Set up `gitea`.

This commit is contained in:
Kazuhiro MUSASHI 2020-11-01 13:53:06 +09:00
parent b9f79057a2
commit 294c24b89a
9 changed files with 339 additions and 0 deletions

View File

@ -3,3 +3,6 @@ include_recipe './attributes.rb'
# Install: # Install:
include_recipe './install.rb' include_recipe './install.rb'
# Setup:
include_recipe './setup.rb'

View File

@ -0,0 +1,12 @@
{
"service": {
"name": "gitea",
"port": 3000,
"check":{
"tcp": "localhost:3000",
"interval": "60s",
"timeout": "1s",
"success_before_passing": 3
}
}
}

View File

@ -0,0 +1,78 @@
APP_NAME = Gitea: Git with a cup of tea
RUN_USER = git
RUN_MODE = prod
[oauth2]
JWT_SECRET = Cyb3GmSaoJpkaHhA5X6wiNCK7KsngKEr6w_v37WZ1a4
[security]
INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NjMzNzYxNzR9.Z8_xg9eBZt8fSMTQLQB2xxGUx7GB5M3_v_Tsc441LOg
INSTALL_LOCK = true
SECRET_KEY = Br3eWgKaVIvM2TiHgvRnDbeZTSvBeVxSOS2VbjsPiyZ8Egigqre4dq0ZqaIKoxlB
[database]
DB_TYPE = mysql
HOST = 192.168.10.200:3307
NAME = gitea
USER = root
PASSWD = Holiday88
SSL_MODE = disable
PATH = /var/lib/gitea/data/gitea.db
[repository]
ROOT = /var/lib/git
[server]
SSH_DOMAIN = gitea.kazu634.com
DOMAIN = gitea.kazu634.com
HTTP_PORT = 3000
ROOT_URL = https://gitea.kazu634.com/
DISABLE_SSH = false
SSH_PORT = 50022
LFS_START_SERVER = true
LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
LFS_JWT_SECRET = hcxZi2iadhyYTdRtAOJXXWPckR-lK2rFHPCbA1isvV0
OFFLINE_MODE = false
[mailer]
ENABLED = false
[service]
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
DISABLE_REGISTRATION = true
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = true
REQUIRE_SIGNIN_VIEW = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.example.org
[picture]
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
[session]
PROVIDER = file
[log]
MODE = file
LEVEL = Info
ROOT_PATH = /var/lib/gitea/log
[other]
SHOW_FOOTER_VERSION = false
[attachment]
ENABLED = true
ALLOWED_TYPES = */*
MAX_SIZE = 1024
MAX_FILES = 25
[metrics]
ENABLED = true

View File

@ -0,0 +1,26 @@
settings {
logfile = "/var/log/lsyncd/lsyncd.log",
statusFile = "/var/log/lsyncd/lsyncd.status",
statusInterval = 20,
nodaemon = false
}
sync {
default.rsync,
source = "/var/lib/git/",
target = "admin@192.168.10.200:/volume1/Shared/AppData/gitea/git/",
rsync = {
archive = true,
compress = true
}
}
sync {
default.rsync,
source = "/var/lib/gitea/",
target = "admin@192.168.10.200:/volume1/Shared/AppData/gitea/gitea-data/",
rsync = {
archive = true,
compress = true
}
}

View File

@ -0,0 +1,10 @@
[program:gitea]
command=/usr/local/bin/gitea web -c /etc/gitea/app.ini
user=git
stdout_logfile=/var/log/supervisor/gitea.log
environment=GITEA_WORK_DIR="/var/lib/gitea/", HOME="/home/git", USER="git"
redirect_stderr=true
stdout_logfile_maxbytes=1MB
stdout_logfile_backups=5
autorestart=true
stopsignal=TERM

View File

@ -0,0 +1,12 @@
[Unit]
Description=Grafana Promtail
Documentation=https://github.com/grafana/loki
After=network-online.target
[Service]
User=root
Restart=always
ExecStart=/usr/local/bin/promtail --config.file=/etc/promtail/gitea.yaml
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,6 @@
# gitea public key
command="/usr/local/bin/gitea --config=\"/etc/gitea/app.ini\" serv key-4",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKaziOfXcs96+p5WU67S/v3RD2HvuRN9iqROba8REj3fZygCrVHnboF6I3O5fmO7FXh2Nj8iLW/aQT0LxondM2hch67g6D4sM4qcshriYYRfMHTc+w7jVE6bhzpl78kCUM/Scy/IwCXqMNwWDoji8Yt2MMIBsAoUPhP1DdseHsBpxXDtKVcaHy35SM+uEsl34yvcXiobitYtrclxI8D7AiRHQ77VoHzlv8m93WFKBYlJ4JbtaQpVPncpJzcqhs1gD0eIHCHHF8xg8VsrDyiWVBoh+4ixnr+HYUbhRRBalvDuGdgFdccDt1RIWWrlZNelRecR1LNgyvWL5x9H/4YMh9 WorkingCopy@KazuhirosiPad-24032019
# gitea public key
command="/usr/local/bin/gitea --config=\"/etc/gitea/app.ini\" serv key-5",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxKUdftBP05WHbz2wIbYqhgYpmvR/tcIrnVngM2vH3hvbFfS6Es2TBswqTml5+gRzyZrjaii3rJaNfQxcXEfW8lPHzp3weMDBgNrcuVby5Nix5N7EeEoPZyzPk1BvpzoIudE/zIO++ttpTIS3uMBLcqCny4M/mY8IHiLs/c1osP7nQ1QA96xBHTk3xxr9vVbVyCI68uQ79aumJbhP/nKO068HmBJ5M+4kRLNQ6US6dvd8/zbf2tyi0SqCJcLrUvF2AINlIc9T3oApftYdrcZpNeexQdb4HYkH4lwQg4oWbCMH/iDgc8KLJR21nXLZZrVkbSxcDvwcYsMeGwZrVOpuR Chef
# gitea public key
command="/usr/local/bin/gitea --config=\"/etc/gitea/app.ini\" serv key-9",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuib90/h5aKtL411mOOTe7Ja5udeSTfF9mmTVuVsw5TEbOZPEI0O+PWuCCg6DKHVtAb0POoBjg+I8V4NS2VGIAur0mUyKIY7Zadk/3Y/jdbEtS0IGMwdJOgfTEBFvNNXhx+di3cUPTOvSBlnXpIi3vMetzOmqXvb285RUTcPlmLQsdpnJGcShnWIwUXKqWwQB5QZ8MREPgdGedON4yyWsOIrCVJJjBRCwyWCbLQTNE6TKoWKauabPtNgdqFFcBmp6NYfR8Ob2qp0RVq2vi8FFxoEaFFbJUHlJIbiInVypPf3zwpXx8Gdw+Rr7Hs8YAGCjEqE8J8ZI0iXDhaE4HcrQPQ== kazu634@macbookpro.local

131
cookbooks/gitea/setup.rb Normal file
View File

@ -0,0 +1,131 @@
# Create `git` user:
user 'git' do
create_home true
home '/home/git/'
system_user true
shell '/bin/bash'
end
directory '/home/git/.ssh/' do
owner 'git'
group 'git'
mode '0700'
end
remote_file '/home/git/.ssh/authorized_keys' do
owner 'git'
group 'git'
mode '0600'
end
# Create `/etc/gitea/`:
%w(/etc/gitea).each do |d|
directory d do
owner 'root'
group 'root'
mode '0755'
end
end
%w(/var/lib/git /var/lib/gitea).each do |d|
directory d do
owner 'git'
group 'git'
mode '0755'
end
end
execute 'rsync -vrz --delete admin@192.168.10.200:/volume1/Shared/AppData/gitea/gitea-data/ /var/lib/gitea/' do
not_if 'test -e /var/lib/gitea/log'
end
execute 'rsync -vrz --delete admin@192.168.10.200:/volume1/Shared/AppData/gitea/git/ /var/lib/git/' do
not_if 'test -e /var/lib/git/kazu634/'
end
execute 'chown -R git:git /var/lib/gitea/'
execute 'chown -R git:git /var/lib/git/'
# Deploy `app.ini`:
remote_file '/etc/gitea/app.ini' do
owner 'git'
group 'git'
mode '644'
end
# Deploy `supervisord` config`:
remote_file '/etc/supervisor/conf.d/gitea.conf' do
owner 'root'
group 'root'
mode '644'
notifies :restart, 'service[supervisor]'
end
service 'supervisor' do
action :nothing
end
# Depoy `consul` service configuration for `gitea`:
remote_file '/etc/consul.d/service-gitea.json' do
owner 'root'
group 'root'
mode '644'
notifies :restart, 'service[supervisor]'
end
# Depoy `promtail` configuration for `gitea`:
template '/etc/promtail/gitea.yaml' do
owner 'root'
group 'root'
mode '644'
variables(HOSTNAME: node[:hostname], LOKIENDPOINT: node['promtail']['lokiendpoint'])
notifies :restart, 'service[promtail-gitea]'
end
# Deploy `systemd` configuration for `promtail-gitea`:
remote_file '/etc/systemd/system/promtail-gitea.service' do
owner 'root'
group 'root'
mode '644'
end
# Service setting:
service 'promtail-gitea' do
action [ :enable, :restart ]
end
# Deploy `systemd` configuration for `promtail-gitea`:
remote_file '/etc/lsyncd/lsyncd.conf.lua' do
owner 'root'
group 'root'
mode '644'
end
# Service setting:
service 'lsyncd' do
action [ :enable, :restart ]
end
# Firewall settings here:
%w( 3000/tcp ).each do |p|
execute "ufw allow #{p}" do
user 'root'
not_if "LANG=c ufw status | grep #{p}"
notifies :run, 'execute[ufw reload-or-enable]'
end
end
execute 'ufw reload-or-enable' do
user 'root'
command 'LANG=C ufw reload | grep skipping && ufw --force enable || exit 0'
action :nothing
end

View File

@ -0,0 +1,61 @@
server:
disable: true
positions:
filename: /var/opt/promtail/promtail_gitea_position.yaml
clients:
- url: http://<%= @LOKIENDPOINT %>/loki/api/v1/push
scrape_configs:
- job_name: gitea
static_configs:
- targets:
- localhost
labels:
job: gitea
hostname: <%= @HOSTNAME %>
vhost: gitea.kazu634.com
__path__: /var/log/supervisor/gitea.log
pipeline_stages:
- match:
selector: '{job="gitea"}'
stages:
- drop:
expression: "(Static|robots.txt|sitemap.xml)"
- regex:
expression: '^\[Macaron\] (?P<timestamp>[0-9]+\-[0-9]+\-[0-9]+ +[0-9]+:[0-9]+:[0-9]+): (?P<message1>[^\/]+) (?P<uri>\/[^ ]*) (?P<response>[^ ]+) (?P<message2>.+)$'
- timestamp:
source: timestamp
format: 2006-01-02 15:04:05
location: Asia/Tokyo
- template:
source: message
template: '{{ .message1 }} {{ .uri }} ({{ .message2 }})'
- template:
source: level
template: '{{ .response }}'
- template:
source: level
template: '{{ regexReplaceAllLiteral "(2[0-9]+|3[0-9]+|for)" .Value "info" }}'
- template:
source: level
template: '{{ regexReplaceAllLiteral "4[0-9]+" .Value "warning" }}'
- template:
source: level
template: '{{ regexReplaceAllLiteral "5[0-9]+" .Value "error" }}'
- labels:
level:
- output:
source: message