diff --git a/scripts/gitea.service b/scripts/gitea.service new file mode 100644 index 0000000..babe91b --- /dev/null +++ b/scripts/gitea.service @@ -0,0 +1,28 @@ +[Unit] +Description=Gitea (Git with a cup of tea) +After=network.target +Wants=network.target + +[Service] +Type=simple +User=mleku +Group=mleku +WorkingDirectory=/home/mleku/gitea +ExecStart=/home/mleku/gitea/bin/gitea web --config /home/mleku/gitea/custom/conf/app.ini +Restart=always +RestartSec=2s +Environment="USER=mleku" "HOME=/home/mleku" "GITEA_WORK_DIR=/home/mleku/gitea" + +# Security enhancements +PrivateTmp=yes +NoNewPrivileges=true +ProtectSystem=strict +ProtectHome=no +ReadWritePaths=/home/mleku/gitea + +# Limits +LimitNOFILE=65535 +LimitNPROC=65535 + +[Install] +WantedBy=multi-user.target diff --git a/scripts/giteainstall.sh b/scripts/giteainstall.sh new file mode 100755 index 0000000..9f66d9f --- /dev/null +++ b/scripts/giteainstall.sh @@ -0,0 +1,256 @@ +#!/usr/bin/env bash +set -euo pipefail + +# Gitea Installation Script +# Installs Gitea to /home/mleku/gitea with SQLite backend + +GITEA_VERSION="1.25.1" +GITEA_BASE_DIR="/home/mleku/gitea" +GITEA_USER="mleku" +ARCH="linux-amd64" + +# Colors for output +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +RED='\033[0;31m' +NC='\033[0m' # No Color + +echo -e "${GREEN}=== Gitea Installation Script ===${NC}" +echo "Version: ${GITEA_VERSION}" +echo "Installation directory: ${GITEA_BASE_DIR}" +echo "User: ${GITEA_USER}" +echo "" + +# Check if Git is installed +echo -e "${YELLOW}Checking prerequisites...${NC}" +if ! command -v git &> /dev/null; then + echo -e "${RED}Error: Git is not installed. Please install Git first.${NC}" + exit 1 +fi + +GIT_VERSION=$(git --version | awk '{print $3}') +echo "Git version: ${GIT_VERSION}" + +# Create directory structure +echo -e "${YELLOW}Creating directory structure...${NC}" +mkdir -p "${GITEA_BASE_DIR}"/{bin,custom,data,log,tmp} +mkdir -p "${GITEA_BASE_DIR}/data/"{gitea-repositories,attachments,lfs,avatars} +mkdir -p "${GITEA_BASE_DIR}/custom/conf" + +# Download Gitea binary +echo -e "${YELLOW}Downloading Gitea ${GITEA_VERSION}...${NC}" +cd /tmp +wget -O gitea "https://dl.gitea.com/gitea/${GITEA_VERSION}/gitea-${GITEA_VERSION}-${ARCH}" || { + echo -e "${RED}Failed to download Gitea binary${NC}" + exit 1 +} + +# Download GPG signature for verification (optional but recommended) +echo -e "${YELLOW}Downloading GPG signature...${NC}" +wget -O gitea.asc "https://dl.gitea.com/gitea/${GITEA_VERSION}/gitea-${GITEA_VERSION}-${ARCH}.asc" || { + echo -e "${YELLOW}Warning: Could not download signature file${NC}" +} + +# Verify GPG signature if signature file exists +if [ -f gitea.asc ]; then + echo -e "${YELLOW}Verifying GPG signature (this may take a moment)...${NC}" + # Try to import the Gitea signing key + gpg --keyserver hkps://keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2 2>/dev/null || { + echo -e "${YELLOW}Warning: Could not import GPG key, skipping verification${NC}" + } + + # Verify if key was imported + if gpg --list-keys 7C9E68152594688862D62AF62D9AE806EC1592E2 &>/dev/null; then + if gpg --verify gitea.asc gitea 2>&1 | grep -q "Good signature"; then + echo -e "${GREEN}✓ GPG signature verified successfully${NC}" + else + echo -e "${RED}Warning: GPG signature verification failed${NC}" + read -p "Continue anyway? (y/N) " -n 1 -r + echo + if [[ ! $REPLY =~ ^[Yy]$ ]]; then + exit 1 + fi + fi + fi + rm -f gitea.asc +fi + +# Make binary executable and move to installation directory +chmod +x gitea +mv gitea "${GITEA_BASE_DIR}/bin/gitea" +echo -e "${GREEN}✓ Binary installed to ${GITEA_BASE_DIR}/bin/gitea${NC}" + +# Create initial app.ini configuration for SQLite +echo -e "${YELLOW}Creating initial configuration...${NC}" +cat > "${GITEA_BASE_DIR}/custom/conf/app.ini" << EOF +# Gitea Configuration +# Generated by giteainstall.sh + +APP_NAME = Gitea: Git with a cup of tea +RUN_MODE = prod +RUN_USER = ${GITEA_USER} + +[repository] +ROOT = ${GITEA_BASE_DIR}/data/gitea-repositories + +[repository.local] +LOCAL_COPY_PATH = ${GITEA_BASE_DIR}/tmp/local-repo + +[repository.upload] +TEMP_PATH = ${GITEA_BASE_DIR}/data/tmp/uploads + +[server] +APP_DATA_PATH = ${GITEA_BASE_DIR}/data +DOMAIN = localhost +HTTP_PORT = 3000 +ROOT_URL = http://localhost:3000/ +DISABLE_SSH = false +SSH_DOMAIN = localhost +SSH_PORT = 22 +SSH_LISTEN_PORT = 2222 +LFS_START_SERVER = true +LFS_JWT_SECRET = # Will be generated on first run +OFFLINE_MODE = false + +[database] +PATH = ${GITEA_BASE_DIR}/data/gitea.db +DB_TYPE = sqlite3 +HOST = +NAME = gitea +USER = +PASSWD = +LOG_SQL = false +SCHEMA = +SSL_MODE = disable + +[indexer] +ISSUE_INDEXER_PATH = ${GITEA_BASE_DIR}/data/indexers/issues.bleve +REPO_INDEXER_ENABLED = false + +[session] +PROVIDER_CONFIG = ${GITEA_BASE_DIR}/data/sessions +PROVIDER = file + +[picture] +AVATAR_UPLOAD_PATH = ${GITEA_BASE_DIR}/data/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = ${GITEA_BASE_DIR}/data/repo-avatars +DISABLE_GRAVATAR = false +ENABLE_FEDERATED_AVATAR = true + +[attachment] +PATH = ${GITEA_BASE_DIR}/data/attachments + +[log] +MODE = console, file +LEVEL = info +ROOT_PATH = ${GITEA_BASE_DIR}/log +ROUTER = console + +[security] +INSTALL_LOCK = false +SECRET_KEY = # Will be generated on first run +INTERNAL_TOKEN = # Will be generated on first run + +[service] +DISABLE_REGISTRATION = false +REQUIRE_SIGNIN_VIEW = false +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = false +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.localhost + +[mailer] +ENABLED = false + +[openid] +ENABLE_OPENID_SIGNIN = true +ENABLE_OPENID_SIGNUP = true + +[lfs] +PATH = ${GITEA_BASE_DIR}/data/lfs +EOF + +echo -e "${GREEN}✓ Configuration created at ${GITEA_BASE_DIR}/custom/conf/app.ini${NC}" + +# Set proper permissions +echo -e "${YELLOW}Setting permissions...${NC}" +chmod -R 755 "${GITEA_BASE_DIR}" +chmod 640 "${GITEA_BASE_DIR}/custom/conf/app.ini" + +# Create systemd service file +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +SERVICE_FILE="${SCRIPT_DIR}/gitea.service" + +echo -e "${YELLOW}Creating systemd service file...${NC}" +cat > "${SERVICE_FILE}" << 'EOFSERVICE' +[Unit] +Description=Gitea (Git with a cup of tea) +After=network.target +Wants=network.target + +[Service] +Type=simple +User=mleku +Group=mleku +WorkingDirectory=/home/mleku/gitea +ExecStart=/home/mleku/gitea/bin/gitea web --config /home/mleku/gitea/custom/conf/app.ini +Restart=always +RestartSec=2s +Environment="USER=mleku" "HOME=/home/mleku" "GITEA_WORK_DIR=/home/mleku/gitea" + +# Security enhancements +PrivateTmp=yes +NoNewPrivileges=true +ProtectSystem=strict +ProtectHome=no +ReadWritePaths=/home/mleku/gitea + +# Limits +LimitNOFILE=65535 +LimitNPROC=65535 + +[Install] +WantedBy=multi-user.target +EOFSERVICE + +echo -e "${GREEN}✓ Service file created at ${SERVICE_FILE}${NC}" + +# Summary +echo "" +echo -e "${GREEN}=== Installation Complete ===${NC}" +echo "" +echo "Installation directory: ${GITEA_BASE_DIR}" +echo "Binary location: ${GITEA_BASE_DIR}/bin/gitea" +echo "Configuration: ${GITEA_BASE_DIR}/custom/conf/app.ini" +echo "Database: ${GITEA_BASE_DIR}/data/gitea.db (SQLite)" +echo "Service file: ${SERVICE_FILE}" +echo "" +echo -e "${YELLOW}Next steps:${NC}" +echo "" +echo "1. Install the systemd service:" +echo " sudo cp ${SERVICE_FILE} /etc/systemd/system/" +echo " sudo systemctl daemon-reload" +echo "" +echo "2. Enable and start Gitea:" +echo " sudo systemctl enable gitea" +echo " sudo systemctl start gitea" +echo "" +echo "3. Check status:" +echo " sudo systemctl status gitea" +echo "" +echo "4. View logs:" +echo " sudo journalctl -u gitea -f" +echo "" +echo "5. Access Gitea at:" +echo " http://localhost:3000" +echo "" +echo "6. Complete the installation wizard in your browser" +echo " (Most settings are pre-configured for SQLite)" +echo "" +echo -e "${YELLOW}Note:${NC} The first time you access Gitea, you'll need to complete" +echo "the installation wizard to create the admin account." +echo ""