225 lines
7.5 KiB
Bash
225 lines
7.5 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
set -o errexit
|
|
set -o nounset
|
|
set -o pipefail
|
|
|
|
function usage() {
|
|
echo "usage: $0 [options]"
|
|
echo "Bootstraps the flow instance"
|
|
echo ""
|
|
echo "-h,--help: print this help message"
|
|
echo "--network-forge-flow-subnet: The subnet for the forge flow docker network. (default: 172.20.0.0/24)"
|
|
echo "--root-domain: The root domain of the traefik. (default: localhost)"
|
|
echo "--traefik-container-ipv4-address: The IPv4 address of the traefik container. (default: 172.20.0.2)"
|
|
echo "--traefik-check-new-version: Set to true to enable automatic checks for new Traefik versions. (default: true)"
|
|
echo "--traefik-external-ssh-port: The external SSH port to expose for Gitea. (default: 22)"
|
|
}
|
|
|
|
while [[ $# -gt 0 ]]; do
|
|
arg="$1"
|
|
case $arg in
|
|
-h|--help)
|
|
usage
|
|
exit 0
|
|
;;
|
|
--network-forge-flow-subnet)
|
|
NETWORK_FORGE_FLOW_SUBNET=$2
|
|
shift
|
|
shift
|
|
;;
|
|
--root-domain)
|
|
ROOT_DOMAIN=$2
|
|
shift
|
|
shift
|
|
;;
|
|
--gitea-app-name)
|
|
GITEA_APP_NAME=$2
|
|
shift
|
|
shift
|
|
;;
|
|
--gitea-container-ipv4-address)
|
|
GITEA_CONTAINER_IPV4_ADDRESS=$2
|
|
shift
|
|
shift
|
|
;;
|
|
--gitea-ssh-port)
|
|
GITEA_SSH_PORT=$2
|
|
shift
|
|
shift
|
|
;;
|
|
--gitea-http-port)
|
|
GITEA_HTTP_PORT=$2
|
|
shift
|
|
shift
|
|
;;
|
|
--gitea-run-mode)
|
|
GITEA_RUN_MODE=$2
|
|
shift
|
|
shift
|
|
;;
|
|
--gitea-version)
|
|
GITEA_VERSION=$2
|
|
shift
|
|
shift
|
|
;;
|
|
--gitea-log-level)
|
|
GITEA_LOG_LEVEL=$2
|
|
shift
|
|
shift
|
|
;;
|
|
--traefik-container-ipv4-address)
|
|
TRAEFIK_CONTAINER_IPV4_ADDRESS=$2
|
|
shift
|
|
shift
|
|
;;
|
|
--traefik-check-new-version)
|
|
TRAEFIK_CHECK_NEW_VERSION=$2
|
|
shift
|
|
shift
|
|
;;
|
|
--traefik-external-ssh-port)
|
|
TRAEFIK_EXTERNAL_SSH_PORT=$2
|
|
shift
|
|
shift
|
|
;;
|
|
--traefik-log-level)
|
|
TRAEFIK_LOG_LEVEL=$2
|
|
shift
|
|
shift
|
|
;;
|
|
--traefik-send-anonymous-usage)
|
|
TRAEFIK_SEND_ANONYMOUS_USAGE=$2
|
|
shift
|
|
shift
|
|
;;
|
|
--traefik-version)
|
|
TRAEFIK_VERSION=$2
|
|
shift
|
|
shift
|
|
;;
|
|
--traefik-acme-ca-server)
|
|
TRAEFIK_ACME_CA_SERVER=$2
|
|
shift
|
|
shift
|
|
;;
|
|
--traefik-acme-email)
|
|
TRAEFIK_ACME_EMAIL=$2
|
|
shift
|
|
shift
|
|
;;
|
|
*)
|
|
# unknown argument
|
|
shift
|
|
;;
|
|
esac
|
|
done
|
|
|
|
source /etc/flow/setup/env
|
|
DOCKER_ROOT="/home/${FLOW_USERNAME}/Docker/flow"
|
|
|
|
export NETWORK_FORGE_FLOW_SUBNET="${NETWORK_FORGE_FLOW_SUBNET:-172.20.0.0/24}"
|
|
export ROOT_DOMAIN="${ROOT_DOMAIN:-local}"
|
|
|
|
export GITEA_APP_NAME="${GITEA_APP_NAME:-gitea}"
|
|
export GITEA_DOCKER_DIR="${DOCKER_ROOT}/gitea"
|
|
export GITEA_DOMAIN="code.${ROOT_DOMAIN}"
|
|
export GITEA_CONTAINER_IPV4_ADDRESS="${GITEA_CONTAINER_IPV4_ADDRESS:-172.20.0.3}"
|
|
export GITEA_SSH_PORT="${GITEA_SSH_PORT:-2222}"
|
|
export GITEA_HTTP_PORT="${GITEA_HTTP_PORT:-3000}"
|
|
export GITEA_RUN_MODE="${GITEA_RUN_MODE:-prod}"
|
|
export GITEA_VERSION="${GITEA_VERSION:-1.16.6}"
|
|
export GITEA_LOG_LEVEL="${GITEA_LOG_LEVEL:-info}"
|
|
export GITEA_DATA_HOST_DIR="/mnt/flow/gitea/data"
|
|
export GITEA_DATA_CONTAINER_DIR="/flow/gitea/data"
|
|
export GITEA_HOME="${GITEA_DATA_CONTAINER_DIR}/home"
|
|
export GITEA_WORK_DIR="${GITEA_DATA_CONTAINER_DIR}"
|
|
export GITEA_CUSTOM="${GITEA_DATA_CONTAINER_DIR}/custom"
|
|
export GITEA_APP_INI="/flow/gitea/config/app.ini"
|
|
export GITEA_BIN="/usr/local/bin/gitea"
|
|
export GITEA_TMP="/flow/gitea/tmp"
|
|
export GITEA_SECRET_HOST_DIR="/mnt/flow/gitea/secret"
|
|
export GITEA_SECRET_CONTAINER_DIR="/flow/gitea/secret"
|
|
|
|
export TRAEFIK_DOCKER_DIR="${DOCKER_ROOT}/traefik"
|
|
export TRAEFIK_CHECK_NEW_VERSION="${TRAEFIK_CHECK_NEW_VERSION:-true}"
|
|
export TRAEFIK_EXTERNAL_SSH_PORT="${TRAEFIK_EXTERNAL_SSH_PORT:-2222}"
|
|
export TRAEFIK_LOG_LEVEL="${TRAEFIK_LOG_LEVEL:-info}"
|
|
export TRAEFIK_SEND_ANONYMOUS_USAGE="${TRAEFIK_SEND_ANONYMOUS_USAGE:-false}"
|
|
export TRAEFIK_VERSION="${TRAEFIK_VERSION:-v2.6.3}"
|
|
export TRAEFIK_CONTAINER_IPV4_ADDRESS="${TRAEFIK_CONTAINER_IPV4_ADDRESS:-172.20.0.2}"
|
|
export TRAEFIK_ACME_CA_SERVER="${TRAEFIK_ACME_CA_SERVER:-https://acme-v02.api.letsencrypt.org/directory}"
|
|
export TRAEFIK_ACME_EMAIL="${TRAEFIK_ACME_EMAIL:-admin@localhost}"
|
|
export TRAEFIK_SHARED_MOUNT_POINT="/flow/shared/traefik"
|
|
export TRAEFIK_TLS_HOST_DIR="/mnt/flow/traefik/tls"
|
|
export TRAEFIK_TLS_CONTAINER_DIR="/flow/traefik/tls"
|
|
|
|
mkdir -p "${DOCKER_ROOT}"
|
|
envsubst < "${ROOT_SETUP_DIRECTORY}/template/compose/docker-compose.yaml" > "${DOCKER_ROOT}/docker-compose.yaml"
|
|
|
|
## -- Traefik setup section --
|
|
if ! [ -d ${TRAEFIK_TLS_HOST_DIR} ]; then
|
|
mkdir -p ${TRAEFIK_TLS_HOST_DIR}
|
|
chown root:root ${TRAEFIK_TLS_HOST_DIR}
|
|
chmod a-rwx,u+rwx ${TRAEFIK_TLS_HOST_DIR}
|
|
fi
|
|
|
|
mkdir -p "${TRAEFIK_DOCKER_DIR}"
|
|
cp "${ROOT_SETUP_DIRECTORY}/template/traefik/Dockerfile" "${TRAEFIK_DOCKER_DIR}/Dockerfile"
|
|
|
|
for i in $(find "${ROOT_SETUP_DIRECTORY}/template/traefik" -type f -mindepth 1 -not -name *Dockerfile); do
|
|
file=$(basename ${i})
|
|
envsubst < "${ROOT_SETUP_DIRECTORY}/template/traefik/${file}" > "${TRAEFIK_DOCKER_DIR}/${file}"
|
|
done
|
|
|
|
## -- Gitea setup section --
|
|
mkdir -p "${GITEA_DOCKER_DIR}"
|
|
|
|
if ! [ -d ${GITEA_DATA_HOST_DIR} ]; then
|
|
mkdir -p ${GITEA_DATA_HOST_DIR}
|
|
chown ${FLOW_UID}:${FLOW_UID} ${GITEA_DATA_HOST_DIR}
|
|
chmod a-rwx,u-rwx ${GITEA_DATA_HOST_DIR}
|
|
fi
|
|
|
|
# Generate the secrets if they don't exist.
|
|
if ! [ -d ${GITEA_SECRET_HOST_DIR} ]; then
|
|
mkdir -p ${GITEA_SECRET_HOST_DIR}
|
|
chown root:root ${GITEA_SECRET_HOST_DIR}
|
|
chmod a-rwx,u+rwx ${GITEA_SECRET_HOST_DIR}
|
|
fi
|
|
|
|
curl -L https://dl.gitea.io/gitea/${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64 -o /tmp/gitea
|
|
curl -L https://dl.gitea.io/gitea/${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64.asc -o /tmp/gitea.asc
|
|
gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
|
|
gpg --verify /tmp/gitea.asc /tmp/gitea
|
|
|
|
chmod a+x /tmp/gitea
|
|
mv /tmp/gitea "${GITEA_DOCKER_DIR}/gitea"
|
|
|
|
if ! [ -f ${GITEA_SECRET_HOST_DIR}/SECRET_KEY ]; then
|
|
${GITEA_DOCKER_DIR}/gitea generate secret SECRET_KEY | base64 -w 0 | tee ${GITEA_SECRET_HOST_DIR}/SECRET_KEY
|
|
chown root:root ${GITEA_SECRET_HOST_DIR}/SECRET_KEY
|
|
chmod a-rwx,u+rw ${GITEA_SECRET_HOST_DIR}/SECRET_KEY
|
|
fi
|
|
|
|
if ! [ -f ${GITEA_SECRET_HOST_DIR}/INTERNAL_TOKEN ]; then
|
|
${GITEA_DOCKER_DIR}/gitea generate secret INTERNAL_TOKEN | base64 -w 0 | tee ${GITEA_SECRET_HOST_DIR}/INTERNAL_TOKEN
|
|
chown root:root ${GITEA_SECRET_HOST_DIR}/INTERNAL_TOKEN
|
|
chmod a-rwx,u+rw ${GITEA_SECRET_HOST_DIR}/INTERNAL_TOKEN
|
|
fi
|
|
|
|
export GITEA_SECRET_KEY=$(cat ${GITEA_SECRET_HOST_DIR}/SECRET_KEY | base64 -d)
|
|
export GITEA_INTERNAL_TOKEN=$(cat ${GITEA_SECRET_HOST_DIR}/INTERNAL_TOKEN | base64 -d)
|
|
|
|
cp "${ROOT_SETUP_DIRECTORY}/template/gitea/Dockerfile" "${GITEA_DOCKER_DIR}/Dockerfile"
|
|
|
|
for i in $(find "${ROOT_SETUP_DIRECTORY}/template/gitea" -type f -mindepth 1 -not -name *Dockerfile); do
|
|
file=$(basename ${i})
|
|
envsubst < "${ROOT_SETUP_DIRECTORY}/template/gitea/${file}" > "${GITEA_DOCKER_DIR}/${file}"
|
|
done
|
|
|
|
chown -R ${FLOW_USERNAME}:${FLOW_USERNAME} /home/${FLOW_USERNAME}/Docker
|
|
chmod -R a-rwx,u+rwX /home/${FLOW_USERNAME}/Docker
|
|
|
|
rc-update add docker
|
|
rc-service docker start
|