From fdfa8d05de3e11a3314b0c647be6aedadedce3b8 Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Sun, 1 Nov 2020 16:25:28 +0900 Subject: [PATCH 1/5] Install and initial setup for `lsyncd`. --- cookbooks/base/default.rb | 3 ++ cookbooks/base/files/etc/logrotate.d/lsyncd | 13 +++++++ cookbooks/base/files/root/.ssh/id_rsa | 38 +++++++++++++++++++++ cookbooks/base/files/root/.ssh/known_hosts | 1 + cookbooks/base/lsyncd.rb | 30 ++++++++++++++++ 5 files changed, 85 insertions(+) create mode 100644 cookbooks/base/files/etc/logrotate.d/lsyncd create mode 100644 cookbooks/base/files/root/.ssh/id_rsa create mode 100644 cookbooks/base/files/root/.ssh/known_hosts create mode 100644 cookbooks/base/lsyncd.rb diff --git a/cookbooks/base/default.rb b/cookbooks/base/default.rb index caa17e2..5b904d1 100644 --- a/cookbooks/base/default.rb +++ b/cookbooks/base/default.rb @@ -60,6 +60,9 @@ include_recipe './kernel.rb' # Install mc command: include_recipe './mc.rb' +# Install lsyncd command: +include_recipe './lsyncd.rb' + # recipes for Ubuntu 16.04 if node['platform_version'].to_f == 16.04 # ntp configurations diff --git a/cookbooks/base/files/etc/logrotate.d/lsyncd b/cookbooks/base/files/etc/logrotate.d/lsyncd new file mode 100644 index 0000000..52d4ad1 --- /dev/null +++ b/cookbooks/base/files/etc/logrotate.d/lsyncd @@ -0,0 +1,13 @@ +/var/log/lsyncd/*.log { + rotate 4 + compress + delaycompress + missingok + notifempty + sharedscripts + postrotate + if [ -f /var/run/lsyncd.pid ]; then + /usr/bin/systemctl restart lsyncd.service > /dev/null 2>/dev/null || true + fi + endscript +} diff --git a/cookbooks/base/files/root/.ssh/id_rsa b/cookbooks/base/files/root/.ssh/id_rsa new file mode 100644 index 0000000..b979e47 --- /dev/null +++ b/cookbooks/base/files/root/.ssh/id_rsa @@ -0,0 +1,38 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn +NhAAAAAwEAAQAAAYEAtWmcJslzZaMUgqKoFW+lWI8XLpOh6rzHHb4h6ueUDQSwk9ShrxlA +RewgJTbOUIcVEl28xXPDmNm1VKMHCRMBqvCSQVJHdVFCkLFzIX++t0n9A3tJef1GSsCc/D +g2si/TO4Vux56mkDFqp0mJk3nI2obihh78PPSJAd6ScNZDUYGP2jM33ubbeytm/qPITd5I +gEKbKgQMzKDC1VaFmwTN9idhvFS8U2dA1oVG1CtOVhAPEQ5xqY5Dwfp4FZSrnvF64DZ7UX +PKG1ww4mxonECkM2hmcRLHs/FPGXpCsAUUGT9DAL3OJSxHDc+46i3Naxc6+mRyI9F2Wv9H +HDT1d3U7nL9ZQggm0L/EYbS79LqkzBUnYRNerkuNve+G13wxl45d5oPC9D+wXdbg/LSZyc +r3eNyzSiuwOZWezJvhKZ4t4qUJvLvi4pHxiMcBHAc4bMKkNATHvLMtINvM2w9iySikgZbp +JEKLWSOJF1qqwtJZKs10EDkUX6v2+fyw4Nvg+S6hAAAFiFglwLVYJcC1AAAAB3NzaC1yc2 +EAAAGBALVpnCbJc2WjFIKiqBVvpViPFy6Toeq8xx2+IernlA0EsJPUoa8ZQEXsICU2zlCH +FRJdvMVzw5jZtVSjBwkTAarwkkFSR3VRQpCxcyF/vrdJ/QN7SXn9RkrAnPw4NrIv0zuFbs +eeppAxaqdJiZN5yNqG4oYe/Dz0iQHeknDWQ1GBj9ozN97m23srZv6jyE3eSIBCmyoEDMyg +wtVWhZsEzfYnYbxUvFNnQNaFRtQrTlYQDxEOcamOQ8H6eBWUq57xeuA2e1FzyhtcMOJsaJ +xApDNoZnESx7PxTxl6QrAFFBk/QwC9ziUsRw3PuOotzWsXOvpkciPRdlr/Rxw09Xd1O5y/ +WUIIJtC/xGG0u/S6pMwVJ2ETXq5Ljb3vhtd8MZeOXeaDwvQ/sF3W4Py0mcnK93jcs0orsD +mVnsyb4SmeLeKlCby74uKR8YjHARwHOGzCpDQEx7yzLSDbzNsPYskopIGW6SRCi1kjiRda +qsLSWSrNdBA5FF+r9vn8sODb4PkuoQAAAAMBAAEAAAGAOLASsnAa1jS6kQPA4Ent8hlslg +pd+1sYIWwrbxsEQXkosFkuWOfcFL1vYhGZMMK1S/LsrQq6oUXOiu8SoLxGtiLMoQrT9433 +7fz1TA9+CgpdvLvGvw7s6yj7JTlvpgiZyiys7EXgKIi4miO5kNLqd5bUrDJ8gZOsSGBDhG +z/xjVlPTrqB4Y+KWProECPs/10zFeD4wI2+a52k3Gg+ErtDTFLMi2MV8eZFC+7bUtHBE+q +VZsc223wMGpTIfM+GcG9LBud9cmfrZ5dIIQixviURAQLvX2PqI6/haJCPWKVy8IJ44rrGY +jpUTIVXZL4TOhsxblQOH3o6qILbcVbMCqYSmt7RsRLRyz8vlUbtWWH+tVbhcvsAYZoeh0P +Bki4FhVE/yXpkskTC3k7YLyJvDeXJWZlujkYsoy+WBA96PZTQQk5nNOS8IqJ1nS7y3eaTq +wp+VmXcbaGMujgRwo+QfYdtu6Rx4FCAyUZxA/e06k2mxbo1B4SqddSxdpyIesQAju9AAAA +wQCgXaDHIM2nnLM7tZZyNeIPoNOrahvWsqwPwxq/+6tTAlv2KaGUbE0tg40Esn5zR/ffgh +6jz/OpaGLLuCeOLVsOXocxRk0QuM4w5crtFduisjygMHwGnDEnP9xzRZDGBwumuNdGjEJt +dnklT5/rJHmv70f8KocT/s0AyYBNeWnN+11qBVB8jFje3t65kMVQ8W8oOQ2nIcjnkg6typ +7QjGAE57SSFGIyxEuenLQT4Weke0MunWW5ZC7wntoA8QokcdMAAADBAN3aYpE3R6LL2je4 +cblBh4SSe0m320u6y5S5RwJeK4I7tiMsMtdVZGZkgG5BqaN5qEBzB4FcdccNvQfTLwIPS4 +r0LKEdqMF7Z3Y4HKjEt9P+OFu8zvJ/s3QlSIy2l1sHOiVEOKg3WQhX1ropotqsbPJGYOVK +Wa4DaVtx1oNiRNTDohAajrHG697PBu0dVHIsBVEkzrV9xZPB/nNYNa9OE+DH1zD/0tUUNw ++L/mMjz9KDZJ+3mUWlNxMU0U5d/B0cbwAAAMEA0VXCDduckbbrKb5PrV1NGlZD8FlFgovx +IbOlhB1Zfbop4N8QndsMx5pXRwDOCiJ7z5Sc2huuJ5OCTnmW4yGajXo/yfX63B+suELbPk +tjO5nl6yGcgOz95V2sfkCqlvchsxYN3qTmolWD0PadK5Sno8glzyM60sGv+basfgEOBsli +GTIWv6gUA8QSVPkYFyircWMk7S7HwB1nc39B2XVdMzZkKnNKqv9yHhaEBxOzWwulUksEuN +Jge4w7RaxPRg3vAAAAEHJvb3RAYmFzdGlvbjIwMDQBAg== +-----END OPENSSH PRIVATE KEY----- diff --git a/cookbooks/base/files/root/.ssh/known_hosts b/cookbooks/base/files/root/.ssh/known_hosts new file mode 100644 index 0000000..84e08df --- /dev/null +++ b/cookbooks/base/files/root/.ssh/known_hosts @@ -0,0 +1 @@ +|1|/SRt7pnr5wRdTihEn9BLVAij7X8=|AiMlTVmMn4KG3ITCPxG+iL+1Z4o= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAej4lWqrN/bly94FQVTjNEsBxK7RiMlAkXrJQhnr6nLaLK0yEAJUHGZXF0LwnxYH9r734W6eDfQiqyqmbE2vPg= diff --git a/cookbooks/base/lsyncd.rb b/cookbooks/base/lsyncd.rb new file mode 100644 index 0000000..5c29b1a --- /dev/null +++ b/cookbooks/base/lsyncd.rb @@ -0,0 +1,30 @@ +package 'lsyncd' + +# Create /etc/sudoers.d/ +%w( /etc/lsyncd /var/log/lsyncd ).each do |d| + directory d do + owner 'root' + group 'root' + mode '755' + end +end + +directory '/root/.ssh/' do + owner 'root' + group 'root' + mode '0700' +end + +%w(id_rsa known_hosts).each do |f| + remote_file "/root/.ssh/#{f}" do + owner 'root' + group 'root' + mode '600' + end +end + +remote_file '/etc/logrotate.d/lsyncd' do + owner 'root' + group 'root' + mode '644' +end From b9f79057a249542eafca96de2a91bf3d883af0d4 Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Sun, 1 Nov 2020 13:15:32 +0900 Subject: [PATCH 2/5] Install `gitea`. --- cookbooks/gitea/attributes.rb | 12 ++++++++ cookbooks/gitea/default.rb | 5 ++++ cookbooks/gitea/install.rb | 55 +++++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+) create mode 100644 cookbooks/gitea/attributes.rb create mode 100644 cookbooks/gitea/default.rb create mode 100644 cookbooks/gitea/install.rb diff --git a/cookbooks/gitea/attributes.rb b/cookbooks/gitea/attributes.rb new file mode 100644 index 0000000..15f3148 --- /dev/null +++ b/cookbooks/gitea/attributes.rb @@ -0,0 +1,12 @@ +# ------------------------------------------- +# Specifying the default settings: +# ------------------------------------------- +node.reverse_merge!({ + 'gitea' => { + 'url' => 'https://github.com/go-gitea/gitea/releases/download/', + 'prefix' => 'gitea-', + 'postfix' => '-linux-amd64', + 'storage' => '/opt/gitea/', + 'location' => '/usr/local/bin/' + }, +}) diff --git a/cookbooks/gitea/default.rb b/cookbooks/gitea/default.rb new file mode 100644 index 0000000..c610d81 --- /dev/null +++ b/cookbooks/gitea/default.rb @@ -0,0 +1,5 @@ +# Loading the attributes: +include_recipe './attributes.rb' + +# Install: +include_recipe './install.rb' diff --git a/cookbooks/gitea/install.rb b/cookbooks/gitea/install.rb new file mode 100644 index 0000000..433914e --- /dev/null +++ b/cookbooks/gitea/install.rb @@ -0,0 +1,55 @@ +gitea_url = '' +gitea_bin = '' + +vtag = '' +tag = '' + +# Calculate the Download URL: +begin + require 'net/http' + + uri = URI.parse('https://github.com/go-gitea/gitea/releases/latest') + + Timeout.timeout(3) do + response = Net::HTTP.get_response(uri) + + vtag = $1 if response.body =~ %r{tag\/(v\d+\.\d+\.\d+)} + tag = vtag.sub(/^v/, '') + + gitea_bin = "#{node['gitea']['prefix']}#{tag}#{node['gitea']['postfix']}" + gitea_url = "#{node['gitea']['url']}/#{vtag}/#{gitea_bin}" + end +rescue + # Abort the chef client process: + raise 'Cannot connect to http://github.com.' +end + +# バージョン確認して、アップデート必要かどうか確認 +result = run_command("gitea --version 2>&1 | grep #{tag}", error: false) +if result.exit_status != 0 + # Download: + TMP = "/tmp/#{gitea_bin}" + + execute "wget #{gitea_url} -O #{TMP}" + + # Install: + directory node['gitea']['storage'] do + owner 'root' + group 'root' + mode '755' + end + + execute "mv #{TMP} #{node['gitea']['storage']}/gitea" + + # Change Owner and Permissions: + file "#{node['gitea']['storage']}/gitea" do + owner 'root' + group 'root' + mode '755' + end + + # Create Link + link "#{node['gitea']['location']}/gitea" do + to "#{node['gitea']['storage']}/gitea" + end +end From 294c24b89a2fbd52dd81e0f81f3cee8fbdd17bb0 Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Sun, 1 Nov 2020 13:53:06 +0900 Subject: [PATCH 3/5] Set up `gitea`. --- cookbooks/gitea/default.rb | 3 + .../files/etc/consul.d/service-gitea.json | 12 ++ cookbooks/gitea/files/etc/gitea/app.ini | 78 +++++++++++ .../gitea/files/etc/lsyncd/lsyncd.conf.lua | 26 ++++ .../files/etc/supervisor/conf.d/gitea.conf | 10 ++ .../etc/systemd/system/promtail-gitea.service | 12 ++ .../gitea/files/home/git/.ssh/authorized_keys | 6 + cookbooks/gitea/setup.rb | 131 ++++++++++++++++++ .../gitea/templates/etc/promtail/gitea.yaml | 61 ++++++++ 9 files changed, 339 insertions(+) create mode 100644 cookbooks/gitea/files/etc/consul.d/service-gitea.json create mode 100644 cookbooks/gitea/files/etc/gitea/app.ini create mode 100644 cookbooks/gitea/files/etc/lsyncd/lsyncd.conf.lua create mode 100644 cookbooks/gitea/files/etc/supervisor/conf.d/gitea.conf create mode 100644 cookbooks/gitea/files/etc/systemd/system/promtail-gitea.service create mode 100644 cookbooks/gitea/files/home/git/.ssh/authorized_keys create mode 100644 cookbooks/gitea/setup.rb create mode 100644 cookbooks/gitea/templates/etc/promtail/gitea.yaml diff --git a/cookbooks/gitea/default.rb b/cookbooks/gitea/default.rb index c610d81..4798ef2 100644 --- a/cookbooks/gitea/default.rb +++ b/cookbooks/gitea/default.rb @@ -3,3 +3,6 @@ include_recipe './attributes.rb' # Install: include_recipe './install.rb' + +# Setup: +include_recipe './setup.rb' diff --git a/cookbooks/gitea/files/etc/consul.d/service-gitea.json b/cookbooks/gitea/files/etc/consul.d/service-gitea.json new file mode 100644 index 0000000..add1be2 --- /dev/null +++ b/cookbooks/gitea/files/etc/consul.d/service-gitea.json @@ -0,0 +1,12 @@ +{ + "service": { + "name": "gitea", + "port": 3000, + "check":{ + "tcp": "localhost:3000", + "interval": "60s", + "timeout": "1s", + "success_before_passing": 3 + } + } +} diff --git a/cookbooks/gitea/files/etc/gitea/app.ini b/cookbooks/gitea/files/etc/gitea/app.ini new file mode 100644 index 0000000..b5f7ba0 --- /dev/null +++ b/cookbooks/gitea/files/etc/gitea/app.ini @@ -0,0 +1,78 @@ +APP_NAME = Gitea: Git with a cup of tea +RUN_USER = git +RUN_MODE = prod + +[oauth2] +JWT_SECRET = Cyb3GmSaoJpkaHhA5X6wiNCK7KsngKEr6w_v37WZ1a4 + +[security] +INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NjMzNzYxNzR9.Z8_xg9eBZt8fSMTQLQB2xxGUx7GB5M3_v_Tsc441LOg +INSTALL_LOCK = true +SECRET_KEY = Br3eWgKaVIvM2TiHgvRnDbeZTSvBeVxSOS2VbjsPiyZ8Egigqre4dq0ZqaIKoxlB + +[database] +DB_TYPE = mysql +HOST = 192.168.10.200:3307 +NAME = gitea +USER = root +PASSWD = Holiday88 +SSL_MODE = disable +PATH = /var/lib/gitea/data/gitea.db + +[repository] +ROOT = /var/lib/git + +[server] +SSH_DOMAIN = gitea.kazu634.com +DOMAIN = gitea.kazu634.com +HTTP_PORT = 3000 +ROOT_URL = https://gitea.kazu634.com/ +DISABLE_SSH = false +SSH_PORT = 50022 +LFS_START_SERVER = true +LFS_CONTENT_PATH = /var/lib/gitea/data/lfs +LFS_JWT_SECRET = hcxZi2iadhyYTdRtAOJXXWPckR-lK2rFHPCbA1isvV0 +OFFLINE_MODE = false + +[mailer] +ENABLED = false + +[service] +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = false +DISABLE_REGISTRATION = true +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = true +REQUIRE_SIGNIN_VIEW = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.example.org + +[picture] +DISABLE_GRAVATAR = false +ENABLE_FEDERATED_AVATAR = true + +[openid] +ENABLE_OPENID_SIGNIN = false +ENABLE_OPENID_SIGNUP = false + +[session] +PROVIDER = file + +[log] +MODE = file +LEVEL = Info +ROOT_PATH = /var/lib/gitea/log + +[other] +SHOW_FOOTER_VERSION = false + +[attachment] +ENABLED = true +ALLOWED_TYPES = */* +MAX_SIZE = 1024 +MAX_FILES = 25 + +[metrics] +ENABLED = true diff --git a/cookbooks/gitea/files/etc/lsyncd/lsyncd.conf.lua b/cookbooks/gitea/files/etc/lsyncd/lsyncd.conf.lua new file mode 100644 index 0000000..fea517a --- /dev/null +++ b/cookbooks/gitea/files/etc/lsyncd/lsyncd.conf.lua @@ -0,0 +1,26 @@ +settings { + logfile = "/var/log/lsyncd/lsyncd.log", + statusFile = "/var/log/lsyncd/lsyncd.status", + statusInterval = 20, + nodaemon = false +} + +sync { + default.rsync, + source = "/var/lib/git/", + target = "admin@192.168.10.200:/volume1/Shared/AppData/gitea/git/", + rsync = { + archive = true, + compress = true + } +} + +sync { + default.rsync, + source = "/var/lib/gitea/", + target = "admin@192.168.10.200:/volume1/Shared/AppData/gitea/gitea-data/", + rsync = { + archive = true, + compress = true + } +} diff --git a/cookbooks/gitea/files/etc/supervisor/conf.d/gitea.conf b/cookbooks/gitea/files/etc/supervisor/conf.d/gitea.conf new file mode 100644 index 0000000..d251545 --- /dev/null +++ b/cookbooks/gitea/files/etc/supervisor/conf.d/gitea.conf @@ -0,0 +1,10 @@ +[program:gitea] +command=/usr/local/bin/gitea web -c /etc/gitea/app.ini +user=git +stdout_logfile=/var/log/supervisor/gitea.log +environment=GITEA_WORK_DIR="/var/lib/gitea/", HOME="/home/git", USER="git" +redirect_stderr=true +stdout_logfile_maxbytes=1MB +stdout_logfile_backups=5 +autorestart=true +stopsignal=TERM diff --git a/cookbooks/gitea/files/etc/systemd/system/promtail-gitea.service b/cookbooks/gitea/files/etc/systemd/system/promtail-gitea.service new file mode 100644 index 0000000..e1380bd --- /dev/null +++ b/cookbooks/gitea/files/etc/systemd/system/promtail-gitea.service @@ -0,0 +1,12 @@ +[Unit] +Description=Grafana Promtail +Documentation=https://github.com/grafana/loki +After=network-online.target + +[Service] +User=root +Restart=always +ExecStart=/usr/local/bin/promtail --config.file=/etc/promtail/gitea.yaml + +[Install] +WantedBy=multi-user.target diff --git a/cookbooks/gitea/files/home/git/.ssh/authorized_keys b/cookbooks/gitea/files/home/git/.ssh/authorized_keys new file mode 100644 index 0000000..c7d6cab --- /dev/null +++ b/cookbooks/gitea/files/home/git/.ssh/authorized_keys @@ -0,0 +1,6 @@ +# gitea public key +command="/usr/local/bin/gitea --config=\"/etc/gitea/app.ini\" serv key-4",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKaziOfXcs96+p5WU67S/v3RD2HvuRN9iqROba8REj3fZygCrVHnboF6I3O5fmO7FXh2Nj8iLW/aQT0LxondM2hch67g6D4sM4qcshriYYRfMHTc+w7jVE6bhzpl78kCUM/Scy/IwCXqMNwWDoji8Yt2MMIBsAoUPhP1DdseHsBpxXDtKVcaHy35SM+uEsl34yvcXiobitYtrclxI8D7AiRHQ77VoHzlv8m93WFKBYlJ4JbtaQpVPncpJzcqhs1gD0eIHCHHF8xg8VsrDyiWVBoh+4ixnr+HYUbhRRBalvDuGdgFdccDt1RIWWrlZNelRecR1LNgyvWL5x9H/4YMh9 WorkingCopy@KazuhirosiPad-24032019 +# gitea public key +command="/usr/local/bin/gitea --config=\"/etc/gitea/app.ini\" serv key-5",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxKUdftBP05WHbz2wIbYqhgYpmvR/tcIrnVngM2vH3hvbFfS6Es2TBswqTml5+gRzyZrjaii3rJaNfQxcXEfW8lPHzp3weMDBgNrcuVby5Nix5N7EeEoPZyzPk1BvpzoIudE/zIO++ttpTIS3uMBLcqCny4M/mY8IHiLs/c1osP7nQ1QA96xBHTk3xxr9vVbVyCI68uQ79aumJbhP/nKO068HmBJ5M+4kRLNQ6US6dvd8/zbf2tyi0SqCJcLrUvF2AINlIc9T3oApftYdrcZpNeexQdb4HYkH4lwQg4oWbCMH/iDgc8KLJR21nXLZZrVkbSxcDvwcYsMeGwZrVOpuR Chef +# gitea public key +command="/usr/local/bin/gitea --config=\"/etc/gitea/app.ini\" serv key-9",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuib90/h5aKtL411mOOTe7Ja5udeSTfF9mmTVuVsw5TEbOZPEI0O+PWuCCg6DKHVtAb0POoBjg+I8V4NS2VGIAur0mUyKIY7Zadk/3Y/jdbEtS0IGMwdJOgfTEBFvNNXhx+di3cUPTOvSBlnXpIi3vMetzOmqXvb285RUTcPlmLQsdpnJGcShnWIwUXKqWwQB5QZ8MREPgdGedON4yyWsOIrCVJJjBRCwyWCbLQTNE6TKoWKauabPtNgdqFFcBmp6NYfR8Ob2qp0RVq2vi8FFxoEaFFbJUHlJIbiInVypPf3zwpXx8Gdw+Rr7Hs8YAGCjEqE8J8ZI0iXDhaE4HcrQPQ== kazu634@macbookpro.local diff --git a/cookbooks/gitea/setup.rb b/cookbooks/gitea/setup.rb new file mode 100644 index 0000000..6e4a6f7 --- /dev/null +++ b/cookbooks/gitea/setup.rb @@ -0,0 +1,131 @@ +# Create `git` user: +user 'git' do + create_home true + home '/home/git/' + + system_user true + + shell '/bin/bash' +end + +directory '/home/git/.ssh/' do + owner 'git' + group 'git' + mode '0700' +end + +remote_file '/home/git/.ssh/authorized_keys' do + owner 'git' + group 'git' + mode '0600' +end + +# Create `/etc/gitea/`: +%w(/etc/gitea).each do |d| + directory d do + owner 'root' + group 'root' + mode '0755' + end +end + +%w(/var/lib/git /var/lib/gitea).each do |d| + directory d do + owner 'git' + group 'git' + mode '0755' + end +end + +execute 'rsync -vrz --delete admin@192.168.10.200:/volume1/Shared/AppData/gitea/gitea-data/ /var/lib/gitea/' do + not_if 'test -e /var/lib/gitea/log' +end + +execute 'rsync -vrz --delete admin@192.168.10.200:/volume1/Shared/AppData/gitea/git/ /var/lib/git/' do + not_if 'test -e /var/lib/git/kazu634/' +end + +execute 'chown -R git:git /var/lib/gitea/' +execute 'chown -R git:git /var/lib/git/' + +# Deploy `app.ini`: +remote_file '/etc/gitea/app.ini' do + owner 'git' + group 'git' + mode '644' +end + +# Deploy `supervisord` config`: +remote_file '/etc/supervisor/conf.d/gitea.conf' do + owner 'root' + group 'root' + mode '644' + + notifies :restart, 'service[supervisor]' +end + +service 'supervisor' do + action :nothing +end + +# Depoy `consul` service configuration for `gitea`: +remote_file '/etc/consul.d/service-gitea.json' do + owner 'root' + group 'root' + mode '644' + + notifies :restart, 'service[supervisor]' +end + +# Depoy `promtail` configuration for `gitea`: +template '/etc/promtail/gitea.yaml' do + owner 'root' + group 'root' + mode '644' + + variables(HOSTNAME: node[:hostname], LOKIENDPOINT: node['promtail']['lokiendpoint']) + + notifies :restart, 'service[promtail-gitea]' +end + +# Deploy `systemd` configuration for `promtail-gitea`: +remote_file '/etc/systemd/system/promtail-gitea.service' do + owner 'root' + group 'root' + mode '644' +end + +# Service setting: +service 'promtail-gitea' do + action [ :enable, :restart ] +end + +# Deploy `systemd` configuration for `promtail-gitea`: +remote_file '/etc/lsyncd/lsyncd.conf.lua' do + owner 'root' + group 'root' + mode '644' +end + +# Service setting: +service 'lsyncd' do + action [ :enable, :restart ] +end + +# Firewall settings here: +%w( 3000/tcp ).each do |p| + execute "ufw allow #{p}" do + user 'root' + + not_if "LANG=c ufw status | grep #{p}" + + notifies :run, 'execute[ufw reload-or-enable]' + end +end + +execute 'ufw reload-or-enable' do + user 'root' + command 'LANG=C ufw reload | grep skipping && ufw --force enable || exit 0' + + action :nothing +end diff --git a/cookbooks/gitea/templates/etc/promtail/gitea.yaml b/cookbooks/gitea/templates/etc/promtail/gitea.yaml new file mode 100644 index 0000000..48d7dd0 --- /dev/null +++ b/cookbooks/gitea/templates/etc/promtail/gitea.yaml @@ -0,0 +1,61 @@ +server: + disable: true + +positions: + filename: /var/opt/promtail/promtail_gitea_position.yaml + +clients: + - url: http://<%= @LOKIENDPOINT %>/loki/api/v1/push + +scrape_configs: + - job_name: gitea + static_configs: + - targets: + - localhost + labels: + job: gitea + hostname: <%= @HOSTNAME %> + vhost: gitea.kazu634.com + __path__: /var/log/supervisor/gitea.log + + pipeline_stages: + - match: + selector: '{job="gitea"}' + + stages: + - drop: + expression: "(Static|robots.txt|sitemap.xml)" + + - regex: + expression: '^\[Macaron\] (?P[0-9]+\-[0-9]+\-[0-9]+ +[0-9]+:[0-9]+:[0-9]+): (?P[^\/]+) (?P\/[^ ]*) (?P[^ ]+) (?P.+)$' + + - timestamp: + source: timestamp + format: 2006-01-02 15:04:05 + location: Asia/Tokyo + + - template: + source: message + template: '{{ .message1 }} {{ .uri }} ({{ .message2 }})' + + - template: + source: level + template: '{{ .response }}' + + - template: + source: level + template: '{{ regexReplaceAllLiteral "(2[0-9]+|3[0-9]+|for)" .Value "info" }}' + + - template: + source: level + template: '{{ regexReplaceAllLiteral "4[0-9]+" .Value "warning" }}' + + - template: + source: level + template: '{{ regexReplaceAllLiteral "5[0-9]+" .Value "error" }}' + + - labels: + level: + + - output: + source: message From 49b4326aa1768c11cc085304c76389c7f6688a27 Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Sun, 1 Nov 2020 14:31:00 +0900 Subject: [PATCH 4/5] Install `go-mmproxy`. --- cookbooks/gitea/attributes.rb | 6 ++++++ cookbooks/gitea/default.rb | 2 ++ cookbooks/gitea/install-go-mmproxy.rb | 29 +++++++++++++++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 cookbooks/gitea/install-go-mmproxy.rb diff --git a/cookbooks/gitea/attributes.rb b/cookbooks/gitea/attributes.rb index 15f3148..618852a 100644 --- a/cookbooks/gitea/attributes.rb +++ b/cookbooks/gitea/attributes.rb @@ -9,4 +9,10 @@ node.reverse_merge!({ 'storage' => '/opt/gitea/', 'location' => '/usr/local/bin/' }, + 'go-mmproxy' => { + 'url' => 'https://github.com/path-network/go-mmproxy/releases/', + 'bin_url' => 'https://github.com/path-network/go-mmproxy/releases/download/2.0/go-mmproxy-2.0-centos8-x86_64', + 'storage' => '/opt/go-mmproxy/', + 'location' => '/usr/local/bin/' + }, }) diff --git a/cookbooks/gitea/default.rb b/cookbooks/gitea/default.rb index 4798ef2..c7465cf 100644 --- a/cookbooks/gitea/default.rb +++ b/cookbooks/gitea/default.rb @@ -3,6 +3,8 @@ include_recipe './attributes.rb' # Install: include_recipe './install.rb' +include_recipe './install-go-mmproxy.rb' # Setup: include_recipe './setup.rb' +include_recipe './setup-go-mmproxy.rb' diff --git a/cookbooks/gitea/install-go-mmproxy.rb b/cookbooks/gitea/install-go-mmproxy.rb new file mode 100644 index 0000000..5ccf64c --- /dev/null +++ b/cookbooks/gitea/install-go-mmproxy.rb @@ -0,0 +1,29 @@ +# Download: +TMP = "/tmp/go-mmproxy" + +execute "wget #{node['go-mmproxy']['bin_url']} -O #{TMP}" do + not_if "test -e #{node['go-mmproxy']['storage']}/go-mmproxy" +end + +# Install: +directory node['go-mmproxy']['storage'] do + owner 'root' + group 'root' + mode '755' +end + +execute "mv #{TMP} #{node['go-mmproxy']['storage']}/go-mmproxy" do + not_if "test -e #{node['go-mmproxy']['storage']}/go-mmproxy" +end + +# Change Owner and Permissions: +file "#{node['go-mmproxy']['storage']}/go-mmproxy" do + owner 'root' + group 'root' + mode '755' +end + +# Create Link +link "#{node['go-mmproxy']['location']}/go-mmproxy" do + to "#{node['go-mmproxy']['storage']}/go-mmproxy" +end From 2228abd12a3c02ed64d91e4d568c62c53775c67b Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Sun, 1 Nov 2020 14:50:37 +0900 Subject: [PATCH 5/5] Set up `go-mmproxy`. --- .../etc/consul.d/service-go-mmproxy.json | 12 ++++++ .../etc/systemd/system/go-mmproxy.service | 17 ++++++++ cookbooks/gitea/setup-go-mmproxy.rb | 39 +++++++++++++++++++ 3 files changed, 68 insertions(+) create mode 100644 cookbooks/gitea/files/etc/consul.d/service-go-mmproxy.json create mode 100644 cookbooks/gitea/files/etc/systemd/system/go-mmproxy.service create mode 100644 cookbooks/gitea/setup-go-mmproxy.rb diff --git a/cookbooks/gitea/files/etc/consul.d/service-go-mmproxy.json b/cookbooks/gitea/files/etc/consul.d/service-go-mmproxy.json new file mode 100644 index 0000000..f45b065 --- /dev/null +++ b/cookbooks/gitea/files/etc/consul.d/service-go-mmproxy.json @@ -0,0 +1,12 @@ +{ + "service": { + "name": "go-mmproxy", + "port": 50021, + "check":{ + "tcp": "localhost:50021", + "interval": "60s", + "timeout": "1s", + "success_before_passing": 3 + } + } +} diff --git a/cookbooks/gitea/files/etc/systemd/system/go-mmproxy.service b/cookbooks/gitea/files/etc/systemd/system/go-mmproxy.service new file mode 100644 index 0000000..cc14caf --- /dev/null +++ b/cookbooks/gitea/files/etc/systemd/system/go-mmproxy.service @@ -0,0 +1,17 @@ +[Unit] +Description=go-mmproxy +After=network.target + +[Service] +Type=simple +LimitNOFILE=65535 +ExecStartPost=/sbin/ip rule add from 127.0.0.1/8 iif lo table 123 +ExecStartPost=/sbin/ip route add local 0.0.0.0/0 dev lo table 123 +ExecStart=/usr/local/bin/go-mmproxy -l 0.0.0.0:50021 -4 127.0.0.1:10022 -v 2 +ExecStopPost=/sbin/ip rule del from 127.0.0.1/8 iif lo table 123 +ExecStopPost=/sbin/ip route del local 0.0.0.0/0 dev lo table 123 +Restart=on-failure +RestartSec=10s + +[Install] +WantedBy=multi-user.target diff --git a/cookbooks/gitea/setup-go-mmproxy.rb b/cookbooks/gitea/setup-go-mmproxy.rb new file mode 100644 index 0000000..f1c81e9 --- /dev/null +++ b/cookbooks/gitea/setup-go-mmproxy.rb @@ -0,0 +1,39 @@ +# Deploy `supervisord` config`: +remote_file '/etc/systemd/system/go-mmproxy.service' do + owner 'root' + group 'root' + mode '644' + + notifies :restart, 'service[go-mmproxy]' +end + +service 'go-mmproxy' do + action [ :enable, :restart ] +end + +# Depoy `consul` service configuration for `gitea`: +remote_file '/etc/consul.d/service-go-mmproxy.json' do + owner 'root' + group 'root' + mode '644' + + notifies :restart, 'service[supervisor]' +end + +# Firewall settings here: +%w( 50021/tcp ).each do |p| + execute "ufw allow #{p}" do + user 'root' + + not_if "LANG=c ufw status | grep #{p}" + + notifies :run, 'execute[ufw reload-or-enable]' + end +end + +execute 'ufw reload-or-enable' do + user 'root' + command 'LANG=C ufw reload | grep skipping && ufw --force enable || exit 0' + + action :nothing +end