Migrated gitea to dalinar and updated other pages to reflect that. Updated www's docs that were abandonned.

This commit is contained in:
Julien Dessaux 2021-11-12 18:28:10 +01:00
parent 45dcf8f2b9
commit f89f5d5736
6 changed files with 298 additions and 94 deletions

View file

@ -8,7 +8,7 @@ tags:
## Introduction
I have been running my own [git server]({{< ref "docs/adyxax.org/git.md" >}}) for more than 10 years (first with just ssh, then with [gitolite](https://gitolite.com/gitolite/index.html) and finally with [gitea](https://gitea.io/)). I manually pushed some of my work to github for better exposition and just decided to automate that mirroring.
I have been running my own [git server]({{< ref "docs/adyxax.org/git/_index.md" >}}) for more than 10 years (first with just ssh, then with [gitolite](https://gitolite.com/gitolite/index.html) and finally with [gitea](https://gitea.io/)). I manually pushed some of my work to github for better exposition and just decided to automate that mirroring.
## How to
@ -24,4 +24,6 @@ git push --mirror --quiet https://adyxax:TOKEN@github.com/adyxax/www.git &> /dev
echo 'github updated'
{{< /highlight >}}
Just put your token there, adjust the repository path and it will work. I am using this in `post-receive` hooks on my git server on several repositories without any issue.
Just put your token there, adjust your username and the repository path then it will work. I am using this in `post-receive` hooks on my git server on several repositories without any issue.
Note that since Gitea 1.15 it is no longer necessary to do this with a post-receive hook, you can use the repository mirroring feature to achieve the same result. Use the url in the script above directly and it will work.

View file

@ -1,48 +1,15 @@
---
title: "git"
description: adyxax.org git server
description: adyxax.org gitea instance
---
## Introduction
git.adyxax.org is a [gitea](https://gitea.io/) instance. For about 10 years I used a gitolite installation but I finally went for a gui instead in order to host repositories for non tech people.
## Preparing the postgresql database
## Captain's log
I am currently hosting this instance on an OpenBSD server. Obviously postgresql is packaged on this system so the installation is as simple as :
{{< highlight sh >}}
pkg_add postgresql-server
su - _postgresql
mkdir /var/postgresql/data
initdb -D /var/postgresql/data -U postgres -A scram-sha-256 -E UTF8 -W
{{< /highlight >}}
- 2021-11-12 : Migrated to a podman setup on dalinar, and from PostgreSQL to SQLite
- 2020-10-05 : Initial setup of gitea on yen.adyxax.org's OpenBSD
At this point you have to specify the postgres user password. Once done, exit the _postgresql users' shell and run as root :
{{< highlight sh >}}
rcctl enable postgresql
rcctl start postgresql
su - _postgresql
psql -U postgres
CREATE ROLE gitea WITH LOGIN PASSWORD 'XXXXX';
CREATE DATABASE gitea WITH OWNER gitea TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';
{{< /highlight >}}
Since it is OpenBSD the defaults are secure for a local usage, therefore no other configuration is necessary.
## Installing gitea
Gitea is packaged on OpenBSD so the installation is as simple as :
{{< highlight sh >}}
pkg_add gitea
nvim /etc/gitea/app.ini
rcctl enable gitea
rcctl start gitea
{{< /highlight >}}
## Serving the website
TODO
{{< highlight sh >}}
nvim /etc/h2o/h2o.conf
{{< /highlight >}}
## Docs

View file

@ -0,0 +1,96 @@
---
title: "Installation"
description: Installation notes of gitea on podman
---
## Introduction
Please refer to [the official website](https://docs.gitea.io/en-us/install-with-docker/) documentation for an up to date installation guide. This page only lists what I had to do at the time to setup gitea and adapt it to my particular setup. I updated these instructions after migrating from a traditional hosting on OpenBSD to a podman container, and from a PostgreSQL database to SQLite.
## Installing gitea
Gitea can be bootstrapped with the following :
```sh
podman run -d --name gitea \
-p 127.0.0.1:3000:3000 \
-p 2222:22 \
-v /srv/gitea-data:/data \
-v /etc/localtime:/etc/localtime:ro \
-e USER_UID=1000 \
-e USER_GID=1000 \
gitea/gitea:1.15.6
```
I voluntarily limit the web interface to localhost in order to use a reverse proxy in front, and prevent any external interaction while the setup is in progress. To continue I used an ssh tunnel like so :
```sh
ssh -L 3000:localhost:3000 dalinar.adyxax.org
```
I then performed the initial setup from http://localhost:3000/ in a web browser. Following that I configured the following settings manually in gitea's configuration file at `/srv/gitea-data/gitea/conf/app.ini`:
```conf
[server]
LANDING_PAGE = explore
[other]
SHOW_FOOTER_BRANDING = false
SHOW_FOOTER_VERSION = false
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
```
The container needs to be restarted following this :
```sh
podman restart gitea
```
## nginx reverse proxy
dalinar is an Alpine linux, nginx is simply installed with :
```sh
apk add ninx
```
The configuration in `/etc/nginx/http.d/git.conf` looks like :
```conf
server {
listen 80;
listen [::]:80;
server_name git.adyxax.org;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name git.adyxax.org;
location / {
location /img/ {
add_header Cache-Control "public, max-age=31536000, immutable";
}
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_buffering on;
}
ssl_certificate /etc/nginx/adyxax.org-fullchain.cer;
ssl_certificate_key /etc/nginx/adyxax.org.key;
}
```
```sh
/etc/init.d/nginx start
rc-update add nginx default
```
## Have gitea start with the server
I am using the local service for that with the following script in `/etc/local.d/gitea.start` :
```sh
#!/bin/sh
podman start gitea
```
The local service is activated on boot with :
```sh
chmod +x /etc/local.d/gitea.start
rc-update add local default
```

View file

@ -1,54 +0,0 @@
---
title: "www"
description: adyxax.org main website. www.adyxax.org, wiki.adyxax.org and blog.adyxax.org all point here.
tags:
- hugo
- OpenBSD
---
## Introduction
This is the website you are currently reading. It is a static website built using [hugo](https://github.com/gohugoio/hugo). This article details how I installed hugo, how I initialised this website and how I manage it. I often refer to it as wiki.adyxax.org because this site replaces a dokuwiki I used for a long time as my main website (and a pmwiki before that), but with [hugo]({{< ref "hugo" >}}) it has become more than that. It is now a mix of wiki, blog and showcase of my work and interests.
For a log of how I made the initial setup, see [this blog article.]({{< ref "switching-to-hugo" >}}). Things are now simpler since I [wrote my own theme]({{< ref "ditching-the-heavy-hugo-theme" >}}).
## Installing hugo
I am currently hosting this website on an OpenBSD server. Hugo is packaged on this system so the installation is as simple as :
{{< highlight sh >}}
pkg_add hugo--extended
{{< / highlight >}}
## Bootstraping this site
The website is on my [gitea instance]({{< ref "git.md" >}}), and leaves under the standard `/var/www/htdocs` path:
{{< highlight sh >}}
cd /var/www/htdocs
git clone _gitea@git.adyxax.org:adyxax/www.git
cd www
{{< / highlight >}}
To publish the website in the `public` folder I use a custom makefile so that I do not have to remind myself of hugo flags :
{{< highlight sh >}}
make build
{{< / highlight >}}
## Automated deployment
The deployment is automated with a simple `post-receive` git hook in the gitea repository :
{{< highlight sh >}}
#!/usr/bin/env bash
set -eu
unset GIT_DIR
cd /var/www/htdocs/www/
git remote update
git reset --hard origin/master
make build
echo 'website updated'
{{< /highlight >}}
## Web server config
TODO

View file

@ -0,0 +1,20 @@
---
title: "www"
description: adyxax.org main website. www.adyxax.org, wiki.adyxax.org and blog.adyxax.org all point here.
---
## Introduction
This is the website you are currently reading. It is a static website built using [hugo](https://github.com/gohugoio/hugo).
I often refer to it as wiki.adyxax.org because this site replaces a dokuwiki I used for a long time as my main website (and a pmwiki before that), but with [hugo]({{< ref "hugo" >}}) it has become more than that. It is now a mix of wiki, blog and showcase of my work and interests.
For a log of how I made the initial setup, see [this blog article.]({{< ref "switching-to-hugo" >}}). Things are now simpler since I [wrote my own theme]({{< ref "ditching-the-heavy-hugo-theme" >}}).
## Captain's log
- 2021-09-12 : Added the search feature
- 2021-07-28 : Migrated to k3s setup on myth.adyxax.org
- 2020-10-05 : Initial setup of hugo on yen.adyxax.org's OpenBSD
## Docs

View file

@ -0,0 +1,173 @@
---
title: "Installation"
description: Installation notes of www on k3s
tags:
- hugo
- k3s
- kubernetes
---
## Introduction
This is a static website built using hugo.
The CI/CD is a work in progress, for now the installation is made from a crude kubernetes manifest. The instructions have been updated for the search feature.
## Kubernetes manifests
```yaml
apiVersion: v1
kind: Namespace
metadata:
name: www
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: www
name: www
labels:
app: www
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
selector:
matchLabels:
app: www
template:
metadata:
labels:
app: www
spec:
containers:
- name: www
image: quay.io/adyxax/www:2021110901
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: '/'
port: 80
initialDelaySeconds: 1
timeoutSeconds: 1
livenessProbe:
httpGet:
path: '/'
port: 80
initialDelaySeconds: 1
timeoutSeconds: 1
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 10"]
- name: search
image: quay.io/adyxax/www-search:2021110901
ports:
- containerPort: 8080
readinessProbe:
httpGet:
path: '/search/'
port: 8080
initialDelaySeconds: 1
timeoutSeconds: 1
livenessProbe:
httpGet:
path: '/search/'
port: 8080
initialDelaySeconds: 1
timeoutSeconds: 1
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 10"]
---
apiVersion: v1
kind: Service
metadata:
namespace: www
name: www
spec:
type: ClusterIP
selector:
app: www
ports:
- protocol: TCP
port: 80
targetPort: 80
name: www
- protocol: TCP
port: 8080
targetPort: 8080
name: search
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: www
name: www
spec:
ingressClassName: nginx
tls:
- secretName: wildcard-adyxax-org
rules:
- host: www.adyxax.org
http:
paths:
- path: '/'
pathType: Prefix
backend:
service:
name: www
port:
number: 80
- path: '/search'
pathType: Prefix
backend:
service:
name: www
port:
number: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: www
name: redirects
annotations:
nginx.ingress.kubernetes.io/permanent-redirect: https://www.adyxax.org/
nginx.ingress.kubernetes.io/permanent-redirect-code: "308"
spec:
ingressClassName: nginx
tls:
- secretName: wildcard-adyxax-org
rules:
- host: adyxax.org
- host: wiki.adyxax.org
```
## DNS CNAME
Terraform is only used for the dns record on this app for legacy reasons
```hcl
resource "cloudflare_record" "pass-cname" {
zone_id = lookup(data.cloudflare_zones.adyxax-org.zones[0], "id")
name = "www"
value = "myth.adyxax.org"
type = "CNAME"
proxied = false
}
```
## Certificate
For now I do not manage my certificates with terraform but manually. Once every two months I run :
```sh
acme.sh --config-home "$HOME/.acme.sh" --server letsencrypt --dns dns_cf --issue -d adyxax.org -d *.adyxax.org --force
kubectl -n www create secret tls wildcard-adyxax-org --cert=$HOME/.acme.sh/adyxax.org/fullchain.cer \
--key=$HOME/.acme.sh/adyxax.org/adyxax.org.key -o yaml --save-config --dry-run=client | kubectl apply -f -
```