feat(containers): self-contained forgejo image

Support for PostgreSQL et al will be added later on.

1 files changed, 49 insertions, 0 deletions

diff --git a/images/forgejo/setup.sh b/images/forgejo/setup.sh
new file mode 100755
index 0000000..af46ac5
--- /dev/null
+++ b/images/forgejo/setup.sh
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -eux
+
+# Secure forgejo files before anything.
+adduser \
+  --system \
+  --shell /bin/bash \
+  --gecos 'Git Version Control' \
+  --group \
+  --disabled-password \
+  --home /home/git git
+
+mkdir -p /var/lib/forgejo
+chown git:git /var/lib/forgejo 
+chmod 750 /var/lib/forgejo
+
+mkdir -p /etc/forgejo
+chown -R root:git /etc/forgejo
+
+for file in app.ini lfs_jwt_secret secret_key internal_token oauth2_jwt_secret; do
+  chmod 0640 /etc/forgejo/"$file"
+done
+
+apt-get update -y
+
+apt-get upgrade -y
+
+apt-get --no-install-recommends install -y \
+  ca-certificates \
+  dirmngr \
+  gpg \
+  gpg-agent \
+  curl \
+  git \
+  git-lfs \
+  systemd
+
+version=7.0.3
+curl -LO \
+  "https://codeberg.org/forgejo/forgejo/releases/download/v$version/forgejo-$version-linux-amd64"
+gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
+curl -LO \
+  "https://codeberg.org/forgejo/forgejo/releases/download/v$version/forgejo-$version-linux-amd64.asc"
+gpg --verify forgejo-$version-linux-amd64.asc forgejo-$version-linux-amd64
+
+
+chmod +x "forgejo-$version-linux-amd64"
+mv "forgejo-$version-linux-amd64" /usr/local/bin/forgejo