174 lines
4.4 KiB
TypeScript
174 lines
4.4 KiB
TypeScript
import { buildForgejo } from "./build.js";
|
|
import { Alpine } from "../../alpine.js";
|
|
import { Runit } from "../../runit/index.js";
|
|
import { loadForgejoSecretsFile } from "./secrets.js";
|
|
import { FluentBitParser, runitLokiLogger } from "../../software/fluentbit.js";
|
|
import { copyFile } from "node:fs/promises";
|
|
|
|
// ## Para crear unx usuarix
|
|
//
|
|
// ```sh
|
|
// # su _forgejo
|
|
// $ cd /var/lib/forgejo
|
|
// $ forgejo admin user create --config /etc/forgejo.conf --username Test --email test@nulo.in --password 123
|
|
// ```
|
|
export async function setupForgejo(alpine: Alpine, runit: Runit) {
|
|
const bin = await buildForgejo();
|
|
await copyFile(bin, alpine.path("/usr/local/bin/forgejo"));
|
|
|
|
await alpine.addPackages(["tzdata", "git"]);
|
|
const entry = await alpine.userAdd("_forgejo");
|
|
|
|
const dataDir = "/var/lib/forgejo";
|
|
await alpine.persist.addMount({ path: dataDir, username: "_forgejo" });
|
|
|
|
const secrets = await loadForgejoSecretsFile();
|
|
await alpine.writeFile(
|
|
"/etc/forgejo.conf",
|
|
`
|
|
; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
|
|
|
|
APP_NAME = cat /dev/null
|
|
RUN_USER = _forgejo
|
|
RUN_MODE = prod
|
|
|
|
[server]
|
|
PROTOCOL = http
|
|
DOMAIN = gitea.nulo.in
|
|
ROOT_URL = https://gitea.nulo.in/
|
|
HTTP_ADDR = 127.0.0.1
|
|
HTTP_PORT = 3000
|
|
UNIX_SOCKET_PERMISSION = 660
|
|
|
|
DISABLE_SSH = false
|
|
START_SSH_SERVER = false
|
|
SSH_PORT = 993
|
|
;; Enable exposure of SSH clone URL to anonymous visitors, default is false
|
|
SSH_EXPOSE_ANONYMOUS = true
|
|
OFFLINE_MODE = true
|
|
DISABLE_ROUTER_LOG = false
|
|
STATIC_ROOT_PATH = /var/lib/forgejo
|
|
APP_DATA_PATH = /var/lib/forgejo/data
|
|
ENABLE_GZIP = true
|
|
LANDING_PAGE = explore
|
|
|
|
LFS_START_SERVER = true
|
|
LFS_JWT_SECRET = ${secrets.LFS_JWT_SECRET}
|
|
|
|
;; Doesn't work, setup under nginx
|
|
;[cors]
|
|
;ENABLED = true
|
|
;ALLOW_DOMAIN = *
|
|
;ALLOW_SUBDOMAIN = false
|
|
;METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
|
|
;MAX_AGE = 10m
|
|
;ALLOW_CREDENTIALS = false
|
|
;X_FRAME_OPTIONS = SAMEORIGIN
|
|
|
|
[log]
|
|
LEVEL = Warn
|
|
|
|
[database]
|
|
DB_TYPE = sqlite3
|
|
PATH = data/forgejo.db
|
|
|
|
[security]
|
|
INSTALL_LOCK = true
|
|
SECRET_KEY = ${secrets.SECRET_KEY}
|
|
INTERNAL_TOKEN = ${secrets.INTERNAL_TOKEN}
|
|
PASSWORD_HASH_ALGO = argon2
|
|
|
|
[oauth2]
|
|
ENABLE = true
|
|
JWT_SECRET = ${secrets.OAUTH_JWT_SECRET}
|
|
JWT_SIGNING_ALGORITHM = HS512
|
|
|
|
[service]
|
|
REGISTER_EMAIL_CONFIRM = true
|
|
DISABLE_REGISTRATION = true
|
|
;; Mail notification
|
|
ENABLE_NOTIFY_MAIL = true
|
|
DEFAULT_KEEP_EMAIL_PRIVATE = true
|
|
|
|
[repository]
|
|
ROOT=/var/lib/forgejo/data/gitea-repositories
|
|
;PREFERRED_LICENSES = Apache License 2.0,MIT License
|
|
DEFAULT_BRANCH = antifascista
|
|
ENABLE_PUSH_CREATE_USER = true
|
|
ENABLE_PUSH_CREATE_ORG = true
|
|
|
|
[repository.pull-request]
|
|
WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP],Draft
|
|
CLOSE_KEYWORDS = close,closes,closed,fix,fixes,fixed,resolve,resolves,resolved,cierra
|
|
REOPEN_KEYWORDS = reopen,reopens,reopened,reabre
|
|
|
|
[project]
|
|
PROJECT_BOARD_BASIC_KANBAN_TYPE = Hacer, Haciendo, Hecho
|
|
PROJECT_BOARD_BUG_TRIAGE_TYPE = Needs Triage, Prioridad: Alta, Prioridad: Baja, Cerrado
|
|
|
|
[ui]
|
|
REACTIONS = +1, -1, laugh, hooray, confused, heart, rocket, eyes, oh_no
|
|
CUSTOM_EMOJIS = gitea, codeberg, gitlab, git, github, gogs, oh_no
|
|
|
|
DEFAULT_SHOW_FULL_NAME = true
|
|
|
|
[ui.meta]
|
|
AUTHOR = Nulo
|
|
DESCRIPTION = ¡Acá hacemos software, y más!
|
|
KEYWORDS = go,git,self-hosted,forgejo
|
|
|
|
[mailer]
|
|
ENABLED = true
|
|
;; Prefix displayed before subject in mail
|
|
;SUBJECT_PREFIX =
|
|
;;
|
|
;; As per RFC 8314 using Implicit TLS/SMTPS on port 465 (if supported) is recommended,
|
|
;; otherwise STARTTLS on port 587 should be used.
|
|
SMTP_ADDR = mail.riseup.net
|
|
SMTP_PORT = 465
|
|
;;
|
|
;; Mail from address, RFC 5322. This can be just an email address, or the '"Name" <email@example.com>' format
|
|
FROM = Forgejo <giteanuloin@riseup.net>
|
|
USER = catdevnull
|
|
PASSWD = ${secrets.EMAIL_PASSWORD}
|
|
PROTOCOL = smtps
|
|
|
|
[session]
|
|
;; 7 días
|
|
SESSION_LIFE_TIME = 604800
|
|
|
|
[time]
|
|
DEFAULT_UI_LOCATION = America/Argentina/Buenos_Aires
|
|
|
|
[webhook]
|
|
ALLOWED_HOST_LIST=external,loopback
|
|
|
|
[indexer]
|
|
REPO_INDEXER_ENABLED=true
|
|
REPO_INDEXER_EXCLUDE=**.mp4,**.jpg
|
|
`,
|
|
entry
|
|
);
|
|
await runit.addService(
|
|
"forgejo",
|
|
`#!/bin/sh
|
|
|
|
# USER and HOME are needed because forgejo doesn't actually check the user it
|
|
# runs as, but instead just grabs the variables from the variables.
|
|
export USER=_forgejo
|
|
export HOME=/var/lib/forgejo
|
|
|
|
umask 0027
|
|
|
|
# forgejo needs to run from its home for SSH to work properly
|
|
# TODO: check if this does anything
|
|
export FORGEJO_WORK_DIR="$HOME"
|
|
|
|
cd "$HOME"
|
|
|
|
exec chpst -u $USER:$USER /usr/local/bin/forgejo web --config /etc/forgejo.conf 2>&1
|
|
`,
|
|
runitLokiLogger(FluentBitParser.Forgejo, "forgejo")
|
|
);
|
|
}
|