Switch from Gogs to Gitea (with MariaDB)

docker-compose.yml

     depends_on:
       # For DNS resolution
       - nextcloud
-      - gogs
+      - gitea
       - pihole
     env_file:
       - haproxy.env
     env_file:
       - sftp.env
 
-  gogs:
+  gitea:
     build:
-      context: ./images/gogs/
-    image: bingen/${ARCH}-gogs
+      context: ./images/gitea/
+    image: bingen/${ARCH}-gitea
     depends_on:
       - db
       - openldap
     env_file:
-      - gogs.env
+      - gitea.env
     ports:
-      - "2080:2080"
+      - "2080:3000"
       - "2443:2443"
       - "2022:22"
     volumes:
-      - ${GOGS_DATA_VOLUME_PATH}:/data
+      - ${GITEA_DATA_VOLUME_PATH}:/data
 
   pihole:
     image: pihole/pihole:latest

env.template

 PAPERLESS_EXPORT_VOLUME_PATH=${VOLUMES_PATH}/paperless/export
 PAPERLESS_EXPORT_PATH=/export
 
-# GOGS
+# GITEA
 
-GOGS_SERVER_NAME=gogs
-GOGS_DATA_VOLUME_PATH=${VOLUMES_PATH}/gogs/data
+GITEA_SERVER_NAME=git
+GITEA_DATA_VOLUME_PATH=${VOLUMES_PATH}/gitea/data
 
 # PI-HOLE
 

gitea.env.template

+GITEA_DOMAIN=${DOMAIN}
+GITEA_ADMIN_PWD_FILE=/run/secrets/admin_pwd
+ADMIN_EMAIL=${ADMIN_EMAIL}
+
+# DB
+MYSQL_ROOT_PWD_FILE=/run/secrets/mysql_pwd
+DB_HOST=db
+GITEA_DB_NAME=gitea
+GITEA_DB_USER=gitea
+
+# LDAP
+LDAP_SERVER_HOST=openldap
+LDAP_BIND_DN=uid=${LDAP_GOGS_UID},ou=services,dc=${ORGANIZATION},dc=${EXTENSION}
+LDAP_BIND_PWD_FILE=/run/secrets/ldap_pwd
+LDAP_SEARCH_BASE=ou=people,dc=${ORGANIZATION},dc=${EXTENSION}

images/gitea/Dockerfile.template

+FROM gitea/gitea:1.10-linux-ARCH_PLACEHOLDER
+
+#ENV GIT_HOME /home/git
+
+RUN apk --no-cache add openssl mariadb-client
+
+# Configuration
+# $HOME doesn't work with COPY
+COPY app.ini /home/${USER}/
+
+COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+RUN chmod 755 /usr/local/bin/docker-entrypoint.sh
+
+ENTRYPOINT []
+CMD ["/usr/local/bin/docker-entrypoint.sh"]

images/gitea/app.ini

+#APP_NAME = $APP_NAME
+RUN_MODE = prod
+
+[repository]
+ROOT = /data/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH = /data/gitea
+SSH_DOMAIN       = GITEA_FULL_DOMAIN
+#HTTP_PORT        = $HTTP_PORT
+#ROOT_URL         = $ROOT_URL
+#DISABLE_SSH      = $DISABLE_SSH
+SSH_PORT         = 2022
+SSH_LISTEN_PORT  = 22
+#LFS_START_SERVER = $LFS_START_SERVER
+#LFS_CONTENT_PATH = /data/git/lfs
+
+[database]
+#PATH = /data/gitea/gitea.db
+DB_TYPE = mysql
+HOST    = DB_HOST
+NAME    = GITEA_DB_NAME
+USER    = GITEA_DB_USER
+PASSWD  = GITEA_DB_PWD
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+
+[picture]
+AVATAR_UPLOAD_PATH = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+ROOT_PATH = /data/gitea/log
+
+#[security]
+#INSTALL_LOCK = $INSTALL_LOCK
+#SECRET_KEY   = $SECRET_KEY
+
+[service]
+DISABLE_REGISTRATION = true
+#REQUIRE_SIGNIN_VIEW = $REQUIRE_SIGNIN_VIEW

images/gitea/docker-entrypoint.sh

+#!/bin/bash
+
+GITEA_FULL_DOMAIN=${GITEA_SERVER_NAME}.${GITEA_DOMAIN}
+
+# set LDAP password from secret
+if [ ! -z $LDAP_BIND_PWD_FILE -a -f $LDAP_BIND_PWD_FILE ]; then
+    LDAP_BIND_PWD=`cat $LDAP_BIND_PWD_FILE`;
+fi
+
+GITEA_DB_PWD=`openssl rand -base64 20`
+
+# set Admin password from secret
+if [ ! -z $GITEA_ADMIN_PWD_FILE -a -f $GITEA_ADMIN_PWD_FILE ]; then
+    GITEA_ADMIN_PWD=`cat $GITEA_ADMIN_PWD_FILE`;
+fi
+
+# check needed variables
+if [[ -z ${DB_HOST} || -z ${GITEA_DB_NAME} \
+          || -z ${GITEA_DB_USER}  || -z ${GITEA_DB_PWD} \
+          || -z ${GITEA_ADMIN_PWD} || -z ${ADMIN_EMAIL} \
+          || -z ${LDAP_SERVER_HOST} || -z ${LDAP_BIND_DN} \
+          || -z ${LDAP_BIND_PWD} || -z ${LDAP_SEARCH_BASE} \
+    ]];
+then
+    echo "Missing variable! You must provide: DB_HOST, GITEA_DB_NAME, \
+GITEA_DB_USER, GITEA_DB_PWD, GITEA_ADMIN_PWD, ADMIN_EMAIL and LDAP stuff";
+    echo $DB_HOST, $GITEA_DB_NAME, $GITEA_DB_USER, ${#GITEA_DB_PWD}
+    echo ${#GITEA_ADMIN_PWD}, ${ADMIN_EMAIL},
+    echo ${LDAP_SERVER_HOST}, ${LDAP_BIND_DN}, ${#LDAP_BIND_PWD}, ${LDAP_SEARCH_BASE}
+    #env;
+    exit 1;
+fi
+
+function check_result {
+    if [ $1 != 0 ]; then
+        echo "Error: $2";
+        exit 1;
+    fi
+}
+
+# ### DB setup ###
+
+# wait for DB to be ready
+sleep 60 # to avoid hitting it while the first start for setting root pwd
+R=111
+while [ $R -eq 111 ]; do
+    mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "SHOW DATABASES"  2> /dev/null;
+    R=$?;
+done
+
+# check if DB exists
+DB_EXISTS=$(mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "SHOW DATABASES" 2> /dev/null | grep ${GITEA_DB_NAME})
+echo DB exists: ${DB_EXISTS}
+
+if [ -z "${DB_EXISTS}" ]; then
+    echo Creating Database
+    #mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "DROP DATABASE IF EXISTS ${GITEA_DB_NAME};"
+    #check_result $? "Dropping DB"
+    mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "CREATE DATABASE ${GITEA_DB_NAME};"
+    check_result $? "Creating DB"
+fi
+
+echo Creating User
+# 'IF EXISTS' for DROP USER is available from MariaDB 10.1.3 only
+mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "DROP USER ${GITEA_DB_USER};" || echo "It seems it didn't exist"
+mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "CREATE USER ${GITEA_DB_USER} IDENTIFIED BY '${GITEA_DB_PWD}';"
+check_result $? "Creating User"
+mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "GRANT ALL ON ${GITEA_DB_NAME}.* TO ${GITEA_DB_USER};"
+check_result $? "Granting permissions"
+mysql -u root -p${MYSQL_ROOT_PWD} -h ${DB_HOST} -e "FLUSH PRIVILEGES;"
+check_result $? "Flushing privileges"
+
+unset MYSQL_ROOT_PWD
+
+
+# ### Conf file ###
+
+echo Tweaking config files
+CONF_FILE=${GITEA_CUSTOM}/conf/app.ini
+
+# We need to re-generate conf file because we are changing DB pwd
+#if [[ ! -e ${CONF_FILE} ]]; then
+mkdir -p ${GITEA_CUSTOM}/conf
+mv /home/${USER}/app.ini ${CONF_FILE}
+chown -R ${USER} ${GITEA_CUSTOM}
+
+echo Setting domain
+sed -i "s/GITEA_FULL_DOMAIN/${GITEA_FULL_DOMAIN}/g" ${CONF_FILE}
+
+# DB conf
+echo Setting DB conf
+sed -i "s/DB_HOST/${DB_HOST}/g" ${CONF_FILE}
+sed -i "s/GITEA_DB_NAME/${GITEA_DB_NAME}/g" ${CONF_FILE}
+sed -i "s/GITEA_DB_USER/${GITEA_DB_USER}/g" ${CONF_FILE}
+sed -i "s/GITEA_DB_PWD/${GITEA_DB_PWD//\//\\/}/g" ${CONF_FILE}
+#fi
+
+
+# Create admin user if DB was new
+if [ -z "${DB_EXISTS}" ]; then
+    su git -c "gitea admin create-user --username admin --password ${GITEA_ADMIN_PWD} --admin --email ${ADMIN_EMAIL}"
+fi
+
+# LDAP
+su git -c "gitea admin auth add-ldap \
+      --name ldap \
+      --security-protocol unencrypted \
+      --host ${LDAP_SERVER_HOST} \
+      --port 389 \
+      --bind-dn ${LDAP_BIND_DN} \
+      --bind-password ${LDAP_BIND_PWD} \
+      --user-search-base ${LDAP_SEARCH_BASE} \
+      --user-filter \"(&(objectclass=*)(|(uniqueIdentifier=%s)(mail=%s)))\" \
+      --username-attribute uniqueIdentifier \
+      --firstname-attribute givenName \
+      --surname-attribute sn \
+      --email-attribute mail"
+
+exec /bin/s6-svscan /etc/s6

images/haproxy/haproxy.cfg

 # https://www.haproxy.com/blog/how-to-get-ssl-with-haproxy-getting-rid-of-stunnel-stud-nginx-or-pound/
 frontend https-in
     mode http
-    #bind *:443 ssl crt /etc/letsencrypt/haproxy/${NEXTCLOUD_URL}.pem crt /etc/letsencrypt/haproxy/${GOGS_URL}.pem
+    #bind *:443 ssl crt /etc/letsencrypt/haproxy/${NEXTCLOUD_URL}.pem crt /etc/letsencrypt/haproxy/${GITEA_URL}.pem
     bind *:443 ssl ${HAPROXY_CERTS}
 
     acl letsencrypt-acl path_beg /.well-known/acme-challenge/
     #acl nextcloud-acl ssl_fc_sni ${NEXTCLOUD_URL}
-    #acl gogs-acl ssl_fc_sni ${GOGS_URL}
+    #acl gitea-acl ssl_fc_sni ${GITEA_URL}
     acl nextcloud-acl ssl_fc_sni_reg ^${NEXTCLOUD_SERVER_NAME}\.
-    acl gogs-acl ssl_fc_sni_reg ^${GOGS_SERVER_NAME}\.
+    acl gitea-acl ssl_fc_sni_reg ^${GITEA_SERVER_NAME}\.
 
     use_backend letsencrypt-backend if letsencrypt-acl
     use_backend nextcloud if nextcloud-acl
-    use_backend gogs if gogs-acl
+    use_backend gitea if gitea-acl
 
     default_backend nextcloud
 
 
     server nextcloud nextcloud:443 maxconn 32 check ssl verify none
 
-backend gogs
+backend gitea
     #redirect http to https
     #redirect scheme https if !{ ssl_fc }
 
-    server gogs gogs:2443 maxconn 32 check ssl verify none
+    server gitea gitea:2443 maxconn 32 check ssl verify none
 
 frontend http-in
     bind *:80
     acl letsencrypt-acl path_beg /.well-known/acme-challenge/
     #acl is_nextcloud hdr_end(host) -i ${NEXTCLOUD_URL}
-    #acl is_gogs hdr_end(host) -i ${GOGS_URL}
+    #acl is_gitea hdr_end(host) -i ${GITEA_URL}
     acl is_nextcloud hdr_reg(host) ^${NEXTCLOUD_SERVER_NAME}\.
-    acl is_gogs hdr_reg(host) ^${GOGS_SERVER_NAME}\.
+    acl is_gitea hdr_reg(host) ^${GITEA_SERVER_NAME}\.
 
     use_backend letsencrypt-backend if letsencrypt-acl
     use_backend nextcloud-insecure if is_nextcloud
-    use_backend gogs-insecure if is_gogs
+    use_backend gitea-insecure if is_gitea
     default_backend pihole-insecure
 
 backend nextcloud-insecure
     server nextcloud nextcloud:80 maxconn 32
 
-backend gogs-insecure
-    server gogs gogs:2080 maxconn 32
+backend gitea-insecure
+    server gitea gitea:2080 maxconn 32
 
 backend pihole-insecure
     server pihole pihole:80 maxconn 32

images/haproxy/startup.sh

 # Get Let's Encrypt certificates
 HAPROXY_CERTS=""
 for domain in ${DOMAINS}; do
-    for server_name in ${NEXTCLOUD_SERVER_NAME} ${GOGS_SERVER_NAME}; do
+    for server_name in ${NEXTCLOUD_SERVER_NAME} ${GITEA_SERVER_NAME}; do
         _URL=${server_name}.${domain};
         echo ${_URL}
         HAPROXY_CERTS="${HAPROXY_CERTS} crt /etc/letsencrypt/haproxy/${_URL}.pem";
 done
 
 #sed -i "s/\${NEXTCLOUD_URL}/${NEXTCLOUD_URL}/g" $CFG_FILE
-#sed -i "s/\${GOGS_URL}/${GOGS_URL}/g" $CFG_FILE
+#sed -i "s/\${GITEA_URL}/${GITEA_URL}/g" $CFG_FILE
 sed -i "s/\${NEXTCLOUD_SERVER_NAME}/${NEXTCLOUD_SERVER_NAME}/g" $CFG_FILE
-sed -i "s/\${GOGS_SERVER_NAME}/${GOGS_SERVER_NAME}/g" $CFG_FILE
+sed -i "s/\${GITEA_SERVER_NAME}/${GITEA_SERVER_NAME}/g" $CFG_FILE
 echo sed -i "s/\${HAPROXY_CERTS}/${HAPROXY_CERTS}/g" ${CFG_FILE}
 sed -i "s/\${HAPROXY_CERTS}/${HAPROXY_CERTS//\//\\/}/g" ${CFG_FILE}
 

setup_noswarm.sh

 #PWD_GEN='openssl rand -base64 20'
 DEFAULT_LDAP_MAIL_UID='mail'
 DEFAULT_LDAP_NEXTCLOUD_UID='nextcloud'
-DEFAULT_LDAP_GOGS_UID='gogs'
+DEFAULT_LDAP_GITEA_UID='gogs'
 
 # main domain
 read -p "Add main domain: " domain
     ldap_nextcloud_pwd=`eval "$PWD_GEN"`
 fi
 
-read -p "LDAP Gogs Bind DN uid ($DEFAULT_LDAP_GOGS_UID): " ldap_gogs_uid
-if [[ ${#ldap_gogs_uid} -eq 0 ]]; then
-    ldap_gogs_uid=$DEFAULT_LDAP_GOGS_UID
+read -p "LDAP Gitea Bind DN uid ($DEFAULT_LDAP_GITEA_UID): " ldap_gitea_uid
+if [[ ${#ldap_gitea_uid} -eq 0 ]]; then
+    ldap_gitea_uid=$DEFAULT_LDAP_GITEA_UID
 fi
 
-read -p "LDAP Gogs Bind DN Pwd (a random one will be generated if empty): " ldap_gogs_pwd
-if [[ ${#ldap_gogs_pwd} -eq 0 ]]; then
-    ldap_gogs_pwd=`eval "$PWD_GEN"`
+read -p "LDAP Gitea Bind DN Pwd (a random one will be generated if empty): " ldap_gitea_pwd
+if [[ ${#ldap_gitea_pwd} -eq 0 ]]; then
+    ldap_gitea_pwd=`eval "$PWD_GEN"`
 fi
 
 read -p "Nextcloud Admin User Pwd (a random one will be generated if empty): " nextcloud_admin_pwd
     nextcloud_admin_pwd=`eval "$PWD_GEN"`
 fi
 
-read -p "Gogs Admin User Pwd (a random one will be generated if empty): " gogs_admin_pwd
-if [[ ${#gogs_admin_pwd} -eq 0 ]]; then
-    gogs_admin_pwd=`eval "$PWD_GEN"`
+read -p "Gitea Admin User Pwd (a random one will be generated if empty): " gitea_admin_pwd
+if [[ ${#gitea_admin_pwd} -eq 0 ]]; then
+    gitea_admin_pwd=`eval "$PWD_GEN"`
 fi
 
 read -p "Pi-Hole Web User Pwd (a random one will be generated if empty): " pihole_web_pwd
 echo Your Volumes path is:                 $volumes
 echo Your LDAP Mail Bind DN Uid is:        $ldap_mail_uid
 echo Your LDAP Nextcloud Bind DN Uid is:   $ldap_nextcloud_uid
-echo Your LDAP Gogs Bind DN Uid is:        $ldap_gogs_uid
+echo Your LDAP Gitea Bind DN Uid is:       $ldap_gitea_uid
 echo Your Admin email. Let\'s Encrypt...:  $admin_email
 echo Your Paperless Web Server User:       $paperless_webserver_user
 echo Your SFTP User:                       $paperless_ftp_user
 cp haproxy.env.template haproxy.env
 cp paperless.env.template paperless.env
 cp sftp.env.template sftp.env
-cp gogs.env.template gogs.env
+cp gitea.env.template gitea.env
 cp pihole.env.template pihole.env
 chmod 600 *.env
 
 # Passwords
 echo MYSQL_ROOT_PWD=$db_pwd >> mariadb.env
 echo MYSQL_ROOT_PWD=$db_pwd >> nextcloud.env
-echo MYSQL_ROOT_PWD=$db_pwd >> gogs.env
+echo MYSQL_ROOT_PWD=$db_pwd >> gitea.env
 
 echo LDAP_ADMIN_PWD=$ldap_pwd >> openldap.env
 echo LDAP_MAIL_PWD=$ldap_mail_pwd >> openldap.env
 echo LDAP_NEXTCLOUD_PWD=$ldap_nextcloud_pwd >> openldap.env
-echo LDAP_GOGS_PWD=$ldap_gogs_pwd >> openldap.env
+echo LDAP_GITEA_PWD=$ldap_gitea_pwd >> openldap.env
 echo LDAP_BIND_PWD=$ldap_mail_pwd >> mail.env
 echo LDAP_BIND_PWD=$ldap_nextcloud_pwd >> nextcloud.env
-echo LDAP_BIND_PWD=$ldap_gogs_pwd >> gogs.env
+echo LDAP_BIND_PWD=$ldap_gitea_pwd >> gitea.env
 
 echo NEXTCLOUD_ADMIN_PWD=$nextcloud_admin_pwd >> nextcloud.env
 echo NEXTCLOUD_SALT=$nextcloud_salt >> nextcloud.env
 #echo PAPERLESS_WEBSERVER_PWD=$paperless_webserver_pwd >> paperless.env
 #echo PAPERLESS_PASSPHRASE=$paperless_passphrase >> paperless.env
 echo PAPERLESS_FTP_PWD=$paperless_ftp_pwd >> sftp.env
-echo GOGS_ADMIN_PWD=$gogs_admin_pwd >> gogs.env
+echo GITEA_ADMIN_PWD=$gitea_admin_pwd >> gitea.env
 #echo $pihole_web_pwd | docker secret create pihole_web_pwd -
 sed -i "s/\${PIHOLE_WEB_PWD}/${pihole_web_pwd}/g" pihole.env
 
     sed -i "s/\${VOLUMES_PATH}/${volumes//\//\\/}/g" $i
     sed -i "s/\${LDAP_MAIL_UID}/${ldap_mail_uid}/g" $i
     sed -i "s/\${LDAP_NEXTCLOUD_UID}/${ldap_nextcloud_uid}/g" $i
-    sed -i "s/\${LDAP_GOGS_UID}/${ldap_gogs_uid}/g" $i
+    sed -i "s/\${LDAP_GITEA_UID}/${ldap_gitea_uid}/g" $i
     sed -i "s/\${ADMIN_EMAIL}/${admin_email}/g" $i
     sed -i "s/\${PAPERLESS_WEBSERVER_USER}/${paperless_webserver_user}/g" $i
     sed -i "s/\${PAPERLESS_FTP_USER}/${paperless_ftp_user}/g" $i
 echo "NEXTCLOUD_DB_BACKUP=${NEXTCLOUD_DATA_PATH}/nextcloud_db_backup.sql" >> nextcloud.env
 echo "NEXTCLOUD_DATA_PATH=${NEXTCLOUD_DATA_PATH}" >> nextcloud.env
 echo "NEXTCLOUD_BACKUP_PATH=${NEXTCLOUD_BACKUP_PATH}" >> nextcloud.env
-echo "" >> gogs.env
-echo "GOGS_SERVER_NAME=${GOGS_SERVER_NAME}" >> gogs.env
+echo "" >> gitea.env
+echo "GITEA_SERVER_NAME=${GITEA_SERVER_NAME}" >> gitea.env
 echo "" >> paperless.env
 echo "PAPERLESS_CONSUMPTION_DIR=${PAPERLESS_CONSUMPTION_PATH}" >> paperless.env
 echo "PAPERLESS_EXPORT_DIR=${PAPERLESS_EXPORT_PATH}" >> paperless.env
 echo "PAPERLESS_CONSUMPTION_DIR=${PAPERLESS_CONSUMPTION_PATH}" >> sftp.env
 echo "" >> haproxy.env
 echo "NEXTCLOUD_SERVER_NAME=${NEXTCLOUD_SERVER_NAME}" >> haproxy.env
-echo "GOGS_SERVER_NAME=${GOGS_SERVER_NAME}" >> haproxy.env
+echo "GITEA_SERVER_NAME=${GITEA_SERVER_NAME}" >> haproxy.env
 
 echo $'\E[33m'
 echo "//////////////////////////////////////////////////"
 sudo mkdir -p ${PAPERLESS_MEDIA_VOLUME_PATH}
 sudo mkdir -p ${PAPERLESS_CONSUMPTION_VOLUME_PATH}
 sudo mkdir -p ${PAPERLESS_EXPORT_VOLUME_PATH}
-# gogs
-sudo mkdir -p ${GOGS_DATA_VOLUME_PATH}
+# gitea
+sudo mkdir -p ${GITEA_DATA_VOLUME_PATH}
 # Pi-Hole
 sudo mkdir -p ${PIHOLE_CONFIG_VOLUME_PATH}
 sudo mkdir -p ${PIHOLE_DNSMASQ_VOLUME_PATH}