forked from cohabit/server_config
feat: add forgejo
install and deploy scripts
This commit is contained in:
parent
acc7f51fc6
commit
abcf6da714
14
forgejo/_deploy.sh
Normal file
14
forgejo/_deploy.sh
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
# Setup forgejo config
|
||||||
|
cp ./forgejo/* /etc/forgejo
|
||||||
|
chown -R root:forgejo /etc/forgejo && chmod -R 540 /etc/forgejo
|
||||||
|
|
||||||
|
# Setup forgejo service
|
||||||
|
cp ./systemd/forgejo.service /etc/systemd/system
|
||||||
|
|
||||||
|
# Start forgejo
|
||||||
|
systemctl deamon-reload
|
||||||
|
systemctl enable forgejo
|
||||||
|
systemctl start forgejo
|
||||||
|
|
||||||
|
# Setup forgejo runner
|
||||||
|
# ???
|
43
forgejo/_install.sh
Normal file
43
forgejo/_install.sh
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
# Get latest forgejo tag
|
||||||
|
LATEST=curl -fsS https://codeberg.org/forgejo/forgejo/releases/latest | grep -o "[0-9].[0-9].[0-9]"
|
||||||
|
|
||||||
|
# Download forgejo
|
||||||
|
wget "https://codeberg.org/forgejo/forgejo/releases/download/$LATEST/forgejo-$LATEST-linux-amd64"
|
||||||
|
chmod +x "forgejo-$LATEST-linux-amd64"
|
||||||
|
|
||||||
|
# Check GPG Keys
|
||||||
|
gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
|
||||||
|
wget "https://codeberg.org/forgejo/forgejo/releases/download/v$LATEST/forgejo-$LATEST-linux-amd64.asc"
|
||||||
|
gpg --verify "forgejo-$LATEST-linux-amd64.asc" "forgejo-$LATEST-linux-amd64"
|
||||||
|
|
||||||
|
# Create group and user
|
||||||
|
groupadd --system forgejo
|
||||||
|
|
||||||
|
useradd --system \
|
||||||
|
--gid forgejo
|
||||||
|
--create-home \
|
||||||
|
--home-dir /var/lib/forgejo \
|
||||||
|
--shell /usr/sbin/nologin \
|
||||||
|
--comment "Forgejo Git forge" \
|
||||||
|
forgejo
|
||||||
|
|
||||||
|
# Setup forgejo directories
|
||||||
|
mv "forgejo-$LATEST-linux-amd64" /usr/local/bin/forgejo
|
||||||
|
|
||||||
|
## Working directory
|
||||||
|
mkdir /var/lib/forgejo
|
||||||
|
chown forgejo:forgejo /var/lib/forgejo && chmod 750 /var/lib/forgejo
|
||||||
|
|
||||||
|
## Config directory
|
||||||
|
mkdir /etc/forgejo
|
||||||
|
chown root:forgejo /etc/forgejo && chmod 540 /etc/forgejo
|
||||||
|
|
||||||
|
# Check requirements
|
||||||
|
nala install -y git git-lfs
|
||||||
|
|
||||||
|
# Install database
|
||||||
|
# ??? source or inline config, make table ... ?
|
||||||
|
# source ../postgresql/_install.sh
|
||||||
|
|
||||||
|
# Install runner
|
||||||
|
# ???
|
68
forgejo/systemd/forgejo.service
Normal file
68
forgejo/systemd/forgejo.service
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
# Original from https://codeberg.org/forgejo/forgejo/src/branch/forgejo/contrib/systemd/forgejo.service
|
||||||
|
[Unit]
|
||||||
|
Description=Forgejo (Beyond coding. We forge.)
|
||||||
|
After=syslog.target
|
||||||
|
After=network.target
|
||||||
|
Wants=postgresql.service
|
||||||
|
After=postgresql.service
|
||||||
|
# If using socket activation for main http/s
|
||||||
|
###
|
||||||
|
#
|
||||||
|
#After=forgejo.main.socket
|
||||||
|
#Requires=forgejo.main.socket
|
||||||
|
#
|
||||||
|
###
|
||||||
|
# (You can also provide forgejo an http fallback and/or ssh socket too)
|
||||||
|
#
|
||||||
|
# An example of /etc/systemd/system/forgejo.main.socket
|
||||||
|
###
|
||||||
|
##
|
||||||
|
## [Unit]
|
||||||
|
## Description=Forgejo Web Socket
|
||||||
|
## PartOf=forgejo.service
|
||||||
|
##
|
||||||
|
## [Socket]
|
||||||
|
## Service=forgejo.service
|
||||||
|
## ListenStream=<some_port>
|
||||||
|
## NoDelay=true
|
||||||
|
##
|
||||||
|
## [Install]
|
||||||
|
## WantedBy=sockets.target
|
||||||
|
##
|
||||||
|
###
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
|
||||||
|
# LimitNOFILE=524288:524288
|
||||||
|
RestartSec=2s
|
||||||
|
Type=simple
|
||||||
|
User=forgejo
|
||||||
|
Group=forgejo
|
||||||
|
WorkingDirectory=/var/lib/forgejo/
|
||||||
|
# If using Unix socket: tells systemd to create the /run/forgejo folder, which will contain the forgejo.sock file
|
||||||
|
# (manually creating /run/forgejo doesn't work, because it would not persist across reboots)
|
||||||
|
#RuntimeDirectory=forgejo
|
||||||
|
ExecStart=/usr/local/bin/forgejo web --config /etc/forgejo/app.ini
|
||||||
|
Restart=always
|
||||||
|
Environment=USER=forgejo HOME=/var/lib/forgejo GITEA_WORK_DIR=/var/lib/forgejo
|
||||||
|
# If you install Git to directory prefix other than default PATH (which happens
|
||||||
|
# for example if you install other versions of Git side-to-side with
|
||||||
|
# distribution version), uncomment below line and add that prefix to PATH
|
||||||
|
# Don't forget to place git-lfs binary on the PATH below if you want to enable
|
||||||
|
# Git LFS support
|
||||||
|
#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
|
||||||
|
# If you want to bind Forgejo to a port below 1024, uncomment
|
||||||
|
# the two values below, or use socket activation to pass Forgejo its ports as above
|
||||||
|
###
|
||||||
|
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||||
|
#AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
|
###
|
||||||
|
# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
|
||||||
|
# set the following value to false to allow capabilities to be applied on Forgejo process. The following
|
||||||
|
# value if set to true sandboxes Forgejo service and prevent any processes from running with privileges
|
||||||
|
# in the host user namespace.
|
||||||
|
###
|
||||||
|
#PrivateUsers=false
|
||||||
|
###
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
Loading…
Reference in a new issue