vaultsovereign/vm-skills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eac77ef7b4b5a87f0a35a1181dacb4013b09b996
vm-skills/gitea-bootstrap/scripts/11_apply.sh
Vault Sovereign eac77ef7b4 Initial commit: VaultMesh Skills collection 
Collection of operational skills for VaultMesh infrastructure including:
- backup-sovereign: Backup and recovery operations
- btc-anchor: Bitcoin anchoring
- cloudflare-tunnel-manager: Cloudflare tunnel management
- container-registry: Container registry operations
- disaster-recovery: Disaster recovery procedures
- dns-sovereign: DNS management
- eth-anchor: Ethereum anchoring
- gitea-bootstrap: Gitea setup and configuration
- hetzner-bootstrap: Hetzner server provisioning
- merkle-forest: Merkle tree operations
- node-hardening: Node security hardening
- operator-bootstrap: Operator initialization
- proof-verifier: Cryptographic proof verification
- rfc3161-anchor: RFC3161 timestamping
- secrets-vault: Secrets management

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-27 00:25:00 +00:00

113 lines
2.9 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
SKILL_ROOT="$(dirname "$SCRIPT_DIR")"
source "$SCRIPT_DIR/_common.sh"
: "${MODE:=docker}"
: "${NODE_NAME:=node-b}"
: "${HTTP_PORT:=3000}"
: "${SSH_PORT:=2222}"
: "${DOMAIN:=}"
: "${DATA_DIR:=$HOME/gitea}"
: "${ADMIN_USER:=}"
: "${ADMIN_EMAIL:=}"
compose_cmd() {
if command -v docker-compose >/dev/null 2>&1; then
echo "docker-compose"
else
echo "docker compose"
fi
}
main() {
confirm_gate
[[ -n "$ADMIN_USER" ]] || die "ADMIN_USER is required."
[[ -n "$ADMIN_EMAIL" ]] || die "ADMIN_EMAIL is required."
local ts; ts="$(date -Iseconds | tr ':' '-')"
local backup_dir="$SKILL_ROOT/outputs/backups/$ts"
mkdir -p "$backup_dir"
if [[ "$MODE" == "docker" ]]; then
need docker
mkdir -p "$SKILL_ROOT/outputs"
# Render minimal app.ini (Gitea will expand defaults)
cat > "$SKILL_ROOT/outputs/gitea_app.ini" <<EOF
APP_NAME = VaultMesh Gitea
RUN_MODE = prod
[server]
DOMAIN = ${DOMAIN}
HTTP_PORT = ${HTTP_PORT}
ROOT_URL = ${DOMAIN:+https://${DOMAIN}/}${DOMAIN:+" "}${DOMAIN:-http://localhost:${HTTP_PORT}/}
SSH_DOMAIN = ${DOMAIN:-localhost}
SSH_PORT = ${SSH_PORT}
DISABLE_SSH = false
START_SSH_SERVER = true
[database]
DB_TYPE = sqlite3
PATH = /data/gitea/gitea.db
[security]
INSTALL_LOCK = true
EOF
# Render compose.yml
cat > "$SKILL_ROOT/outputs/compose.yml" <<EOF
version: "3"
services:
gitea:
image: gitea/gitea:latest
container_name: gitea
restart: unless-stopped
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__server__HTTP_PORT=${HTTP_PORT}
- GITEA__server__SSH_PORT=${SSH_PORT}
volumes:
- ${DATA_DIR}:/data
- ${SKILL_ROOT}/outputs/gitea_app.ini:/data/gitea/conf/app.ini
ports:
- "${HTTP_PORT}:${HTTP_PORT}"
- "${SSH_PORT}:22"
EOF
cp -a "$SKILL_ROOT/outputs/compose.yml" "$backup_dir/compose.yml"
cp -a "$SKILL_ROOT/outputs/gitea_app.ini" "$backup_dir/gitea_app.ini"
log_info "Starting Gitea via compose..."
cd "$SKILL_ROOT/outputs"
$(compose_cmd) -f compose.yml up -d
log_info "Waiting for HTTP..."
for i in $(seq 1 30); do
if curl -fsS "http://127.0.0.1:${HTTP_PORT}/" >/dev/null 2>&1; then
break
fi
sleep 1
done
log_warn "Admin creation is interactive via web UI on first run (recommended)."
log_warn "Open: http://<host>:${HTTP_PORT}/ and create admin user: $ADMIN_USER"
log_warn "Then lock install is already set in app.ini (INSTALL_LOCK=true)."
elif [[ "$MODE" == "native" ]]; then
need sudo
need systemctl
log_warn "Native mode is a scaffold in v1.0.0."
log_warn "It intentionally does not auto-install packages to avoid distro variance."
log_warn "Next action: follow references/gitea_hardening_notes.md and extend apply script for your distro."
else
die "MODE must be docker|native"
fi
log_info "Apply complete."
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink