From 8ba581e92108de67b1501d06ed7c154cac105a25 Mon Sep 17 00:00:00 2001 From: Manuel Thalmann Date: Thu, 7 Nov 2024 23:58:06 +0100 Subject: [PATCH] Add a script for installing `forgejo` --- .../forgejo/docker-compose.secrets.yml | 7 ++ .../services/forgejo/docker-compose.yml | 60 +++++++++++ .../docker/services/forgejo/main.fish | 100 ++++++++++++++++++ .../Software/docker/services/service.fish | 31 ++++-- 4 files changed, 192 insertions(+), 6 deletions(-) create mode 100644 scripts/Common/Software/docker/services/forgejo/docker-compose.secrets.yml create mode 100644 scripts/Common/Software/docker/services/forgejo/docker-compose.yml create mode 100644 scripts/Common/Software/docker/services/forgejo/main.fish diff --git a/scripts/Common/Software/docker/services/forgejo/docker-compose.secrets.yml b/scripts/Common/Software/docker/services/forgejo/docker-compose.secrets.yml new file mode 100644 index 00000000..47ff35a5 --- /dev/null +++ b/scripts/Common/Software/docker/services/forgejo/docker-compose.secrets.yml @@ -0,0 +1,7 @@ +services: + forgejo: + environment: {} + ports: + - 127.0.0.1:1337:3000 + - 127.0.0.1:1338:22 + db: {} diff --git a/scripts/Common/Software/docker/services/forgejo/docker-compose.yml b/scripts/Common/Software/docker/services/forgejo/docker-compose.yml new file mode 100644 index 00000000..ea48bd4b --- /dev/null +++ b/scripts/Common/Software/docker/services/forgejo/docker-compose.yml @@ -0,0 +1,60 @@ +services: + forgejo: + image: codeberg.org/forgejo/forgejo:7 + restart: unless-stopped + extends: + file: docker-compose.secrets.yml + service: forgejo + depends_on: + - db + environment: + USER_UID: 1337 + USER_GID: 1337 + FORGEJO__database__DB_TYPE: mysql + FORGEJO__database__HOST: db + FORGEJO__database__LOG_SQL: "false" + FORGEJO__repository__DEFAULT_BRANCH: main + FORGEJO__server__SSH_DOMAIN: "%(DOMAIN)s" + FORGEJO__server__ROOT_URL: https://%(DOMAIN)s/ + FORGEJO__server__DISABLE_SSH: "false" + FORGEJO__server__LFS_START_SERVER: "true" + FORGEJO__service__REGISTER_MANUEL_CONFIRM: "true" + FORGEJO__actions__ENABLED: "true" + FORGEJO__openid__ENABLE_OPENID_SIGNUP: "false" + FORGEJO__cron.git_gc_repos__ENABLED: "true" + FORGEJO__cron.git_lfs: "true" + volumes: + - ./data/forgejo:/data + - config:/data/gitea/conf + - /etc/timezone:/etc/timezone:ro + - /home/forgejo/.ssh:/data/git/.ssh + db: + image: mariadb + restart: unless-stopped + extends: + file: docker-compose.secrets.yml + service: db + environment: + MARIADB_RANDOM_ROOT_PASSWORD: "yes" + MARIADB_AUTO_UPGRADE: "yes" + volumes: + - ./database:/var/lib/mysql + command: + - --character-set-server=utf8mb4 + - --collation-server=utf8mb4_unicode_ci + bridge: + image: shenxn/protonmail-bridge + restart: unless-stopped + volumes: + - ./bridge:/root + runner: + image: gitea/act_runner + restart: unless-stopped + depends_on: + - forgejo + volumes: + - ./data/act:/data + - /var/run/docker.sock:/var/run/docker.sock + +volumes: + config: {} diff --git a/scripts/Common/Software/docker/services/forgejo/main.fish b/scripts/Common/Software/docker/services/forgejo/main.fish new file mode 100644 index 00000000..78a614d9 --- /dev/null +++ b/scripts/Common/Software/docker/services/forgejo/main.fish @@ -0,0 +1,100 @@ +#!/bin/env fish +begin + set -l dir (status dirname) + set -l user "forgejo" + set -l domain "git" + set -l server "$domain" "" + set -l service $user + source "$dir/../service.fish" + + function getSSHPortKey -V service + echo "$(getServiceKey "$service").ports[1]" + end + + function installSW -V dir -V domain -V server -V service + set -l root (getServiceRoot $argv) + set -l secrets (getServiceSecretsConfig $argv) + set -l source "$dir/$(basename "$secrets")" + set -l pw (nix-shell -p keepassxc --run "keepassxc-cli generate --length 32") + set -l port (getRandomPort) + initializeServiceInstallation $argv + sudo cp "$dir/docker-compose.yml" "$root" + + installDockerService $argv + set port (yq (getSSHPortKey) "$source" --raw-output | mutatePort "$port") + + DOMAIN=(getServiceDomain $server) PW=$pw DB=Git USER=forgejo PW=$pw begin + set -l gitEnv "$(getServiceKey "$service").environment" + set -l dbEnv "$(getServiceKey "db").environment" + + PORT=$port yq "$(getSSHPortKey) = env.PORT" "$source" | \ + yq "$gitEnv.FORGEJO__database__NAME = env.DB" | \ + yq "$gitEnv.FORGEJO__database__USER = env.USER" | \ + yq "$gitEnv.FORGEJO__database__PASSWD = env.PW" | \ + yq "$dbEnv.MARIADB_DATABASE = env.DB" | \ + yq "$dbEnv.MARIADB_USER = env.USER" | \ + yq "$dbEnv.MARIADB_PASSWORD = env.PW" | \ + yq -y . | \ + sudo tee "$secrets" >/dev/null + end + end + + function configureSW -V dir -V user -V service + set -l uid + set -l gid + set -l port + set -l file (mktemp) + set -l root (getServiceRoot $argv) + set -l dir "$root/data" + set -l bin "/usr/local/bin/forgejo" + set -l config "$root/docker-compose.yml" + set -l secrets (getServiceSecretsConfig $argv) + set -l envKey "$(getServiceKey "$service").environment" + configureDockerService $argv + cp "$config" "$file" + + and sudo useradd \ + --system \ + --shell /bin/bash \ + --comment 'Git Version Control' \ + --create-home \ + $user + + set uid (id -u $user) + set gid (id -g $user) + + and yq "$envKey.USER_UID = $uid" "$file" | \ + yq "$envKey.USER_GID = $gid" | \ + yq -y . | + sudo tee "$config" >/dev/null + + mkdir -p "$dir" + and chown -R $uid:$gid "$dir" + rm "$file" + + set port (yq (getSSHPortKey) "$secrets" --raw-output | extractPort) + + begin + printf "%s\n" \ + "#!/bin/sh" \ + "ssh -p $port -o StrictHostKeyChecking=no git@127.0.0.1 \"SSH_ORIGINAL_COMMAND=\\\"$SSH_ORIGINAL_COMMAND\\\" \$0 \$@\"" + end | sudo tee "$bin" >/dev/null + + chmod +x "$bin" + end + + function getServiceServers -V server + printf "%s\0" $server + end + + function getServiceLocations + argparse -i "name=" -- $argv + printf "%s\0" "$_flag_name" / + end + + function getBackupArgs -V root + printf "%s\n" --hidden --no-ignore . --exclude "docker-compose.yml" "$root" + end + + runInstaller --force $argv +end diff --git a/scripts/Common/Software/docker/services/service.fish b/scripts/Common/Software/docker/services/service.fish index dd3917ab..0637fdbd 100644 --- a/scripts/Common/Software/docker/services/service.fish +++ b/scripts/Common/Software/docker/services/service.fish @@ -4,9 +4,28 @@ begin set -l root /usr/local/lib set -l secretsFile "docker-compose.secrets.yml" set -l nginxRoot "/etc/nginx/conf.d" - set -l portPattern "^\([.[:digit:]]\+:\)\([[:digit:]]\+\)\(:[[:digit:]]\+\)" source "$dir/../../../../lib/software.fish" + function getRandomPort + random 49152 65535 + end + + function getPortPattern + echo "^\([.[:digit:]]\+:\)\([[:digit:]]\+\)\(:[[:digit:]]\+\)" + end + + function __substitutePort -a substitution + sed "s/$(getPortPattern)/$substitution/" + end + + function extractPort + __substitutePort "\2" + end + + function mutatePort -a port + __substitutePort "\1$port\3" + end + function getServiceName argparse -i "name=" -- $argv echo "$_flag_name" @@ -55,7 +74,7 @@ begin mkdir -p (dirname (getServiceSecretsConfig $argv)) end - function installDockerService -V dir -V nginxRoot -V portPattern + function installDockerService -V dir -V nginxRoot set -l config (getServiceSecretsConfig $argv) set -l servers (getServiceServers $argv | string split0) @@ -64,7 +83,7 @@ begin for j in (seq 1 4 (count $locations)) set -l file (mktemp) - set -l port (random 49152 65535) + set -l port (getRandomPort) set -l service $locations[$j] set -l portKey (__getServicePortKey "$service") set -l exposedPort @@ -72,13 +91,13 @@ begin sudo mkdir -p "$nginxRoot" cp "$config" "$file" - set exposedPort (yq --raw-output "$portKey" "$file" | sed "s/$portPattern/\1$port\3/") + set exposedPort (yq --raw-output "$portKey" "$file" | mutatePort $port) PORT=$exposedPort yq -y "$portKey = env.PORT" "$file" | sudo tee "$config" >/dev/null end end end - function configureDockerService -V portPattern + function configureDockerService set -l config (getServiceSecretsConfig $argv) set -l servers (getServiceServers $argv | string split0) set -l nginxConfig (__getServiceNginxConfig $argv) @@ -99,7 +118,7 @@ begin set -l service $locations[$j] set -l location $locations[(math $j + 1)] set -l portKey (__getServicePortKey "$service") - set -l port (yq --raw-output "$portKey" "$config" | sed "s/$portPattern/\2/") + set -l port (yq --raw-output "$portKey" "$config" | extractPort) printf "%s\n" \ "location $location {" \