first working version of gitea, now to add backup

gitea/compose_example.yml

@@ -0,0 +1,34 @@
+version: "2"
+
+services:
+  server:
+    image: docker.gitea.com/gitea:1.23.7-rootless
+    restart: always
+    environment:
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=db:5432
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=gitea
+      - GITEA__database__PASSWD=gitea
+    volumes:
+      - ./data:/var/lib/gitea
+      - ./config:/etc/gitea
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3000:3000"
+      - "2222:2222"
+    depends_on:
+      - db
+
+db:
+  image: docker.io/library/postgres:14
+  restart: always
+  environment:
+    - POSTGRES_USER=gitea
+    - POSTGRES_PASSWORD=gitea
+    - POSTGRES_DB=gitea
+  networks:
+    - gitea
+  volumes:
+    - ./postgres:/var/lib/postgresql/data

gitea/deploy.sh

@@ -0,0 +1,123 @@
+#!/bin/bash
+
+. ./env.sh
+
+set -e
+
+services=("$CONTAINER_PREFIX-$CONTAINER_GITEA.service"
+    "$CONTAINER_PREFIX-$CONTAINER_DB.service",
+)
+
+for service in "${services[@]}"; do
+    if systemctl --user list-units --full --all | grep -q "$service"; then
+        echo "Stopping $service..."
+        systemctl --user stop $service
+        echo "$service stopped."
+    fi
+done
+
+containers=(
+    "$CONTAINER_GITEA"
+    "$CONTAINER_DB"
+)
+
+for container in "${containers[@]}"; do
+    if podman container exists "$container"; then
+      echo "Stop and delete existing container $container"
+    if podman inspect -f '{{.State.Running}}' "$container" | grep -q true; then
+      podman stop "$container"
+    fi
+    podman rm "$container"
+fi
+done
+
+if ! podman network exists $NETWORK; then
+  podman network create $NETWORK
+fi
+
+mkdir -p $DATA_FOLDER
+mkdir -p $DB_FOLDER
+mkdir -p $USER_SYSTEMD
+
+podman create \
+  --name $CONTAINER_DB \
+  --network $NETWORK \
+  --restart=always \
+  -p $PORT_DB:5432 \
+  -e POSTGRES_USER=$DB_USER \
+  -e POSTGRES_PASSWORD=$DB_PASSWORD \
+  -e POSTGRES_DB=$DB_NAME \
+  -e POSTGRES_HOST_AUTH_METHOD=trust \
+  -v "$DB_FOLDER:/var/lib/postgresql/data:Z" \
+  docker.io/library/postgres:16
+
+podman generate systemd \
+  --new \
+  --name $CONTAINER_DB \
+  --files --restart-policy always --container-prefix=$CONTAINER_PREFIX > /dev/null
+
+mv $CONTAINER_PREFIX-$CONTAINER_DB.service $USER_SYSTEMD
+systemctl --user daemon-reload
+systemctl --user enable --now $CONTAINER_PREFIX-$CONTAINER_DB.service
+echo "Wait for PostgreSQL..."
+until podman exec $CONTAINER_DB pg_isready -U "$DB_USER" -d "$DB_NAME" > /dev/null 2>&1; do
+  sleep 2
+done
+echo "PostgreSQL ready"
+
+podman create \
+    --name $CONTAINER_GITEA \
+    --network $NETWORK \
+    --restart=always \
+    -p $PORT_WEB:3000 \
+    -p $PORT_SSH:22 \
+    -v $DATA_FOLDER:/data \
+    -e GITEA__database__DB_TYPE=postgres \
+    -e GITEA__database__HOST=$HOST_DB:$PORT_DB \
+    -e GITEA__database__NAME=$DB_NAME \
+    -e GITEA__database__USER=$DB_USER \
+    -e GITEA__database__PASSWD=$DB_PASSWORD \
+    -v /etc/timezone:/etc/timezone:ro \
+    -v /etc/localtime:/etc/localtime:ro \
+    docker.gitea.com/gitea:latest
+
+podman generate systemd \
+    --new \
+    --name $CONTAINER_GITEA \
+    --files \
+    --container-prefix=$CONTAINER_PREFIX \
+    --restart-policy=always
+
+sed -i "/^\[Unit\]/a After=$CONTAINER_PREFIX-$CONTAINER_DB.service \nRequires=$CONTAINER_PREFIX-$CONTAINER_DB.service" $CONTAINER_PREFIX-$CONTAINER_GITEA.service
+
+mv $CONTAINER_PREFIX-$CONTAINER_GITEA.service $USER_SYSTEMD
+systemctl --user daemon-reload
+systemctl --user enable --now $CONTAINER_PREFIX-$CONTAINER_GITEA.service
+
+sudo loginctl enable-linger $USER
+
+# generate haproxy blocks
+sudo mkdir -p $SERVICE_DIR
+echo "crt $SSL_PATH/fullchain.pem" | sudo tee $SERVICE_DIR/cert.block > /dev/null
+ACL_CFG=$(cat <<EOF
+acl is_gitee hdr(host) -i $DOMAIN
+use_backend gitee_backend if is_gitee
+EOF
+)
+echo "$ACL_CFG" | sudo tee $SERVICE_DIR/acl.block > /dev/null
+BACKEND_CFG=$(cat <<EOF
+backend gitee_backend
+    mode http
+    option httpchk GET /
+    option forwardfor
+    # Set the Source IP in the X-Real-IP header
+    http-request set-header X-Real-IP %[src]
+    server vwhttp 127.0.0.1:$PORT_WEB alpn http/1.1 check
+EOF
+)
+echo "$BACKEND_CFG" | sudo tee $SERVICE_DIR/backend.block > /dev/null
+
+echo "Deploy completed, manually run haproxy to generate new config."
+
+# on local, allow ufw port from wireguard
+echo "Manually config backup remote."

gitea/env.sh

@@ -0,0 +1,31 @@
+EMAIL=""
+
+CONTAINER_GITEA="gitea"
+CONTAINER_DB="gitea-postgres"
+CONTAINER_PREFIX="gitea"
+
+NETWORK="gitea_net"
+
+PORT_WEB="3000"
+PORT_SSH="2222"
+PORT_DB="5433"
+HOST_DB="host.containers.internal"
+DB_USER="gitea"
+DB_PASSWORD="gitea"
+DB_NAME="gitea"
+
+
+GITEA_FOLDER="$HOME/.local/share/gitee"
+DATA_FOLDER="$GITEA_FOLDER/data"
+DB_FOLDER="$GITEA_FOLDER/db"
+
+
+DOMAIN="codedev.jamesvillage.dev"
+SSL_PATH=$HOME/.config/ssl/$DOMAIN
+
+
+USER_SYSTEMD="$HOME/.config/systemd/user"
+HAPROXY_CFG_DIR="/etc/haproxy"
+HAPROXY_CFG="$HAPROXY_CFG_DIR/haproxy.cfg"
+SERVICE_DIR="$HAPROXY_CFG_DIR/services/$DOMAIN"
+BACKUP_REMOTE=""

gitea/uninstall.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+. ./env.sh
+
+if systemctl --user list-units --full --all | grep -q "${CONTAINER_PREFIX}-${CONTAINER_NAME}.service"; then
+  systemctl --user stop ${CONTAINER_PREFIX}-${CONTAINER_NAME}.service
+fi
+
+if podman container exists "$CONTAINER_NAME"; then
+    echo "Stop and delete existing container $CONTAINER_NAME"
+    if podman inspect -f '{{.State.Running}}' "$CONTAINER_NAME" | grep -q true; then
+        podman stop "$CONTAINER_NAME"
+    fi
+    podman rm "$CONTAINER_NAME"
+fi
+
+systemctl --user disable --now ${CONTAINER_PREFIX}-$CONTAINER_NAME.service
+rm $USER_SYSTEMD/${CONTAINER_PREFIX}-$CONTAINER_NAME.service
+systemctl --user daemon-reload
+
+# sudo rm -r $SERVICE_DIR
+# crontab -l | grep -v "$VW_FOLDER/$BACKUP_FILE" | crontab -
+
+echo "Uninstall complete. Manually run haproxy config to rebuild config. Manually remove data directory
+  - $GITEA_FOLDER
+  - $HOME/.local/backup/$CONTAINER_NAME
+if needed."