third_party
/
gitea
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #288 from tboerger/docker

Browse Source 
Docker integration
tokarchuk/v1.17
Thomas Boerger 8 years ago committed by GitHub
parent fd53028139 d7dea676fd
commit 16cdbe1956
31 changed files with 232 additions and 371 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 24
      .dockerignore
  2. 28
      .drone.yml
  3. 2
      .drone.yml.sig
  4. 56
      Dockerfile
  5. 59
      Dockerfile.rpi
  6. 111
      docker/README.md
  7. 36
      docker/build.sh
  8. 1
      docker/etc/nsswitch.conf
  9. 2
      docker/etc/profile.d/gitea.sh
  10. 2
      docker/etc/s6/.s6-svscan/finish
  11. 2
      docker/etc/s6/gitea/finish
  12. 6
      docker/etc/s6/gitea/run
  13. 19
      docker/etc/s6/gitea/setup
  14. 2
      docker/etc/s6/openssh/finish
  15. 6
      docker/etc/s6/openssh/run
  16. 29
      docker/etc/s6/openssh/setup
  17. 2
      docker/etc/s6/syslogd/finish
  18. 6
      docker/etc/s6/syslogd/run
  19. 1
      docker/etc/s6/syslogd/setup
  20. 27
      docker/etc/ssh/sshd_config
  21. 24
      docker/etc/templates/app.ini
  22. 5
      docker/s6/.s6-svscan/finish
  23. 0
      docker/s6/crond/down
  24. 9
      docker/s6/crond/run
  25. 8
      docker/s6/gogs/run
  26. 23
      docker/s6/gogs/setup
  27. 7
      docker/s6/openssh/run
  28. 23
      docker/s6/openssh/setup
  29. 7
      docker/s6/syslogd/run
  30. 65
      docker/start.sh
  31. 11
      docker/usr/bin/entrypoint

24
.dockerignore
Unescape View File

@ -1,19 +1,5 @@
.git *
.git/** !docker
packager !bin
packager/** !public
scripts !templates
scripts/**
.github/
.github/**
config.codekit
.dockerignore
*.yml
*.md
.bra.toml
.editorconfig
.gitignore
Dockerfile*
vendor
vendor/**
gogs

28
.drone.yml
Unescape View File

@ -50,21 +50,21 @@ pipeline:
event: [ push, tag ] event: [ push, tag ]
branch: [ master, refs/tags/* ] branch: [ master, refs/tags/* ]
# docker: docker:
# image: plugins/docker image: plugins/docker
# repo: gitea/gitea repo: gitea/gitea
# tags: [ '${TAG}' ] tags: [ '${TAG}' ]
# when: when:
# event: [ tag ] event: [ tag ]
# branch: [ refs/tags/* ] branch: [ refs/tags/* ]
# docker: docker:
# image: plugins/docker image: plugins/docker
# repo: gitea/gitea repo: gitea/gitea
# tags: [ 'latest' ] tags: [ 'latest' ]
# when: when:
# event: [ push ] event: [ push ]
# branch: [ master ] branch: [ master ]
release: release:
image: plugins/s3 image: plugins/s3

2
.drone.yml.sig
Unescape View File

@ -1 +1 @@
eyJhbGciOiJIUzI1NiJ9.d29ya3NwYWNlOgogIGJhc2U6IC9zcnYvYXBwCiAgcGF0aDogc3JjL2NvZGUuZ2l0ZWEuaW8vZ2l0ZWEKCnBpcGVsaW5lOgogIHRlc3Q6CiAgICBpbWFnZTogd2ViaGlwcGllL2dvbGFuZzplZGdlCiAgICBwdWxsOiB0cnVlCiAgICBlbnZpcm9ubWVudDoKICAgICAgQ0dPX0VOQUJMRUQ6IDEKICAgICAgVEFHUzogY2VydCBzcWxpdGUgcGFtIG1pbml3aW5zdmMKICAgIGNvbW1hbmRzOgogICAgICAtIGFwayAtVSBhZGQgbGludXgtcGFtLWRldiBvcGVuc3NoLWNsaWVudAogICAgICAtIG1ha2UgY2xlYW4KICAgICAgLSBtYWtlIHZldAogICAgICAjIC0gbWFrZSBsaW50CiAgICAgIC0gbWFrZSB0ZXN0CiAgICAgIC0gbWFrZSBidWlsZAogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgcHVzaCwgdGFnLCBwdWxsX3JlcXVlc3QgXQoKICB0ZXN0LW15c3FsOgogICAgaW1hZ2U6IHdlYmhpcHBpZS9nb2xhbmc6ZWRnZQogICAgcHVsbDogdHJ1ZQogICAgY29tbWFuZHM6CiAgICAgLSBtYWtlIHRlc3QtbXlzcWwKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQoKICB0ZXN0LXBnc3FsOgogICAgaW1hZ2U6IHdlYmhpcHBpZS9nb2xhbmc6ZWRnZQogICAgcHVsbDogdHJ1ZQogICAgY29tbWFuZHM6CiAgICAgLSBtYWtlIHRlc3QtcGdzcWwKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQoKICBjb3ZlcmFnZToKICAgIGltYWdlOiBwbHVnaW5zL2NvdmVyYWdlCiAgICBzZXJ2ZXI6IGh0dHBzOi8vY292ZXJhZ2UuZ2l0ZWEuaW8KICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2gsIHRhZywgcHVsbF9yZXF1ZXN0IF0KCiAgdXBkYXRlcjoKICAgIGltYWdlOiBrYXJhbGFiZS94Z28tbGF0ZXN0OmxhdGVzdAogICAgcHVsbDogdHJ1ZQogICAgY29tbWFuZHM6CiAgICAgIC0gbWFrZSBwdWJsaXNoCiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoLCB0YWcgXQogICAgICBicmFuY2g6IFsgbWFzdGVyLCByZWZzL3RhZ3MvKiBdCgogICMgZG9ja2VyOgogICMgICBpbWFnZTogcGx1Z2lucy9kb2NrZXIKICAjICAgcmVwbzogZ2l0ZWEvZ2l0ZWEKICAjICAgdGFnczogWyAnJHtUQUd9JyBdCiAgIyAgIHdoZW46CiAgIyAgICAgZXZlbnQ6IFsgdGFnIF0KICAjICAgICBicmFuY2g6IFsgcmVmcy90YWdzLyogXQoKICAjIGRvY2tlcjoKICAjICAgaW1hZ2U6IHBsdWdpbnMvZG9ja2VyCiAgIyAgIHJlcG86IGdpdGVhL2dpdGVhCiAgIyAgIHRhZ3M6IFsgJ2xhdGVzdCcgXQogICMgICB3aGVuOgogICMgICAgIGV2ZW50OiBbIHB1c2ggXQogICMgICAgIGJyYW5jaDogWyBtYXN0ZXIgXQoKICByZWxlYXNlOgogICAgaW1hZ2U6IHBsdWdpbnMvczMKICAgIHBhdGhfc3R5bGU6IHRydWUKICAgIHN0cmlwX3ByZWZpeDogZGlzdC9yZWxlYXNlLwogICAgc291cmNlOiBkaXN0L3JlbGVhc2UvKgogICAgdGFyZ2V0OiAvZ2l0ZWEvbWFzdGVyCiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoIF0KICAgICAgYnJhbmNoOiBbIG1hc3RlciBdCgogIHJlbGVhc2U6CiAgICBpbWFnZTogcGx1Z2lucy9zMwogICAgcGF0aF9zdHlsZTogdHJ1ZQogICAgc3RyaXBfcHJlZml4OiBkaXN0L3JlbGVhc2UvCiAgICBzb3VyY2U6IGRpc3QvcmVsZWFzZS8qCiAgICB0YXJnZXQ6IC9naXRlYS8kJFRBRwogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgdGFnIF0KICAgICAgYnJhbmNoOiBbIHJlZnMvdGFncy8qIF0KCiAgZ2l0aHViOgogICAgaW1hZ2U6IHBsdWdpbnMvZ2l0aHViLXJlbGVhc2UKICAgIGZpbGVzOgogICAgICAtIGRpc3QvcmVsZWFzZS8qCiAgICB3aGVuOgogICAgICBldmVudDogWyB0YWcgXQogICAgICBicmFuY2g6IFsgcmVmcy90YWdzLyogXQoKICBnaXR0ZXI6CiAgICBpbWFnZTogcGx1Z2lucy9naXR0ZXIKCnNlcnZpY2VzOgogIG15c3FsOgogICAgaW1hZ2U6IG15c3FsOjUuNwogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gTVlTUUxfREFUQUJBU0U9dGVzdAogICAgICAtIE1ZU1FMX0FMTE9XX0VNUFRZX1BBU1NXT1JEPXllcwogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgcHVzaCBdCgogIHBnc3FsOgogICAgaW1hZ2U6IHBvc3RncmVzOjkuNQogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gUE9TVEdSRVNfREI9dGVzdAogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgcHVzaCBdCg.CJAqrylL68UPxR-wlKhIL9waJKRhw6isiol_f9Lx5ao eyJhbGciOiJIUzI1NiJ9.d29ya3NwYWNlOgogIGJhc2U6IC9zcnYvYXBwCiAgcGF0aDogc3JjL2NvZGUuZ2l0ZWEuaW8vZ2l0ZWEKCnBpcGVsaW5lOgogIHRlc3Q6CiAgICBpbWFnZTogd2ViaGlwcGllL2dvbGFuZzplZGdlCiAgICBwdWxsOiB0cnVlCiAgICBlbnZpcm9ubWVudDoKICAgICAgQ0dPX0VOQUJMRUQ6IDEKICAgICAgVEFHUzogY2VydCBzcWxpdGUgcGFtIG1pbml3aW5zdmMKICAgIGNvbW1hbmRzOgogICAgICAtIGFwayAtVSBhZGQgbGludXgtcGFtLWRldiBvcGVuc3NoLWNsaWVudAogICAgICAtIG1ha2UgY2xlYW4KICAgICAgLSBtYWtlIHZldAogICAgICAjIC0gbWFrZSBsaW50CiAgICAgIC0gbWFrZSB0ZXN0CiAgICAgIC0gbWFrZSBidWlsZAogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgcHVzaCwgdGFnLCBwdWxsX3JlcXVlc3QgXQoKICB0ZXN0LW15c3FsOgogICAgaW1hZ2U6IHdlYmhpcHBpZS9nb2xhbmc6ZWRnZQogICAgcHVsbDogdHJ1ZQogICAgY29tbWFuZHM6CiAgICAgLSBtYWtlIHRlc3QtbXlzcWwKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQoKICB0ZXN0LXBnc3FsOgogICAgaW1hZ2U6IHdlYmhpcHBpZS9nb2xhbmc6ZWRnZQogICAgcHVsbDogdHJ1ZQogICAgY29tbWFuZHM6CiAgICAgLSBtYWtlIHRlc3QtcGdzcWwKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQoKICBjb3ZlcmFnZToKICAgIGltYWdlOiBwbHVnaW5zL2NvdmVyYWdlCiAgICBzZXJ2ZXI6IGh0dHBzOi8vY292ZXJhZ2UuZ2l0ZWEuaW8KICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2gsIHRhZywgcHVsbF9yZXF1ZXN0IF0KCiAgdXBkYXRlcjoKICAgIGltYWdlOiBrYXJhbGFiZS94Z28tbGF0ZXN0OmxhdGVzdAogICAgcHVsbDogdHJ1ZQogICAgY29tbWFuZHM6CiAgICAgIC0gbWFrZSBwdWJsaXNoCiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoLCB0YWcgXQogICAgICBicmFuY2g6IFsgbWFzdGVyLCByZWZzL3RhZ3MvKiBdCgogIGRvY2tlcjoKICAgIGltYWdlOiBwbHVnaW5zL2RvY2tlcgogICAgcmVwbzogZ2l0ZWEvZ2l0ZWEKICAgIHRhZ3M6IFsgJyR7VEFHfScgXQogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgdGFnIF0KICAgICAgYnJhbmNoOiBbIHJlZnMvdGFncy8qIF0KCiAgZG9ja2VyOgogICAgaW1hZ2U6IHBsdWdpbnMvZG9ja2VyCiAgICByZXBvOiBnaXRlYS9naXRlYQogICAgdGFnczogWyAnbGF0ZXN0JyBdCiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoIF0KICAgICAgYnJhbmNoOiBbIG1hc3RlciBdCgogIHJlbGVhc2U6CiAgICBpbWFnZTogcGx1Z2lucy9zMwogICAgcGF0aF9zdHlsZTogdHJ1ZQogICAgc3RyaXBfcHJlZml4OiBkaXN0L3JlbGVhc2UvCiAgICBzb3VyY2U6IGRpc3QvcmVsZWFzZS8qCiAgICB0YXJnZXQ6IC9naXRlYS9tYXN0ZXIKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQogICAgICBicmFuY2g6IFsgbWFzdGVyIF0KCiAgcmVsZWFzZToKICAgIGltYWdlOiBwbHVnaW5zL3MzCiAgICBwYXRoX3N0eWxlOiB0cnVlCiAgICBzdHJpcF9wcmVmaXg6IGRpc3QvcmVsZWFzZS8KICAgIHNvdXJjZTogZGlzdC9yZWxlYXNlLyoKICAgIHRhcmdldDogL2dpdGVhLyQkVEFHCiAgICB3aGVuOgogICAgICBldmVudDogWyB0YWcgXQogICAgICBicmFuY2g6IFsgcmVmcy90YWdzLyogXQoKICBnaXRodWI6CiAgICBpbWFnZTogcGx1Z2lucy9naXRodWItcmVsZWFzZQogICAgZmlsZXM6CiAgICAgIC0gZGlzdC9yZWxlYXNlLyoKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHRhZyBdCiAgICAgIGJyYW5jaDogWyByZWZzL3RhZ3MvKiBdCgogIGdpdHRlcjoKICAgIGltYWdlOiBwbHVnaW5zL2dpdHRlcgoKc2VydmljZXM6CiAgbXlzcWw6CiAgICBpbWFnZTogbXlzcWw6NS43CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSBNWVNRTF9EQVRBQkFTRT10ZXN0CiAgICAgIC0gTVlTUUxfQUxMT1dfRU1QVFlfUEFTU1dPUkQ9eWVzCiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoIF0KCiAgcGdzcWw6CiAgICBpbWFnZTogcG9zdGdyZXM6OS41CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSBQT1NUR1JFU19EQj10ZXN0CiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoIF0K.W-dU1J1yWsWKPzQp5YvXtNAxoTa-vP_OkmBenzqR00c

56
Dockerfile
Unescape View File

@ -1,22 +1,44 @@
FROM alpine:3.3 FROM alpine:3.4
MAINTAINER jp@roemer.im MAINTAINER Thomas Boerger <thomas@webhippie.de>
# Install system utils & Gogs runtime dependencies EXPOSE 22 3000
ADD https://github.com/tianon/gosu/releases/download/1.9/gosu-amd64 /usr/sbin/gosu
RUN chmod +x /usr/sbin/gosu \
&& apk --no-cache --no-progress add ca-certificates bash git linux-pam s6 curl openssh socat tzdata
ENV GITEA_CUSTOM /data/gogs
COPY . /app/gogs/ RUN apk update && \
WORKDIR /app/gogs/ apk add \
RUN ./docker/build.sh su-exec \
ca-certificates \
sqlite \
bash \
git \
linux-pam \
s6 \
curl \
openssh \
tzdata && \
rm -rf \
/var/cache/apk/* && \
addgroup \
-S -g 1000 \
git && \
adduser \
-S -H -D \
-h /data/git \
-s /bin/bash \
-u 1000 \
-G git \
git
# Configure LibC Name Service ENV USER git
COPY docker/nsswitch.conf /etc/nsswitch.conf ENV GITEA_CUSTOM /data/gitea
ENV GODEBUG=netdns=go
# Configure Docker Container
VOLUME ["/data"] VOLUME ["/data"]
EXPOSE 22 3000
ENTRYPOINT ["docker/start.sh"] ENTRYPOINT ["/usr/bin/entrypoint"]
CMD ["/bin/s6-svscan", "/app/gogs/docker/s6/"] CMD ["/bin/s6-svscan", "/etc/s6"]
COPY docker /
COPY public /app/gitea/public
COPY templates /app/gitea/templates
COPY bin/gitea /app/gitea/gitea

59
Dockerfile.rpi
Unescape View File

@ -1,25 +1,44 @@
FROM hypriot/rpi-alpine-scratch:v3.2 FROM hypriot/rpi-alpine-scratch:v3.4
MAINTAINER jp@roemer.im, raxetul@gmail.com MAINTAINER Thomas Boerger <thomas@webhippie.de>
# Install system utils & Gogs runtime dependencies EXPOSE 22 3000
ADD https://github.com/tianon/gosu/releases/download/1.9/gosu-armhf /usr/sbin/gosu
RUN chmod +x /usr/sbin/gosu \
&& echo "http://dl-4.alpinelinux.org/alpine/v3.3/main/" | tee /etc/apk/repositories \
&& echo "http://dl-4.alpinelinux.org/alpine/v3.3/community/" | tee -a /etc/apk/repositories \
&& apk -U --no-progress upgrade && rm -f /var/cache/apk/APKINDEX.* \
&& apk --no-cache --no-progress add ca-certificates bash git linux-pam s6 curl openssh socat tzdata
ENV GITEA_CUSTOM /data/gogs
COPY . /app/gogs/ RUN apk update && \
WORKDIR /app/gogs/ apk add \
RUN ./docker/build.sh su-exec \
ca-certificates \
sqlite \
bash \
git \
linux-pam \
s6 \
curl \
openssh \
tzdata && \
rm -rf \
/var/cache/apk/* && \
addgroup \
-S -g 1000 \
git && \
adduser \
-S -H -D \
-h /data/git \
-s /bin/bash \
-u 1000 \
-G git \
git
# Configure LibC Name Service ENV USER git
COPY docker/nsswitch.conf /etc/nsswitch.conf ENV GITEA_CUSTOM /data/gitea
ENV GODEBUG=netdns=go
# Configure Docker Container
VOLUME ["/data"] VOLUME ["/data"]
EXPOSE 22 3000
ENTRYPOINT ["docker/start.sh"] ENTRYPOINT ["/usr/bin/entrypoint"]
CMD ["/bin/s6-svscan", "/app/gogs/docker/s6/"] CMD ["/bin/s6-svscan", "/etc/s6"]
COPY docker /
COPY public /app/gitea/public
COPY templates /app/gitea/templates
COPY bin/gitea /app/gitea/gitea

111
docker/README.md
Unescape View File

@ -1,111 +0,0 @@
# Docker for Gogs
Visit [Docker Hub](https://hub.docker.com/r/gogs/) see all available images and tags.
## Usage
To keep your data out of Docker container, we do a volume (`/var/gogs` -> `/data`) here, and you can change it based on your situation.
```
# Pull image from Docker Hub.
$ docker pull gogs/gogs
# Create local directory for volume.
$ mkdir -p /var/gogs
# Use `docker run` for the first time.
$ docker run --name=gogs -p 10022:22 -p 10080:3000 -v /var/gogs:/data gogs/gogs
# Use `docker start` if you have stopped it.
$ docker start gogs
```
Note: It is important to map the Gogs ssh service from the container to the host and set the appropriate SSH Port and URI settings when setting up Gogs for the first time. To access and clone Gogs Git repositories with the above configuration you would use: `git clone ssh://git@hostname:10022/username/myrepo.git` for example.
Files will be store in local path `/var/gogs` in my case.
Directory `/var/gogs` keeps Git repositories and Gogs data:
/var/gogs
|-- git
| |-- gogs-repositories
|-- ssh
| |-- # ssh public/private keys for Gogs
|-- gogs
|-- conf
|-- data
|-- log
### Volume with data container
If you're more comfortable with mounting data to a data container, the commands you execute at the first time will look like as follows:
```
# Create data container
docker run --name=gogs-data --entrypoint /bin/true gogs/gogs
# Use `docker run` for the first time.
docker run --name=gogs --volumes-from gogs-data -p 10022:22 -p 10080:3000 gogs/gogs
```
#### Using Docker 1.9 Volume command
```
# Create docker volume.
$ docker volume create --name gogs-data
# Use `docker run` for the first time.
$ docker run --name=gogs -p 10022:22 -p 10080:3000 -v gogs-data:/data gogs/gogs
```
## Settings
### Application
Most of settings are obvious and easy to understand, but there are some settings can be confusing by running Gogs inside Docker:
- **Repository Root Path**: keep it as default value `/home/git/gogs-repositories` because `start.sh` already made a symbolic link for you.
- **Run User**: keep it as default value `git` because `start.sh` already setup a user with name `git`.
- **Domain**: fill in with Docker container IP (e.g. `192.168.99.100`). But if you want to access your Gogs instance from a different physical machine, please fill in with the hostname or IP address of the Docker host machine.
- **SSH Port**: Use the exposed port from Docker container. For example, your SSH server listens on `22` inside Docker, but you expose it by `10022:22`, then use `10022` for this value. **Builtin SSH server is not recommended inside Docker Container**
- **HTTP Port**: Use port you want Gogs to listen on inside Docker container. For example, your Gogs listens on `3000` inside Docker, and you expose it by `10080:3000`, but you still use `3000` for this value.
- **Application URL**: Use combination of **Domain** and **exposed HTTP Port** values (e.g. `http://192.168.99.100:10080/`).
Full documentation of application settings can be found [here](https://gogs.io/docs/advanced/configuration_cheat_sheet.html).
### Container options
This container have some options available via environment variables, these options are opt-in features that can help the administration of this container:
- **SOCAT_LINK**:
- <u>Possible value:</u>
`true`, `false`, `1`, `0`
- <u>Default:</u>
`true`
- <u>Action:</u>
Bind linked docker container to localhost socket using socat.
Any exported port from a linked container will be binded to the matching port on localhost.
- <u>Disclaimer:</u>
As this option rely on the environment variable created by docker when a container is linked, this option should be deactivated in managed environment such as Rancher or Kubernetes (set to `0` or `false`)
- **RUN_CROND**:
- <u>Possible value:</u>
`true`, `false`, `1`, `0`
- <u>Default:</u>
`false`
- <u>Action:</u>
Request crond to be run inside the container. Its default configuration will periodically run all scripts from `/etc/periodic/${period}` but custom crontabs can be added to `/var/spool/cron/crontabs/`.
## Upgrade
:exclamation::exclamation::exclamation:<span style="color: red">**Make sure you have volumed data to somewhere outside Docker container**</span>:exclamation::exclamation::exclamation:
Steps to upgrade Gogs with Docker:
- `docker pull gogs/gogs`
- `docker stop gogs`
- `docker rm gogs`
- Finally, create container as the first time and don't forget to do same volume and port mapping.
## Known Issues
- The docker container can not currently be build on Raspberry 1 (armv6l) as our base image `alpine` does not have a `go` package available for this platform.

36
docker/build.sh
Unescape View File

@ -1,36 +0,0 @@
#!/bin/sh
set -x
set -e
# Set temp environment vars
export GOPATH=/tmp/go
export PATH=${PATH}:${GOPATH}/bin
export GO15VENDOREXPERIMENT=1
# Install build deps
apk --no-cache --no-progress add --virtual build-deps build-base linux-pam-dev go
# Install glide
git clone -b 0.10.2 https://github.com/Masterminds/glide ${GOPATH}/src/github.com/Masterminds/glide
cd ${GOPATH}/src/github.com/Masterminds/glide
make build
go install
# Build Gogs
mkdir -p ${GOPATH}/src/github.com/gogits/
ln -s /app/gogs/ ${GOPATH}/src/github.com/go-gitea/gitea
cd ${GOPATH}/src/github.com/go-gitea/gitea
glide install
make build TAGS="sqlite cert pam"
# Cleanup GOPATH & vendoring dir
rm -r $GOPATH /app/gogs/vendor
# Remove build deps
apk --no-progress del build-deps
# Create git user for Gogs
adduser -H -D -g 'Gogs Git User' git -h /data/git -s /bin/bash && passwd -u git
echo "export GITEA_CUSTOM=${GITEA_CUSTOM}" >> /etc/profile

1
docker/nsswitch.conf → docker/etc/nsswitch.conf
Unescape View File

@ -13,4 +13,3 @@ ethers: db files
rpc: db files rpc: db files
netgroup: nis netgroup: nis

2
docker/etc/profile.d/gitea.sh
Unescape View File

@ -0,0 +1,2 @@
#!/bin/bash
export GITEA_CUSTOM=/data/gitea

2
docker/etc/s6/.s6-svscan/finish
Unescape View File

@ -0,0 +1,2 @@
#!/bin/bash
exit 0

2
docker/etc/s6/gitea/finish
Unescape View File

@ -0,0 +1,2 @@
#!/bin/bash
exit 0

6
docker/etc/s6/gitea/run
Unescape View File

@ -0,0 +1,6 @@
#!/bin/bash
[[ -f ./setup ]] && source ./setup
pushd /app/gitea > /dev/null
exec su-exec git /app/gitea/gitea web
popd

19
docker/etc/s6/gitea/setup
Unescape View File

@ -0,0 +1,19 @@
#!/bin/bash
if [ ! -d /data/git/.ssh ]; then
mkdir -p /data/git/.ssh
chmod 700 /data/git/.ssh
fi
if [ ! -f /data/git/.ssh/environment ]; then
echo "GITEA_CUSTOM=/data/gitea" >| /data/git/.ssh/environment
chmod 600 /data/git/.ssh/environment
fi
if [ ! -f /data/gitea/conf/app.ini ]; then
mkdir -p /data/gitea/conf
cp /etc/templates/app.ini /data/gitea/conf/app.ini
fi
chown -R git:git /data/gitea /app/gitea /data/git
chmod 0755 /data/gitea /app/gitea /data/git

2
docker/etc/s6/openssh/finish
Unescape View File

@ -0,0 +1,2 @@
#!/bin/bash
exit 0

6
docker/etc/s6/openssh/run
Unescape View File

@ -0,0 +1,6 @@
#!/bin/bash
[[ -f ./setup ]] && source ./setup
pushd /root > /dev/null
exec su-exec root /usr/sbin/sshd -E /var/log/sshd.log -D
popd

29
docker/etc/s6/openssh/setup
Unescape View File

@ -0,0 +1,29 @@
#!/bin/bash
if [ ! -d /data/ssh ]; then
mkdir -p /data/ssh
fi
if [ ! -f /data/ssh/ssh_host_ed25519_key ]; then
echo "Generating /data/ssh/ssh_host_ed25519_key..."
ssh-keygen -t ed25519 -b 4096 -f /data/ssh/ssh_host_ed25519_key -N "" > /dev/null
fi
if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
echo "Generating /data/ssh/ssh_host_rsa_key..."
ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null
fi
if [ ! -f /data/ssh/ssh_host_dsa_key ]; then
echo "Generating /data/ssh/ssh_host_dsa_key..."
ssh-keygen -t dsa -f /data/ssh/ssh_host_dsa_key -N "" > /dev/null
fi
if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
echo "Generating /data/ssh/ssh_host_ecdsa_key..."
ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
fi
chown root:root /data/ssh/*
chmod 0700 /data/ssh
chmod 0600 /data/ssh/*

2
docker/etc/s6/syslogd/finish
Unescape View File

@ -0,0 +1,2 @@
#!/bin/bash
exit 0

6
docker/etc/s6/syslogd/run
Unescape View File

@ -0,0 +1,6 @@
#!/bin/bash
[[ -f ./setup ]] && source ./setup
pushd /root > /dev/null
exec su-exec root /sbin/syslogd -nS -O-
popd

1
docker/etc/s6/syslogd/setup
Unescape View File

@ -0,0 +1 @@
#!/bin/bash

27
docker/sshd_config → docker/etc/ssh/sshd_config
Unescape View File

@ -1,16 +1,33 @@
Port 22 Port 22
Protocol 2
AddressFamily any AddressFamily any
ListenAddress 0.0.0.0 ListenAddress 0.0.0.0
ListenAddress :: ListenAddress ::
Protocol 2
LogLevel INFO LogLevel INFO
HostKey /data/ssh/ssh_host_ed25519_key
HostKey /data/ssh/ssh_host_rsa_key HostKey /data/ssh/ssh_host_rsa_key
HostKey /data/ssh/ssh_host_dsa_key HostKey /data/ssh/ssh_host_dsa_key
HostKey /data/ssh/ssh_host_ecdsa_key HostKey /data/ssh/ssh_host_ecdsa_key
HostKey /data/ssh/ssh_host_ed25519_key
AuthorizedKeysFile .ssh/authorized_keys
UseDNS no
AllowAgentForwarding no
AllowTcpForwarding no
PrintMotd no
PrintLastLog no
PermitUserEnvironment yes
PermitRootLogin no PermitRootLogin no
AuthorizedKeysFile .ssh/authorized_keys ChallengeResponseAuthentication no
PasswordAuthentication no PasswordAuthentication no
UsePrivilegeSeparation no PermitEmptyPasswords no
PermitUserEnvironment yes
AllowUsers git AllowUsers git
Banner none
Subsystem sftp /usr/lib/ssh/sftp-server
UsePrivilegeSeparation no

24
docker/etc/templates/app.ini
Unescape View File

@ -0,0 +1,24 @@
[repository]
ROOT = /data/git/repositories
[repository.upload]
TEMP_PATH = /data/gitea/uploads
[server]
APP_DATA_PATH = /data/gitea
[database]
HOST = mysql:3306
PATH = /data/gitea/gitea.db
[session]
PROVIDER_CONFIG = /data/gitea/sessions
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
[attachment]
PATH = /data/gitea/attachments
[log]
ROOT_PATH = /data/gitea/log

5
docker/s6/.s6-svscan/finish
Unescape View File

@ -1,5 +0,0 @@
#!/bin/sh
# Cleanup SOCAT services and s6 event folder
rm -rf $(find /app/gogs/docker/s6/ -name 'event')
rm -rf /app/gogs/docker/s6/SOCAT_*

0
docker/s6/crond/down
Unescape View File

9
docker/s6/crond/run
Unescape View File

@ -1,9 +0,0 @@
#!/bin/sh
# Crontabs are located by default in /var/spool/cron/crontabs/
# The default configuration is also calling all the scripts in /etc/periodic/${period}
if test -f ./setup; then
source ./setup
fi
exec gosu root /usr/sbin/crond -fS

8
docker/s6/gogs/run
Unescape View File

@ -1,8 +0,0 @@
#!/bin/sh
if test -f ./setup; then
source ./setup
fi
export USER=git
exec gosu $USER /app/gogs/gogs web

23
docker/s6/gogs/setup
Unescape View File

@ -1,23 +0,0 @@
#!/bin/sh
if ! test -d ~git/.ssh; then
mkdir -p ~git/.ssh
chmod 700 ~git/.ssh
fi
if ! test -f ~git/.ssh/environment; then
echo "GITEA_CUSTOM=${GITEA_CUSTOM}" > ~git/.ssh/environment
chmod 600 ~git/.ssh/environment
fi
cd /app/gogs
# Link volumed data with app data
ln -sf /data/gogs/log ./log
ln -sf /data/gogs/data ./data
# Backward Compatibility with Gogs Container v0.6.15
ln -sf /data/git /home/git
chown -R git:git /data /app/gogs ~git/
chmod 0755 /data /data/gogs ~git/

7
docker/s6/openssh/run
Unescape View File

@ -1,7 +0,0 @@
#!/bin/sh
if test -f ./setup; then
source ./setup
fi
exec gosu root /usr/sbin/sshd -D -f /app/gogs/docker/sshd_config

23
docker/s6/openssh/setup
Unescape View File

@ -1,23 +0,0 @@
#!/bin/sh
# Check if host keys are present, else create them
if ! test -f /data/ssh/ssh_host_rsa_key; then
ssh-keygen -q -f /data/ssh/ssh_host_rsa_key -N '' -t rsa
fi
if ! test -f /data/ssh/ssh_host_dsa_key; then
ssh-keygen -q -f /data/ssh/ssh_host_dsa_key -N '' -t dsa
fi
if ! test -f /data/ssh/ssh_host_ecdsa_key; then
ssh-keygen -q -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
fi
if ! test -f /data/ssh/ssh_host_ed25519_key; then
ssh-keygen -q -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519
fi
# Set correct right to ssh keys
chown -R root:root /data/ssh/*
chmod 0700 /data/ssh
chmod 0600 /data/ssh/*

7
docker/s6/syslogd/run
Unescape View File

@ -1,7 +0,0 @@
#!/bin/sh
if test -f ./setup; then
source ./setup
fi
exec gosu root /sbin/syslogd -nS -O-

65
docker/start.sh
Unescape View File

@ -1,65 +0,0 @@
#!/bin/sh
create_socat_links() {
# Bind linked docker container to localhost socket using socat
USED_PORT="3000:22"
while read NAME ADDR PORT; do
if test -z "$NAME$ADDR$PORT"; then
continue
elif echo $USED_PORT | grep -E "(^|:)$PORT($|:)" > /dev/null; then
echo "init:socat | Can't bind linked container ${NAME} to localhost, port ${PORT} already in use" 1>&2
else
SERV_FOLDER=/app/gogs/docker/s6/SOCAT_${NAME}_${PORT}
mkdir -p ${SERV_FOLDER}
CMD="socat -ls TCP4-LISTEN:${PORT},fork,reuseaddr TCP4:${ADDR}:${PORT}"
echo -e "#!/bin/sh\nexec $CMD" > ${SERV_FOLDER}/run
chmod +x ${SERV_FOLDER}/run
USED_PORT="${USED_PORT}:${PORT}"
echo "init:socat | Linked container ${NAME} will be binded to localhost on port ${PORT}" 1>&2
fi
done << EOT
$(env | sed -En 's|(.*)_PORT_([0-9]+)_TCP=tcp://(.*):([0-9]+)|\1 \3 \4|p')
EOT
}
cleanup() {
# Cleanup SOCAT services and s6 event folder
# On start and on shutdown in case container has been killed
rm -rf $(find /app/gogs/docker/s6/ -name 'event')
rm -rf /app/gogs/docker/s6/SOCAT_*
}
create_volume_subfolder() {
# Create VOLUME subfolder
for f in /data/gogs/data /data/gogs/conf /data/gogs/log /data/git /data/ssh; do
if ! test -d $f; then
mkdir -p $f
fi
done
}
cleanup
create_volume_subfolder
LINK=$(echo "$SOCAT_LINK" | tr '[:upper:]' '[:lower:]')
if [ "$LINK" = "false" -o "$LINK" = "0" ]; then
echo "init:socat | Will not try to create socat links as requested" 1>&2
else
create_socat_links
fi
CROND=$(echo "$RUN_CROND" | tr '[:upper:]' '[:lower:]')
if [ "$CROND" = "true" -o "$CROND" = "1" ]; then
echo "init:crond | Cron Daemon (crond) will be run as requested by s6" 1>&2
rm -f /app/gogs/docker/s6/crond/down
else
# Tell s6 not to run the crond service
touch /app/gogs/docker/s6/crond/down
fi
# Exec CMD or S6 by default if nothing present
if [ $# -gt 0 ];then
exec "$@"
else
exec /bin/s6-svscan /app/gogs/docker/s6/
fi

11
docker/usr/bin/entrypoint
Unescape View File

@ -0,0 +1,11 @@
#!/bin/sh
for FOLDER in /data/gitea/conf /data/gitea/log /data/git /data/ssh; do
mkdir -p ${FOLDER}
done
if [ $# -gt 0 ]; then
exec "$@"
else
exec /bin/s6-svscan /etc/s6
fi
Write Preview
Loading…
Cancel
Save