working state

.gitignore

@@ -0,0 +1 @@
+.atom-build.yml

Dockerfile

@@ -0,0 +1,8 @@
+FROM gitea/gitea:latest
+
+LABEL maintainer="Lukasz Jarosz <lukasz@jarosz.pl>"
+
+COPY files /
+
+RUN apk update && \
+    apk add --no-cache mariadb mariadb-client nginx pwgen su-exec python3

files/etc/s6/mariadb/finish

@@ -0,0 +1 @@
+#!/bin/sh

files/etc/s6/mariadb/run

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+DATADIR=${DATADIR:-"/data/mariadb"}
+MYSQL_OPTS=${MYSQL_OPTS:-""}
+
+[[ -f ./setup ]] && source ./setup
+
+exec su-exec mysql:mysql mysqld --datadir=$DATADIR --console $MYSQL_OPTS
+

files/etc/s6/mariadb/setup

@@ -0,0 +1,41 @@
+#!/bin/sh
+
+if [ ! -d /run/mysqld ]; then
+  echo "/run/mysqld not found so creating one"
+  mkdir -p /run/mysqld
+fi
+chown mysql:mysql /run/mysqld
+
+if [ ! -d $DATADIR ]; then
+  echo "initializing db because $DATADIR is missing"
+
+  echo "creating $DATADIR and ensuring permissions"
+  mkdir -p $DATADIR
+  chown mysql:mysql $DATADIR
+
+
+  echo "installing db"
+  su-exec mysql:mysql mysql_install_db --force --datadir=$DATADIR
+
+  echo "pushing initialization data into server"
+  su-exec mysql:mysql mysqld --datadir=$DATADIR &
+  pid="$!"
+
+  for i in {30..0}; do
+    if echo 'SELECT 1' | mysql &> /dev/null; then
+      break
+    fi
+    echo 'MySQL init process in progress...'
+    sleep 5
+	done
+
+  envsubst "`printf '${%s} ' $(sh -c "env|cut -d'=' -f1")`" < /etc/templates/dbinit.sql > /tmp/dbinit.sql
+  cat /tmp/dbinit.sql | mysql
+
+  if ! kill -s TERM "$pid" || ! wait "$pid"; then
+    echo >&2 'MySQL init process failed.'
+    exit 1
+  fi
+
+  #rm /tmp/dbinit.sql
+fi

files/etc/s6/nginx/finish

@@ -0,0 +1 @@
+#!/bin/sh

files/etc/s6/nginx/run

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+[[ -f ./setup ]] && source ./setup
+
+if ! nginx -q -t -c /etc/nginx/nginx.conf; then
+  echo "Bad nginx configuration file"
+  exit 1
+fi
+
+exec 2>&1 # pipe stderr to stdout
+exec nginx -c /etc/nginx/nginx.conf -g 'daemon off;'

files/etc/s6/nginx/setup

@@ -0,0 +1,13 @@
+#!/bin/sh
+if [ ! -d /run/nginx ]; then
+  mkdir -p /run/nginx
+  chown nginx /run/nginx
+fi
+
+while [ ! -f /data/gitea/conf/app.ini ]; do
+  echo "Gitea configuration is still not ready waiting 10 seconds..."
+  sleep 10
+done
+
+GITEA_DOMAIN=$(iniget /data/gitea/conf/app.ini server DOMAIN)
+GITEA_DOMAIN=${GITEA_DOMAIN:-"localhost"} envsubst '${GITEA_DOMAIN}' < /etc/templates/nginx.conf > /etc/nginx/nginx.conf

files/etc/templates/app.ini

@@ -0,0 +1,44 @@
+APP_NAME = $APP_NAME
+RUN_MODE = $RUN_MODE
+
+[repository]
+ROOT = /data/git/repositories
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH = /data/gitea
+SSH_DOMAIN       = $SSH_DOMAIN
+HTTP_ADDR        = 127.0.0.1
+HTTP_PORT        = $HTTP_PORT
+ROOT_URL         = $ROOT_URL
+DISABLE_SSH      = $DISABLE_SSH
+SSH_PORT         = $SSH_PORT
+
+[database]
+DB_TYPE = $DB_TYPE
+HOST    = $DB_HOST
+NAME    = $DB_NAME
+USER    = $DB_USER
+PASSWD  = $DB_PASSWD
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+
+[picture]
+AVATAR_UPLOAD_PATH = /data/gitea/avatars
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+ROOT_PATH = /data/gitea/log
+
+[security]
+INSTALL_LOCK = $INSTALL_LOCK
+SECRET_KEY   = $SECRET_KEY
+
+[service]
+DISABLE_REGISTRATION = $DISABLE_REGISTRATION
+REQUIRE_SIGNIN_VIEW  = $REQUIRE_SIGNIN_VIEW

files/etc/templates/dbinit.sql

@@ -0,0 +1,6 @@
+DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost');
+GRANT ALL ON *.* TO root@localhost WITH GRANT OPTION;
+DROP DATABASE IF EXISTS test;
+
+CREATE DATABASE IF NOT EXISTS $DB_NAME CHARACTER SET utf8 COLLATE utf8_general_ci;
+GRANT ALL ON $DB_NAME.* TO '$DB_USER'@localhost IDENTIFIED BY '$DB_PASSWD';

files/etc/templates/nginx.conf

@@ -0,0 +1,124 @@
+# as simple as nginx user
+user nginx;
+
+# Set number of worker processes automatically based on number of CPU cores.
+worker_processes auto;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+# Configures default error logger.
+error_log /var/log/nginx/error.log warn;
+
+
+events {
+	# The maximum number of simultaneous connections that can be opened by
+	# a worker process.
+	worker_connections 1024;
+}
+
+http {
+	# Includes mapping of file name extensions to MIME types of responses
+	# and defines the default type.
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	# Name servers used to resolve names of upstream servers into addresses.
+	# It's also needed when using tcpsocket and udpsocket in Lua modules.
+	#resolver 208.67.222.222 208.67.220.220;
+
+	# Don't tell nginx version to clients.
+	server_tokens off;
+
+	# Specifies the maximum accepted body size of a client request, as
+	# indicated by the request header Content-Length. If the stated content
+	# length is greater than this size, then the client receives the HTTP
+	# error code 413. Set to 0 to disable.
+	client_max_body_size 1m;
+
+	# Timeout for keep-alive connections. Server will close connections after
+	# this time.
+	keepalive_timeout 65;
+
+	# Sendfile copies data between one FD and other from within the kernel,
+	# which is more efficient than read() + write().
+	sendfile on;
+
+	# Don't buffer data-sends (disable Nagle algorithm).
+	# Good for sending frequent small bursts of data in real time.
+	tcp_nodelay on;
+
+	# Causes nginx to attempt to send its HTTP response head in one packet,
+	# instead of using partial frames.
+	#tcp_nopush on;
+
+
+	# Path of the file with Diffie-Hellman parameters for EDH ciphers.
+	#ssl_dhparam /etc/ssl/nginx/dh2048.pem;
+
+	# Specifies that our cipher suits should be preferred over client ciphers.
+	ssl_prefer_server_ciphers on;
+
+	# Enables a shared SSL cache with size that can hold around 8000 sessions.
+	ssl_session_cache shared:SSL:2m;
+
+
+	# Enable gzipping of responses.
+	#gzip on;
+
+	# Set the Vary HTTP header as defined in the RFC 2616.
+	gzip_vary on;
+
+	# Enable checking the existence of precompressed files.
+	#gzip_static on;
+
+
+	# Specifies the main log format.
+	#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+	#		'$status $body_bytes_sent "$http_referer" '
+	#		'"$http_user_agent" "$http_x_forwarded_for"';
+
+	# Sets the path, format, and configuration for a buffered log write.
+	#access_log /var/log/nginx/access.log main;
+
+  server {
+    listen 80;
+    listen [::]:80;
+
+    server_name $GITEA_DOMAIN;
+    client_max_body_size 200M;
+
+    location / {
+      proxy_pass http://localhost:3000;
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+    }
+
+  }
+}
+
+
+
+# redirect to ssl
+#server {
+#  listen 80;
+#  listen [::]:80;
+#  server_name $GITEA_DOMAIN;
+#  return 301 https://$server_name$request_uri;
+#}
+
+#server {
+#  listen 443 ssl http2;
+#  listen [::]:443 ssl http2;
+#  server_name $GITEA_DOMAIN;
+#  client_max_body_size 50M;
+#  ssl_certificate /data/ssl/cert.crt;
+#  ssl_certificate_key /data/ssl/cert.key;
+#  location / {
+#    proxy_pass http://localhost:3000;
+#    proxy_set_header Host $host;
+#    proxy_set_header X-Real-IP $remote_addr;
+#  }
+#}
+
+

files/usr/bin/entrypoint

@@ -0,0 +1,56 @@
+#!/bin/sh
+# generic variables
+GITEA_DIRS="/data/gitea/conf /data/gitea/log /data/git /data/ssh"
+
+# ensuring s6 service files permissions
+chmod +x /etc/s6/**/*
+
+### COPIED FROM ORIGINAL /usr/bin/entrypoint
+
+if [ "${USER}" != "git" ]; then
+    # rename user
+    sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd
+    # switch sshd config to different user
+    sed -i -e "s/AllowUsers git/AllowUsers ${USER}/g" /etc/ssh/sshd_config
+fi
+
+## Change GID for USER?
+if [ -n "${USER_GID}" ] && [ "${USER_GID}" != "`id -g ${USER}`" ]; then
+    sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/" /etc/group
+    sed -i -e "s/^${USER}:\([^:]*\):\([0-9]*\):[0-9]*/${USER}:\1:\2:${USER_GID}/" /etc/passwd
+fi
+
+## Change UID for USER?
+if [ -n "${USER_UID}" ] && [ "${USER_UID}" != "`id -u ${USER}`" ]; then
+    sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:\([0-9]*\)/${USER}:\1:${USER_UID}:\2/" /etc/passwd
+fi
+
+### END OF COPY
+
+# create missing dirs if they doesn't exist
+for DIR in $GITEA_DIRS; do
+  mkdir -p $DIR
+done
+
+# configuration bootstrap (if configuration file exists it takes precedence over shell variables)
+set -a
+if [ -f /data/gitea/conf/app.ini ]; then
+  DB_HOST=$(iniget /data/gitea/conf/app.ini database HOST)
+  DB_TYPE=$(iniget /data/gitea/conf/app.ini database DB_TYPE)
+  DB_USER=$(iniget /data/gitea/conf/app.ini database USER)
+  DB_NAME=$(iniget /data/gitea/conf/app.ini database NAME)
+  DB_PASSWD=$(iniget /data/gitea/conf/app.ini database NAME)
+else
+  DB_HOST="localhost:3306"
+  DB_TYPE="mysql"
+  DB_USER=${DB_USER:-"gitea"}
+  DB_NAME=${DB_NAME:-"gitea"}
+
+  if [ -z "${DB_PASSWD}" ] ; then
+    export DB_PASSWD=$(pwgen -1 32)
+    echo "Automagically generated database password: $DB_PASSWD"
+  fi
+fi
+set +a
+
+exec /bin/s6-svscan /etc/s6

files/usr/bin/iniget

@@ -0,0 +1,23 @@
+#!/usr/bin/env python3
+import sys
+import configparser
+import io
+
+filename = sys.argv[1]
+section  = sys.argv[2]
+variable = sys.argv[3]
+
+
+try:
+    with open(filename, "r") as f:
+        stream = io.StringIO()
+        stream.write("[DEFAULT]\n")
+        stream.write(f.read())
+
+        cfg = configparser.ConfigParser(strict=False)
+        cfg.read_string(stream.getvalue())
+        sys.stdout.write(cfg.get(section, variable))
+        exit(0)
+except:
+    sys.stdout.write("")
+    exit(1)