feat: moved gitea terraform to this repository

image/Dockerfile

@@ -0,0 +1,15 @@
+FROM gitea/gitea:latest
+
+RUN apk add aws-cli xz
+
+ADD --chown=git:git custom /data/gitea
+ADD --chown=git:git entrypoint.sh /home/entrypoint.sh
+
+ADD --chown=git:git scripts /home/scripts
+RUN chmod +x /home/scripts/*
+
+ADD --chown=git:git crontab.txt /home/crontab.txt
+RUN /usr/bin/crontab /home/crontab.txt
+
+ENTRYPOINT [ "/home/entrypoint.sh" ]
+CMD [ "/usr/bin/s6-svscan", "/etc/s6" ]

image/Dockerfile.dev

@@ -0,0 +1,18 @@
+FROM gitea/gitea:latest
+
+RUN apk add aws-cli xz
+
+ADD --chown=git:git custom /data/gitea
+ADD --chown=git:git entrypoint.sh /home/entrypoint.sh
+
+ADD --chown=git:git scripts /home/scripts
+RUN chmod +x /home/scripts/*
+
+ADD --chown=git:git crontab.txt /home/crontab.txt
+RUN /usr/bin/crontab /home/crontab.txt
+
+RUN rm /data/gitea/conf/app.ini
+RUN mv /data/gitea/conf/dev.app.ini /data/gitea/conf/app.ini
+
+ENTRYPOINT [ "/home/entrypoint.sh" ]
+CMD [ "/usr/bin/s6-svscan", "/etc/s6" ]

image/crontab.txt

@@ -0,0 +1 @@
+0 0 * * * /home/scripts/push.sh >> /home/cron.log

image/custom/conf/app.ini

@@ -0,0 +1,91 @@
+APP_NAME = """Max's Code"""
+RUN_USER = git
+RUN_MODE = prod
+WORK_PATH = /var/lib/gitea
+
+[ui]
+DEFAULT_THEME = gitea-dark
+
+[repository]
+ROOT = /var/lib/gitea/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = /tmp/gitea/local-repo
+
+[repository.upload]
+TEMP_PATH = /tmp/gitea/uploads
+
+[server]
+APP_DATA_PATH = /var/lib/gitea
+LFS_START_SERVER = true
+OFFLINE_MODE = true
+
+DISABLE_SSH = false
+START_SSH_SERVER = true
+SSH_PORT = 22
+SSH_LISTEN_PORT = 2222
+SSH_DOMAIN = maximhutz.com
+BUILTIN_SSH_SERVER_USER = git
+
+DOMAIN = code.maximhutz.com
+ROOT_URL = https://code.maximhutz.com/
+HTTP_PORT = 80
+
+[database]
+DB_TYPE = sqlite3
+
+[session]
+PROVIDER_CONFIG = /var/lib/gitea/data/sessions
+PROVIDER = file
+GC_INTERVAL_TIME = 86400
+SESSION_LIFE_TIME = 86400
+
+[picture]
+AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /var/lib/gitea/data/repo-avatars
+
+[attachment]
+PATH = /var/lib/gitea/data/attachments
+
+[log]
+ROOT_PATH = /var/lib/gitea/data/log
+MODE = console
+LEVEL = info
+
+[security]
+INSTALL_LOCK = true
+SECRET_KEY = 
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
+PASSWORD_HASH_ALGO = pbkdf2
+
+[service]
+DISABLE_REGISTRATION = true
+REQUIRE_SIGNIN_VIEW = false
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_NOTIFY_MAIL = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+ENABLE_CAPTCHA = false
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS = noreply
+
+[lfs]
+PATH = /var/lib/gitea/git/lfs
+
+[mailer]
+ENABLED = false
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[cron.update_checker]
+ENABLED = false
+
+[repository.pull-request]
+DEFAULT_MERGE_STYLE = merge
+
+[repository.signing]
+DEFAULT_TRUST_MODEL = committer

image/custom/conf/dev.app.ini

@@ -0,0 +1,92 @@
+APP_NAME = """Max's Code"""
+RUN_USER = git
+RUN_MODE = prod
+WORK_PATH = /var/lib/gitea
+
+[ui]
+DEFAULT_THEME = gitea-dark
+
+[repository]
+ROOT = /var/lib/gitea/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = /tmp/gitea/local-repo
+
+[repository.upload]
+TEMP_PATH = /tmp/gitea/uploads
+
+[server]
+APP_DATA_PATH = /var/lib/gitea
+DISABLE_SSH = false
+START_SSH_SERVER = true
+SSH_PORT = 2222
+SSH_LISTEN_PORT = 2222
+BUILTIN_SSH_SERVER_USER = git
+LFS_START_SERVER = true
+OFFLINE_MODE = true
+SSH_DOMAIN = localhost
+DOMAIN = localhost
+ROOT_URL = http://localhost:80/
+HTTP_PORT = 80
+LFS_JWT_SECRET = x-----------------------------------------x
+
+[database]
+DB_TYPE = sqlite3
+
+[session]
+PROVIDER_CONFIG = /var/lib/gitea/data/sessions
+PROVIDER = file
+
+[picture]
+AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /var/lib/gitea/data/repo-avatars
+
+[attachment]
+PATH = /var/lib/gitea/data/attachments
+
+[log]
+ROOT_PATH = /var/lib/gitea/data/log
+MODE = console
+LEVEL = info
+
+[security]
+INSTALL_LOCK = true
+SECRET_KEY = 
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
+PASSWORD_HASH_ALGO = pbkdf2
+INTERNAL_TOKEN = x-----------------------------------------x
+
+[service]
+DISABLE_REGISTRATION = true
+REQUIRE_SIGNIN_VIEW = false
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_NOTIFY_MAIL = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+ENABLE_CAPTCHA = false
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS = noreply
+
+[lfs]
+PATH = /var/lib/gitea/git/lfs
+
+[mailer]
+ENABLED = false
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[cron.update_checker]
+ENABLED = false
+
+[repository.pull-request]
+DEFAULT_MERGE_STYLE = merge
+
+[repository.signing]
+DEFAULT_TRUST_MODEL = committer
+
+[oauth2]
+JWT_SECRET = x-----------------------------------------x

image/custom/public/assets/img/favicon.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="92pt" height="92pt" viewBox="0 0 92 92"><defs><clipPath id="a"><path d="M0 .113h91.887V92H0Zm0 0"/></clipPath></defs><g clip-path="url(#a)"><path style="stroke:none;fill-rule:nonzero;fill:#f03c2e;fill-opacity:1" d="M90.156 41.965 50.036 1.848a5.918 5.918 0 0 0-8.372 0l-8.328 8.332 10.566 10.566a7.03 7.03 0 0 1 7.23 1.684 7.034 7.034 0 0 1 1.669 7.277l10.187 10.184a7.028 7.028 0 0 1 7.278 1.672 7.04 7.04 0 0 1 0 9.957 7.05 7.05 0 0 1-9.965 0 7.044 7.044 0 0 1-1.528-7.66l-9.5-9.497V59.36a7.04 7.04 0 0 1 1.86 11.29 7.04 7.04 0 0 1-9.957 0 7.04 7.04 0 0 1 0-9.958 7.06 7.06 0 0 1 2.304-1.539V33.926a7.049 7.049 0 0 1-3.82-9.234L29.242 14.272 1.73 41.777a5.925 5.925 0 0 0 0 8.371L41.852 90.27a5.925 5.925 0 0 0 8.37 0l39.934-39.934a5.925 5.925 0 0 0 0-8.371"/></g></svg>

image/custom/public/assets/img/logo.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="92pt" height="92pt" viewBox="0 0 92 92"><defs><clipPath id="a"><path d="M0 .113h91.887V92H0Zm0 0"/></clipPath></defs><g clip-path="url(#a)"><path style="stroke:none;fill-rule:nonzero;fill:#f03c2e;fill-opacity:1" d="M90.156 41.965 50.036 1.848a5.918 5.918 0 0 0-8.372 0l-8.328 8.332 10.566 10.566a7.03 7.03 0 0 1 7.23 1.684 7.034 7.034 0 0 1 1.669 7.277l10.187 10.184a7.028 7.028 0 0 1 7.278 1.672 7.04 7.04 0 0 1 0 9.957 7.05 7.05 0 0 1-9.965 0 7.044 7.044 0 0 1-1.528-7.66l-9.5-9.497V59.36a7.04 7.04 0 0 1 1.86 11.29 7.04 7.04 0 0 1-9.957 0 7.04 7.04 0 0 1 0-9.958 7.06 7.06 0 0 1 2.304-1.539V33.926a7.049 7.049 0 0 1-3.82-9.234L29.242 14.272 1.73 41.777a5.925 5.925 0 0 0 0 8.371L41.852 90.27a5.925 5.925 0 0 0 8.37 0l39.934-39.934a5.925 5.925 0 0 0 0-8.371"/></g></svg>

image/custom/templates/base/head.tmpl

@@ -0,0 +1,49 @@
+<!DOCTYPE html>
+<html lang="{{ctx.Locale.Lang}}" data-theme="{{UserThemeName .SignedUser}}">
+<head>
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+        <title>{{if .Title}}{{.Title}} | {{end}}{{if .Repository.Name}}{{.Repository.Name}} - {{end}}{{AppName}}</title>
+        {{if .ManifestData}}<link rel="manifest" href="data:{{.ManifestData}}">{{end}}
+        <meta name="author" content="{{if .Repository}}{{.Owner.Name}}{{else}}{{MetaAuthor}}{{end}}">
+        <meta name="description" content="{{if .Repository}}{{.Repository.Name}}{{if .Repository.Description}} - {{.Repository.Description}}{{end}}{{else}}{{MetaDescription}}{{end}}">
+        <meta name="keywords" content="{{MetaKeywords}}">
+        <meta name="referrer" content="no-referrer">
+{{if .GoGetImport}}
+        <meta name="go-import" content="{{.GoGetImport}} git {{.RepoCloneLink.HTTPS}}">
+        <meta name="go-source" content="{{.GoGetImport}} _ {{.GoDocDirectory}} {{.GoDocFile}}">
+{{end}}
+{{if and .EnableFeed .FeedURL}}
+        <link rel="alternate" type="application/atom+xml" title="" href="{{.FeedURL}}.atom">
+        <link rel="alternate" type="application/rss+xml" title="" href="{{.FeedURL}}.rss">
+{{end}}
+        <link rel="icon" href="{{AssetUrlPrefix}}/img/favicon.svg" type="image/svg+xml">
+        <link rel="alternate icon" href="{{AssetUrlPrefix}}/img/favicon.png" type="image/png">
+        {{template "base/head_script" .}}
+        <noscript>
+                <style>
+                        .dropdown:hover > .menu { display: block; }
+                        .ui.secondary.menu .dropdown.item > .menu { margin-top: 0; }
+                </style>
+        </noscript>
+        {{template "base/head_opengraph" .}}
+        {{template "base/head_style" .}}
+        {{template "custom/header" .}}
+</head>
+<body hx-headers='{"x-csrf-token": "{{.CsrfToken}}"}' hx-swap="outerHTML" hx-ext="morph" hx-push-url="false">
+        {{template "custom/body_outer_pre" .}}
+
+        <div class="full height">
+                <noscript>{{ctx.Locale.Tr "enable_javascript"}}</noscript>
+
+                {{template "custom/body_inner_pre" .}}
+
+                {{if not .PageIsInstall}}
+                        {{template "base/head_navbar" .}}
+                {{end}}
+
+{{if false}}
+        {{/* to make html structure "likely" complete to prevent IDE warnings */}}
+        </div>
+</body>
+</html>
+{{end}}

image/custom/templates/home.tmpl

@@ -0,0 +1,14 @@
+{{template "base/head" .}}
+<div role="main"
+  aria-label="{{if .IsSigned}}{{ctx.Locale.Tr "dashboard"}}{{else}}{{ctx.Locale.Tr "home"}}{{end}}" class="page-content home">
+  <div class="tw-mb-8 tw-px-8">
+    <div class="center">
+      <img class="logo" width="220" height="220" src="{{AssetUrlPrefix}}/img/logo.svg" alt="{{ctx.Locale.Tr "logo"}}">
+      <div class="hero">
+        <h1 class="ui icon header title">{{AppName}}</h1>
+        <h2>This <a href="https://about.gitea.com/">Gitea</a> instance stores all my personal repositories.</h2>
+      </div>
+    </div>
+  </div>
+</div>
+{{template "base/footer" .}}

image/entrypoint.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# Get S3 data.
+echo "Pulling data..."
+./home/scripts/pull.sh
+echo "Data pulled!"
+
+# Run crontab.
+/usr/sbin/crond -f -l 8 &
+
+# shellcheck disable=SC2068
+exec /usr/bin/entrypoint $@

image/scripts/pull.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+# Pull achived data.
+aws s3 cp "$BOOT_URI" /home/archive.tar.xz
+
+# Extracted Gitea data.
+mkdir -p /var/lib/gitea
+tar -xvf /home/archive.tar.xz -C /var/lib/gitea

image/scripts/push.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+
+set -e
+
+GITEA_PROCESS="$(pgrep gitea)"
+
+# Stop Gitea.
+echo "Stopped Gitea..."
+kill -STOP "$GITEA_PROCESS"
+
+# Archive Gitea data.
+echo "Archiving..."
+cd /var/lib/gitea
+tar cfJ ../archive.tar.xz .
+cd ..
+
+# Upload to S3.
+echo "Uploading..."
+aws s3 cp archive.tar.xz "$BOOT_URI"
+
+# Restart Gitea.
+kill -CONT "$GITEA_PROCESS"
+echo "Restarted Gitea!"

terraform/iam.tf

@@ -0,0 +1,31 @@
+data "aws_s3_bucket" "storage_bucket" {
+  bucket = var.gitea_boot.bucket
+}
+
+data "aws_iam_policy_document" "gitea_bool_policy" {
+  statement {
+    effect    = "Allow"
+    actions   = ["s3:*", "s3-object-lambda:*"]
+    resources = ["${data.aws_s3_bucket.storage_bucket.arn}/${var.gitea_boot.key}"]
+  }
+}
+
+resource "aws_iam_policy" "gitea_boot_policy" {
+  name        = "${var.gitea_boot.role}Policy"
+  description = "The policy that manages the Gitea Boot."
+
+  policy = data.aws_iam_policy_document.gitea_bool_policy.json
+}
+
+resource "aws_iam_user" "gitea_boot_user" {
+  name = "${var.gitea_boot.role}User"
+}
+
+resource "aws_iam_user_policy_attachment" "attachment" {
+  user       = aws_iam_user.gitea_boot_user.name
+  policy_arn = aws_iam_policy.gitea_boot_policy.arn
+}
+
+resource "aws_iam_access_key" "gitea_boot_key" {
+  user = aws_iam_user.gitea_boot_user.name
+}

terraform/main.tf

@@ -0,0 +1,25 @@
+data "aws_iam_instance_profile" "ssm" {
+  name = "SSMInstanceProfile"
+}
+
+# The Gitea instance.
+resource "aws_instance" "gitea" {
+  # ami           = data.aws_ami.amazon-linux-2.id
+  ami           = "ami-0adec96dc0cdc7bca"
+  instance_type = "t4g.nano"
+  subnet_id     = module.vpc.private_subnets[0]
+
+  user_data                   = file("install.sh")
+  user_data_replace_on_change = true
+
+  iam_instance_profile = data.aws_iam_instance_profile.ssm.name
+
+  root_block_device {
+    volume_type = "gp3"
+    volume_size = 8
+  }
+
+  tags = {
+    Name = "Codebase: Gitea"
+  }
+}

terraform/output.tf

@@ -0,0 +1,27 @@
+output "instance_id" {
+  value       = aws_instance.gitea.id
+  description = "The instance ID of the Gitea instance."
+}
+
+output "ip_address" {
+  value       = aws_instance.gitea.private_ip
+  description = "The Gitea IP address."
+}
+
+output "boot_region" {
+  value = var.region
+  description = "The region to manipulate the codebase repository boot."
+  sensitive   = true
+}
+
+output "boot_id" {
+  value = aws_iam_access_key.gitea_boot_key.id
+  description = "The access id to manipulate the codebase repository boot."
+  sensitive   = true
+}
+
+output "boot_secret" {
+  value = aws_iam_access_key.gitea_boot_key.secret
+  description = "The access secret to manipulate the codebase repository boot."
+  sensitive   = true
+}

terraform/variables.tf

@@ -0,0 +1,13 @@
+variable "region" {
+  type        = string
+  description = "The AWS region things are created in."
+}
+
+variable "gitea_boot" {
+  type = object({
+    bucket = string
+    key    = string
+    role   = string
+  })
+  description = "The storage for the Gitea instance."
+}