From c12562e0088fc66aaf2ac598befa38a8ec9d34b0 Mon Sep 17 00:00:00 2001
From: allan <allan@xfiles.dk>
Date: Fri, 19 Dec 2025 15:28:20 +0100
Subject: [PATCH] latest commit

---
 LICENSE      |  21 ++++
 README.md    | 181 ++++++++++++++++++++++++++++++
 fallback     |   1 +
 giteainstall | 306 +++++++++++++++++++++++++++++++++++++++++++++++++++
 last-tested  |   6 +
 5 files changed, 515 insertions(+)
 create mode 100644 LICENSE
 create mode 100644 README.md
 create mode 100644 fallback
 create mode 100755 giteainstall
 create mode 100644 last-tested

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..3eaaa81
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Allan Christensen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0c80759
--- /dev/null
+++ b/README.md
@@ -0,0 +1,181 @@
+# Gitea for Ubuntu 24.04 Server  
+[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#)
+[![Shell](https://img.shields.io/badge/shell-bash-121011)](#)
+[![WebServer](https://img.shields.io/badge/server-nginx-009639)](#)
+[![MariaDB](https://img.shields.io/badge/db-mariadb-003545)](#)
+[![MySQL](https://img.shields.io/badge/db-mysql-4479A1)](#)
+[![Server](https://img.shields.io/badge/server-gitea-609926)](#)
+[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE)
+
+Install Gitea on Ubuntu 24.04 server.
+
+Not a demo, not a quick setup script.  
+This installer is built for production, hardened defaults included.
+
+## Why this installer exists
+Gitea installation is often more tedious than it should be. This installer reduces friction and avoids 3am debugging.
+
+## What this installer does
+✔ Fetches latest Gitea release automatically  
+✔ MariaDB/MySQL socket or password mode  
+✔ Creates + enables systemd service  
+✔ Generates validated Nginx host config  
+✔ Applies secure post-install rules  
+
+## What this installer does *NOT* do
+It won’t stop you from running the script without reading the documentation like there’s no tomorrow.  
+Skip the README, and whatever happens next is your headache, not a bug report.
+
+---
+
+## Requirements
+
+✔ Nginx installed  
+✔ MariaDB/MySQL running (socket or password supported)  
+
+### Optional Installers (if you need them — saves you some googling)
+
+- [Install Nginx + PHP-FPM on Ubuntu](https://git.x-files.dk/webserver/nginx-ubuntu)
+- [Install MariaDB on Ubuntu](https://git.x-files.dk/database/mariadb-ubuntu)
+- [Install MySQL on Ubuntu](https://git.x-files.dk/database/mysql-ubuntu)
+
+Multi-instance hosting:  
+[Install multiple Gitea instances on Ubuntu](https://git.x-files.dk/webapps/gitea-ubuntu-multi)
+
+---
+
+## 1. Clone
+
+```
+git clone https://git.x-files.dk/webapps/gitea-ubuntu.git
+```
+
+```
+cd gitea-ubuntu
+```
+
+---
+
+## 2. Install
+
+```
+sudo ./giteainstall -n <domain> -p <gitea db password> [options]
+```
+
+Examples:
+
+```
+sudo ./giteainstall -n git.example.com -p giteadbpass
+sudo ./giteainstall -n git.example.com -p giteadbpass -m rootpwd
+sudo ./giteainstall -n git.example.com -p giteadbpass -a admin -m adminpwd
+```
+
+Options:
+
+| Flag | Meaning |
+|---|---|
+| `-p <password>` | Gitea DB user password |
+| `-m <password>` | MariaDB admin/root password *(socket OFF)* |
+| `-a <username>` | DB admin username (default `root`) |
+| `-h` | Help |
+
+---
+
+## After Installation
+
+Visit:
+
+```
+http://<domain>
+```
+
+Then finalize setup and run:
+
+```
+sudo /tmp/gitea-postinstall
+```
+
+This applies safe defaults, log tuning, upload limit changes, disables SSH by default.
+
+Re-enable SSH in:
+
+```
+/etc/gitea/app.ini
+```
+
+---
+
+## File Locations
+
+| Path | Purpose |
+|---|---|
+| `/var/lib/gitea/custom/public/` | robots.txt |
+| `/var/lib/gitea/custom/public/` | sitemap.xml |
+| `/var/lib/gitea/custom/public/assets/img/` | Custom images |
+| `/var/lib/gitea/custom/templates/home.tmpl` | Home override |
+| `/etc/gitea/app.ini` | Main config file |
+| `/etc/nginx/conf.d/<domain>.conf` | Vhost generated |
+
+> Important (but optional):
+> `robots.txt` and `sitemap.xml` are supported automatically by the Nginx configuration being created,
+> however the installer does not generate these files. Create them manually in the directory listed above.
+
+---
+
+## HTTPS
+
+Enable TLS:
+
+https://git.x-files.dk/webserver/nginx-snippets/src/branch/main/hostfiles/gitea.443.conf
+
+Then set:
+
+```
+ROOT_URL = https://<domain>
+```
+
+Restart:
+
+```
+systemctl restart gitea nginx
+```
+
+---
+
+## Version Detection
+
+Pulls latest from:
+
+https://dl.gitea.com/gitea/version.json
+
+Fallback uses file:
+
+```
+fallback
+1.25.2
+```
+
+---
+
+## Troubleshooting
+
+| Issue | Cause | Fix |
+|---|---|---|
+| Nginx restart fails | Config error | `nginx -t` |
+| DB denied | No socket auth | Add `-m` |
+| UI blank | Gitea service down | `systemctl status gitea` |
+
+Safe to re-run — DB creation checks exist first.
+
+---
+
+### More Information
+
+More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk)
+
+---
+
+### License
+Licensed under the [MIT License](./LICENSE).
+
+---
diff --git a/fallback b/fallback
new file mode 100644
index 0000000..61b813d
--- /dev/null
+++ b/fallback
@@ -0,0 +1 @@
+1.25.2
diff --git a/giteainstall b/giteainstall
new file mode 100755
index 0000000..d1c3899
--- /dev/null
+++ b/giteainstall
@@ -0,0 +1,306 @@
+#!/usr/bin/env bash
+
+# Author        : Allan Christensen
+# First Created : 25-08-2022 (DD-MM-YYYY)
+# Description   : Installs Gitea single instance on Ubuntu 24.04
+# License       : MIT License
+
+#
+# Are we root
+#
+if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit ; fi
+
+#
+# Detect database engine (MariaDB or MySQL)
+#
+if systemctl list-unit-files | grep -q '^mariadb\.service'; then
+    db_engine="mariadb"
+    db_service="mariadb"
+elif systemctl list-unit-files | grep -q '^mysql\.service'; then
+    db_engine="mysql"
+    db_service="mysql"
+else
+    printf "\nNo supported database server found.\n\n"
+    exit 1
+fi
+
+#
+# Check required services
+#
+for svc in nginx "$db_service"; do
+    systemctl is-active --quiet "$svc" || {
+        printf "\n%s is not running, cannot continue...\n\n" "${svc^}"
+        exit 1
+    }
+done
+
+#
+# Detect socket authentication
+#
+if mysql -u root -e ";" 2>/dev/null; then
+    socketauth="yes"
+else
+    socketauth="no"
+fi
+
+#
+# Variables
+#
+fallbackversion=$(<fallback)
+giteabin="/usr/local/bin/gitea"
+giteauser="gitea"
+giteadb="giteadb"
+giteahome="/var/lib/gitea"
+configdir="/etc/gitea"
+nginxsnippets="/etc/nginx/nginx-snippets"
+nginxrepo="https://git.x-files.dk/webserver/nginx-snippets.git"
+
+#
+# Usage
+#
+usage() {
+    printf -- "\ngiteainstall (Ubuntu 24.04)\n\n"
+    printf -- "Database engine detected: %s\n\n" "$db_engine"
+
+    if [[ "$socketauth" == "yes" ]]; then
+        printf -- "LOCAL ROOT ACCESS DETECTED — no need for -a or -m\n\n"
+        printf -- "Usage:\n"
+        printf -- "  sudo ./giteainstall -n <domain> -p <gitea-db-password>\n\n"
+        printf -- "Example:\n"
+        printf -- "  sudo ./giteainstall -n git.example.com -p StrongGiteaDBPass123\n\n"
+    else
+        printf -- "NO LOCAL ROOT ACCESS — you must use -a and -m\n\n"
+        printf -- "Usage:\n"
+        printf -- "  sudo ./giteainstall -n <domain> -p <gitea-db-password> -a <db-admin-user> -m <db-admin-password>\n\n"
+        printf -- "Examples:\n"
+        printf -- "  sudo ./giteainstall -n git.example.com -p StrongGiteaDBPass123 -a root -m RootDBPassword\n"
+        printf -- "  sudo ./giteainstall -n git.example.com -p StrongGiteaDBPass123 -a admin -m AdminDBPassword\n\n"
+    fi
+
+    printf -- "Options:\n"
+    printf -- "  -h | -help | --help   Show this help screen\n\n"
+}
+
+#
+# Argument parsing
+#
+clear
+if [[ "$1" == "-help" || "$1" == "--help" ]]; then usage ; exit 0 ; fi
+if [[ $# -eq 0 || ! $1 =~ ^- ]]; then usage ; exit 1 ; fi
+
+while getopts "n:p:a:m:h" option; do
+    case "$option" in
+        n) hostname=$(echo "$OPTARG" | tr '[:upper:]' '[:lower:]');;
+        p) dbpass="$OPTARG";;
+        a) db_admin_user="$OPTARG";;
+        m) db_admin_pwd="$OPTARG";;
+        h) usage; exit 0;;
+        *) usage; exit 1;;
+    esac
+done
+
+#
+# Validate input
+#
+if [[ -z "$hostname" || -z "$dbpass" ]]; then
+    usage
+    printf "\nERROR: -n and -p are required.\n\n"
+    exit 1
+fi
+
+#
+# Normalise database admin defaults
+#
+db_admin_user="${db_admin_user:-root}"
+
+#
+# Ensure required tools
+#
+for tool in curl git; do
+    dpkg -s "$tool" &>/dev/null || apt install -y -qq "$tool"
+done
+
+#
+# Determine Gitea version
+#
+version=$(curl -fsSL https://dl.gitea.com/gitea/version.json | grep -oP '"version"\s*:\s*"\K[^"]+')
+[[ -z "$version" ]] && version="$fallbackversion"
+
+#
+# Download Gitea binary (non-interactive)
+#
+if [[ ! -x "$giteabin" ]]; then
+    curl -fL "https://dl.gitea.com/gitea/${version}/gitea-${version}-linux-amd64" -o "$giteabin" \
+        || { printf "\nDownload failed.\n\n"; exit 1; }
+    chmod 755 "$giteabin"
+fi
+
+#
+# Create system user and directories
+#
+id "$giteauser" &>/dev/null || \
+adduser --system --group --disabled-password --home "$giteahome" "$giteauser"
+
+mkdir -p "$giteahome"/{custom,data,indexers,log}
+mkdir -p "$configdir"
+chown -R "$giteauser:$giteauser" "$giteahome"
+chown -R "$giteauser:$giteauser" "$configdir"
+
+#
+# Database creation
+#
+if [[ "$socketauth" == "yes" ]]; then
+    mysql -u root <<EOF
+CREATE DATABASE IF NOT EXISTS $giteadb;
+CREATE USER IF NOT EXISTS '$giteauser'@'localhost' IDENTIFIED BY '$dbpass';
+GRANT ALL PRIVILEGES ON $giteadb.* TO '$giteauser'@'localhost';
+FLUSH PRIVILEGES;
+EOF
+else
+    mysql -u "$db_admin_user" -p"$db_admin_pwd" <<EOF
+CREATE DATABASE IF NOT EXISTS $giteadb;
+CREATE USER IF NOT EXISTS '$giteauser'@'localhost' IDENTIFIED BY '$dbpass';
+GRANT ALL PRIVILEGES ON $giteadb.* TO '$giteauser'@'localhost';
+FLUSH PRIVILEGES;
+EOF
+fi
+
+#
+# Nginx configuration
+#
+if [[ -d "$nginxsnippets/.git" ]]; then
+    git -C "$nginxsnippets" pull --quiet
+else
+    git clone --quiet "$nginxrepo" "$nginxsnippets"
+fi
+
+cp "$nginxsnippets/hostfiles/gitea.80.conf" /etc/nginx/conf.d/"$hostname".conf
+sed -i "s/DOMAIN/$hostname/g" /etc/nginx/conf.d/"$hostname".conf
+systemctl reload nginx
+
+#
+# systemd service
+#
+cat > /etc/systemd/system/gitea.service <<EOF
+[Unit]
+Description=Gitea
+After=network.target
+Requires=${db_service}.service
+
+[Service]
+User=$giteauser
+Group=$giteauser
+WorkingDirectory=$giteahome
+ExecStart=$giteabin web --config $configdir/app.ini
+Restart=always
+Environment=USER=$giteauser HOME=$giteahome GITEA_WORK_DIR=$giteahome
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+#
+# Start Gitea service
+#
+systemctl daemon-reload
+systemctl enable gitea
+systemctl start gitea
+
+#
+# Create post-install script
+#
+cat > /etc/gitea/gitea-postinstall <<'EOF'
+#!/usr/bin/env bash
+
+#
+# Gitea post-install Script
+#
+
+if [[ $(id -u) -ne 0 ]]; then
+    echo ""
+    echo "Must be root or use sudo"
+    echo ""
+    exit
+fi
+
+cp -Rp /etc/gitea/app.ini /etc/gitea/app.ini.orig
+
+sed -i '/gitea-repositories/a MAX_FILES = 500' /etc/gitea/app.ini
+sed -i '/gitea-repositories/a FILE_MAX_SIZE = 200' /etc/gitea/app.ini
+sed -i 's/LEVEL     = info/LEVEL     = warn/' /etc/gitea/app.ini
+sed -i 's/MODE      = console/MODE      = file/' /etc/gitea/app.ini
+sed -i 's/DISABLE_SSH = false/DISABLE_SSH = true/' /etc/gitea/app.ini
+
+cat >> /etc/gitea/app.ini <<'INNER_EOF'
+[ui.admin]
+USER_PAGING_NUM = 50
+REPO_PAGING_NUM = 50
+NOTICE_PAGING_NUM = 25
+ORG_PAGING_NUM = 25
+
+[ui.user]
+USER_PAGING_NUM = 50
+REPO_PAGING_NUM = 50
+NOTICE_PAGING_NUM = 25
+ORG_PAGING_NUM = 25
+
+[ui]
+THEMES = gitea-auto, gitea-light, gitea-dark
+EXPLORE_PAGING_DEFAULT_SORT = alphabetically
+
+[other]
+SHOW_FOOTER_POWERED_BY = false
+SHOW_FOOTER_VERSION = false
+SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
+ENABLE_FEED = false
+INNER_EOF
+
+systemctl restart nginx
+systemctl restart gitea
+
+rm -f /etc/gitea/gitea-postinstall
+EOF
+
+chmod 755 /etc/gitea/gitea-postinstall
+
+#
+# Web installer + post-install notice
+#
+dbhost="127.0.0.1"
+[[ "$socketauth" == "yes" ]] && dbhost="localhost"
+
+clear
+cat <<EOF
+--------------------------------------------------------------------------------------
+NEXT STEP — WEB INSTALLER
+
+Open your browser and complete the Gitea web installer:
+
+http://$hostname/
+
+Database configuration (Gitea web installer):
+
+Database Type : MySQL
+Database Host : $dbhost
+Database Name : $giteadb
+Database User : $giteauser
+Database Pass : $dbpass
+
+--------------------------------------------------------------------------------------
+IMPORTANT — POST INSTALL (REQUIRED)
+
+After completing the web installer and logging in for the first time,
+run the following command to finalize the installation:
+
+sudo /etc/gitea/gitea-postinstall
+--------------------------------------------------------------------------------------
+EOF
+
+#
+# All done
+#
+printf "\nAll Done...\n"
+
+#
+# End of script
+#
diff --git a/last-tested b/last-tested
new file mode 100644
index 0000000..8496aad
--- /dev/null
+++ b/last-tested
@@ -0,0 +1,6 @@
+------------------------------------
+Last tested: 19-12-2025 (DD-MM-YYYY)
+Environment: Ubuntu Server 24.04 LTS
+Database   : MariaDB 10.11.13
+Database   : MySQL 8.0.44-0
+------------------------------------