# Gitea



[Gitea](https://gitea.io/en-us/)
[Docs](https://docs.gitea.io/fr-fr/)
[Forum](https://discourse.gitea.io)

### Installation

#### Créer le sous-domaine gitea:

Dans Plesk:

Sites Web et Domaines -> <u>Ajouter un sous-domaine</u>:

- Nom du sous-domaine: gitea.maboiteverte.fr
- Racine du document: gitea.maboiteverte.fr
- Cocher Protéger le domaine avec Let's Encrypt 

Sites Web et Domaines -> gitea.maboiteverte.fr -> <u>Paramètres d'Apache et de Nginx</u> -> Directives supplémentaires pour HTTPS :

```
<Proxy *>
	Order allow,deny
	Allow from all
</Proxy>
AllowEncodedSlashes NoDecode
ServerName gitea.maboiteverte.fr
ProxyPreserveHost On
ProxyRequests off

# Note: no trailing slash after either /git or port

ProxyPass / http://localhost:3000/ nocanon
ProxyPassReverse / http://localhost:3000/
```



#### Créer un base MySQL dans le sous-domaine Gitea:

bdd: admin_gitea
user/pwd: adm_gitea / 2X5$7isg

##### Régler les variables globales comme suit:

- innodb_default_row_format=dynamic
- innodb_file_format=Barracuda
- innodb_large_prefix=1

sinon on obtiendra l'erreur MySql/MariaDB: *issue: Error 1709: Index column size too large. The maximum column size is 767 bytes.*

Ajouter les fichiers de config MySQL:

```mysql
$ nano /etc/mysql/mariadb.conf.d/gitea.cnf
[mysqld]
innodb_default_row_format=dynamic

$ nano /etc/mysql/mariadb.conf.d/nextcloud.cnf
[mysqld]
innodb_large_prefix=true
innodb_file_format=barracuda
innodb_file_per_table=1
```

Sinon en ligne de commande (#root):

```mysql
SET GLOBAL innodb_default_row_format=dynamic;
```

Pour voir les variables:

```mysql
SHOW VARIABLES LIKE 'innodb_%'
```

Redémarrer MySQL:

```mysql
$ systemctl restart mariadb
```



#### Créer un user git:

```bash
adduser \
   --system \
   --shell /bin/bash \
   --gecos 'Git Version Control' \
   --group \
   --disabled-password \
   --home /home/git \
   git
```



#### Télécharger Gitea:

```bash
VERSION=1.14.4
sudo wget -O /tmp/gitea https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64
```



#### et l'installer:

```bash
$ sudo mv /tmp/gitea /usr/local/bin
$ sudo chmod +x /usr/local/bin/gitea
```



#### Créer les répertoires et régler les permissions:

```bash
$ mkdir -p /var/lib/gitea/{custom,data,log}
$ chown -R git:git /var/lib/gitea/
$ chmod -R 750 /var/lib/gitea/

$ mkdir /etc/gitea
$ chown root:git /etc/gitea
$ chmod 770 /etc/gitea
```



#### Créer le service Gitea:

```bash
$ sudo nano /etc/systemd/system/gitea.service
```

https://github.com/go-gitea/gitea/blob/master/contrib/systemd/gitea.service

ou télécharger celui de Gitea:

```bash
$ sudo wget https://raw.githubusercontent.com/go-gitea/gitea/master/contrib/systemd/gitea.service -P /etc/systemd/system/
```



#### Démarrer le service Gitea:

```bash
$ sudo systemctl daemon-reload
$ sudo systemctl enable --now gitea
```



#### Vérifier son état:

```bash
$ systemctl status gitea.service
● gitea.service - Gitea
   Loaded: loaded (/etc/systemd/system/gitea.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2020-05-09 07:20:30 CEST; 3h 7min ago
 Main PID: 2394 (gitea)
    Tasks: 8 (limit: 1099)
   CGroup: /system.slice/gitea.service
           └─2394 /usr/local/bin/gitea web -c /etc/gitea/app.ini

```


Confirmer:

```bash
$ gitea --version
Gitea version 1.11.4 built with GNU Make 4.1, go1.13.9 : bindata, sqlite, sqlite_unlock_notify
```



#### Ouvrir http://YOUR_DOMAIN_IR_IP:3000 dans le navigateur:

##### Database Settings:

- Database Type: MySQL
- Host: 127.0.0.1:3306
- Username: adm_gitea
- Password: xxx
- Database Name: admin_gitea
- utf8_general_ci

##### Applications General Settings:

- Site Title: Enter your organization name.
- Repository Root Path: Leave the default /home/git/gitea-repositories.
- Git LFS Root Path: Leave the default /var/lib/gitea/data/lfs.
- Run As Username: git
- SSH Server Domain: gitea.maboiteverte.fr
- SSH Port: 22, change it if SSH is listening on other Port
- Gitea HTTP Listen Port: 3000
- Gitea Base URL: https://gitea.maboiteverte.fr
- Log Path: Leave the default /var/lib/gitea/log

##### Server and other services settings:

cocher:

- Disable Self-registration
- Enable Require Sign in to view pages

##### Admin Account Settings:

on crée un compte administrateur pour Gitea.

#### Sécuriser le fichier de config:

```bash
$ sudo chmod 750 /etc/gitea
$ sudo chmod 640 /etc/gitea/app.ini
```

Configurer les notifications emails:

```bash
$sudo nano /etc/gitea/app.ini

# Ajouter:
[mailer]
ENABLED = true
HOST    = ssl0.ovh.net:465
FROM    = bruno@clicclac.info
USER    = bruno@clicclac.info
PASSWD  = xxx
```



#### Fichier de config app.ini:

```ini
APP_NAME = Gitea: Git with a cup of tea
RUN_USER = git
RUN_MODE = prod

[oauth2]
JWT_SECRET = pR6yqgc-yBWVDDH83xZknCKmm6OkOYe1-lQF6w4QZCM

[security]
INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1ODkwMzkxMDF9.0ndONUH1YHloYbEJjuMEuOfvmHaQ86xigzQWv8E0BZY
INSTALL_LOCK   = true
SECRET_KEY     = vD6g09GpvXk0iuM6U1uwcFc2fm5xykkLvYmib88Er7OZOwlSMdp1MjrmNkot6KZz

[database]
DB_TYPE  = mysql
HOST     = 127.0.0.1:3306
NAME     = admin_gitea
USER     = adm_gitea
PASSWD   = 2X5$7isg
SSL_MODE = disable
CHARSET  = utf8mb4
PATH     = /var/lib/gitea/data/gitea.db

[repository]
ROOT = /home/git/gitea-repositories

[server]
SSH_DOMAIN       = gitea.maboiteverte.fr
DOMAIN           = gitea.maboiteverte.fr
HTTP_PORT        = 3000
ROOT_URL         = https://gitea.maboiteverte.fr:3000/
DISABLE_SSH      = false
SSH_PORT         = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
LFS_JWT_SECRET   = it_832yGFx-X9yLKg2otEiG7qyNa12p3C7S8VZbRVeM
OFFLINE_MODE     = false

[mailer]
ENABLED = true
HOST    = ssl0.ovh.net:465
FROM    = bruno@clicclac.info
USER    = bruno@clicclac.info
PASSWD  = dt7ek7wA6

[service]
REGISTER_EMAIL_CONFIRM            = false
ENABLE_NOTIFY_MAIL                = false
DISABLE_REGISTRATION              = false
ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
ENABLE_CAPTCHA                    = false
REQUIRE_SIGNIN_VIEW               = false
DEFAULT_KEEP_EMAIL_PRIVATE        = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING       = true
NO_REPLY_ADDRESS                  = noreply.maboiteberte.fr

[picture]
DISABLE_GRAVATAR        = false
ENABLE_FEDERATED_AVATAR = true

[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true

[session]
PROVIDER = file

[log]
MODE      = file
LEVEL     = info
ROOT_PATH = /var/lib/gitea/log


```

Redémarrer Gitea:

```bash
$ sudo systemctl restart gitea
```



### Mettre à jour Gitea:

Arrêter le service:

```bash
$ sudo systemctl stop gitea
```

Télécharger la dernière version:

```bash
VERSION=<THE_LATEST_GITEA_VERSION>
wget -O /tmp/gitea https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64
sudo mv /tmp/gitea /usr/local/bin
sudo chmod +x /usr/local/bin/gitea
```

Redémarrer le service:

```bash
$ sudo systemctl restart gitea
```



*Configurer SSL pour le sous-domaine pour Gitea:*

Avoir un sous-domaine pour Gitea
https://gitea.maboiteverte.fr


```bash
DOMAIN=gitea.maboiteverte.fr
[server]
PROTOCOL=https
ENABLE_LETSENCRYPT=true
LETSENCRYPT_ACCEPTTOS=true
LETSENCRYPT_DIRECTORY=https
LETSENCRYPT_EMAIL=bruno@clicclac.info
```

```bash
cd /etc/gitea
mkdir keys
chown root:git keys/
```

```bash
root@localhost:/opt/psa/var/modules/letsencrypt/etc/live/gitea.maboiteverte.fr# cp privkey.pem /etc/gitea/keys/privkey.pem
root@localhost:/opt/psa/var/modules/letsencrypt/etc/live/gitea.maboiteverte.fr# cp fullchain.pem /etc/gitea/keys/fullchain.pem
```

```bash
chown -R root:git /etc/gitea/keys
```

Certifcats pour le domaine gitea.maboiteverte.fr

```bash
/opt/psa/var/modules/sslit/etc/live/gitea.maboiteverte.fr/cert.pem
/opt/psa/var/modules/sslit/etc/live/gitea.maboiteverte.fr/chain.pem
/opt/psa/var/modules/sslit/etc/live/gitea.maboiteverte.fr/fullchain.pem
/opt/psa/var/modules/sslit/etc/live/gitea.maboiteverte.fr/privkey.pem

/opt/psa/var/modules/letsencrypt/etc/live/gitea.maboiteverte.fr/cert.pem
/opt/psa/var/modules/letsencrypt/etc/live/gitea.maboiteverte.fr/chain.pem
/opt/psa/var/modules/letsencrypt/etc/live/gitea.maboiteverte.fr/fullchain.pem
/opt/psa/var/modules/letsencrypt/etc/live/gitea.maboiteverte.fr/privkey.pem
```

This directory contains your keys and certificates.

`privkey.pem`  : the private key for your certificate.
`fullchain.pem`: the certificate file used in most server software.
`chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.
`cert.pem`     : will break many server configurations, and should not be used without reading further documentation (see link below).

We recommend not moving these files. For more information, see the Certbot
User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates .

A ajouter à l'app.ini

```ini
SSLCertificateFile /opt/psa/var/modules/letsencrypt/etc/live/gitea.maboiteverte.fr/cert.pem
SSLCertificateKeyFile /opt/psa/var/modules/letsencrypt/etc/live/gitea.maboiteverte.fr/privkey.pem
SSLCertificateChainFile /opt/psa/var/modules/letsencrypt/etc/live/gitea.maboiteverte.fr/chain.pem
#	/opt/psa/var/modules/letsencrypt/etc/live/gitea.maboiteverte.fr/fullchain.pem
```





### Dépots

```bash
#ssh: git@gitea.maboiteverte.fr:bruno/yuzu-child_mbv.git
#https: https://gitea.maboiteverte.fr:3000/bruno/yuzu-child_mbv.git

git remote add gitea https://gitea.maboiteverte.fr:3000/bruno/yuzu-child_mbv.git
git remote add gitea git@gitea.maboiteverte.fr:bruno/yuzu-child_mbv.git
git push -u gitea master
```



### Sécuriser Gitea:

```bash
sudo chmod 750 /etc/gitea
sudo chmod 640 /etc/gitea/app.ini
```

#### Empêcher l'indexation des pages de Gitea:

```bash
root@localhost:/etc/gitea# mkdir custom
root@localhost:/etc/gitea# cd custom/
root@localhost:/etc/gitea/custom# nano robots.txt

# Ajouter les deux lignes suivantes pour interdire l'indexation des pages du site :

User-agent: *
Disallow: /

root@localhost:/etc/gitea/custom# cd ..
root@localhost:/etc/gitea# chown -R root:git custom/
sudo service gitea restart
```

#### Une fois les utilisateurs ajoutés, désactiver le formulaire d'inscription pour minimiser les tentatives de spam.

```bash
sudo nano /etc/gitea/app.ini

# Passer false à true pour désactiver l'inscription.

DISABLE_REGISTRATION              = true
```



### Push and create

Il est possible de pousser et créer un dépôt, même si celui-ci n'existe pas encore sur Gitea (ssh obligatoire).

```bash
# On ajoute le dépôt distant (creator-child_mbv.git) qui n'existe pas encore:
git remote add gitea git@gitea.maboiteverte.fr:bruno/creator-child_mbv.git

# Push to create n'est pas permis pour les organisations

# On pousse le dépot local
git push -u gitea master
Enumerating objects: 236, done.
Counting objects: 100% (236/236), done.
Delta compression using up to 8 threads
Compressing objects: 100% (232/232), done.
Writing objects: 100% (236/236), 670.57 KiB | 6.77 MiB/s, done.
Total 236 (delta 85), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (85/85), done.
remote: . Processing 1 references
remote: Processed 1 references in total
To gitea.maboiteverte.fr:bruno/creator-child_mbv.git

 * [new branch]      master -> master
   Branch 'master' set up to track remote branch 'master' from 'gitea'.
   
# Le dépôt distant creator-child_mbv.git a bien été crée.
```



### Backup / Restore

#### Backup:

```bash
su git
/usr/local/bin/gitea dump -c /etc/gitea/app.ini

# Crée une archive dans le home de git:
/home/git/gitea-dump-1589130582.zip
```

#### Restore:

https://docs.gitea.io/en-us/backup-and-restore/#restore-command-restore



#### Transférér un dépot vers une organisation:

Dépot -> paramètres -> Zone de danger -> Changer de propriétaire



### Personnaliser:

https://docs.gitea.io/en-us/customizing-gitea/

#### Ajouter un lien dans la barre de navigation:

```bash
# Ajouter un fichier extra_links.tmpl

$ nano /var/lib/gitea/custom/templates/custom/extra_links.tmpl

<a class="item" href="https://maboiteverte.fr">maboiteverte.fr</a>

# Redémarrer Gitea
$ sudo service gitea restart
```

#### Ajouter un lien dans la barre de navigation inférieure:

```bash
# Ajouter un fichier extra_links_footer.tmpl

$ nano /var/lib/gitea/custom/templates/custom/extra_links_footer.tmpl

<a class="item" href="{{AppSubUrl}}/privacy.html">Privacy Policy</a>

$ cd /var/lib/gitea/custom/public
privacy.html

# Redémarrer Gitea
$ sudo service gitea restart
```



### Liens

https://wiki.visionduweb.fr/index.php?title=Installer_un_serveur_Git_avec_Gitea#Copier_les_certificats_SSL_de_Let.27s_Encrypt_vers_le_r.C3.A9pertoire_keys_cr.C3.A9.C3.A9_pour_Gitea
https://charlesreid1.github.io/setting-up-a-self-hosted-github-clone-with-gitea.html
https://www.howtoforge.com/tutorial/how-to-install-gitea-with-https-on-debian-10/
https://clouding.io/hc/en-us/articles/360011461459-How-to-Install-Gitea-Git-Service-on-Ubuntu-18-04
https://linuxize.com/post/how-to-install-gitea-on-ubuntu-18-04/
https://computingforgeeks.com/how-to-install-gitea-git-service-on-ubuntu/
https://golb.hplar.ch/2018/06/self-hosted-git-server.html

https://mike42.me/blog/2019-05-how-to-integrate-gitea-and-jenkins
https://wiki.evolix.org/HowtoGitea

Webhook

https://blog.samuel.domains/blog/tutorials/static-websites-automatic-deployment-with-gitea-an-example-with-jekyllhttps://support.gitkraken.com/integrations/authentication/
https://organicdesign.nz/Gitea