From 231e5aa0542c62afee7b416b496eba09801edb84 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 13:12:12 +0100 Subject: [PATCH 01/23] . --- README.md | 114 +++++++++++- docker-compose-home.yml | 2 +- drone-starlark/repos/stack/drone.star | 10 +- install.md | 243 -------------------------- 4 files changed, 116 insertions(+), 253 deletions(-) delete mode 100644 install.md diff --git a/README.md b/README.md index efc06e7..c6dafc2 100644 --- a/README.md +++ b/README.md @@ -40,12 +40,80 @@ Once installed and running the system can redeploy itself. However initially you need to do this yourself. -### docker -you need a docker swarm set up with nodes with the following labels +### remove old versions of docker + +(if it's a fresh install of linux there shouldn't be any) + +``` +sudo apt-get remove docker docker-engine docker.io +``` + +### install docker + +``` +sudo apt install docker.io +``` + +### add current user to docker group + +logout and back in afterwards + +``` +sudo usermod -aG docker $USER +``` + +### start and enable docker + +``` +sudo systemctl start docker +sudo systemctl enable docker +``` + +### change ssh port to 2022 + +``` +sudo vi /etc/ssh/sshd_config + +``` + +change Port 2022 + +### allow root to ssh + +``` +sudo vi /etc/ssh/sshd_config + +``` + +## set the root password + +``` +sudo passwd root +``` + +change PermitRootLogin yes + +reboot + +start a stack running gitea to host repository. + +## stack + +### labels + +get nodes with + +``` +docker node ls +``` + +add label with + +``` +docker node update --label-add com.sigyl.git-stack=yes [node id] +``` -* com.sigyl.git-stack=yes -* com.sigyl.git-stack-data=yes ### global environment @@ -330,3 +398,41 @@ Vist domain/ghost and set up admin user. ### chat Admin user is automatically created according to configured secrets + + +## docker-exec-runner on windows + +These instructions are not very good... + +https://exec-runner.docs.drone.io/installation/windows/ + +download and unpack on linux with + +``` +curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_windows_amd64.tar.gz | tar zx +``` + + +rename drone-runner-exec to drone-runner-exec.exe + +make directory c:\Drone\drone-runner-exec on windows + +copy drone-runner-exec.exe to directory + +make config file with + +``` + +DRONE_RPC_PROTO=https +DRONE_RPC_HOST=drone.sigyl.com:443 +DRONE_RPC_SECRET=[rpc secret] +DRONE_LOG_FILE=C:\Drone\drone-runner-exec\log.txt +DRONE_RUNNER_LABELS=web:true +``` + +install and start service with + +``` +drone-runner-exec service install +drone-runner-exec service start +``` diff --git a/docker-compose-home.yml b/docker-compose-home.yml index e6834b1..857ec7a 100644 --- a/docker-compose-home.yml +++ b/docker-compose-home.yml @@ -300,7 +300,7 @@ services: - ROOT_URL=https://${GIT_DOMAIN}/chat - PORT=3000 - MONGO_URL=mongodb://chat-mongo:27017/rocketchat - - ADMIN_USERNAME=${CHAT_ADMIN_USER} + - ADMIN_USERNAME=${CHAT_ADMIN_NAME} - ADMIN_PASS=${CHAT_ADMIN_PASSWORD} - ADMIN_EMAIL=${CHAT_ADMIN_EMAIL} volumes: diff --git a/drone-starlark/repos/stack/drone.star b/drone-starlark/repos/stack/drone.star index 84ddcc4..857ca54 100644 --- a/drone-starlark/repos/stack/drone.star +++ b/drone-starlark/repos/stack/drone.star @@ -30,17 +30,17 @@ def drone( pipeline( branch, [ - printSecrets( - "env-stack", - publicSecrets, - secretSecrets, - ), wait(15, "wait"), build("drone-starlark"), rescale( "{name}_drone-starlark".format(name=name), 1, ), + printSecrets( + "env-stack", + publicSecrets, + secretSecrets, + ), build("ngrok-gitea"), build("guacamole-postgresql"), build("letsencrypt-nginx"), diff --git a/install.md b/install.md deleted file mode 100644 index e9a0edb..0000000 --- a/install.md +++ /dev/null @@ -1,243 +0,0 @@ -# gitea in a stack with drone and guacamole - -Remote system support. - -Consisting of - -* gitea repository - github like self hosted git and web application -* drone ci system -* guacamole - rdp, vnc and ssh over the internet in the browser - - -## home - - -(nb when self deploying with drone it will will stick on started and have to be cancelled. This is because the deployment tears down the previous running drone). - -NB each time you deploy this using drone it will leave an orphaned network for example: - -eventually this will start to cause an error with message: Docker “ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network” - -You need to keep clearing out orphaned networks. - -## installing docker - -Start with a fresh install of Ubuntu server 19.04 connected to the internet - -### update packages - -``` -sudo apt-get update -sudo apt-get upgrade -``` - -### remove old versions of docker - -(if it's a fresh install of linux there shouldn't be any) - -``` -sudo apt-get remove docker docker-engine docker.io -``` - -### install docker - -``` -sudo apt install docker.io -``` - -### add current user to docker group - -logout and back in afterwards - -``` -sudo usermod -aG docker $USER -``` - -### start and enable docker - -``` -sudo systemctl start docker -sudo systemctl enable docker -``` - -### change ssh port to 2022 - -``` -sudo vi /etc/ssh/sshd_config - -``` - -change Port 2022 - -### allow root to ssh - -``` -sudo vi /etc/ssh/sshd_config - -``` - -## set the root password - -``` -sudo passwd root -``` - -change PermitRootLogin yes - -reboot - -start a stack running gitea to host repository. - -## stack - -### labels - -get nodes with - -``` -docker node ls -``` - -add label with - -``` -docker node update --label-add com.sigyl.git-stack=yes [node id] -``` - -### generate certificates - -(rnd file) dd if=/dev/urandom of=~/.rnd bs=256 count=1 -where [registry-domain] is the domain on which the registry will be served - - sh ca.sh [registry-domain]:5000 - - - sh make-cert.sh [registry-domain] registry - -### ngrok auth - -obtain ngrok auth token and place in .secrets in form - - authtoken: [token] - -### initial deploy - -```shell -export LOCAL_DOCKER_REGISTRY=registry.local-domain:5000 -export CERTBOT_EMAIL=giles.bradshaw@sigyl.com -export GIT_DOMAIN=git.sigyl.com -export REMOTE_DOMAIN=remote.sigyl.com -export DRONE_DOMAIN=drone.sigyl.com -export BLOG_DOMAIN=blog.sigyl.com - -export DRONE_RPC_SECRET=$(openssl rand -base64 48) -docker stack deploy -c docker-compose.yml gitea -``` - -### create gitea drone app with client id and secret - -### add secrets to repository in drone - - -![add secret](./add-secret.png) - -* blog-domain -* certbot-email -* drone-domain -* drone-gitea-client-id -* drone-gitea-client-secret -* drone-rpc-secret -* git-domain -* local-docker-registry -* remote-domain -* ssh-password -* ssh-port -* ssh-root-password -* ssh-root-user -* ssh-user -* ssh-host - -### kill orphan docker:dind containers - -Wen the system is deployed by pushing to repository the docker:dind container will be orphaned and will run forever unless killed.. - - -## guacamole - -np no spaces in postgres password - -docker stack for guacamole - -adapted from https://digitalmccullough.com/posts/setting-up-apache-guacamole-with-docker-stack.html - -### initialising - -find id - -``` -docker ps - -``` - -execute initdb.sql - -``` -docker exec -it $ID psql -U postgres -d guacamole_db -f /initdb.sql -docker exec -it $ID psql -U postgres -d guacamole_db -f /init-user.sql -v password='somepassword' -v user='guacamole_user' -``` - -initial admin is guacadmin:guacadmin - -create a new admin and delete guacadmin - -## docker-exec-runner on windows - -These instructions are not very good... - -https://exec-runner.docs.drone.io/installation/windows/ - -download and unpack on linux with - -``` -curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_windows_amd64.tar.gz | tar zx -``` - - -rename drone-runner-exec to drone-runner-exec.exe - -make directory c:\Drone\drone-runner-exec on windows - -copy drone-runner-exec.exe to directory - -make config file with - -``` - -DRONE_RPC_PROTO=https -DRONE_RPC_HOST=drone.sigyl.com:443 -DRONE_RPC_SECRET=[rpc secret] -DRONE_LOG_FILE=C:\Drone\drone-runner-exec\log.txt -DRONE_RUNNER_LABELS=web:true -``` - - -install and start service with - -``` -drone-runner-exec service install -drone-runner-exec service start -``` - -## chat - -Once the chat-mongo container is up you need to get its id and do - -``` -docker exec -it [id] mongo --eval "printjson(rs.initiate({_id: 'rs0', members: [ { _id: 0, host: 'localhost:27017' } ]}))" -``` - -then scale up chat - -``` -docker service scale gitea_chat=1 -``` \ No newline at end of file From c4f466464389913109243ac9dc2c46d471086ffa Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 13:46:09 +0100 Subject: [PATCH 02/23] . --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c6dafc2..4df38e2 100644 --- a/README.md +++ b/README.md @@ -397,7 +397,11 @@ Vist domain/ghost and set up admin user. ### chat -Admin user is automatically created according to configured secrets +Admin user is automatically created according to configured secrets. Change the password! + +### guacamole + +Use admin user name and password you supplied when you set up the database. ## docker-exec-runner on windows From 1531821418fdedb19674c690eabcc017e4978742 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 14:26:59 +0100 Subject: [PATCH 03/23] . --- docker-compose-home.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose-home.yml b/docker-compose-home.yml index 857ec7a..085e6cf 100644 --- a/docker-compose-home.yml +++ b/docker-compose-home.yml @@ -292,7 +292,7 @@ services: replicas: 0 # will scale after mongo initated restart_policy: condition: any - image: rocketchat/rocket.chat:latest + image: rocketchat/rocket.chat:3.0.7 networks: - appnet environment: From d2e4cb547b4813c150eb8e313de17adc18eb07b1 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 18:22:48 +0100 Subject: [PATCH 04/23] . --- docker-compose-home.yml | 13 +- drone-starlark/repos/echo-secret.star | 2 +- drone-starlark/repos/stack/drone.star | 1 + .../repos/stack/public-secrets.star | 4 + .../repos/stack/secret-secrets.star | 5 + gitea/Dockerfile | 4 + gitea/app.ini | 89 ++ gitea/app.ini.sample | 1015 +++++++++++++++++ gitea/run.sh | 2 + 9 files changed, 1133 insertions(+), 2 deletions(-) create mode 100644 gitea/Dockerfile create mode 100644 gitea/app.ini create mode 100644 gitea/app.ini.sample create mode 100644 gitea/run.sh diff --git a/docker-compose-home.yml b/docker-compose-home.yml index 085e6cf..f580932 100644 --- a/docker-compose-home.yml +++ b/docker-compose-home.yml @@ -63,12 +63,23 @@ services: replicas: 1 restart_policy: condition: any - image: gitea/gitea:latest + image: ${LOCAL_DOCKER_REGISTRY}gitea environment: - USER_UID=1000 - USER_GID=1000 - ROOT_URL=https://${GIT_DOMAIN}/git - SSH_DOMAIN=${GIT_DOMAIN} + - GITEA_APP_NAME=${GITEA_APP_NAME} + - GIT_DOMAIN=${GIT_DOMAIN} + - GITEA_SERVER_LFS_JWT_SECRET=$GITEA_SERVER_LFS_JWT_SECRET + - GITEA_SECURITY_SECRET_KEY=$GITEA_SECURITY_SECRET_KEY + - GITEA_SECURITY_INTERNAL_TOKEN=$GITEA_SECURITY_INTERNAL_TOKEN + - GITEA_OAUTH2_JWT_SECRET=$GITEA_OAUTH2_JWT_SECRET + - GITEA_MAILER_HOST=$GITEA_MAILER_HOST + - GITEA_MAILER_USER=$GITEA_MAILER_USER + - GITEA_MAILER_FROM=$GITEA_MAILER_FROM + - GITEA_MAILER_PASSWD=$GITEA_MAILER_PASSWD + volumes: - gitea-app:/data ports: diff --git a/drone-starlark/repos/echo-secret.star b/drone-starlark/repos/echo-secret.star index aec266b..3915df6 100644 --- a/drone-starlark/repos/echo-secret.star +++ b/drone-starlark/repos/echo-secret.star @@ -1,7 +1,7 @@ load("@this//:secret-to-environment.star", "secretToEnvironment") def echoSecret(secret): - return 'echo "export {environment}=???" >> ***filename*** # {secret}'.format( + return 'echo "export {environment}=??? ${environment}" >> ***filename*** # {secret}'.format( secret = secret, environment = secretToEnvironment(secret), ) diff --git a/drone-starlark/repos/stack/drone.star b/drone-starlark/repos/stack/drone.star index 857ca54..ad1692a 100644 --- a/drone-starlark/repos/stack/drone.star +++ b/drone-starlark/repos/stack/drone.star @@ -41,6 +41,7 @@ def drone( publicSecrets, secretSecrets, ), + build("gitea"), build("ngrok-gitea"), build("guacamole-postgresql"), build("letsencrypt-nginx"), diff --git a/drone-starlark/repos/stack/public-secrets.star b/drone-starlark/repos/stack/public-secrets.star index 5724837..b717843 100644 --- a/drone-starlark/repos/stack/public-secrets.star +++ b/drone-starlark/repos/stack/public-secrets.star @@ -17,4 +17,8 @@ publicSecrets = [ "ghost-mail-user", "chat-admin-name", "chat-admin-email", + "gitea-mailer-host", + "gitea-mailer-from", + "gitea-mailer-user", + "gitea-app-name" ] \ No newline at end of file diff --git a/drone-starlark/repos/stack/secret-secrets.star b/drone-starlark/repos/stack/secret-secrets.star index 1435fa8..d0ad12c 100644 --- a/drone-starlark/repos/stack/secret-secrets.star +++ b/drone-starlark/repos/stack/secret-secrets.star @@ -6,4 +6,9 @@ secretSecrets = [ "ngrok-auth-token", "ghost-mail-password", "chat-admin-password", + "gitea-server-lfs-jwt-secret", + "gitea-security-secret-key", + "gitea-security-internal-token", + "gitea-oauth2-jwt-secret", + "gitea-mailer-passwd", ] \ No newline at end of file diff --git a/gitea/Dockerfile b/gitea/Dockerfile new file mode 100644 index 0000000..e0f92dc --- /dev/null +++ b/gitea/Dockerfile @@ -0,0 +1,4 @@ +FROM gitea/gitea:latest +COPY app.ini /init/ +COPY run.sh / +CMD ["sh", "/run.sh"] \ No newline at end of file diff --git a/gitea/app.ini b/gitea/app.ini new file mode 100644 index 0000000..3eab78e --- /dev/null +++ b/gitea/app.ini @@ -0,0 +1,89 @@ +APP_NAME = ${GITEA_APP_NAME} +RUN_MODE = prod +RUN_USER = git + +[repository] +ROOT = /data/git/repositories + +[repository.local] +LOCAL_COPY_PATH = /data/gitea/tmp/local-repo + +[repository.upload] +TEMP_PATH = /data/gitea/uploads + +[server] +APP_DATA_PATH = /data/gitea +SSH_DOMAIN = ${GIT_DOMAIN} +HTTP_PORT = 3000 +ROOT_URL = https://${GIT_DOMAIN}/git/ +DISABLE_SSH = false +SSH_PORT = 22 +SSH_LISTEN_PORT = 22 +LFS_START_SERVER = true +LFS_CONTENT_PATH = /data/git/lfs +DOMAIN = ${GIT_DOMAIN} +LFS_JWT_SECRET = ${GITEA_SERVER_LFS_JWT_SECRET} +OFFLINE_MODE = false + +[database] +PATH = /data/gitea/gitea.db +DB_TYPE = sqlite3 +HOST = localhost:3306 +NAME = gitea +USER = root +PASSWD = +SCHEMA = +SSL_MODE = disable +CHARSET = utf8 + +[indexer] +ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve + +[session] +PROVIDER_CONFIG = /data/gitea/sessions +PROVIDER = file + +[picture] +AVATAR_UPLOAD_PATH = /data/gitea/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars +DISABLE_GRAVATAR = false +ENABLE_FEDERATED_AVATAR = true + +[attachment] +PATH = /data/gitea/attachments + +[log] +ROOT_PATH = /data/gitea/log +MODE = file +LEVEL = info + +[security] +INSTALL_LOCK = true +SECRET_KEY = ${GITEA_SECURITY_SECRET_KEY} +INTERNAL_TOKEN = ${GITEA_SECURITY_INTERNAL_TOKEN} +PASSWORD_COMPLEXITY = off +[service] +DISABLE_REGISTRATION = false +REQUIRE_SIGNIN_VIEW = false +REGISTER_EMAIL_CONFIRM = true +ENABLE_NOTIFY_MAIL = true +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.${GIT_DOMAIN} + +[oauth2] +JWT_SECRET = ${GITEA_OAUTH2_JWT_SECRET} + +[mailer] +ENABLED = true +HOST = ${GITEA_MAILER_HOST} +FROM = ${GITEA_MAILER_FROM} +USER = ${GITEA_MAILER_USER} +PASSWD = ${GITEA_MAILER_PASSWD} + +[openid] +ENABLE_OPENID_SIGNIN = true +ENABLE_OPENID_SIGNUP = true diff --git a/gitea/app.ini.sample b/gitea/app.ini.sample new file mode 100644 index 0000000..0bb1a0e --- /dev/null +++ b/gitea/app.ini.sample @@ -0,0 +1,1015 @@ +; This file lists the default values used by Gitea +; Copy required sections to your own app.ini (default is custom/conf/app.ini) +; and modify as needed. + +; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation. + +; App name that shows in every page title +APP_NAME = ${TITLE} +; Change it if you run locally +RUN_USER = git +; Either "dev", "prod" or "test", default is "dev" +RUN_MODE = dev + +[repository] +ROOT = +SCRIPT_TYPE = bash +; Default ANSI charset +ANSI_CHARSET = +; Force every new repository to be private +FORCE_PRIVATE = false +; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used. +DEFAULT_PRIVATE = last +; Global limit of repositories per user, applied at creation time. -1 means no limit +MAX_CREATION_LIMIT = -1 +; Mirror sync queue length, increase if mirror syncing starts hanging +MIRROR_QUEUE_LENGTH = 1000 +; Patch test queue length, increase if pull request patch testing starts hanging +PULL_REQUEST_QUEUE_LENGTH = 1000 +; Preferred Licenses to place at the top of the List +; The name here must match the filename in conf/license or custom/conf/license +PREFERRED_LICENSES = Apache License 2.0,MIT License +; Disable the ability to interact with repositories using the HTTP protocol +DISABLE_HTTP_GIT = false +; Value for Access-Control-Allow-Origin header, default is not to present +; WARNING: This maybe harmful to you website if you do not give it a right value. +ACCESS_CONTROL_ALLOW_ORIGIN = +; Force ssh:// clone url instead of scp-style uri when default SSH port is used +USE_COMPAT_SSH_URI = false +; Close issues as long as a commit on any branch marks it as fixed +DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = false +; Allow users to push local repositories to Gitea and have them automatically created for a user or an org +ENABLE_PUSH_CREATE_USER = false +ENABLE_PUSH_CREATE_ORG = false +; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki +DISABLED_REPO_UNITS = +; Comma separated list of default repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki. +; Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility. +; External wiki and issue tracker can't be enabled by default as it requires additional settings. +; Disabled repo units will not be added to new repositories regardless if it is in the default list. +DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki +; Prefix archive files by placing them in a directory named after the repository +PREFIX_ARCHIVE_FILES = true + +[repository.editor] +; List of file extensions for which lines should be wrapped in the CodeMirror editor +; Separate extensions with a comma. To line wrap files without an extension, just put a comma +LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd, +; Valid file modes that have a preview API associated with them, such as api/v1/markdown +; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match +PREVIEWABLE_FILE_MODES = markdown + +[repository.local] +; Path for local repository copy. Defaults to `tmp/local-repo` +LOCAL_COPY_PATH = tmp/local-repo +; Path for local wiki copy. Defaults to `tmp/local-wiki` +LOCAL_WIKI_PATH = tmp/local-wiki + +[repository.upload] +; Whether repository file uploads are enabled. Defaults to `true` +ENABLED = true +; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart) +TEMP_PATH = data/tmp/uploads +; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type +ALLOWED_TYPES = +; Max size of each file in megabytes. Defaults to 3MB +FILE_MAX_SIZE = 3 +; Max number of files per upload. Defaults to 5 +MAX_FILES = 5 + +[repository.pull-request] +; List of prefixes used in Pull Request title to mark them as Work In Progress +WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP] +; List of keywords used in Pull Request comments to automatically close a related issue +CLOSE_KEYWORDS=close,closes,closed,fix,fixes,fixed,resolve,resolves,resolved +; List of keywords used in Pull Request comments to automatically reopen a related issue +REOPEN_KEYWORDS=reopen,reopens,reopened +; In the default merge message for squash commits include at most this many commits +DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT=50 +; In the default merge message for squash commits limit the size of the commit messages to this +DEFAULT_MERGE_MESSAGE_SIZE=5120 +; In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list +DEFAULT_MERGE_MESSAGE_ALL_AUTHORS=false +; In default merge messages limit the number of approvers listed as Reviewed-by: to this many +DEFAULT_MERGE_MESSAGE_MAX_APPROVERS=10 +; In default merge messages only include approvers who are official +DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY=true + +[repository.issue] +; List of reasons why a Pull Request or Issue can be locked +LOCK_REASONS=Too heated,Off-topic,Resolved,Spam + +[repository.signing] +; GPG key to use to sign commits, Defaults to the default - that is the value of git config --get user.signingkey +; run in the context of the RUN_USER +; Switch to none to stop signing completely +SIGNING_KEY = default +; If a SIGNING_KEY ID is provided and is not set to default, use the provided Name and Email address as the signer. +; These should match a publicized name and email address for the key. (When SIGNING_KEY is default these are set to +; the results of git config --get user.name and git config --get user.email respectively and can only be overrided +; by setting the SIGNING_KEY ID to the correct ID.) +SIGNING_NAME = +SIGNING_EMAIL = +; Determines when gitea should sign the initial commit when creating a repository +; Either: +; - never +; - pubkey: only sign if the user has a pubkey +; - twofa: only sign if the user has logged in with twofa +; - always +; options other than none and always can be combined as comma separated list +INITIAL_COMMIT = always +; Determines when to sign for CRUD actions +; - as above +; - parentsigned: requires that the parent commit is signed. +CRUD_ACTIONS = pubkey, twofa, parentsigned +; Determines when to sign Wiki commits +; - as above +WIKI = never +; Determines when to sign on merges +; - basesigned: require that the parent of commit on the base repo is signed. +; - commitssigned: require that all the commits in the head branch are signed. +; - approved: only sign when merging an approved pr to a protected branch +MERGES = pubkey, twofa, basesigned, commitssigned + +[cors] +; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers +; enable cors headers (disabled by default) +ENABLED=false +; scheme of allowed requests +SCHEME=http +; list of requesting domains that are allowed +ALLOW_DOMAIN=* +; allow subdomains of headers listed above to request +ALLOW_SUBDOMAIN=false +; list of methods allowed to request +METHODS=GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS +; max time to cache response +MAX_AGE=10m +; allow request with credentials +ALLOW_CREDENTIALS=false + +[ui] +; Number of repositories that are displayed on one explore page +EXPLORE_PAGING_NUM = 20 +; Number of issues that are displayed on one page +ISSUE_PAGING_NUM = 10 +; Number of maximum commits displayed in one activity feed +FEED_MAX_COMMIT_NUM = 5 +; Number of maximum commits displayed in commit graph. +GRAPH_MAX_COMMIT_NUM = 100 +; Number of line of codes shown for a code comment +CODE_COMMENT_LINES = 4 +; Value of `theme-color` meta tag, used by Android >= 5.0 +; An invalid color like "none" or "disable" will have the default style +; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android +THEME_COLOR_META_TAG = `#6cc644` +; Max size of files to be displayed (default is 8MiB) +MAX_DISPLAY_FILE_SIZE = 8388608 +; Whether the email of the user should be shown in the Explore Users page +SHOW_USER_EMAIL = true +; Set the default theme for the Gitea install +DEFAULT_THEME = gitea +; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`. +THEMES = gitea,arc-green +;All available reactions users can choose on issues/prs and comments. +;Values can be emoji alias (:smile:) or a unicode emoji. +;For custom reactions, add a tightly cropped square image to public/emoji/img/reaction_name.png +REACTIONS = +1, -1, laugh, hooray, confused, heart, rocket, eyes +; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used. +DEFAULT_SHOW_FULL_NAME = false +; Whether to search within description at repository search on explore page. +SEARCH_REPO_DESCRIPTION = true +; Whether to enable a Service Worker to cache frontend assets +USE_SERVICE_WORKER = true + +[ui.admin] +; Number of users that are displayed on one page +USER_PAGING_NUM = 50 +; Number of repos that are displayed on one page +REPO_PAGING_NUM = 50 +; Number of notices that are displayed on one page +NOTICE_PAGING_NUM = 25 +; Number of organizations that are displayed on one page +ORG_PAGING_NUM = 50 + +[ui.user] +; Number of repos that are displayed on one page +REPO_PAGING_NUM = 15 + +[ui.meta] +AUTHOR = Gitea - Git with a cup of tea +DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go +KEYWORDS = go,git,self-hosted,gitea + +[ui.notification] +; Control how often notification is queried to update the notification +; The timeout will increase to MAX_TIMEOUT in TIMEOUT_STEPs if the notification count is unchanged +; Set MIN_TIMEOUT to 0 to turn off +MIN_TIMEOUT = 10s +MAX_TIMEOUT = 60s +TIMEOUT_STEP = 10s + +[markdown] +; Render soft line breaks as hard line breaks, which means a single newline character between +; paragraphs will cause a line break and adding trailing whitespace to paragraphs is not +; necessary to force a line break. +ENABLE_HARD_LINE_BREAK = true +; Comma separated list of custom URL-Schemes that are allowed as links when rendering Markdown +; for example git,magnet,ftp (more at https://en.wikipedia.org/wiki/List_of_URI_schemes) +; URLs starting with http and https are always displayed, whatever is put in this entry. +CUSTOM_URL_SCHEMES = +; List of file extensions that should be rendered/edited as Markdown +; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma +FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd + +[server] +; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'. +PROTOCOL = http +DOMAIN = localhost +ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/ +; when STATIC_URL_PREFIX is empty it will follow ROOT_URL +STATIC_URL_PREFIX = +; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket. +HTTP_ADDR = 0.0.0.0 +; The port to listen on. Leave empty when using a unix socket. +HTTP_PORT = 3000 +; If REDIRECT_OTHER_PORT is true, and PROTOCOL is set to https an http server +; will be started on PORT_TO_REDIRECT and it will redirect plain, non-secure http requests to the main +; ROOT_URL. Defaults are false for REDIRECT_OTHER_PORT and 80 for +; PORT_TO_REDIRECT. +REDIRECT_OTHER_PORT = false +PORT_TO_REDIRECT = 80 +; Permission for unix socket +UNIX_SOCKET_PERMISSION = 666 +; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service. +; In most cases you do not need to change the default value. +; Alter it only if your SSH server node is not the same as HTTP node. +; Do not set this variable if PROTOCOL is set to 'unix'. +LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/ +; Disable SSH feature when not available +DISABLE_SSH = false +; Whether to use the builtin SSH server or not. +START_SSH_SERVER = false +; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER. +BUILTIN_SSH_SERVER_USER = +; Domain name to be exposed in clone URL +SSH_DOMAIN = %(DOMAIN)s +; The network interface the builtin SSH server should listen on +SSH_LISTEN_HOST = +; Port number to be exposed in clone URL +SSH_PORT = 22 +; The port number the builtin SSH server should listen on +SSH_LISTEN_PORT = %(SSH_PORT)s +; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'. +SSH_ROOT_PATH = +; Gitea will create a authorized_keys file by default when it is not using the internal ssh server +; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off. +SSH_CREATE_AUTHORIZED_KEYS_FILE = true +; For the built-in SSH server, choose the ciphers to support for SSH connections, +; for system SSH this setting has no effect +SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128 +; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, +; for system SSH this setting has no effect +SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org +; For the built-in SSH server, choose the MACs to support for SSH connections, +; for system SSH this setting has no effect +SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96 +; Directory to create temporary files in when testing public keys using ssh-keygen, +; default is the system temporary directory. +SSH_KEY_TEST_PATH = +; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call. +SSH_KEYGEN_PATH = ssh-keygen +; Enable SSH Authorized Key Backup when rewriting all keys, default is true +SSH_BACKUP_AUTHORIZED_KEYS = true +; Enable exposure of SSH clone URL to anonymous visitors, default is false +SSH_EXPOSE_ANONYMOUS = false +; Indicate whether to check minimum key size with corresponding type +MINIMUM_KEY_SIZE_CHECK = false +; Disable CDN even in "prod" mode +OFFLINE_MODE = false +DISABLE_ROUTER_LOG = false +; Generate steps: +; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com +; +; Or from a .pfx file exported from the Windows certificate store (do +; not forget to export the private key): +; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys +; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes +; Paths are relative to CUSTOM_PATH +CERT_FILE = https/cert.pem +KEY_FILE = https/key.pem +; Root directory containing templates and static files. +; default is the path where Gitea is executed +STATIC_ROOT_PATH = +; Default path for App data +APP_DATA_PATH = data +; Application level GZIP support +ENABLE_GZIP = false +; Application profiling (memory and cpu) +; For "web" command it listens on localhost:6060 +; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)__ +ENABLE_PPROF = false +; PPROF_DATA_PATH, use an absolute path when you start gitea as service +PPROF_DATA_PATH = data/tmp/pprof +; Landing page, can be "home", "explore", "organizations" or "login" +; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in. +LANDING_PAGE = home +; Enables git-lfs support. true or false, default is false. +LFS_START_SERVER = false +; Where your lfs files reside, default is data/lfs. +LFS_CONTENT_PATH = data/lfs +; LFS authentication secret, change this yourself +LFS_JWT_SECRET = +; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail. +LFS_HTTP_AUTH_EXPIRY = 20m +; Maximum allowed LFS file size in bytes (Set to 0 for no limit). +LFS_MAX_FILE_SIZE = 0 +; Maximum number of locks returned per page +LFS_LOCKS_PAGING_NUM = 50 +; Allow graceful restarts using SIGHUP to fork +ALLOW_GRACEFUL_RESTARTS = true +; After a restart the parent will finish ongoing requests before +; shutting down. Force shutdown if this process takes longer than this delay. +; set to a negative value to disable +GRACEFUL_HAMMER_TIME = 60s +; Allows the setting of a startup timeout and waithint for Windows as SVC service +; 0 disables this. +STARTUP_TIMEOUT = 0 +; Static resources, includes resources on custom/, public/ and all uploaded avatars web browser cache time, default is 6h +STATIC_CACHE_TIME = 6h + +; Define allowed algorithms and their minimum key length (use -1 to disable a type) +[ssh.minimum_key_sizes] +ED25519 = 256 +ECDSA = 256 +RSA = 2048 +DSA = 1024 + +[database] +; Database to use. Either "mysql", "postgres", "mssql" or "sqlite3". +DB_TYPE = mysql +HOST = 127.0.0.1:3306 +NAME = gitea +USER = root +; Use PASSWD = `your password` for quoting if you use special characters in the password. +PASSWD = +; For Postgres, schema to use if different from "public". The schema must exist beforehand, +; the user must have creation privileges on it, and the user search path must be set +; to the look into the schema first. e.g.:ALTER USER user SET SEARCH_PATH = schema_name,"$user",public; +SCHEMA = +; For Postgres, either "disable" (default), "require", or "verify-full" +; For MySQL, either "false" (default), "true", or "skip-verify" +SSL_MODE = disable +; For MySQL only, either "utf8" or "utf8mb4", default is "utf8". +; NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this. +CHARSET = utf8 +; For "sqlite3" and "tidb", use an absolute path when you start gitea as service +PATH = data/gitea.db +; For "sqlite3" only. Query timeout +SQLITE_TIMEOUT = 500 +; For iterate buffer, default is 50 +ITERATE_BUFFER_SIZE = 50 +; Show the database generated SQL +LOG_SQL = true +; Maximum number of DB Connect retries +DB_RETRIES = 10 +; Backoff time per DB retry (time.Duration) +DB_RETRY_BACKOFF = 3s +; Max idle database connections on connnection pool, default is 2 +MAX_IDLE_CONNS = 2 +; Database connection max life time, default is 0 or 3s mysql (See #6804 & #7071 for reasoning) +CONN_MAX_LIFETIME = 3s +; Database maximum number of open connections, default is 0 meaning no maximum +MAX_OPEN_CONNS = 0 + +[indexer] +; Issue indexer type, currently support: bleve, db or elasticsearch, default is bleve +ISSUE_INDEXER_TYPE = bleve +; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch +ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200 +; Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch +ISSUE_INDEXER_NAME = gitea_issues +; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve +ISSUE_INDEXER_PATH = indexers/issues.bleve +; Issue indexer queue, currently support: channel, levelqueue or redis, default is levelqueue +ISSUE_INDEXER_QUEUE_TYPE = levelqueue +; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path, +; default is indexers/issues.queue +ISSUE_INDEXER_QUEUE_DIR = indexers/issues.queue +; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string. +ISSUE_INDEXER_QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0" +; Batch queue number, default is 20 +ISSUE_INDEXER_QUEUE_BATCH_NUMBER = 20 +; Timeout the indexer if it takes longer than this to start. +; Set to zero to disable timeout. +STARTUP_TIMEOUT=30s + +; repo indexer by default disabled, since it uses a lot of disk space +REPO_INDEXER_ENABLED = false +REPO_INDEXER_PATH = indexers/repos.bleve +UPDATE_BUFFER_LEN = 20 +MAX_FILE_SIZE = 1048576 +; A comma separated list of glob patterns (see https://github.com/gobwas/glob) to include +; in the index; default is empty +REPO_INDEXER_INCLUDE = +; A comma separated list of glob patterns to exclude from the index; ; default is empty +REPO_INDEXER_EXCLUDE = + +[queue] +; Specific queues can be individually configured with [queue.name]. [queue] provides defaults +; +; General queue queue type, currently support: persistable-channel, channel, level, redis, dummy +; default to persistable-channel +TYPE = persistable-channel +; data-dir for storing persistable queues and level queues, individual queues will be named by their type +DATADIR = queues/ +; Default queue length before a channel queue will block +LENGTH = 20 +; Batch size to send for batched queues +BATCH_LENGTH = 20 +; Connection string for redis queues this will store the redis connection string. +CONN_STR = "addrs=127.0.0.1:6379 db=0" +; Provide the suffix of the default redis queue name - specific queues can be overriden within in their [queue.name] sections. +QUEUE_NAME = "_queue" +; If the queue cannot be created at startup - level queues may need a timeout at startup - wrap the queue: +WRAP_IF_NECESSARY = true +; Attempt to create the wrapped queue at max +MAX_ATTEMPTS = 10 +; Timeout queue creation +TIMEOUT = 15m30s +; Create a pool with this many workers +WORKERS = 1 +; Dynamically scale the worker pool to at this many workers +MAX_WORKERS = 10 +; Add boost workers when the queue blocks for BLOCK_TIMEOUT +BLOCK_TIMEOUT = 1s +; Remove the boost workers after BOOST_TIMEOUT +BOOST_TIMEOUT = 5m +; During a boost add BOOST_WORKERS +BOOST_WORKERS = 5 + +[admin] +; Disallow regular (non-admin) users from creating organizations. +DISABLE_REGULAR_ORG_CREATION = false +; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled +DEFAULT_EMAIL_NOTIFICATIONS = enabled + +[security] +; Whether the installer is disabled +INSTALL_LOCK = false +; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!! +SECRET_KEY = !#@FDEWREWR&*( +; How long to remember that a user is logged in before requiring relogin (in days) +LOGIN_REMEMBER_DAYS = 7 +COOKIE_USERNAME = gitea_awesome +COOKIE_REMEMBER_NAME = gitea_incredible +; Reverse proxy authentication header name of user name +REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER +REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL +; The minimum password length for new Users +MIN_PASSWORD_LENGTH = 6 +; Set to true to allow users to import local server paths +IMPORT_LOCAL_PATHS = false +; Set to true to prevent all users (including admin) from creating custom git hooks +DISABLE_GIT_HOOKS = false +; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED +ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true +;Comma separated list of character classes required to pass minimum complexity. +;If left empty or no valid values are specified, the default values ("lower,upper,digit,spec") will be used. +;Use "off" to disable checking. +PASSWORD_COMPLEXITY = lower,upper,digit,spec +; Password Hash algorithm, either "pbkdf2", "argon2", "scrypt" or "bcrypt" +PASSWORD_HASH_ALGO = pbkdf2 +; Set false to allow JavaScript to read CSRF cookie +CSRF_COOKIE_HTTP_ONLY = true + +[openid] +; +; OpenID is an open, standard and decentralized authentication protocol. +; Your identity is the address of a webpage you provide, which describes +; how to prove you are in control of that page. +; +; For more info: https://en.wikipedia.org/wiki/OpenID +; +; Current implementation supports OpenID-2.0 +; +; Tested to work providers at the time of writing: +; - Any GNUSocial node (your.hostname.tld/username) +; - Any SimpleID provider (http://simpleid.koinic.net) +; - http://openid.org.cn/ +; - openid.stackexchange.com +; - login.launchpad.net +; - .livejournal.com +; +; Whether to allow signin in via OpenID +ENABLE_OPENID_SIGNIN = true +; Whether to allow registering via OpenID +; Do not include to rely on rhw DISABLE_REGISTRATION setting +;ENABLE_OPENID_SIGNUP = true +; Allowed URI patterns (POSIX regexp). +; Space separated. +; Only these would be allowed if non-blank. +; Example value: trusted.domain.org trusted.domain.net +WHITELISTED_URIS = +; Forbidden URI patterns (POSIX regexp). +; Space separated. +; Only used if WHITELISTED_URIS is blank. +; Example value: loadaverage.org/badguy stackexchange.com/.*spammer +BLACKLISTED_URIS = + +[service] +; Time limit to confirm account/email registration +ACTIVE_CODE_LIVE_MINUTES = 180 +; Time limit to perform the reset of a forgotten password +RESET_PASSWD_CODE_LIVE_MINUTES = 180 +; Whether a new user needs to confirm their email when registering. +REGISTER_EMAIL_CONFIRM = false +; List of domain names that are allowed to be used to register on a Gitea instance +; gitea.io,example.com +EMAIL_DOMAIN_WHITELIST= +; Disallow registration, only allow admins to create accounts. +DISABLE_REGISTRATION = false +; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +; User must sign in to view anything. +REQUIRE_SIGNIN_VIEW = false +; Mail notification +ENABLE_NOTIFY_MAIL = false +; This setting enables gitea to be signed in with HTTP BASIC Authentication using the user's password +; If you set this to false you will not be able to access the tokens endpoints on the API with your password +; Please note that setting this to false will not disable OAuth Basic or Basic authentication using a token +ENABLE_BASIC_AUTHENTICATION = true +; More detail: https://github.com/gogits/gogs/issues/165 +ENABLE_REVERSE_PROXY_AUTHENTICATION = false +ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false +ENABLE_REVERSE_PROXY_EMAIL = false +; Enable captcha validation for registration +ENABLE_CAPTCHA = false +; Type of captcha you want to use. Options: image, recaptcha +CAPTCHA_TYPE = image +; Enable recaptcha to use Google's recaptcha service +; Go to https://www.google.com/recaptcha/admin to sign up for a key +RECAPTCHA_SECRET = +RECAPTCHA_SITEKEY = +; Change this to use recaptcha.net or other recaptcha service +RECAPTCHA_URL = https://www.google.com/recaptcha/ +; Default value for KeepEmailPrivate +; Each new user will get the value of this setting copied into their profile +DEFAULT_KEEP_EMAIL_PRIVATE = false +; Default value for AllowCreateOrganization +; Every new user will have rights set to create organizations depending on this setting +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +; Either "public", "limited" or "private", default is "public" +; Limited is for signed user only +; Private is only for member of the organization +; Public is for everyone +DEFAULT_ORG_VISIBILITY = public +; Default value for DefaultOrgMemberVisible +; True will make the membership of the users visible when added to the organisation +DEFAULT_ORG_MEMBER_VISIBLE = false +; Default value for EnableDependencies +; Repositories will use dependencies by default depending on this setting +DEFAULT_ENABLE_DEPENDENCIES = true +; Dependencies can be added from any repository where the user is granted access or only from the current repository depending on this setting. +ALLOW_CROSS_REPOSITORY_DEPENDENCIES = true +; Enable heatmap on users profiles. +ENABLE_USER_HEATMAP = true +; Enable Timetracking +ENABLE_TIMETRACKING = true +; Default value for EnableTimetracking +; Repositories will use timetracking by default depending on this setting +DEFAULT_ENABLE_TIMETRACKING = true +; Default value for AllowOnlyContributorsToTrackTime +; Only users with write permissions can track time if this is true +DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true +; Default value for the domain part of the user's email address in the git log +; if he has set KeepEmailPrivate to true. The user's email will be replaced with a +; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS. +NO_REPLY_ADDRESS = noreply.%(DOMAIN)s +; Show Registration button +SHOW_REGISTRATION_BUTTON = true +; Show milestones dashboard page - a view of all the user's milestones +SHOW_MILESTONES_DASHBOARD_PAGE = true +; Default value for AutoWatchNewRepos +; When adding a repo to a team or creating a new repo all team members will watch the +; repo automatically if enabled +AUTO_WATCH_NEW_REPOS = true +; Default value for AutoWatchOnChanges +; Make the user watch a repository When they commit for the first time +AUTO_WATCH_ON_CHANGES = false + +[webhook] +; Hook task queue length, increase if webhook shooting starts hanging +QUEUE_LENGTH = 1000 +; Deliver timeout in seconds +DELIVER_TIMEOUT = 5 +; Allow insecure certification +SKIP_TLS_VERIFY = false +; Number of history information in each page +PAGING_NUM = 10 +; Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy +PROXY_URL = +; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts. +PROXY_HOSTS = + +[mailer] +ENABLED = false +; Buffer length of channel, keep it as it is if you don't know what it is. +SEND_BUFFER_LEN = 100 +; Prefix displayed before subject in mail +SUBJECT_PREFIX = +; Mail server +; Gmail: smtp.gmail.com:587 +; QQ: smtp.qq.com:465 +; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used. +HOST = +; Disable HELO operation when hostnames are different. +DISABLE_HELO = +; Custom hostname for HELO operation, if no value is provided, one is retrieved from system. +HELO_HOSTNAME = +; Do not verify the certificate of the server. Only use this for self-signed certificates +SKIP_VERIFY = +; Use client certificate +USE_CERTIFICATE = false +CERT_FILE = custom/mailer/cert.pem +KEY_FILE = custom/mailer/key.pem +; Should SMTP connection use TLS +IS_TLS_ENABLED = false +; Mail from address, RFC 5322. This can be just an email address, or the `"Name" ` format +FROM = +; Mailer user name and password +USER = +; Use PASSWD = `your password` for quoting if you use special characters in the password. +PASSWD = +; Send mails as plain text +SEND_AS_PLAIN_TEXT = false +; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log) +MAILER_TYPE = smtp +; Specify an alternative sendmail binary +SENDMAIL_PATH = sendmail +; Specify any extra sendmail arguments +SENDMAIL_ARGS = + +[cache] +; if the cache enabled +ENABLED = true +; Either "memory", "redis", or "memcache", default is "memory" +ADAPTER = memory +; For "memory" only, GC interval in seconds, default is 60 +INTERVAL = 60 +; For "redis" and "memcache", connection host address +; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180 +; memcache: `127.0.0.1:11211` +HOST = +; Time to keep items in cache if not used, default is 16 hours. +; Setting it to 0 disables caching +ITEM_TTL = 16h + +; Last commit cache +[cache.last_commit] +; if the cache enabled +ENABLED = true +; Time to keep items in cache if not used, default is 8760 hours. +; Setting it to 0 disables caching +ITEM_TTL = 8760h +; Only enable the cache when repository's commits count great than +COMMITS_COUNT = 1000 + +[session] +; Either "memory", "file", or "redis", default is "memory" +PROVIDER = memory +; Provider config options +; memory: doesn't have any config yet +; file: session file path, e.g. `data/sessions` +; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180 +; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table` +PROVIDER_CONFIG = data/sessions +; Session cookie name +COOKIE_NAME = i_like_gitea +; If you use session in https only, default is false +COOKIE_SECURE = false +; Enable set cookie, default is true +ENABLE_SET_COOKIE = true +; Session GC time interval in seconds, default is 86400 (1 day) +GC_INTERVAL_TIME = 86400 +; Session life time in seconds, default is 86400 (1 day) +SESSION_LIFE_TIME = 86400 + +[picture] +AVATAR_UPLOAD_PATH = data/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars +; How Gitea deals with missing repository avatars +; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used +REPOSITORY_AVATAR_FALLBACK = none +REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png +; Max Width and Height of uploaded avatars. +; This is to limit the amount of RAM used when resizing the image. +AVATAR_MAX_WIDTH = 4096 +AVATAR_MAX_HEIGHT = 3072 +; Maximum alloved file size for uploaded avatars. +; This is to limit the amount of RAM used when resizing the image. +AVATAR_MAX_FILE_SIZE = 1048576 +; Chinese users can choose "duoshuo" +; or a custom avatar source, like: http://cn.gravatar.com/avatar/ +GRAVATAR_SOURCE = gravatar +; This value will always be true in offline mode. +DISABLE_GRAVATAR = false +; Federated avatar lookup uses DNS to discover avatar associated +; with emails, see https://www.libravatar.org +; This value will always be false in offline mode or when Gravatar is disabled. +ENABLE_FEDERATED_AVATAR = false + +[attachment] +; Whether attachments are enabled. Defaults to `true` +ENABLED = true +; Path for attachments. Defaults to `data/attachments` +PATH = data/attachments +; One or more allowed types, e.g. "image/jpeg|image/png". Use "*/*" for all types. +ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip +; Max size of each file. Defaults to 4MB +MAX_SIZE = 4 +; Max number of files per upload. Defaults to 5 +MAX_FILES = 5 + +[time] +; Specifies the format for fully outputted dates. Defaults to RFC1123 +; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano +; For more information about the format see http://golang.org/pkg/time/#pkg-constants +FORMAT = +; Location the UI time display i.e. Asia/Shanghai +; Empty means server's location setting +DEFAULT_UI_LOCATION = + +[log] +ROOT_PATH = +; Either "console", "file", "conn", "smtp" or "database", default is "console" +; Use comma to separate multiple modes, e.g. "console, file" +MODE = console +; Buffer length of the channel, keep it as it is if you don't know what it is. +BUFFER_LEN = 10000 +REDIRECT_MACARON_LOG = false +MACARON = file +; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Info" +ROUTER_LOG_LEVEL = Info +ROUTER = console +ENABLE_ACCESS_LOG = false +ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}" +ACCESS = file +; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace" +LEVEL = Info +; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None" +STACKTRACE_LEVEL = None + +; Generic log modes +[log.x] +FLAGS = stdflags +EXPRESSION = +PREFIX = +COLORIZE = false + +; For "console" mode only +[log.console] +LEVEL = +STDERR = false + +; For "file" mode only +[log.file] +LEVEL = +; Set the file_name for the logger. If this is a relative path this +; will be relative to ROOT_PATH +FILE_NAME = +; This enables automated log rotate(switch of following options), default is true +LOG_ROTATE = true +; Max number of lines in a single file, default is 1000000 +MAX_LINES = 1000000 +; Max size shift of a single file, default is 28 means 1 << 28, 256MB +MAX_SIZE_SHIFT = 28 +; Segment log daily, default is true +DAILY_ROTATE = true +; delete the log file after n days, default is 7 +MAX_DAYS = 7 +; compress logs with gzip +COMPRESS = true +; compression level see godoc for compress/gzip +COMPRESSION_LEVEL = -1 + +; For "conn" mode only +[log.conn] +LEVEL = +; Reconnect host for every single message, default is false +RECONNECT_ON_MSG = false +; Try to reconnect when connection is lost, default is false +RECONNECT = false +; Either "tcp", "unix" or "udp", default is "tcp" +PROTOCOL = tcp +; Host address +ADDR = + +; For "smtp" mode only +[log.smtp] +LEVEL = +; Name displayed in mail title, default is "Diagnostic message from server" +SUBJECT = Diagnostic message from server +; Mail server +HOST = +; Mailer user name and password +USER = +; Use PASSWD = `your password` for quoting if you use special characters in the password. +PASSWD = +; Receivers, can be one or more, e.g. 1@example.com,2@example.com +RECEIVERS = + +[cron] +; Enable running cron tasks periodically. +ENABLED = true +; Run cron tasks when Gitea starts. +RUN_AT_START = false + +; Update mirrors +[cron.update_mirrors] +SCHEDULE = @every 10m + +; Repository health check +[cron.repo_health_check] +SCHEDULE = @every 24h +TIMEOUT = 60s +; Arguments for command 'git fsck', e.g. "--unreachable --tags" +; see more on http://git-scm.com/docs/git-fsck +ARGS = + +; Check repository statistics +[cron.check_repo_stats] +RUN_AT_START = true +SCHEDULE = @every 24h + +; Clean up old repository archives +[cron.archive_cleanup] +; Whether to enable the job +ENABLED = true +; Whether to always run at least once at start up time (if ENABLED) +RUN_AT_START = true +; Time interval for job to run +SCHEDULE = @every 24h +; Archives created more than OLDER_THAN ago are subject to deletion +OLDER_THAN = 24h + +; Synchronize external user data (only LDAP user synchronization is supported) +[cron.sync_external_users] +; Synchronize external user data when starting server (default false) +RUN_AT_START = false +; Interval as a duration between each synchronization (default every 24h) +SCHEDULE = @every 24h +; Create new users, update existing user data and disable users that are not in external source anymore (default) +; or only create new users if UPDATE_EXISTING is set to false +UPDATE_EXISTING = true + +; Update migrated repositories' issues and comments' posterid, it will always attempt synchronization when the instance starts. +[cron.update_migration_poster_id] +; Interval as a duration between each synchronization. (default every 24h) +SCHEDULE = @every 24h + +[git] +; The path of git executable. If empty, Gitea searches through the PATH environment. +PATH = +; Disables highlight of added and removed changes +DISABLE_DIFF_HIGHLIGHT = false +; Max number of lines allowed in a single file in diff view +MAX_GIT_DIFF_LINES = 1000 +; Max number of allowed characters in a line in diff view +MAX_GIT_DIFF_LINE_CHARACTERS = 5000 +; Max number of files shown in diff view +MAX_GIT_DIFF_FILES = 100 +; Arguments for command 'git gc', e.g. "--aggressive --auto" +; see more on http://git-scm.com/docs/git-gc/ +GC_ARGS = +; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1 +ENABLE_AUTO_GIT_WIRE_PROTOCOL = true +; Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled) +PULL_REQUEST_PUSH_MESSAGE = true + +; Operation timeout in seconds +[git.timeout] +DEFAULT = 360 +MIGRATE = 600 +MIRROR = 300 +CLONE = 300 +PULL = 300 +GC = 60 + +[mirror] +; Default interval as a duration between each check +DEFAULT_INTERVAL = 8h +; Min interval as a duration must be > 1m +MIN_INTERVAL = 10m + +[api] +; Enables Swagger. True or false; default is true. +ENABLE_SWAGGER = true +; Max number of items in a page +MAX_RESPONSE_ITEMS = 50 +; Default paging number of api +DEFAULT_PAGING_NUM = 30 +; Default and maximum number of items per page for git trees api +DEFAULT_GIT_TREES_PER_PAGE = 1000 +; Default size of a blob returned by the blobs API (default is 10MiB) +DEFAULT_MAX_BLOB_SIZE = 10485760 + +[oauth2] +; Enables OAuth2 provider +ENABLE = true +; Lifetime of an OAuth2 access token in seconds +ACCESS_TOKEN_EXPIRATION_TIME=3600 +; Lifetime of an OAuth2 access token in hours +REFRESH_TOKEN_EXPIRATION_TIME=730 +; Check if refresh token got already used +INVALIDATE_REFRESH_TOKENS=false +; OAuth2 authentication secret for access and refresh tokens, change this to a unique string. +JWT_SECRET=Bk0yK7Y9g_p56v86KaHqjSbxvNvu3SbKoOdOt2ZcXvU +; Maximum length of oauth2 token/cookie stored on server +MAX_TOKEN_LENGTH=32767 + +[i18n] +LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR +NAMES = English,简体中文,繁體中文(香港),繁體中文(台灣),Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어 + +; Used for datetimepicker +[i18n.datelang] +en-US = en +zh-CN = zh +zh-HK = zh-HK +zh-TW = zh-TW +de-DE = de +fr-FR = fr +nl-NL = nl +lv-LV = lv +ru-RU = ru +uk-UA = uk +ja-JP = ja +es-ES = es +pt-BR = pt-BR +pl-PL = pl +bg-BG = bg +it-IT = it +fi-FI = fi +tr-TR = tr +cs-CZ = cs-CZ +sr-SP = sr +sv-SE = sv +ko-KR = ko + +[U2F] +; NOTE: THE DEFAULT VALUES HERE WILL NEED TO BE CHANGED +; Two Factor authentication with security keys +; https://developers.yubico.com/U2F/App_ID.html +;APP_ID = http://localhost:3000/ +; Comma seperated list of trusted facets +;TRUSTED_FACETS = http://localhost:3000/ + +; Extension mapping to highlight class +; e.g. .toml=ini +[highlight.mapping] + +[other] +SHOW_FOOTER_BRANDING = false +; Show version information about Gitea and Go in the footer +SHOW_FOOTER_VERSION = true +; Show template execution time in the footer +SHOW_FOOTER_TEMPLATE_LOAD_TIME = true + +[markup.sanitizer.1] +; The following keys can appear once to define a sanitation policy rule. +; This section can appear multiple times by adding a unique alphanumeric suffix to define multiple rules. +; e.g., [markup.sanitizer.1] -> [markup.sanitizer.2] -> [markup.sanitizer.TeX] +;ELEMENT = span +;ALLOW_ATTR = class +;REGEXP = ^(info|warning|error)$ + +[markup.asciidoc] +ENABLED = false +; List of file extensions that should be rendered by an external command +FILE_EXTENSIONS = .adoc,.asciidoc +; External command to render all matching extensions +RENDER_COMMAND = "asciidoc --out-file=- -" +; Don't pass the file on STDIN, pass the filename as argument instead. +IS_INPUT_FILE = false + +[metrics] +; Enables metrics endpoint. True or false; default is false. +ENABLED = false +; If you want to add authorization, specify a token here +TOKEN = + +[task] +; Task queue type, could be `channel` or `redis`. +QUEUE_TYPE = channel +; Task queue length, available only when `QUEUE_TYPE` is `channel`. +QUEUE_LENGTH = 1000 +; Task queue connection string, available only when `QUEUE_TYPE` is `redis`. +; If there is a password of redis, use `addrs=127.0.0.1:6379 password=123 db=0`. +QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0" + +[migrations] +; Max attempts per http/https request on migrations. +MAX_ATTEMPTS = 3 +; Backoff time per http/https request retry (seconds) +RETRY_BACKOFF = 3 \ No newline at end of file diff --git a/gitea/run.sh b/gitea/run.sh new file mode 100644 index 0000000..327b0b5 --- /dev/null +++ b/gitea/run.sh @@ -0,0 +1,2 @@ +envsubst < /init/app.ini > /data/gitea/conf/app.ini +/bin/s6-svscan /etc/s6 From 645caf3b698bb38b2857a40df1edd16106fe6b6b Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 18:47:54 +0100 Subject: [PATCH 05/23] . --- drone-starlark/repos/echo-secret.star | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drone-starlark/repos/echo-secret.star b/drone-starlark/repos/echo-secret.star index 3915df6..f7cbc1a 100644 --- a/drone-starlark/repos/echo-secret.star +++ b/drone-starlark/repos/echo-secret.star @@ -1,7 +1,7 @@ load("@this//:secret-to-environment.star", "secretToEnvironment") def echoSecret(secret): - return 'echo "export {environment}=??? ${environment}" >> ***filename*** # {secret}'.format( + return 'echo "export {environment}=???? ${environment}" >> ***filename*** # {secret}'.format( secret = secret, environment = secretToEnvironment(secret), ) From b979842aa508c98c15147b280d5b90f67343947e Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 18:55:50 +0100 Subject: [PATCH 06/23] . --- drone-starlark/repos/stack/drone.star | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drone-starlark/repos/stack/drone.star b/drone-starlark/repos/stack/drone.star index ad1692a..95e2c21 100644 --- a/drone-starlark/repos/stack/drone.star +++ b/drone-starlark/repos/stack/drone.star @@ -42,8 +42,8 @@ def drone( secretSecrets, ), build("gitea"), - build("ngrok-gitea"), build("guacamole-postgresql"), + build("ngrok-gitea"), build("letsencrypt-nginx"), build("ghost"), buildDockerFolder( From 3eee39b62a002f722592bf282ed4b3501a15b357 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 19:01:09 +0100 Subject: [PATCH 07/23] . --- drone-starlark/repos/print-secrets.star | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drone-starlark/repos/print-secrets.star b/drone-starlark/repos/print-secrets.star index d7508bb..d216cc3 100644 --- a/drone-starlark/repos/print-secrets.star +++ b/drone-starlark/repos/print-secrets.star @@ -9,9 +9,9 @@ def printSecrets(filename, env, secretEnv): return { "name": "print secrets", "image": "appleboy/drone-ssh", - "environment": environment(env), + "environment": environment(env + secretEnv), "settings": { - "envs": [x.replace("-", "_") for x in env ], + "envs": [x.replace("-", "_") for x in env + secretEnv ], "host": fromSecret("ssh-host"), "port": fromSecret("ssh-port"), "username": fromSecret("ssh-user"), From 33606e1f66756b2dc5ced970f0ad17686cdf8e19 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 20:25:24 +0100 Subject: [PATCH 08/23] . --- gitea/Dockerfile | 1 + gitea/run.sh | 6 ++++++ gitea/templates/home.tmpl | 17 +++++++++++++++++ 3 files changed, 24 insertions(+) create mode 100644 gitea/templates/home.tmpl diff --git a/gitea/Dockerfile b/gitea/Dockerfile index e0f92dc..4ccf029 100644 --- a/gitea/Dockerfile +++ b/gitea/Dockerfile @@ -1,4 +1,5 @@ FROM gitea/gitea:latest COPY app.ini /init/ +COPY ./templates /init/templates COPY run.sh / CMD ["sh", "/run.sh"] \ No newline at end of file diff --git a/gitea/run.sh b/gitea/run.sh index 327b0b5..75c8d30 100644 --- a/gitea/run.sh +++ b/gitea/run.sh @@ -1,2 +1,8 @@ envsubst < /init/app.ini > /data/gitea/conf/app.ini + +for file in /init/templates +do + envsubst < "/init/templates/$file" > "/data/gitea/templates/$file" +done + /bin/s6-svscan /etc/s6 diff --git a/gitea/templates/home.tmpl b/gitea/templates/home.tmpl new file mode 100644 index 0000000..8339d0c --- /dev/null +++ b/gitea/templates/home.tmpl @@ -0,0 +1,17 @@ +{{template "base/head" .}} +
+
+
+
+ +
+
+

+ {{AppName}} +

+

${DESCRIPTION}

+
+
+
+
+{{template "base/footer" .}} \ No newline at end of file From a885027f5e378814c20c31fff642a91955b5d653 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 20:47:28 +0100 Subject: [PATCH 09/23] . --- drone-starlark/repos/stack/drone.star | 36 +++++++++++++-------------- gitea/Dockerfile | 2 +- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/drone-starlark/repos/stack/drone.star b/drone-starlark/repos/stack/drone.star index 95e2c21..c3bca0c 100644 --- a/drone-starlark/repos/stack/drone.star +++ b/drone-starlark/repos/stack/drone.star @@ -42,24 +42,24 @@ def drone( secretSecrets, ), build("gitea"), - build("guacamole-postgresql"), - build("ngrok-gitea"), - build("letsencrypt-nginx"), - build("ghost"), - buildDockerFolder( - "Dockerfile.git", - "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx", - "$${LOCAL_DOCKER_REGISTRY}letsencrypt-git", - "letsencrypt-nginx", - "git", - ), - buildDockerFolder( - "Dockerfile.drone", - "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx", - "$${LOCAL_DOCKER_REGISTRY}letsencrypt-drone", - "letsencrypt-nginx", - "drone", - ), + #build("guacamole-postgresql"), + #build("ngrok-gitea"), + #build("letsencrypt-nginx"), + #build("ghost"), + #buildDockerFolder( + # "Dockerfile.git", + # "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx", + # "$${LOCAL_DOCKER_REGISTRY}letsencrypt-git", + # "letsencrypt-nginx", + # "git", + #), + #buildDockerFolder( + # "Dockerfile.drone", + # "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx", + # "$${LOCAL_DOCKER_REGISTRY}letsencrypt-drone", + # "letsencrypt-nginx", + # "drone", + #), scp(base), pull([ "ghost", diff --git a/gitea/Dockerfile b/gitea/Dockerfile index 4ccf029..1fd559e 100644 --- a/gitea/Dockerfile +++ b/gitea/Dockerfile @@ -1,5 +1,5 @@ FROM gitea/gitea:latest COPY app.ini /init/ -COPY ./templates /init/templates +COPY ./templates /init/templates/ COPY run.sh / CMD ["sh", "/run.sh"] \ No newline at end of file From 5dd9e244266f304ccd8574479fb5d8914f80c4b6 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 21:02:15 +0100 Subject: [PATCH 10/23] . --- drone-starlark/repos/echo.star | 2 +- drone-starlark/repos/stack/drone.star | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/drone-starlark/repos/echo.star b/drone-starlark/repos/echo.star index a8b8e68..d20445a 100644 --- a/drone-starlark/repos/echo.star +++ b/drone-starlark/repos/echo.star @@ -1,7 +1,7 @@ load("@this//:secret-to-environment.star", "secretToEnvironment") def echo(secret): - return 'echo "export {environment}=${environment}" >> ***filename*** # {secret}'.format( + return 'echo "eexport {environment}=${environment}" >> ***filename*** # {secret}'.format( secret = secret, environment = secretToEnvironment(secret), ) diff --git a/drone-starlark/repos/stack/drone.star b/drone-starlark/repos/stack/drone.star index c3bca0c..9769f30 100644 --- a/drone-starlark/repos/stack/drone.star +++ b/drone-starlark/repos/stack/drone.star @@ -32,6 +32,9 @@ def drone( [ wait(15, "wait"), build("drone-starlark"), + pull([ + "drone-starlark", + ]), rescale( "{name}_drone-starlark".format(name=name), 1, @@ -66,7 +69,6 @@ def drone( "ngrok-gitea", "letsencrypt-git", "letsencrypt-drone", - "drone-starlark", "guacamole-postgresql", ]), deploy( From 1455b11a0c694e3cb0db91632d8f5557ab2b22b8 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 21:04:50 +0100 Subject: [PATCH 11/23] . --- drone-starlark/repos/pull.star | 3 ++- drone-starlark/repos/stack/drone.star | 21 +++++++++++++-------- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/drone-starlark/repos/pull.star b/drone-starlark/repos/pull.star index 2b74bdb..c0acd4e 100644 --- a/drone-starlark/repos/pull.star +++ b/drone-starlark/repos/pull.star @@ -4,11 +4,12 @@ load("@this//:environment.star", "environment") load("@this//:export.star", "export") def pull( + name, images, ): secrets = [ "local-docker-registry"] return { - "name": "pull", + "name": name, "image": "appleboy/drone-ssh", "environment": environment(secrets), "settings": { diff --git a/drone-starlark/repos/stack/drone.star b/drone-starlark/repos/stack/drone.star index 9769f30..297e5fd 100644 --- a/drone-starlark/repos/stack/drone.star +++ b/drone-starlark/repos/stack/drone.star @@ -32,7 +32,9 @@ def drone( [ wait(15, "wait"), build("drone-starlark"), - pull([ + pull( + "pull drone", + [ "drone-starlark", ]), rescale( @@ -64,13 +66,16 @@ def drone( # "drone", #), scp(base), - pull([ - "ghost", - "ngrok-gitea", - "letsencrypt-git", - "letsencrypt-drone", - "guacamole-postgresql", - ]), + pull( + "pull images", + [ + "ghost", + "ngrok-gitea", + "letsencrypt-git", + "letsencrypt-drone", + "guacamole-postgresql", + ], + ), deploy( "docker-compose-home.yml", name, From 0ac2a25b881432456da4beaee236d05f34d4e794 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 21:11:46 +0100 Subject: [PATCH 12/23] . --- drone-starlark/repos/echo.star | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drone-starlark/repos/echo.star b/drone-starlark/repos/echo.star index d20445a..7f39e5b 100644 --- a/drone-starlark/repos/echo.star +++ b/drone-starlark/repos/echo.star @@ -1,7 +1,7 @@ load("@this//:secret-to-environment.star", "secretToEnvironment") def echo(secret): - return 'echo "eexport {environment}=${environment}" >> ***filename*** # {secret}'.format( + return 'echo "eeexport {environment}=${environment}" >> ***filename*** # {secret}'.format( secret = secret, environment = secretToEnvironment(secret), ) From ee271c4dfe268f1aac6c5262b9f67da2e3d54f2a Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 21:22:10 +0100 Subject: [PATCH 13/23] . --- drone-starlark/repos/echo.star | 2 +- drone-starlark/repos/stack/drone.star | 11 ++--------- gitea/run.sh | 2 +- 3 files changed, 4 insertions(+), 11 deletions(-) diff --git a/drone-starlark/repos/echo.star b/drone-starlark/repos/echo.star index 7f39e5b..a8b8e68 100644 --- a/drone-starlark/repos/echo.star +++ b/drone-starlark/repos/echo.star @@ -1,7 +1,7 @@ load("@this//:secret-to-environment.star", "secretToEnvironment") def echo(secret): - return 'echo "eeexport {environment}=${environment}" >> ***filename*** # {secret}'.format( + return 'echo "export {environment}=${environment}" >> ***filename*** # {secret}'.format( secret = secret, environment = secretToEnvironment(secret), ) diff --git a/drone-starlark/repos/stack/drone.star b/drone-starlark/repos/stack/drone.star index 297e5fd..de045cb 100644 --- a/drone-starlark/repos/stack/drone.star +++ b/drone-starlark/repos/stack/drone.star @@ -32,15 +32,6 @@ def drone( [ wait(15, "wait"), build("drone-starlark"), - pull( - "pull drone", - [ - "drone-starlark", - ]), - rescale( - "{name}_drone-starlark".format(name=name), - 1, - ), printSecrets( "env-stack", publicSecrets, @@ -69,6 +60,8 @@ def drone( pull( "pull images", [ + "drone-starlark", + "gitea", "ghost", "ngrok-gitea", "letsencrypt-git", diff --git a/gitea/run.sh b/gitea/run.sh index 75c8d30..9f148ea 100644 --- a/gitea/run.sh +++ b/gitea/run.sh @@ -2,7 +2,7 @@ envsubst < /init/app.ini > /data/gitea/conf/app.ini for file in /init/templates do - envsubst < "/init/templates/$file" > "/data/gitea/templates/$file" + envsubst < "$file" > "/data/gitea/templates/$(basename '$file')" done /bin/s6-svscan /etc/s6 From 0cab3b6a9dd8aaed1c7fb7389c9103cbca65e528 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 21:35:31 +0100 Subject: [PATCH 14/23] . --- gitea/run.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gitea/run.sh b/gitea/run.sh index 9f148ea..80d5210 100644 --- a/gitea/run.sh +++ b/gitea/run.sh @@ -2,7 +2,9 @@ envsubst < /init/app.ini > /data/gitea/conf/app.ini for file in /init/templates do - envsubst < "$file" > "/data/gitea/templates/$(basename '$file')" + FILENAME=(basename "$file") + echo $FILENAME + envsubst < "$file" > /data/gitea/templates/$FILENAME done /bin/s6-svscan /etc/s6 From b83939213206015631d3121469c581321e9820e7 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 22:11:46 +0100 Subject: [PATCH 15/23] . --- README.md | 4 ++-- gitea/run.sh | 10 ++++++---- gitea/try.sh | 7 +++++++ 3 files changed, 15 insertions(+), 6 deletions(-) create mode 100644 gitea/try.sh diff --git a/README.md b/README.md index 4df38e2..dd3a67f 100644 --- a/README.md +++ b/README.md @@ -163,8 +163,8 @@ sh make-cert.sh $REGISTRY_DOMAIN registry ### make environment variables ``` -export TITLE=SiGyl Ltd -export DESCRIPTION=Software Development +export TITLE="SiGyl Ltd!" +export DESCRIPTION="Software Development" export CERTBOT_EMAIL=giles.bradshaw@sigyl.com export DRONE_DOMAIN=drone.sigyl.com export DRONE_GITEA_SERVER=https://sigyl.com/git diff --git a/gitea/run.sh b/gitea/run.sh index 80d5210..88fba96 100644 --- a/gitea/run.sh +++ b/gitea/run.sh @@ -1,10 +1,12 @@ envsubst < /init/app.ini > /data/gitea/conf/app.ini - -for file in /init/templates +mkdir /data/gitea/templates +for file in /init/templates/* do - FILENAME=(basename "$file") + FILENAME=$(basename "$file") + echo "$file" echo $FILENAME - envsubst < "$file" > /data/gitea/templates/$FILENAME + envsubst < "$file" > "/data/gitea/templates/$FILENAME" done + /bin/s6-svscan /etc/s6 diff --git a/gitea/try.sh b/gitea/try.sh new file mode 100644 index 0000000..afd6acd --- /dev/null +++ b/gitea/try.sh @@ -0,0 +1,7 @@ +for file in /home/giles/stack/gitea/* +do + FILENAME=$(basename "$file") + echo "$file" + echo $FILENAME + #envsubst < "$file" > /data/gitea/templates/$FILENAME +done From 87c7bb27ad76e238c88a471240b990aa082430de Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 22:28:40 +0100 Subject: [PATCH 16/23] . --- .drone-home.star | 2 +- ghost/Dockerfile | 8 -------- ghost/config.production.json | 33 --------------------------------- ghost/run.sh | 2 -- 4 files changed, 1 insertion(+), 44 deletions(-) delete mode 100644 ghost/Dockerfile delete mode 100644 ghost/config.production.json delete mode 100644 ghost/run.sh diff --git a/.drone-home.star b/.drone-home.star index 8b6de3a..1db4636 100644 --- a/.drone-home.star +++ b/.drone-home.star @@ -6,7 +6,7 @@ load("@this//stack:stack-root.star", "stackRoot") def main(ctx): return drone( ctx, - "home-deploy", + "stack-deploy", stackRoot, stackName, [ diff --git a/ghost/Dockerfile b/ghost/Dockerfile deleted file mode 100644 index 816d659..0000000 --- a/ghost/Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -FROM ghost -# USER root -RUN apt-get update -RUN apt-get install -y gettext - -COPY config.production.json /var/lib/ghost/ -COPY run.sh / -CMD ["sh", "/run.sh"] diff --git a/ghost/config.production.json b/ghost/config.production.json deleted file mode 100644 index efcba1f..0000000 --- a/ghost/config.production.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "url": "https://${GIT_DOMAIN}/blog", - "server": { - "port": 2368, - "host": "0.0.0.0" - }, - "database": { - "client": "sqlite3", - "connection": { - "filename": "/var/lib/ghost/content/data/ghost.db" - } - }, - "mail": { - "transport": "SMTP", - "options": { - "service": "${GHOST_MAIL_SERVICE}", - "auth": { - "user": "${GHOST_MAIL_USER}", - "pass": "${GHOST_MAIL_PASSWORD}" - } - } - }, - "logging": { - "transports": [ - "file", - "stdout" - ] - }, - "process": "systemd", - "paths": { - "contentPath": "/var/lib/ghost/content" - } -} diff --git a/ghost/run.sh b/ghost/run.sh deleted file mode 100644 index fa26089..0000000 --- a/ghost/run.sh +++ /dev/null @@ -1,2 +0,0 @@ -envsubst < /var/lib/ghost/config.production.json > __tmp && mv __tmp /var/lib/ghost/config.production.json -node "current/index.js" \ No newline at end of file From c0675db694cc90f9ee34e6b0b0e98d37431c906d Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 30 Apr 2020 22:32:20 +0100 Subject: [PATCH 17/23] . --- .drone-home.star | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone-home.star b/.drone-home.star index 1db4636..8b6de3a 100644 --- a/.drone-home.star +++ b/.drone-home.star @@ -6,7 +6,7 @@ load("@this//stack:stack-root.star", "stackRoot") def main(ctx): return drone( ctx, - "stack-deploy", + "home-deploy", stackRoot, stackName, [ From 876633550551ff1b0f9272619f45a20496b1dd39 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Fri, 1 May 2020 00:00:23 +0100 Subject: [PATCH 19/23] . --- README.md | 2 ++ drone-starlark/repos/stack/drone.star | 36 +++++++++++++-------------- 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index dd3a67f..1d25041 100644 --- a/README.md +++ b/README.md @@ -160,6 +160,8 @@ sh ca.sh $REGISTRY_DOMAIN:5003 sh make-cert.sh $REGISTRY_DOMAIN registry ``` +copy the directory .ca/$REGISTRY_DOMAIN:5003 to /etc/docker/certs.d + ### make environment variables ``` diff --git a/drone-starlark/repos/stack/drone.star b/drone-starlark/repos/stack/drone.star index de045cb..1a93e1f 100644 --- a/drone-starlark/repos/stack/drone.star +++ b/drone-starlark/repos/stack/drone.star @@ -38,24 +38,24 @@ def drone( secretSecrets, ), build("gitea"), - #build("guacamole-postgresql"), - #build("ngrok-gitea"), - #build("letsencrypt-nginx"), - #build("ghost"), - #buildDockerFolder( - # "Dockerfile.git", - # "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx", - # "$${LOCAL_DOCKER_REGISTRY}letsencrypt-git", - # "letsencrypt-nginx", - # "git", - #), - #buildDockerFolder( - # "Dockerfile.drone", - # "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx", - # "$${LOCAL_DOCKER_REGISTRY}letsencrypt-drone", - # "letsencrypt-nginx", - # "drone", - #), + build("guacamole-postgresql"), + build("ngrok-gitea"), + build("letsencrypt-nginx"), + build("ghost"), + buildDockerFolder( + "Dockerfile.git", + "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx", + "$${LOCAL_DOCKER_REGISTRY}letsencrypt-git", + "letsencrypt-nginx", + "git", + ), + buildDockerFolder( + "Dockerfile.drone", + "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx", + "$${LOCAL_DOCKER_REGISTRY}letsencrypt-drone", + "letsencrypt-nginx", + "drone", + ), scp(base), pull( "pull images", From f3dd17c1d3b436222a059a772b8695ba9c7fe1e4 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Fri, 1 May 2020 00:24:13 +0100 Subject: [PATCH 20/23] . --- ghost/Dockerfile | 8 ++++++++ ghost/config.production.json | 33 +++++++++++++++++++++++++++++++++ ghost/run.sh | 2 ++ 3 files changed, 43 insertions(+) create mode 100644 ghost/Dockerfile create mode 100644 ghost/config.production.json create mode 100644 ghost/run.sh diff --git a/ghost/Dockerfile b/ghost/Dockerfile new file mode 100644 index 0000000..816d659 --- /dev/null +++ b/ghost/Dockerfile @@ -0,0 +1,8 @@ +FROM ghost +# USER root +RUN apt-get update +RUN apt-get install -y gettext + +COPY config.production.json /var/lib/ghost/ +COPY run.sh / +CMD ["sh", "/run.sh"] diff --git a/ghost/config.production.json b/ghost/config.production.json new file mode 100644 index 0000000..efcba1f --- /dev/null +++ b/ghost/config.production.json @@ -0,0 +1,33 @@ +{ + "url": "https://${GIT_DOMAIN}/blog", + "server": { + "port": 2368, + "host": "0.0.0.0" + }, + "database": { + "client": "sqlite3", + "connection": { + "filename": "/var/lib/ghost/content/data/ghost.db" + } + }, + "mail": { + "transport": "SMTP", + "options": { + "service": "${GHOST_MAIL_SERVICE}", + "auth": { + "user": "${GHOST_MAIL_USER}", + "pass": "${GHOST_MAIL_PASSWORD}" + } + } + }, + "logging": { + "transports": [ + "file", + "stdout" + ] + }, + "process": "systemd", + "paths": { + "contentPath": "/var/lib/ghost/content" + } +} diff --git a/ghost/run.sh b/ghost/run.sh new file mode 100644 index 0000000..c9016c5 --- /dev/null +++ b/ghost/run.sh @@ -0,0 +1,2 @@ +envsubst < /var/lib/ghost/config.production.json > __tmp && mv __tmp /var/lib/ghost/config.production.json +node "current/index.js" From 88e2139d33cc78d15771b13a54528083b0096990 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Fri, 1 May 2020 00:38:50 +0100 Subject: [PATCH 21/23] . --- docker-compose-home.yml | 2 +- ghost/Dockerfile | 2 +- gitea/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-compose-home.yml b/docker-compose-home.yml index f580932..5b405ad 100644 --- a/docker-compose-home.yml +++ b/docker-compose-home.yml @@ -115,7 +115,7 @@ services: replicas: 1 restart_policy: condition: any - image: drone/drone:latest + image: drone/drone:1.7.0 volumes: - drone:/var/lib/drone - drone-data:/data diff --git a/ghost/Dockerfile b/ghost/Dockerfile index 816d659..1a34faa 100644 --- a/ghost/Dockerfile +++ b/ghost/Dockerfile @@ -1,4 +1,4 @@ -FROM ghost +FROM ghost:3.14.0-alpine # USER root RUN apt-get update RUN apt-get install -y gettext diff --git a/gitea/Dockerfile b/gitea/Dockerfile index 1fd559e..dd3e334 100644 --- a/gitea/Dockerfile +++ b/gitea/Dockerfile @@ -1,4 +1,4 @@ -FROM gitea/gitea:latest +FROM gitea/gitea:1.11.4-linux-amd64 COPY app.ini /init/ COPY ./templates /init/templates/ COPY run.sh / From 1b68f938810b5f86ea544c067d2f58271687ce82 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Fri, 1 May 2020 00:47:07 +0100 Subject: [PATCH 22/23] . --- drone-starlark/Dockerfile | 2 +- ghost/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drone-starlark/Dockerfile b/drone-starlark/Dockerfile index 53c6e9d..3e12146 100644 --- a/drone-starlark/Dockerfile +++ b/drone-starlark/Dockerfile @@ -1,4 +1,4 @@ -FROM drone/drone-convert-starlark +FROM drone/drone-convert-starlark:1.1.0-beta.1 COPY repos /repos COPY run.sh / USER root diff --git a/ghost/Dockerfile b/ghost/Dockerfile index 1a34faa..996cf86 100644 --- a/ghost/Dockerfile +++ b/ghost/Dockerfile @@ -1,4 +1,4 @@ -FROM ghost:3.14.0-alpine +FROM ghost:3.14.0 # USER root RUN apt-get update RUN apt-get install -y gettext From 94e0d208b2c416edff4c90644656bb94b3e7b096 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Fri, 1 May 2020 00:55:19 +0100 Subject: [PATCH 23/23] . --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 1d25041..15097c2 100644 --- a/README.md +++ b/README.md @@ -162,6 +162,11 @@ sh make-cert.sh $REGISTRY_DOMAIN registry copy the directory .ca/$REGISTRY_DOMAIN:5003 to /etc/docker/certs.d +``` +sudo mkdir -p /etc/docker/certs.d/ +sudo cp -r .ca/$REGISTRY_DOMAIN:5003 /etc/docker/certs.d/ +``` + ### make environment variables ```