Merge pull request 'Install Gitea' (#52) from install-gitea into master

Reviewed-on: #52

cookbooks/base/default.rb

@@ -60,6 +60,9 @@ include_recipe './kernel.rb'
 # Install mc command:
 include_recipe './mc.rb'
 
+# Install lsyncd command:
+include_recipe './lsyncd.rb'
+
 # recipes for Ubuntu 16.04
 if node['platform_version'].to_f == 16.04
   # ntp configurations

cookbooks/base/files/etc/logrotate.d/lsyncd

@@ -0,0 +1,13 @@
+/var/log/lsyncd/*.log {
+  rotate 4
+  compress
+  delaycompress
+  missingok
+  notifempty
+  sharedscripts
+  postrotate
+  if [ -f /var/run/lsyncd.pid ]; then
+    /usr/bin/systemctl restart lsyncd.service > /dev/null 2>/dev/null || true
+  fi
+  endscript
+}

cookbooks/base/files/root/.ssh/id_rsa

@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEAtWmcJslzZaMUgqKoFW+lWI8XLpOh6rzHHb4h6ueUDQSwk9ShrxlA
+RewgJTbOUIcVEl28xXPDmNm1VKMHCRMBqvCSQVJHdVFCkLFzIX++t0n9A3tJef1GSsCc/D
+g2si/TO4Vux56mkDFqp0mJk3nI2obihh78PPSJAd6ScNZDUYGP2jM33ubbeytm/qPITd5I
+gEKbKgQMzKDC1VaFmwTN9idhvFS8U2dA1oVG1CtOVhAPEQ5xqY5Dwfp4FZSrnvF64DZ7UX
+PKG1ww4mxonECkM2hmcRLHs/FPGXpCsAUUGT9DAL3OJSxHDc+46i3Naxc6+mRyI9F2Wv9H
+HDT1d3U7nL9ZQggm0L/EYbS79LqkzBUnYRNerkuNve+G13wxl45d5oPC9D+wXdbg/LSZyc
+r3eNyzSiuwOZWezJvhKZ4t4qUJvLvi4pHxiMcBHAc4bMKkNATHvLMtINvM2w9iySikgZbp
+JEKLWSOJF1qqwtJZKs10EDkUX6v2+fyw4Nvg+S6hAAAFiFglwLVYJcC1AAAAB3NzaC1yc2
+EAAAGBALVpnCbJc2WjFIKiqBVvpViPFy6Toeq8xx2+IernlA0EsJPUoa8ZQEXsICU2zlCH
+FRJdvMVzw5jZtVSjBwkTAarwkkFSR3VRQpCxcyF/vrdJ/QN7SXn9RkrAnPw4NrIv0zuFbs
+eeppAxaqdJiZN5yNqG4oYe/Dz0iQHeknDWQ1GBj9ozN97m23srZv6jyE3eSIBCmyoEDMyg
+wtVWhZsEzfYnYbxUvFNnQNaFRtQrTlYQDxEOcamOQ8H6eBWUq57xeuA2e1FzyhtcMOJsaJ
+xApDNoZnESx7PxTxl6QrAFFBk/QwC9ziUsRw3PuOotzWsXOvpkciPRdlr/Rxw09Xd1O5y/
+WUIIJtC/xGG0u/S6pMwVJ2ETXq5Ljb3vhtd8MZeOXeaDwvQ/sF3W4Py0mcnK93jcs0orsD
+mVnsyb4SmeLeKlCby74uKR8YjHARwHOGzCpDQEx7yzLSDbzNsPYskopIGW6SRCi1kjiRda
+qsLSWSrNdBA5FF+r9vn8sODb4PkuoQAAAAMBAAEAAAGAOLASsnAa1jS6kQPA4Ent8hlslg
+pd+1sYIWwrbxsEQXkosFkuWOfcFL1vYhGZMMK1S/LsrQq6oUXOiu8SoLxGtiLMoQrT9433
+7fz1TA9+CgpdvLvGvw7s6yj7JTlvpgiZyiys7EXgKIi4miO5kNLqd5bUrDJ8gZOsSGBDhG
+z/xjVlPTrqB4Y+KWProECPs/10zFeD4wI2+a52k3Gg+ErtDTFLMi2MV8eZFC+7bUtHBE+q
+VZsc223wMGpTIfM+GcG9LBud9cmfrZ5dIIQixviURAQLvX2PqI6/haJCPWKVy8IJ44rrGY
+jpUTIVXZL4TOhsxblQOH3o6qILbcVbMCqYSmt7RsRLRyz8vlUbtWWH+tVbhcvsAYZoeh0P
+Bki4FhVE/yXpkskTC3k7YLyJvDeXJWZlujkYsoy+WBA96PZTQQk5nNOS8IqJ1nS7y3eaTq
+wp+VmXcbaGMujgRwo+QfYdtu6Rx4FCAyUZxA/e06k2mxbo1B4SqddSxdpyIesQAju9AAAA
+wQCgXaDHIM2nnLM7tZZyNeIPoNOrahvWsqwPwxq/+6tTAlv2KaGUbE0tg40Esn5zR/ffgh
+6jz/OpaGLLuCeOLVsOXocxRk0QuM4w5crtFduisjygMHwGnDEnP9xzRZDGBwumuNdGjEJt
+dnklT5/rJHmv70f8KocT/s0AyYBNeWnN+11qBVB8jFje3t65kMVQ8W8oOQ2nIcjnkg6typ
+7QjGAE57SSFGIyxEuenLQT4Weke0MunWW5ZC7wntoA8QokcdMAAADBAN3aYpE3R6LL2je4
+cblBh4SSe0m320u6y5S5RwJeK4I7tiMsMtdVZGZkgG5BqaN5qEBzB4FcdccNvQfTLwIPS4
+r0LKEdqMF7Z3Y4HKjEt9P+OFu8zvJ/s3QlSIy2l1sHOiVEOKg3WQhX1ropotqsbPJGYOVK
+Wa4DaVtx1oNiRNTDohAajrHG697PBu0dVHIsBVEkzrV9xZPB/nNYNa9OE+DH1zD/0tUUNw
++L/mMjz9KDZJ+3mUWlNxMU0U5d/B0cbwAAAMEA0VXCDduckbbrKb5PrV1NGlZD8FlFgovx
+IbOlhB1Zfbop4N8QndsMx5pXRwDOCiJ7z5Sc2huuJ5OCTnmW4yGajXo/yfX63B+suELbPk
+tjO5nl6yGcgOz95V2sfkCqlvchsxYN3qTmolWD0PadK5Sno8glzyM60sGv+basfgEOBsli
+GTIWv6gUA8QSVPkYFyircWMk7S7HwB1nc39B2XVdMzZkKnNKqv9yHhaEBxOzWwulUksEuN
+Jge4w7RaxPRg3vAAAAEHJvb3RAYmFzdGlvbjIwMDQBAg==
+-----END OPENSSH PRIVATE KEY-----

cookbooks/base/files/root/.ssh/known_hosts

@@ -0,0 +1 @@
+|1|/SRt7pnr5wRdTihEn9BLVAij7X8=|AiMlTVmMn4KG3ITCPxG+iL+1Z4o= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAej4lWqrN/bly94FQVTjNEsBxK7RiMlAkXrJQhnr6nLaLK0yEAJUHGZXF0LwnxYH9r734W6eDfQiqyqmbE2vPg=

cookbooks/base/lsyncd.rb

@@ -0,0 +1,30 @@
+package 'lsyncd'
+
+# Create /etc/sudoers.d/
+%w( /etc/lsyncd /var/log/lsyncd ).each do |d|
+  directory d do
+    owner 'root'
+    group 'root'
+    mode  '755'
+  end
+end
+
+directory '/root/.ssh/' do
+  owner 'root'
+  group 'root'
+  mode  '0700'
+end
+
+%w(id_rsa known_hosts).each do |f|
+  remote_file "/root/.ssh/#{f}" do
+    owner 'root'
+    group 'root'
+    mode  '600'
+  end
+end
+
+remote_file '/etc/logrotate.d/lsyncd' do
+  owner 'root'
+  group 'root'
+  mode  '644'
+end

cookbooks/gitea/attributes.rb

@@ -0,0 +1,18 @@
+# -------------------------------------------
+# Specifying the default settings:
+# -------------------------------------------
+node.reverse_merge!({
+  'gitea' => {
+    'url' => 'https://github.com/go-gitea/gitea/releases/download/',
+    'prefix' => 'gitea-',
+    'postfix' => '-linux-amd64',
+    'storage' => '/opt/gitea/',
+    'location' => '/usr/local/bin/'
+  },
+  'go-mmproxy' => {
+    'url' => 'https://github.com/path-network/go-mmproxy/releases/',
+    'bin_url' => 'https://github.com/path-network/go-mmproxy/releases/download/2.0/go-mmproxy-2.0-centos8-x86_64',
+    'storage' => '/opt/go-mmproxy/',
+    'location' => '/usr/local/bin/'
+  },
+})

cookbooks/gitea/default.rb

@@ -0,0 +1,10 @@
+# Loading the attributes:
+include_recipe './attributes.rb'
+
+# Install:
+include_recipe './install.rb'
+include_recipe './install-go-mmproxy.rb'
+
+# Setup:
+include_recipe './setup.rb'
+include_recipe './setup-go-mmproxy.rb'

cookbooks/gitea/files/etc/consul.d/service-gitea.json

@@ -0,0 +1,12 @@
+{
+  "service": {
+    "name": "gitea",
+    "port": 3000, 
+    "check":{
+      "tcp": "localhost:3000",
+      "interval": "60s",
+      "timeout": "1s",
+      "success_before_passing": 3
+    }
+  }
+}

cookbooks/gitea/files/etc/consul.d/service-go-mmproxy.json

@@ -0,0 +1,12 @@
+{
+  "service": {
+    "name": "go-mmproxy",
+    "port": 50021,
+    "check":{
+      "tcp": "localhost:50021",
+      "interval": "60s",
+      "timeout": "1s",
+      "success_before_passing": 3
+    }
+  }
+}

cookbooks/gitea/files/etc/gitea/app.ini

@@ -0,0 +1,78 @@
+APP_NAME = Gitea: Git with a cup of tea
+RUN_USER = git
+RUN_MODE = prod
+
+[oauth2]
+JWT_SECRET = Cyb3GmSaoJpkaHhA5X6wiNCK7KsngKEr6w_v37WZ1a4
+
+[security]
+INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NjMzNzYxNzR9.Z8_xg9eBZt8fSMTQLQB2xxGUx7GB5M3_v_Tsc441LOg
+INSTALL_LOCK   = true
+SECRET_KEY     = Br3eWgKaVIvM2TiHgvRnDbeZTSvBeVxSOS2VbjsPiyZ8Egigqre4dq0ZqaIKoxlB
+
+[database]
+DB_TYPE  = mysql
+HOST     = 192.168.10.200:3307
+NAME     = gitea
+USER     = root
+PASSWD   = Holiday88
+SSL_MODE = disable
+PATH     = /var/lib/gitea/data/gitea.db
+
+[repository]
+ROOT = /var/lib/git
+
+[server]
+SSH_DOMAIN       = gitea.kazu634.com
+DOMAIN           = gitea.kazu634.com
+HTTP_PORT        = 3000
+ROOT_URL         = https://gitea.kazu634.com/
+DISABLE_SSH      = false
+SSH_PORT         = 50022
+LFS_START_SERVER = true
+LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
+LFS_JWT_SECRET   = hcxZi2iadhyYTdRtAOJXXWPckR-lK2rFHPCbA1isvV0
+OFFLINE_MODE     = false
+
+[mailer]
+ENABLED = false
+
+[service]
+REGISTER_EMAIL_CONFIRM            = false
+ENABLE_NOTIFY_MAIL                = false
+DISABLE_REGISTRATION              = true
+ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+ENABLE_CAPTCHA                    = true
+REQUIRE_SIGNIN_VIEW               = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING       = true
+NO_REPLY_ADDRESS                  = noreply.example.org
+
+[picture]
+DISABLE_GRAVATAR        = false
+ENABLE_FEDERATED_AVATAR = true
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[session]
+PROVIDER = file
+
+[log]
+MODE      = file
+LEVEL     = Info
+ROOT_PATH = /var/lib/gitea/log
+
+[other]
+SHOW_FOOTER_VERSION = false
+
+[attachment]
+ENABLED = true
+ALLOWED_TYPES = */*
+MAX_SIZE = 1024
+MAX_FILES = 25
+
+[metrics]
+ENABLED = true

cookbooks/gitea/files/etc/lsyncd/lsyncd.conf.lua

@@ -0,0 +1,26 @@
+settings {
+  logfile = "/var/log/lsyncd/lsyncd.log",
+  statusFile = "/var/log/lsyncd/lsyncd.status",
+  statusInterval = 20,
+  nodaemon   = false
+}
+
+sync {
+  default.rsync,
+  source = "/var/lib/git/",
+  target = "admin@192.168.10.200:/volume1/Shared/AppData/gitea/git/",
+  rsync      = {
+    archive  = true,
+    compress = true
+  }
+}
+
+sync {
+  default.rsync,
+  source = "/var/lib/gitea/",
+  target = "admin@192.168.10.200:/volume1/Shared/AppData/gitea/gitea-data/",
+  rsync      = {
+    archive  = true,
+    compress = true
+  }
+}

cookbooks/gitea/files/etc/supervisor/conf.d/gitea.conf

@@ -0,0 +1,10 @@
+[program:gitea]
+command=/usr/local/bin/gitea web -c /etc/gitea/app.ini
+user=git
+stdout_logfile=/var/log/supervisor/gitea.log
+environment=GITEA_WORK_DIR="/var/lib/gitea/", HOME="/home/git", USER="git"
+redirect_stderr=true
+stdout_logfile_maxbytes=1MB
+stdout_logfile_backups=5
+autorestart=true
+stopsignal=TERM

cookbooks/gitea/files/etc/systemd/system/go-mmproxy.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=go-mmproxy
+After=network.target
+
+[Service]
+Type=simple
+LimitNOFILE=65535
+ExecStartPost=/sbin/ip rule add from 127.0.0.1/8 iif lo table 123
+ExecStartPost=/sbin/ip route add local 0.0.0.0/0 dev lo table 123
+ExecStart=/usr/local/bin/go-mmproxy -l 0.0.0.0:50021 -4 127.0.0.1:10022 -v 2
+ExecStopPost=/sbin/ip rule del from 127.0.0.1/8 iif lo table 123
+ExecStopPost=/sbin/ip route del local 0.0.0.0/0 dev lo table 123
+Restart=on-failure
+RestartSec=10s
+
+[Install]
+WantedBy=multi-user.target

cookbooks/gitea/files/etc/systemd/system/promtail-gitea.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Grafana Promtail
+Documentation=https://github.com/grafana/loki
+After=network-online.target
+
+[Service]
+User=root
+Restart=always
+ExecStart=/usr/local/bin/promtail --config.file=/etc/promtail/gitea.yaml
+
+[Install]
+WantedBy=multi-user.target

cookbooks/gitea/files/home/git/.ssh/authorized_keys

@@ -0,0 +1,6 @@
+# gitea public key
+command="/usr/local/bin/gitea --config=\"/etc/gitea/app.ini\" serv key-4",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKaziOfXcs96+p5WU67S/v3RD2HvuRN9iqROba8REj3fZygCrVHnboF6I3O5fmO7FXh2Nj8iLW/aQT0LxondM2hch67g6D4sM4qcshriYYRfMHTc+w7jVE6bhzpl78kCUM/Scy/IwCXqMNwWDoji8Yt2MMIBsAoUPhP1DdseHsBpxXDtKVcaHy35SM+uEsl34yvcXiobitYtrclxI8D7AiRHQ77VoHzlv8m93WFKBYlJ4JbtaQpVPncpJzcqhs1gD0eIHCHHF8xg8VsrDyiWVBoh+4ixnr+HYUbhRRBalvDuGdgFdccDt1RIWWrlZNelRecR1LNgyvWL5x9H/4YMh9 WorkingCopy@KazuhirosiPad-24032019
+# gitea public key
+command="/usr/local/bin/gitea --config=\"/etc/gitea/app.ini\" serv key-5",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxKUdftBP05WHbz2wIbYqhgYpmvR/tcIrnVngM2vH3hvbFfS6Es2TBswqTml5+gRzyZrjaii3rJaNfQxcXEfW8lPHzp3weMDBgNrcuVby5Nix5N7EeEoPZyzPk1BvpzoIudE/zIO++ttpTIS3uMBLcqCny4M/mY8IHiLs/c1osP7nQ1QA96xBHTk3xxr9vVbVyCI68uQ79aumJbhP/nKO068HmBJ5M+4kRLNQ6US6dvd8/zbf2tyi0SqCJcLrUvF2AINlIc9T3oApftYdrcZpNeexQdb4HYkH4lwQg4oWbCMH/iDgc8KLJR21nXLZZrVkbSxcDvwcYsMeGwZrVOpuR Chef
+# gitea public key
+command="/usr/local/bin/gitea --config=\"/etc/gitea/app.ini\" serv key-9",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuib90/h5aKtL411mOOTe7Ja5udeSTfF9mmTVuVsw5TEbOZPEI0O+PWuCCg6DKHVtAb0POoBjg+I8V4NS2VGIAur0mUyKIY7Zadk/3Y/jdbEtS0IGMwdJOgfTEBFvNNXhx+di3cUPTOvSBlnXpIi3vMetzOmqXvb285RUTcPlmLQsdpnJGcShnWIwUXKqWwQB5QZ8MREPgdGedON4yyWsOIrCVJJjBRCwyWCbLQTNE6TKoWKauabPtNgdqFFcBmp6NYfR8Ob2qp0RVq2vi8FFxoEaFFbJUHlJIbiInVypPf3zwpXx8Gdw+Rr7Hs8YAGCjEqE8J8ZI0iXDhaE4HcrQPQ== kazu634@macbookpro.local

cookbooks/gitea/install-go-mmproxy.rb

@@ -0,0 +1,29 @@
+# Download:
+TMP = "/tmp/go-mmproxy"
+
+execute "wget #{node['go-mmproxy']['bin_url']} -O #{TMP}" do
+  not_if "test -e #{node['go-mmproxy']['storage']}/go-mmproxy"
+end
+
+# Install:
+directory node['go-mmproxy']['storage'] do
+  owner 'root'
+  group 'root'
+  mode '755'
+end
+
+execute "mv #{TMP} #{node['go-mmproxy']['storage']}/go-mmproxy" do
+  not_if "test -e #{node['go-mmproxy']['storage']}/go-mmproxy"
+end
+
+# Change Owner and Permissions:
+file "#{node['go-mmproxy']['storage']}/go-mmproxy" do
+  owner 'root'
+  group 'root'
+  mode  '755'
+end
+
+# Create Link
+link "#{node['go-mmproxy']['location']}/go-mmproxy" do
+  to "#{node['go-mmproxy']['storage']}/go-mmproxy"
+end

cookbooks/gitea/install.rb

@@ -0,0 +1,55 @@
+gitea_url = ''
+gitea_bin = ''
+
+vtag     = ''
+tag      = ''
+
+# Calculate the Download URL:
+begin
+  require 'net/http'
+
+  uri = URI.parse('https://github.com/go-gitea/gitea/releases/latest')
+
+  Timeout.timeout(3) do
+    response = Net::HTTP.get_response(uri)
+
+    vtag     = $1 if response.body =~ %r{tag\/(v\d+\.\d+\.\d+)}
+    tag      = vtag.sub(/^v/, '')
+
+    gitea_bin = "#{node['gitea']['prefix']}#{tag}#{node['gitea']['postfix']}"
+    gitea_url = "#{node['gitea']['url']}/#{vtag}/#{gitea_bin}"
+  end
+rescue
+  # Abort the chef client process:
+  raise 'Cannot connect to http://github.com.'
+end
+
+# バージョン確認して、アップデート必要かどうか確認
+result = run_command("gitea --version 2>&1 | grep #{tag}", error: false)
+if result.exit_status != 0
+  # Download:
+  TMP = "/tmp/#{gitea_bin}"
+
+  execute "wget #{gitea_url} -O #{TMP}"
+
+  # Install:
+  directory node['gitea']['storage'] do
+    owner 'root'
+    group 'root'
+    mode '755'
+  end
+
+  execute "mv #{TMP} #{node['gitea']['storage']}/gitea"
+
+  # Change Owner and Permissions:
+  file "#{node['gitea']['storage']}/gitea" do
+    owner 'root'
+    group 'root'
+    mode  '755'
+  end
+
+  # Create Link
+  link "#{node['gitea']['location']}/gitea" do
+    to "#{node['gitea']['storage']}/gitea"
+  end
+end

cookbooks/gitea/setup-go-mmproxy.rb

@@ -0,0 +1,39 @@
+# Deploy `supervisord` config`:
+remote_file '/etc/systemd/system/go-mmproxy.service' do
+  owner  'root'
+  group  'root'
+  mode   '644'
+
+  notifies :restart, 'service[go-mmproxy]'
+end
+
+service 'go-mmproxy' do
+  action [ :enable, :restart ]
+end
+
+# Depoy `consul` service configuration for `gitea`:
+remote_file '/etc/consul.d/service-go-mmproxy.json' do
+  owner  'root'
+  group  'root'
+  mode   '644'
+
+  notifies :restart, 'service[supervisor]'
+end
+
+# Firewall settings here:
+%w( 50021/tcp ).each do |p|
+  execute "ufw allow #{p}" do
+    user 'root'
+
+    not_if "LANG=c ufw status | grep #{p}"
+
+    notifies :run, 'execute[ufw reload-or-enable]'
+  end
+end
+
+execute 'ufw reload-or-enable' do
+  user 'root'
+  command 'LANG=C ufw reload | grep skipping && ufw --force enable || exit 0'
+
+  action :nothing
+end

cookbooks/gitea/setup.rb

@@ -0,0 +1,131 @@
+# Create `git` user:
+user 'git' do
+  create_home true
+  home '/home/git/'
+
+  system_user true
+
+  shell '/bin/bash'
+end
+
+directory '/home/git/.ssh/' do
+  owner 'git'
+  group 'git'
+  mode  '0700'
+end
+
+remote_file '/home/git/.ssh/authorized_keys' do
+  owner 'git'
+  group 'git'
+  mode  '0600'
+end
+
+# Create `/etc/gitea/`:
+%w(/etc/gitea).each do |d|
+  directory d do
+    owner  'root'
+    group  'root'
+    mode   '0755'
+  end
+end
+
+%w(/var/lib/git /var/lib/gitea).each do |d|
+  directory d do
+    owner  'git'
+    group  'git'
+    mode   '0755'
+  end
+end
+
+execute 'rsync -vrz --delete admin@192.168.10.200:/volume1/Shared/AppData/gitea/gitea-data/ /var/lib/gitea/' do
+  not_if 'test -e /var/lib/gitea/log'
+end
+
+execute 'rsync -vrz --delete admin@192.168.10.200:/volume1/Shared/AppData/gitea/git/ /var/lib/git/' do
+  not_if 'test -e /var/lib/git/kazu634/'
+end
+
+execute 'chown -R git:git /var/lib/gitea/'
+execute 'chown -R git:git /var/lib/git/'
+
+# Deploy `app.ini`:
+remote_file '/etc/gitea/app.ini' do
+  owner  'git'
+  group  'git'
+  mode   '644'
+end
+
+# Deploy `supervisord` config`:
+remote_file '/etc/supervisor/conf.d/gitea.conf' do
+  owner  'root'
+  group  'root'
+  mode   '644'
+
+  notifies :restart, 'service[supervisor]'
+end
+
+service 'supervisor' do
+  action :nothing
+end
+
+# Depoy `consul` service configuration for `gitea`:
+remote_file '/etc/consul.d/service-gitea.json' do
+  owner  'root'
+  group  'root'
+  mode   '644'
+
+  notifies :restart, 'service[supervisor]'
+end
+
+# Depoy `promtail` configuration for `gitea`:
+template '/etc/promtail/gitea.yaml' do
+  owner  'root'
+  group  'root'
+  mode   '644'
+
+  variables(HOSTNAME: node[:hostname], LOKIENDPOINT: node['promtail']['lokiendpoint'])
+
+  notifies :restart, 'service[promtail-gitea]'
+end
+
+# Deploy `systemd` configuration for `promtail-gitea`:
+remote_file '/etc/systemd/system/promtail-gitea.service' do
+  owner  'root'
+  group  'root'
+  mode   '644'
+end
+
+# Service setting:
+service 'promtail-gitea' do
+  action [ :enable, :restart ]
+end
+
+# Deploy `systemd` configuration for `promtail-gitea`:
+remote_file '/etc/lsyncd/lsyncd.conf.lua' do
+  owner  'root'
+  group  'root'
+  mode   '644'
+end
+
+# Service setting:
+service 'lsyncd' do
+  action [ :enable, :restart ]
+end
+
+# Firewall settings here:
+%w( 3000/tcp ).each do |p|
+  execute "ufw allow #{p}" do
+    user 'root'
+
+    not_if "LANG=c ufw status | grep #{p}"
+
+    notifies :run, 'execute[ufw reload-or-enable]'
+  end
+end
+
+execute 'ufw reload-or-enable' do
+  user 'root'
+  command 'LANG=C ufw reload | grep skipping && ufw --force enable || exit 0'
+
+  action :nothing
+end

cookbooks/gitea/templates/etc/promtail/gitea.yaml

@@ -0,0 +1,61 @@
+server:
+  disable: true
+
+positions:
+  filename: /var/opt/promtail/promtail_gitea_position.yaml
+
+clients:
+  - url: http://<%= @LOKIENDPOINT %>/loki/api/v1/push
+
+scrape_configs:
+  - job_name: gitea
+    static_configs:
+    - targets:
+        - localhost
+      labels:
+        job: gitea
+        hostname: <%= @HOSTNAME %>
+        vhost: gitea.kazu634.com
+        __path__: /var/log/supervisor/gitea.log
+
+    pipeline_stages:
+    - match:
+        selector: '{job="gitea"}'
+
+        stages:
+        - drop:
+            expression: "(Static|robots.txt|sitemap.xml)"
+
+        - regex:
+            expression: '^\[Macaron\] (?P<timestamp>[0-9]+\-[0-9]+\-[0-9]+ +[0-9]+:[0-9]+:[0-9]+): (?P<message1>[^\/]+) (?P<uri>\/[^ ]*) (?P<response>[^ ]+) (?P<message2>.+)$'
+
+        - timestamp:
+            source: timestamp
+            format: 2006-01-02 15:04:05
+            location: Asia/Tokyo
+
+        - template:
+            source: message
+            template: '{{ .message1 }} {{ .uri }} ({{ .message2 }})'
+
+        - template:
+            source: level
+            template: '{{ .response }}'
+
+        - template:
+            source: level
+            template: '{{ regexReplaceAllLiteral "(2[0-9]+|3[0-9]+|for)" .Value "info" }}'
+
+        - template:
+            source: level
+            template: '{{ regexReplaceAllLiteral "4[0-9]+" .Value "warning" }}'
+
+        - template:
+            source: level
+            template: '{{ regexReplaceAllLiteral "5[0-9]+" .Value "error" }}'
+
+        - labels:
+            level:
+
+        - output:
+            source: message