(Build notes for getea server.)
Gitea is a github like environment written in go. It provides git in an accessable form and allows you to create issues and write wiki pages like redmine and trac while also serving those repositories.
It is less convoluted than gitlab but more configurable than GCOS which it is based on.
We are building on a ubuntu/focal/cloud (from lxc's images) container with preseeded admin accounts.
apt-get -y install curl postgresql apache2 git apt-get install postfix ... add as a Satelite (null client) ...
We want to use a single git user so we add it (will deal with this later)
adduser --system --shell /bin/bash --group --disabled-password --home /home/git git
We are going to use the package provided by packaging.gitlab.io
curl -sL -o /etc/apt/trusted.gpg.d/morph027-gitea.asc https://packaging.gitlab.io/gitea/gpg.key deb [trusted=yes arch=amd64] https://packaging.gitlab.io/gitea gitea main" | sudo tee /etc/apt/sources.list.d/morph027-gitea.list update.sh apt-get install gitea
Setting up postgresql database
su - postgres postgres@shelly:~$ createuser -P git ... add passwd postgres@shelly:~$ createdb gitea -O git
Once gitea is installed go to myservername:3000 and navigate to the login in the upper right corner. Fill in the database,username, and dbpassword. Replace localhost with your servers fqdn. Create admin user (remember password here)
Testing it out.
The first thing we want to do here is to mirror our github repositories.
Mirroring Github Repositories.
We want to automate mirroring all of our repositories hosted on github (and bitbucket at some point). To do this we create a personal-access-token from our github developer tools. (save the token somewhere as it will not be recoverable). Once we have that token we select New migration. Fill in the https://github.com/myuser/myrepo and paste the token into the form, select mirror and the magic begins.
Editing the mirror interval
The default mirror interval is 8 hours with a minimum of 10 minutes. To fix this we add the following to /etc/gitea/app.ini
nano /etc/gitea.app.ini ... [cron.update_mirrors] SCHEDULE = @every 2m [mirror] DEFAULT_INTERVAL = 1h MIN_INTERVAL = 2m ... service gitea restart
Automating creation of mirrors (github).
We were able to automate mirroring our github repos with the help of some python provided by jpmens.net we modified it to allow us to separate local mirrors by the same organizations used by github though this required us to manually add the local users and organizations. The script in progress is here.
Manually migrating bitbucket mirrors.
Like github mirroring bitbucket repositories required the creation of an application password. Then add a new "Git" migration using the application password as your credentials.
Setting up ssl and apache proxy.
Gitea runs as an unprivilaged user on port 3000. To present it as a normal web server required a proxy server (apache). Since we had created letsEncrypt certificates for the old git server we moved them. There are still permissions issues with giving gitea access to the certificates which were worked around by copying the files.
Getting apache to proxy the https required enabling 'proxy_http2' and 'proxy' module (not 'proxy_http')
a2enmod proxy proxy_http2
Manually updating LetsEncrypt certificates.
Gitea serves static content under the public/custom directory. In order to update the lets encrypt certificates you will need to open two shells into the git server.
In the first window initiate the update request.
certbot certonly --manual Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Account registered. Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): git.suspectdevices.com Generating a certificate request for git.suspectdevices.com Performing the following challenges: http-01 challenge for git.suspectdevices.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Create a file containing just this data: loIND53_1yZLSZX1lKkLqhCBY7YhNo_vzdyrEznXHSQ.MQ0FIIV4g1TA8EJatJpiciDipeqHIMHJsetBrs2tzqM And make it available on your web server at this URL: http://git.suspectdevices.com/.well-known/acme-challenge/loIND53_1yZLSZX1lKkLqhCBY7YhNo_vzdyrEznXHSQ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue
In the second window create the file requested file.
root@shelly:/var/lib/gitea# cd public/custom/ root@shelly:/var/lib/gitea/public/custom# echo loIND53_1yZLSZX1lKkLqhCBY7YhNo_vzdyrEznXHSQ.MQ0FIIV4g1TA8EJatJpiciDipeqHIMHJsetBrs2tzqM >.well-known/acme-challenge/loIND53_1yZLSZX1lKkLqhCBY7YhNo_vzdyrEznXHSQ root@shelly:/var/lib/gitea/public/custom# chown -R gitea:gitea .
Then continue in the first window and copy the new keys to where gitea expects them.
Press Enter to Continue ... when finished copy the new certs to gitea ... cd /etc/letsencrypt/live/git.suspectdevices.com/ cp fullchain.pem privkey.pem /var/lib/gitea/keys/ chown -R gitea:gitea /var/lib/gitea/keys/ reboot
Todo (No Major Issues)
- Document making gitea less ugly (add Susdev brand look and feel)
- Fix permission issues with certificate issues to allow for autorenewal if possible.
- Consider normalizing git user and repo locations.