commit e17e4fd874b7e1f005675d4b4901e5b74f00228e Author: AJ ONeal Date: Wed Oct 25 17:07:47 2017 -0600 initial commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..b3d3ea6 --- /dev/null +++ b/README.md @@ -0,0 +1,32 @@ +# Gitea Installer + +Installs Gitea as a systemd service + +# Linux + +Just follow these instructions: + +```bash +# Create a 'gitea' user and group with the home /opt/gitea +sudo adduser gitea --home /opt/gitea + +# Make some other potentially useful directories for that user/group +sudo mkdir -p /opt/gitea/ /var/log/gitea /srv/gitea +sudo chown -R gitea:gitea /opt/gitea/ /var/log/gitea /srv/gitea + +# Download and install gitea +sudo wget -O /opt/gitea/gitea https://dl.gitea.io/gitea/1.0.1/gitea-1.0.1-linux-amd64 +sudo chmod +x gitea + +# Download and install the gitea.service for systemd +sudo wget -O /etc/systemd/system/gitea.service https://git.coolaj86.com/coolaj86/gitea-installer/src/master/dist/etc/systemd/system/gitea.service + +# Start gitea +sudo systemctl restart gitea +``` + +# Troubleshooting + +## Error 226/Namespace + +Most likely a directory that is supposed to be writable doesn't exist. diff --git a/dist/etc/systemd/system/gitea.service b/dist/etc/systemd/system/gitea.service new file mode 100644 index 0000000..01e121e --- /dev/null +++ b/dist/etc/systemd/system/gitea.service @@ -0,0 +1,66 @@ +# Pre-req +# sudo adduser gitea --home /opt/gitea +# sudo mkdir -p /srv/gitea/ /opt/gitea/ /var/log/gitea +# sudo chown -R gitea:gitea /srv/gitea/ /opt/gitea/ /var/log/gitea + +[Unit] +Description=Gitea - Git with a cup of tea. A painless self-hosted Git service. +Documentation=https://docs.gitea.io/ +After=network-online.target +Wants=network-online.target systemd-networkd-wait-online.service + +[Service] +# Restart on crash (bad signal), but not on 'clean' failure (error exit code) +# Allow up to 3 restarts within 10 seconds +# (it's unlikely that a user or properly-running script will do this) +Restart=on-abnormal +StartLimitInterval=10 +StartLimitBurst=3 + +# User and group the process will run as +# (git is the de facto standard on most systems) +User=gitea +Group=gitea + +WorkingDirectory=/opt/gitea +# custom directory cannot be set and will be the place where gitea exists, not the working directory +ExecStart=/opt/gitea/gitea web --config /opt/gitea/custom/conf/app.ini +ExecReload=/bin/kill -USR1 $MAINPID + +# Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings. +# Unmodified gitea is not expected to use more than this. +LimitNOFILE=1048576 +LimitNPROC=64 + +# Use private /tmp and /var/tmp, which are discarded after gitea stops. +PrivateTmp=true +# Use a minimal /dev +PrivateDevices=true +# Hide /home, /root, and /run/user. Nobody will steal your SSH-keys. +ProtectHome=true +# Make /usr, /boot, /etc and possibly some more folders read-only. +ProtectSystem=full +# ... except /srv/gitea because we want a place for the database +# and /var/log/gitea because we want a place where logs can go. +# This merely retains r/w access rights, it does not add any new. +# Must still be writable on the host! +ReadWriteDirectories=/srv/gitea /opt/gitea /var/log/gitea + +# Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories +; ReadWritePaths=/srv/gitea /opt/gitea /var/log/gitea + +# The following additional security directives only work with systemd v229 or later. +# They further retrict privileges that can be gained by gitea. +# Note that you may have to add capabilities required by any plugins in use. +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE +NoNewPrivileges=true + +# Caveat: Some features may need additional capabilities. +# For example an "upload" may need CAP_LEASE +; CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_LEASE +; AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_LEASE +; NoNewPrivileges=true + +[Install] +WantedBy=multi-user.target