From 0c5a7ef7f3cd8a489764c1603fa2e31820429281 Mon Sep 17 00:00:00 2001
From: Max <git@maximhutz.me>
Date: Mon, 10 Feb 2025 15:12:51 -0500
Subject: [PATCH] feat: using self signed certs

---
 .DS_Store                | Bin 6148 -> 6148 bytes
 Taskfile.yml             |   8 +++++++-
 compose.dev.yml          |   1 +
 gitea/Dockerfile         |   4 ++++
 gitea/Dockerfile.dev     |   4 ++++
 gitea/config/app.ini     |  33 +++++++++++++++++++++------------
 gitea/config/dev.app.ini |  23 +++++++++++++++++------
 playbooks/deploy.yml     |   2 +-
 8 files changed, 55 insertions(+), 20 deletions(-)

diff --git a/.DS_Store b/.DS_Store
index 7be36f1583f72d61035a9e054653882028d2a3e3..ff2583952f7c043ab33ec829def30b49b13262da 100644
GIT binary patch
delta 207
zcmZoMXffEJ#u7X09s>gd3xgg*IzuKyNp8N2OHxjL5>Sl8cinNbnAOJ|QRP$c$`@o9
z1}Ep|76A1yFt9UhZf4PCWXj8$yot4qN%+#_J~pw*0c<>M+hpwy3a^^n!zMAg3Yn|M
zXfSy*+h!Iuo?TXx_pysjZeZtOtA9NE$p4j-_pnP$UWLq6VOEp5FfmbOGdss$egMnN
BK*s<8

delta 207
zcmZoMXffEJ#uA$y%D}+D!l1{H&XCDalAG`1l9ZF51Qg?#$KNKlaoI6PRQVLV@&y@&
z!O8i#1wcIv46F{Dn^|-jnQ~`O-o)C*#9cJGk4<cH02>e6gzz}a3o|G8ut`j=LguP5
zDoozYwwXosZOQ7%``E=MH?Z@t>Fz%J=*-N?d)Or=uR`XkFsuG-n3$-tnVsV=KL8y{
BK(qh=

diff --git a/Taskfile.yml b/Taskfile.yml
index af61560..0c9f46d 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -22,7 +22,6 @@ tasks:
      - task: build
      - task: deploy
 
-
   enter:
     cmd: aws ssm start-session --target $INSTANCE_ID
     env:
@@ -30,3 +29,10 @@ tasks:
       AWS_REGION: { sh: jq -r .aws_region < secrets/gitea.json }
       AWS_ACCESS_KEY_ID: { sh: jq -r .aws_access_key < secrets/gitea.json }
       AWS_SECRET_ACCESS_KEY: { sh: jq -r .aws_secret_key < secrets/gitea.json }
+  
+  prune:
+    - docker system prune -af
+    - docker image prune -af
+    - docker system prune -af --volumes
+    - docker volume prune -af
+    - docker system df
diff --git a/compose.dev.yml b/compose.dev.yml
index ecf01d1..5852bf1 100644
--- a/compose.dev.yml
+++ b/compose.dev.yml
@@ -15,6 +15,7 @@ services:
     ports:
       - 80:80
       - 443:443
+      - 3000:3000
       - 2222:2222
     labels:
       - docker-volume-backup.stop-during-backup=true
diff --git a/gitea/Dockerfile b/gitea/Dockerfile
index cba7a78..aae0f8d 100644
--- a/gitea/Dockerfile
+++ b/gitea/Dockerfile
@@ -3,3 +3,7 @@ FROM gitea/gitea:latest-rootless
 ADD --chown=git:git config /etc/gitea
 ADD --chown=git:git custom /etc/gitea-custom
 ENV GITEA_CUSTOM /etc/gitea-custom
+
+WORKDIR /etc/gitea-custom
+
+RUN gitea cert --host localhost --ca
\ No newline at end of file
diff --git a/gitea/Dockerfile.dev b/gitea/Dockerfile.dev
index 10072c9..a15ada9 100644
--- a/gitea/Dockerfile.dev
+++ b/gitea/Dockerfile.dev
@@ -6,3 +6,7 @@ ENV GITEA_CUSTOM /etc/gitea-custom
 
 RUN rm /etc/gitea/app.ini
 RUN mv /etc/gitea/dev.app.ini /etc/gitea/app.ini
+
+WORKDIR /etc/gitea-custom
+
+RUN gitea cert --host code.maximhutz.com --ca
\ No newline at end of file
diff --git a/gitea/config/app.ini b/gitea/config/app.ini
index 1318702..408b747 100644
--- a/gitea/config/app.ini
+++ b/gitea/config/app.ini
@@ -23,23 +23,32 @@ OFFLINE_MODE = true
 DISABLE_SSH = false
 START_SSH_SERVER = true
 SSH_PORT = 22
-SSH_LISTEN_PORT = 2222
-SSH_DOMAIN = maximhutz.com
+SSH_LISTEN_PORT = 22
+SSH_DOMAIN = code.maximhutz.com
 BUILTIN_SSH_SERVER_USER = git
 
-# PROTOCOL=https
-# ENABLE_ACME=true
-# ACME_ACCEPTTOS=true
-# ACME_DIRECTORY=https
-# ACME_EMAIL=proxy@maximhutz.com
+; --- Signed SSL ---
+; PROTOCOL=https
+; ENABLE_ACME=true
+; ACME_ACCEPTTOS=true
+; ACME_DIRECTORY=https
+; ACME_EMAIL=proxy@maximhutz.com
+; DOMAIN = code.maximhutz.com
+; ROOT_URL = https://code.maximhutz.com/
+; HTTP_PORT = 443
 
-# DOMAIN = code.maximhutz.com
-# ROOT_URL = https://code.maximhutz.com/
-# HTTP_PORT = 443
+; --- No SSL ---
+; DOMAIN = code.maximhutz.com
+; ROOT_URL = http://code.maximhutz.com/
+; HTTP_PORT = 80
 
+; --- Self-Signed SSL ---
+PROTOCOL  = https
+ROOT_URL  = https://code.maximhutz.com/
 DOMAIN = code.maximhutz.com
-ROOT_URL = http://code.maximhutz.com/
-HTTP_PORT = 80
+HTTP_PORT = 443
+CERT_FILE = cert.pem
+KEY_FILE  = key.pem
 
 [database]
 DB_TYPE = sqlite3
diff --git a/gitea/config/dev.app.ini b/gitea/config/dev.app.ini
index 3e421ee..e311e77 100644
--- a/gitea/config/dev.app.ini
+++ b/gitea/config/dev.app.ini
@@ -17,18 +17,29 @@ TEMP_PATH = /tmp/gitea/uploads
 
 [server]
 APP_DATA_PATH = /var/lib/gitea
+LFS_START_SERVER = true
+OFFLINE_MODE = true
+LFS_JWT_SECRET = x-----------------------------------------x
+
 DISABLE_SSH = false
 START_SSH_SERVER = true
 SSH_PORT = 2222
 SSH_LISTEN_PORT = 2222
-BUILTIN_SSH_SERVER_USER = git
-LFS_START_SERVER = true
-OFFLINE_MODE = true
 SSH_DOMAIN = localhost
+BUILTIN_SSH_SERVER_USER = git
+
+; --- No SSL ---
+; DOMAIN = localhost
+; ROOT_URL = http://localhost:80/
+; HTTP_PORT = 80
+
+; --- Self-Signed Certificate ---
+PROTOCOL  = https
+ROOT_URL  = https://localhost:443/
 DOMAIN = localhost
-ROOT_URL = http://localhost:80/
-HTTP_PORT = 80
-LFS_JWT_SECRET = x-----------------------------------------x
+HTTP_PORT = 443
+CERT_FILE = cert.pem
+KEY_FILE  = key.pem
 
 [database]
 DB_TYPE = sqlite3
diff --git a/playbooks/deploy.yml b/playbooks/deploy.yml
index 26e13fd..d8458cf 100644
--- a/playbooks/deploy.yml
+++ b/playbooks/deploy.yml
@@ -44,7 +44,7 @@
         restart_policy: unless-stopped
         memory: 425m
         memory_swap: 900m
-        ports: [80:80, 2222:2222, 443:443]
+        ports: [80:80, 2222:2222, 443:443, "22:22"]
         env:
           GITEA__security__INTERNAL_TOKEN: "{{ internal_secret }}"
           GITEA__server__LFS_JWT_SECRET: "{{ lfs_secret }}"