itamae/cookbooks/gitea/setup.rb

# Create `git` user:
user 'git' do
  create_home true
  home '/home/git/'

  system_user true

  shell '/bin/bash'
end

directory '/home/git/.ssh/' do
  owner 'git'
  group 'git'
  mode  '0700'
end

remote_file '/home/git/.ssh/authorized_keys' do
  owner 'git'
  group 'git'
  mode  '0600'
end

# Create `/etc/gitea/`:
%w(/etc/gitea).each do |d|
  directory d do
    owner  'root'
    group  'root'
    mode   '0755'
  end
end

%w(/var/lib/git /var/lib/gitea).each do |d|
  directory d do
    owner  'git'
    group  'git'
    mode   '0755'
  end
end

execute 'rsync -vrz --delete admin@192.168.10.200:/volume1/Shared/AppData/gitea/gitea-data/ /var/lib/gitea/' do
  not_if 'test -e /var/lib/gitea/log'
end

execute 'rsync -vrz --delete admin@192.168.10.200:/volume1/Shared/AppData/gitea/git/ /var/lib/git/' do
  not_if 'test -e /var/lib/git/kazu634/'
end

execute 'chown -R git:git /var/lib/gitea/'
execute 'chown -R git:git /var/lib/git/'

# Deploy `app.ini`:
remote_file '/etc/gitea/app.ini' do
  owner  'git'
  group  'git'
  mode   '644'
end

# Deploy `supervisord` config`:
remote_file '/etc/supervisor/conf.d/gitea.conf' do
  owner  'root'
  group  'root'
  mode   '644'

  notifies :restart, 'service[supervisor]'
end

service 'supervisor' do
  action :nothing
end

# Depoy `consul` service configuration for `gitea`:
remote_file '/etc/consul.d/service-gitea.json' do
  owner  'root'
  group  'root'
  mode   '644'

  notifies :restart, 'service[supervisor]'
end

# Depoy `promtail` configuration for `gitea`:
template '/etc/promtail/gitea.yaml' do
  owner  'root'
  group  'root'
  mode   '644'

  variables(HOSTNAME: node[:hostname], LOKIENDPOINT: node['promtail']['lokiendpoint'])

  notifies :restart, 'service[promtail-gitea]'
end

# Deploy `systemd` configuration for `promtail-gitea`:
remote_file '/etc/systemd/system/promtail-gitea.service' do
  owner  'root'
  group  'root'
  mode   '644'
end

# Service setting:
service 'promtail-gitea' do
  action [ :enable, :restart ]
end

# Deploy `systemd` configuration for `promtail-gitea`:
remote_file '/etc/lsyncd/lsyncd.conf.lua' do
  owner  'root'
  group  'root'
  mode   '644'
end

# Service setting:
service 'lsyncd' do
  action [ :enable, :restart ]
end

# Firewall settings here:
%w( 3000/tcp ).each do |p|
  execute "ufw allow #{p}" do
    user 'root'

    not_if "LANG=c ufw status | grep #{p}"

    notifies :run, 'execute[ufw reload-or-enable]'
  end
end

execute 'ufw reload-or-enable' do
  user 'root'
  command 'LANG=C ufw reload | grep skipping && ufw --force enable || exit 0'

  action :nothing
end
Set up `gitea`. 2020-11-01 04:53:06 +00:00			# Create `git` user:
			`user 'git' do`
			`create_home true`
			`home '/home/git/'`

			`system_user true`

			`shell '/bin/bash'`
			`end`

			`directory '/home/git/.ssh/' do`
			`owner 'git'`
			`group 'git'`
			`mode '0700'`
			`end`

			`remote_file '/home/git/.ssh/authorized_keys' do`
			`owner 'git'`
			`group 'git'`
			`mode '0600'`
			`end`

			# Create `/etc/gitea/`:
			`%w(/etc/gitea).each do \|d\|`
			`directory d do`
			`owner 'root'`
			`group 'root'`
			`mode '0755'`
			`end`
			`end`

			`%w(/var/lib/git /var/lib/gitea).each do \|d\|`
			`directory d do`
			`owner 'git'`
			`group 'git'`
			`mode '0755'`
			`end`
			`end`

			`execute 'rsync -vrz --delete admin@192.168.10.200:/volume1/Shared/AppData/gitea/gitea-data/ /var/lib/gitea/' do`
			`not_if 'test -e /var/lib/gitea/log'`
			`end`

			`execute 'rsync -vrz --delete admin@192.168.10.200:/volume1/Shared/AppData/gitea/git/ /var/lib/git/' do`
			`not_if 'test -e /var/lib/git/kazu634/'`
			`end`

			`execute 'chown -R git:git /var/lib/gitea/'`
			`execute 'chown -R git:git /var/lib/git/'`

			# Deploy `app.ini`:
			`remote_file '/etc/gitea/app.ini' do`
			`owner 'git'`
			`group 'git'`
			`mode '644'`
			`end`

			# Deploy `supervisord` config`:
			`remote_file '/etc/supervisor/conf.d/gitea.conf' do`
			`owner 'root'`
			`group 'root'`
			`mode '644'`

			`notifies :restart, 'service[supervisor]'`
			`end`

			`service 'supervisor' do`
			`action :nothing`
			`end`

			# Depoy `consul` service configuration for `gitea`:
			`remote_file '/etc/consul.d/service-gitea.json' do`
			`owner 'root'`
			`group 'root'`
			`mode '644'`

			`notifies :restart, 'service[supervisor]'`
			`end`

			# Depoy `promtail` configuration for `gitea`:
			`template '/etc/promtail/gitea.yaml' do`
			`owner 'root'`
			`group 'root'`
			`mode '644'`

			`variables(HOSTNAME: node[:hostname], LOKIENDPOINT: node['promtail']['lokiendpoint'])`

			`notifies :restart, 'service[promtail-gitea]'`
			`end`

			# Deploy `systemd` configuration for `promtail-gitea`:
			`remote_file '/etc/systemd/system/promtail-gitea.service' do`
			`owner 'root'`
			`group 'root'`
			`mode '644'`
			`end`

			`# Service setting:`
			`service 'promtail-gitea' do`
			`action [ :enable, :restart ]`
			`end`

			# Deploy `systemd` configuration for `promtail-gitea`:
			`remote_file '/etc/lsyncd/lsyncd.conf.lua' do`
			`owner 'root'`
			`group 'root'`
			`mode '644'`
			`end`

			`# Service setting:`
			`service 'lsyncd' do`
			`action [ :enable, :restart ]`
			`end`

			`# Firewall settings here:`
			`%w( 3000/tcp ).each do \|p\|`
			`execute "ufw allow #{p}" do`
			`user 'root'`

			`not_if "LANG=c ufw status \| grep #{p}"`

			`notifies :run, 'execute[ufw reload-or-enable]'`
			`end`
			`end`

			`execute 'ufw reload-or-enable' do`
			`user 'root'`
			`command 'LANG=C ufw reload \| grep skipping && ufw --force enable \|\| exit 0'`

			`action :nothing`
			`end`