Created
November 19, 2022 18:18
-
-
Save pylover/e072e37d6b6f882b1286376c50604dd2 to your computer and use it in GitHub Desktop.
Script to install Gitea on Ubuntu 20.04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env bash | |
| set -e | |
| UNAME=git | |
| # Obtain some information | |
| APPNAME="" | |
| read -p "Enter application title: " APPNAME | |
| DOMAIN="" | |
| read -p "Enter domain name: " DOMAIN | |
| PGVER=`psql --version | cut -d'.' -f 1 | cut -d' ' -f 3` | |
| echo "Postgresql version: $PGVER" | |
| # Install postgresql | |
| read -p "Do you want to install postgresql? [Y/n] " | |
| if [[ ! $REPLY =~ ^[Nn]$ ]] | |
| then | |
| apt install -y postgresql | |
| fi | |
| # Install Redis | |
| read -p "Do you want to install Redis server? [Y/n] " | |
| if [[ ! $REPLY =~ ^[Nn]$ ]] | |
| then | |
| apt install -y redis-server | |
| fi | |
| # Install git | |
| read -p "Do you want to install git? [Y/n] " | |
| if [[ ! $REPLY =~ ^[Nn]$ ]] | |
| then | |
| apt install -y git | |
| fi | |
| # Install nginx | |
| read -p "Do you want to install nginx? [Y/n] " | |
| if [[ ! $REPLY =~ ^[Nn]$ ]] | |
| then | |
| apt install -y nginx | |
| fi | |
| # Download the binary | |
| if [ -f "gitea" ]; then | |
| echo "Download skipped, due the \"gitea\" binary just found!" | |
| else | |
| wget -O gitea https://dl.gitea.io/gitea/1.17.3/gitea-1.17.3-linux-amd64 | |
| # Verify | |
| gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2 | |
| gpg --verify gitea-1.17.3-linux-amd64.asc gitea-1.17.3-linux-amd64 | |
| # Set execution bit | |
| chmod +x gitea | |
| # Copy into path | |
| cp gitea /usr/local/bin | |
| fi | |
| # System user | |
| if id "$UNAME" &>/dev/null; then | |
| echo "User \"$UNAME\" is already exists." | |
| else | |
| # Create user | |
| adduser \ | |
| --system \ | |
| --shell /bin/bash \ | |
| --gecos 'Git Version Control' \ | |
| --group \ | |
| --disabled-password \ | |
| --home /home/$UNAME \ | |
| $UNAME | |
| fi | |
| # Gitea directories | |
| if [ -d /var/lib/gitea ]; then | |
| echo "Directories are already created." | |
| else | |
| # Directory structure | |
| mkdir -p /var/lib/gitea/{custom,data,log} | |
| chown -R $UNAME:$UNAME /var/lib/gitea/ | |
| chmod -R 750 /var/lib/gitea/ | |
| mkdir /etc/gitea | |
| chown root:$UNAME /etc/gitea | |
| chmod 750 /etc/gitea | |
| fi | |
| # Postgresql user | |
| if sudo -u postgres psql -t -c '\du' | cut -d \| -f 1 | grep -qw "$UNAME"; then | |
| echo "Postgres user: \"$UNAME\" is already exists" | |
| else | |
| sudo -u postgres createuser $UNAME | |
| fi | |
| # Postgresql database | |
| if sudo -u postgres psql -lqt | cut -d \| -f 1 | grep -qw gitea; then | |
| echo "Postgres database: \"gitea\" is already exists" | |
| else | |
| sudo -u postgres createdb -O $UNAME gitea | |
| fi | |
| # Configure postgresql peer auth | |
| read -p "Do you want to enable postgresql peer authentication for user $UNAME? [Y/n] " | |
| if [[ ! $REPLY =~ ^[Nn]$ ]] | |
| then | |
| echo "# Added by install-gitea.sh | |
| local gitea $UNAME peer | |
| " >> /etc/postgresql/$PGVER/main/pg_hba.conf | |
| service postgresql restart | |
| fi | |
| # Gitea configuration | |
| read -p "Do you want to create gitea app.ini? [Y/n] " | |
| if [[ ! $REPLY =~ ^[Nn]$ ]] | |
| then | |
| echo "APP_NAME = $APPNAME | |
| RUN_USER = $UNAME | |
| RUN_MODE = prod | |
| [database] | |
| DB_TYPE = postgres | |
| HOST = /run/postgresql | |
| NAME = gitea | |
| USER = $UNAME | |
| PASSWD = | |
| SCHEMA = | |
| SSL_MODE = disable | |
| CHARSET = utf8 | |
| PATH = /var/lib/gitea/data/gitea.db | |
| LOG_SQL = false | |
| [repository] | |
| ROOT = /var/lib/gitea/data/gitea-repositories | |
| [server] | |
| PROTOCOL = http+unix | |
| HTTP_ADDR = /run/gitea/gitea.s | |
| UNIX_SOCKET_PERMISSION = 666 | |
| ROOT_URL = https://gkey.ir/ | |
| SSH_DOMAIN = $DOMAIN | |
| DOMAIN = $DOMAIN | |
| DISABLE_SSH = false | |
| SSH_PORT = 22 | |
| LFS_START_SERVER = true | |
| LFS_JWT_SECRET = XxntfHqlesxHcryRAC2k-5q3M5C-_RO85JqYODIdaJo | |
| OFFLINE_MODE = false | |
| [lfs] | |
| PATH = /var/lib/gitea/data/lfs | |
| [mailer] | |
| ENABLED = false | |
| [service] | |
| REGISTER_EMAIL_CONFIRM = false | |
| ENABLE_NOTIFY_MAIL = false | |
| DISABLE_REGISTRATION = true | |
| ALLOW_ONLY_EXTERNAL_REGISTRATION = false | |
| ENABLE_CAPTCHA = false | |
| REQUIRE_SIGNIN_VIEW = true | |
| DEFAULT_KEEP_EMAIL_PRIVATE = false | |
| DEFAULT_ALLOW_CREATE_ORGANIZATION = false | |
| DEFAULT_ENABLE_TIMETRACKING = true | |
| NO_REPLY_ADDRESS = noreply.localhost | |
| [picture] | |
| DISABLE_GRAVATAR = false | |
| ENABLE_FEDERATED_AVATAR = true | |
| [openid] | |
| ENABLE_OPENID_SIGNIN = true | |
| ENABLE_OPENID_SIGNUP = false | |
| [session] | |
| PROVIDER = file | |
| [log] | |
| MODE = console | |
| LEVEL = info | |
| ROOT_PATH = /var/lib/gitea/log | |
| ROUTER = console | |
| [repository.pull-request] | |
| DEFAULT_MERGE_STYLE = merge | |
| [repository.signing] | |
| DEFAULT_TRUST_MODEL = committer | |
| [security] | |
| INSTALL_LOCK = true | |
| INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2Njg4NzU5ODd9._dhq-UIyJ04eVwUheg6vKoufifWU5KAT8oLyMuf9T-A | |
| PASSWORD_HASH_ALGO = pbkdf2 | |
| " > /etc/gitea/app.ini | |
| chmod 640 /etc/gitea/app.ini | |
| fi | |
| # Systemd | |
| read -p "Do you want to create systemd service? [Y/n] " | |
| if [[ ! $REPLY =~ ^[Nn]$ ]] | |
| then | |
| echo "[Unit] | |
| Description=Gitea (Git with a cup of tea) | |
| After=syslog.target | |
| After=network.target | |
| Wants=postgresql.service | |
| After=postgresql.service | |
| Wants=memcached.service | |
| After=memcached.service | |
| Wants=redis.service | |
| After=redis.service | |
| [Service] | |
| RestartSec=2s | |
| Type=simple | |
| User=$UNAME | |
| Group=$UNAME | |
| WorkingDirectory=/var/lib/gitea/ | |
| RuntimeDirectory=gitea | |
| ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini | |
| Restart=always | |
| Environment=USER=$UNAME HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea | |
| [Install] | |
| WantedBy=multi-user.target | |
| " > /etc/systemd/system/gitea.service | |
| systemctl daemon-reload | |
| systemctl enable gitea | |
| systemctl restart gitea | |
| fi | |
| # Nginx conf | |
| read -p "Do you want to create nginx configuration file? [Y/n] " | |
| if [[ ! $REPLY =~ ^[Nn]$ ]] | |
| then | |
| echo " | |
| upstream gitea { | |
| server unix:/run/gitea/gitea.s; | |
| } | |
| server { | |
| listen 80; | |
| server_name $DOMAIN www.$DOMAIN; | |
| location / { | |
| proxy_pass http://gitea; | |
| proxy_set_header Host \$host; | |
| proxy_set_header X-Real-IP \$remote_addr; | |
| proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto \$scheme; | |
| } | |
| }" > /etc/nginx/sites-available/$DOMAIN | |
| # Test | |
| nginx -t | |
| # Enable | |
| if [ ! -f "/etc/nginx/sites-enabled/$DOMAIN" ]; then | |
| ln -s /etc/nginx/sites-available/$DOMAIN /etc/nginx/sites-enabled | |
| fi | |
| service nginx restart | |
| # SSL | |
| apt install certbot python3-certbot-nginx | |
| certbot --nginx -d $DOMAIN -d www.$DOMAIN | |
| fi | |
| # TODO: disable postgres tcp listen | |
| # TODO: Gitea Socket activation | |
| # TODO: firewall | |
| # | |
| ### | |
| # If using socket activation for main http/s | |
| ### | |
| # | |
| #After=gitea.main.socket | |
| #Requires=gitea.main.socket | |
| # | |
| ### | |
| # (You can also provide gitea an http fallback and/or ssh socket too) | |
| # | |
| # An example of /etc/systemd/system/gitea.main.socket | |
| ### | |
| ## | |
| ## [Unit] | |
| ## Description=Gitea Web Socket | |
| ## PartOf=gitea.service | |
| ## | |
| ## [Socket] | |
| ## Service=gitea.service | |
| ## ListenStream=<some_port> | |
| ## NoDelay=true | |
| ## | |
| ## [Install] | |
| ## WantedBy=sockets.target | |
| ## | |
| ### |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment