From abcf6da71426e2462b802847edbe76863894a735 Mon Sep 17 00:00:00 2001
From: Julien Oculi <xdrz.jot.sr@gmail.com>
Date: Thu, 30 May 2024 11:59:27 +0200
Subject: [PATCH] feat: add `forgejo` install and deploy scripts

---
 forgejo/_deploy.sh              | 14 +++++++
 forgejo/_install.sh             | 43 +++++++++++++++++++++
 forgejo/systemd/forgejo.service | 68 +++++++++++++++++++++++++++++++++
 3 files changed, 125 insertions(+)
 create mode 100644 forgejo/_deploy.sh
 create mode 100644 forgejo/_install.sh
 create mode 100644 forgejo/systemd/forgejo.service

diff --git a/forgejo/_deploy.sh b/forgejo/_deploy.sh
new file mode 100644
index 0000000..356a0e8
--- /dev/null
+++ b/forgejo/_deploy.sh
@@ -0,0 +1,14 @@
+# Setup forgejo config
+cp ./forgejo/* /etc/forgejo
+chown -R root:forgejo /etc/forgejo && chmod -R 540 /etc/forgejo
+
+# Setup forgejo service
+cp ./systemd/forgejo.service /etc/systemd/system
+
+# Start forgejo
+systemctl deamon-reload
+systemctl enable forgejo
+systemctl start forgejo
+
+# Setup forgejo runner
+# ???
diff --git a/forgejo/_install.sh b/forgejo/_install.sh
new file mode 100644
index 0000000..a6c53e4
--- /dev/null
+++ b/forgejo/_install.sh
@@ -0,0 +1,43 @@
+# Get latest forgejo tag
+LATEST=curl -fsS https://codeberg.org/forgejo/forgejo/releases/latest | grep -o "[0-9].[0-9].[0-9]"
+
+# Download forgejo
+wget "https://codeberg.org/forgejo/forgejo/releases/download/$LATEST/forgejo-$LATEST-linux-amd64"
+chmod +x "forgejo-$LATEST-linux-amd64"
+
+# Check GPG Keys
+gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
+wget "https://codeberg.org/forgejo/forgejo/releases/download/v$LATEST/forgejo-$LATEST-linux-amd64.asc"
+gpg --verify "forgejo-$LATEST-linux-amd64.asc" "forgejo-$LATEST-linux-amd64"
+
+# Create group and user
+groupadd --system forgejo
+
+useradd --system \
+  --gid forgejo
+  --create-home \
+  --home-dir /var/lib/forgejo \
+  --shell /usr/sbin/nologin \
+  --comment "Forgejo Git forge" \
+  forgejo
+
+# Setup forgejo directories
+mv "forgejo-$LATEST-linux-amd64" /usr/local/bin/forgejo
+
+## Working directory
+mkdir /var/lib/forgejo
+chown forgejo:forgejo /var/lib/forgejo && chmod 750 /var/lib/forgejo
+
+## Config directory
+mkdir /etc/forgejo
+chown root:forgejo /etc/forgejo && chmod 540 /etc/forgejo
+
+# Check requirements
+nala install -y git git-lfs
+
+# Install database
+# ??? source or inline config, make table ... ?
+# source ../postgresql/_install.sh
+
+# Install runner
+# ???
diff --git a/forgejo/systemd/forgejo.service b/forgejo/systemd/forgejo.service
new file mode 100644
index 0000000..a1846a4
--- /dev/null
+++ b/forgejo/systemd/forgejo.service
@@ -0,0 +1,68 @@
+# Original from https://codeberg.org/forgejo/forgejo/src/branch/forgejo/contrib/systemd/forgejo.service
+[Unit]
+Description=Forgejo (Beyond coding. We forge.)
+After=syslog.target
+After=network.target
+Wants=postgresql.service
+After=postgresql.service
+# If using socket activation for main http/s
+###
+#
+#After=forgejo.main.socket
+#Requires=forgejo.main.socket
+#
+###
+# (You can also provide forgejo an http fallback and/or ssh socket too)
+#
+# An example of /etc/systemd/system/forgejo.main.socket
+###
+##
+## [Unit]
+## Description=Forgejo Web Socket
+## PartOf=forgejo.service
+##
+## [Socket]
+## Service=forgejo.service
+## ListenStream=<some_port>
+## NoDelay=true
+##
+## [Install]
+## WantedBy=sockets.target
+##
+###
+
+[Service]
+# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
+# LimitNOFILE=524288:524288
+RestartSec=2s
+Type=simple
+User=forgejo
+Group=forgejo
+WorkingDirectory=/var/lib/forgejo/
+# If using Unix socket: tells systemd to create the /run/forgejo folder, which will contain the forgejo.sock file
+# (manually creating /run/forgejo doesn't work, because it would not persist across reboots)
+#RuntimeDirectory=forgejo
+ExecStart=/usr/local/bin/forgejo web --config /etc/forgejo/app.ini
+Restart=always
+Environment=USER=forgejo HOME=/var/lib/forgejo GITEA_WORK_DIR=/var/lib/forgejo
+# If you install Git to directory prefix other than default PATH (which happens
+# for example if you install other versions of Git side-to-side with
+# distribution version), uncomment below line and add that prefix to PATH
+# Don't forget to place git-lfs binary on the PATH below if you want to enable
+# Git LFS support
+#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
+# If you want to bind Forgejo to a port below 1024, uncomment
+# the two values below, or use socket activation to pass Forgejo its ports as above
+###
+#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+###
+# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
+# set the following value to false to allow capabilities to be applied on Forgejo process. The following
+# value if set to true sandboxes Forgejo service and prevent any processes from running with privileges
+# in the host user namespace.
+###
+#PrivateUsers=false
+###
+[Install]
+WantedBy=multi-user.target