diff --git a/alpine.ts b/alpine.ts index 6963d34..95841f1 100644 --- a/alpine.ts +++ b/alpine.ts @@ -14,6 +14,7 @@ import { execFile, exists } from "./helpers/better-api.js"; import { PasswdEntry, readPasswd } from "./helpers/passwd.js"; import { logDebug } from "./helpers/logger.js"; import assert from "node:assert"; +import { Persist } from "./persist.js"; export class Alpine { dir: string; @@ -21,6 +22,7 @@ export class Alpine { this.dir = dir; } fstab: Fstab = new Fstab(this); + persist: Persist = new Persist(this); packages: string[] = []; async mkdirP(dir: string): Promise { @@ -169,6 +171,7 @@ export class Alpine { const alpine = new Alpine({ dir }); await alpine.fstab.write(); + await alpine.persist.write(); return alpine; } } diff --git a/index.ts b/index.ts index 4c4cd9d..0b45b18 100644 --- a/index.ts +++ b/index.ts @@ -49,6 +49,7 @@ socat tcp-listen:80,reuseaddr,fork tcp:localhost:3050 & `, { uid: 0, gid: 0 } ); + await alpine.fstab.addMount("/dev/sdb /persist ext4 defaults 0 0"); await timed(() => installFluentBit(alpine)); const runit = await timed(() => Runit.setup(alpine)); await timed(() => setupDhcpcd(alpine, runit)); diff --git a/persist.ts b/persist.ts new file mode 100644 index 0000000..53a8eb1 --- /dev/null +++ b/persist.ts @@ -0,0 +1,40 @@ +import { join } from "path"; +import { Alpine } from "./alpine.js"; + +export type Mount = { + path: string; + username: string; +}; +function getPersistPath(mount: Mount): string { + return join("/persist", mount.path); +} + +export class Persist { + private alpine: Alpine; + private mounts: Mount[] = []; + constructor(alpine: Alpine) { + this.alpine = alpine; + } + + async addMount(mount: Mount) { + await this.alpine.symlink(getPersistPath(mount), mount.path); + this.mounts.push(mount); + await this.write(); + } + async write() { + await this.alpine.mkdirP("/persist"); + let script = "#!/bin/sh -e\n"; + script += this.mounts + .flatMap((m) => [ + `mkdir -p '${getPersistPath(m)}'`, + `chown '${m.username}:${m.username}' '${getPersistPath(m)}'`, + `chmod 700 '${m.path}'`, + ]) + .join("\n"); + await this.alpine.writeExecutable( + // runit/scripts/03-filesystems.sh + "/usr/local/sbin/set-persist-permissions", + script + ); + } +} diff --git a/runit/scripts/03-filesystems.sh b/runit/scripts/03-filesystems.sh index 36c4bd5..52912f1 100644 --- a/runit/scripts/03-filesystems.sh +++ b/runit/scripts/03-filesystems.sh @@ -73,7 +73,7 @@ fi msg "Mounting all non-network filesystems..." mount -a -t "nosysfs,nonfs,nonfs4,nosmbfs,nocifs" -O no_netdev || emergency_shell -# data module -msg "Creating and mounting data directories..." -# TODO: todavĂ­a no tenemos modulo de data que genere esto -# /usr/local/bin/mount-data || emergency_shell + +msg "Setting permissions in persist directories..." +# de persist.ts +"/usr/local/sbin/set-persist-permissions" || emergency_shell diff --git a/services/forgejo/index.ts b/services/forgejo/index.ts index a4f036a..24e7e4c 100644 --- a/services/forgejo/index.ts +++ b/services/forgejo/index.ts @@ -5,6 +5,13 @@ import { loadForgejoSecretsFile } from "./secrets.js"; import { FluentBitParser, runitLokiLogger } from "../../software/fluentbit.js"; import { copyFile } from "node:fs/promises"; +// ## Para crear unx usuarix +// +// ```sh +// # su _forgejo +// $ cd /var/lib/forgejo +// $ forgejo admin user create --config /etc/forgejo.conf --username Test --email test@nulo.in --password 123 +// ``` export async function setupForgejo(alpine: Alpine, runit: Runit) { const bin = await buildForgejo(); await copyFile(bin, alpine.path("/usr/local/bin/forgejo")); @@ -12,11 +19,8 @@ export async function setupForgejo(alpine: Alpine, runit: Runit) { await alpine.addPackages(["tzdata", "git"]); const entry = await alpine.userAdd("_forgejo"); - // TODO: persistir - await alpine.fstab.addTmpfs("/var/lib/forgejo", { - uid: entry.uid, - mode: "700", - }); + const dataDir = "/var/lib/forgejo"; + await alpine.persist.addMount({ path: dataDir, username: "_forgejo" }); const secrets = await loadForgejoSecretsFile(); await alpine.writeFile( @@ -87,7 +91,7 @@ ENABLE_NOTIFY_MAIL = true DEFAULT_KEEP_EMAIL_PRIVATE = true [repository] -ROOT=/var/lib/gitea/data/gitea-repositories +ROOT=/var/lib/forgejo/data/gitea-repositories ;PREFERRED_LICENSES = Apache License 2.0,MIT License DEFAULT_BRANCH = antifascista ENABLE_PUSH_CREATE_USER = true