166 lines
5.1 KiB
Bash
Executable File
166 lines
5.1 KiB
Bash
Executable File
#!/bin/bash
|
|
# install-gitgk.sh - Installer for gitGK Git Appliance
|
|
#
|
|
# Copyright 2025 Robbie Ferguson
|
|
# Category5 TV Network
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
set -e
|
|
|
|
# === Configuration ===
|
|
DOMAIN=${1:-} # Optional: pass domain as first argument
|
|
if [ -z "$DOMAIN" ]; then
|
|
DOMAIN=$(hostname -I | awk '{print $1}')
|
|
echo "No domain provided, using IP: $DOMAIN"
|
|
fi
|
|
|
|
GITEA_USER="gitea"
|
|
GITEA_DB="gitea"
|
|
GITEA_DB_USER="gitea"
|
|
GITEA_DB_PASS="$(openssl rand -base64 32)"
|
|
GITEA_VERSION="1.24.1"
|
|
|
|
# === Confirm root privileges ===
|
|
if [ "$(id -u)" -ne 0 ]; then
|
|
echo "Please run this script as root or with sudo."
|
|
exit 1
|
|
fi
|
|
|
|
echo "Updating system and installing required packages..."
|
|
apt update
|
|
DEBIAN_FRONTEND=noninteractive apt install -y \
|
|
git \
|
|
wget \
|
|
curl \
|
|
mariadb-server \
|
|
nginx \
|
|
certbot \
|
|
python3-certbot-nginx \
|
|
openssl \
|
|
unattended-upgrades \
|
|
apt-listchanges
|
|
|
|
echo "Enabling automatic security updates..."
|
|
dpkg-reconfigure -f noninteractive unattended-upgrades
|
|
|
|
# === Setup Gitea Users and Directories ===
|
|
echo "Creating system users..."
|
|
id git >/dev/null 2>&1 || adduser --system --group --home /home/git --shell /bin/bash git
|
|
id "$GITEA_USER" >/dev/null 2>&1 || adduser --system --group --home /home/gitea --shell /bin/bash "$GITEA_USER"
|
|
|
|
echo "Setting up gitGK directories..."
|
|
mkdir -p /var/lib/gitea/{custom,data,log}
|
|
mkdir -p /etc/gitea
|
|
chown -R $GITEA_USER:$GITEA_USER /var/lib/gitea
|
|
chown root:$GITEA_USER /etc/gitea
|
|
chmod -R 750 /var/lib/gitea
|
|
chmod 770 /etc/gitea
|
|
|
|
echo "Installing Gitea binary..."
|
|
echo "Downloading Gitea binary..."
|
|
GITEA_BINARY_URL="https://dl.gitea.com/gitea/1.24.1/gitea-${GITEA_VERSION}-linux-amd64"
|
|
wget -q --show-progress -O /usr/local/bin/gitea "$GITEA_BINARY_URL"
|
|
|
|
if [[ ! -x /usr/local/bin/gitea ]]; then
|
|
chmod +x /usr/local/bin/gitea
|
|
fi
|
|
|
|
if ! /usr/local/bin/gitea --version &>/dev/null; then
|
|
echo "Failed to install Gitea. Check your network connection or the URL."
|
|
exit 1
|
|
else
|
|
echo "Gitea installed: version $(/usr/local/bin/gitea --version)"
|
|
fi
|
|
|
|
echo "Creating Gitea systemd service..."
|
|
cat > /etc/systemd/system/gitea.service <<EOF
|
|
[Unit]
|
|
Description=Gitea (Git with a cup of tea)
|
|
After=network.target
|
|
|
|
[Service]
|
|
RestartSec=2s
|
|
Type=simple
|
|
User=$GITEA_USER
|
|
Group=$GITEA_USER
|
|
WorkingDirectory=/var/lib/gitea/
|
|
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
|
|
Restart=always
|
|
Environment=USER=$GITEA_USER HOME=/home/$GITEA_USER GITEA_WORK_DIR=/var/lib/gitea
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
echo "Starting Gitea service..."
|
|
systemctl daemon-reexec
|
|
systemctl enable --now gitea
|
|
|
|
# === MariaDB Setup ===
|
|
echo "Setting up MariaDB database..."
|
|
mysql -e "
|
|
CREATE DATABASE IF NOT EXISTS \`$GITEA_DB\` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
|
|
CREATE USER IF NOT EXISTS '$GITEA_DB_USER'@'localhost' IDENTIFIED BY '$GITEA_DB_PASS';
|
|
GRANT ALL PRIVILEGES ON \`$GITEA_DB\`.* TO '$GITEA_DB_USER'@'localhost';
|
|
FLUSH PRIVILEGES;"
|
|
|
|
echo "$GITEA_DB_PASS" > /root/gitea-db-password.txt
|
|
chmod 600 /root/gitea-db-password.txt
|
|
echo "MariaDB credentials saved to /root/gitea-db-password.txt"
|
|
|
|
# === NGINX Reverse Proxy Setup ===
|
|
echo "Configuring NGINX reverse proxy..."
|
|
cat > /etc/nginx/sites-available/gitea <<EOF
|
|
server {
|
|
listen 80;
|
|
server_name $DOMAIN;
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:3000;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
}
|
|
}
|
|
EOF
|
|
|
|
ln -sf /etc/nginx/sites-available/gitea /etc/nginx/sites-enabled/gitea
|
|
nginx -t && systemctl reload nginx
|
|
|
|
# === Let's Encrypt Setup (optional, only for FQDN) ===
|
|
if [[ "$DOMAIN" != *[0-9]* ]]; then
|
|
echo "Attempting HTTPS setup with Let's Encrypt for domain: $DOMAIN"
|
|
certbot --non-interactive --nginx --agree-tos -d "$DOMAIN" -m admin@"$DOMAIN" || echo "Certbot failed; skipping SSL"
|
|
else
|
|
echo "Domain appears to be an IP address. Skipping SSL certificate setup."
|
|
fi
|
|
|
|
# === Final Notes ===
|
|
echo ""
|
|
echo "======================================================="
|
|
echo "gitGK Git Appliance Installed Successfully"
|
|
echo ""
|
|
echo "Web UI: http://$DOMAIN"
|
|
echo "Repo Path: /var/lib/gitea"
|
|
echo "MariaDB: User '$GITEA_DB_USER', database '$GITEA_DB'"
|
|
echo "Credentials saved to: /root/gitea-db-password.txt"
|
|
echo "Auto Security Updates: ENABLED"
|
|
echo ""
|
|
echo "Next Steps:"
|
|
echo "- Visit the web interface to complete the admin setup."
|
|
echo "- Consider configuring HTTPS if you used an IP."
|
|
echo "- Schedule backups of /etc/gitea, /var/lib/gitea, and the DB."
|
|
echo "======================================================="
|