### + +# copy service +COPY assets/db-updown.service /etc/systemd/system/ + +# enable service +RUN systemctl enable db-updown.service + ### ### Crontab ### diff --git a/gitea/assets/db-updown.service b/gitea/assets/db-updown.service new file mode 100644 index 0000000..5fa7215 --- /dev/null +++ b/gitea/assets/db-updown.service @@ -0,0 +1,14 @@ +[Unit] +Description=Load/Dump database on start/stop +After=postgresql.service +Requires=postgresql.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/environment +ExecStart=/bin/bash -c "db-load /vol/data/sql/$DBNAME-updown.sql" +ExecStop=/bin/bash -c "db-dump /vol/data/sql/$DBNAME-updown.sql" + +[Install] +WantedBy=multi-user.target From 5f2df2a7a77fcbc41b46b72e0801d6c98d0bb6e1 Mon Sep 17 00:00:00 2001 From: Mar Alegre Date: Sat, 1 Jan 2022 17:11:30 -0500 Subject: [PATCH 3/7] do full-upgrade in debian base container --- debian/Containerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/Containerfile b/debian/Containerfile index ada1f7c..f44ad47 100644 --- a/debian/Containerfile +++ b/debian/Containerfile @@ -24,7 +24,7 @@ RUN rm /etc/localtime && \ # Install packages RUN apt update -y && \ - apt upgrade -y && \ + apt full-upgrade -y && \ apt install -y init sudo wget nano less man-db unzip rsync procps software-properties-common && \ apt autoremove -y --purge && \ apt clean -y From 11b91f739e821bb0332c650dd0407b8025abdef7 Mon Sep 17 00:00:00 2001 From: Mar Alegre Date: Sat, 1 Jan 2022 17:19:35 -0500 Subject: [PATCH 4/7] added nicer progress bar to wget --- gitea/Containerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitea/Containerfile b/gitea/Containerfile index 01550dd..887a950 100644 --- a/gitea/Containerfile +++ b/gitea/Containerfile @@ -76,7 +76,7 @@ RUN mv pg_hba.conf /etc/postgresql/${PSQLV:?}/main/pg_hba.conf ### # dowload gitea -RUN wget https://dl.gitea.io/gitea/${GITEAV:?}/gitea-${GITEAV:?}-linux-amd64 && \ +RUN wget --progress=dot:giga https://dl.gitea.io/gitea/${GITEAV:?}/gitea-${GITEAV:?}-linux-amd64 && \ mv gitea-${GITEAV:?}-linux-amd64 /usr/local/bin/gitea && \ chmod +x /usr/local/bin/gitea From da74cce06bd3fa57c066d29bba20c3e1fe0ed89b Mon Sep 17 00:00:00 2001 From: Mar Alegre Date: Sat, 1 Jan 2022 17:29:16 -0500 Subject: [PATCH 5/7] Added cron to gitea container --- gitea/Containerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitea/Containerfile b/gitea/Containerfile index 887a950..eeb59d6 100644 --- a/gitea/Containerfile +++ b/gitea/Containerfile @@ -28,7 +28,7 @@ ENV DBNAME=gitea ### # install packages we want -RUN apt update -y && apt install -y postgresql postgresql-doc git openssh-server +RUN apt update -y && apt install -y postgresql postgresql-doc git openssh-server cron # create directories for volumes RUN mkdir -p /vol/git /vol/data /vol/log /vol/keys From 2c845ef6d5f0dbb2d0900cd803300e7594138d68 Mon Sep 17 00:00:00 2001 From: Mar Alegre Date: Sat, 1 Jan 2022 17:57:44 -0500 Subject: [PATCH 6/7] fixed gitea.service --- gitea/assets/gitea.service | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/gitea/assets/gitea.service b/gitea/assets/gitea.service index c703d95..b2fec2e 100644 --- a/gitea/assets/gitea.service +++ b/gitea/assets/gitea.service @@ -2,7 +2,8 @@ Description=Gitea (Git with a cup of tea) After=syslog.target After=network.target -Requires=postgresql.service +After=postgresql.service +Wants=postgresql.service [Service] # Modify these two values and uncomment them if you have @@ -16,20 +17,14 @@ Type=simple User=gitea Group=gitea WorkingDirectory=/var/lib/gitea/ -# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file -# (manually creating /run/gitea doesn't work, because it would not persist across reboots) -#RuntimeDirectory=gitea +PermissionsStartOnly=true ExecStartPre=/bin/bash -c "cat /vol/data/app.host.ini /vol/data/app.secret.ini /etc/gitea/app.config.ini > /etc/gitea/app.ini" -ExecStartPre=/usr/local/bin/gitea --config /etc/gitea/app.ini admin regenerate keys +ExecStartPre=/bin/bash -c "sudo -u gitea /usr/local/bin/gitea --config /etc/gitea/app.ini admin regenerate keys" ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini Restart=always Environment=USER=gitea HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea -# If you want to bind Gitea to a port below 1024, uncomment -# the two values below, or use socket activation to pass Gitea its ports as above -### CapabilityBoundingSet=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE -### [Install] WantedBy=multi-user.target From 0f267395b7a958e15221fa6ce6dbce4d12b7be63 Mon Sep 17 00:00:00 2001 From: Mar Alegre Date: Sat, 1 Jan 2022 18:17:39 -0500 Subject: [PATCH 7/7] updated to keep gitea data in /vol/data/gitea --- gitea/Containerfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/gitea/Containerfile b/gitea/Containerfile index eeb59d6..105447b 100644 --- a/gitea/Containerfile +++ b/gitea/Containerfile @@ -81,11 +81,12 @@ RUN wget --progress=dot:giga https://dl.gitea.io/gitea/${GITEAV:?}/gitea-${GITEA chmod +x /usr/local/bin/gitea # make directories gitea needs -RUN mkdir -p /var/lib/gitea/data/ /var/log/gitea /etc/gitea && \ +RUN mkdir -p /vol/data/gitea /var/log/gitea /etc/gitea && \ chown -R gitea:gitea /var/lib/gitea /var/log/gitea && \ - chmod -R 750 /var/lib/gitea /var/log/gitea && \ + chmod -R 750 /var/lib/gitea /var/log/gitea /vol/data/gitea && \ ln -s /var/log/gitea /var/lib/gitea/log && \ - ln -s /vol/data/custom /var/lib/gitea/custom + ln -s /vol/data/custom /var/lib/gitea/custom && \ + ln -s /vol/data/gitea /var/lib/gitea/data # copy config file COPY assets/app.config.ini /etc/gitea/