forgejo migration

2024-07-18 10:24:35 -05:00 · 2024-07-18 10:24:35 -05:00 · 173010678e
commit 173010678e
parent e5dfb885aa
11 changed files with 368 additions and 0 deletions
--- a/etc/apparmor.d/var.xyzzy.bin.forgejo
+++ b/etc/apparmor.d/var.xyzzy.bin.forgejo
@ -0,0 +1,44 @@
+#include <tunables/global>
+
+/var/xyzzy/bin/forgejo* flags=(complain) {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+  #include <abstractions/user-tmp>
+
+  /dev/tty rw,
+  /etc/gitconfig r,
+  /etc/machine-id r,
+  /etc/mime.types r,
+  /proc/sys/net/core/somaxconn r,
+  /proc/version r,
+  /sys/devices/system/cpu/online r,
+  /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
+  /usr/bin/basename mrix,
+  /usr/bin/bash mrix,
+  /usr/bin/cat mrix,
+  /usr/bin/dash mrix,
+  /usr/bin/env rix,
+  /usr/bin/git mrix,
+  /usr/bin/gzip mrix,
+  /usr/lib/git-core/git mrix,
+  /usr/share/git-core/templates r,
+  /usr/share/mime/globs2 r,
+
+  /var/xyzzy/backup/* rw,
+  /var/xyzzy/bin/forgejo* mrix,
+  /var/xyzzy/etc/forgejo/app.ini r,
+  /var/xyzzy/etc/forgejo/internal_token r,
+  /var/xyzzy/etc/forgejo/jwt_secret r,
+  /var/xyzzy/etc/forgejo/lfs_jwt_secret r,
+  /var/xyzzy/forge/** r,
+  /var/xyzzy/forge/data/repositories/*/*.git/hooks/* mrix,
+  /var/xyzzy/forge/data/repositories/*/*.git/hooks/*.d/* mrix,
+
+  owner /proc/*/cpuset r,
+  owner /var/xyzzy/git/.gitconfig rw,
+  owner /var/xyzzy/git/.gitconfig.lock rw,
+  owner /var/xyzzy/git/.ssh/* rw,
+  owner /var/xyzzy/forge/data/** rwkl,
+  owner /var/xyzzy/forge/log/* rw,
+
+}
--- a/etc/systemd/system/forgejo.service
+++ b/etc/systemd/system/forgejo.service
@ -0,0 +1,30 @@
+[Unit]
+Description=Forgejo
+After=syslog.target
+After=network.target
+
+[Service]
+# Modify these two values and uncomment them if you have
+# repos with lots of files and get an HTTP error 500 because
+# of that
+###
+#LimitMEMLOCK=infinity
+#LimitNOFILE=65535
+###
+RestartSec=2s
+Type=simple
+User=git
+Group=git
+WorkingDirectory=/var/xyzzy/forge/
+ExecStart=/var/xyzzy/bin/forgejo web --config /var/xyzzy/etc/forgejo/app.ini
+Restart=always
+Environment=USER=git HOME=/var/xyzzy/git FORGEJO_WORK_DIR=/var/xyzzy/forge
+Environment=PATH=/var/xyzzy/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# If you want to bind to a port below 1024, uncomment
+###
+#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+###
+
+[Install]
+WantedBy=multi-user.target
--- a/etc/systemd/system/forgejo_backup.service
+++ b/etc/systemd/system/forgejo_backup.service
@ -0,0 +1,10 @@
+[Unit]
+Description=Forgejo Backup
+Wants=forgejo_backup.timer
+
+[Service]
+Type=oneshot
+ExecStart=/var/xyzzy/bin/forgejo_backup.sh
+
+[Install]
+WantedBy=multi-user.target
--- a/etc/systemd/system/forgejo_backup.timer
+++ b/etc/systemd/system/forgejo_backup.timer
@ -0,0 +1,10 @@
+[Unit]
+Description=Forgejo Backup Timer
+Requires=forgejo_backup.service
+
+[Timer]
+Unit=forgejo_backup.service
+OnCalendar=*-*-* 00,08,16:00:00
+
+[Install]
+WantedBy=timers.target