# # Cookbook:: esh_forgejo # Recipe:: service # # Copyright:: 2022, https://easyself.host # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. remote_file '/usr/local/bin/forgejo' do source node['esh']['forgejo']['service']['binary'] owner 'root' group 'root' mode '0755' action :create end apt_package 'gpg' execute 'add forgejo gpg key' do command 'gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710' not_if 'gpg --list-keys EB114F5E6C0DC2BCDD183550A4B61A2DC5923710' action :run end remote_file '/tmp/forgejo.asc' do source node['esh']['forgejo']['service']['asc'] owner 'root' group 'root' mode '0444' action :create end execute 'check if valid gpg signature' do command 'gpg --verify /tmp/forgejo.asc /usr/local/bin/forgejo' action :run end systemd_unit 'forgejo.service' do content <<~EOU [Unit] Description=Forgejo After=syslog.target After=network.target ### # Don't forget to add the database service dependencies ### # #Wants=mysql.service #After=mysql.service # Wants=mariadb.service After=mariadb.service # #Wants=postgresql.service #After=postgresql.service # #Wants=memcached.service #After=memcached.service # Wants=redis.service After=redis.service # ### # If using socket activation for main http/s ### # #After=gitea.main.socket #Requires=gitea.main.socket # ### # (You can also provide gitea an http fallback and/or ssh socket too) # # An example of /etc/systemd/system/gitea.main.socket ### ## ## [Unit] ## Description=Gitea Web Socket ## PartOf=gitea.service ## ## [Socket] ## Service=gitea.service ## ListenStream= ## NoDelay=true ## ## [Install] ## WantedBy=sockets.target ## ### [Service] # Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that # LimitNOFILE=524288:524288 RestartSec=2s Type=simple User=git Group=git WorkingDirectory=/var/lib/gitea # If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file # (manually creating /run/gitea doesn't work, because it would not persist across reboots) #RuntimeDirectory=gitea ExecStart=/usr/local/bin/forgejo web --config /etc/forgejo/app.ini Restart=always Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea # If you install Git to directory prefix other than default PATH (which happens # for example if you install other versions of Git side-to-side with # distribution version), uncomment below line and add that prefix to PATH # Don't forget to place git-lfs binary on the PATH below if you want to enable # Git LFS support #Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin # If you want to bind Gitea to a port below 1024, uncomment # the two values below, or use socket activation to pass Gitea its ports as above ### #CapabilityBoundingSet=CAP_NET_BIND_SERVICE #AmbientCapabilities=CAP_NET_BIND_SERVICE ### # In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to # set the following value to false to allow capabilities to be applied on gitea process. The following # value if set to true sandboxes gitea service and prevent any processes from running with privileges # in the host user namespace. ### #PrivateUsers=false ### [Install] WantedBy=multi-user.target EOU action [:create, :enable, :start] end if node['esh']['forgejo']['service']['load_config'] file '/etc/forgejo/app.ini' do content node['esh']['forgejo']['service']['config'] owner 'git' group 'git' mode '0600' notifies :restart, 'service[forgejo]', :immediately action :create end end service 'forgejo' do subscribes :restart, 'remote_file[/usr/local/bin/forgejo]', :delayed action :nothing end