Repository

In this section

• Gitea

  Prerequis

  - Firewalld activated, important otherwise the routing to the app is not working 
  - Podman, jq installed
  

  Import image

  1podman pull docker.io/gitea/gitea:1-rootless
  2podman save docker.io/gitea/gitea:1-rootless -o gitea-rootless.tar
  3podman load < gitea-rootless.tar
  

  Install

  cat /etc/systemd/system/container-gitea-app.service

   1# container-gitea-app.service
   2[Unit]
   3Description=Podman container-gitea-app.service
   4
   5Wants=network.target
   6After=network-online.target
   7RequiresMountsFor=/var/lib/containers/storage /var/run/containers/storage
   8
   9[Service]
  10Environment=PODMAN_SYSTEMD_UNIT=%n
  11Restart=on-failure
  12TimeoutStopSec=70
  13PIDFile=%t/container-gitea-app.pid
  14Type=forking
  15
  16ExecStartPre=/bin/rm -f %t/container-gitea-app.pid %t/container-gitea-app.ctr-id
  17ExecStart=/usr/bin/podman container run \
  18          --conmon-pidfile %t/container-gitea-app.pid \
  19          --cidfile %t/container-gitea-app.ctr-id \
  20          --cgroups=no-conmon \
  21          --replace \
  22          --detach \
  23          --tty \
  24          --env DB_TYPE=sqlite3 \
  25          --env DB_HOST=gitea-db:3306 \
  26          --env DB_NAME=gitea \
  27          --env DB_USER=gitea \
  28          --env DB_PASSWD=9Oq6P9Tsm6j8J7c18Jxc \
  29          --volume gitea-data-volume:/var/lib/gitea:Z \
  30          --volume gitea-config-volume:/etc/gitea:Z \
  31          --network gitea-net \
  32          --publish 2222:2222 \
  33          --publish 3000:3000 \
  34          --label "io.containers.autoupdate=registry" \
  35          --name gitea-app \
  36          docker.io/gitea/gitea:1-rootless
  37
  38ExecStop=/usr/bin/podman container stop \
  39          --ignore \
  40          --cidfile %t/container-gitea-app.ctr-id \
  41          -t 10
  42
  43ExecStopPost=/usr/bin/podman container rm \
  44          --ignore \
  45          -f \
  46          --cidfile %t/container-gitea-app.ctr-id
  47
  48[Install]
  49WantedBy=multi-user.target default.target
  

  Configuration inside /var/lib/containers/storage/volumes/gitea-config-volume/_data/app.ini

• Github

  Get tag_name from latest

  1export RKE_VERSION=$(curl -s https://update.rke2.io/v1-release/channels | jq -r '.data[] | select(.id=="stable") | .latest' | awk -F"+" '{print $1}'| sed 's/v//')
  2export CERT_VERSION=$(curl -s https://api.github.com/repos/cert-manager/cert-manager/releases/latest | jq -r .tag_name)
  3export RANCHER_VERSION=$(curl -s https://api.github.com/repos/rancher/rancher/releases/latest | jq -r .tag_name)
  4export LONGHORN_VERSION=$(curl -s https://api.github.com/repos/longhorn/longhorn/releases/latest | jq -r .tag_name)
  5export NEU_VERSION=$(curl -s https://api.github.com/repos/neuvector/neuvector-helm/releases/latest | jq -r .tag_name)
  

  Install gh

   1# ubuntu
   2type -p curl >/dev/null || (sudo apt update && sudo apt install curl -y)
   3curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
   4&& sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
   5&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
   6&& sudo apt update \
   7&& sudo apt install gh -y
   8
   9# Redhat
  10sudo dnf install 'dnf-command(config-manager)'
  11sudo dnf config-manager --add-repo https://cli.github.com/packages/rpm/gh-cli.repo
  12sudo dnf install gh
  

  Autocompletions

  1gh completion zsh > $ZSH/completions/_gh
  

  Create an ssh key ed

  Login

  1gh auth login -p ssh -h GitHub.com -s read:project,delete:repo,repo,workflow -w
  2
  3gh auth status
  4github.com
  5  ✓ Logged in to github.com as MorzeBaltyk ($HOME/.config/gh/hosts.yml)
  6  ✓ Git operations for github.com configured to use ssh protocol.
  7  ✓ Token: gho_************************************
  8  ✓ Token scopes: delete_repo, gist, read:org, read:project, repo
  

  To use your key

  One way:

• Gitlab

  Glab CLI

  https://glab.readthedocs.io/en/latest/intro.html

  1# add token
  2glab auth login --hostname mygitlab.example.com
  3# view fork of dep installer
  4glab repo view mygitlab.example.com/copain/project
  5# clone fork of dep installer
  6glab repo clone mygitlab.example.com/copain/project
  

  Install

  1Optimization 
  2puma['worker_processes'] = 16
  3puma['worker_timeout'] = 60
  4puma['min_threads'] = 1
  5puma['max_threads'] = 4
  6puma['per_worker_max_memory_mb'] = 2048
  

  Certificats

  Generate CSR in /data/gitlab/csr/server_cert.cnf

   1[req]
   2default_bits       = 2048
   3distinguished_name = req_distinguished_name
   4req_extensions     = req_ext
   5prompt = no
   6
   7[req_distinguished_name]
   8C   = PL
   9ST  = Poland
  10L   = Warsaw
  11O   = myOrg
  12OU  = DEV
  13CN  = gitlab.example.com
  14
  15[req_ext]
  16subjectAltName = @alt_names
  17
  18[alt_names]
  19DNS = gitlab.example.com
  20IP = 192.168.01.01
  

  1# Create CSR
  2openssl req -new -newkey rsa:2048 -nodes -keyout gitlab.example.com.key -config /data/gitlab/csr/server_cert.cnf  -out gitlab.example.com.csr
  3
  4openssl req -noout -text -in gitlab.example.com.csr 
  5
  6# Sign your CSR with your PKI. If you PKI is a windows one, you should get back a .CER file.
  7
  8# check info:
  9openssl x509 -text -in gitlab.example.com.cer -noout
  

   1### push it in crt/key in Gitlab
   2cp /tmp/gitlab.example.com.cer cert/gitlab.example.com.crt
   3cp /tmp/gitlab.example.com.key cert/gitlab.example.com.key
   4cp /tmp/gitlab.example.com.cer cert/192.168.01.01.crt
   5cp /tmp/gitlab.example.com.key cert/192.168.01.01.key
   6
   7### push rootCA in gitlab
   8cp /etc/pki/ca-trust/source/anchors/domain-issuing.crt  /data/gitlab/config/trusted-certs/domain-issuing.crt
   9cp /etc/pki/ca-trust/source/anchors/domain-rootca.crt   /data/gitlab/config/trusted-certs/domain-rootca.crt
  10
  11### Reconfigure 
  12vi /data/gitlab/config/gitlab.rb
  13docker exec gitlab bash -c 'update-ca-certificates'
  14docker exec gitlab bash -c 'gitlab-ctl reconfigure'
  15
  16### Stop / Start
  17docker stop gitlab
  18docker rm gitlab
  19docker run -d -p 5050:5050 -p 2289:22 -p 443:443 --restart=always \
  20-v /data/gitlab/config:/etc/gitlab \
  21-v /data/gitlab/logs:/var/log/gitlab \
  22-v /data/gitlab/data:/var/opt/gitlab \
  23-v /data/gitlab/cert:/etc/gitlab/ssl \
  24-v /data/gitlab/config/trusted-certs:/usr/local/share/ca-certificates \
  25--name gitlab gitlab/gitlab-ce:15.0.5-ce.0
  

  Health-Checks

  1docker exec gitlab bash -c 'gitlab-ctl status'
  2docker exec -it gitlab gitlab-rake gitlab:check SANITIZE=true
  3docker exec -it gitlab gitlab-rake gitlab:env:info
  

  Backup

  1docker exec -it gitlab gitlab-rake gitlab:backup:create --trace
  2
  3#Alternate way to do it 
  4docker exec gitlab bash -c 'gitlab-backup create'
  5docker exec gitlab bash -c 'gitlab-backup create SKIP=repositories'
  6docker exec gitlab bash -c 'gitlab-backup create SKIP=registry'
  

  Restore from a Backup

   1Restore
   2gitlab-ctl reconfigure
   3gitlab-ctl start
   4gitlab-ctl stop unicorn
   5gitlab-ctl stop sidekiq
   6gitlab-ctl status
   7ls -lart /var/opt/gitlab/backups
   8
   9docker exec -it gitlab gitlab-rake gitlab:backup:restore --trace
  10docker exec -it gitlab gitlab-rake gitlab:backup:restore BACKUP=1537738690_2018_09_23_10.8.3 --trace
  11
  12Restart 
  13docker exec gitlab bash -c 'gitlab-ctl restart'
  

  Update

  Pre-checks before update

  sudo docker exec -it gitlab gitlab-rake gitlab:check sudo docker exec -it gitlab gitlab-rake gitlab:doctor:secrets