feat: add forgejo install and deploy scripts

This commit is contained in:
Julien Oculi 2024-05-30 11:59:27 +02:00
parent acc7f51fc6
commit abcf6da714
3 changed files with 125 additions and 0 deletions

14
forgejo/_deploy.sh Normal file
View file

@ -0,0 +1,14 @@
# Setup forgejo config
cp ./forgejo/* /etc/forgejo
chown -R root:forgejo /etc/forgejo && chmod -R 540 /etc/forgejo
# Setup forgejo service
cp ./systemd/forgejo.service /etc/systemd/system
# Start forgejo
systemctl deamon-reload
systemctl enable forgejo
systemctl start forgejo
# Setup forgejo runner
# ???

43
forgejo/_install.sh Normal file
View file

@ -0,0 +1,43 @@
# Get latest forgejo tag
LATEST=curl -fsS https://codeberg.org/forgejo/forgejo/releases/latest | grep -o "[0-9].[0-9].[0-9]"
# Download forgejo
wget "https://codeberg.org/forgejo/forgejo/releases/download/$LATEST/forgejo-$LATEST-linux-amd64"
chmod +x "forgejo-$LATEST-linux-amd64"
# Check GPG Keys
gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
wget "https://codeberg.org/forgejo/forgejo/releases/download/v$LATEST/forgejo-$LATEST-linux-amd64.asc"
gpg --verify "forgejo-$LATEST-linux-amd64.asc" "forgejo-$LATEST-linux-amd64"
# Create group and user
groupadd --system forgejo
useradd --system \
--gid forgejo
--create-home \
--home-dir /var/lib/forgejo \
--shell /usr/sbin/nologin \
--comment "Forgejo Git forge" \
forgejo
# Setup forgejo directories
mv "forgejo-$LATEST-linux-amd64" /usr/local/bin/forgejo
## Working directory
mkdir /var/lib/forgejo
chown forgejo:forgejo /var/lib/forgejo && chmod 750 /var/lib/forgejo
## Config directory
mkdir /etc/forgejo
chown root:forgejo /etc/forgejo && chmod 540 /etc/forgejo
# Check requirements
nala install -y git git-lfs
# Install database
# ??? source or inline config, make table ... ?
# source ../postgresql/_install.sh
# Install runner
# ???

View file

@ -0,0 +1,68 @@
# Original from https://codeberg.org/forgejo/forgejo/src/branch/forgejo/contrib/systemd/forgejo.service
[Unit]
Description=Forgejo (Beyond coding. We forge.)
After=syslog.target
After=network.target
Wants=postgresql.service
After=postgresql.service
# If using socket activation for main http/s
###
#
#After=forgejo.main.socket
#Requires=forgejo.main.socket
#
###
# (You can also provide forgejo an http fallback and/or ssh socket too)
#
# An example of /etc/systemd/system/forgejo.main.socket
###
##
## [Unit]
## Description=Forgejo Web Socket
## PartOf=forgejo.service
##
## [Socket]
## Service=forgejo.service
## ListenStream=<some_port>
## NoDelay=true
##
## [Install]
## WantedBy=sockets.target
##
###
[Service]
# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
# LimitNOFILE=524288:524288
RestartSec=2s
Type=simple
User=forgejo
Group=forgejo
WorkingDirectory=/var/lib/forgejo/
# If using Unix socket: tells systemd to create the /run/forgejo folder, which will contain the forgejo.sock file
# (manually creating /run/forgejo doesn't work, because it would not persist across reboots)
#RuntimeDirectory=forgejo
ExecStart=/usr/local/bin/forgejo web --config /etc/forgejo/app.ini
Restart=always
Environment=USER=forgejo HOME=/var/lib/forgejo GITEA_WORK_DIR=/var/lib/forgejo
# If you install Git to directory prefix other than default PATH (which happens
# for example if you install other versions of Git side-to-side with
# distribution version), uncomment below line and add that prefix to PATH
# Don't forget to place git-lfs binary on the PATH below if you want to enable
# Git LFS support
#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
# If you want to bind Forgejo to a port below 1024, uncomment
# the two values below, or use socket activation to pass Forgejo its ports as above
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
###
# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
# set the following value to false to allow capabilities to be applied on Forgejo process. The following
# value if set to true sandboxes Forgejo service and prevent any processes from running with privileges
# in the host user namespace.
###
#PrivateUsers=false
###
[Install]
WantedBy=multi-user.target