WIP gitea setup - untested

single-dockerfile
Jonathan Dahan 3 years ago committed by Trammell Hudson
parent 9d9087e4b0
commit b328453644
  1. 5
      README.md
  2. 2
      env.production
  3. 26
      gitea/docker-compose.yaml
  4. 54
      gitea/setup
  5. 1
      html/index.html
  6. 42
      nginx/nginx/templates/git.conf.template

@ -15,8 +15,5 @@ apt install jq docker-compose
``` ```
./keycloak/setup ./keycloak/setup
./nginx/setup ./nginx/setup
./hedgedoc/setup ./start-all
./nextcloud/setup
./mastodon/setup
./grafana/setup
``` ```

@ -6,5 +6,5 @@ HEDGEDOC_HOSTNAME=docs.hackerspace.zone
MASTODON_HOSTNAME=social.hackerspace.zone MASTODON_HOSTNAME=social.hackerspace.zone
NEXTCLOUD_HOSTNAME=cloud.hackerspace.zone NEXTCLOUD_HOSTNAME=cloud.hackerspace.zone
GRAFANA_HOSTNAME=dashboard.hackerspace.zone GRAFANA_HOSTNAME=dashboard.hackerspace.zone
GITLAB_HOSTNAME=git.hackerspace.zone GITEA_HOSTNAME=git.hackerspace.zone
MATRIX_HOSTNAME=matrix.hackerspace.zone MATRIX_HOSTNAME=matrix.hackerspace.zone

@ -0,0 +1,26 @@
version: "3"
networks:
gitea:
external: false
services:
gitea:
image: gitea/gitea:1.16.6
env_file:
- ../env.production
- env.production
- env.secrets
environment:
- USER_UID=1000
- USER_GID=1000
networks:
- gitea
volumes:
- ./data/gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3030:3000"
- "222:22"
restart: always

@ -0,0 +1,54 @@
#!/bin/bash
set -euo pipefail
die() { echo >&2 "$@" ; exit 1 ; }
DIRNAME="$(dirname $0)"
cd "$DIRNAME"
docker-compose down
../keycloak/client-delete gitea
GITEA_CLIENT_SECRET="$(openssl rand -hex 32)"
rm -f env.secrets
cat <<EOF > env.secrets
# DO NOT CHECK IN
#GITEA_CLIENT_SECRET=$GITEA_CLIENT_SECRET
EOF
../keycloak/client-create <<EOF || die "unable to create gitea client"
{
"clientId": "gitea",
"rootUrl": "https://$GITEA_HOSTNAME",
"adminUrl": "https://$GITEA_HOSTNAME",
"redirectUris": [ "https://$GITEA_HOSTNAME/*" ],
"webOrigins": [ "https://$GITEA_HOSTNAME" ]
"clientAuthenticatorType": "client-secret",
"secret": "$GITEA_CLIENT_SECRET"
}
EOF
docker-compose up -d || die "unable to start container"
echo SLEEPING
sleep 30
test -f ./data/app.ini || die "missing data/app.ini"
grep --quiet '\[openid\]' ./data/app.ini || {
echo <<EOF >>./data/app.ini || die "unable to enable OpenID in app.ini"
;service]
; Only allow registering via OpenID
;DISABLE_REGISTRATION = false
;ALLOW_ONLY_EXTERNAL_REGISTRATION = true
[openid]
; do not allow signin to local users via OpenID
ENABLE_OPENID_SIGNIN = false
; allow creation of new users via OpenID
ENABLE_OPENID_SIGNUP = true
EOF
}
echo "TODO: Configure openID by visiting login.${DOMAIN_NAME}/

@ -8,6 +8,7 @@ An easy to install set of self-hosted, single-sign-on, open-source services.
<li><a href="https://social.hackerspace.zone/">mastodon</a>: federated social media <li><a href="https://social.hackerspace.zone/">mastodon</a>: federated social media
<li><a href="https://cloud.hackerspace.zone/">nextcloud</a>: self hosted documents and calendaring <li><a href="https://cloud.hackerspace.zone/">nextcloud</a>: self hosted documents and calendaring
<li><a href="https://dashboard.hackerspace.zone/">grafana</a>: dashboards and statistic collection <li><a href="https://dashboard.hackerspace.zone/">grafana</a>: dashboards and statistic collection
<li><a href="https://git.hackerspace.zone/">gitea</a>: git repository hosting
<li><a href="https://login.hackerspace.zone/">keycloak</a>: user management and single sign on for the domain <li><a href="https://login.hackerspace.zone/">keycloak</a>: user management and single sign on for the domain
</ul> </ul>

@ -0,0 +1,42 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name ${GITEA_HOSTNAME};
client_max_body_size 128m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
gzip on;
gzip_disable "msie6";
proxy_read_timeout 1800s;
location / {
proxy_pass http://host.docker.internal:3030;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# login with OIDC
location /user/login {
return 302 https://login.hackerspace.zone/;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
include /etc/nginx/includes/options-ssl-nginx.conf;
include /etc/nginx/includes/challenge.conf;
ssl_dhparam /etc/nginx/includes/ssl-dhparams.pem;
}
Loading…
Cancel
Save