tliu93/linux-install-helper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: tliu93:4b7e62cb444a2bdc7b44efd4009134c70a3643b8
Branches Tags
tliu93:master
..
compare: tliu93:99264fdd5557daebedcf57bd5b07961167686d2d
Branches Tags
tliu93:master

10 Commits
4b7e62cb44 ... 99264fdd55

Author SHA1 Message Date
Tianyu Liu
99264fdd55 For some reason gitea container needs to use non 22 port 2025-05-16 11:39:33 +02:00
Tianyu Liu
1a73b30ac7 userns 2025-05-15 20:38:59 +02:00
Tianyu Liu
68794a2e77 db can keep id no problem 2025-05-15 20:26:41 +02:00
Tianyu Liu
0f2b96ebee Merge remote-tracking branch 'origin/master' 2025-05-15 17:49:30 +02:00
Tianyu Liu
f52531eeb2 full 2025-05-15 17:49:01 +02:00
Tianyu Liu
fba074bb00 should be working gitea 2025-05-15 17:48:49 +02:00
Tianyu Liu
dcce27f1b7 no keep userns 2025-05-15 17:06:10 +02:00
Tianyu Liu
e75e5e0e37 keep user ns 2025-05-15 16:57:36 +02:00
Tianyu Liu
6ea7247613 first working version of gitea, now to add backup 2025-05-15 16:05:21 +02:00
Tianyu Liu
461d6b8bb6 use variable 2025-05-15 16:05:09 +02:00
6 changed files with 300 additions and 4 deletions
Expand all files Collapse all files

9
affine/deploy.sh
View File

@@ -48,14 +48,15 @@ podman create \
podman generate systemd \ podman generate systemd \
--new \ --new \
--name $CONTAINER_REDIS \ --name $CONTAINER_REDIS \
--files --restart-policy always --container-prefix=affine > /dev/null --files --restart-policy always --container-prefix=$CONTAINER_PREFIX > /dev/null
mv $CONTAINER_PREFIX-$CONTAINER_REDIS.service ./systemd-units/ mv $CONTAINER_PREFIX-$CONTAINER_REDIS.service ./systemd-units/
podman create \ podman create \
--name $CONTAINER_POSTGRES \ --name $CONTAINER_POSTGRES \
--network $NETWORK \ --network $NETWORK \
-p $DATABASE_PORT:$DATABASE_PORT \ --userns keep-id \
-p $DATABASE_PORT:5432 \
-e POSTGRES_USER=$DB_USERNAME \ -e POSTGRES_USER=$DB_USERNAME \
-e POSTGRES_PASSWORD=$DB_PASSWORD \ -e POSTGRES_PASSWORD=$DB_PASSWORD \
-e POSTGRES_DB=$DB_DATABASE \ -e POSTGRES_DB=$DB_DATABASE \
@@ -66,7 +67,7 @@ podman create \
podman generate systemd \ podman generate systemd \
--new \ --new \
--name $CONTAINER_POSTGRES \ --name $CONTAINER_POSTGRES \
--files --restart-policy always --container-prefix=affine > /dev/null --files --restart-policy always --container-prefix=$CONTAINER_PREFIX > /dev/null
mv $CONTAINER_PREFIX-$CONTAINER_POSTGRES.service ./systemd-units/ mv $CONTAINER_PREFIX-$CONTAINER_POSTGRES.service ./systemd-units/
mkdir -p $USER_SYSTEMD mkdir -p $USER_SYSTEMD
@@ -115,7 +116,7 @@ podman create \
podman generate systemd \ podman generate systemd \
--new \ --new \
--name $CONTAINER_SERVER \ --name $CONTAINER_SERVER \
--files --restart-policy always --container-prefix=affine > /dev/null --files --restart-policy always --container-prefix=$CONTAINER_PREFIX > /dev/null
mv $CONTAINER_PREFIX-$CONTAINER_SERVER.service ./systemd-units/ mv $CONTAINER_PREFIX-$CONTAINER_SERVER.service ./systemd-units/
sed -i "/^\[Unit\]/a After=$CONTAINER_PREFIX-$CONTAINER_POSTGRES.service $CONTAINER_PREFIX-$CONTAINER_REDIS.service\nRequires=$CONTAINER_PREFIX-$CONTAINER_POSTGRES.service $CONTAINER_PREFIX-$CONTAINER_REDIS.service" ./systemd-units/$CONTAINER_PREFIX-$CONTAINER_SERVER.service sed -i "/^\[Unit\]/a After=$CONTAINER_PREFIX-$CONTAINER_POSTGRES.service $CONTAINER_PREFIX-$CONTAINER_REDIS.service\nRequires=$CONTAINER_PREFIX-$CONTAINER_POSTGRES.service $CONTAINER_PREFIX-$CONTAINER_REDIS.service" ./systemd-units/$CONTAINER_PREFIX-$CONTAINER_SERVER.service

39
gitea/backup.sh Executable file
View File

@@ -0,0 +1,39 @@
#!/bin/bash
# Note: use rclone for backup, needs manually configuration.
export XDG_RUNTIME_DIR="/run/user/$(id -u)"
export DBUS_SESSION_BUS_ADDRESS="unix:path=$XDG_RUNTIME_DIR/bus"
DATA=""
CONFIG=""
DB=""
LOCAL_BACKUP="$HOME/.local/backup"
REMOTE=""
DB_USERNAME=""
DB_PASSWORD=""
DB_DATABASE=""
CONTAINER_DB=""
SERVICE_GITEA=""
STAGING_DIR=$(mktemp -d)
mkdir -p $LOCAL_BACKUP
DATE=$(date +%F-%H-%M-%S)
BACKUP_NAME="backup_$DATE.tar.gz"
systemctl --user stop $SERVICE_GITEA
podman exec $CONTAINER_DB pg_dump -U $DB_USERNAME -F c -d $DB_DATABASE > $STAGING_DIR/db.dump
cp -r "$DATA" "$STAGING_DIR/data"
cp -r "$CONFIG" "$STAGING_DIR/config"
cp -r "$DB" "$STAGING_DIR/db"
tar -czf "$LOCAL_BACKUP/$BACKUP_NAME" -C "$STAGING_DIR" .
ls -1t "$LOCAL_BACKUP"/backup_*.tar.gz | tail -n +6 | xargs -r rm --
/usr/bin/rclone sync $LOCAL_BACKUP $REMOTE > /dev/null
rm -rf $STAGING_DIR
systemctl --user start $SERVICE_GITEA

34
gitea/compose_example.yml Normal file
View File

@@ -0,0 +1,34 @@
version: "2"
services:
server:
image: docker.gitea.com/gitea:1.23.7-rootless
restart: always
environment:
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=db:5432
- GITEA__database__NAME=gitea
- GITEA__database__USER=gitea
- GITEA__database__PASSWD=gitea
volumes:
- ./data:/var/lib/gitea
- ./config:/etc/gitea
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2222:2222"
depends_on:
- db
db:
image: docker.io/library/postgres:14
restart: always
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
networks:
- gitea
volumes:
- ./postgres:/var/lib/postgresql/data

146
gitea/deploy.sh Executable file
View File

@@ -0,0 +1,146 @@
#!/bin/bash
. ./env.sh
set -e
services=("$CONTAINER_PREFIX-$CONTAINER_GITEA.service"
"$CONTAINER_PREFIX-$CONTAINER_DB.service"
)
for service in "${services[@]}"; do
if systemctl --user list-units --full --all | grep -q "$service"; then
echo "Stopping $service..."
systemctl --user stop $service
echo "$service stopped."
fi
done
containers=(
"$CONTAINER_GITEA"
"$CONTAINER_DB"
)
for container in "${containers[@]}"; do
if podman container exists "$container"; then
echo "Stop and delete existing container $container"
if podman inspect -f '{{.State.Running}}' "$container" | grep -q true; then
podman stop "$container"
fi
podman rm "$container"
fi
done
if ! podman network exists $NETWORK; then
podman network create $NETWORK
fi
mkdir -p $DATA_FOLDER
mkdir -p $CONFIG_FOLDER
mkdir -p $DB_FOLDER
mkdir -p $USER_SYSTEMD
podman create \
--name $CONTAINER_DB \
--network $NETWORK \
--userns=keep-id \
--restart=always \
-p $PORT_DB:5432 \
-e POSTGRES_USER=$DB_USER \
-e POSTGRES_PASSWORD=$DB_PASSWORD \
-e POSTGRES_DB=$DB_NAME \
-e POSTGRES_HOST_AUTH_METHOD=trust \
-v "$DB_FOLDER:/var/lib/postgresql/data:Z" \
docker.io/library/postgres:16
podman generate systemd \
--new \
--name $CONTAINER_DB \
--files --restart-policy always --container-prefix=$CONTAINER_PREFIX > /dev/null
mv $CONTAINER_PREFIX-$CONTAINER_DB.service $USER_SYSTEMD
systemctl --user daemon-reload
systemctl --user enable --now $CONTAINER_PREFIX-$CONTAINER_DB.service
echo "Wait for PostgreSQL..."
until podman exec $CONTAINER_DB pg_isready -U "$DB_USER" -d "$DB_NAME" > /dev/null 2>&1; do
sleep 2
done
echo "PostgreSQL ready"
podman create \
--name $CONTAINER_GITEA \
--network $NETWORK \
--restart=always \
--userns=keep-id \
-p $PORT_WEB:3000 \
-p $PORT_SSH:2222 \
-v $DATA_FOLDER:/var/lib/gitea \
-v $CONFIG_FOLDER:/etc/gitea \
-e USER_UID=1000 \
-e USER_GID=1000 \
-e GITEA__database__DB_TYPE=postgres \
-e GITEA__database__HOST=$HOST_DB:$PORT_DB \
-e GITEA__database__NAME=$DB_NAME \
-e GITEA__database__USER=$DB_USER \
-e GITEA__database__PASSWD=$DB_PASSWORD \
-v /etc/timezone:/etc/timezone:ro \
-v /etc/localtime:/etc/localtime:ro \
docker.gitea.com/gitea:latest-rootless
podman generate systemd \
--new \
--name $CONTAINER_GITEA \
--files \
--container-prefix=$CONTAINER_PREFIX \
--restart-policy=always
sed -i "/^\[Unit\]/a After=$CONTAINER_PREFIX-$CONTAINER_DB.service \nRequires=$CONTAINER_PREFIX-$CONTAINER_DB.service" $CONTAINER_PREFIX-$CONTAINER_GITEA.service
mv $CONTAINER_PREFIX-$CONTAINER_GITEA.service $USER_SYSTEMD
systemctl --user daemon-reload
systemctl --user enable --now $CONTAINER_PREFIX-$CONTAINER_GITEA.service
sudo loginctl enable-linger $USER
# generate haproxy blocks
sudo mkdir -p $SERVICE_DIR
echo "crt $SSL_PATH/fullchain.pem" | sudo tee $SERVICE_DIR/cert.block > /dev/null
ACL_CFG=$(cat <<EOF
acl is_gitee hdr(host) -i $DOMAIN
use_backend gitee_backend if is_gitee
EOF
)
echo "$ACL_CFG" | sudo tee $SERVICE_DIR/acl.block > /dev/null
BACKEND_CFG=$(cat <<EOF
backend gitee_backend
mode http
option httpchk GET /
option forwardfor
# Set the Source IP in the X-Real-IP header
http-request set-header X-Real-IP %[src]
server vwhttp 127.0.0.1:$PORT_WEB alpn http/1.1 check
EOF
)
echo "$BACKEND_CFG" | sudo tee $SERVICE_DIR/backend.block > /dev/null
echo "Generate backup script"
BACKUP_FILE="gitea_backup.sh"
cp backup.sh $BACKUP_FILE
sed -i "s|^DATA=\"\"|DATA=\"$DATA_FOLDER\"|" "$BACKUP_FILE"
sed -i "s|^CONFIG=\"\"|CONFIG=\"$CONFIG_FOLDER\"|" "$BACKUP_FILE"
sed -i "s|^DB=\"\"|DB=\"$DB_FOLDER\"|" "$BACKUP_FILE"
sed -i "s|^DB_USERNAME=\"\"|DB_USERNAME=\"$DB_USER\"|" "$BACKUP_FILE"
sed -i "s|^DB_DATABASE=\"\"|DB_DATABASE=\"$DB_NAME\"|" "$BACKUP_FILE"
sed -i "s|^DB_PASSWORD=\"\"|DB_PASSWORD=\"$DB_PASSWORD\"|" "$BACKUP_FILE"
sed -i "s|^LOCAL_BACKUP=\"\$HOME/.local/backup\"|LOCAL_BACKUP=\"\$HOME/.local/backup/$CONTAINER_PREFIX\"|" "$BACKUP_FILE"
sed -i "s|^CONTAINER_DB=\"\"|CONTAINER_DB=\"$CONTAINER_DB\"|" "$BACKUP_FILE"
sed -i "s|^REMOTE=\"\"|REMOTE=\"$BACKUP_REMOTE\"|" "$BACKUP_FILE"
sed -i "s|^SERVICE_GITEA=\"\"|SERVICE_GITEA=\"${CONTAINER_PREFIX}-${CONTAINER_GITEA}.service\"|" "$BACKUP_FILE"
mv $BACKUP_FILE $GITEA_FOLDER
echo "Backup script generated at $GITEA_FOLDER/$BACKUP_FILE"
echo "Backup script will be run every day at 2:00 AM"
crontab -l | grep -v "$GITEA_FOLDER/$BACKUP_FILE" | crontab -
(crontab -l 2>/dev/null; echo "0 2 * * * $GITEA_FOLDER/$BACKUP_FILE") | crontab -
echo "Backup script added to crontab"
echo "Deploy completed, manually run haproxy to generate new config."

33
gitea/env.sh Normal file
View File

@@ -0,0 +1,33 @@
EMAIL=""
CONTAINER_GITEA="gitea"
CONTAINER_DB="gitea_postgres"
CONTAINER_PREFIX="gitea"
NETWORK="gitea_net"
PORT_WEB="3000"
PORT_SSH="2222"
PORT_DB="5433"
HOST_DB="host.containers.internal"
DB_USER="gitea"
DB_PASSWORD="gitea"
DB_NAME="gitea"
GITEA_FOLDER="$HOME/.local/share/gitee"
DATA_FOLDER="$GITEA_FOLDER/data"
CONFIG_FOLDER="$GITEA_FOLDER/config"
DB_FOLDER="$GITEA_FOLDER/db"
BACKUP_REMOTE="onedrive-tianyu:Backups/gitea"
DOMAIN="codedev.jamesvillage.dev"
SSL_PATH=$HOME/.config/ssl/$DOMAIN
USER_SYSTEMD="$HOME/.config/systemd/user"
HAPROXY_CFG_DIR="/etc/haproxy"
HAPROXY_CFG="$HAPROXY_CFG_DIR/haproxy.cfg"
SERVICE_DIR="$HAPROXY_CFG_DIR/services/$DOMAIN"

43
gitea/uninstall.sh Executable file
View File

@@ -0,0 +1,43 @@
#!/bin/bash
. ./env.sh
services=("$CONTAINER_PREFIX-$CONTAINER_GITEA.service"
"$CONTAINER_PREFIX-$CONTAINER_DB.service"
)
for service in "${services[@]}"; do
if systemctl --user list-units --full --all | grep -q "$service"; then
echo "Stopping $service..."
systemctl --user stop $service
echo "$service stopped."
fi
done
containers=(
"$CONTAINER_GITEA"
"$CONTAINER_DB"
)
for container in "${containers[@]}"; do
if podman container exists "$container"; then
echo "Stop and delete existing container $container"
if podman inspect -f '{{.State.Running}}' "$container" | grep -q true; then
podman stop "$container"
fi
podman rm "$container"
fi
done
for service in "${services[@]}"; do
systemctl --user disable --now $service
rm $USER_SYSTEMD/$service
done
sudo rm -r $SERVICE_DIR
crontab -l | grep -v "$GITEA_FOLDER/$BACKUP_FILE" | crontab -
echo "Uninstall complete. Manually run haproxy config to rebuild config. Manually remove data directory
- $GITEA_FOLDER
- $HOME/.local/backup/$CONTAINER_NAME
if needed."