Set up `gitea`.

cookbooks/gitea/default.rb

@@ -3,3 +3,6 @@ include_recipe './attributes.rb'
 
 # Install:
 include_recipe './install.rb'
+
+# Setup:
+include_recipe './setup.rb'

cookbooks/gitea/files/etc/consul.d/service-gitea.json

@@ -0,0 +1,12 @@
+{
+  "service": {
+    "name": "gitea",
+    "port": 3000, 
+    "check":{
+      "tcp": "localhost:3000",
+      "interval": "60s",
+      "timeout": "1s",
+      "success_before_passing": 3
+    }
+  }
+}

cookbooks/gitea/files/etc/gitea/app.ini

@@ -0,0 +1,78 @@
+APP_NAME = Gitea: Git with a cup of tea
+RUN_USER = git
+RUN_MODE = prod
+
+[oauth2]
+JWT_SECRET = Cyb3GmSaoJpkaHhA5X6wiNCK7KsngKEr6w_v37WZ1a4
+
+[security]
+INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NjMzNzYxNzR9.Z8_xg9eBZt8fSMTQLQB2xxGUx7GB5M3_v_Tsc441LOg
+INSTALL_LOCK   = true
+SECRET_KEY     = Br3eWgKaVIvM2TiHgvRnDbeZTSvBeVxSOS2VbjsPiyZ8Egigqre4dq0ZqaIKoxlB
+
+[database]
+DB_TYPE  = mysql
+HOST     = 192.168.10.200:3307
+NAME     = gitea
+USER     = root
+PASSWD   = Holiday88
+SSL_MODE = disable
+PATH     = /var/lib/gitea/data/gitea.db
+
+[repository]
+ROOT = /var/lib/git
+
+[server]
+SSH_DOMAIN       = gitea.kazu634.com
+DOMAIN           = gitea.kazu634.com
+HTTP_PORT        = 3000
+ROOT_URL         = https://gitea.kazu634.com/
+DISABLE_SSH      = false
+SSH_PORT         = 50022
+LFS_START_SERVER = true
+LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
+LFS_JWT_SECRET   = hcxZi2iadhyYTdRtAOJXXWPckR-lK2rFHPCbA1isvV0
+OFFLINE_MODE     = false
+
+[mailer]
+ENABLED = false
+
+[service]
+REGISTER_EMAIL_CONFIRM            = false
+ENABLE_NOTIFY_MAIL                = false
+DISABLE_REGISTRATION              = true
+ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+ENABLE_CAPTCHA                    = true
+REQUIRE_SIGNIN_VIEW               = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING       = true
+NO_REPLY_ADDRESS                  = noreply.example.org
+
+[picture]
+DISABLE_GRAVATAR        = false
+ENABLE_FEDERATED_AVATAR = true
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[session]
+PROVIDER = file
+
+[log]
+MODE      = file
+LEVEL     = Info
+ROOT_PATH = /var/lib/gitea/log
+
+[other]
+SHOW_FOOTER_VERSION = false
+
+[attachment]
+ENABLED = true
+ALLOWED_TYPES = */*
+MAX_SIZE = 1024
+MAX_FILES = 25
+
+[metrics]
+ENABLED = true

cookbooks/gitea/files/etc/lsyncd/lsyncd.conf.lua

@@ -0,0 +1,26 @@
+settings {
+  logfile = "/var/log/lsyncd/lsyncd.log",
+  statusFile = "/var/log/lsyncd/lsyncd.status",
+  statusInterval = 20,
+  nodaemon   = false
+}
+
+sync {
+  default.rsync,
+  source = "/var/lib/git/",
+  target = "admin@192.168.10.200:/volume1/Shared/AppData/gitea/git/",
+  rsync      = {
+    archive  = true,
+    compress = true
+  }
+}
+
+sync {
+  default.rsync,
+  source = "/var/lib/gitea/",
+  target = "admin@192.168.10.200:/volume1/Shared/AppData/gitea/gitea-data/",
+  rsync      = {
+    archive  = true,
+    compress = true
+  }
+}

cookbooks/gitea/files/etc/supervisor/conf.d/gitea.conf

@@ -0,0 +1,10 @@
+[program:gitea]
+command=/usr/local/bin/gitea web -c /etc/gitea/app.ini
+user=git
+stdout_logfile=/var/log/supervisor/gitea.log
+environment=GITEA_WORK_DIR="/var/lib/gitea/", HOME="/home/git", USER="git"
+redirect_stderr=true
+stdout_logfile_maxbytes=1MB
+stdout_logfile_backups=5
+autorestart=true
+stopsignal=TERM

cookbooks/gitea/files/etc/systemd/system/promtail-gitea.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Grafana Promtail
+Documentation=https://github.com/grafana/loki
+After=network-online.target
+
+[Service]
+User=root
+Restart=always
+ExecStart=/usr/local/bin/promtail --config.file=/etc/promtail/gitea.yaml
+
+[Install]
+WantedBy=multi-user.target

cookbooks/gitea/files/home/git/.ssh/authorized_keys

@@ -0,0 +1,6 @@
+# gitea public key
+command="/usr/local/bin/gitea --config=\"/etc/gitea/app.ini\" serv key-4",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKaziOfXcs96+p5WU67S/v3RD2HvuRN9iqROba8REj3fZygCrVHnboF6I3O5fmO7FXh2Nj8iLW/aQT0LxondM2hch67g6D4sM4qcshriYYRfMHTc+w7jVE6bhzpl78kCUM/Scy/IwCXqMNwWDoji8Yt2MMIBsAoUPhP1DdseHsBpxXDtKVcaHy35SM+uEsl34yvcXiobitYtrclxI8D7AiRHQ77VoHzlv8m93WFKBYlJ4JbtaQpVPncpJzcqhs1gD0eIHCHHF8xg8VsrDyiWVBoh+4ixnr+HYUbhRRBalvDuGdgFdccDt1RIWWrlZNelRecR1LNgyvWL5x9H/4YMh9 WorkingCopy@KazuhirosiPad-24032019
+# gitea public key
+command="/usr/local/bin/gitea --config=\"/etc/gitea/app.ini\" serv key-5",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxKUdftBP05WHbz2wIbYqhgYpmvR/tcIrnVngM2vH3hvbFfS6Es2TBswqTml5+gRzyZrjaii3rJaNfQxcXEfW8lPHzp3weMDBgNrcuVby5Nix5N7EeEoPZyzPk1BvpzoIudE/zIO++ttpTIS3uMBLcqCny4M/mY8IHiLs/c1osP7nQ1QA96xBHTk3xxr9vVbVyCI68uQ79aumJbhP/nKO068HmBJ5M+4kRLNQ6US6dvd8/zbf2tyi0SqCJcLrUvF2AINlIc9T3oApftYdrcZpNeexQdb4HYkH4lwQg4oWbCMH/iDgc8KLJR21nXLZZrVkbSxcDvwcYsMeGwZrVOpuR Chef
+# gitea public key
+command="/usr/local/bin/gitea --config=\"/etc/gitea/app.ini\" serv key-9",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuib90/h5aKtL411mOOTe7Ja5udeSTfF9mmTVuVsw5TEbOZPEI0O+PWuCCg6DKHVtAb0POoBjg+I8V4NS2VGIAur0mUyKIY7Zadk/3Y/jdbEtS0IGMwdJOgfTEBFvNNXhx+di3cUPTOvSBlnXpIi3vMetzOmqXvb285RUTcPlmLQsdpnJGcShnWIwUXKqWwQB5QZ8MREPgdGedON4yyWsOIrCVJJjBRCwyWCbLQTNE6TKoWKauabPtNgdqFFcBmp6NYfR8Ob2qp0RVq2vi8FFxoEaFFbJUHlJIbiInVypPf3zwpXx8Gdw+Rr7Hs8YAGCjEqE8J8ZI0iXDhaE4HcrQPQ== kazu634@macbookpro.local

cookbooks/gitea/setup.rb

@@ -0,0 +1,131 @@
+# Create `git` user:
+user 'git' do
+  create_home true
+  home '/home/git/'
+
+  system_user true
+
+  shell '/bin/bash'
+end
+
+directory '/home/git/.ssh/' do
+  owner 'git'
+  group 'git'
+  mode  '0700'
+end
+
+remote_file '/home/git/.ssh/authorized_keys' do
+  owner 'git'
+  group 'git'
+  mode  '0600'
+end
+
+# Create `/etc/gitea/`:
+%w(/etc/gitea).each do |d|
+  directory d do
+    owner  'root'
+    group  'root'
+    mode   '0755'
+  end
+end
+
+%w(/var/lib/git /var/lib/gitea).each do |d|
+  directory d do
+    owner  'git'
+    group  'git'
+    mode   '0755'
+  end
+end
+
+execute 'rsync -vrz --delete admin@192.168.10.200:/volume1/Shared/AppData/gitea/gitea-data/ /var/lib/gitea/' do
+  not_if 'test -e /var/lib/gitea/log'
+end
+
+execute 'rsync -vrz --delete admin@192.168.10.200:/volume1/Shared/AppData/gitea/git/ /var/lib/git/' do
+  not_if 'test -e /var/lib/git/kazu634/'
+end
+
+execute 'chown -R git:git /var/lib/gitea/'
+execute 'chown -R git:git /var/lib/git/'
+
+# Deploy `app.ini`:
+remote_file '/etc/gitea/app.ini' do
+  owner  'git'
+  group  'git'
+  mode   '644'
+end
+
+# Deploy `supervisord` config`:
+remote_file '/etc/supervisor/conf.d/gitea.conf' do
+  owner  'root'
+  group  'root'
+  mode   '644'
+
+  notifies :restart, 'service[supervisor]'
+end
+
+service 'supervisor' do
+  action :nothing
+end
+
+# Depoy `consul` service configuration for `gitea`:
+remote_file '/etc/consul.d/service-gitea.json' do
+  owner  'root'
+  group  'root'
+  mode   '644'
+
+  notifies :restart, 'service[supervisor]'
+end
+
+# Depoy `promtail` configuration for `gitea`:
+template '/etc/promtail/gitea.yaml' do
+  owner  'root'
+  group  'root'
+  mode   '644'
+
+  variables(HOSTNAME: node[:hostname], LOKIENDPOINT: node['promtail']['lokiendpoint'])
+
+  notifies :restart, 'service[promtail-gitea]'
+end
+
+# Deploy `systemd` configuration for `promtail-gitea`:
+remote_file '/etc/systemd/system/promtail-gitea.service' do
+  owner  'root'
+  group  'root'
+  mode   '644'
+end
+
+# Service setting:
+service 'promtail-gitea' do
+  action [ :enable, :restart ]
+end
+
+# Deploy `systemd` configuration for `promtail-gitea`:
+remote_file '/etc/lsyncd/lsyncd.conf.lua' do
+  owner  'root'
+  group  'root'
+  mode   '644'
+end
+
+# Service setting:
+service 'lsyncd' do
+  action [ :enable, :restart ]
+end
+
+# Firewall settings here:
+%w( 3000/tcp ).each do |p|
+  execute "ufw allow #{p}" do
+    user 'root'
+
+    not_if "LANG=c ufw status | grep #{p}"
+
+    notifies :run, 'execute[ufw reload-or-enable]'
+  end
+end
+
+execute 'ufw reload-or-enable' do
+  user 'root'
+  command 'LANG=C ufw reload | grep skipping && ufw --force enable || exit 0'
+
+  action :nothing
+end

cookbooks/gitea/templates/etc/promtail/gitea.yaml

@@ -0,0 +1,61 @@
+server:
+  disable: true
+
+positions:
+  filename: /var/opt/promtail/promtail_gitea_position.yaml
+
+clients:
+  - url: http://<%= @LOKIENDPOINT %>/loki/api/v1/push
+
+scrape_configs:
+  - job_name: gitea
+    static_configs:
+    - targets:
+        - localhost
+      labels:
+        job: gitea
+        hostname: <%= @HOSTNAME %>
+        vhost: gitea.kazu634.com
+        __path__: /var/log/supervisor/gitea.log
+
+    pipeline_stages:
+    - match:
+        selector: '{job="gitea"}'
+
+        stages:
+        - drop:
+            expression: "(Static|robots.txt|sitemap.xml)"
+
+        - regex:
+            expression: '^\[Macaron\] (?P<timestamp>[0-9]+\-[0-9]+\-[0-9]+ +[0-9]+:[0-9]+:[0-9]+): (?P<message1>[^\/]+) (?P<uri>\/[^ ]*) (?P<response>[^ ]+) (?P<message2>.+)$'
+
+        - timestamp:
+            source: timestamp
+            format: 2006-01-02 15:04:05
+            location: Asia/Tokyo
+
+        - template:
+            source: message
+            template: '{{ .message1 }} {{ .uri }} ({{ .message2 }})'
+
+        - template:
+            source: level
+            template: '{{ .response }}'
+
+        - template:
+            source: level
+            template: '{{ regexReplaceAllLiteral "(2[0-9]+|3[0-9]+|for)" .Value "info" }}'
+
+        - template:
+            source: level
+            template: '{{ regexReplaceAllLiteral "4[0-9]+" .Value "warning" }}'
+
+        - template:
+            source: level
+            template: '{{ regexReplaceAllLiteral "5[0-9]+" .Value "error" }}'
+
+        - labels:
+            level:
+
+        - output:
+            source: message