bingen
/
rpi_docker_home_server
關注 1
收藏 0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
瀏覽代碼

Switch from Gogs to Gitea (with Sqlite)

gogs2gitea
ßingen 6 年之前
父節點
c44b144752
當前提交
13941fe895
共有 23 個檔案被更改,包括 263 行新增663 行删除
分割檢視 顯示文件統計
  1. +1
    -1
      README.md
  2. +8
    -9
      docker-compose.yml
  3. +4
    -3
      env.template
  4. +9
    -0
      gitea.env.template
  5. +0
    -15
      gogs.env.template
  6. +15
    -0
      images/gitea/Dockerfile.template
  7. +61
    -0
      images/gitea/app.ini
  8. +94
    -0
      images/gitea/docker-entrypoint.sh
  9. +0
    -81
      images/gogs/Dockerfile
  10. +0
    -81
      images/gogs/Dockerfile.template
  11. +0
    -201
      images/gogs/LICENSE
  12. +0
    -3
      images/gogs/README.md
  13. +0
    -29
      images/gogs/app.ini
  14. +0
    -143
      images/gogs/docker-entrypoint.sh
  15. +0
    -29
      images/gogs/ldap.conf
  16. +11
    -11
      images/haproxy/haproxy.cfg
  17. +4
    -4
      images/haproxy/startup.sh
  18. +8
    -0
      images/openldap/data/serviceimport_gitea.ldif
  19. +0
    -8
      images/openldap/data/serviceimport_gogs.ldif
  20. +4
    -4
      images/openldap/startup.sh
  21. +2
    -2
      openldap.env.template
  22. +20
    -17
      setup.sh
  23. +22
    -22
      setup_noswarm.sh

+ 1
- 1
README.md 查看文件

@@ -311,7 +311,7 @@ Let's Encrypt
-------------
If you want to add more domains after deployment, you can run this command manually from HAProxy docker instance (see [this](https://serversforhackers.com/c/letsencrypt-with-haproxy)):
```
sudo certbot certonly --standalone -d nextcloud.example.com -d gogs.example.com \
sudo certbot certonly --standalone -d nextcloud.example.com -d git.example.com \
--non-interactive --agree-tos --email admin@example.com \
--http-01-port=8888
```

+ 8
- 9
docker-compose.yml 查看文件

@@ -41,7 +41,7 @@ services:
depends_on:
# For DNS resolution
- nextcloud
- gogs
- gitea
- pihole
env_file:
- haproxy.env
@@ -108,21 +108,20 @@ services:
env_file:
- sftp.env

gogs:
gitea:
build:
context: ./images/gogs/
image: bingen/${ARCH}-gogs
context: ./images/gitea/
image: bingen/${ARCH}-gitea
depends_on:
- db
- openldap
env_file:
- gogs.env
- gitea.env
ports:
- "2080:2080"
- "2443:2443"
- "2080:3000"
- "${GITEA_HTTP_PORT}:${GITEA_HTTP_PORT}"
- "2022:22"
volumes:
- ${GOGS_DATA_VOLUME_PATH}:/data
- ${GITEA_DATA_VOLUME_PATH}:/data

pihole:
image: pihole/pihole:latest

+ 4
- 3
env.template 查看文件

@@ -50,10 +50,11 @@ PAPERLESS_CONSUMPTION_PATH=/consume
PAPERLESS_EXPORT_VOLUME_PATH=${VOLUMES_PATH}/paperless/export
PAPERLESS_EXPORT_PATH=/export

# GOGS
# GITEA

GOGS_SERVER_NAME=gogs
GOGS_DATA_VOLUME_PATH=${VOLUMES_PATH}/gogs/data
GITEA_SERVER_NAME=git
GITEA_DATA_VOLUME_PATH=${VOLUMES_PATH}/gitea/data
GITEA_HTTP_PORT=2443

# PI-HOLE


+ 9
- 0
gitea.env.template 查看文件

@@ -0,0 +1,9 @@
GITEA_DOMAIN=${DOMAIN}
GITEA_ADMIN_PWD_FILE=/run/secrets/admin_pwd
ADMIN_EMAIL=${ADMIN_EMAIL}

# LDAP
LDAP_SERVER_HOST=openldap
LDAP_BIND_DN=uid=${LDAP_GITEA_UID},ou=services,dc=${ORGANIZATION},dc=${EXTENSION}
LDAP_BIND_PWD_FILE=/run/secrets/ldap_pwd
LDAP_SEARCH_BASE=ou=people,dc=${ORGANIZATION},dc=${EXTENSION}

+ 0
- 15
gogs.env.template 查看文件

@@ -1,15 +0,0 @@
GOGS_DOMAIN=${DOMAIN}
GOGS_ADMIN_PWD_FILE=/run/secrets/admin_pwd
ADMIN_EMAIL=${ADMIN_EMAIL}

# DB
MYSQL_ROOT_PWD_FILE=/run/secrets/mysql_pwd
DB_HOST=db
GOGS_DB_NAME=git
GOGS_DB_USER=gogs

# LDAP
LDAP_SERVER_HOST=openldap
LDAP_BIND_DN=uid=${LDAP_GOGS_UID},ou=services,dc=${ORGANIZATION},dc=${EXTENSION}
LDAP_BIND_PWD_FILE=/run/secrets/ldap_pwd
LDAP_SEARCH_BASE=ou=people,dc=${ORGANIZATION},dc=${EXTENSION}

+ 15
- 0
images/gitea/Dockerfile.template 查看文件

@@ -0,0 +1,15 @@
FROM gitea/gitea:1.10-linux-ARCH_PLACEHOLDER

#ENV GIT_HOME /home/git

RUN apk --no-cache add openssl

# Configuration
# $HOME doesn't work with COPY
COPY app.ini /home/${USER}/

COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
RUN chmod 755 /usr/local/bin/docker-entrypoint.sh

ENTRYPOINT []
CMD ["/usr/local/bin/docker-entrypoint.sh"]

+ 61
- 0
images/gitea/app.ini 查看文件

@@ -0,0 +1,61 @@
#APP_NAME = $APP_NAME
RUN_MODE = prod

#[log]
#LEVEL=debug

[repository]
ROOT = /data/git/repositories

[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo

[repository.upload]
TEMP_PATH = /data/gitea/uploads

[server]
APP_DATA_PATH = /data/gitea
SSH_DOMAIN = GITEA_FULL_DOMAIN
PROTOCOL = https
CERT_FILE = GITEA_CUSTOM/cert.pem
KEY_FILE = GITEA_CUSTOM/key.pem
HTTP_PORT = GITEA_HTTP_PORT
#ROOT_URL = $ROOT_URL
#DISABLE_SSH = $DISABLE_SSH
SSH_PORT = 2022
SSH_LISTEN_PORT = 22
#LFS_START_SERVER = $LFS_START_SERVER
#LFS_CONTENT_PATH = /data/git/lfs

[database]
DB_TYPE = sqlite3
PATH = /data/gitea/gitea.db
#DB_TYPE = mysql
#HOST = DB_HOST
#NAME = GITEA_DB_NAME
#USER = GITEA_DB_USER
#PASSWD = GITEA_DB_PWD

[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve

[session]
PROVIDER_CONFIG = /data/gitea/sessions

[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars

[attachment]
PATH = /data/gitea/attachments

[log]
ROOT_PATH = /data/gitea/log

[security]
INSTALL_LOCK = true
SECRET_KEY = SECRET_KEY

[service]
DISABLE_REGISTRATION = true
#REQUIRE_SIGNIN_VIEW = $REQUIRE_SIGNIN_VIEW

+ 94
- 0
images/gitea/docker-entrypoint.sh 查看文件

@@ -0,0 +1,94 @@
#!/bin/bash

GITEA_FULL_DOMAIN=${GITEA_SERVER_NAME}.${GITEA_DOMAIN}

# set LDAP password from secret
if [ ! -z $LDAP_BIND_PWD_FILE -a -f $LDAP_BIND_PWD_FILE ]; then
LDAP_BIND_PWD=`cat $LDAP_BIND_PWD_FILE`;
fi

# set Admin password from secret
if [ ! -z $GITEA_ADMIN_PWD_FILE -a -f $GITEA_ADMIN_PWD_FILE ]; then
GITEA_ADMIN_PWD=`cat $GITEA_ADMIN_PWD_FILE`;
fi

GITEA_SECRET_KEY=`openssl rand -hex 64`

# check needed variables
if [[ -z ${GITEA_ADMIN_PWD} || -z ${ADMIN_EMAIL} \
|| -z ${LDAP_SERVER_HOST} || -z ${LDAP_BIND_DN} \
|| -z ${LDAP_BIND_PWD} || -z ${LDAP_SEARCH_BASE} \
]];
then
echo "Missing variable! You must provide: GITEA_ADMIN_PWD, ADMIN_EMAIL and LDAP stuff";
echo ${#GITEA_ADMIN_PWD}, ${ADMIN_EMAIL},
echo ${LDAP_SERVER_HOST}, ${LDAP_BIND_DN}, ${#LDAP_BIND_PWD}, ${LDAP_SEARCH_BASE}
#env;
exit 1;
fi

# ### Conf file ###

echo Tweaking config files
CONF_FILE=${GITEA_CUSTOM}/conf/app.ini

if [[ ! -e ${CONF_FILE} ]]; then
mkdir -p ${GITEA_CUSTOM}/conf
mv /home/${USER}/app.ini ${CONF_FILE}
chown -R ${USER} ${GITEA_CUSTOM}

echo Setting domain and port
sed -i "s/GITEA_FULL_DOMAIN/${GITEA_FULL_DOMAIN}/g" ${CONF_FILE}
sed -i "s/GITEA_HTTP_PORT/${GITEA_HTTP_PORT}/g" ${CONF_FILE}
echo Setting path
sed -i "s/GITEA_CUSTOM/${GITEA_CUSTOM//\//\\/}/g" ${CONF_FILE}
echo Setting secret key
sed -i "s/SECRET_KEY/${GITEA_SECRET_KEY}/g" ${CONF_FILE}

fi

chown -R ${USER} /data

# Create self-signed certificates

su ${USER} -c "cd /${GITEA_CUSTOM}; gitea cert --host localhost,${GITEA_FULL_DOMAIN}"
echo gfd: ${GITEA_FULL_DOMAIN}

# TODO: start gitea to init
echo Starting Gitea to init everything
nohup su ${USER} -c "/app/gitea/gitea web" &
GITEA_PID=`echo $!`
echo Gitea pid: ${GITEA_PID}
CURL_RESULT=1
echo Waiting for web server to be ready
while [[ ${CURL_RESULT} -gt 0 ]]; do
sleep 10
curl localhost:${GITEA_HTTP_PORT} > /dev/null 2>&1
CURL_RESULT=$?;
echo Curl result: ${CURL_RESULT}
done;

echo Killing Gitea
kill -9 ${GITEA_PID}

# Create admin user
echo Creating admin user
su ${USER} -c "gitea admin create-user --username root --password ${GITEA_ADMIN_PWD} --admin --email ${ADMIN_EMAIL}"

# LDAP
echo Creating LDAP access
su ${USER} -c "gitea admin auth add-ldap \
--name ldap \
--security-protocol unencrypted \
--host ${LDAP_SERVER_HOST} \
--port 389 \
--bind-dn ${LDAP_BIND_DN} \
--bind-password ${LDAP_BIND_PWD} \
--user-search-base ${LDAP_SEARCH_BASE} \
--user-filter \"(&(objectclass=*)(|(uniqueIdentifier=%[1]s)(mail=%[1]s)))\" \
--username-attribute uniqueIdentifier \
--firstname-attribute givenName \
--surname-attribute sn \
--email-attribute mail"

exec /bin/s6-svscan /etc/s6

+ 0
- 81
images/gogs/Dockerfile 查看文件

@@ -1,81 +0,0 @@
FROM debian:stretch

ENV GO_VERSION 1.9
ENV GO_OS linux
ENV GO_ARCH amd64
ENV GOGS_CUSTOM /data/gogs
ENV GIT_HOME /home/git

# Install dependencies
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
git wget ca-certificates openssh-server mariadb-client \
&& rm -rf /var/lib/apt/lists/*

RUN mkdir -p /data/gogs/data \
&& mkdir -p /data/gogs/conf \
&& mkdir -p /data/gogs/log \
&& mkdir -p /data/gogs/gogs-repositories \
&& mkdir -p /data/ssh

# Create git user for Gogs
RUN export PUID=${PUID:-1000} \
&& export PGID=${PGID:-1000} \
&& addgroup --gid ${PGID} git \
&& adduser --uid ${PUID} --ingroup git --disabled-login --gecos 'Gogs Git User' --home ${GIT_HOME} --shell /bin/bash git \
&& ln -s /data/ssh ${GIT_HOME}/.ssh

RUN chown -R git:git /data
RUN chown -R git:git ${GIT_HOME}


RUN echo "export GOGS_CUSTOM=${GOGS_CUSTOM}" > /etc/profile.d/gogs.sh
RUN echo "export GOROOT=${GIT_HOME}/local/go" | tee -a /etc/profile.d/gogs.sh /etc/bash.bashrc > /dev/null \
&& echo "export GOPATH=${GIT_HOME}/go" | tee -a /etc/profile.d/gogs.sh /etc/bash.bashrc > /dev/null \
&& echo 'export PATH=$PATH:$GOROOT/bin:$GOPATH/bin' | tee -a /etc/profile.d/gogs.sh /etc/bash.bashrc > /dev/null

# ############## USER git ########################

USER git

# Install Golang
RUN cd $HOME \
&& mkdir local \
&& cd local \
&& wget https://storage.googleapis.com/golang/go${GO_VERSION}.${GO_OS}-${GO_ARCH}.tar.gz \
&& tar zxvf go${GO_VERSION}.${GO_OS}-${GO_ARCH}.tar.gz \
&& rm go${GO_VERSION}.${GO_OS}-${GO_ARCH}.tar.gz

# Install Gogs
RUN . /etc/profile.d/gogs.sh \
&& ${GOROOT}/bin/go get -u -tags "cert" github.com/gogs/gogs \
&& cd $GOPATH/src/github.com/gogs/gogs \
&& go build -tags "cert"

# TODO:
# clean stuff
# https://github.com/gogs/gogs/blob/master/docker/finalize.sh

# Clean stuff
RUN rm -r $HOME/go/src/github.com/gogs/gogs/.git
#RUN rm -r $HOME/local

# Configuration
# $HOME doesn't work with COPY
RUN mkdir -p ${GIT_HOME}/go/src/github.com/gogs/gogs/custom/conf
COPY app.ini ${GIT_HOME}/go/src/github.com/gogs/gogs/custom/conf/
# LDAP
RUN mkdir -p ${GIT_HOME}/go/src/github.com/gogs/gogs/custom/conf/auth.d
COPY ldap.conf ${GIT_HOME}/go/src/github.com/gogs/gogs/custom/conf/auth.d/

# ############## USER root ########################

USER root

COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
RUN chmod 755 /usr/local/bin/docker-entrypoint.sh

#ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
#CMD gosu git ${GOPATH}/src/github.com/gogs/gogs/gogs web
ENTRYPOINT []
CMD ["/usr/local/bin/docker-entrypoint.sh"]

+ 0
- 81
images/gogs/Dockerfile.template 查看文件

@@ -1,81 +0,0 @@
FROM BASE_IMAGE_PLACEHOLDER

ENV GO_VERSION 1.9
ENV GO_OS linux
ENV GO_ARCH GO_ARCH_PLACEHOLDER
ENV GOGS_CUSTOM /data/gogs
ENV GIT_HOME /home/git

# Install dependencies
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
git wget ca-certificates openssh-server mariadb-client \
&& rm -rf /var/lib/apt/lists/*

RUN mkdir -p /data/gogs/data \
&& mkdir -p /data/gogs/conf \
&& mkdir -p /data/gogs/log \
&& mkdir -p /data/gogs/gogs-repositories \
&& mkdir -p /data/ssh

# Create git user for Gogs
RUN export PUID=${PUID:-1000} \
&& export PGID=${PGID:-1000} \
&& addgroup --gid ${PGID} git \
&& adduser --uid ${PUID} --ingroup git --disabled-login --gecos 'Gogs Git User' --home ${GIT_HOME} --shell /bin/bash git \
&& ln -s /data/ssh ${GIT_HOME}/.ssh

RUN chown -R git:git /data
RUN chown -R git:git ${GIT_HOME}


RUN echo "export GOGS_CUSTOM=${GOGS_CUSTOM}" > /etc/profile.d/gogs.sh
RUN echo "export GOROOT=${GIT_HOME}/local/go" | tee -a /etc/profile.d/gogs.sh /etc/bash.bashrc > /dev/null \
&& echo "export GOPATH=${GIT_HOME}/go" | tee -a /etc/profile.d/gogs.sh /etc/bash.bashrc > /dev/null \
&& echo 'export PATH=$PATH:$GOROOT/bin:$GOPATH/bin' | tee -a /etc/profile.d/gogs.sh /etc/bash.bashrc > /dev/null

# ############## USER git ########################

USER git

# Install Golang
RUN cd $HOME \
&& mkdir local \
&& cd local \
&& wget https://storage.googleapis.com/golang/go${GO_VERSION}.${GO_OS}-${GO_ARCH}.tar.gz \
&& tar zxvf go${GO_VERSION}.${GO_OS}-${GO_ARCH}.tar.gz \
&& rm go${GO_VERSION}.${GO_OS}-${GO_ARCH}.tar.gz

# Install Gogs
RUN . /etc/profile.d/gogs.sh \
&& ${GOROOT}/bin/go get -u -tags "cert" github.com/gogs/gogs \
&& cd $GOPATH/src/github.com/gogs/gogs \
&& go build -tags "cert"

# TODO:
# clean stuff
# https://github.com/gogs/gogs/blob/master/docker/finalize.sh

# Clean stuff
RUN rm -r $HOME/go/src/github.com/gogs/gogs/.git
#RUN rm -r $HOME/local

# Configuration
# $HOME doesn't work with COPY
RUN mkdir -p ${GIT_HOME}/go/src/github.com/gogs/gogs/custom/conf
COPY app.ini ${GIT_HOME}/go/src/github.com/gogs/gogs/custom/conf/
# LDAP
RUN mkdir -p ${GIT_HOME}/go/src/github.com/gogs/gogs/custom/conf/auth.d
COPY ldap.conf ${GIT_HOME}/go/src/github.com/gogs/gogs/custom/conf/auth.d/

# ############## USER root ########################

USER root

COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
RUN chmod 755 /usr/local/bin/docker-entrypoint.sh

#ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
#CMD gosu git ${GOPATH}/src/github.com/gogs/gogs/gogs web
ENTRYPOINT []
CMD ["/usr/local/bin/docker-entrypoint.sh"]

+ 0
- 201
images/gogs/LICENSE 查看文件

@@ -1,201 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/

TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

1. Definitions.

"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.

"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.

"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.

"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.

"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.

"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.

"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).

"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.

"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."

"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.

2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.

3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.

4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:

(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and

(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and

(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and

(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.

You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.

5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.

6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.

7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.

8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.

9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.

END OF TERMS AND CONDITIONS

APPENDIX: How to apply the Apache License to your work.

To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright {yyyy} {name of copyright owner}

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

+ 0
- 3
images/gogs/README.md 查看文件

@@ -1,3 +0,0 @@
# rpi-gogs

Gogs Docker image for Raspberry Pi. Part of [Docker Raspberry Pi Home Server](https://github.com/bingen/rpi_docker_home_server).

+ 0
- 29
images/gogs/app.ini 查看文件

@@ -1,29 +0,0 @@
RUN_USER = git
RUN_MODE = prod

[server]
DOMAIN = GOGS_FULL_DOMAIN
SSH_ROOT_PATH = /data/ssh
PROTOCOL = https
ROOT_URL = https://GOGS_FULL_DOMAIN/
CERT_FILE = /data/gogs/https/cert.pem
KEY_FILE = /data/gogs/https/key.pem
HTTP_PORT = 2443

[database]
DB_TYPE = mysql
HOST = DB_HOST:3306
NAME = GOGS_DB_NAME
USER = GOGS_DB_USER
PASSWD = GOGS_DB_PWD

[repository]
ROOT = /data/gogs/gogs-repositories

[security]
SECRET_KEY = GOGS_SECRET_KEY
INSTALL_LOCK = true

[log]
ROOT_PATH = /data/gogs/log
LEVEL = Warn

+ 0
- 143
images/gogs/docker-entrypoint.sh 查看文件

@@ -1,143 +0,0 @@
#!/bin/bash

GOGS_FULL_DOMAIN=${GOGS_SERVER_NAME}.${GOGS_DOMAIN}

source /etc/profile.d/gogs.sh

# set DB root password from secret
if [ ! -z $MYSQL_ROOT_PWD_FILE -a -f $MYSQL_ROOT_PWD_FILE ]; then
MYSQL_ROOT_PWD=`cat $MYSQL_ROOT_PWD_FILE`;
fi

GOGS_DB_PWD=`openssl rand -base64 20`

# set LDAP password from secret
if [ ! -z $LDAP_BIND_PWD_FILE -a -f $LDAP_BIND_PWD_FILE ]; then
LDAP_BIND_PWD=`cat $LDAP_BIND_PWD_FILE`;
fi

# set Admin password from secret
if [ ! -z $GOGS_ADMIN_PWD_FILE -a -f $GOGS_ADMIN_PWD_FILE ]; then
GOGS_ADMIN_PWD=`cat $GOGS_ADMIN_PWD_FILE`;
fi

# check needed variables
if [[ -z ${DB_HOST} || -z ${GOGS_DB_NAME} \
|| -z ${GOGS_DB_USER} || -z ${GOGS_DB_PWD} \
|| -z ${GOGS_ADMIN_PWD} || -z ${ADMIN_EMAIL} \
|| -z ${LDAP_SERVER_HOST} || -z ${LDAP_BIND_DN} \
|| -z ${LDAP_BIND_PWD} || -z ${LDAP_SEARCH_BASE} \
]];
then
echo "Missing variable! You must provide: DB_HOST, GOGS_DB_NAME, \
GOGS_DB_USER, GOGS_DB_PWD, GOGS_ADMIN_PWD, ADMIN_EMAIL and LDAP stuff";
echo $DB_HOST, $GOGS_DB_NAME, $GOGS_DB_USER, ${#GOGS_DB_PWD}
echo ${#GOGS_ADMIN_PWD}, ${ADMIN_EMAIL},
echo ${LDAP_SERVER_HOST}, ${LDAP_BIND_DN}, ${#LDAP_BIND_PWD}, ${LDAP_SEARCH_BASE}
#env;
exit 1;
fi

GOGS_PATH=${GOPATH}/src/github.com/gogs/gogs

function check_result {
if [ $1 != 0 ]; then
echo "Error: $2";
exit 1;
fi
}

# ### DB setup ###

# wait for DB to be ready
sleep 60 # to avoid hitting it while the first start for setting root pwd
R=111
while [ $R -eq 111 ]; do
mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "SHOW DATABASES" 2> /dev/null;
R=$?;
done

# check if DB exists
DB_EXISTS=$(mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "SHOW DATABASES" 2> /dev/null | grep ${GOGS_DB_NAME})
echo DB exists: ${DB_EXISTS}

if [ -z "${DB_EXISTS}" ]; then
echo Creating Database
#mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "DROP DATABASE IF EXISTS ${GOGS_DB_NAME};"
#check_result $? "Dropping DB"
mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "CREATE DATABASE ${GOGS_DB_NAME};"
check_result $? "Creating DB"
fi

echo Creating User
# 'IF EXISTS' for DROP USER is available from MariaDB 10.1.3 only
mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "DROP USER ${GOGS_DB_USER};" || echo "It seems it didn't exist"
mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "CREATE USER ${GOGS_DB_USER} IDENTIFIED BY '${GOGS_DB_PWD}';"
check_result $? "Creating User"
mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "GRANT ALL ON ${GOGS_DB_NAME}.* TO ${GOGS_DB_USER};"
check_result $? "Granting permissions"
mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "FLUSH PRIVILEGES;"
check_result $? "Flushing privileges"

unset MYSQL_ROOT_PWD

# ### Start ssh server ###

echo "Starting ssh server"
# https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/45234
mkdir -p /var/run/sshd
#/usr/sbin/sshd
service ssh start

# SSH certs
if [[ ! -e ${GOGS_CUSTOM}/https/cert.pem || ! -e ${GOGS_CUSTOM}/https/key.pem ]]; then
su git -c "mkdir -p ${GOGS_CUSTOM}/https"
su git -c "cd ${GOGS_CUSTOM}/https && ${GOGS_PATH}/gogs cert --ca=true --duration=8760h0m0s --host=${GOGS_FULL_DOMAIN} && cd -"
fi

# ### Conf file ###

echo Tweaking config files
CONF_FILE=${GOGS_CUSTOM}/conf/app.ini
# We need to re-generate conf file because we are changing DB pwd
#if [[ ! -e ${CONF_FILE} ]]; then
su git -c "mkdir -p ${GOGS_CUSTOM}/conf"
mv ${GOGS_PATH}/custom/conf/app.ini ${CONF_FILE}

echo Setting domain
sed -i "s/GOGS_FULL_DOMAIN/${GOGS_FULL_DOMAIN}/g" ${CONF_FILE}

# DB conf
echo Setting DB conf
sed -i "s/DB_HOST/${DB_HOST}/g" ${CONF_FILE}
sed -i "s/GOGS_DB_NAME/${GOGS_DB_NAME}/g" ${CONF_FILE}
sed -i "s/GOGS_DB_USER/${GOGS_DB_USER}/g" ${CONF_FILE}
sed -i "s/GOGS_DB_PWD/${GOGS_DB_PWD//\//\\/}/g" ${CONF_FILE}
#fi

# LDAP config
LDAP_FILE=${GOGS_CUSTOM}/conf/auth.d/ldap.conf
#if [[ ! -e ${CONF_FILE} ]]; then
su git -c "mkdir -p ${GOGS_CUSTOM}/conf/auth.d"
mv ${GOGS_PATH}/custom/conf/auth.d/ldap.conf ${LDAP_FILE}

echo Setting LDAP conf
sed -i "s/LDAP_SERVER_HOST/${LDAP_SERVER_HOST}/g" ${LDAP_FILE}
sed -i "s/LDAP_BIND_DN/${LDAP_BIND_DN}/g" ${LDAP_FILE}
sed -i "s/LDAP_BIND_PWD/${LDAP_BIND_PWD}/g" ${LDAP_FILE}
sed -i "s/LDAP_SEARCH_BASE/${LDAP_SEARCH_BASE}/g" ${LDAP_FILE}
#fi

# Create admin user if DB was new
if [ -z "${DB_EXISTS}" ]; then
su git -c "${GOGS_PATH}/gogs admin create-user --name admin --password ${GOGS_ADMIN_PWD} --admin --email ${ADMIN_EMAIL}"
fi

# Rewrite authorized keys. See issue:
# https://github.com/gogs/gogs/issues/1688#issuecomment-143265108
# https://github.com/gogs/gogs/issues/4435
su git -c "${GOGS_PATH}/gogs admin rewrite-authorized-keys"

#exec "$@"
#exec gosu git ${GOGS_PATH}/gogs web
exec su git -c "${GOGS_PATH}/gogs web"

+ 0
- 29
images/gogs/ldap.conf 查看文件

@@ -1,29 +0,0 @@
# LDAP authentication
#
id = 101
type = ldap_bind_dn
name = LDAP BindDN
is_activated = true

[config]
host = LDAP_SERVER_HOST
port = 389
# 0 - Unencrypted, 1 - LDAPS, 2 - StartTLS
security_protocol = 0
skip_verify = false
bind_dn = LDAP_BIND_DN
bind_password = LDAP_BIND_PWD
user_base = LDAP_SEARCH_BASE
#user_dn =
attribute_username = uniqueIdentifier
attribute_name = givenName
attribute_surname = sn
attribute_mail = mail
attributes_in_bind = false
filter = (&(objectclass=*)(|(uniqueIdentifier=%s)(mail=%s)))
admin_filter =
group_enabled = false
group_dn =
group_filter =
group_member_uid =
user_uid =

+ 11
- 11
images/haproxy/haproxy.cfg 查看文件

@@ -14,18 +14,18 @@ defaults
# https://www.haproxy.com/blog/how-to-get-ssl-with-haproxy-getting-rid-of-stunnel-stud-nginx-or-pound/
frontend https-in
mode http
#bind *:443 ssl crt /etc/letsencrypt/haproxy/${NEXTCLOUD_URL}.pem crt /etc/letsencrypt/haproxy/${GOGS_URL}.pem
#bind *:443 ssl crt /etc/letsencrypt/haproxy/${NEXTCLOUD_URL}.pem crt /etc/letsencrypt/haproxy/${GITEA_URL}.pem
bind *:443 ssl ${HAPROXY_CERTS}

acl letsencrypt-acl path_beg /.well-known/acme-challenge/
#acl nextcloud-acl ssl_fc_sni ${NEXTCLOUD_URL}
#acl gogs-acl ssl_fc_sni ${GOGS_URL}
#acl gitea-acl ssl_fc_sni ${GITEA_URL}
acl nextcloud-acl ssl_fc_sni_reg ^${NEXTCLOUD_SERVER_NAME}\.
acl gogs-acl ssl_fc_sni_reg ^${GOGS_SERVER_NAME}\.
acl gitea-acl ssl_fc_sni_reg ^${GITEA_SERVER_NAME}\.

use_backend letsencrypt-backend if letsencrypt-acl
use_backend nextcloud if nextcloud-acl
use_backend gogs if gogs-acl
use_backend gitea if gitea-acl

default_backend nextcloud

@@ -39,30 +39,30 @@ backend nextcloud

server nextcloud nextcloud:443 maxconn 32 check ssl verify none

backend gogs
backend gitea
#redirect http to https
#redirect scheme https if !{ ssl_fc }

server gogs gogs:2443 maxconn 32 check ssl verify none
server gitea gitea:2443 maxconn 32 check ssl verify none

frontend http-in
bind *:80
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
#acl is_nextcloud hdr_end(host) -i ${NEXTCLOUD_URL}
#acl is_gogs hdr_end(host) -i ${GOGS_URL}
#acl is_gitea hdr_end(host) -i ${GITEA_URL}
acl is_nextcloud hdr_reg(host) ^${NEXTCLOUD_SERVER_NAME}\.
acl is_gogs hdr_reg(host) ^${GOGS_SERVER_NAME}\.
acl is_gitea hdr_reg(host) ^${GITEA_SERVER_NAME}\.

use_backend letsencrypt-backend if letsencrypt-acl
use_backend nextcloud-insecure if is_nextcloud
use_backend gogs-insecure if is_gogs
use_backend gitea-insecure if is_gitea
default_backend pihole-insecure

backend nextcloud-insecure
server nextcloud nextcloud:80 maxconn 32

backend gogs-insecure
server gogs gogs:2080 maxconn 32
backend gitea-insecure
server gitea gitea:2080 maxconn 32

backend pihole-insecure
server pihole pihole:80 maxconn 32

+ 4
- 4
images/haproxy/startup.sh 查看文件

@@ -17,7 +17,7 @@ haproxy -f $CFG_LE_FILE -D -p /tmp/haproxy.pid
# Get Let's Encrypt certificates
HAPROXY_CERTS=""
for domain in ${DOMAINS}; do
for server_name in ${NEXTCLOUD_SERVER_NAME} ${GOGS_SERVER_NAME}; do
for server_name in ${NEXTCLOUD_SERVER_NAME} ${GITEA_SERVER_NAME}; do
_URL=${server_name}.${domain};
echo ${_URL}
HAPROXY_CERTS="${HAPROXY_CERTS} crt /etc/letsencrypt/haproxy/${_URL}.pem";
@@ -36,13 +36,13 @@ for domain in ${DOMAINS}; do
done

#sed -i "s/\${NEXTCLOUD_URL}/${NEXTCLOUD_URL}/g" $CFG_FILE
#sed -i "s/\${GOGS_URL}/${GOGS_URL}/g" $CFG_FILE
#sed -i "s/\${GITEA_URL}/${GITEA_URL}/g" $CFG_FILE
sed -i "s/\${NEXTCLOUD_SERVER_NAME}/${NEXTCLOUD_SERVER_NAME}/g" $CFG_FILE
sed -i "s/\${GOGS_SERVER_NAME}/${GOGS_SERVER_NAME}/g" $CFG_FILE
sed -i "s/\${GITEA_SERVER_NAME}/${GITEA_SERVER_NAME}/g" $CFG_FILE
echo sed -i "s/\${HAPROXY_CERTS}/${HAPROXY_CERTS}/g" ${CFG_FILE}
sed -i "s/\${HAPROXY_CERTS}/${HAPROXY_CERTS//\//\\/}/g" ${CFG_FILE}

cat ${CFG_FILE}
#cat ${CFG_FILE}

echo Killing haproxy `cat /tmp/haproxy.pid`
kill -SIGTERM `cat /tmp/haproxy.pid`

+ 8
- 0
images/openldap/data/serviceimport_gitea.ldif 查看文件

@@ -0,0 +1,8 @@
# gitea
dn: uid=${LDAP_GITEA_UID},ou=services,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}
objectClass: simpleSecurityObject
objectClass: account
objectClass: top
uid: ${LDAP_GITEA_UID}
userPassword: ${LDAP_GITEA_PWD}


+ 0
- 8
images/openldap/data/serviceimport_gogs.ldif 查看文件

@@ -1,8 +0,0 @@
# gogs
dn: uid=${LDAP_GOGS_UID},ou=services,dc=${LDAP_ORGANIZATION},dc=${LDAP_EXTENSION}
objectClass: simpleSecurityObject
objectClass: account
objectClass: top
uid: ${LDAP_GOGS_UID}
userPassword: ${LDAP_GOGS_PWD}


+ 4
- 4
images/openldap/startup.sh 查看文件

@@ -21,8 +21,8 @@ fi
if [ ! -z $LDAP_NEXTCLOUD_PWD_FILE -a -f $LDAP_NEXTCLOUD_PWD_FILE ]; then
LDAP_NEXTCLOUD_PWD=`cat $LDAP_NEXTCLOUD_PWD_FILE`;
fi
if [ ! -z $LDAP_GOGS_PWD_FILE -a -f $LDAP_GOGS_PWD_FILE ]; then
LDAP_GOGS_PWD=`cat $LDAP_GOGS_PWD_FILE`;
if [ ! -z $LDAP_GITEA_PWD_FILE -a -f $LDAP_GITEA_PWD_FILE ]; then
LDAP_GITEA_PWD=`cat $LDAP_GITEA_PWD_FILE`;
fi

echo slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_PWD} | debconf-set-selections \
@@ -70,10 +70,10 @@ function replace {
sed -i "s/\${VOLUMES_PATH}/${VOLUMES_PATH//\//\\/}/g" $1
sed -i "s/\${LDAP_MAIL_UID}/${LDAP_MAIL_UID}/g" $1
sed -i "s/\${LDAP_NEXTCLOUD_UID}/${LDAP_NEXTCLOUD_UID}/g" $1
sed -i "s/\${LDAP_GOGS_UID}/${LDAP_GOGS_UID}/g" $1
sed -i "s/\${LDAP_GITEA_UID}/${LDAP_GITEA_UID}/g" $1
sed -i "s/\${LDAP_MAIL_PWD}/${LDAP_MAIL_PWD}/g" $1
sed -i "s/\${LDAP_NEXTCLOUD_PWD}/${LDAP_NEXTCLOUD_PWD}/g" $1
sed -i "s/\${LDAP_GOGS_PWD}/${LDAP_GOGS_PWD}/g" $1
sed -i "s/\${LDAP_GITEA_PWD}/${LDAP_GITEA_PWD}/g" $1
}
ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/data/_postfix-book.ldif
for i in `ls /tmp/data/[^_]*.ldif`; do

+ 2
- 2
openldap.env.template 查看文件

@@ -6,8 +6,8 @@ LDAP_MAIL_UID=${LDAP_MAIL_UID}
LDAP_MAIL_PWD_FILE=/run/secrets/mail_pwd
LDAP_NEXTCLOUD_UID=${LDAP_NEXTCLOUD_UID}
LDAP_NEXTCLOUD_PWD_FILE=/run/secrets/nextcloud_pwd
LDAP_GOGS_UID=${LDAP_GOGS_UID}
LDAP_GOGS_PWD_FILE=/run/secrets/gogs_pwd
LDAP_GITEA_UID=${LDAP_GITEA_UID}
LDAP_GITEA_PWD_FILE=/run/secrets/gitea_pwd
DEBUG_LEVEL=0
#BKP_FILE=/tmp/ldap_bkp.ldif
LDAP_BACKEND="hdb"

+ 20
- 17
setup.sh 查看文件

@@ -5,7 +5,7 @@ PWD_GEN='< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;'
#PWD_GEN='openssl rand -base64 20'
DEFAULT_LDAP_MAIL_UID='mail'
DEFAULT_LDAP_NEXTCLOUD_UID='nextcloud'
DEFAULT_LDAP_GOGS_UID='gogs'
DEFAULT_LDAP_GITEA_UID='git'

read -p "Main domain: " domain
while [[ ! $domain =~ ^.*\.[a-z]{2,}$ ]]; do
@@ -50,14 +50,14 @@ if [[ ${#ldap_nextcloud_pwd} -eq 0 ]]; then
ldap_nextcloud_pwd=`eval "$PWD_GEN"`
fi

read -p "LDAP Gogs Bind DN uid ($DEFAULT_LDAP_GOGS_UID): " ldap_gogs_uid
if [[ ${#ldap_gogs_uid} -eq 0 ]]; then
ldap_gogs_uid=$DEFAULT_LDAP_GOGS_UID
read -p "LDAP Gitea Bind DN uid ($DEFAULT_LDAP_GITEA_UID): " ldap_gitea_uid
if [[ ${#ldap_gitea_uid} -eq 0 ]]; then
ldap_gitea_uid=$DEFAULT_LDAP_GITEA_UID
fi

read -p "LDAP Gogs Bind DN Pwd (a random one will be generated if empty): " ldap_gogs_pwd
if [[ ${#ldap_gogs_pwd} -eq 0 ]]; then
ldap_gogs_pwd=`eval "$PWD_GEN"`
read -p "LDAP Gitea Bind DN Pwd (a random one will be generated if empty): " ldap_gitea_pwd
if [[ ${#ldap_gitea_pwd} -eq 0 ]]; then
ldap_gitea_pwd=`eval "$PWD_GEN"`
fi

read -p "Nextcloud Admin User Pwd (a random one will be generated if empty): " nextcloud_admin_pwd
@@ -65,9 +65,9 @@ if [[ ${#nextcloud_admin_pwd} -eq 0 ]]; then
nextcloud_admin_pwd=`eval "$PWD_GEN"`
fi

read -p "Gogs Admin User Pwd (a random one will be generated if empty): " gogs_admin_pwd
if [[ ${#gogs_admin_pwd} -eq 0 ]]; then
gogs_admin_pwd=`eval "$PWD_GEN"`
read -p "Gitea Admin User Pwd (a random one will be generated if empty): " gitea_admin_pwd
if [[ ${#gitea_admin_pwd} -eq 0 ]]; then
gitea_admin_pwd=`eval "$PWD_GEN"`
fi

read -p "Pi-Hole Web User Pwd (a random one will be generated if empty): " pihole_web_pwd
@@ -120,7 +120,7 @@ echo Your domain is: $domain
echo Your Volumes path is: $volumes
echo Your LDAP Mail Bind DN Uid is: $ldap_mail_uid
echo Your LDAP Nextcloud Bind DN Uid is: $ldap_nextcloud_uid
echo Your LDAP Gogs Bind DN Uid is: $ldap_gogs_uid
echo Your LDAP Gitea Bind DN Uid is: $ldap_gitea_uid
echo Your Admin email. Let\'s Encrypt...: $admin_email
echo Your Paperless Web Server User: $paperless_webserver_user
echo Your SFTP User: $paperless_ftp_user
@@ -140,14 +140,14 @@ echo $db_pwd | docker secret create db_pwd -
echo $ldap_pwd | docker secret create ldap_pwd -
echo $ldap_mail_pwd | docker secret create ldap_mail_pwd -
echo $ldap_nextcloud_pwd | docker secret create ldap_nextcloud_pwd -
echo $ldap_gogs_pwd | docker secret create ldap_gogs_pwd -
echo $ldap_gitea_pwd | docker secret create ldap_gitea_pwd -
echo $nextcloud_admin_pwd | docker secret create nextcloud_admin_pwd -
echo $nextcloud_salt | docker secret create nextcloud_salt -
echo $nextcloud_secret | docker secret create nextcloud_secret -
#echo $paperless_webserver_pwd | docker secret create paperless_webserver_pwd -
#echo $paperless_passphrase | docker secret create paperless_passphrase -
echo $paperless_ftp_pwd | docker secret create paperless_ftp_pwd -
echo $gogs_admin_pwd | docker secret create gogs_admin_pwd -
echo $gitea_admin_pwd | docker secret create gitea_admin_pwd -
#echo $pihole_web_pwd | docker secret create pihole_web_pwd -
sed -i "s/\${PIHOLE_WEB_PWD}/${pihole_web_pwd}/g" pihole.env

@@ -164,7 +164,7 @@ cp nextcloud.env.template nextcloud.env
cp haproxy.env.template haproxy.env
cp paperless.env.template paperless.env
cp sftp.env.template sftp.env
cp gogs.env.template gogs.env
cp gitea.env.template gitea.env
cp pihole.env.template pihole.env

# IP for Pi-Hole
@@ -178,7 +178,7 @@ for i in `ls *.env .env`; do
sed -i "s/\${VOLUMES_PATH}/${volumes//\//\\/}/g" $i
sed -i "s/\${LDAP_MAIL_UID}/${ldap_mail_uid}/g" $i
sed -i "s/\${LDAP_NEXTCLOUD_UID}/${ldap_nextcloud_uid}/g" $i
sed -i "s/\${LDAP_GOGS_UID}/${ldap_gogs_uid}/g" $i
sed -i "s/\${LDAP_GITEA_UID}/${ldap_gitea_uid}/g" $i
sed -i "s/\${ADMIN_EMAIL}/${admin_email}/g" $i
sed -i "s/\${PAPERLESS_WEBSERVER_USER}/${paperless_webserver_user}/g" $i
sed -i "s/\${PAPERLESS_FTP_USER}/${paperless_ftp_user}/g" $i
@@ -196,6 +196,9 @@ echo "" >> nextcloud.env
echo "NEXTCLOUD_DB_BACKUP=${NEXTCLOUD_DATA_PATH}/nextcloud_db_backup.sql" >> nextcloud.env
echo "NEXTCLOUD_DATA_PATH=${NEXTCLOUD_DATA_PATH}" >> nextcloud.env
echo "NEXTCLOUD_BACKUP_PATH=${NEXTCLOUD_BACKUP_PATH}" >> nextcloud.env
echo "" >> gitea.env
echo "GITEA_SERVER_NAME=${GITEA_SERVER_NAME}" >> gitea.env
echo "GITEA_HTTP_PORT=${GITEA_HTTP_PORT}" >> gitea.env
echo "" >> paperless.env
echo "PAPERLESS_CONSUMPTION_DIR=${PAPERLESS_CONSUMPTION_PATH}" >> paperless.env
echo "PAPERLESS_EXPORT_DIR=${PAPERLESS_EXPORT_PATH}" >> paperless.env
@@ -227,8 +230,8 @@ sudo mkdir -p ${PAPERLESS_DATA_VOLUME_PATH}
sudo mkdir -p ${PAPERLESS_MEDIA_VOLUME_PATH}
sudo mkdir -p ${PAPERLESS_CONSUMPTION_VOLUME_PATH}
sudo mkdir -p ${PAPERLESS_EXPORT_VOLUME_PATH}
# gogs
sudo mkdir -p ${GOGS_DATA_VOLUME_PATH}
# gitea
sudo mkdir -p ${GITEA_DATA_VOLUME_PATH}
# Pi-Hole
sudo mkdir -p ${PIHOLE_CONFIG_VOLUME_PATH}
sudo mkdir -p ${PIHOLE_DNSMASQ_VOLUME_PATH}

+ 22
- 22
setup_noswarm.sh 查看文件

@@ -5,7 +5,7 @@ PWD_GEN='< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;'
#PWD_GEN='openssl rand -base64 20'
DEFAULT_LDAP_MAIL_UID='mail'
DEFAULT_LDAP_NEXTCLOUD_UID='nextcloud'
DEFAULT_LDAP_GOGS_UID='gogs'
DEFAULT_LDAP_GITEA_UID='git'

# main domain
read -p "Add main domain: " domain
@@ -64,14 +64,14 @@ if [[ ${#ldap_nextcloud_pwd} -eq 0 ]]; then
ldap_nextcloud_pwd=`eval "$PWD_GEN"`
fi

read -p "LDAP Gogs Bind DN uid ($DEFAULT_LDAP_GOGS_UID): " ldap_gogs_uid
if [[ ${#ldap_gogs_uid} -eq 0 ]]; then
ldap_gogs_uid=$DEFAULT_LDAP_GOGS_UID
read -p "LDAP Gitea Bind DN uid ($DEFAULT_LDAP_GITEA_UID): " ldap_gitea_uid
if [[ ${#ldap_gitea_uid} -eq 0 ]]; then
ldap_gitea_uid=$DEFAULT_LDAP_GITEA_UID
fi

read -p "LDAP Gogs Bind DN Pwd (a random one will be generated if empty): " ldap_gogs_pwd
if [[ ${#ldap_gogs_pwd} -eq 0 ]]; then
ldap_gogs_pwd=`eval "$PWD_GEN"`
read -p "LDAP Gitea Bind DN Pwd (a random one will be generated if empty): " ldap_gitea_pwd
if [[ ${#ldap_gitea_pwd} -eq 0 ]]; then
ldap_gitea_pwd=`eval "$PWD_GEN"`
fi

read -p "Nextcloud Admin User Pwd (a random one will be generated if empty): " nextcloud_admin_pwd
@@ -79,9 +79,9 @@ if [[ ${#nextcloud_admin_pwd} -eq 0 ]]; then
nextcloud_admin_pwd=`eval "$PWD_GEN"`
fi

read -p "Gogs Admin User Pwd (a random one will be generated if empty): " gogs_admin_pwd
if [[ ${#gogs_admin_pwd} -eq 0 ]]; then
gogs_admin_pwd=`eval "$PWD_GEN"`
read -p "Gitea Admin User Pwd (a random one will be generated if empty): " gitea_admin_pwd
if [[ ${#gitea_admin_pwd} -eq 0 ]]; then
gitea_admin_pwd=`eval "$PWD_GEN"`
fi

read -p "Pi-Hole Web User Pwd (a random one will be generated if empty): " pihole_web_pwd
@@ -135,7 +135,7 @@ echo Your virtual domains are: ${virtual_domains[*]}
echo Your Volumes path is: $volumes
echo Your LDAP Mail Bind DN Uid is: $ldap_mail_uid
echo Your LDAP Nextcloud Bind DN Uid is: $ldap_nextcloud_uid
echo Your LDAP Gogs Bind DN Uid is: $ldap_gogs_uid
echo Your LDAP Gitea Bind DN Uid is: $ldap_gitea_uid
echo Your Admin email. Let\'s Encrypt...: $admin_email
echo Your Paperless Web Server User: $paperless_webserver_user
echo Your SFTP User: $paperless_ftp_user
@@ -164,22 +164,21 @@ cp nextcloud.env.template nextcloud.env
cp haproxy.env.template haproxy.env
cp paperless.env.template paperless.env
cp sftp.env.template sftp.env
cp gogs.env.template gogs.env
cp gitea.env.template gitea.env
cp pihole.env.template pihole.env
chmod 600 *.env

# Passwords
echo MYSQL_ROOT_PWD=$db_pwd >> mariadb.env
echo MYSQL_ROOT_PWD=$db_pwd >> nextcloud.env
echo MYSQL_ROOT_PWD=$db_pwd >> gogs.env

echo LDAP_ADMIN_PWD=$ldap_pwd >> openldap.env
echo LDAP_MAIL_PWD=$ldap_mail_pwd >> openldap.env
echo LDAP_NEXTCLOUD_PWD=$ldap_nextcloud_pwd >> openldap.env
echo LDAP_GOGS_PWD=$ldap_gogs_pwd >> openldap.env
echo LDAP_GITEA_PWD=$ldap_gitea_pwd >> openldap.env
echo LDAP_BIND_PWD=$ldap_mail_pwd >> mail.env
echo LDAP_BIND_PWD=$ldap_nextcloud_pwd >> nextcloud.env
echo LDAP_BIND_PWD=$ldap_gogs_pwd >> gogs.env
echo LDAP_BIND_PWD=$ldap_gitea_pwd >> gitea.env

echo NEXTCLOUD_ADMIN_PWD=$nextcloud_admin_pwd >> nextcloud.env
echo NEXTCLOUD_SALT=$nextcloud_salt >> nextcloud.env
@@ -188,7 +187,7 @@ echo NEXTCLOUD_SECRET=$nextcloud_secret >> nextcloud.env
#echo PAPERLESS_WEBSERVER_PWD=$paperless_webserver_pwd >> paperless.env
#echo PAPERLESS_PASSPHRASE=$paperless_passphrase >> paperless.env
echo PAPERLESS_FTP_PWD=$paperless_ftp_pwd >> sftp.env
echo GOGS_ADMIN_PWD=$gogs_admin_pwd >> gogs.env
echo GITEA_ADMIN_PWD=$gitea_admin_pwd >> gitea.env
#echo $pihole_web_pwd | docker secret create pihole_web_pwd -
sed -i "s/\${PIHOLE_WEB_PWD}/${pihole_web_pwd}/g" pihole.env

@@ -204,7 +203,7 @@ for i in `ls *.env .env`; do
sed -i "s/\${VOLUMES_PATH}/${volumes//\//\\/}/g" $i
sed -i "s/\${LDAP_MAIL_UID}/${ldap_mail_uid}/g" $i
sed -i "s/\${LDAP_NEXTCLOUD_UID}/${ldap_nextcloud_uid}/g" $i
sed -i "s/\${LDAP_GOGS_UID}/${ldap_gogs_uid}/g" $i
sed -i "s/\${LDAP_GITEA_UID}/${ldap_gitea_uid}/g" $i
sed -i "s/\${ADMIN_EMAIL}/${admin_email}/g" $i
sed -i "s/\${PAPERLESS_WEBSERVER_USER}/${paperless_webserver_user}/g" $i
sed -i "s/\${PAPERLESS_FTP_USER}/${paperless_ftp_user}/g" $i
@@ -232,8 +231,9 @@ echo "NEXTCLOUD_SERVER_NAME=${NEXTCLOUD_SERVER_NAME}" >> nextcloud.env
echo "NEXTCLOUD_DB_BACKUP=${NEXTCLOUD_DATA_PATH}/nextcloud_db_backup.sql" >> nextcloud.env
echo "NEXTCLOUD_DATA_PATH=${NEXTCLOUD_DATA_PATH}" >> nextcloud.env
echo "NEXTCLOUD_BACKUP_PATH=${NEXTCLOUD_BACKUP_PATH}" >> nextcloud.env
echo "" >> gogs.env
echo "GOGS_SERVER_NAME=${GOGS_SERVER_NAME}" >> gogs.env
echo "" >> gitea.env
echo "GITEA_SERVER_NAME=${GITEA_SERVER_NAME}" >> gitea.env
echo "GITEA_HTTP_PORT=${GITEA_HTTP_PORT}" >> gitea.env
echo "" >> paperless.env
echo "PAPERLESS_CONSUMPTION_DIR=${PAPERLESS_CONSUMPTION_PATH}" >> paperless.env
echo "PAPERLESS_EXPORT_DIR=${PAPERLESS_EXPORT_PATH}" >> paperless.env
@@ -241,7 +241,7 @@ echo "" >> sftp.env
echo "PAPERLESS_CONSUMPTION_DIR=${PAPERLESS_CONSUMPTION_PATH}" >> sftp.env
echo "" >> haproxy.env
echo "NEXTCLOUD_SERVER_NAME=${NEXTCLOUD_SERVER_NAME}" >> haproxy.env
echo "GOGS_SERVER_NAME=${GOGS_SERVER_NAME}" >> haproxy.env
echo "GITEA_SERVER_NAME=${GITEA_SERVER_NAME}" >> haproxy.env

echo $'\E[33m'
echo "//////////////////////////////////////////////////"
@@ -268,8 +268,8 @@ sudo mkdir -p ${PAPERLESS_DATA_VOLUME_PATH}
sudo mkdir -p ${PAPERLESS_MEDIA_VOLUME_PATH}
sudo mkdir -p ${PAPERLESS_CONSUMPTION_VOLUME_PATH}
sudo mkdir -p ${PAPERLESS_EXPORT_VOLUME_PATH}
# gogs
sudo mkdir -p ${GOGS_DATA_VOLUME_PATH}
# gitea
sudo mkdir -p ${GITEA_DATA_VOLUME_PATH}
# Pi-Hole
sudo mkdir -p ${PIHOLE_CONFIG_VOLUME_PATH}
sudo mkdir -p ${PIHOLE_DNSMASQ_VOLUME_PATH}

Write Preview
Loading…
取消
儲存