initial commit

giteainstall

@@ -0,0 +1,313 @@
+#!/usr/bin/env bash
+
+# Author        : Allan Christensen
+# First Created : 12032021 (DD-MM-YYYY)
+# Description   : Installs Gitea on Ubuntu 24.04
+# License       : MIT License (see LICENSE file for details)
+
+#
+# Are we root
+#
+if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit ; fi
+
+#
+# Define variables and functions
+#
+fallbackversion=$(<fallback)
+
+#
+# Function usage
+#
+usage () {
+    printf -- "\ngiteainstall\n\n"
+    printf -- "%s\n\n" "$socket"
+    printf -- "Usage:\n"
+    printf -- "sudo ./giteainstall -n <gitea domain> -p <gitea database password> [options]\n\n"
+    printf -- "Options:\n"
+    printf -- "  -a <mariadb admin user>     Optional admin username $socketusage\n"
+    printf -- "  -m <mariadb admin password> Optional admin password $socketusage\n"
+    printf -- "  -h | -help | --help         Show this help screen\n\n"
+    printf -- "Examples:\n"
+    printf -- "  sudo ./giteainstall -n git.example.com -p giteadbpwd\n"
+    printf -- "  sudo ./giteainstall -n git.example.com -p giteadbpwd -m rootpwd\n"
+    printf -- "  sudo ./giteainstall -n git.example.com -p giteadbpwd -a admin -m adminpwd\n\n"
+}
+
+#
+# Function to check if a service is already running or not
+#
+serviceno () { printf "\n%s" "$service" ; printf " is not running cannot continue...\n\n"; }
+servicedead  () { status=$(systemctl is-active "$service"); if [[ "$status" != "active" ]]; then serviceno ; exit; fi; }
+
+#
+# Function inputcheck
+#
+inputcheck () {
+    [[ -z "$hostname" ]] && { usage; echo "Error! Hostname empty."; exit 1; }
+    [[ -z "$dbpass" ]]   && { usage; echo "Error! Database password empty."; exit 1; }
+}
+
+#
+# If Nginx and MariaDB is not running then die
+#
+service="mariadb" ; servicedead ; service="nginx" ; servicedead
+
+#
+# Check MariaDB authentication method (socket or not)
+#
+if mysql -u root -e ";" 2>/dev/null; then
+    socket="SOCKET DETECTED — no need for -a or -m"
+    socketusage="SOCKET DETECTED — this flag is not needed"
+    socketauth="yes"
+else
+    socket="NO SOCKET DETECTED — you must use -a and -m"
+    socketusage="NO SOCKET DETECTED — these flags are required"
+    socketauth="no"
+fi
+
+#
+# Let's go
+#
+clear
+
+#
+# Check for the latest Gitea version
+#
+version=$(curl -s https://dl.gitea.com/gitea/version.json | grep -oP '"version"\s*:\s*"\K[^"]+')
+
+#
+# Use fallback if version fetch failed
+#
+if [[ -z "$version" ]]; then printf "Could not determine latest version. Falling back to version %s\n\n" "$fallbackversion" ; version="$fallbackversion" ; fi
+printf "\nUsing Gitea version: %s\n" "$version"
+
+#
+# Configure command line options
+#
+
+# Check for long or alternate help flags before getopts
+if [[ "$1" == "-help" || "$1" == "--help" ]]; then usage ; exit 0 ; fi
+
+# Ensure first argument starts with a dash
+if [[ $# -eq 0 || ! $1 =~ ^- ]]; then usage ; exit 1 ; fi
+
+# Parse short options
+while getopts "n:p:m:a:h" option; do
+    case "$option" in
+        n) hostname=$(echo "$OPTARG" | tr '[:upper:]' '[:lower:]');;
+        p) dbpass="$OPTARG";;
+        m) mariadbpwd="$OPTARG";;
+        a) mariadbadmin="$OPTARG";;
+        h) usage; exit 0;;
+        \?) echo "Type sudo $0 -h for help"; exit 1;;
+    esac
+done
+
+#
+# Check if input conditions are met
+#
+inputcheck "$hostname" "$dbpass"
+
+#
+# Download Gitea
+#
+wget --no-verbose https://dl.gitea.com/gitea/"$version"/gitea-"$version"-linux-amd64 -O /usr/local/bin/gitea ; chmod 755 /usr/local/bin/gitea 
+
+#
+# Clone nginx-snippets; if nginx-snippets exists then just pull latest changes
+#
+nginxsnippets="/etc/nginx/nginx-snippets"
+repo="https://git.x-files.dk/webserver/nginx-snippets.git"
+if [[ -d "$nginxsnippets/.git" ]]; then git -C "$nginxsnippets" pull --quiet; else git clone --quiet "$repo" "$nginxsnippets"; fi
+
+#
+# Escape special characters in the password for MySQL
+#
+safe_dbpass=$(printf "%s" "$dbpass" | sed "s/'/''/g")
+
+#
+# Determine MariaDB login method
+#
+mariadbadmin="${mariadbadmin:-root}"
+
+printf "\nChecking MariaDB access method...\n"
+if [[ "$socketauth" == "yes" ]]; then
+    dbmethod="socket"
+    printf "Socket authentication detected (root)\n"
+elif [[ -n "$mariadbpwd" && -n "$mariadbadmin" ]]; then
+    dbmethod="admin"
+    printf "Using admin user authentication (%s)\n" "$mariadbadmin"
+else
+    printf "\nERROR: No valid MariaDB authentication method found.\n"
+    printf "Tried socket, root password, and admin credentials.\n\n"
+    exit 1
+fi
+
+#
+# Create Gitea database
+#
+case "$dbmethod" in
+    socket)
+        mysql -u root <<EOF
+CREATE DATABASE IF NOT EXISTS gitea;
+CREATE USER IF NOT EXISTS 'gitea'@'localhost' IDENTIFIED BY '${safe_dbpass//\'/\'\\\'\'}';
+GRANT ALL PRIVILEGES ON gitea.* TO 'gitea'@'localhost';
+FLUSH PRIVILEGES;
+EOF
+        ;;
+    admin)
+        mysql -u "${mariadbadmin}" -p"${mariadbpwd}" <<EOF
+CREATE DATABASE IF NOT EXISTS gitea;
+CREATE USER IF NOT EXISTS 'gitea'@'localhost' IDENTIFIED BY '${safe_dbpass//\'/\'\\\'\'}';
+GRANT ALL PRIVILEGES ON gitea.* TO 'gitea'@'localhost';
+FLUSH PRIVILEGES;
+EOF
+        ;;
+esac
+
+#
+# Create a Gitea Nginx configuration file
+#
+cp "$nginxsnippets/hostfiles/gitea.80.conf" /etc/nginx/conf.d/"$hostname".conf
+sed -i "s/DOMAIN/$hostname/g" /etc/nginx/conf.d/"$hostname".conf
+
+#
+# Restarting Nginx for changes to take effect
+#
+systemctl restart nginx
+
+#
+# Create Gitea user
+#
+adduser --system --group --disabled-password --shell /bin/bash --home /home/git --gecos 'Git Version Control' git
+
+#
+# Create Gitea standard folders
+#
+mkdir -p /var/lib/gitea/{custom,data,indexers,public,log}
+chown git:git /var/lib/gitea/{data,indexers,log}
+chmod 750 /var/lib/gitea/{data,indexers,log}
+mkdir /etc/gitea
+chown root:git /etc/gitea
+chmod 770 /etc/gitea
+
+#
+# Create Gitea customization directories
+#
+mkdir -p /var/lib/gitea/custom/templates
+mkdir -p /var/lib/gitea/custom/public/assets/img
+
+#
+# Create Gitea systemd file
+#
+cat > /etc/systemd/system/gitea.service <<'EOF'
+[Unit]
+Description=Gitea (Git with a cup of tea)
+After=syslog.target
+After=network.target
+Requires=mariadb.service
+
+[Service]
+LimitMEMLOCK=infinity
+LimitNOFILE=65535
+RestartSec=2s
+Type=simple
+User=git
+Group=git
+WorkingDirectory=/var/lib/gitea/
+ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
+Restart=always
+Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
+#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+#
+# Start Gitea services
+#
+systemctl daemon-reload
+systemctl enable gitea
+systemctl start gitea
+
+#
+# Create postinstall script
+#
+cat > /tmp/gitea-postinstall <<EOF
+#!/usr/bin/env bash
+
+#
+# Gitea Postinstall Script
+#
+
+if [[ \$(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit ; fi
+
+cp -Rp /etc/gitea/app.ini /etc/gitea/app.ini.orig
+
+sed -i '/gitea-repositories/a MAX_FILES = 500' /etc/gitea/app.ini
+sed -i '/gitea-repositories/a FILE_MAX_SIZE = 200' /etc/gitea/app.ini
+sed -i 's/LEVEL     = info/LEVEL     = warn/' /etc/gitea/app.ini
+sed -i 's/MODE      = console/MODE      = file/' /etc/gitea/app.ini
+sed -i 's/DISABLE_SSH = false/DISABLE_SSH = true/' /etc/gitea/app.ini
+
+cat >> /etc/gitea/app.ini <<'INNER_EOF'
+[ui.admin]
+USER_PAGING_NUM = 50
+REPO_PAGING_NUM = 50
+NOTICE_PAGING_NUM = 25
+ORG_PAGING_NUM = 25
+
+[ui.user]
+USER_PAGING_NUM = 50
+REPO_PAGING_NUM = 50
+NOTICE_PAGING_NUM = 25
+ORG_PAGING_NUM = 25
+
+[ui]
+THEMES = gitea,arc-green
+EXPLORE_PAGING_DEFAULT_SORT = alphabetically
+
+[other]
+SHOW_FOOTER_POWERED_BY = false
+SHOW_FOOTER_VERSION = false
+SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
+ENABLE_FEED = false
+INNER_EOF
+
+systemctl restart nginx && systemctl restart gitea
+rm -f /tmp/gitea-postinstall
+EOF
+
+chmod 755 /tmp/gitea-postinstall
+
+#
+# Gitea postinstall notice
+#
+postnotice=$(cat <<EOF
+-------------------------------------------------------------------------------------
+NEXT STEP: Go to http://$hostname and complete the initial configuration.
+-------------------------------------------------------------------------------------
+
+Database Name    : gitea
+Database User    : gitea
+Database Password: $dbpass
+
+-------------------------------------------------------------------------------------
+IMPORTANT: Once done from a terminal run the following command to finish up
+
+sudo /tmp/gitea-postinstall
+-------------------------------------------------------------------------------------
+EOF
+)
+
+printf '%s\n' "$postnotice"
+
+#
+# All done
+#
+printf "\nAll Done...\n"
+
+#
+# End of script