diff --git a/forgejo/README.md b/forgejo/README.md new file mode 100644 index 0000000..8914110 --- /dev/null +++ b/forgejo/README.md @@ -0,0 +1,58 @@ +# Forgejo (was: Gitea) + +This deploys the Forgejo git hosting software on Fly.io. + +## Installation + +1. Clone this repository +1. `fly launch`, follow the prompts +1. Select `n` when it asks if you want to deploy +1. Create a volume in a region of your choice: `fly volumes create data --size 50 --region ord` +1. Generate, and store securely, you secrets: + ```shell + fly secrets set \ + "GITEA__security__SECRET_KEY=$(openssl rand -hex 12)" \ + "GITEA__security__INTERNAL_TOKEN=$(openssl rand -hex 12)" + ``` +1. For S3 storage you'll need to add two more secrets: + ```shell + fly secrets set "GITEA__storage__MINIO_ACCESS_KEY_ID=[redacted]" + fly secrets set "GITEA__storage__MINIO_SECRET_ACCESS_KEY=[redacted]" + ``` +1. Deploy, `fly deploy --remote-only` +1. Setup DNS with your registrar, you must have either CNAME or A/AAAA records + set. See: https://fly.io/docs/app-guides/custom-domains-with-fly/ +1. Create certificate for Fly's automatic TLS termination. `fly certs create git.example.com` +1. Opens an SSH session to the running container. `fly ssh console` +1. In the SSH session in the container, run: `su git` and then + ```shell + gitea admin user create \ + --username MYNAME \ + --email MYEMAIL@example.com \ + --admin \ + --random-password \ + --must-change-password + ``` + +## Proxy the GUI to localhost + +1. Forward container port 3000 to localhost:3000 `fly proxy 3000:3000` + +## Get Connected using WireGuard (VPN) + +1. Create a WireGuard peer with `fly wireguard create` +1. Setup WireGuard with generated config +1. `fly ips private` to get the IP of your Daemon +1. Set the `DOCKER_HOST` env variable using that IP: + ``` + export DOCKER_HOST=tcp://[fdaa:0:5d2:a7b:81:0:26d4:2]:2375 + ``` + +# Final Step + +1. Delete the Docker Engine from your local system. +1. You probably want to scale your remote Daemon: `fly scale vm dedicated-cpu-2x` + +# NOTES: + +* https://blog.luketurner.org/posts/gitea-on-fly/ diff --git a/forgejo/fly.toml b/forgejo/fly.toml index 0514831..0eb76d8 100644 --- a/forgejo/fly.toml +++ b/forgejo/fly.toml @@ -25,15 +25,31 @@ kill_timeout = "5s" GITEA__mailer__SUBJECT_PREFIX = "git.burd.me" GITEA__security__INSTALL_LOCK = "true" GITEA__server__DOMAIN = "git.burd.me" + GITEA__server__LANDING_PAGE = "/greg" GITEA__server__ROOT_URL = "https://git.burd.me" GITEA__server__SSH_DOMAIN = "git.burd.me" GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE = "true" GITEA__service__DEFAULT_USER_IS_RESTRICTED = "true" - GITEA__service__DISABLE_REGISTRATION = "false" + GITEA__service__DISABLE_REGISTRATION = "true" # NOTE: should be uncomment once you have created your first user GITEA__service__REGISTER_EMAIL_CONFIRM = "false" GITEA__service__REGISTER_MANUAL_CONFIRM = "true" "GITEA__ui.meta__AUTHOR" = "git.burd.me: Git for us" GITEA__ui__DEFAULT_THEME = "forgejo-auto" + # GITEA__log__MODE = "console" + # GITEA__log__LEVEL = "trace" + # GITEA__log__REDIRECT_MACARON_LOG = "true" + # GITEA__log__MACARON = "console" + # GITEA__log__ROUTER = "console" + # GITEA__log__ROOT_PATH = "/data/gitea/log" + # Storage in S3 bucket + # NOTE: MINIO_BASE_PATH must *not* be set in the [storage] section. + GITEA__storage__STORAGE_TYPE = "minio" + GITEA__storage__MINIO_USE_SSL = "true" + GITEA__storage__MINIO_ENDPOINT = "s3.us-west-000.backblazeb2.com" + # GITEA__storage__MINIO_ACCESS_KEY_ID = [use fly secrets set ..., see README.md] + # GITEA__storage__MINIO_SECRET_ACCESS_KEY = [use fly secrets set ..., see README.md] + GITEA__storage__MINIO_BUCKET = "burd-infra-forgejo-4276-a538" + GITEA__storage__MINIO_LOCATION = "us-west-000" [[mounts]] source = "gitea_data"