Benoit/esh
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2025-02-14. You can view files and clone it, but cannot push or open issues or pull requests.
esh/esh_forgejo/recipes/service.rb
Benoit 65be894048 Archive abandoned project
2025-02-15 01:05:58 +09:00

154 lines
4.3 KiB
Ruby
Raw Blame History

#
# Cookbook:: esh_forgejo
# Recipe:: service
#
# Copyright:: 2022, https://easyself.host
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
remote_file '/usr/local/bin/forgejo' do
source node['esh']['forgejo']['service']['binary']
owner 'root'
group 'root'
mode '0755'
action :create
end
apt_package 'gpg'
execute 'add forgejo gpg key' do
command 'gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710'
not_if 'gpg --list-keys EB114F5E6C0DC2BCDD183550A4B61A2DC5923710'
action :run
end
remote_file '/tmp/forgejo.asc' do
source node['esh']['forgejo']['service']['asc']
owner 'root'
group 'root'
mode '0444'
action :create
end
execute 'check if valid gpg signature' do
command 'gpg --verify /tmp/forgejo.asc /usr/local/bin/forgejo'
action :run
end
systemd_unit 'forgejo.service' do
content <<~EOU
[Unit]
Description=Forgejo
After=syslog.target
After=network.target
###
# Don't forget to add the database service dependencies
###
#
#Wants=mysql.service
#After=mysql.service
#
Wants=mariadb.service
After=mariadb.service
#
#Wants=postgresql.service
#After=postgresql.service
#
#Wants=memcached.service
#After=memcached.service
#
Wants=redis.service
After=redis.service
#
###
# If using socket activation for main http/s
###
#
#After=gitea.main.socket
#Requires=gitea.main.socket
#
###
# (You can also provide gitea an http fallback and/or ssh socket too)
#
# An example of /etc/systemd/system/gitea.main.socket
###
##
## [Unit]
## Description=Gitea Web Socket
## PartOf=gitea.service
##
## [Socket]
## Service=gitea.service
## ListenStream=<some_port>
## NoDelay=true
##
## [Install]
## WantedBy=sockets.target
##
###
[Service]
# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
# LimitNOFILE=524288:524288
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea
# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
#RuntimeDirectory=gitea
ExecStart=/usr/local/bin/forgejo web --config /etc/forgejo/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
# If you install Git to directory prefix other than default PATH (which happens
# for example if you install other versions of Git side-to-side with
# distribution version), uncomment below line and add that prefix to PATH
# Don't forget to place git-lfs binary on the PATH below if you want to enable
# Git LFS support
#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
# If you want to bind Gitea to a port below 1024, uncomment
# the two values below, or use socket activation to pass Gitea its ports as above
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
###
# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
# set the following value to false to allow capabilities to be applied on gitea process. The following
# value if set to true sandboxes gitea service and prevent any processes from running with privileges
# in the host user namespace.
###
#PrivateUsers=false
###
[Install]
WantedBy=multi-user.target
EOU
action [:create, :enable, :start]
end
if node['esh']['forgejo']['service']['load_config']
file '/etc/forgejo/app.ini' do
content node['esh']['forgejo']['service']['config']
owner 'git'
group 'git'
mode '0600'
notifies :restart, 'service[forgejo]', :immediately
action :create
end
end
service 'forgejo' do
subscribes :restart, 'remote_file[/usr/local/bin/forgejo]', :delayed
action :nothing
end
Reference in a new issue View git blame Copy permalink