Nulo/define-alpine-the-sequel
1
0
Fork 0
Code Issues 13 Pull requests Packages Projects 1 Releases Wiki Activity
define-alpine-the-sequel/services/forgejo/index.ts
Cat /dev/Nulo 497e915167 persistir forgejo 
fixes #6
2023-02-22 20:08:13 -03:00

174 lines
4.4 KiB
TypeScript
Raw Permalink Blame History

import { buildForgejo } from "./build.js";
import { Alpine } from "../../alpine.js";
import { Runit } from "../../runit/index.js";
import { loadForgejoSecretsFile } from "./secrets.js";
import { FluentBitParser, runitLokiLogger } from "../../software/fluentbit.js";
import { copyFile } from "node:fs/promises";
// ## Para crear unx usuarix
//
// ```sh
// # su _forgejo
// $ cd /var/lib/forgejo
// $ forgejo admin user create --config /etc/forgejo.conf --username Test --email test@nulo.in --password 123
// ```
export async function setupForgejo(alpine: Alpine, runit: Runit) {
const bin = await buildForgejo();
await copyFile(bin, alpine.path("/usr/local/bin/forgejo"));
await alpine.addPackages(["tzdata", "git"]);
const entry = await alpine.userAdd("_forgejo");
const dataDir = "/var/lib/forgejo";
await alpine.persist.addMount({ path: dataDir, username: "_forgejo" });
const secrets = await loadForgejoSecretsFile();
await alpine.writeFile(
"/etc/forgejo.conf",
`
; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
APP_NAME = cat /dev/null
RUN_USER = _forgejo
RUN_MODE = prod
[server]
PROTOCOL = http
DOMAIN = gitea.nulo.in
ROOT_URL = https://gitea.nulo.in/
HTTP_ADDR = 127.0.0.1
HTTP_PORT = 3000
UNIX_SOCKET_PERMISSION = 660
DISABLE_SSH = false
START_SSH_SERVER = false
SSH_PORT = 993
;; Enable exposure of SSH clone URL to anonymous visitors, default is false
SSH_EXPOSE_ANONYMOUS = true
OFFLINE_MODE = true
DISABLE_ROUTER_LOG = false
STATIC_ROOT_PATH = /var/lib/forgejo
APP_DATA_PATH = /var/lib/forgejo/data
ENABLE_GZIP = true
LANDING_PAGE = explore
LFS_START_SERVER = true
LFS_JWT_SECRET = ${secrets.LFS_JWT_SECRET}
;; Doesn't work, setup under nginx
;[cors]
;ENABLED = true
;ALLOW_DOMAIN = *
;ALLOW_SUBDOMAIN = false
;METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
;MAX_AGE = 10m
;ALLOW_CREDENTIALS = false
;X_FRAME_OPTIONS = SAMEORIGIN
[log]
LEVEL = Warn
[database]
DB_TYPE = sqlite3
PATH = data/forgejo.db
[security]
INSTALL_LOCK = true
SECRET_KEY = ${secrets.SECRET_KEY}
INTERNAL_TOKEN = ${secrets.INTERNAL_TOKEN}
PASSWORD_HASH_ALGO = argon2
[oauth2]
ENABLE = true
JWT_SECRET = ${secrets.OAUTH_JWT_SECRET}
JWT_SIGNING_ALGORITHM = HS512
[service]
REGISTER_EMAIL_CONFIRM = true
DISABLE_REGISTRATION = true
;; Mail notification
ENABLE_NOTIFY_MAIL = true
DEFAULT_KEEP_EMAIL_PRIVATE = true
[repository]
ROOT=/var/lib/forgejo/data/gitea-repositories
;PREFERRED_LICENSES = Apache License 2.0,MIT License
DEFAULT_BRANCH = antifascista
ENABLE_PUSH_CREATE_USER = true
ENABLE_PUSH_CREATE_ORG = true
[repository.pull-request]
WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP],Draft
CLOSE_KEYWORDS = close,closes,closed,fix,fixes,fixed,resolve,resolves,resolved,cierra
REOPEN_KEYWORDS = reopen,reopens,reopened,reabre
[project]
PROJECT_BOARD_BASIC_KANBAN_TYPE = Hacer, Haciendo, Hecho
PROJECT_BOARD_BUG_TRIAGE_TYPE = Needs Triage, Prioridad: Alta, Prioridad: Baja, Cerrado
[ui]
REACTIONS = +1, -1, laugh, hooray, confused, heart, rocket, eyes, oh_no
CUSTOM_EMOJIS = gitea, codeberg, gitlab, git, github, gogs, oh_no
DEFAULT_SHOW_FULL_NAME = true
[ui.meta]
AUTHOR = Nulo
DESCRIPTION = ¡Acá hacemos software, y más!
KEYWORDS = go,git,self-hosted,forgejo
[mailer]
ENABLED = true
;; Prefix displayed before subject in mail
;SUBJECT_PREFIX =
;;
;; As per RFC 8314 using Implicit TLS/SMTPS on port 465 (if supported) is recommended,
;; otherwise STARTTLS on port 587 should be used.
SMTP_ADDR = mail.riseup.net
SMTP_PORT = 465
;;
;; Mail from address, RFC 5322. This can be just an email address, or the '"Name" <email@example.com>' format
FROM = Forgejo <giteanuloin@riseup.net>
USER = catdevnull
PASSWD = ${secrets.EMAIL_PASSWORD}
PROTOCOL = smtps
[session]
;; 7 días
SESSION_LIFE_TIME = 604800
[time]
DEFAULT_UI_LOCATION = America/Argentina/Buenos_Aires
[webhook]
ALLOWED_HOST_LIST=external,loopback
[indexer]
REPO_INDEXER_ENABLED=true
REPO_INDEXER_EXCLUDE=**.mp4,**.jpg
`,
entry
);
await runit.addService(
"forgejo",
`#!/bin/sh
# USER and HOME are needed because forgejo doesn't actually check the user it
# runs as, but instead just grabs the variables from the variables.
export USER=_forgejo
export HOME=/var/lib/forgejo
umask 0027
# forgejo needs to run from its home for SSH to work properly
# TODO: check if this does anything
export FORGEJO_WORK_DIR="$HOME"
cd "$HOME"
exec chpst -u $USER:$USER /usr/local/bin/forgejo web --config /etc/forgejo.conf 2>&1
`,
runitLokiLogger(FluentBitParser.Forgejo, "forgejo")
);
}
Reference in a new issue View git blame Copy permalink