You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Mageas
73d3374e40
|
5 months ago | |
|---|---|---|
| .env | 5 months ago | |
| README.org | 5 months ago | |
| docker-compose.yml | 5 months ago | |
| nginx.conf | 6 months ago | |
README.org
Gitea
Nginx Setup
Docker Setup
Informations
| User | Username |
|---|---|
| Host | gitea |
| Docker | git |
Key & Token
Generate new secrets/tokens.
sed -i -e 's/gitea_secret_key/'"$(docker run -it --rm gitea/gitea:1 gitea generate secret SECRET_KEY)"'/g' docker-compose.yml
sed -i -e 's/gitea_internal_token/'"$(docker run -it --rm gitea/gitea:1 gitea generate secret INTERNAL_TOKEN)"'/g' docker-compose.ymlSSH Container Passthrough
Generate the SSH key pars.
sudo -u gitea ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"Configure the SSH folder.
sudo -u gitea cat /home/gitea/.ssh/id_rsa.pub | sudo -u gitea tee -a /home/gitea/.ssh/authorized_keys
sudo chmod 600 /home/gitea/.ssh/authorized_keysScript for SSH passthrough
cat <<"EOF" | sudo tee /usr/local/bin/gitea
#!/bin/sh
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
EOF
sudo chmod +x /usr/local/bin/giteaDocker Backup
Dump
docker exec -u git -it -w /tmp $(docker ps -qf 'name=^gitea$') bash -c '/usr/local/bin/gitea dump -c /data/gitea/conf/app.ini'Share
Create the shared directory.
mkdir /home/gitea-sharedAdd the shared group.
addgroup gitea-sharedUpdate the permissions of the shared directory for the group.
chown :gitea-shared /home/gitea-sharedAdd the users to the shared group (Duplicate this for the other user).
usermod -aG gitea-shared giteaUpdate the permissions of the shared directory
chmod 1770 /home/gitea-sharedSharing the Dump
Update the permission of the file
chown :gitea-shared /path/to/your/dumps.zipMove the file to your shared directory
cp /home/gitea/gitea/dumps/* /home/gitea-sharedScript
Automation for the Dumping, encrypt the dumped file with gpg, then move the encrypted file to the shared directory.
#!/bin/bash
GPG_EMAILS=(
"example1@mail.net"
"example2@mail.net"
)
DUMPS_DIR="/home/gitea/gitea/dumps"
SHARE_DIR="/home/gitea-shared"
BACKUP_DURATION_IN_DAYS=28
find ${SHARE_DIR} -type f -mtime +${BACKUP_DURATION_IN_DAYS} -delete
echo "[$(date '+%Y-%m-%d %H:%M')] Dumping Gitea.."
docker exec -u git -it -w /tmp $(docker ps -qf 'name=^gitea$') bash -c '/usr/local/bin/gitea dump -c /data/gitea/conf/app.ini' &>/dev/null || exit 1
for file in "${DUMPS_DIR}"/*; do
file="${file##*/}"
for email in "${GPG_EMAILS[@]}"; do
echo "[$(date '+%Y-%m-%d %H:%M')] Encrypting '${file}' for ${email}"
gpg -r ${email} -o "${SHARE_DIR}/${email}:${file}.gpg" -e "${DUMPS_DIR}/${file}" || exit 1
chown :gitea-shared "${SHARE_DIR}/${email}:${file}.gpg" || exit 1
done
rm -r "${DUMPS_DIR}/${file}" || exit 1
done
echo "[$(date '+%Y-%m-%d %H:%M')] Backup completed"Security (fail2ban)
Add /etc/fail2ban/jail.local:
[gitea]
enabled = true
port = 80,443
filter = gitea
action = iptables-allports[chain="FORWARD"]
logpath = /var/lib/docker/volumes/gitea_gitea/_data/gitea/log/gitea.log
maxretry = 6
bantime = 30m
findtime = 10mCreate /etc/fail2ban/filter.d/gitea.local:
[INCLUDES]
before = common.conf
[Definition]
failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
ignoreregex =