flow-packer/files/scripts/bootstrap.sh

#!/usr/bin/env bash

set -o errexit
set -o nounset
set -o pipefail

function usage() {
    echo "usage: $0 [options]"
    echo "Bootstraps the flow instance"
    echo ""
    echo "-h,--help: print this help message"
    echo "--network-forge-flow-subnet: The subnet for the forge flow docker network. (default: 172.20.0.0/24)"
    echo "--root-domain: The root domain of the traefik. (default: localhost)"
    echo "--traefik-container-ipv4-address: The IPv4 address of the traefik container. (default: 172.20.0.2)"
    echo "--traefik-check-new-version: Set to true to enable automatic checks for new Traefik versions. (default: true)"
    echo "--traefik-external-ssh-port: The external SSH port to expose for Gitea. (default: 22)"
}

while [[ $# -gt 0 ]]; do
    arg="$1"
    case $arg in
        -h|--help)
            usage
            exit 0
            ;;
        --network-forge-flow-subnet)
            NETWORK_FORGE_FLOW_SUBNET=$2
            shift
            shift
            ;;
        --root-domain)
            ROOT_DOMAIN=$2
            shift
            shift
            ;;
        --gitea-app-name)
            GITEA_APP_NAME=$2
            shift
            shift
            ;;
        --gitea-container-ipv4-address)
            GITEA_CONTAINER_IPV4_ADDRESS=$2
            shift
            shift
            ;;
        --gitea-ssh-port)
            GITEA_SSH_PORT=$2
            shift
            shift
            ;;
        --gitea-http-port)
            GITEA_HTTP_PORT=$2
            shift
            shift
            ;;
        --gitea-run-mode)
            GITEA_RUN_MODE=$2
            shift
            shift
            ;;
        --gitea-version)
            GITEA_VERSION=$2
            shift
            shift
            ;;
        --gitea-log-level)
            GITEA_LOG_LEVEL=$2
            shift
            shift
            ;;
        --traefik-container-ipv4-address)
            TRAEFIK_CONTAINER_IPV4_ADDRESS=$2
            shift
            shift
            ;;
        --traefik-check-new-version)
            TRAEFIK_CHECK_NEW_VERSION=$2
            shift
            shift
            ;;
        --traefik-external-ssh-port)
            TRAEFIK_EXTERNAL_SSH_PORT=$2
            shift
            shift
            ;;
        --traefik-log-level)
            TRAEFIK_LOG_LEVEL=$2
            shift
            shift
            ;;
        --traefik-send-anonymous-usage)
            TRAEFIK_SEND_ANONYMOUS_USAGE=$2
            shift
            shift
            ;;
        --traefik-version)
            TRAEFIK_VERSION=$2
            shift
            shift
            ;;
        --traefik-acme-ca-server)
            TRAEFIK_ACME_CA_SERVER=$2
            shift
            shift
            ;;
        --traefik-acme-email)
            TRAEFIK_ACME_EMAIL=$2
            shift
            shift
            ;;
        *)
            # unknown argument
            shift
            ;;
    esac
done

source /etc/flow/setup/env
DOCKER_ROOT="/home/${FLOW_USERNAME}/Docker/flow"

export NETWORK_FORGE_FLOW_SUBNET="${NETWORK_FORGE_FLOW_SUBNET:-172.20.0.0/24}"
export ROOT_DOMAIN="${ROOT_DOMAIN:-local}"

export GITEA_APP_NAME="${GITEA_APP_NAME:-gitea}"
export GITEA_DOCKER_DIR="${DOCKER_ROOT}/gitea"
export GITEA_DOMAIN="code.${ROOT_DOMAIN}"
export GITEA_CONTAINER_IPV4_ADDRESS="${GITEA_CONTAINER_IPV4_ADDRESS:-172.20.0.3}"
export GITEA_SSH_PORT="${GITEA_SSH_PORT:-2222}"
export GITEA_HTTP_PORT="${GITEA_HTTP_PORT:-3000}"
export GITEA_RUN_MODE="${GITEA_RUN_MODE:-prod}"
export GITEA_VERSION="${GITEA_VERSION:-1.16.6}"
export GITEA_LOG_LEVEL="${GITEA_LOG_LEVEL:-info}"
export GITEA_DATA_HOST_DIR="/mnt/flow/gitea/data"
export GITEA_DATA_CONTAINER_DIR="/flow/gitea/data"
export GITEA_HOME="${GITEA_DATA_CONTAINER_DIR}/home"
export GITEA_WORK_DIR="${GITEA_DATA_CONTAINER_DIR}"
export GITEA_CUSTOM="${GITEA_DATA_CONTAINER_DIR}/custom"
export GITEA_APP_INI="/flow/gitea/config/app.ini"
export GITEA_BIN="/usr/local/bin/gitea"
export GITEA_TMP="/flow/gitea/tmp"
export GITEA_SECRET_HOST_DIR="/mnt/flow/gitea/secret"
export GITEA_SECRET_CONTAINER_DIR="/flow/gitea/secret"

export TRAEFIK_DOCKER_DIR="${DOCKER_ROOT}/traefik"
export TRAEFIK_CHECK_NEW_VERSION="${TRAEFIK_CHECK_NEW_VERSION:-true}"
export TRAEFIK_EXTERNAL_SSH_PORT="${TRAEFIK_EXTERNAL_SSH_PORT:-2222}"
export TRAEFIK_LOG_LEVEL="${TRAEFIK_LOG_LEVEL:-info}"
export TRAEFIK_SEND_ANONYMOUS_USAGE="${TRAEFIK_SEND_ANONYMOUS_USAGE:-false}"
export TRAEFIK_VERSION="${TRAEFIK_VERSION:-v2.6.3}"
export TRAEFIK_CONTAINER_IPV4_ADDRESS="${TRAEFIK_CONTAINER_IPV4_ADDRESS:-172.20.0.2}"
export TRAEFIK_ACME_CA_SERVER="${TRAEFIK_ACME_CA_SERVER:-https://acme-v02.api.letsencrypt.org/directory}"
export TRAEFIK_ACME_EMAIL="${TRAEFIK_ACME_EMAIL:-admin@localhost}"
export TRAEFIK_SHARED_MOUNT_POINT="/flow/shared/traefik"
export TRAEFIK_TLS_HOST_DIR="/mnt/flow/traefik/tls"
export TRAEFIK_TLS_CONTAINER_DIR="/flow/traefik/tls"

mkdir -p "${DOCKER_ROOT}"
envsubst < "${ROOT_SETUP_DIRECTORY}/template/compose/docker-compose.yaml" > "${DOCKER_ROOT}/docker-compose.yaml"

## -- Traefik setup section --
if ! [ -d ${TRAEFIK_TLS_HOST_DIR} ]; then
    mkdir -p ${TRAEFIK_TLS_HOST_DIR}
    chown root:root ${TRAEFIK_TLS_HOST_DIR}
    chmod a-rwx,u+rwx ${TRAEFIK_TLS_HOST_DIR}
fi

mkdir -p "${TRAEFIK_DOCKER_DIR}"
cp "${ROOT_SETUP_DIRECTORY}/template/traefik/Dockerfile" "${TRAEFIK_DOCKER_DIR}/Dockerfile"

for i in $(find "${ROOT_SETUP_DIRECTORY}/template/traefik" -type f -mindepth 1 -not -name *Dockerfile); do
    file=$(basename ${i})
    envsubst < "${ROOT_SETUP_DIRECTORY}/template/traefik/${file}" > "${TRAEFIK_DOCKER_DIR}/${file}"
done

## -- Gitea setup section --
mkdir -p "${GITEA_DOCKER_DIR}"

if ! [ -d ${GITEA_DATA_HOST_DIR} ]; then
    mkdir -p ${GITEA_DATA_HOST_DIR}
    chown ${FLOW_UID}:${FLOW_UID} ${GITEA_DATA_HOST_DIR}
    chmod a-rwx,u-rwx ${GITEA_DATA_HOST_DIR}
fi

# Generate the secrets if they don't exist.
if ! [ -d ${GITEA_SECRET_HOST_DIR} ]; then
    mkdir -p ${GITEA_SECRET_HOST_DIR}
    chown root:root ${GITEA_SECRET_HOST_DIR}
    chmod a-rwx,u+rwx ${GITEA_SECRET_HOST_DIR}
fi

curl -L https://dl.gitea.io/gitea/${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64 -o /tmp/gitea
curl -L https://dl.gitea.io/gitea/${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64.asc -o /tmp/gitea.asc
gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
gpg --verify /tmp/gitea.asc /tmp/gitea

chmod a+x /tmp/gitea
mv /tmp/gitea "${GITEA_DOCKER_DIR}/gitea"

if ! [ -f ${GITEA_SECRET_HOST_DIR}/SECRET_KEY ]; then
    ${GITEA_DOCKER_DIR}/gitea generate secret SECRET_KEY | base64 -w 0 | tee ${GITEA_SECRET_HOST_DIR}/SECRET_KEY
    chown root:root ${GITEA_SECRET_HOST_DIR}/SECRET_KEY
    chmod a-rwx,u+rw ${GITEA_SECRET_HOST_DIR}/SECRET_KEY
fi

if ! [ -f ${GITEA_SECRET_HOST_DIR}/INTERNAL_TOKEN ]; then
    ${GITEA_DOCKER_DIR}/gitea generate secret INTERNAL_TOKEN | base64 -w 0 | tee ${GITEA_SECRET_HOST_DIR}/INTERNAL_TOKEN
    chown root:root ${GITEA_SECRET_HOST_DIR}/INTERNAL_TOKEN
    chmod a-rwx,u+rw ${GITEA_SECRET_HOST_DIR}/INTERNAL_TOKEN
fi

export GITEA_SECRET_KEY=$(cat ${GITEA_SECRET_HOST_DIR}/SECRET_KEY | base64 -d)
export GITEA_INTERNAL_TOKEN=$(cat ${GITEA_SECRET_HOST_DIR}/INTERNAL_TOKEN | base64 -d)

cp "${ROOT_SETUP_DIRECTORY}/template/gitea/Dockerfile" "${GITEA_DOCKER_DIR}/Dockerfile"

for i in $(find "${ROOT_SETUP_DIRECTORY}/template/gitea" -type f -mindepth 1 -not -name *Dockerfile); do
    file=$(basename ${i})
    envsubst < "${ROOT_SETUP_DIRECTORY}/template/gitea/${file}" > "${GITEA_DOCKER_DIR}/${file}"
done

chown -R ${FLOW_USERNAME}:${FLOW_USERNAME} /home/${FLOW_USERNAME}/Docker
chmod -R a-rwx,u+rwX /home/${FLOW_USERNAME}/Docker

rc-update add docker
rc-service docker start