-
Notifications
You must be signed in to change notification settings - Fork 0
/
gitea_docker.sh
203 lines (177 loc) · 7.09 KB
/
gitea_docker.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
#!/bin/sh
# vim:set syntax=sh:
# kate: syntax bash;
# SPDX-License-Identifier: CC-BY-SA-4.0
# Copyright 2021 Jakob Meng, <[email protected]>
exit # do not run any commands when file is executed
#
# Install Gitea with Docker on Debian 10 (Buster)
#
# Ref.:
# https://docs.gitea.io/en-us/install-with-docker/
# https://docs.gitea.io/en-us/install-from-binary/
# Suppose smtp.infcs.de is your smtp server and infcs.de is your domain name.
# A Message Transfer Agent (MTA) like Exim4 must be running on the host system if email notifications should work,
# because Watchtower can only send mails using a local MTA.
# Ref.: https://github.com/containrrr/watchtower/issues/572
#
# To setup an MTA e.g. follow exim.sh
# Change Exim4 configuration to allow relaying mails from Docker containers
LANG=C dpkg-reconfigure -plow exim4-config
# As Exim4's mail server configuration type choose 'mail sent by smarthost; received via SMTP or fetchmail'. Add host ip
# address (here: 172.31.0.1) on Docker network 'gitea' to list of 'IP-addresses to listen on for incoming SMTP
# connections'. Leave 'Other destinations for which mail is accepted' empty/blank. Add subnet '172.31.0.0/16' from
# Docker network 'gitea' to list of 'Machines to relay mail for'.
#
# or non-interactively
# Ref.: /var/lib/dpkg/info/exim4-config.config
#
# debconf questions
sed -i \
-e "s/^dc_eximconfig_configtype=.*/dc_eximconfig_configtype='smarthost'/g" \
-e "s/^dc_local_interfaces=.*/dc_local_interfaces='127.0.0.1 ; ::1 ; 172.31.0.1'/g" \
-e "s/^dc_minimaldns=.*/dc_minimaldns='false'/g" \
-e "s/^dc_other_hostnames=.*/dc_other_hostnames=''/g" \
-e "s/^dc_readhost=.*/dc_readhost='$(hostname).infcs.de'/g" \
-e "s/^dc_smarthost=.*/dc_smarthost='smtp.infcs.de'/g" \
-e "s/^dc_use_split_config=.*/dc_use_split_config='false'/g" \
-e "s/^dc_relay_domains=.*/dc_relay_domains=''/g" \
-e "s/^dc_relay_nets=.*/dc_relay_nets='172.31.0.0/24'/g" \
-e "s/^dc_hide_mailname=.*/dc_hide_mailname='true'/g" \
-e "s/^dc_mailname_in_oh=.*/dc_mailname_in_oh='true'/g" \
-e "s/^dc_localdelivery=.*/dc_localdelivery='mail_spool'/g" \
/etc/exim4/update-exim4.conf.conf
#
# debconf question exim4/dc_postmaster
sed -i -e "s/^root: .*/root: sysmsg+openstack.$(hostname)@infcs.de/g" /etc/aliases
#
# debconf question exim4/mailname
echo "$(hostname).infcs.de" > /etc/mailname
#
# Synchronize debconf database with exim4-config's config which will help during
# package updates because debconf will not complain about config changes
cat << EOF | debconf-set-selections
exim4-config exim4/dc_eximconfig_configtype select mail sent by smarthost; received via SMTP or fetchmail
exim4-config exim4/dc_localdelivery select mbox format in /var/mail/
exim4-config exim4/dc_local_interfaces string 127.0.0.1 ; ::1 ; 172.31.0.1
exim4-config exim4/dc_minimaldns boolean false
exim4-config exim4/dc_other_hostnames string
exim4-config exim4/dc_postmaster string sysmsg+openstack.$(hostname)@infcs.de
exim4-config exim4/dc_readhost string $(hostname).infcs.de
exim4-config exim4/dc_relay_nets string 172.31.0.0/24
exim4-config exim4/dc_smarthost string smtp.infcs.de
exim4-config exim4/hide_mailname boolean true
exim4-config exim4/mailname string $(hostname).infcs.de
EOF
dpkg-reconfigure -f noninteractive exim4-config
systemctl restart exim4.service
apt install docker.io docker-compose git git-lfs
adduser \
--system \
--group \
--shell /bin/bash \
--gecos 'Git Version Control' \
--disabled-password \
git
sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"
cat << EOF >> /home/git/.ssh/authorized_keys
# SSH public key from git user
$(cat /home/git/.ssh/id_rsa.pub)
# Git public keys from Gitea users, filled from Gitea Docker container
EOF
chown git.git /home/git/.ssh/authorized_keys
chmod g-rwx,o-rwx /home/git/.ssh/authorized_keys
mkdir -p /var/lib/gitea/
chown -R git:git /var/lib/gitea/
chmod -R 750 /var/lib/gitea/
cat << 'EOF' >> /usr/local/bin/gitea-ssh-forwarder
#!/bin/sh
# 2021 Jakob Meng, <[email protected]>
ssh -p 2222 -o StrictHostKeyChecking=no [email protected] "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
EOF
chmod a+x /usr/local/bin/gitea-ssh-forwarder
mkdir -p /app/gitea/
ln -s /usr/local/bin/gitea-ssh-forwarder /app/gitea/gitea
mkdir /etc/gitea
cd /etc/gitea
chmod u=rwx,g=rx,o= /etc/gitea
# Ask Steffen Kaiser for an email address to use for sending mails with Gitea and Watchtower
# Ref.: https://faq.inf.h-brs.de/faq/informationen-fuer-labore/systemmeldungen-von-laborservern-phys-virtuell
cat << EOF >> /etc/gitea/docker-compose.yml
# 2021 Jakob Meng, <[email protected]>
# Gitea with Docker
version: "3"
networks:
gitea:
external: false
ipam:
driver: default
config:
- subnet: "172.31.0.0/24"
services:
gitea:
container_name: gitea
environment:
USER_UID: '$(id -u git)'
USER_GID: '$(id -g git)'
GITEA__server__ROOT_URL: 'http://$(hostname --fqdn)/'
GITEA__service__REQUIRE_SIGNIN_VIEW: 'true'
GITEA__service__ENABLE_NOTIFY_MAIL: 'true'
GITEA__service__REGISTER_EMAIL_CONFIRM: 'true'
GITEA__mailer__ENABLED: 'true'
GITEA__mailer__FROM: 'sysmsg+openstack.$(hostname)@infcs.de'
GITEA__mailer__MAILER_TYPE: 'smtp'
GITEA__mailer__HOST: '172.31.0.1:25'
GITEA__mailer__IS_TLS_ENABLED: 'false'
#GITEA__mailer__USER: 'username'
#GITEA__mailer__PASSWD: 'password'
image: gitea/gitea:latest
labels:
- "com.centurylinklabs.watchtower.scope=gitea"
networks:
- gitea
ports:
- "80:3000"
- "127.0.0.1:2222:22"
restart: always
volumes:
- /home/git/.ssh/:/data/git/.ssh
- /var/lib/gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
watchtower:
container_name: gitea_watchtower
environment:
TZ: 'Europe/Berlin'
WATCHTOWER_CLEANUP: 'true'
WATCHTOWER_INCLUDE_RESTARTING: 'true'
WATCHTOWER_ROLLING_RESTART: 'true'
WATCHTOWER_TIMEOUT: '30s'
WATCHTOWER_SCOPE: 'gitea'
WATCHTOWER_NOTIFICATIONS: 'email'
WATCHTOWER_NOTIFICATION_EMAIL_FROM: 'sysmsg+openstack.$(hostname)@infcs.de'
WATCHTOWER_NOTIFICATION_EMAIL_TO: 'sysmsg+openstack.$(hostname)@infcs.de'
WATCHTOWER_NOTIFICATION_EMAIL_SERVER: '172.31.0.1'
WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT: '25'
WATCHTOWER_NOTIFICATION_EMAIL_SERVER_TLS_SKIP_VERIFY: 'true'
WATCHTOWER_NOTIFICATION_EMAIL_SUBJECTTAG: '[WATCHTOWER GITEA]'
WATCHTOWER_NOTIFICATION_EMAIL_DELAY: '3'
image: containrrr/watchtower:latest
labels:
- "com.centurylinklabs.watchtower.scope=gitea"
networks:
- gitea
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
EOF
chmod u=rw,g=r,o= /etc/gitea/docker-compose.yml
# run containers in background
docker-compose up -d
# verify that all containers are up and running
docker ps
# view output of Gitea container
docker logs gitea
# view output of Watchtower container
docker logs gitea_watchtower
exit # the end