# Add git user, secure ssh, setup sudoers - Switch host ssh port to 222 to allow Gitea to offer port 22. ```sh ssh root@ groupadd -r -g 1001 git && useradd -r -u 1001 -g 1001 -m -s /bin/bash git nano -cw /etc/ssh/sshd_config Port 222 PermitRootLogin prohibit-password PasswordAuthentication no systemctl restart ssh exit ssh -p 222 root@ mkdir /home/git/.ssh chown git.git /home/git/.ssh chown -R 700 /home/git/.ssh cp /root/.ssh/authorized_keys /home/git/.ssh chown git.git /home/git/.ssh/authorized_keys chmod 644 /home/git/.ssh/authorized_keys echo "%git ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/git chmod 0440 /etc/sudoers.d/git exit ``` # Install docker/docker-compose ```sh ssh -p 222 git@ sudo su - apt-get update apt-get upgrade apt install apt-transport-https ca-certificates curl software-properties-common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" apt-cache policy docker-ce apt install docker-ce systemctl status docker wget -O /usr/bin/docker-compose https://github.com/docker/compose/releases/download/v2.20.2/docker-compose-linux-x86_64 chmod +x /usr/bin/docker-compose exit sudo docker ps -a sudo docker-compose ls ``` # Write compose file ```sh sudo su - mkdir -p /opt/containers/gitea/data /opt/containers/compose/gitea chown -R git.git /opt/containers/gitea/data chmod 775 /opt/containers/gitea/data nano -cw /opt/containers/compose/gitea/docker-compose.yaml ``` # Custom ENV vars to ensure instant deployment and ACME ssl - INSTALL_LOCK is used to bypass the install screen, as most env vars are populated there should be no need to run manual setup. ```sh nano -cw /opt/containers/compose/gitea/docker-compose.yaml version: "3.9" networks: gitea: name: gitea driver: bridge driver_opts: parent: eth0 ipam: config: - subnet: 172.16.10.0/24 ip_range: 172.16.10.0/24 gateway: 172.16.10.1 services: server: image: gitea/gitea:1.20.3 container_name: gitea environment: - USER_UID=1001 - USER_GID=1001 - GITEA__service__DISABLE_REGISTRATION=true - GITEA__service__SHOW_REGISTRATION_BUTTON=false - GITEA__service__ENABLE_USER_HEATMAP=false - GITEA__service__ENABLE_TIMETRACKING=false - GITEA__service__SHOW_MILESTONES_DASHBOARD_PAGE=false - GITEA__picture__DISABLE_GRAVATAR=true - GITEA__server__LANDING_PAGE=explore - GITEA__openid__ENABLE_OPENID_SIGNIN=false - GITEA__ui__SHOW_USER_EMAIL=false - GITEA__ui__DEFAULT_SHOW_FULL_NAME=false - GITEA__database__DB_TYPE=sqlite3 - GITEA__mailer__ENABLED=false - GITEA__time__DEFAULT_UI_LOCATION=Europe/London - GITEA__security__INSTALL_LOCK=true - GITEA__server__PROTOCOL=https - GITEA__server__DOMAIN=static.6.234.217.95.clients.your-server.de - GITEA__server__ROOT_URL=https://static.6.234.217.95.clients.your-server.de/ - GITEA__server__ENABLE_ACME=true - GITEA__server__ACME_ACCEPTTOS=true - GITEA__server__ACME_DIRECTORY=https - GITEA__server__ACME_EMAIL=toby.n.seed@gmail.com - GITEA__server__ACME_URL=https://acme-staging-v02.api.letsencrypt.org/directory restart: unless-stopped volumes: - type: bind source: /opt/containers/gitea/data target: /data - type: bind source: /etc/timezone target: /etc/timezone read_only: true - type: bind source: /etc/localtime target: /etc/localtime read_only: true ports: - "443:3000" - "22:22" networks: gitea: ipv4_address: 172.16.10.3 ``` # Deploy Gitea ```sh cd /opt/containers/compose/gitea docker-compose up ``` # Enter container to create admin user ```sh user: email: user@example.com password: docker exec -it -u git gitea /bin/bash cat /data/gitea/conf/app.ini gitea admin user create --username --email user@example.com --password "" --admin ```