From 309d0afab7a96732776540820595a045a7bde475 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zolt=C3=A1n=20Felleg?= <zoltan.felleg@userrendszerhaz.hu>
Date: Fri, 1 Dec 2023 20:54:14 +0100
Subject: [PATCH] Added gitea.in.

---
 .../firstboot/scripts/01_setupnetworking.sh   | 85 ++++++++++++++++++
 .../c3d/firstboot/scripts/02_settimezone.sh   | 17 ++++
 .../c3d/firstboot/scripts/03_adduser.sh       | 15 ++++
 .../c3d/firstboot/scripts/04_setupgitea.sh    | 53 +++++++++++
 .../c3d/firstboot/scripts/90_setupservices.sh | 12 +++
 sources/gitea.in/c3d/mode.txt                 |  6 ++
 sources/gitea.in/c3d/owner.txt                |  1 +
 .../etc/my.cnf.d/mariadb-server.cnf           | 55 ++++++++++++
 .../etc/systemd/system/gitea.service          | 87 +++++++++++++++++++
 .../postinstall/scripts/10_setupservices.sh   |  8 ++
 sources/gitea.in/config                       | 26 ++++++
 sources/gitea.in/envvars                      |  4 +
 12 files changed, 369 insertions(+)
 create mode 100755 sources/gitea.in/c3d/firstboot/scripts/01_setupnetworking.sh
 create mode 100755 sources/gitea.in/c3d/firstboot/scripts/02_settimezone.sh
 create mode 100755 sources/gitea.in/c3d/firstboot/scripts/03_adduser.sh
 create mode 100755 sources/gitea.in/c3d/firstboot/scripts/04_setupgitea.sh
 create mode 100755 sources/gitea.in/c3d/firstboot/scripts/90_setupservices.sh
 create mode 100644 sources/gitea.in/c3d/mode.txt
 create mode 100644 sources/gitea.in/c3d/owner.txt
 create mode 100644 sources/gitea.in/c3d/postinstall/install-data/etc/my.cnf.d/mariadb-server.cnf
 create mode 100644 sources/gitea.in/c3d/postinstall/install-data/etc/systemd/system/gitea.service
 create mode 100755 sources/gitea.in/c3d/postinstall/scripts/10_setupservices.sh
 create mode 100644 sources/gitea.in/config
 create mode 100644 sources/gitea.in/envvars

diff --git a/sources/gitea.in/c3d/firstboot/scripts/01_setupnetworking.sh b/sources/gitea.in/c3d/firstboot/scripts/01_setupnetworking.sh
new file mode 100755
index 0000000..42ee3e6
--- /dev/null
+++ b/sources/gitea.in/c3d/firstboot/scripts/01_setupnetworking.sh
@@ -0,0 +1,85 @@
+#!/bin/sh
+
+
+export PAGER=
+
+
+sleep 1
+systemctl --quiet is-active NetworkManager.service
+NM_RC=$?
+CYCLES_WAITED=0
+while [ $NM_RC -ne 0 ]
+do
+    if [ $CYCLES_WAITED -ge 10 ]
+    then
+        exit 1
+    fi
+    if [ $CYCLES_WAITED -eq 0 ]
+    then
+        echo -n "Waiting for NetworkManager"
+    fi
+    echo -n .
+    sleep 1
+    CYCLES_WAITED=$(( $CYCLES_WAITED + 1 ))
+    systemctl --quiet is-active NetworkManager.service
+    NM_RC=$?
+done
+[ $CYCLES_WAITED -gt 0 ] && echo
+
+# wait for the two network connections to come up
+CONNECTION_DEVICES_UP=$(nmcli --terse connection show \
+                            | grep --invert-match ':$' | wc -l)
+CYCLES_WAITED=0
+while [ $CONNECTION_DEVICES_UP -lt 2 ]
+do
+    if [ $CYCLES_WAITED -ge 10 ]
+    then
+        nmcli connection show
+        exit 1
+    fi
+    if [ $CYCLES_WAITED -eq 0 ]
+    then
+        echo -n "Waiting for the network connection"
+    fi
+    echo -n .
+    sleep 1
+    CYCLES_WAITED=$(( $CYCLES_WAITED + 1 ))
+    CONNECTION_DEVICES_UP=$(nmcli --terse connection show \
+                                | grep --invert-match ':$' | wc -l)
+done
+[ $CYCLES_WAITED -gt 0 ] && echo
+
+CONNECTIONS=$(nmcli --terse connection show | wc -l)
+if [ $CONNECTIONS -ne 2 ]
+then
+    echo "Number of connections: $CONNECTIONS instead of 2" >&2
+    exit 1
+fi
+
+CONNECTION_LINE=$(nmcli --terse connection show | grep ':eth0$')
+CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':')
+CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':')
+
+nmcli connection delete uuid "$CONNECTION_UUID"
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id internal \
+    connection.interface-name $CONNECTION_DEVICE \
+    connection.type 802-3-ethernet \
+    ipv4.addresses "10.228.109.220/16" \
+    ipv4.dns "10.228.109.159, 10.228.92.159" \
+    ipv4.dns-search "in.useribm.hu" \
+    ipv4.gateway "10.228.109.254" \
+    ipv4.method "manual" \
+    ipv6.addresses "2001:1aa1:000a:7dae:000c:18ff:fe03:6ddc/64" \
+    ipv6.dns "2001:1aa1:000a:7dae:000c:18ff:fe03:6d9f, 2001:1aa1:000a:7dae:000c:18ff:fe03:5c9f" \
+    ipv6.dns-search "in.useribm.hu" \
+    ipv6.gateway "2001:1aa1:000a:7dae:000c:18ff:fe03:6dfe" \
+    ipv6.method "manual" \
+    save yes
+
+nmcli connection show
+
+hostnamectl hostname gitea.in.useribm.hu
+hostnamectl
diff --git a/sources/gitea.in/c3d/firstboot/scripts/02_settimezone.sh b/sources/gitea.in/c3d/firstboot/scripts/02_settimezone.sh
new file mode 100755
index 0000000..0ec1bcc
--- /dev/null
+++ b/sources/gitea.in/c3d/firstboot/scripts/02_settimezone.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active dbus.service
+DBUS_RC=$?
+WAITED=0
+while [ $DBUS_RC -ne 0 ]
+do
+    echo -n .
+    sleep 1
+    WAITED=1
+    systemctl --quiet is-active dbus.service
+    DBUS_RC=$?
+done
+[ $WAITED -ne 0 ] && echo
+timedatectl set-timezone Europe/Budapest
diff --git a/sources/gitea.in/c3d/firstboot/scripts/03_adduser.sh b/sources/gitea.in/c3d/firstboot/scripts/03_adduser.sh
new file mode 100755
index 0000000..1a096e6
--- /dev/null
+++ b/sources/gitea.in/c3d/firstboot/scripts/03_adduser.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+
+REAL_PATH=$(realpath $(dirname $0))
+DATA_PATH=$(realpath $REAL_PATH/../data)
+
+
+adduser --uid 12269 --user-group git
+exit 0
+useradd --uid 11756 --user-group dvasary
+
+while read UP
+do
+    echo $UP | chpasswd
+done <$DATA_PATH/chpasswd.data
diff --git a/sources/gitea.in/c3d/firstboot/scripts/04_setupgitea.sh b/sources/gitea.in/c3d/firstboot/scripts/04_setupgitea.sh
new file mode 100755
index 0000000..297a016
--- /dev/null
+++ b/sources/gitea.in/c3d/firstboot/scripts/04_setupgitea.sh
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+
+REAL_PATH=$(realpath $(dirname $0))
+DATA_PATH=$(realpath $REAL_PATH/../data)
+
+
+setup_gitea() {
+    systemctl stop gitea
+    rm --force --recursive /gitea/{custom,etc,data,log}
+    mkdir -p /gitea/{custom,etc,data,log}
+    chown -R git:git /gitea/{custom,data,log}
+    chmod -R 750 /gitea/{custom,data,log}
+    chown root:git /gitea/etc
+    chmod 770 /gitea/etc
+    systemctl start gitea
+
+    #chmod 750 /gitea/etc
+    #chmod 640 /gitea/etc/app.ini
+}
+
+setup_mariadb() {
+    systemctl stop mariadb
+    rm --force --recursive /gitea/mariadb
+    mkdir --parents /gitea/mariadb
+    chown mysql:mysql /gitea/mariadb
+    systemctl start mariadb
+
+    mysql --batch <<EOF
+SET old_passwords=0;
+CREATE USER 'gitea'@'%' IDENTIFIED BY 'gitea';
+CREATE DATABASE gitea CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_unicode_ci';
+GRANT ALL PRIVILEGES ON gitea.* TO 'gitea';
+FLUSH PRIVILEGES;
+EOF
+}
+
+if [ ! -f /gitea/installed-and-configured ]
+then
+    setup_mariadb
+    setup_gitea
+    touch /gitea/installed-and-configured
+fi
+
+# Authentication Type:	LDAP (via BindDN) 
+# Authentication Name:	fds
+# Security Protocol:	LDAPS
+# Host:			fds.useribm.hu
+# Port:			636
+# User Search Base:	ou=people,dc=user,dc=hu
+# User Filter:		(&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))
+# Username Attribute:	uid
+# Email Attribute:	mail
diff --git a/sources/gitea.in/c3d/firstboot/scripts/90_setupservices.sh b/sources/gitea.in/c3d/firstboot/scripts/90_setupservices.sh
new file mode 100755
index 0000000..d454031
--- /dev/null
+++ b/sources/gitea.in/c3d/firstboot/scripts/90_setupservices.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+
+systemctl enable gitea.service
+systemctl enable mariadb.service
+systemctl start mariadb.service
+systemctl start gitea.service
+systemctl enable NetworkManager-wait-online.service
+systemctl start NetworkManager-wait-online.service
+
+systemctl enable logrotate.timer
+systemctl start logrotate.timer
diff --git a/sources/gitea.in/c3d/mode.txt b/sources/gitea.in/c3d/mode.txt
new file mode 100644
index 0000000..ec2daa3
--- /dev/null
+++ b/sources/gitea.in/c3d/mode.txt
@@ -0,0 +1,6 @@
+# mode file (relative to /c3d)
+755 firstboot/scripts/*.sh
+600 postinstall/install-data/etc/ssh/ssh_host_*_key
+644 postinstall/install-data/etc/ssh/ssh_host_*_key.pub
+600 postinstall/install-data/etc/ssh/sshd_config.d/*.conf
+755 postinstall/scripts/*.sh
diff --git a/sources/gitea.in/c3d/owner.txt b/sources/gitea.in/c3d/owner.txt
new file mode 100644
index 0000000..49158bf
--- /dev/null
+++ b/sources/gitea.in/c3d/owner.txt
@@ -0,0 +1 @@
+# owner file (relative to /c3d)
diff --git a/sources/gitea.in/c3d/postinstall/install-data/etc/my.cnf.d/mariadb-server.cnf b/sources/gitea.in/c3d/postinstall/install-data/etc/my.cnf.d/mariadb-server.cnf
new file mode 100644
index 0000000..21fef86
--- /dev/null
+++ b/sources/gitea.in/c3d/postinstall/install-data/etc/my.cnf.d/mariadb-server.cnf
@@ -0,0 +1,55 @@
+#
+# These groups are read by MariaDB server.
+# Use it for options that only the server (but not clients) should see
+#
+# See the examples of server my.cnf files in /usr/share/mysql/
+#
+
+# this is read by the standalone daemon and embedded servers
+[server]
+
+# this is only for the mysqld standalone daemon
+# Settings user and group are ignored when systemd is used.
+# If you need to run mysqld under a different user or group,
+# customize your systemd unit file for mysqld/mariadb according to the
+# instructions in http://fedoraproject.org/wiki/Systemd
+[mysqld]
+datadir=/gitea/mariadb
+socket=/var/lib/mysql/mysql.sock
+log-error=/var/log/mariadb/mariadb.log
+pid-file=/run/mariadb/mariadb.pid
+
+
+#
+# * Galera-related settings
+#
+[galera]
+# Mandatory settings
+#wsrep_on=ON
+#wsrep_provider=
+#wsrep_cluster_address=
+#binlog_format=row
+#default_storage_engine=InnoDB
+#innodb_autoinc_lock_mode=2
+#
+# Allow server to accept connections on all interfaces.
+#
+#bind-address=0.0.0.0
+#
+# Optional setting
+#wsrep_slave_threads=1
+#innodb_flush_log_at_trx_commit=0
+
+# this is only for embedded server
+[embedded]
+
+# This group is only read by MariaDB servers, not by MySQL.
+# If you use the same .cnf file for MySQL and MariaDB,
+# you can put MariaDB-only options here
+[mariadb]
+
+# This group is only read by MariaDB-10.5 servers.
+# If you use the same .cnf file for MariaDB of different versions,
+# use this group for options that older servers don't understand
+[mariadb-10.5]
+
diff --git a/sources/gitea.in/c3d/postinstall/install-data/etc/systemd/system/gitea.service b/sources/gitea.in/c3d/postinstall/install-data/etc/systemd/system/gitea.service
new file mode 100644
index 0000000..2169308
--- /dev/null
+++ b/sources/gitea.in/c3d/postinstall/install-data/etc/systemd/system/gitea.service
@@ -0,0 +1,87 @@
+[Unit]
+Description=Gitea (Git with a cup of tea)
+After=syslog.target
+After=network.target
+###
+# Don't forget to add the database service dependencies
+###
+#
+#Wants=mysql.service
+#After=mysql.service
+#
+Wants=mariadb.service
+After=mariadb.service
+#
+#Wants=postgresql.service
+#After=postgresql.service
+#
+#Wants=memcached.service
+#After=memcached.service
+#
+#Wants=redis.service
+#After=redis.service
+#
+###
+# If using socket activation for main http/s
+###
+#
+#After=gitea.main.socket
+#Requires=gitea.main.socket
+#
+###
+# (You can also provide gitea an http fallback and/or ssh socket too)
+#
+# An example of /etc/systemd/system/gitea.main.socket
+###
+##
+## [Unit]
+## Description=Gitea Web Socket
+## PartOf=gitea.service
+##
+## [Socket]
+## Service=gitea.service
+## ListenStream=<some_port>
+## NoDelay=true
+##
+## [Install]
+## WantedBy=sockets.target
+##
+###
+
+[Service]
+# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
+# LimitNOFILE=524288:524288
+RestartSec=2s
+Type=notify
+User=git
+Group=git
+WorkingDirectory=/gitea/
+# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
+# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
+#RuntimeDirectory=gitea
+ExecStart=/gitea/bin/gitea web --config /gitea/etc/app.ini
+Restart=always
+Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/gitea
+WatchdogSec=30s
+# If you install Git to directory prefix other than default PATH (which happens
+# for example if you install other versions of Git side-to-side with
+# distribution version), uncomment below line and add that prefix to PATH
+# Don't forget to place git-lfs binary on the PATH below if you want to enable
+# Git LFS support
+#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
+# If you want to bind Gitea to a port below 1024, uncomment
+# the two values below, or use socket activation to pass Gitea its ports as above
+###
+#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+###
+# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
+# set the following value to false to allow capabilities to be applied on gitea process. The following
+# value if set to true sandboxes gitea service and prevent any processes from running with privileges
+# in the host user namespace.
+###
+#PrivateUsers=false
+###
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sources/gitea.in/c3d/postinstall/scripts/10_setupservices.sh b/sources/gitea.in/c3d/postinstall/scripts/10_setupservices.sh
new file mode 100755
index 0000000..02f075a
--- /dev/null
+++ b/sources/gitea.in/c3d/postinstall/scripts/10_setupservices.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+
+systemctl disable gitea.service
+systemctl disable mariadb.service
+systemctl disable NetworkManager-wait-online.service
+
+systemctl disable logrotate.timer
diff --git a/sources/gitea.in/config b/sources/gitea.in/config
new file mode 100644
index 0000000..a94bae0
--- /dev/null
+++ b/sources/gitea.in/config
@@ -0,0 +1,26 @@
+lxc.include = /usr/share/lxc/config/common.conf
+
+lxc.arch = x86_64
+lxc.uts.name = gitea.in.useribm.hu
+lxc.rootfs.path = __CONTAINER_PATH__/rootfs
+lxc.rootfs.options = idmap=container
+lxc.mount.auto = proc:rw sys:ro
+lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__ gitea none bind,create=dir 0 0
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.link = brci-dev
+lxc.net.0.hwaddr = 02:0c:18:03:6d:dc
+
+lxc.autodev = 1
+
+lxc.cgroup2.devices.allow = a
+
+lxc.idmap = u 0 100000 100000
+lxc.idmap = g 0 100000 100000
+
+lxc.signal.halt = SIGRTMIN+4
+
+lxc.start.auto = 1
+lxc.start.order = __CONTAINER_START_ORDER__
+lxc.start.delay = 5
diff --git a/sources/gitea.in/envvars b/sources/gitea.in/envvars
new file mode 100644
index 0000000..e2b8455
--- /dev/null
+++ b/sources/gitea.in/envvars
@@ -0,0 +1,4 @@
+DISTRIBUTION=Fedora
+DISTRIBUTION_VERSION=39
+SPEC_PACKAGES="git-all \
+               mariadb-server"
-- 
2.54.0