forgejo migration

2024-07-18 10:24:35 -05:00 · 2024-07-18 10:24:35 -05:00 · 173010678e
commit 173010678e
parent e5dfb885aa
11 changed files with 368 additions and 0 deletions
--- a/bin/forgejo_backup.sh
+++ b/bin/forgejo_backup.sh
@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+#
+# Create Forgejo backups
+#
+# Prep
+#  groupadd --system bkp
+#  mkdir /var/xyzzy/backup
+#  chmod 0750 /var/xyzzy/backup
+#  chown git:bkp /var/xyzzy/backup
+#
+# SPDX-License-Identifier: MIT
+
+_VERSION="0.0.2"
+
+BDTS=$(date +"%Y%m%d%H%M")
+BDIR="/var/xyzzy/backup"
+BFILE="${BDIR}/forgejo-${BDTS}"
+
+BDMP="${BDIR}/forgejo-${BDTS}.tar.xz"
+BGRP="bkp"
+
+GCNF="/var/xyzzy/etc/forgejo/app.ini"
+GBIN="/var/xyzzy/bin/forgejo"
+GDATA="/var/xyzzy/forge"
+
+# healthchecks.io ping URL upon success, uses curl - "none" to disable
+HCPING="none"
+
+# delete backups older than
+#  see 'man find'; "+3" = 3*24h ago
+BDEL="-mtime +3"
+
+# we need to chgrp/chmod to a foreign group
+if [[ $(id -u) -ne 0 ]]; then
+  echo "Must run as root user"
+  exit 1
+fi
+
+# just to be sure
+cd "${BDIR}" || (echo "Cannot cd to ${BDIR}"; exit 1)
+
+# runuser exits with the error code of the command
+_EC=1
+runuser -u git -- "${GBIN}" dump --config "${GCNF}" --tempdir "${BDIR}" \
+  --work-path "${GDATA}" --skip-log --type tar.xz --file "${BFILE}"
+_EC=$?
+
+# post processing
+if [[ $_EC -eq 0 ]]; then
+  # gitea dump writes git:git 0600
+  if [[ -f "${BDMP}" ]]; then
+    chgrp "${BGRP}" "${BDMP}"
+    chmod 0640 "${BDMP}"
+  fi
+  # delete older than BDEL backups
+  # shellcheck disable=SC2086
+  find "${BDIR}" -type f ${BDEL} \
+    -regextype egrep \
+    -regex '.*/forgejo-[0-9]{12}\.tar\.xz' \
+    -delete
+  # ping healthchecks.io
+  if [[ "${HCPING}" != "none" ]]; then
+    curl -fsS -m 10 --retry 5 -o /dev/null "${HCPING}"
+  fi
+fi
+
--- a/etc/apparmor.d/var.xyzzy.bin.forgejo
+++ b/etc/apparmor.d/var.xyzzy.bin.forgejo
@ -0,0 +1,44 @@
+#include <tunables/global>
+
+/var/xyzzy/bin/forgejo* flags=(complain) {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+  #include <abstractions/user-tmp>
+
+  /dev/tty rw,
+  /etc/gitconfig r,
+  /etc/machine-id r,
+  /etc/mime.types r,
+  /proc/sys/net/core/somaxconn r,
+  /proc/version r,
+  /sys/devices/system/cpu/online r,
+  /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
+  /usr/bin/basename mrix,
+  /usr/bin/bash mrix,
+  /usr/bin/cat mrix,
+  /usr/bin/dash mrix,
+  /usr/bin/env rix,
+  /usr/bin/git mrix,
+  /usr/bin/gzip mrix,
+  /usr/lib/git-core/git mrix,
+  /usr/share/git-core/templates r,
+  /usr/share/mime/globs2 r,
+
+  /var/xyzzy/backup/* rw,
+  /var/xyzzy/bin/forgejo* mrix,
+  /var/xyzzy/etc/forgejo/app.ini r,
+  /var/xyzzy/etc/forgejo/internal_token r,
+  /var/xyzzy/etc/forgejo/jwt_secret r,
+  /var/xyzzy/etc/forgejo/lfs_jwt_secret r,
+  /var/xyzzy/forge/** r,
+  /var/xyzzy/forge/data/repositories/*/*.git/hooks/* mrix,
+  /var/xyzzy/forge/data/repositories/*/*.git/hooks/*.d/* mrix,
+
+  owner /proc/*/cpuset r,
+  owner /var/xyzzy/git/.gitconfig rw,
+  owner /var/xyzzy/git/.gitconfig.lock rw,
+  owner /var/xyzzy/git/.ssh/* rw,
+  owner /var/xyzzy/forge/data/** rwkl,
+  owner /var/xyzzy/forge/log/* rw,
+
+}
--- a/etc/systemd/system/forgejo.service
+++ b/etc/systemd/system/forgejo.service
@ -0,0 +1,30 @@
+[Unit]
+Description=Forgejo
+After=syslog.target
+After=network.target
+
+[Service]
+# Modify these two values and uncomment them if you have
+# repos with lots of files and get an HTTP error 500 because
+# of that
+###
+#LimitMEMLOCK=infinity
+#LimitNOFILE=65535
+###
+RestartSec=2s
+Type=simple
+User=git
+Group=git
+WorkingDirectory=/var/xyzzy/forge/
+ExecStart=/var/xyzzy/bin/forgejo web --config /var/xyzzy/etc/forgejo/app.ini
+Restart=always
+Environment=USER=git HOME=/var/xyzzy/git FORGEJO_WORK_DIR=/var/xyzzy/forge
+Environment=PATH=/var/xyzzy/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# If you want to bind to a port below 1024, uncomment
+###
+#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+###
+
+[Install]
+WantedBy=multi-user.target
--- a/etc/systemd/system/forgejo_backup.service
+++ b/etc/systemd/system/forgejo_backup.service
@ -0,0 +1,10 @@
+[Unit]
+Description=Forgejo Backup
+Wants=forgejo_backup.timer
+
+[Service]
+Type=oneshot
+ExecStart=/var/xyzzy/bin/forgejo_backup.sh
+
+[Install]
+WantedBy=multi-user.target
--- a/etc/systemd/system/forgejo_backup.timer
+++ b/etc/systemd/system/forgejo_backup.timer
@ -0,0 +1,10 @@
+[Unit]
+Description=Forgejo Backup Timer
+Requires=forgejo_backup.service
+
+[Timer]
+Unit=forgejo_backup.service
+OnCalendar=*-*-* 00,08,16:00:00
+
+[Install]
+WantedBy=timers.target
--- a/forgejo/app.ini
+++ b/forgejo/app.ini
@ -0,0 +1,154 @@
+# https://forgejo.org/docs/latest/admin/config-cheat-sheet/
+# https://codeberg.org/forgejo/forgejo/src/branch/forgejo/custom/conf/app.example.ini
+
+APP_NAME  = xyzzy forge
+RUN_USER  = git
+RUN_MODE  = prod
+# same as $FORGEJO_WORK_DIR in systemd unit env
+WORK_PATH = /var/xyzzy/forge
+
+[ui]
+DEFAULT_THEME               = forgejo-dark
+SHOW_USER_EMAIL             = false
+AMBIGUOUS_UNICODE_DETECTION = false
+PREFERRED_TIMESTAMP_TENSE   = absolute
+
+[attachment]
+ALLOWED_TYPES = "*/*"
+
+[ui.meta]
+AUTHOR      = xyzzy
+DESCRIPTION = git repositories
+
+[database]
+DB_TYPE        = sqlite3
+HOST           = 127.0.0.1:3306
+NAME           = forge
+USER           = forge
+PASSWD         =
+SCHEMA         =
+SSL_MODE       = disable
+CHARSET        = utf8
+PATH           = /var/xyzzy/forge/data/forgejo.db
+LOG_SQL        = false
+AUTO_MIGRATION = true
+
+[repository]
+ROOT           = /var/xyzzy/forge/data/repositories
+DEFAULT_BRANCH = main
+DISABLE_STARS  = true
+
+[repository.signing]
+DEFAULT_TRUST_MODE = committer
+
+[server]
+SSH_DOMAIN         = git.xyzzy.ee
+DOMAIN             = git.xyzzy.ee
+ROOT_URL           = https://git.xyzzy.ee/
+HTTP_ADDR          = 127.0.0.1
+HTTP_PORT          = 3000
+DISABLE_SSH        = false
+SSH_PORT           = 22
+LFS_START_SERVER   = true
+LFS_JWT_SECRET_URI = file:/var/xyzzy/etc/forgejo/lfs_jwt_secret
+OFFLINE_MODE       = true
+LANDING_PAGE       = home
+
+[lfs]
+STORAGE_TYPE = local
+PATH         = /var/xyzzy/forge/data/lfs
+
+[mailer]
+ENABLED = false
+
+[service]
+REGISTER_EMAIL_CONFIRM            = false
+REGISTER_MANUAL_CONFIRM           = true
+ENABLE_NOTIFY_MAIL                = false
+DISABLE_REGISTRATION              = true
+ALLOW_ONLY_INTERNAL_REGISTRATION  = true
+ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+ENABLE_CAPTCHA                    = false
+REQUIRE_CAPTCHA_FOR_LOGIN         = false
+REQUIRE_SIGNIN_VIEW               = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = true
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING       = true
+NO_REPLY_ADDRESS                  = noreply.xyzzy.ee
+ENABLE_USER_HEATMAP               = false
+
+[service.explore]
+DISABLE_USERS_PAGE = true
+
+[picture]
+DISABLE_GRAVATAR        = true
+ENABLE_FEDERATED_AVATAR = false
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[oauth2]
+ENABLED        = false
+JWT_SECRET_URI = file:/var/xyzzy/etc/forgejo/jwt_secret
+
+[session]
+PROVIDER      = file
+COOKIE_SECURE = true
+COOKIE_NAME   = __Host-forgejo_session
+;DOMAIN        =
+;SAME_SITE     = lax
+
+[log]
+MODE               = console
+LEVEL              = critical
+ROOT_PATH          = /var/xyzzy/forge/log
+COLORIZE           = false
+logger.access.MODE =
+logger.router.MODE =
+logger.xorm.MODE   =
+
+[log.console]
+COLORIZE = false
+
+[cron.update_mirrors]
+SCHEDULE = @midnight
+
+[cron.delete_old_actions]
+ENABLED    = true
+SCHEDULE   = @midnight
+OLDER_THAN = 8760h
+
+[cron.delete_old_system_notices]
+ENABLED    = true
+SCHEDULE   = @midnight
+OLDER_THAN = 720h
+
+# https://pkg.go.dev/time#pkg-constants
+[time]
+FORMAT = RFC3339
+
+[mirror]
+DEFAULT_INTERVAL = 4h
+
+[security]
+INSTALL_LOCK             = true
+LOGIN_REMEMBER_DAYS      = 365
+INTERNAL_TOKEN_URI       = file:/var/xyzzy/etc/forgejo/internal_token
+PASSWORD_HASH_ALGO       = pbkdf2
+DISABLE_QUERY_AUTH_TOKEN = true
+COOKIE_REMEMBER_NAME     = git_xyzzy
+
+[other]
+SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
+ENABLE_FEED                    = false
+
+[federation]
+ENABLED               = false
+SHARE_USER_STATISTICS = false
+
+[actions]
+ENABLED = false
+
+[badges]
+ENABLED = false
--- a/forgejo/custom/public/assets/img/favicon.png
+++ b/forgejo/custom/public/assets/img/favicon.png
--- a/forgejo/custom/public/assets/img/favicon.svg
+++ b/forgejo/custom/public/assets/img/favicon.svg
@ -0,0 +1,22 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
+ "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
+<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
+ width="512" height="512" viewBox="0 0 512 512"
+ preserveAspectRatio="xMidYMid meet">
+
+<g transform="translate(0,512) scale(0.1,-0.1)"
+fill="#fb923c" stroke="none">
+<path d="M2822 4576 c-532 -536 -676 -689 -669 -710 8 -25 47 -13 131 40 111
+70 232 128 311 149 36 10 101 17 165 17 169 0 256 -37 376 -163 74 -79 109
+-129 164 -239 113 -226 189 -561 220 -980 13 -174 13 -657 0 -870 -27 -443
+-101 -1047 -193 -1572 -14 -76 -20 -138 -16 -138 20 0 209 332 339 595 259
+526 437 1114 481 1590 8 82 13 275 13 465 0 354 -9 443 -74 752 -108 509 -325
+1024 -630 1496 -39 62 -73 112 -75 112 -1 0 -246 -245 -543 -544z"/>
+<path d="M1739 4898 c-392 -662 -615 -1238 -723 -1870 -34 -193 -46 -365 -46
+-628 0 -269 13 -446 45 -636 83 -485 239 -907 530 -1438 77 -139 185 -309 205
+-321 12 -8 1112 1088 1179 1174 33 42 39 56 30 67 -16 20 -40 11 -132 -48
+-409 -260 -718 -218 -944 129 -213 326 -304 840 -289 1628 10 576 60 1076 171
+1740 30 176 52 321 50 323 -1 2 -36 -52 -76 -120z"/>
+</g>
+</svg>
--- a/forgejo/custom/public/assets/img/logo.png
+++ b/forgejo/custom/public/assets/img/logo.png
--- a/forgejo/custom/public/assets/img/logo.svg
+++ b/forgejo/custom/public/assets/img/logo.svg
@ -0,0 +1,22 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
+ "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
+<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
+ width="512" height="512" viewBox="0 0 512 512"
+ preserveAspectRatio="xMidYMid meet">
+
+<g transform="translate(0,512) scale(0.1,-0.1)"
+fill="#fb923c" stroke="none">
+<path d="M2822 4576 c-532 -536 -676 -689 -669 -710 8 -25 47 -13 131 40 111
+70 232 128 311 149 36 10 101 17 165 17 169 0 256 -37 376 -163 74 -79 109
+-129 164 -239 113 -226 189 -561 220 -980 13 -174 13 -657 0 -870 -27 -443
+-101 -1047 -193 -1572 -14 -76 -20 -138 -16 -138 20 0 209 332 339 595 259
+526 437 1114 481 1590 8 82 13 275 13 465 0 354 -9 443 -74 752 -108 509 -325
+1024 -630 1496 -39 62 -73 112 -75 112 -1 0 -246 -245 -543 -544z"/>
+<path d="M1739 4898 c-392 -662 -615 -1238 -723 -1870 -34 -193 -46 -365 -46
+-628 0 -269 13 -446 45 -636 83 -485 239 -907 530 -1438 77 -139 185 -309 205
+-321 12 -8 1112 1088 1179 1174 33 42 39 56 30 67 -16 20 -40 11 -132 -48
+-409 -260 -718 -218 -944 129 -213 326 -304 840 -289 1628 10 576 60 1076 171
+1740 30 176 52 321 50 323 -1 2 -36 -52 -76 -120z"/>
+</g>
+</svg>
--- a/forgejo/custom/templates/home.tmpl
+++ b/forgejo/custom/templates/home.tmpl
@ -0,0 +1,10 @@
+{{template "base/head" .}}
+<div role="main" aria-label="{{if .IsSigned}}{{ctx.Locale.Tr "dashboard"}}{{else}}{{ctx.Locale.Tr "home"}}{{end}}" class="page-content home">
+	<div class="gt-mb-5 gt-px-5">
+		<div class="center">
+			<div class="hero">
+			</div>
+		</div>
+	</div>
+</div>
+{{template "base/footer" .}}