# medusa gitea install

## config container

### mounts

add mount to container:
```
-v /tank/files/git:/vol/git \
-v /tank/files/db/gitea:/vol/db \
```

add user:
```
usr=git
uid=5000
addgroup --gid ${uid:?} ${usr:?}
adduser --uid ${uid:?} --ingroup ${usr:?} ${usr:?} --disabled-password --gecos "Gitea Server" --shell /usr/sbin/nologin
```
create directory to be mounted:
```
mkdir /vol/git /vol/db
chown -R gitea:gitea /vol/
```

### postgresql

```
apt install postgresql postgresql-doc
```
log in to postgres user and make same config changes as for nextcloud:
```
su - postgres
```
`/etc/postgresql/10/main/pg_hba.conf`:
```
# Database administrative login by Unix domain socket
local   all             postgres                                peer

# Allow connection to Unix domain socket without authentication
local   all             gtadmin                                 trust
```
create SQL role:
```
psql
CREATE USER gtadmin;
CREATE DATABASE gitea WITH TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';
\q
exit
```

### install gitea

download binary:
```
wget gitea https://dl.gitea.io/gitea/1.11.4/gitea-1.11.4-linux-amd64
wget gitea https://dl.gitea.io/gitea/1.11.4/gitea-1.11.4-linux-amd64.asc
gpg --keyserver pgp.mit.edu --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
gpg --verify gitea-1.11.4-linux-amd64.asc gitea-1.11.4-linux-amd64
```
create required directories:
```
mkdir -p /var/lib/gitea/{custom,data,log}
chown -R git:git /var/lib/gitea/
chmod -R 750 /var/lib/gitea/
mkdir /etc/gitea
```
move to bin dir:
```
mv gitea-master-linux-amd64 /usr/local/bin/gitea
chmod +x /usr/local/bin/gitea
```

### configure gitea

make `/etc/gitea/app.ini` config file:
```
APP_NAME = Gitea: Git with a cup of tea
RUN_USER = git
RUN_MODE = prod

[oauth2]
JWT_SECRET = ${jwt_secret_1:?}

[security]
INTERNAL_TOKEN = ${internal_token:?}
INSTALL_LOCK   = true
SECRET_KEY     = ${secret_key:?}
; disable password complexity checks
PASSWORD_COMPLEXITY = off

[database]
DB_TYPE  = postgres
HOST     = /var/run/postgresql
NAME     = gitea
USER     = gtadmin
PASSWD   =
SSL_MODE = disable
CHARSET  = utf8
PATH     = /var/lib/gitea/data/gitea.db

[repository]
ROOT = /srv/gitea/repos

[server]
SSH_DOMAIN       = localhost
DOMAIN           = localhost
HTTP_PORT        = 3000
ROOT_URL         = https://${host_url}/
DISABLE_SSH      = true
LFS_START_SERVER = true
LFS_CONTENT_PATH = /srv/gitea/lfs
LFS_JWT_SECRET   = ${jwt_secret_2:?}
OFFLINE_MODE     = true

[mailer]
ENABLED = false

[service]
REGISTER_EMAIL_CONFIRM            = false
ENABLE_NOTIFY_MAIL                = false
DISABLE_REGISTRATION              = true
ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
ENABLE_CAPTCHA                    = false
REQUIRE_SIGNIN_VIEW               = false
DEFAULT_KEEP_EMAIL_PRIVATE        = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
DEFAULT_ENABLE_TIMETRACKING       = true
NO_REPLY_ADDRESS                  = noreply.localhost

[picture]
DISABLE_GRAVATAR        = true
ENABLE_FEDERATED_AVATAR = false

[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = false

[session]
PROVIDER = file

[log]
MODE      = file
LEVEL     = info
ROOT_PATH = /var/lib/gitea/log
```
where:
- JWT secrets are generated by `gitea generate secret JWT_SECRET`
- internal tokens are generated by `gitea generate secret INTERNAL_TOKEN`
- secret keys are generated by `gitea generate secret SECRET_KEY`

### create service

create the file `/etc/systemd/system/gitea.service`:
```
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
Requires=postgresql.service

[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
#RuntimeDirectory=gitea
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
# If you want to bind Gitea to a port below 1024, uncomment
# the two values below, or use socket activation to pass Gitea its ports as above
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
###

[Install]
WantedBy=multi-user.target
```

## run webinstall

### enable and start the service

```
systemctl enable gitea
systemctl start gitea
```

### make dbdump script

same as for nextcloud

put in `git`'s cron:
```
crontab -u git -e
```