initial commit

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Allan Christensen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,183 @@
+# Gitea for Ubuntu 24.04 Server
+[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#)
+[![Shell](https://img.shields.io/badge/shell-bash-121011)](#)
+[![WebServer](https://img.shields.io/badge/server-nginx-009639)](#)
+[![DB](https://img.shields.io/badge/server-mariadb-003545)](#)
+[![Server](https://img.shields.io/badge/server-gitea-609926)](#)
+[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE)
+
+Installs and configures the **latest available Gitea release** on Ubuntu 24.04 Server. 
+
+This is a **production-focused installer**, not a demo.
+
+It assumes Nginx, and MariaDB are already installed and running.
+
+---
+
+## Related Installers
+
+If you don’t have the required components, you can use these compatible installers:
+
+- [Nginx Installer](https://git.x-files.dk/webserver/nginx-ubuntu)
+- [MariaDB Installer](https://git.x-files.dk/database/mariadb-ubuntu)
+
+> **NOTE**
+> If you plan to host multiple Gitea instances on the same server, see the [multi-instance installer](https://git.x-files.dk/webapps/gitea-ubuntu-multi). 
+
+---
+
+### Download the Script
+
+Clone this repository to your server:
+
+```
+git clone https://git.x-files.dk/webapps/gitea-ubuntu.git
+```
+
+```
+cd gitea-ubuntu
+```
+
+### Usage
+
+Run the script using:
+
+```
+sudo ./giteainstall -n <domain> -p <gitea db password> [options]
+```
+
+### Examples
+
+The installer automatically detects if socket authentication is active.  
+Only include `-a` and `-m` if your MariaDB setup does **not** use socket authentication.
+
+```
+sudo ./giteainstall -n git.example.com -p giteadbpass
+sudo ./giteainstall -n git.example.com -p giteadbpass -m rootpwd
+sudo ./giteainstall -n git.example.com -p giteadbpass -a admin -m adminpwd
+```
+
+---
+
+### Options
+
+| Flag | Description |
+|------|--------------|
+| `-p <password>` | Gitea database user password |
+| `-a <username>` | Optional MariaDB admin username (defaults to `root` if not specified) |
+| `-m <password>` | MariaDB root or admin password — *required only if socket authentication is disabled* |
+| `-h`, `--help` | Show the help screen (reflects detected socket status) |
+
+---
+
+### Configuration
+
+When the installation completes, visit:
+
+```
+http://<domain>
+```
+
+and complete the initial Gitea setup through the web interface.  
+
+---
+
+### Post-install
+After the web installer is done run:
+
+```bash
+sudo /tmp/gitea-postinstall
+```
+
+This adjusts log levels, upload limits, disables SSH access and other tweaks.  
+SSH is disabled by default after post-install (modify `/etc/gitea/app.ini` if needed).
+
+---
+
+### Notes
+- Custom assets (favicon, logo, etc.) go in: `/var/lib/gitea*/custom/public/assets/img/`
+- Custom homepage template: `/var/lib/gitea*/custom/templates/home.tmpl`
+
+---
+
+### Nginx Integration
+
+The generated Gitea configuration file listens on port 80.  
+To enable HTTPS (port 443), use the example provided [here](https://git.x-files.dk/webserver/nginx-snippets/src/branch/main/hostfiles/gitea.443.conf).
+
+> **IMPORTANT**  
+> If you enable HTTPS, update `/etc/gitea/app.ini` (`ROOT_URL` setting)  
+> from `http` to `https`, then restart both Nginx and Gitea.
+
+> **NOTE**
+> The file also includes optional caching directives (commented out by default).
+> You can enable them to improve load times and performance if needed.
+> The lines you are looking for are at the bottom of the generated config file and look like this:
+> ```
+> ##### Cache js css static content and open files start #####################
+> # include /etc/nginx/nginx-snippets/cache-open-files.conf;
+> # include /etc/nginx/nginx-snippets/cache-statics.conf;
+> # include /etc/nginx/nginx-snippets/cache-js-css.conf;
+> ##### Cache js css static content and open files stop ######################
+> ```
+
+---
+
+### Version Handling
+
+This installer automatically checks the latest **Gitea version** from [https://dl.gitea.com/gitea/version.json](https://dl.gitea.com/gitea/version.json) 
+
+If it fails, it falls back to the version number stored in the **`fallback`** file. That file contains one line, for example:
+
+```
+1.24.6
+```
+
+> **Why a separate file?**  
+> Keeping the fallback version outside the script avoids polluting the code with constants.  
+> This keeps updates clean and ensures the installer logic never changes just because a version bump is needed.
+
+---
+
+### Troubleshooting
+
+**Nginx fails to restart**  
+Run `nginx -t` and review any syntax errors reported in `/etc/nginx/conf.d/<domain>.conf`.
+
+**Gitea front-end not loading**  
+Run `systemctl status gitea nginx` and ensure both Gitea and Nginx services are active:
+
+**Access denied during database creation**  
+Your MariaDB setup likely does not use socket authentication.  
+Re-run the installer with the `-m` flag (and optionally `-a`) to provide credentials.
+
+---
+
+### FAQ
+
+**Q:** Why doesn’t the script ask for a MariaDB password by default?  
+**A:** Ubuntu 24.04’s MariaDB installation defaults to *socket authentication*,  
+allowing the local `root` user to connect without a password.  
+The installer detects this automatically and skips password prompts when applicable.
+
+**Q:** Can I run the installer multiple times?  
+**A:** Yes. Database and user creation use `IF NOT EXISTS`, making them safe to re-run.  
+Existing configuration files are replaced, but no data is deleted.
+
+**Q:** Does this modify existing Nginx settings?  
+**A:** No. It adds a standalone host file in `/etc/nginx/conf.d/`  
+and validates configuration changes before applying them.
+
+---
+
+### More Information
+
+More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk)
+
+---
+
+### License
+
+Licensed under the [MIT License](./LICENSE).
+
+---

fallback

@@ -0,0 +1 @@
+1.24.6

giteainstall

@@ -0,0 +1,313 @@
+#!/usr/bin/env bash
+
+# Author        : Allan Christensen
+# First Created : 12032021 (DD-MM-YYYY)
+# Description   : Installs Gitea on Ubuntu 24.04
+# License       : MIT License (see LICENSE file for details)
+
+#
+# Are we root
+#
+if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit ; fi
+
+#
+# Define variables and functions
+#
+fallbackversion=$(<fallback)
+
+#
+# Function usage
+#
+usage () {
+    printf -- "\ngiteainstall\n\n"
+    printf -- "%s\n\n" "$socket"
+    printf -- "Usage:\n"
+    printf -- "sudo ./giteainstall -n <gitea domain> -p <gitea database password> [options]\n\n"
+    printf -- "Options:\n"
+    printf -- "  -a <mariadb admin user>     Optional admin username $socketusage\n"
+    printf -- "  -m <mariadb admin password> Optional admin password $socketusage\n"
+    printf -- "  -h | -help | --help         Show this help screen\n\n"
+    printf -- "Examples:\n"
+    printf -- "  sudo ./giteainstall -n git.example.com -p giteadbpwd\n"
+    printf -- "  sudo ./giteainstall -n git.example.com -p giteadbpwd -m rootpwd\n"
+    printf -- "  sudo ./giteainstall -n git.example.com -p giteadbpwd -a admin -m adminpwd\n\n"
+}
+
+#
+# Function to check if a service is already running or not
+#
+serviceno () { printf "\n%s" "$service" ; printf " is not running cannot continue...\n\n"; }
+servicedead  () { status=$(systemctl is-active "$service"); if [[ "$status" != "active" ]]; then serviceno ; exit; fi; }
+
+#
+# Function inputcheck
+#
+inputcheck () {
+    [[ -z "$hostname" ]] && { usage; echo "Error! Hostname empty."; exit 1; }
+    [[ -z "$dbpass" ]]   && { usage; echo "Error! Database password empty."; exit 1; }
+}
+
+#
+# If Nginx and MariaDB is not running then die
+#
+service="mariadb" ; servicedead ; service="nginx" ; servicedead
+
+#
+# Check MariaDB authentication method (socket or not)
+#
+if mysql -u root -e ";" 2>/dev/null; then
+    socket="SOCKET DETECTED — no need for -a or -m"
+    socketusage="SOCKET DETECTED — this flag is not needed"
+    socketauth="yes"
+else
+    socket="NO SOCKET DETECTED — you must use -a and -m"
+    socketusage="NO SOCKET DETECTED — these flags are required"
+    socketauth="no"
+fi
+
+#
+# Let's go
+#
+clear
+
+#
+# Check for the latest Gitea version
+#
+version=$(curl -s https://dl.gitea.com/gitea/version.json | grep -oP '"version"\s*:\s*"\K[^"]+')
+
+#
+# Use fallback if version fetch failed
+#
+if [[ -z "$version" ]]; then printf "Could not determine latest version. Falling back to version %s\n\n" "$fallbackversion" ; version="$fallbackversion" ; fi
+printf "\nUsing Gitea version: %s\n" "$version"
+
+#
+# Configure command line options
+#
+
+# Check for long or alternate help flags before getopts
+if [[ "$1" == "-help" || "$1" == "--help" ]]; then usage ; exit 0 ; fi
+
+# Ensure first argument starts with a dash
+if [[ $# -eq 0 || ! $1 =~ ^- ]]; then usage ; exit 1 ; fi
+
+# Parse short options
+while getopts "n:p:m:a:h" option; do
+    case "$option" in
+        n) hostname=$(echo "$OPTARG" | tr '[:upper:]' '[:lower:]');;
+        p) dbpass="$OPTARG";;
+        m) mariadbpwd="$OPTARG";;
+        a) mariadbadmin="$OPTARG";;
+        h) usage; exit 0;;
+        \?) echo "Type sudo $0 -h for help"; exit 1;;
+    esac
+done
+
+#
+# Check if input conditions are met
+#
+inputcheck "$hostname" "$dbpass"
+
+#
+# Download Gitea
+#
+wget --no-verbose https://dl.gitea.com/gitea/"$version"/gitea-"$version"-linux-amd64 -O /usr/local/bin/gitea ; chmod 755 /usr/local/bin/gitea 
+
+#
+# Clone nginx-snippets; if nginx-snippets exists then just pull latest changes
+#
+nginxsnippets="/etc/nginx/nginx-snippets"
+repo="https://git.x-files.dk/webserver/nginx-snippets.git"
+if [[ -d "$nginxsnippets/.git" ]]; then git -C "$nginxsnippets" pull --quiet; else git clone --quiet "$repo" "$nginxsnippets"; fi
+
+#
+# Escape special characters in the password for MySQL
+#
+safe_dbpass=$(printf "%s" "$dbpass" | sed "s/'/''/g")
+
+#
+# Determine MariaDB login method
+#
+mariadbadmin="${mariadbadmin:-root}"
+
+printf "\nChecking MariaDB access method...\n"
+if [[ "$socketauth" == "yes" ]]; then
+    dbmethod="socket"
+    printf "Socket authentication detected (root)\n"
+elif [[ -n "$mariadbpwd" && -n "$mariadbadmin" ]]; then
+    dbmethod="admin"
+    printf "Using admin user authentication (%s)\n" "$mariadbadmin"
+else
+    printf "\nERROR: No valid MariaDB authentication method found.\n"
+    printf "Tried socket, root password, and admin credentials.\n\n"
+    exit 1
+fi
+
+#
+# Create Gitea database
+#
+case "$dbmethod" in
+    socket)
+        mysql -u root <<EOF
+CREATE DATABASE IF NOT EXISTS gitea;
+CREATE USER IF NOT EXISTS 'gitea'@'localhost' IDENTIFIED BY '${safe_dbpass//\'/\'\\\'\'}';
+GRANT ALL PRIVILEGES ON gitea.* TO 'gitea'@'localhost';
+FLUSH PRIVILEGES;
+EOF
+        ;;
+    admin)
+        mysql -u "${mariadbadmin}" -p"${mariadbpwd}" <<EOF
+CREATE DATABASE IF NOT EXISTS gitea;
+CREATE USER IF NOT EXISTS 'gitea'@'localhost' IDENTIFIED BY '${safe_dbpass//\'/\'\\\'\'}';
+GRANT ALL PRIVILEGES ON gitea.* TO 'gitea'@'localhost';
+FLUSH PRIVILEGES;
+EOF
+        ;;
+esac
+
+#
+# Create a Gitea Nginx configuration file
+#
+cp "$nginxsnippets/hostfiles/gitea.80.conf" /etc/nginx/conf.d/"$hostname".conf
+sed -i "s/DOMAIN/$hostname/g" /etc/nginx/conf.d/"$hostname".conf
+
+#
+# Restarting Nginx for changes to take effect
+#
+systemctl restart nginx
+
+#
+# Create Gitea user
+#
+adduser --system --group --disabled-password --shell /bin/bash --home /home/git --gecos 'Git Version Control' git
+
+#
+# Create Gitea standard folders
+#
+mkdir -p /var/lib/gitea/{custom,data,indexers,public,log}
+chown git:git /var/lib/gitea/{data,indexers,log}
+chmod 750 /var/lib/gitea/{data,indexers,log}
+mkdir /etc/gitea
+chown root:git /etc/gitea
+chmod 770 /etc/gitea
+
+#
+# Create Gitea customization directories
+#
+mkdir -p /var/lib/gitea/custom/templates
+mkdir -p /var/lib/gitea/custom/public/assets/img
+
+#
+# Create Gitea systemd file
+#
+cat > /etc/systemd/system/gitea.service <<'EOF'
+[Unit]
+Description=Gitea (Git with a cup of tea)
+After=syslog.target
+After=network.target
+Requires=mariadb.service
+
+[Service]
+LimitMEMLOCK=infinity
+LimitNOFILE=65535
+RestartSec=2s
+Type=simple
+User=git
+Group=git
+WorkingDirectory=/var/lib/gitea/
+ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
+Restart=always
+Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
+#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+#
+# Start Gitea services
+#
+systemctl daemon-reload
+systemctl enable gitea
+systemctl start gitea
+
+#
+# Create postinstall script
+#
+cat > /tmp/gitea-postinstall <<EOF
+#!/usr/bin/env bash
+
+#
+# Gitea Postinstall Script
+#
+
+if [[ \$(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit ; fi
+
+cp -Rp /etc/gitea/app.ini /etc/gitea/app.ini.orig
+
+sed -i '/gitea-repositories/a MAX_FILES = 500' /etc/gitea/app.ini
+sed -i '/gitea-repositories/a FILE_MAX_SIZE = 200' /etc/gitea/app.ini
+sed -i 's/LEVEL     = info/LEVEL     = warn/' /etc/gitea/app.ini
+sed -i 's/MODE      = console/MODE      = file/' /etc/gitea/app.ini
+sed -i 's/DISABLE_SSH = false/DISABLE_SSH = true/' /etc/gitea/app.ini
+
+cat >> /etc/gitea/app.ini <<'INNER_EOF'
+[ui.admin]
+USER_PAGING_NUM = 50
+REPO_PAGING_NUM = 50
+NOTICE_PAGING_NUM = 25
+ORG_PAGING_NUM = 25
+
+[ui.user]
+USER_PAGING_NUM = 50
+REPO_PAGING_NUM = 50
+NOTICE_PAGING_NUM = 25
+ORG_PAGING_NUM = 25
+
+[ui]
+THEMES = gitea,arc-green
+EXPLORE_PAGING_DEFAULT_SORT = alphabetically
+
+[other]
+SHOW_FOOTER_POWERED_BY = false
+SHOW_FOOTER_VERSION = false
+SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
+ENABLE_FEED = false
+INNER_EOF
+
+systemctl restart nginx && systemctl restart gitea
+rm -f /tmp/gitea-postinstall
+EOF
+
+chmod 755 /tmp/gitea-postinstall
+
+#
+# Gitea postinstall notice
+#
+postnotice=$(cat <<EOF
+-------------------------------------------------------------------------------------
+NEXT STEP: Go to http://$hostname and complete the initial configuration.
+-------------------------------------------------------------------------------------
+
+Database Name    : gitea
+Database User    : gitea
+Database Password: $dbpass
+
+-------------------------------------------------------------------------------------
+IMPORTANT: Once done from a terminal run the following command to finish up
+
+sudo /tmp/gitea-postinstall
+-------------------------------------------------------------------------------------
+EOF
+)
+
+printf '%s\n' "$postnotice"
+
+#
+# All done
+#
+printf "\nAll Done...\n"
+
+#
+# End of script