kenjim/appa-net
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added git server info

Browse Source
This commit is contained in:
Kenji Morishige
2026-04-22 14:59:04 -05:00
parent 2f0a95674c
commit 060219d161
4 changed files with 704 additions and 6248 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6248
pfsense.home.arpa/backups/pfsense-config-2026-04-22_144353.xml
View File

File diff suppressed because it is too large Load Diff

115
zet.home.arpa/git-server/GITEA.SERVICE Normal file
View File

@@ -0,0 +1,115 @@
# Gitea Service Unit File
Systemd service configuration for Gitea git server.
```ini
[Unit]
Description=Gitea (Git with a cup of tea)
After=network.target
[Service]
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
# Hardening
PrivateTmp=true
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
```
**Location**: `/etc/systemd/system/gitea.service`
**File Format**: Systemd unit file (INI-style)
## Key Configuration Parameters
### [Unit] Section
- **Description**: Gitea (Git with a cup of tea)
- **After**: Service starts after network is available
### [Service] Section
#### Execution
- **Type**: simple (traditional foreground process)
- **User**: git (unprivileged system user)
- **Group**: git (service group)
- **WorkingDirectory**: /var/lib/gitea (Gitea data directory)
- **ExecStart**: Command to start Gitea with config file
#### Restart Policy
- **Restart**: always (auto-restart on exit)
- **RestartSec**: 2s (wait 2 seconds before restarting)
#### Environment
- **USER**: git
- **HOME**: /home/git
- **GITEA_WORK_DIR**: /var/lib/gitea
#### Security Hardening
- **PrivateTmp**: true
- Isolates /tmp and /var/tmp for the process
- Prevents temp file leaks between processes
- **NoNewPrivileges**: true
- Prevents capability escalation
- Drops all capabilities except those explicitly granted
### [Install] Section
- **WantedBy**: multi-user.target
- Service is wanted by the multi-user runlevel
- Enables auto-start on boot when enabled
## Service Management Commands
### Status and Control
```bash
sudo systemctl status gitea # Check current status
sudo systemctl start gitea # Start the service
sudo systemctl stop gitea # Stop the service
sudo systemctl restart gitea # Restart the service
sudo systemctl enable gitea # Enable auto-start on boot
sudo systemctl disable gitea # Disable auto-start on boot
```
### Monitoring
```bash
journalctl -u gitea -n 50 --no-pager # Last 50 log lines
journalctl -u gitea -f # Follow live logs
journalctl -u gitea --since "2 hours ago" # Logs from last 2 hours
```
### Reload Systemd
If you edit the unit file:
```bash
sudo systemctl daemon-reload
sudo systemctl restart gitea
```
## Lifecycle
1. **Systemd Start**: Systemd reads the unit file
2. **Environment Setup**: Sets USER=git, HOME=/home/git, GITEA_WORK_DIR
3. **Process Isolation**: Activates PrivateTmp and security restrictions
4. **Gitea Launch**: Executes `/usr/local/bin/gitea web --config /etc/gitea/app.ini`
5. **Crash Handling**: If process exits, waits 2 seconds and restarts automatically
## Notes
- Service runs in foreground (Type=simple) rather than daemon mode
- Output goes to systemd journal (viewable via `journalctl`)
- Working directory is `/var/lib/gitea` where Gitea stores data
- Restart policy ensures automatic recovery from crashes
- Security hardening prevents privilege escalation and temp file exposure
---
**Last Updated**: 2026-04-22
**Source**: `/etc/systemd/system/gitea.service` on zet.home.arpa

211
zet.home.arpa/git-server/QUICK-REFERENCE.md Normal file
View File

@@ -0,0 +1,211 @@
# Git Server Quick Reference
Quick commands and tips for managing the Gitea git server on zet.home.arpa.
## Access
| What | URL/Command | Notes |
|------|-------------|-------|
| **Web Interface** | http://172.27.0.35:3000 | View repos, manage settings |
| **SSH Clone** | git@172.27.0.35:username/repo.git | Requires SSH key setup |
| **HTTPS Clone** | http://172.27.0.35:3000/username/repo.git | Public repos only |
| **API Base** | http://172.27.0.35:3000/api/v1 | Programmatic access |
| **Logs** | `journalctl -u gitea` | Service logs |
## Common Tasks
### Check Service Status
```bash
ssh zet "sudo systemctl status gitea"
```
### View Recent Logs
```bash
ssh zet "sudo journalctl -u gitea -n 30 --no-pager"
```
### Restart Gitea
```bash
ssh zet "sudo systemctl restart gitea"
```
### Check Memory Usage
```bash
ssh zet "ps aux | grep gitea | grep -v grep"
```
### List All Repositories (API)
```bash
curl http://172.27.0.35:3000/api/v1/repos/search
```
### Create New Repository (Web UI)
1. Visit http://172.27.0.35:3000
2. Click "+" in navigation
3. Select "New Repository"
4. Fill in repository details
5. Click "Create Repository"
### Clone a Repository
```bash
# Via HTTPS
git clone http://172.27.0.35:3000/kenjim/appa-net.git
# Via SSH (requires SSH key)
git clone git@172.27.0.35:kenjim/appa-net.git
```
### Push Changes (Requires Permission)
```bash
git push origin main
```
If you get "Permission denied", request push access through the web UI.
## Service Commands
### Manage Service
```bash
sudo systemctl start gitea # Start
sudo systemctl stop gitea # Stop
sudo systemctl restart gitea # Restart
sudo systemctl reload gitea # Reload config (if supported)
```
### Enable/Disable Auto-start
```bash
sudo systemctl enable gitea # Auto-start on boot
sudo systemctl disable gitea # Don't auto-start on boot
```
### View Service Unit File
```bash
cat /etc/systemd/system/gitea.service
```
## Monitoring
### Real-time Process Monitor
```bash
watch -n 2 'ps aux | grep gitea | grep -v grep'
```
### Disk Usage
```bash
du -sh /var/lib/gitea
du -sh /var/lib/gitea/repositories
```
### Live Logs
```bash
journalctl -u gitea -f
```
## Troubleshooting
### Service Won't Start
```bash
journalctl -u gitea -n 50 --no-pager # Check error messages
sudo systemctl status gitea --no-pager
```
### SSH Clone Not Working
```bash
# Test SSH connection
ssh -vvv git@172.27.0.35
# Verify your SSH key
cat ~/.ssh/id_rsa.pub
```
### HTTP Clone Fails
```bash
# Test web server
curl -I http://172.27.0.35:3000
curl -I http://172.27.0.35:3000/api/v1/version
```
### High Memory Usage
```bash
# Restart the service
sudo systemctl restart gitea
# Check if issue resolves
watch -n 2 'ps aux | grep gitea'
```
## Repository URLs
### Appa-net Repository
- **SSH**: git@172.27.0.35:kenjim/appa-net.git
- **HTTP**: http://172.27.0.35:3000/kenjim/appa-net.git
- **Web**: http://172.27.0.35:3000/kenjim/appa-net
### Dotfiles Repository
- **SSH**: git@172.27.0.35:kenjim/dotfiles.git
- **HTTP**: http://172.27.0.35:3000/kenjim/dotfiles.git
- **Web**: http://172.27.0.35:3000/kenjim/dotfiles
### Test Repository
- **SSH**: git@172.27.0.35:kenjim/test.git
- **HTTP**: http://172.27.0.35:3000/kenjim/test.git
- **Web**: http://172.27.0.35:3000/kenjim/test
## Useful Files
| Path | Purpose | Owner |
|------|---------|-------|
| `/usr/local/bin/gitea` | Gitea executable | root |
| `/etc/gitea/app.ini` | Configuration file | root |
| `/var/lib/gitea` | Data directory | git |
| `/var/lib/gitea/repositories` | Repository storage | git |
| `/etc/systemd/system/gitea.service` | Service definition | root |
| `/home/git` | Git user home | git |
## Configuration Location
**Config File**: `/etc/gitea/app.ini`
To view/edit:
```bash
sudo nano /etc/gitea/app.ini
sudo systemctl restart gitea # After changes
```
## API Authentication
Generate a personal access token in the web UI:
1. Visit http://172.27.0.35:3000/user/settings/applications
2. Create a new token
3. Use in API calls:
```bash
curl -H "Authorization: token YOUR_TOKEN" \
http://172.27.0.35:3000/api/v1/repos/search
```
## SSH Key Setup (If Needed)
To use SSH with Gitea:
```bash
# Generate key (if you don't have one)
ssh-keygen -t ed25519 -C "your-email@example.com"
# Add key to your Gitea account
# Visit: http://172.27.0.35:3000/user/settings/keys
# Click "Add Key" and paste your public key (~/.ssh/id_ed25519.pub)
# Test SSH access
ssh -T git@172.27.0.35
```
## Useful Links
- **Gitea Documentation**: https://docs.gitea.io/
- **Gitea Configuration**: https://docs.gitea.io/en-us/config-cheat-sheet/
- **Gitea API**: https://docs.gitea.io/en-us/api-usage/
---
**Last Updated**: 2026-04-22
**Server**: zet.home.arpa (172.27.0.35:3000)

378
zet.home.arpa/git-server/README.md Normal file
View File

@@ -0,0 +1,378 @@
# Git Server Configuration
Gitea git server running on zet.home.arpa for managing internal repositories.
## Overview
**Software**: Gitea (Git with a cup of tea)
**Version**: 1.25.4
**Location**: zet.home.arpa (172.27.0.35)
**URL**: http://172.27.0.35:3000/
**User**: kenjim
**Status**: Running and operational
## Installation Details
### Binary and Paths
| Component | Path | Details |
|-----------|------|---------|
| **Gitea Binary** | `/usr/local/bin/gitea` | Main executable |
| **Work Directory** | `/var/lib/gitea` | Data and repositories |
| **Custom Configuration** | `/var/lib/gitea/custom` | Custom templates, plugins, themes |
| **Config File** | `/etc/gitea/app.ini` | Gitea configuration (root-owned) |
| **System User** | `git` (UID 1002) | Service runs as this user |
| **System Group** | `git` (GID 1003) | Service group |
### Build Information
- **Build Tool**: GNU Make 4.3
- **Language**: Go 1.25.6
- **Database**: SQLite with unlock notifications
- **Binary Format**: bindata (self-contained assets)
### System Integration
**Systemd Service**: `gitea.service`
```
[Unit]
Description=Gitea (Git with a cup of tea)
After=network.target
[Service]
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
RestartSec=2s
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
# Hardening
PrivateTmp=true
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
```
**Status**:
- Enabled: Yes (auto-start on boot)
- Active: Yes (running since 2026-04-13 02:31:18 UTC)
- PID: 1074
- Memory: 170.5M (peak: 172.5M)
### Git Integration
- **Git Version**: 2.43.0
- **Git Home**: `/var/lib/gitea/data/home`
- **Git User**: git (system user)
## Network Configuration
### Web Interface
| Protocol | Address | Port | Status |
|----------|---------|------|--------|
| HTTP | 0.0.0.0 | 3000 | Active |
| HTTP | :: | 3000 | Active (IPv6) |
**Access URL**: http://172.27.0.35:3000
### SSH Access
| Protocol | Port | Status | Notes |
|----------|------|--------|-------|
| SSH | 22 | Active | Standard SSH port for Git operations |
**Clone URL Format**: `git@172.27.0.35:username/repo.git`
## Repository Configuration
### Repositories
Three repositories are configured:
#### 1. appa-net
- **Owner**: kenjim
- **Type**: Public
- **Status**: Empty
- **Created**: 2026-02-26
- **Last Updated**: 2026-02-26
- **Clone (SSH)**: `git@172.27.0.35:kenjim/appa-net.git`
- **Clone (HTTP)**: `http://172.27.0.35:3000/kenjim/appa-net.git`
- **Features Enabled**: Issues, Wiki, Pull Requests, Projects, Releases, Packages, Actions
- **Permissions**: Pull-only (no push permission)
#### 2. dotfiles
- **Owner**: kenjim
- **Type**: Public
- **Status**: Has code
- **Language**: Shell
- **Created**: 2026-02-23
- **Last Updated**: 2026-03-30
- **Clone (SSH)**: `git@172.27.0.35:kenjim/dotfiles.git`
- **Clone (HTTP)**: `http://172.27.0.35:3000/kenjim/dotfiles.git`
- **Features Enabled**: Issues, Wiki, Pull Requests, Projects, Releases, Packages, Actions
- **Size**: 265 KB
#### 3. test
- **Owner**: kenjim
- **Type**: Public
- **Status**: Empty
- **Created**: 2026-02-23
- **Last Updated**: 2026-02-23
- **Clone (SSH)**: `git@172.27.0.35:kenjim/test.git`
- **Clone (HTTP)**: `http://172.27.0.35:3000/kenjim/test.git`
- **Features Enabled**: Issues, Wiki, Pull Requests, Projects, Releases, Packages, Actions
### Repository Features
All repositories have standard Gitea features enabled:
- **Issues**: Time tracking, dependencies
- **Wiki**: Collaborative documentation
- **Pull Requests**: Code review with merge strategies
- **Projects**: Kanban-style boards
- **Releases**: Version management
- **Packages**: Package registry
- **Actions**: CI/CD pipelines
### Default Repository Settings
- **Merge Strategies**:
- Allow merge commits (default)
- Allow rebase
- Allow rebase explicit
- Allow squash merge
- Allow fast-forward only merge
- Allow rebase update
- **Default Merge Style**: Merge
- **Maintainer Edit**: Not allowed by default
- **Auto-delete Branch**: Disabled
- **Whitespace Conflicts**: Not ignored
## Web Server Configuration
### Apache2
- **Status**: Installed but not reverse-proxying Gitea
- **Default Site**: `/etc/apache2/sites-available/000-default.conf`
- **Document Root**: `/var/www/html`
- **Gitea Access**: Direct on port 3000, not through Apache
Gitea runs as a standalone service, not behind Apache reverse proxy.
## Security Configuration
### Process Hardening
The Gitea systemd service has the following security settings:
- `PrivateTmp=true` — Private /tmp and /var/tmp
- `NoNewPrivileges=true` — Prevents privilege escalation
### User Isolation
- Runs as dedicated `git` system user
- Non-root execution
- Restricted home directory access
## Database
- **Type**: SQLite (embedded)
- **Features**: Unlock notifications enabled
- **Location**: `/var/lib/gitea/data/` (not directly accessible)
SQLite provides a simple, file-based database solution without needing a separate database server.
## API Access
### API Endpoint
**Base URL**: `http://172.27.0.35:3000/api/v1`
**Available Endpoints**:
- `/version` — API and Gitea version
- `/repos/search` — Search repositories
- User management, repository management, and more
### Authentication
- Token-based authentication
- User credentials can be generated in the web UI under Settings → Applications
## Logging
### Systemd Logs
View service logs:
```bash
journalctl -u gitea -n 20 --no-pager # Last 20 lines
journalctl -u gitea -f # Follow live logs
systemctl status gitea --no-pager # Service status
```
### Application Logs
Logs are written to the console/systemd journal and available through `journalctl`.
## File Permissions
| Path | Owner | Permissions | Notes |
|------|-------|-------------|-------|
| `/usr/local/bin/gitea` | root | 755 | Executable by all |
| `/var/lib/gitea` | git | 750 | Read/write by git user only |
| `/var/lib/gitea/custom` | git | 750 | Custom configuration |
| `/etc/gitea/app.ini` | root | 640 | Config readable by git group |
## Access Control
### Users
- **User**: kenjim
- **Created**: 2026-02-23
- **Email**: kenji@kenjim.com
- **Visibility**: Public profile
**Permissions**:
- No admin rights
- No push access to repositories (pull-only on current setup)
## Configuration Management
### Configuration File Location
The main configuration file is at `/etc/gitea/app.ini` but is not readable by unprivileged users.
To view or modify configuration:
1. SSH to zet.home.arpa
2. Use `sudo` to edit `/etc/gitea/app.ini`
3. Restart the service: `sudo systemctl restart gitea`
### Configuration Sections (Typical)
Common Gitea configuration includes:
- `[server]` — HTTP/HTTPS, domain, port
- `[database]` — Database connection
- `[repository]` — Repository settings
- `[ui]` — UI customization
- `[security]` — Security settings
- `[auth]` — Authentication configuration
## Managing the Service
### Start/Stop/Restart
```bash
sudo systemctl start gitea # Start the service
sudo systemctl stop gitea # Stop the service
sudo systemctl restart gitea # Restart the service
sudo systemctl status gitea # Check status
```
### Enable/Disable on Boot
```bash
sudo systemctl enable gitea # Enable (already enabled)
sudo systemctl disable gitea # Disable auto-start
```
### Backup Considerations
1. **Database**: Stored in `/var/lib/gitea/` (SQLite)
2. **Repositories**: In `/var/lib/gitea/repositories/`
3. **Configuration**: `/etc/gitea/app.ini`
4. **Custom Content**: `/var/lib/gitea/custom/`
**Backup Strategy**:
```bash
# As root, backup the entire gitea directory
sudo tar -czf gitea-backup-$(date +%Y-%m-%d).tar.gz \
/var/lib/gitea /etc/gitea
```
## Cloning Repositories
### Using SSH
Requires SSH key setup. Clone format:
```bash
git clone git@172.27.0.35:kenjim/appa-net.git
```
### Using HTTPS
No authentication required for public repositories:
```bash
git clone http://172.27.0.35:3000/kenjim/appa-net.git
```
### Web Interface
Access repositories at: `http://172.27.0.35:3000/kenjim/repository-name`
## Pushing Changes
Current user permissions: **Pull-only**
To push changes:
1. Request admin permission in the repository settings, OR
2. Contact the repository administrator to grant push access
## Monitoring
### Memory Usage
Current:
- **Usage**: 170.5 MB
- **Peak**: 172.5 MB
Monitor over time:
```bash
watch -n 5 'ps aux | grep gitea | grep -v grep'
```
### Uptime
Service has been running since 2026-04-13 (9 days) without restart.
### Disk Usage
Check Gitea data directory:
```bash
du -sh /var/lib/gitea
du -sh /var/lib/gitea/repositories
```
## Troubleshooting
| Issue | Symptom | Solution |
|-------|---------|----------|
| Can't access web UI | Port 3000 unreachable | Check firewall rules, verify Gitea is running |
| SSH clone fails | Permission denied | Check SSH keys, verify user can access git@172.27.0.35 |
| Database locked | Gitea crashes on startup | Check `/var/lib/gitea/` permissions |
| High memory usage | Memory exceeding 200MB+ | Restart service, check for memory leaks |
## Future Enhancements
- [ ] Configure Apache2 reverse proxy for Gitea
- [ ] Enable HTTPS/TLS certificates
- [ ] Set up regular automated backups
- [ ] Configure LDAP or OAuth authentication
- [ ] Enable email notifications
- [ ] Configure webhooks for CI/CD
- [ ] Set up Actions/CI runners
---
**Last Updated**: 2026-04-22
**Discovered**: During infrastructure investigation
**Service Running Since**: 2026-04-13 02:31:18 UTC