From dd136858f1ea40ad3c94191d647487fa4f31926c Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 18 Oct 2024 20:33:49 +0200 Subject: Adding upstream version 9.0.0. Signed-off-by: Daniel Baumann --- docker/README.md | 7 +++ docker/manifest.rootless.tmpl | 24 ++++++++ docker/manifest.tmpl | 24 ++++++++ docker/root/etc/nsswitch.conf | 15 +++++ docker/root/etc/s6/.s6-svscan/finish | 2 + docker/root/etc/s6/gitea/finish | 2 + docker/root/etc/s6/gitea/run | 6 ++ docker/root/etc/s6/gitea/setup | 66 ++++++++++++++++++++++ docker/root/etc/s6/openssh/finish | 2 + docker/root/etc/s6/openssh/run | 6 ++ docker/root/etc/s6/openssh/setup | 51 +++++++++++++++++ docker/root/etc/templates/app.ini | 62 ++++++++++++++++++++ docker/root/etc/templates/sshd_config | 43 ++++++++++++++ docker/root/usr/bin/entrypoint | 41 ++++++++++++++ docker/root/usr/local/bin/gitea | 15 +++++ docker/rootless/etc/templates/app.ini | 59 +++++++++++++++++++ docker/rootless/usr/local/bin/docker-entrypoint.sh | 22 ++++++++ docker/rootless/usr/local/bin/docker-setup.sh | 63 +++++++++++++++++++++ docker/rootless/usr/local/bin/gitea | 40 +++++++++++++ 19 files changed, 550 insertions(+) create mode 100644 docker/README.md create mode 100644 docker/manifest.rootless.tmpl create mode 100644 docker/manifest.tmpl create mode 100644 docker/root/etc/nsswitch.conf create mode 100755 docker/root/etc/s6/.s6-svscan/finish create mode 100755 docker/root/etc/s6/gitea/finish create mode 100755 docker/root/etc/s6/gitea/run create mode 100755 docker/root/etc/s6/gitea/setup create mode 100755 docker/root/etc/s6/openssh/finish create mode 100755 docker/root/etc/s6/openssh/run create mode 100755 docker/root/etc/s6/openssh/setup create mode 100644 docker/root/etc/templates/app.ini create mode 100644 docker/root/etc/templates/sshd_config create mode 100755 docker/root/usr/bin/entrypoint create mode 100644 docker/root/usr/local/bin/gitea create mode 100644 docker/rootless/etc/templates/app.ini create mode 100755 docker/rootless/usr/local/bin/docker-entrypoint.sh create mode 100755 docker/rootless/usr/local/bin/docker-setup.sh create mode 100644 docker/rootless/usr/local/bin/gitea (limited to 'docker') diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 0000000..709623e --- /dev/null +++ b/docker/README.md @@ -0,0 +1,7 @@ +# Forgejo - Docker + +The Dockerfile can be found in the root of repository. [Dockerfile](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/Dockerfile) & [Dockerfile.rootless](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/Dockerfile.rootless). + +The Docker image can be found on [Codeberg](https://codeberg.org/forgejo/-/packages/container/forgejo/). + +Documentation on how you can use the docker image can be found on the [Forgejo documentation website](https://forgejo.org/docs/latest/admin/installation/#installation-with-docker). diff --git a/docker/manifest.rootless.tmpl b/docker/manifest.rootless.tmpl new file mode 100644 index 0000000..1ebf5b7 --- /dev/null +++ b/docker/manifest.rootless.tmpl @@ -0,0 +1,24 @@ +image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-rootless +{{#if build.tags}} +{{#unless (contains "-rc" build.tag)}} +{{#unless (contains "-dev" build.tag)}} +tags: +{{#each build.tags}} + - {{this}}-rootless +{{/each}} + - "latest-rootless" +{{/unless}} +{{/unless}} +{{/if}} +manifests: + - + image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-linux-amd64-rootless + platform: + architecture: amd64 + os: linux + - + image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-linux-arm64-rootless + platform: + architecture: arm64 + os: linux + variant: v8 diff --git a/docker/manifest.tmpl b/docker/manifest.tmpl new file mode 100644 index 0000000..08ccf61 --- /dev/null +++ b/docker/manifest.tmpl @@ -0,0 +1,24 @@ +image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}} +{{#if build.tags}} +{{#unless (contains "-rc" build.tag)}} +{{#unless (contains "-dev" build.tag)}} +tags: +{{#each build.tags}} + - {{this}} +{{/each}} + - "latest" +{{/unless}} +{{/unless}} +{{/if}} +manifests: + - + image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-linux-amd64 + platform: + architecture: amd64 + os: linux + - + image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-linux-arm64 + platform: + architecture: arm64 + os: linux + variant: v8 diff --git a/docker/root/etc/nsswitch.conf b/docker/root/etc/nsswitch.conf new file mode 100644 index 0000000..25fad99 --- /dev/null +++ b/docker/root/etc/nsswitch.conf @@ -0,0 +1,15 @@ +# /etc/nsswitch.conf + +passwd: compat +group: compat +shadow: compat + +hosts: files dns +networks: files + +protocols: db files +services: db files +ethers: db files +rpc: db files + +netgroup: nis diff --git a/docker/root/etc/s6/.s6-svscan/finish b/docker/root/etc/s6/.s6-svscan/finish new file mode 100755 index 0000000..06bd986 --- /dev/null +++ b/docker/root/etc/s6/.s6-svscan/finish @@ -0,0 +1,2 @@ +#!/bin/bash +exit 0 diff --git a/docker/root/etc/s6/gitea/finish b/docker/root/etc/s6/gitea/finish new file mode 100755 index 0000000..5d44f41 --- /dev/null +++ b/docker/root/etc/s6/gitea/finish @@ -0,0 +1,2 @@ +#!/bin/bash +s6-svscanctl -t /etc/s6/ diff --git a/docker/root/etc/s6/gitea/run b/docker/root/etc/s6/gitea/run new file mode 100755 index 0000000..7b85835 --- /dev/null +++ b/docker/root/etc/s6/gitea/run @@ -0,0 +1,6 @@ +#!/bin/bash +[[ -f ./setup ]] && source ./setup + +pushd /app/gitea >/dev/null +exec su-exec $USER /usr/local/bin/gitea web +popd diff --git a/docker/root/etc/s6/gitea/setup b/docker/root/etc/s6/gitea/setup new file mode 100755 index 0000000..f8d7627 --- /dev/null +++ b/docker/root/etc/s6/gitea/setup @@ -0,0 +1,66 @@ +#!/bin/bash + +if [ ! -d /data/git/.ssh ]; then + mkdir -p /data/git/.ssh +fi + +# Set the correct permissions on the .ssh directory and authorized_keys file, +# or sshd will refuse to use them and lead to clone/push/pull failures. +# It could happen when users have copied their data to a new volume and changed the file permission by accident, +# and it would be very hard to troubleshoot unless users know how to check the logs of sshd which is started by s6. +chmod 700 /data/git/.ssh +if [ -f /data/git/.ssh/authorized_keys ]; then + chmod 600 /data/git/.ssh/authorized_keys +fi + +if [ ! -f /data/git/.ssh/environment ]; then + echo "GITEA_CUSTOM=$GITEA_CUSTOM" >| /data/git/.ssh/environment + chmod 600 /data/git/.ssh/environment + +elif ! grep -q "^GITEA_CUSTOM=$GITEA_CUSTOM$" /data/git/.ssh/environment; then + sed -i /^GITEA_CUSTOM=/d /data/git/.ssh/environment + echo "GITEA_CUSTOM=$GITEA_CUSTOM" >> /data/git/.ssh/environment +fi + +if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then + mkdir -p ${GITEA_CUSTOM}/conf + + # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and + # INSTALL_LOCK is empty + if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then + INSTALL_LOCK=true + fi + + # Substitute the environment variables in the template + APP_NAME=${APP_NAME:-"Forgejo: Beyond coding. We forge."} \ + RUN_MODE=${RUN_MODE:-"prod"} \ + DOMAIN=${DOMAIN:-"localhost"} \ + SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \ + HTTP_PORT=${HTTP_PORT:-"3000"} \ + ROOT_URL=${ROOT_URL:-""} \ + DISABLE_SSH=${DISABLE_SSH:-"false"} \ + SSH_PORT=${SSH_PORT:-"22"} \ + SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \ + LFS_START_SERVER=${LFS_START_SERVER:-"false"} \ + DB_TYPE=${DB_TYPE:-"sqlite3"} \ + DB_HOST=${DB_HOST:-"localhost:3306"} \ + DB_NAME=${DB_NAME:-"gitea"} \ + DB_USER=${DB_USER:-"root"} \ + DB_PASSWD=${DB_PASSWD:-""} \ + INSTALL_LOCK=${INSTALL_LOCK:-"false"} \ + DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \ + REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \ + SECRET_KEY=${SECRET_KEY:-""} \ + envsubst < /etc/templates/app.ini > ${GITEA_CUSTOM}/conf/app.ini + + chown ${USER}:git ${GITEA_CUSTOM}/conf/app.ini +fi + +# Replace app.ini settings with env variables in the form GITEA__SECTION_NAME__KEY_NAME +environment-to-ini --config ${GITEA_CUSTOM}/conf/app.ini + +# only chown if current owner is not already the gitea ${USER}. No recursive check to save time +if ! [[ $(ls -ld /data/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/gitea; fi +if ! [[ $(ls -ld /app/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /app/gitea; fi +if ! [[ $(ls -ld /data/git | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/git; fi +chmod 0755 /data/gitea /app/gitea /data/git diff --git a/docker/root/etc/s6/openssh/finish b/docker/root/etc/s6/openssh/finish new file mode 100755 index 0000000..06bd986 --- /dev/null +++ b/docker/root/etc/s6/openssh/finish @@ -0,0 +1,2 @@ +#!/bin/bash +exit 0 diff --git a/docker/root/etc/s6/openssh/run b/docker/root/etc/s6/openssh/run new file mode 100755 index 0000000..a40b5b1 --- /dev/null +++ b/docker/root/etc/s6/openssh/run @@ -0,0 +1,6 @@ +#!/bin/bash +[[ -f ./setup ]] && source ./setup + +pushd /root >/dev/null +exec su-exec root /usr/sbin/sshd -D -e 2>&1 +popd diff --git a/docker/root/etc/s6/openssh/setup b/docker/root/etc/s6/openssh/setup new file mode 100755 index 0000000..dbb3baf --- /dev/null +++ b/docker/root/etc/s6/openssh/setup @@ -0,0 +1,51 @@ +#!/bin/bash + +if [ ! -d /data/ssh ]; then + mkdir -p /data/ssh +fi + +if [ ! -f /data/ssh/ssh_host_ed25519_key ]; then + echo "Generating /data/ssh/ssh_host_ed25519_key..." + ssh-keygen -t ed25519 -f /data/ssh/ssh_host_ed25519_key -N "" > /dev/null +fi + +if [ ! -f /data/ssh/ssh_host_rsa_key ]; then + echo "Generating /data/ssh/ssh_host_rsa_key..." + ssh-keygen -t rsa -b 3072 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null +fi + +if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then + echo "Generating /data/ssh/ssh_host_ecdsa_key..." + ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null +fi + +if [ -e /data/ssh/ssh_host_ed25519_cert ]; then + SSH_ED25519_CERT=${SSH_ED25519_CERT:-"/data/ssh/ssh_host_ed25519_cert"} +fi + +if [ -e /data/ssh/ssh_host_rsa_cert ]; then + SSH_RSA_CERT=${SSH_RSA_CERT:-"/data/ssh/ssh_host_rsa_cert"} +fi + +if [ -e /data/ssh/ssh_host_ecdsa_cert ]; then + SSH_ECDSA_CERT=${SSH_ECDSA_CERT:-"/data/ssh/ssh_host_ecdsa_cert"} +fi + +if [ -d /etc/ssh ]; then + SSH_PORT=${SSH_PORT:-"22"} \ + SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \ + SSH_ED25519_CERT="${SSH_ED25519_CERT:+"HostCertificate "}${SSH_ED25519_CERT}" \ + SSH_RSA_CERT="${SSH_RSA_CERT:+"HostCertificate "}${SSH_RSA_CERT}" \ + SSH_ECDSA_CERT="${SSH_ECDSA_CERT:+"HostCertificate "}${SSH_ECDSA_CERT}" \ + SSH_MAX_STARTUPS="${SSH_MAX_STARTUPS:+"MaxStartups "}${SSH_MAX_STARTUPS}" \ + SSH_MAX_SESSIONS="${SSH_MAX_SESSIONS:+"MaxSessions "}${SSH_MAX_SESSIONS}" \ + SSH_INCLUDE_FILE="${SSH_INCLUDE_FILE:+"Include "}${SSH_INCLUDE_FILE}" \ + SSH_LOG_LEVEL=${SSH_LOG_LEVEL:-"INFO"} \ + envsubst < /etc/templates/sshd_config > /etc/ssh/sshd_config + + chmod 0644 /etc/ssh/sshd_config +fi + +chown root:root /data/ssh/* +chmod 0700 /data/ssh +chmod 0600 /data/ssh/* diff --git a/docker/root/etc/templates/app.ini b/docker/root/etc/templates/app.ini new file mode 100644 index 0000000..01fb407 --- /dev/null +++ b/docker/root/etc/templates/app.ini @@ -0,0 +1,62 @@ +APP_NAME = $APP_NAME +RUN_MODE = $RUN_MODE + +[repository] +ROOT = /data/git/repositories + +[repository.local] +LOCAL_COPY_PATH = /data/gitea/tmp/local-repo + +[repository.upload] +TEMP_PATH = /data/gitea/uploads + +[server] +APP_DATA_PATH = /data/gitea +DOMAIN = $DOMAIN +SSH_DOMAIN = $SSH_DOMAIN +HTTP_PORT = $HTTP_PORT +ROOT_URL = $ROOT_URL +DISABLE_SSH = $DISABLE_SSH +SSH_PORT = $SSH_PORT +SSH_LISTEN_PORT = $SSH_LISTEN_PORT +LFS_START_SERVER = $LFS_START_SERVER + +[database] +PATH = /data/gitea/gitea.db +DB_TYPE = $DB_TYPE +HOST = $DB_HOST +NAME = $DB_NAME +USER = $DB_USER +PASSWD = $DB_PASSWD +LOG_SQL = false + +[indexer] +ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve + +[session] +PROVIDER_CONFIG = /data/gitea/sessions + +[picture] +AVATAR_UPLOAD_PATH = /data/gitea/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars + +[attachment] +PATH = /data/gitea/attachments + +[log] +MODE = console +LEVEL = info +ROOT_PATH = /data/gitea/log + +[security] +INSTALL_LOCK = $INSTALL_LOCK +SECRET_KEY = $SECRET_KEY +REVERSE_PROXY_LIMIT = 1 +REVERSE_PROXY_TRUSTED_PROXIES = * + +[service] +DISABLE_REGISTRATION = $DISABLE_REGISTRATION +REQUIRE_SIGNIN_VIEW = $REQUIRE_SIGNIN_VIEW + +[lfs] +PATH = /data/git/lfs diff --git a/docker/root/etc/templates/sshd_config b/docker/root/etc/templates/sshd_config new file mode 100644 index 0000000..033c434 --- /dev/null +++ b/docker/root/etc/templates/sshd_config @@ -0,0 +1,43 @@ +Port ${SSH_LISTEN_PORT} +Protocol 2 + +AddressFamily any +ListenAddress 0.0.0.0 +ListenAddress :: + +${SSH_MAX_STARTUPS} +${SSH_MAX_SESSIONS} + +LogLevel ${SSH_LOG_LEVEL} + +HostKey /data/ssh/ssh_host_ed25519_key +${SSH_ED25519_CERT} +HostKey /data/ssh/ssh_host_rsa_key +${SSH_RSA_CERT} +HostKey /data/ssh/ssh_host_ecdsa_key +${SSH_ECDSA_CERT} + +AuthorizedKeysFile .ssh/authorized_keys +AuthorizedPrincipalsFile .ssh/authorized_principals +TrustedUserCAKeys /data/git/.ssh/gitea-trusted-user-ca-keys.pem +CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa + +UseDNS no +AllowAgentForwarding no +AllowTcpForwarding no +PrintMotd no + +PermitUserEnvironment yes +PermitRootLogin no +ChallengeResponseAuthentication no +PasswordAuthentication no +PermitEmptyPasswords no + +AllowUsers ${USER} + +Banner none +Subsystem sftp /usr/lib/ssh/sftp-server + +AcceptEnv GIT_PROTOCOL + +${SSH_INCLUDE_FILE} diff --git a/docker/root/usr/bin/entrypoint b/docker/root/usr/bin/entrypoint new file mode 100755 index 0000000..d9dbb3e --- /dev/null +++ b/docker/root/usr/bin/entrypoint @@ -0,0 +1,41 @@ +#!/bin/sh + +# Protect against buggy runc in docker <20.10.6 causing problems in with Alpine >= 3.14 +if [ ! -x /bin/sh ]; then + echo "Executable test for /bin/sh failed. Your Docker version is too old to run Alpine 3.14+ and Gitea. You must upgrade Docker."; + exit 1; +fi + +if [ "${USER}" != "git" ]; then + # Rename user + sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd +fi + +if [ -z "${USER_GID}" ]; then + USER_GID="`id -g ${USER}`" +fi + +if [ -z "${USER_UID}" ]; then + USER_UID="`id -u ${USER}`" +fi + +# Change GID for USER? +if [ -n "${USER_GID}" ] && [ "${USER_GID}" != "`id -g ${USER}`" ]; then + sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/" /etc/group + sed -i -e "s/^${USER}:\([^:]*\):\([0-9]*\):[0-9]*/${USER}:\1:\2:${USER_GID}/" /etc/passwd +fi + +# Change UID for USER? +if [ -n "${USER_UID}" ] && [ "${USER_UID}" != "`id -u ${USER}`" ]; then + sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:\([0-9]*\)/${USER}:\1:${USER_UID}:\2/" /etc/passwd +fi + +for FOLDER in /data/gitea/conf /data/gitea/log /data/git /data/ssh; do + mkdir -p ${FOLDER} +done + +if [ $# -gt 0 ]; then + exec "$@" +else + exec /bin/s6-svscan /etc/s6 +fi diff --git a/docker/root/usr/local/bin/gitea b/docker/root/usr/local/bin/gitea new file mode 100644 index 0000000..3f78d65 --- /dev/null +++ b/docker/root/usr/local/bin/gitea @@ -0,0 +1,15 @@ +#!/bin/bash + +############################################################### +# This script sets defaults for gitea to run in the container # +############################################################### + +# It assumes that you place this script as gitea in /usr/local/bin +# +# And place the original in /usr/lib/gitea with working files in /data/gitea +GITEA="/app/gitea/gitea" +WORK_DIR="/data/gitea" +CUSTOM_PATH="/data/gitea" + +# Provide docker defaults +GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" GITEA_CUSTOM="${GITEA_CUSTOM:-$CUSTOM_PATH}" exec -a "$0" "$GITEA" $CONF_ARG "$@" diff --git a/docker/rootless/etc/templates/app.ini b/docker/rootless/etc/templates/app.ini new file mode 100644 index 0000000..0057635 --- /dev/null +++ b/docker/rootless/etc/templates/app.ini @@ -0,0 +1,59 @@ +APP_NAME = $APP_NAME +RUN_USER = $RUN_USER +RUN_MODE = $RUN_MODE + +[repository] +ROOT = $GITEA_WORK_DIR/git/repositories + +[repository.local] +LOCAL_COPY_PATH = $GITEA_TEMP/local-repo + +[repository.upload] +TEMP_PATH = $GITEA_TEMP/uploads + +[server] +APP_DATA_PATH = $GITEA_WORK_DIR +SSH_DOMAIN = $SSH_DOMAIN +HTTP_PORT = $HTTP_PORT +ROOT_URL = $ROOT_URL +DISABLE_SSH = $DISABLE_SSH +; In rootless gitea container only internal ssh server is supported +START_SSH_SERVER = true +SSH_PORT = $SSH_PORT +SSH_LISTEN_PORT = $SSH_LISTEN_PORT +BUILTIN_SSH_SERVER_USER = $RUN_USER +LFS_START_SERVER = $LFS_START_SERVER + +[database] +PATH = $GITEA_WORK_DIR/data/gitea.db +DB_TYPE = $DB_TYPE +HOST = $DB_HOST +NAME = $DB_NAME +USER = $DB_USER +PASSWD = $DB_PASSWD + +[session] +PROVIDER_CONFIG = $GITEA_WORK_DIR/data/sessions + +[picture] +AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/repo-avatars + +[attachment] +PATH = $GITEA_WORK_DIR/data/attachments + +[log] +ROOT_PATH = $GITEA_WORK_DIR/data/log + +[security] +INSTALL_LOCK = $INSTALL_LOCK +SECRET_KEY = $SECRET_KEY +REVERSE_PROXY_LIMIT = 1 +REVERSE_PROXY_TRUSTED_PROXIES = * + +[service] +DISABLE_REGISTRATION = $DISABLE_REGISTRATION +REQUIRE_SIGNIN_VIEW = $REQUIRE_SIGNIN_VIEW + +[lfs] +PATH = $GITEA_WORK_DIR/git/lfs diff --git a/docker/rootless/usr/local/bin/docker-entrypoint.sh b/docker/rootless/usr/local/bin/docker-entrypoint.sh new file mode 100755 index 0000000..e5fa41c --- /dev/null +++ b/docker/rootless/usr/local/bin/docker-entrypoint.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +# Protect against buggy runc in docker <20.10.6 causing problems in with Alpine >= 3.14 +if [ ! -x /bin/sh ]; then + echo "Executable test for /bin/sh failed. Your Docker version is too old to run Alpine 3.14+ and Gitea. You must upgrade Docker."; + exit 1; +fi + +if [ -x /usr/local/bin/docker-setup.sh ]; then + /usr/local/bin/docker-setup.sh || { echo 'docker setup failed' ; exit 1; } +fi + +if [ $# -gt 0 ]; then + exec "$@" +else + # TODO: remove on next major version release + # Honour legacy config file if existing + if [ -f ${GITEA_APP_INI_LEGACY} ]; then + GITEA_APP_INI=${GITEA_APP_INI_LEGACY} + fi + exec /usr/local/bin/gitea -c ${GITEA_APP_INI} web +fi diff --git a/docker/rootless/usr/local/bin/docker-setup.sh b/docker/rootless/usr/local/bin/docker-setup.sh new file mode 100755 index 0000000..09bbeab --- /dev/null +++ b/docker/rootless/usr/local/bin/docker-setup.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +# Prepare git folder +mkdir -p ${HOME} && chmod 0700 ${HOME} +if [ ! -w ${HOME} ]; then echo "${HOME} is not writable"; exit 1; fi + +# Prepare custom folder +mkdir -p ${GITEA_CUSTOM} && chmod 0700 ${GITEA_CUSTOM} + +# Prepare temp folder +mkdir -p ${GITEA_TEMP} && chmod 0700 ${GITEA_TEMP} +if [ ! -w ${GITEA_TEMP} ]; then echo "${GITEA_TEMP} is not writable"; exit 1; fi + +# TODO: remove on next major version release +# Honour legacy config file if existing, but inform the user +if [ -f ${GITEA_APP_INI_LEGACY} ] && [ ${GITEA_APP_INI} != ${GITEA_APP_INI_LEGACY} ]; then + GITEA_APP_INI_DEFAULT=/var/lib/gitea/custom/conf/app.ini + echo -e \ + "\033[33mWARNING\033[0m: detected configuration file in deprecated default path ${GITEA_APP_INI_LEGACY}." \ + "The new default is ${GITEA_APP_INI_DEFAULT}. To remove this warning, choose one of the options:\n" \ + "* Move ${GITEA_APP_INI_LEGACY} to ${GITEA_APP_INI_DEFAULT} (or to \$GITEA_APP_INI if you want to override this variable)\n" \ + "* Explicitly override GITEA_APP_INI=${GITEA_APP_INI_LEGACY} in the container environment" + GITEA_APP_INI=${GITEA_APP_INI_LEGACY} +fi + +#Prepare config file +if [ ! -f ${GITEA_APP_INI} ]; then + + #Prepare config file folder + GITEA_APP_INI_DIR=$(dirname ${GITEA_APP_INI}) + mkdir -p ${GITEA_APP_INI_DIR} && chmod 0700 ${GITEA_APP_INI_DIR} + if [ ! -w ${GITEA_APP_INI_DIR} ]; then echo "${GITEA_APP_INI_DIR} is not writable"; exit 1; fi + + # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and + # INSTALL_LOCK is empty + if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then + INSTALL_LOCK=true + fi + + # Substitute the environment variables in the template + APP_NAME=${APP_NAME:-"Forgejo: Beyond coding. We forge."} \ + RUN_MODE=${RUN_MODE:-"prod"} \ + RUN_USER=${USER:-"git"} \ + SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \ + HTTP_PORT=${HTTP_PORT:-"3000"} \ + ROOT_URL=${ROOT_URL:-""} \ + DISABLE_SSH=${DISABLE_SSH:-"false"} \ + SSH_PORT=${SSH_PORT:-"2222"} \ + SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-$SSH_PORT} \ + DB_TYPE=${DB_TYPE:-"sqlite3"} \ + DB_HOST=${DB_HOST:-"localhost:3306"} \ + DB_NAME=${DB_NAME:-"gitea"} \ + DB_USER=${DB_USER:-"root"} \ + DB_PASSWD=${DB_PASSWD:-""} \ + INSTALL_LOCK=${INSTALL_LOCK:-"false"} \ + DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \ + REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \ + SECRET_KEY=${SECRET_KEY:-""} \ + envsubst < /etc/templates/app.ini > ${GITEA_APP_INI} +fi + +# Replace app.ini settings with env variables in the form GITEA__SECTION_NAME__KEY_NAME +environment-to-ini --config ${GITEA_APP_INI} diff --git a/docker/rootless/usr/local/bin/gitea b/docker/rootless/usr/local/bin/gitea new file mode 100644 index 0000000..9a9a569 --- /dev/null +++ b/docker/rootless/usr/local/bin/gitea @@ -0,0 +1,40 @@ +#!/bin/bash + +############################################################### +# This script sets defaults for gitea to run in the container # +############################################################### + +# It assumes that you place this script as gitea in /usr/local/bin +# +# And place the original in /usr/lib/gitea with working files in /data/gitea +GITEA="/app/gitea/gitea" +WORK_DIR="/var/lib/gitea" +APP_INI="/etc/gitea/app.ini" + +APP_INI_SET="" +for i in "$@"; do + case "$i" in + "-c") + APP_INI_SET=1 + ;; + "-c="*) + APP_INI_SET=1 + ;; + "--config") + APP_INI_SET=1 + ;; + "--config="*) + APP_INI_SET=1 + ;; + *) + ;; + esac +done + +if [ -z "$APP_INI_SET" ]; then + CONF_ARG=("-c" "${GITEA_APP_INI:-$APP_INI}") +fi + + +# Provide docker defaults +GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" exec -a "$0" "$GITEA" "${CONF_ARG[@]}" "$@" -- cgit v1.2.3