Compare commits
10 Commits
4b7e62cb44
...
99264fdd55
| Author | SHA1 | Date | |
|---|---|---|---|
| 99264fdd55 | |||
| 1a73b30ac7 | |||
| 68794a2e77 | |||
| 0f2b96ebee | |||
| f52531eeb2 | |||
| fba074bb00 | |||
| dcce27f1b7 | |||
| e75e5e0e37 | |||
| 6ea7247613 | |||
| 461d6b8bb6 |
@@ -48,14 +48,15 @@ podman create \
|
||||
podman generate systemd \
|
||||
--new \
|
||||
--name $CONTAINER_REDIS \
|
||||
--files --restart-policy always --container-prefix=affine > /dev/null
|
||||
--files --restart-policy always --container-prefix=$CONTAINER_PREFIX > /dev/null
|
||||
mv $CONTAINER_PREFIX-$CONTAINER_REDIS.service ./systemd-units/
|
||||
|
||||
|
||||
podman create \
|
||||
--name $CONTAINER_POSTGRES \
|
||||
--network $NETWORK \
|
||||
-p $DATABASE_PORT:$DATABASE_PORT \
|
||||
--userns keep-id \
|
||||
-p $DATABASE_PORT:5432 \
|
||||
-e POSTGRES_USER=$DB_USERNAME \
|
||||
-e POSTGRES_PASSWORD=$DB_PASSWORD \
|
||||
-e POSTGRES_DB=$DB_DATABASE \
|
||||
@@ -66,7 +67,7 @@ podman create \
|
||||
podman generate systemd \
|
||||
--new \
|
||||
--name $CONTAINER_POSTGRES \
|
||||
--files --restart-policy always --container-prefix=affine > /dev/null
|
||||
--files --restart-policy always --container-prefix=$CONTAINER_PREFIX > /dev/null
|
||||
mv $CONTAINER_PREFIX-$CONTAINER_POSTGRES.service ./systemd-units/
|
||||
|
||||
mkdir -p $USER_SYSTEMD
|
||||
@@ -115,7 +116,7 @@ podman create \
|
||||
podman generate systemd \
|
||||
--new \
|
||||
--name $CONTAINER_SERVER \
|
||||
--files --restart-policy always --container-prefix=affine > /dev/null
|
||||
--files --restart-policy always --container-prefix=$CONTAINER_PREFIX > /dev/null
|
||||
mv $CONTAINER_PREFIX-$CONTAINER_SERVER.service ./systemd-units/
|
||||
sed -i "/^\[Unit\]/a After=$CONTAINER_PREFIX-$CONTAINER_POSTGRES.service $CONTAINER_PREFIX-$CONTAINER_REDIS.service\nRequires=$CONTAINER_PREFIX-$CONTAINER_POSTGRES.service $CONTAINER_PREFIX-$CONTAINER_REDIS.service" ./systemd-units/$CONTAINER_PREFIX-$CONTAINER_SERVER.service
|
||||
|
||||
|
||||
39
gitea/backup.sh
Executable file
39
gitea/backup.sh
Executable file
@@ -0,0 +1,39 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Note: use rclone for backup, needs manually configuration.
|
||||
|
||||
export XDG_RUNTIME_DIR="/run/user/$(id -u)"
|
||||
export DBUS_SESSION_BUS_ADDRESS="unix:path=$XDG_RUNTIME_DIR/bus"
|
||||
|
||||
DATA=""
|
||||
CONFIG=""
|
||||
DB=""
|
||||
LOCAL_BACKUP="$HOME/.local/backup"
|
||||
REMOTE=""
|
||||
DB_USERNAME=""
|
||||
DB_PASSWORD=""
|
||||
DB_DATABASE=""
|
||||
CONTAINER_DB=""
|
||||
SERVICE_GITEA=""
|
||||
|
||||
STAGING_DIR=$(mktemp -d)
|
||||
mkdir -p $LOCAL_BACKUP
|
||||
DATE=$(date +%F-%H-%M-%S)
|
||||
BACKUP_NAME="backup_$DATE.tar.gz"
|
||||
|
||||
systemctl --user stop $SERVICE_GITEA
|
||||
podman exec $CONTAINER_DB pg_dump -U $DB_USERNAME -F c -d $DB_DATABASE > $STAGING_DIR/db.dump
|
||||
|
||||
cp -r "$DATA" "$STAGING_DIR/data"
|
||||
cp -r "$CONFIG" "$STAGING_DIR/config"
|
||||
cp -r "$DB" "$STAGING_DIR/db"
|
||||
tar -czf "$LOCAL_BACKUP/$BACKUP_NAME" -C "$STAGING_DIR" .
|
||||
|
||||
ls -1t "$LOCAL_BACKUP"/backup_*.tar.gz | tail -n +6 | xargs -r rm --
|
||||
|
||||
|
||||
/usr/bin/rclone sync $LOCAL_BACKUP $REMOTE > /dev/null
|
||||
|
||||
rm -rf $STAGING_DIR
|
||||
|
||||
systemctl --user start $SERVICE_GITEA
|
||||
34
gitea/compose_example.yml
Normal file
34
gitea/compose_example.yml
Normal file
@@ -0,0 +1,34 @@
|
||||
version: "2"
|
||||
|
||||
services:
|
||||
server:
|
||||
image: docker.gitea.com/gitea:1.23.7-rootless
|
||||
restart: always
|
||||
environment:
|
||||
- GITEA__database__DB_TYPE=postgres
|
||||
- GITEA__database__HOST=db:5432
|
||||
- GITEA__database__NAME=gitea
|
||||
- GITEA__database__USER=gitea
|
||||
- GITEA__database__PASSWD=gitea
|
||||
volumes:
|
||||
- ./data:/var/lib/gitea
|
||||
- ./config:/etc/gitea
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
- "3000:3000"
|
||||
- "2222:2222"
|
||||
depends_on:
|
||||
- db
|
||||
|
||||
db:
|
||||
image: docker.io/library/postgres:14
|
||||
restart: always
|
||||
environment:
|
||||
- POSTGRES_USER=gitea
|
||||
- POSTGRES_PASSWORD=gitea
|
||||
- POSTGRES_DB=gitea
|
||||
networks:
|
||||
- gitea
|
||||
volumes:
|
||||
- ./postgres:/var/lib/postgresql/data
|
||||
146
gitea/deploy.sh
Executable file
146
gitea/deploy.sh
Executable file
@@ -0,0 +1,146 @@
|
||||
#!/bin/bash
|
||||
|
||||
. ./env.sh
|
||||
|
||||
set -e
|
||||
|
||||
services=("$CONTAINER_PREFIX-$CONTAINER_GITEA.service"
|
||||
"$CONTAINER_PREFIX-$CONTAINER_DB.service"
|
||||
)
|
||||
|
||||
for service in "${services[@]}"; do
|
||||
if systemctl --user list-units --full --all | grep -q "$service"; then
|
||||
echo "Stopping $service..."
|
||||
systemctl --user stop $service
|
||||
echo "$service stopped."
|
||||
fi
|
||||
done
|
||||
|
||||
containers=(
|
||||
"$CONTAINER_GITEA"
|
||||
"$CONTAINER_DB"
|
||||
)
|
||||
|
||||
for container in "${containers[@]}"; do
|
||||
if podman container exists "$container"; then
|
||||
echo "Stop and delete existing container $container"
|
||||
if podman inspect -f '{{.State.Running}}' "$container" | grep -q true; then
|
||||
podman stop "$container"
|
||||
fi
|
||||
podman rm "$container"
|
||||
fi
|
||||
done
|
||||
|
||||
if ! podman network exists $NETWORK; then
|
||||
podman network create $NETWORK
|
||||
fi
|
||||
|
||||
mkdir -p $DATA_FOLDER
|
||||
mkdir -p $CONFIG_FOLDER
|
||||
mkdir -p $DB_FOLDER
|
||||
mkdir -p $USER_SYSTEMD
|
||||
|
||||
podman create \
|
||||
--name $CONTAINER_DB \
|
||||
--network $NETWORK \
|
||||
--userns=keep-id \
|
||||
--restart=always \
|
||||
-p $PORT_DB:5432 \
|
||||
-e POSTGRES_USER=$DB_USER \
|
||||
-e POSTGRES_PASSWORD=$DB_PASSWORD \
|
||||
-e POSTGRES_DB=$DB_NAME \
|
||||
-e POSTGRES_HOST_AUTH_METHOD=trust \
|
||||
-v "$DB_FOLDER:/var/lib/postgresql/data:Z" \
|
||||
docker.io/library/postgres:16
|
||||
|
||||
podman generate systemd \
|
||||
--new \
|
||||
--name $CONTAINER_DB \
|
||||
--files --restart-policy always --container-prefix=$CONTAINER_PREFIX > /dev/null
|
||||
|
||||
mv $CONTAINER_PREFIX-$CONTAINER_DB.service $USER_SYSTEMD
|
||||
systemctl --user daemon-reload
|
||||
systemctl --user enable --now $CONTAINER_PREFIX-$CONTAINER_DB.service
|
||||
echo "Wait for PostgreSQL..."
|
||||
until podman exec $CONTAINER_DB pg_isready -U "$DB_USER" -d "$DB_NAME" > /dev/null 2>&1; do
|
||||
sleep 2
|
||||
done
|
||||
echo "PostgreSQL ready"
|
||||
|
||||
podman create \
|
||||
--name $CONTAINER_GITEA \
|
||||
--network $NETWORK \
|
||||
--restart=always \
|
||||
--userns=keep-id \
|
||||
-p $PORT_WEB:3000 \
|
||||
-p $PORT_SSH:2222 \
|
||||
-v $DATA_FOLDER:/var/lib/gitea \
|
||||
-v $CONFIG_FOLDER:/etc/gitea \
|
||||
-e USER_UID=1000 \
|
||||
-e USER_GID=1000 \
|
||||
-e GITEA__database__DB_TYPE=postgres \
|
||||
-e GITEA__database__HOST=$HOST_DB:$PORT_DB \
|
||||
-e GITEA__database__NAME=$DB_NAME \
|
||||
-e GITEA__database__USER=$DB_USER \
|
||||
-e GITEA__database__PASSWD=$DB_PASSWORD \
|
||||
-v /etc/timezone:/etc/timezone:ro \
|
||||
-v /etc/localtime:/etc/localtime:ro \
|
||||
docker.gitea.com/gitea:latest-rootless
|
||||
|
||||
podman generate systemd \
|
||||
--new \
|
||||
--name $CONTAINER_GITEA \
|
||||
--files \
|
||||
--container-prefix=$CONTAINER_PREFIX \
|
||||
--restart-policy=always
|
||||
|
||||
sed -i "/^\[Unit\]/a After=$CONTAINER_PREFIX-$CONTAINER_DB.service \nRequires=$CONTAINER_PREFIX-$CONTAINER_DB.service" $CONTAINER_PREFIX-$CONTAINER_GITEA.service
|
||||
|
||||
mv $CONTAINER_PREFIX-$CONTAINER_GITEA.service $USER_SYSTEMD
|
||||
systemctl --user daemon-reload
|
||||
systemctl --user enable --now $CONTAINER_PREFIX-$CONTAINER_GITEA.service
|
||||
|
||||
sudo loginctl enable-linger $USER
|
||||
|
||||
# generate haproxy blocks
|
||||
sudo mkdir -p $SERVICE_DIR
|
||||
echo "crt $SSL_PATH/fullchain.pem" | sudo tee $SERVICE_DIR/cert.block > /dev/null
|
||||
ACL_CFG=$(cat <<EOF
|
||||
acl is_gitee hdr(host) -i $DOMAIN
|
||||
use_backend gitee_backend if is_gitee
|
||||
EOF
|
||||
)
|
||||
echo "$ACL_CFG" | sudo tee $SERVICE_DIR/acl.block > /dev/null
|
||||
BACKEND_CFG=$(cat <<EOF
|
||||
backend gitee_backend
|
||||
mode http
|
||||
option httpchk GET /
|
||||
option forwardfor
|
||||
# Set the Source IP in the X-Real-IP header
|
||||
http-request set-header X-Real-IP %[src]
|
||||
server vwhttp 127.0.0.1:$PORT_WEB alpn http/1.1 check
|
||||
EOF
|
||||
)
|
||||
echo "$BACKEND_CFG" | sudo tee $SERVICE_DIR/backend.block > /dev/null
|
||||
|
||||
echo "Generate backup script"
|
||||
BACKUP_FILE="gitea_backup.sh"
|
||||
cp backup.sh $BACKUP_FILE
|
||||
sed -i "s|^DATA=\"\"|DATA=\"$DATA_FOLDER\"|" "$BACKUP_FILE"
|
||||
sed -i "s|^CONFIG=\"\"|CONFIG=\"$CONFIG_FOLDER\"|" "$BACKUP_FILE"
|
||||
sed -i "s|^DB=\"\"|DB=\"$DB_FOLDER\"|" "$BACKUP_FILE"
|
||||
sed -i "s|^DB_USERNAME=\"\"|DB_USERNAME=\"$DB_USER\"|" "$BACKUP_FILE"
|
||||
sed -i "s|^DB_DATABASE=\"\"|DB_DATABASE=\"$DB_NAME\"|" "$BACKUP_FILE"
|
||||
sed -i "s|^DB_PASSWORD=\"\"|DB_PASSWORD=\"$DB_PASSWORD\"|" "$BACKUP_FILE"
|
||||
sed -i "s|^LOCAL_BACKUP=\"\$HOME/.local/backup\"|LOCAL_BACKUP=\"\$HOME/.local/backup/$CONTAINER_PREFIX\"|" "$BACKUP_FILE"
|
||||
sed -i "s|^CONTAINER_DB=\"\"|CONTAINER_DB=\"$CONTAINER_DB\"|" "$BACKUP_FILE"
|
||||
sed -i "s|^REMOTE=\"\"|REMOTE=\"$BACKUP_REMOTE\"|" "$BACKUP_FILE"
|
||||
sed -i "s|^SERVICE_GITEA=\"\"|SERVICE_GITEA=\"${CONTAINER_PREFIX}-${CONTAINER_GITEA}.service\"|" "$BACKUP_FILE"
|
||||
mv $BACKUP_FILE $GITEA_FOLDER
|
||||
echo "Backup script generated at $GITEA_FOLDER/$BACKUP_FILE"
|
||||
echo "Backup script will be run every day at 2:00 AM"
|
||||
crontab -l | grep -v "$GITEA_FOLDER/$BACKUP_FILE" | crontab -
|
||||
(crontab -l 2>/dev/null; echo "0 2 * * * $GITEA_FOLDER/$BACKUP_FILE") | crontab -
|
||||
echo "Backup script added to crontab"
|
||||
|
||||
echo "Deploy completed, manually run haproxy to generate new config."
|
||||
33
gitea/env.sh
Normal file
33
gitea/env.sh
Normal file
@@ -0,0 +1,33 @@
|
||||
EMAIL=""
|
||||
|
||||
CONTAINER_GITEA="gitea"
|
||||
CONTAINER_DB="gitea_postgres"
|
||||
CONTAINER_PREFIX="gitea"
|
||||
|
||||
NETWORK="gitea_net"
|
||||
|
||||
PORT_WEB="3000"
|
||||
PORT_SSH="2222"
|
||||
PORT_DB="5433"
|
||||
HOST_DB="host.containers.internal"
|
||||
DB_USER="gitea"
|
||||
DB_PASSWORD="gitea"
|
||||
DB_NAME="gitea"
|
||||
|
||||
|
||||
GITEA_FOLDER="$HOME/.local/share/gitee"
|
||||
DATA_FOLDER="$GITEA_FOLDER/data"
|
||||
CONFIG_FOLDER="$GITEA_FOLDER/config"
|
||||
DB_FOLDER="$GITEA_FOLDER/db"
|
||||
|
||||
BACKUP_REMOTE="onedrive-tianyu:Backups/gitea"
|
||||
|
||||
|
||||
DOMAIN="codedev.jamesvillage.dev"
|
||||
SSL_PATH=$HOME/.config/ssl/$DOMAIN
|
||||
|
||||
|
||||
USER_SYSTEMD="$HOME/.config/systemd/user"
|
||||
HAPROXY_CFG_DIR="/etc/haproxy"
|
||||
HAPROXY_CFG="$HAPROXY_CFG_DIR/haproxy.cfg"
|
||||
SERVICE_DIR="$HAPROXY_CFG_DIR/services/$DOMAIN"
|
||||
43
gitea/uninstall.sh
Executable file
43
gitea/uninstall.sh
Executable file
@@ -0,0 +1,43 @@
|
||||
#!/bin/bash
|
||||
|
||||
. ./env.sh
|
||||
|
||||
services=("$CONTAINER_PREFIX-$CONTAINER_GITEA.service"
|
||||
"$CONTAINER_PREFIX-$CONTAINER_DB.service"
|
||||
)
|
||||
|
||||
for service in "${services[@]}"; do
|
||||
if systemctl --user list-units --full --all | grep -q "$service"; then
|
||||
echo "Stopping $service..."
|
||||
systemctl --user stop $service
|
||||
echo "$service stopped."
|
||||
fi
|
||||
done
|
||||
|
||||
containers=(
|
||||
"$CONTAINER_GITEA"
|
||||
"$CONTAINER_DB"
|
||||
)
|
||||
|
||||
for container in "${containers[@]}"; do
|
||||
if podman container exists "$container"; then
|
||||
echo "Stop and delete existing container $container"
|
||||
if podman inspect -f '{{.State.Running}}' "$container" | grep -q true; then
|
||||
podman stop "$container"
|
||||
fi
|
||||
podman rm "$container"
|
||||
fi
|
||||
done
|
||||
|
||||
for service in "${services[@]}"; do
|
||||
systemctl --user disable --now $service
|
||||
rm $USER_SYSTEMD/$service
|
||||
done
|
||||
|
||||
sudo rm -r $SERVICE_DIR
|
||||
crontab -l | grep -v "$GITEA_FOLDER/$BACKUP_FILE" | crontab -
|
||||
|
||||
echo "Uninstall complete. Manually run haproxy config to rebuild config. Manually remove data directory
|
||||
- $GITEA_FOLDER
|
||||
- $HOME/.local/backup/$CONTAINER_NAME
|
||||
if needed."
|
||||
Reference in New Issue
Block a user