Archive abandoned project

esh_forgejo/recipes/default.rb

@@ -0,0 +1,17 @@
+#
+# Cookbook:: esh_forgejo
+# Recipe:: default
+#
+# Copyright:: 2023, https://easyself.host
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.

esh_forgejo/recipes/mariadb.rb

@@ -0,0 +1,36 @@
+#
+# Cookbook:: esh_forgejo
+# Recipe:: system
+#
+# Copyright:: 2022, https://easyself.host
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apt_package 'mariadb-server'
+
+mariadb_server_install 'MariaDB Server install' do
+  version '10.6'
+  setup_repo false
+end
+
+mariadb_user 'git' do
+  password node['esh']['forgejo']['mariadb']['password']
+  database_name 'git'
+  action [:create, :grant]
+end
+
+mariadb_database 'git' do
+  encoding 'utf8mb4'
+  collation 'utf8mb4_unicode_ci'
+  action :create
+end

esh_forgejo/recipes/service.rb

@@ -0,0 +1,154 @@
+#
+# Cookbook:: esh_forgejo
+# Recipe:: service
+#
+# Copyright:: 2022, https://easyself.host
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+remote_file '/usr/local/bin/forgejo' do
+  source node['esh']['forgejo']['service']['binary']
+  owner 'root'
+  group 'root'
+  mode '0755'
+  action :create
+end
+
+apt_package 'gpg'
+
+execute 'add forgejo gpg key' do
+  command 'gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710'
+  not_if 'gpg --list-keys EB114F5E6C0DC2BCDD183550A4B61A2DC5923710'
+  action :run
+end
+
+remote_file '/tmp/forgejo.asc' do
+  source node['esh']['forgejo']['service']['asc']
+  owner 'root'
+  group 'root'
+  mode '0444'
+  action :create
+end
+
+execute 'check if valid gpg signature' do
+  command 'gpg --verify /tmp/forgejo.asc /usr/local/bin/forgejo'
+  action :run
+end
+
+systemd_unit 'forgejo.service' do
+  content <<~EOU
+  [Unit]
+  Description=Forgejo
+  After=syslog.target
+  After=network.target
+  ###
+  # Don't forget to add the database service dependencies
+  ###
+  #
+  #Wants=mysql.service
+  #After=mysql.service
+  #
+  Wants=mariadb.service
+  After=mariadb.service
+  #
+  #Wants=postgresql.service
+  #After=postgresql.service
+  #
+  #Wants=memcached.service
+  #After=memcached.service
+  #
+  Wants=redis.service
+  After=redis.service
+  #
+  ###
+  # If using socket activation for main http/s
+  ###
+  #
+  #After=gitea.main.socket
+  #Requires=gitea.main.socket
+  #
+  ###
+  # (You can also provide gitea an http fallback and/or ssh socket too)
+  #
+  # An example of /etc/systemd/system/gitea.main.socket
+  ###
+  ##
+  ## [Unit]
+  ## Description=Gitea Web Socket
+  ## PartOf=gitea.service
+  ##
+  ## [Socket]
+  ## Service=gitea.service
+  ## ListenStream=<some_port>
+  ## NoDelay=true
+  ##
+  ## [Install]
+  ## WantedBy=sockets.target
+  ##
+  ###
+  
+  [Service]
+  # Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
+  # LimitNOFILE=524288:524288
+  RestartSec=2s
+  Type=simple
+  User=git
+  Group=git
+  WorkingDirectory=/var/lib/gitea
+  # If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
+  # (manually creating /run/gitea doesn't work, because it would not persist across reboots)
+  #RuntimeDirectory=gitea
+  ExecStart=/usr/local/bin/forgejo web --config /etc/forgejo/app.ini
+  Restart=always
+  Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
+  # If you install Git to directory prefix other than default PATH (which happens
+  # for example if you install other versions of Git side-to-side with
+  # distribution version), uncomment below line and add that prefix to PATH
+  # Don't forget to place git-lfs binary on the PATH below if you want to enable
+  # Git LFS support
+  #Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
+  # If you want to bind Gitea to a port below 1024, uncomment
+  # the two values below, or use socket activation to pass Gitea its ports as above
+  ###
+  #CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+  #AmbientCapabilities=CAP_NET_BIND_SERVICE
+  ###
+  # In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
+  # set the following value to false to allow capabilities to be applied on gitea process. The following
+  # value if set to true sandboxes gitea service and prevent any processes from running with privileges
+  # in the host user namespace.
+  ###
+  #PrivateUsers=false
+  ###
+  
+  [Install]
+  WantedBy=multi-user.target
+  EOU
+  action [:create, :enable, :start]
+end
+
+if node['esh']['forgejo']['service']['load_config']
+  file '/etc/forgejo/app.ini' do
+    content node['esh']['forgejo']['service']['config']
+    owner 'git'
+    group 'git'
+    mode '0600'
+    notifies :restart, 'service[forgejo]', :immediately
+    action :create
+  end  
+end
+
+service 'forgejo' do
+  subscribes :restart, 'remote_file[/usr/local/bin/forgejo]', :delayed
+  action :nothing
+end

esh_forgejo/recipes/system.rb

@@ -0,0 +1,48 @@
+#
+# Cookbook:: esh_forgejo
+# Recipe:: system
+#
+# Copyright:: 2022, https://easyself.host
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apt_package %w(git redis-server)
+
+group 'git' do
+  system true
+  action :create
+end
+
+user 'git' do
+  comment 'git system user'
+  gid 'git'
+  home '/home/git'
+  manage_home true
+  shell '/usr/bin/bash'
+  system true
+  action :create
+end
+
+directory '/var/lib/gitea' do
+  owner 'git'
+  group 'git'
+  mode '0750'
+  action :create
+end
+
+directory '/etc/forgejo' do
+  owner 'git'
+  group 'git'
+  mode '0750'
+  action :create
+end