#!/bin/bash # variables LABEL="DATA" DATABASE_PASS=$(head -c 300 /dev/urandom | tr -cd 'a-zA-Z0-9' | head -c 16) TLD="example.com" HOST="git" ORGNAME="git example" # start set -e [ -e /01firstboot ] && exit 0 [ -e /02firstboot ] || exit 0 # Gitea configuration if [ ! -L /etc/gitea/app.ini ]; then if [ ! -f "/$LABEL/etc/gitea/app.ini" ]; then echo 'Create Gitea config...' mkdir -p /$LABEL/etc/gitea cp /etc/gitea/app.ini /$LABEL/etc/gitea/app.ini mv /etc/gitea/app.ini /$LABEL/etc/gitea/app.ini.orig chown -R git:git /$LABEL/etc/gitea ln -s /$LABEL/etc/gitea/app.ini /etc/gitea/app.ini echo 'Configure Gitea...' sed -i 's#^HOST = 127.0.0.1:3306#HOST = /run/mysqld/mysqld.sock#' /$LABEL/etc/gitea/app.ini sed -i 's/^NAME = gitea/NAME = giteadb/' /$LABEL/etc/gitea/app.ini sed -i 's/^USER = root/USER = gitea/' /$LABEL/etc/gitea/app.ini sed -i 's/^LFS_JWT_SECRET.*=.*$/LFS_JWT_SECRET = '`gitea generate secret LFS_JWT_SECRET`'/g' /$LABEL/etc/gitea/app.ini sed -i 's/^INTERNAL_TOKEN.*=.*$/INTERNAL_TOKEN = '`gitea generate secret INTERNAL_TOKEN`'/g' /$LABEL/etc/gitea/app.ini sed -i 's/^SECRET_KEY.*=.*$/SECRET_KEY = '`gitea generate secret SECRET_KEY`'/g' /$LABEL/etc/gitea/app.ini else echo 'Linking Gitea config...' cp /$LABEL/etc/gitea/app.ini /$LABEL/etc/gitea/app.ini.alt rm -f /$LABEL/etc/gitea/app.ini.orig mv /etc/gitea/app.ini /$LABEL/etc/gitea/app.ini.orig chown -R git:git /$LABEL/etc/gitea ln -s /$LABEL/etc/gitea/app.ini /etc/gitea/app.ini fi fi if [ ! -d "/$LABEL/var/lib/gitea" ]; then mkdir -p /$LABEL/var/lib/gitea chown git:git /$LABEL/var/lib/gitea cp -a /var/lib/gitea/. /$LABEL/var/lib/gitea fi mv /var/lib/gitea /var/lib/gitea.orig ln -s /$LABEL/var/lib/gitea /var/lib/gitea # Database if [ ! -L /var/lib/mysql ]; then systemctl stop mariadb if [ ! -d "/$LABEL/var/lib/mysql/giteadb" ]; then echo 'Initialize MariaDB...' mkdir -p "/$LABEL/var/lib" rm -rf "/$LABEL/var/lib/mysql" cp -a "/var/lib/mysql" "/$LABEL/var/lib/mysql" mv "/var/lib/mysql" "/$LABEL/var/lib/mysql.orig" ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql" systemctl start mariadb sleep 5 echo 'Create Gitea database...' mysql -u root -e "CREATE USER 'gitea'@'localhost' IDENTIFIED BY '$DATABASE_PASS';" mysql -u root -e "CREATE DATABASE giteadb CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_unicode_ci';" mysql -u root -e "GRANT ALL PRIVILEGES ON giteadb.* TO 'gitea'@'localhost' IDENTIFIED by '$DATABASE_PASS';" mysql -u root -e "FLUSH PRIVILEGES;" else echo 'Start MariaDB...' rm -rf "/$LABEL/var/lib/mysql.orig" mv "/var/lib/mysql" "/$LABEL/var/lib/mysql.orig" ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql" systemctl start mariadb sleep 5 mysql -u root -e "GRANT ALL PRIVILEGES ON giteadb.* TO 'gitea'@'localhost' IDENTIFIED by '$DATABASE_PASS';" fi else echo 'Set new database password...' systemctl restart mariadb sleep 5 mysql -u root -e "GRANT ALL PRIVILEGES ON giteadb.* TO 'gitea'@'localhost' IDENTIFIED by '$DATABASE_PASS';" fi # update Gitea config with new database password sed -i "s/.*PASSWD = .*;Use PASSWD =/PASSWD = $DATABASE_PASS ;Use PASSWD =/" /$LABEL/etc/gitea/app.ini # Certificate if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then # angepaßtes Zertifikat vorhanden (kein example) if [ ! -L /etc/ssl/cert-renew.sh ]; then rm -f "/$LABEL/etc/ssl/cert-renew.sh.orig" mv "/etc/ssl/cert-renew.sh" "/$LABEL/etc/ssl/cert-renew.sh.orig" else rm -f "/etc/ssl/cert-renew.sh" fi ln -s "/$LABEL/etc/ssl/cert-renew.sh" "/etc/ssl/cert-renew.sh" else echo 'Create example certificate...' mkdir -p "/$LABEL/CERTS/KEYS/" mkdir -p "/$LABEL/CERTS/$HOST.$TLD" echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem" cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem" touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem" fi rm -rf /etc/ssl/apache2 mkdir -p /etc/ssl ln -sf "/$LABEL/etc/ssl/apache2" "/etc/ssl/apache2" /etc/ssl/cert-renew.sh echo echo "Success!" echo "Do not forget to upgrade the MySQL database:" echo " # mysql_upgrade" echo systemctl enable mariadb systemctl enable apache2 systemctl enable gitea systemctl restart gitea systemctl restart apache2 rm /02firstboot