vladan/portable-services
vladan/portable-services
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Gitea

Browse source
This commit is contained in:
Vladan Popovic 2019-07-09 18:30:30 +02:00
parent 9b716baf78
commit 5cdb3e5c40
14 changed files with 341 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.gitignore vendored Normal file
View file

@ -0,0 +1,8 @@
*.tar*
*.crt
*.key
*.dh
*.sw?
*~

32
alpine/gitea/app.ini Normal file
View file

@ -0,0 +1,32 @@
RUN_USER = gitea
RUN_MODE = prod
[repository]
ROOT = /var/lib/gitea/git
SCRIPT_TYPE = sh
[server]
STATIC_ROOT_PATH = /usr/share/webapps/gitea
APP_DATA_PATH = /var/lib/gitea/data
[database]
DB_TYPE = sqlite3
PATH = /var/lib/gitea/db/gitea.db
SSL_MODE = disable
[session]
PROVIDER = file
[log]
MODE = info_console
LEVEL = Info
[Log.error_console]
Mode=console
Stderr=true
Level=Error
[Log.info_console]
Mode=console
Stderr=true
Level=Info

40
alpine/gitea/build.sh Executable file
View file

@ -0,0 +1,40 @@
#!/bin/sh
[ -z $ROOTFS ] && ROOTFS=/tmp/gitea
[ -z $ALPINE_VERSION ] && ALPINE_VERSION=3.10
[ -z $ALPINE_RELEASE ] && ALPINE_RELEASE=0
ALPINE_TARBALL=alpine-minirootfs-$ALPINE_VERSION.$ALPINE_RELEASE-x86_64.tar.gz
[ -f $ROOTFS.raw ] && sudo rm $ROOTFS.raw
[ -f $ALPINE_TARBALL ] || wget http://dl-cdn.alpinelinux.org/alpine/v$ALPINE_VERSION/releases/x86_64/$ALPINE_TARBALL
sudo systemctl stop gitea.service && sudo portablectl detach gitea
sudo mkdir -p $ROOTFS
sudo tar xf $ALPINE_TARBALL -C $ROOTFS/
sudo mkdir -p \
$ROOTFS/etc/systemd/system \
$ROOTFS/var/{lib,run,tmp} \
$ROOTFS/{dev,tmp,proc,root,run,sys} \
$ROOTFS/etc/gitea \
$ROOTFS/var/lib/gitea \
$ROOTFS/dev/log \
$ROOTFS/run/systemd/journal \
$ROOTFS/run/{dbus,gitea} \
$ROOTFS/{proc,sys,dev} \
$ROOTFS/var/tmp/ \
$ROOTFS/root/.ssh
sudo touch $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf
sudo systemd-nspawn --directory $ROOTFS/ /sbin/apk update
sudo systemd-nspawn --directory $ROOTFS/ /sbin/apk add --no-cache gitea openssh-keygen
# sudo systemd-nspawn --directory $ROOTFS/ /bin/rm -rf /etc/apk /root/.cache /root/.config /var/cache/*
sudo cp systemd/* $ROOTFS/etc/systemd/system/
sudo mksquashfs $ROOTFS/ $ROOTFS.raw -all-root -noappend
#sudo rm -rf $ROOTFS
sudo portablectl attach $ROOTFS.raw

26
alpine/gitea/systemd/gitea.service Normal file
View file

@ -0,0 +1,26 @@
[Unit]
Description=Gitea (Git with a cup of tea)
After=network.target
#Requires=mysql.service
#Requires=mariadb.service
#Requires=postgresql.service
#Requires=memcached.service
#Requires=redis.service
[Service]
Type=simple
User=gitea
Group=www-data
Environment=USER=gitea HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea
WorkingDirectory=/var/lib/gitea
ExecStart=/bin/ls -al /etc/gitea/
#ExecStart=/usr/bin/gitea web -c /etc/gitea/app.ini
RuntimeDirectory=gitea
StateDirectory=gitea
ConfigurationDirectory=gitea
[Install]
WantedBy=multi-user.target

0
alpine-matrix/README.md → alpine/matrix/README.md
View file

4
alpine-matrix/build.sh → alpine/matrix/build.sh
View file

@ -9,11 +9,13 @@ mkdir -p $ROOTFS
tar xf $ALPINE_TARBALL -C $ROOTFS/ \ tar xf $ALPINE_TARBALL -C $ROOTFS/ \
./etc/apk ./etc/os-release ./usr ./lib ./bin ./sbin ./var ./etc/apk ./etc/os-release ./usr ./lib ./bin ./sbin ./var
mkdir -p $ROOTFS/etc/systemd/system \ mkdir -p \
$ROOTFS/etc/systemd/system \
$ROOTFS/var/{lib,run,tmp} \ $ROOTFS/var/{lib,run,tmp} \
$ROOTFS/{dev,tmp,proc,root,run,sys} \ $ROOTFS/{dev,tmp,proc,root,run,sys} \
$ROOTFS/etc/matrix \ $ROOTFS/etc/matrix \
$ROOTFS/var/lib/matrix-{synapse,appservice-irc} $ROOTFS/var/lib/matrix-{synapse,appservice-irc}
touch $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf touch $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf
touch $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf touch $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf

143
alpine/matrix/conf/homeserver.jenga.yaml Normal file
View file

@ -0,0 +1,143 @@
no_tls: False
tls_certificate_path: "/etc/synapse/jenga.local.tls.crt"
tls_private_key_path: "/etc/synapse/jenga.local.tls.key"
tls_dh_params_path: "/etc/synapse/jenga.local.tls.dh"
tls_fingerprints: []
# tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
## Server ##
server_name: "jenga.local"
pid_file: /var/lib/synapse/homeserver.pid
soft_file_limit: 0
use_presence: true
listeners:
-
port: 8448
bind_addresses:
- '::'
- '0.0.0.0'
type: http
tls: true
x_forwarded: false
resources:
-
names:
- client # The client-server APIs, both v1 and v2
# - webclient # A web client. Requires web_client_location to be set.
compress: true
- names: [federation] # Federation APIs
compress: false
# Database configuration
database:
name: "sqlite3"
args:
database: "/var/lib/synapse/homeserver.db"
event_cache_size: "10K"
log_config: "/etc/synapse/log.config"
## Ratelimiting ##
rc_messages_per_second: 0.2
rc_message_burst_count: 10.0
federation_rc_window_size: 1000
federation_rc_sleep_limit: 10
federation_rc_sleep_delay: 500
federation_rc_reject_limit: 50
federation_rc_concurrent: 3
# Directory where uploaded images and attachments are stored.
media_store_path: "/var/lib/synapse/media_store"
uploads_path: "/var/lib/synapse/uploads"
max_upload_size: "10M"
max_image_pixels: "32M"
dynamic_thumbnails: false
thumbnail_sizes:
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 320
height: 240
method: scale
- width: 640
height: 480
method: scale
- width: 800
height: 600
method: scale
url_preview_enabled: False
max_spider_size: "10M"
## Captcha ##
recaptcha_public_key: "YOUR_PUBLIC_KEY"
recaptcha_private_key: "YOUR_PRIVATE_KEY"
enable_registration_captcha: False
recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
turn_user_lifetime: "1h"
turn_allow_guests: True
## Registration ##
enable_registration: False
registration_shared_secret: ",@MxAOPr0kkpC-Gzzk1=Ea-HKH@S-utf:Uf0fiz;xAo~I2Y9Fk"
bcrypt_rounds: 12
allow_guest_access: False
trusted_third_party_id_servers:
- matrix.org
- vector.im
autocreate_auto_join_rooms: true
## Metrics ###
enable_metrics: False
report_stats: false
## API Configuration ##
room_invite_state_types:
- "m.room.join_rules"
- "m.room.canonical_alias"
- "m.room.avatar"
- "m.room.name"
app_service_config_files: []
track_appservice_user_ips: False
macaroon_secret_key: "mL9+dY892cIh&=L6kdZV.SU;i_N=-*DBkA,p^Jp8eQ_v7-DXz4"
expire_access_token: False
form_secret: "&+O&4t2BKp=E++pPrc:Y=Uxi50yM,Z5XxX^VFQ7Fad^0y,#bOc"
## Signing Keys ##
signing_key_path: "/etc/synapse/jenga.local.signing.key"
old_signing_keys: {}
key_refresh_interval: "1d" # 1 Day.
# Enable password for login.
password_config:
enabled: true
# Uncomment and change to a secret random string for extra security.
# DO NOT CHANGE THIS AFTER INITIAL SETUP!
#pepper: ""
enable_group_creation: false
alias_creation_rules:
- user_id: "*"
alias: "*"
action: allow

0
alpine-matrix/scripts/install.sh → alpine/matrix/scripts/install.sh
View file

0
alpine-matrix/systemd/matrix-appservice-irc.service → alpine/matrix/systemd/matrix-appservice-irc.service
View file

0
alpine-matrix/systemd/matrix.service → alpine/matrix/systemd/matrix.service
View file

23
alpine/rust/build.sh Normal file
View file

@ -0,0 +1,23 @@
#!/bin/sh
ROOTFS=/tmp/cgit
ALPINE_TARBALL=alpine-minirootfs-3.9.2-x86_64.tar.gz
# wget http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/$ALPINE_TARBALL
mkdir -p $ROOTFS
tar xf $ALPINE_TARBALL -C $ROOTFS/ \
./etc/apk ./etc/os-release ./usr ./lib ./bin ./sbin ./var
mkdir -p $ROOTFS/etc/systemd/system \
$ROOTFS/var/{lib,run,tmp} \
$ROOTFS/{dev,tmp,proc,root,run,sys} \
$ROOTFS/etc/git \
$ROOTFS/var/lib/git
touch $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf
sudo systemd-nspawn --directory $ROOTFS/ /sbin/apk update
sudo systemd-nspawn --directory $ROOTFS/ /sbin/apk add cgit uwsgi-cgi
cp systemd/* $ROOTFS/etc/systemd/system/
mksquashfs $ROOTFS/ $ROOTFS.raw

12
alpine/rust/systemd/cgit.service Normal file
View file

@ -0,0 +1,12 @@
[Unit]
Description=cgit uwsgi service
After=network.target
Before=nginx.service
Requires=cgit.socket
[Service]
DynamicUser=yes
User=git
Group=git
RuntimeDirectory=git
ConfigurationDirectory=git

10
alpine/rust/systemd/cgit.socket Normal file
View file

@ -0,0 +1,10 @@
[Unit]
Description=cgit socket
[Socket]
ListenStream=/run/git/cgit.sock
SocketMode=0660
SocketGroup=http
[Install]
WantedBy=sockets.target

39
alpine/simple/build.sh Normal file
View file

@ -0,0 +1,39 @@
#!/bin/sh
ROOTFS=`mktemp -d rootfs.XXX -t`
TMPDIR=/tmp
TARBALL=alpine-minirootfs-3.9.0-x86_64.tar.gz
URL=http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/$TARBALL
[ "$URL" ] && wget -c $URL
mkdir $ROOTFS
# 1. create rootfs
tar xf $TARBALL -C $ROOTFS/ \
./etc/os-release ./usr ./lib ./bin ./sbin
# 2. create mount points
mkdir -p $ROOTFS/etc/systemd/system $ROOTFS/var/{lib,run,tmp} $ROOTFS/{dev,proc,sys,tmp,run,root}
touch $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf
# 3. simple service unit
cat <<EOF > $ROOTFS/etc/systemd/system/simple.service
[Unit]
Description=Simple portable test service
[Service]
Type=exec
ExecStart=/bin/sh -c 'while /bin/sleep 5; do echo ping; done'
EOF
# 4. create a read-only squashfs rootfs image
mksquashfs $ROOTFS $TMPDIR/simple.raw -all-root -noappend
# 5. attach and start the service
sudo portablectl attach $TMPDIR/simple.raw
sudo systemctl start simple-test
# 6. undo
#sudo systemctl stop simple-test
#sudo portablectl detach $TMPDIR/simple.raw