first working version of gitea, now to add backup

gitea/deploy.sh

@@ -0,0 +1,123 @@
+#!/bin/bash
+
+. ./env.sh
+
+set -e
+
+services=("$CONTAINER_PREFIX-$CONTAINER_GITEA.service"
+    "$CONTAINER_PREFIX-$CONTAINER_DB.service",
+)
+
+for service in "${services[@]}"; do
+    if systemctl --user list-units --full --all | grep -q "$service"; then
+        echo "Stopping $service..."
+        systemctl --user stop $service
+        echo "$service stopped."
+    fi
+done
+
+containers=(
+    "$CONTAINER_GITEA"
+    "$CONTAINER_DB"
+)
+
+for container in "${containers[@]}"; do
+    if podman container exists "$container"; then
+      echo "Stop and delete existing container $container"
+    if podman inspect -f '{{.State.Running}}' "$container" | grep -q true; then
+      podman stop "$container"
+    fi
+    podman rm "$container"
+fi
+done
+
+if ! podman network exists $NETWORK; then
+  podman network create $NETWORK
+fi
+
+mkdir -p $DATA_FOLDER
+mkdir -p $DB_FOLDER
+mkdir -p $USER_SYSTEMD
+
+podman create \
+  --name $CONTAINER_DB \
+  --network $NETWORK \
+  --restart=always \
+  -p $PORT_DB:5432 \
+  -e POSTGRES_USER=$DB_USER \
+  -e POSTGRES_PASSWORD=$DB_PASSWORD \
+  -e POSTGRES_DB=$DB_NAME \
+  -e POSTGRES_HOST_AUTH_METHOD=trust \
+  -v "$DB_FOLDER:/var/lib/postgresql/data:Z" \
+  docker.io/library/postgres:16
+
+podman generate systemd \
+  --new \
+  --name $CONTAINER_DB \
+  --files --restart-policy always --container-prefix=$CONTAINER_PREFIX > /dev/null
+
+mv $CONTAINER_PREFIX-$CONTAINER_DB.service $USER_SYSTEMD
+systemctl --user daemon-reload
+systemctl --user enable --now $CONTAINER_PREFIX-$CONTAINER_DB.service
+echo "Wait for PostgreSQL..."
+until podman exec $CONTAINER_DB pg_isready -U "$DB_USER" -d "$DB_NAME" > /dev/null 2>&1; do
+  sleep 2
+done
+echo "PostgreSQL ready"
+
+podman create \
+    --name $CONTAINER_GITEA \
+    --network $NETWORK \
+    --restart=always \
+    -p $PORT_WEB:3000 \
+    -p $PORT_SSH:22 \
+    -v $DATA_FOLDER:/data \
+    -e GITEA__database__DB_TYPE=postgres \
+    -e GITEA__database__HOST=$HOST_DB:$PORT_DB \
+    -e GITEA__database__NAME=$DB_NAME \
+    -e GITEA__database__USER=$DB_USER \
+    -e GITEA__database__PASSWD=$DB_PASSWORD \
+    -v /etc/timezone:/etc/timezone:ro \
+    -v /etc/localtime:/etc/localtime:ro \
+    docker.gitea.com/gitea:latest
+
+podman generate systemd \
+    --new \
+    --name $CONTAINER_GITEA \
+    --files \
+    --container-prefix=$CONTAINER_PREFIX \
+    --restart-policy=always
+
+sed -i "/^\[Unit\]/a After=$CONTAINER_PREFIX-$CONTAINER_DB.service \nRequires=$CONTAINER_PREFIX-$CONTAINER_DB.service" $CONTAINER_PREFIX-$CONTAINER_GITEA.service
+
+mv $CONTAINER_PREFIX-$CONTAINER_GITEA.service $USER_SYSTEMD
+systemctl --user daemon-reload
+systemctl --user enable --now $CONTAINER_PREFIX-$CONTAINER_GITEA.service
+
+sudo loginctl enable-linger $USER
+
+# generate haproxy blocks
+sudo mkdir -p $SERVICE_DIR
+echo "crt $SSL_PATH/fullchain.pem" | sudo tee $SERVICE_DIR/cert.block > /dev/null
+ACL_CFG=$(cat <<EOF
+acl is_gitee hdr(host) -i $DOMAIN
+use_backend gitee_backend if is_gitee
+EOF
+)
+echo "$ACL_CFG" | sudo tee $SERVICE_DIR/acl.block > /dev/null
+BACKEND_CFG=$(cat <<EOF
+backend gitee_backend
+    mode http
+    option httpchk GET /
+    option forwardfor
+    # Set the Source IP in the X-Real-IP header
+    http-request set-header X-Real-IP %[src]
+    server vwhttp 127.0.0.1:$PORT_WEB alpn http/1.1 check
+EOF
+)
+echo "$BACKEND_CFG" | sudo tee $SERVICE_DIR/backend.block > /dev/null
+
+echo "Deploy completed, manually run haproxy to generate new config."
+
+# on local, allow ufw port from wireguard
+echo "Manually config backup remote."