commit e8486eaf600102e32a09e298f8239a0d6137dd6e Author: tseed Date: Wed Aug 30 17:13:21 2023 +0100 init commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..06b2b22 --- /dev/null +++ b/README.md @@ -0,0 +1,148 @@ +# Add git user, secure ssh, setup sudoers + +- Switch host ssh port to 222 to allow Gitea to offer port 22. + +```sh +ssh root@ +groupadd -r -g 1001 git && useradd -r -u 1001 -g 1001 -m -s /bin/bash git +nano -cw /etc/ssh/sshd_config + +Port 222 +PermitRootLogin prohibit-password +PasswordAuthentication no + +systemctl restart ssh +exit + +ssh -p 222 root@ +mkdir /home/git/.ssh +chown git.git /home/git/.ssh +chown -R 700 /home/git/.ssh +cp /root/.ssh/authorized_keys /home/git/.ssh +chown git.git /home/git/.ssh/authorized_keys +chmod 644 /home/git/.ssh/authorized_keys + +echo "%git ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/git +chmod 0440 /etc/sudoers.d/git +exit +``` + +# Install docker/docker-compose + +```sh +ssh -p 222 git@ +sudo su - +apt-get update +apt-get upgrade +apt install apt-transport-https ca-certificates curl software-properties-common +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - +add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" +apt-cache policy docker-ce +apt install docker-ce +systemctl status docker +wget -O /usr/bin/docker-compose https://github.com/docker/compose/releases/download/v2.20.2/docker-compose-linux-x86_64 +chmod +x /usr/bin/docker-compose +exit +sudo docker ps -a +sudo docker-compose ls +``` + +# Write compose file + +```sh +sudo su - +mkdir -p /opt/containers/gitea/data /opt/containers/compose/gitea +chown -R git.git /opt/containers/gitea/data +chmod 775 /opt/containers/gitea/data +nano -cw /opt/containers/compose/gitea/docker-compose.yaml +``` + +# Custom ENV vars to ensure instant deployment and ACME ssl + +- INSTALL_LOCK is used to bypass the install screen, as most env vars are populated there should be no need to run manual setup. + +```sh +nano -cw /opt/containers/compose/gitea/docker-compose.yaml + +version: "3.9" + +networks: + gitea: + name: gitea + driver: bridge + driver_opts: + parent: eth0 + ipam: + config: + - subnet: 172.16.10.0/24 + ip_range: 172.16.10.0/24 + gateway: 172.16.10.1 + +services: + server: + image: gitea/gitea:1.20.3 + container_name: gitea + environment: + - USER_UID=1001 + - USER_GID=1001 + - GITEA__service__DISABLE_REGISTRATION=true + - GITEA__service__SHOW_REGISTRATION_BUTTON=false + - GITEA__service__ENABLE_USER_HEATMAP=false + - GITEA__service__ENABLE_TIMETRACKING=false + - GITEA__service__SHOW_MILESTONES_DASHBOARD_PAGE=false + - GITEA__picture__DISABLE_GRAVATAR=true + - GITEA__server__LANDING_PAGE=explore + - GITEA__openid__ENABLE_OPENID_SIGNIN=false + - GITEA__ui__SHOW_USER_EMAIL=false + - GITEA__ui__DEFAULT_SHOW_FULL_NAME=false + - GITEA__database__DB_TYPE=sqlite3 + - GITEA__mailer__ENABLED=false + - GITEA__time__DEFAULT_UI_LOCATION=Europe/London + - GITEA__security__INSTALL_LOCK=true + - GITEA__server__PROTOCOL=https + - GITEA__server__DOMAIN=static.6.234.217.95.clients.your-server.de + - GITEA__server__ROOT_URL=https://static.6.234.217.95.clients.your-server.de/ + - GITEA__server__ENABLE_ACME=true + - GITEA__server__ACME_ACCEPTTOS=true + - GITEA__server__ACME_DIRECTORY=https + - GITEA__server__ACME_EMAIL=toby.n.seed@gmail.com + - GITEA__server__ACME_URL=https://acme-staging-v02.api.letsencrypt.org/directory + restart: unless-stopped + volumes: + - type: bind + source: /opt/containers/gitea/data + target: /data + - type: bind + source: /etc/timezone + target: /etc/timezone + read_only: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + ports: + - "443:3000" + - "22:22" + networks: + gitea: + ipv4_address: 172.16.10.3 +``` + +# Deploy Gitea + +```sh +cd /opt/containers/compose/gitea +docker-compose up +``` + +# Enter container to create admin user + +```sh +user: +email: user@example.com +password: + +docker exec -it -u git gitea /bin/bash +cat /data/gitea/conf/app.ini +gitea admin user create --username --email user@example.com --password "" --admin +```