persistir forgejo

fixes #6

alpine.ts

@@ -14,6 +14,7 @@ import { execFile, exists } from "./helpers/better-api.js";
 import { PasswdEntry, readPasswd } from "./helpers/passwd.js";
 import { logDebug } from "./helpers/logger.js";
 import assert from "node:assert";
+import { Persist } from "./persist.js";
 
 export class Alpine {
   dir: string;
@@ -21,6 +22,7 @@ export class Alpine {
     this.dir = dir;
   }
   fstab: Fstab = new Fstab(this);
+  persist: Persist = new Persist(this);
   packages: string[] = [];
 
   async mkdirP(dir: string): Promise<void> {
@@ -169,6 +171,7 @@ export class Alpine {
 
     const alpine = new Alpine({ dir });
     await alpine.fstab.write();
+    await alpine.persist.write();
     return alpine;
   }
 }

index.ts

@@ -49,6 +49,7 @@ socat tcp-listen:80,reuseaddr,fork tcp:localhost:3050 &
 `,
     { uid: 0, gid: 0 }
   );
+  await alpine.fstab.addMount("/dev/sdb /persist ext4	defaults  0	0");
   await timed(() => installFluentBit(alpine));
   const runit = await timed(() => Runit.setup(alpine));
   await timed(() => setupDhcpcd(alpine, runit));

persist.ts

@@ -0,0 +1,40 @@
+import { join } from "path";
+import { Alpine } from "./alpine.js";
+
+export type Mount = {
+  path: string;
+  username: string;
+};
+function getPersistPath(mount: Mount): string {
+  return join("/persist", mount.path);
+}
+
+export class Persist {
+  private alpine: Alpine;
+  private mounts: Mount[] = [];
+  constructor(alpine: Alpine) {
+    this.alpine = alpine;
+  }
+
+  async addMount(mount: Mount) {
+    await this.alpine.symlink(getPersistPath(mount), mount.path);
+    this.mounts.push(mount);
+    await this.write();
+  }
+  async write() {
+    await this.alpine.mkdirP("/persist");
+    let script = "#!/bin/sh -e\n";
+    script += this.mounts
+      .flatMap((m) => [
+        `mkdir -p '${getPersistPath(m)}'`,
+        `chown '${m.username}:${m.username}' '${getPersistPath(m)}'`,
+        `chmod 700 '${m.path}'`,
+      ])
+      .join("\n");
+    await this.alpine.writeExecutable(
+      // runit/scripts/03-filesystems.sh
+      "/usr/local/sbin/set-persist-permissions",
+      script
+    );
+  }
+}

runit/scripts/03-filesystems.sh

@@ -73,7 +73,7 @@ fi
 
 msg "Mounting all non-network filesystems..."
 mount -a -t "nosysfs,nonfs,nonfs4,nosmbfs,nocifs" -O no_netdev || emergency_shell
-# data module
+
-msg "Creating and mounting data directories..."
+msg "Setting permissions in persist directories..."
-# TODO: todavía no tenemos modulo de data que genere esto
+# de persist.ts
-# /usr/local/bin/mount-data || emergency_shell
+"/usr/local/sbin/set-persist-permissions" || emergency_shell

services/forgejo/index.ts

@@ -5,6 +5,13 @@ import { loadForgejoSecretsFile } from "./secrets.js";
 import { FluentBitParser, runitLokiLogger } from "../../software/fluentbit.js";
 import { copyFile } from "node:fs/promises";
 
+// ## Para crear unx usuarix
+//
+// ```sh
+// # su _forgejo
+// $ cd /var/lib/forgejo
+// $ forgejo admin user create --config /etc/forgejo.conf --username Test --email test@nulo.in --password 123
+// ```
 export async function setupForgejo(alpine: Alpine, runit: Runit) {
   const bin = await buildForgejo();
   await copyFile(bin, alpine.path("/usr/local/bin/forgejo"));
@@ -12,11 +19,8 @@ export async function setupForgejo(alpine: Alpine, runit: Runit) {
   await alpine.addPackages(["tzdata", "git"]);
   const entry = await alpine.userAdd("_forgejo");
 
-  // TODO: persistir
+  const dataDir = "/var/lib/forgejo";
-  await alpine.fstab.addTmpfs("/var/lib/forgejo", {
+  await alpine.persist.addMount({ path: dataDir, username: "_forgejo" });
-    uid: entry.uid,
-    mode: "700",
-  });
 
   const secrets = await loadForgejoSecretsFile();
   await alpine.writeFile(
@@ -87,7 +91,7 @@ ENABLE_NOTIFY_MAIL = true
 DEFAULT_KEEP_EMAIL_PRIVATE = true
 
 [repository]
-ROOT=/var/lib/gitea/data/gitea-repositories
+ROOT=/var/lib/forgejo/data/gitea-repositories
 ;PREFERRED_LICENSES = Apache License 2.0,MIT License
 DEFAULT_BRANCH = antifascista
 ENABLE_PUSH_CREATE_USER = true