gitea: add systemd scriptlets

base/gitea/app-gitea.ini

@@ -117,7 +117,7 @@ HTTP_PORT = 3000
 ;PER_WRITE_PER_KB_TIMEOUT = 30s
 ;;
 ;; Permission for unix socket
-;UNIX_SOCKET_PERMISSION = 666
+UNIX_SOCKET_PERMISSION = 660
 ;;
 ;; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service. In
 ;; most cases you do not need to change the default value. Alter it only if
@@ -159,7 +159,7 @@ HTTP_PORT = 3000
 ;SSH_LISTEN_PORT = %(SSH_PORT)s
 ;;
 ;; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
-;SSH_ROOT_PATH =
+SSH_ROOT_PATH = /var/lib/gitea/.ssh
 ;;
 ;; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
 ;; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
@@ -283,7 +283,6 @@ STATIC_ROOT_PATH = /usr/share/gitea/web
 ;;
 ;; Default path for App data
 ;APP_DATA_PATH = data ; relative paths will be made absolute with _`AppWorkPath`_
-APP_DATA_PATH = /var/lib/gitea/data
 ;;
 ;; Enable gzip compression for runtime-generated content, static resources excluded
 ;ENABLE_GZIP = false
@@ -370,7 +369,7 @@ APP_DATA_PATH = /var/lib/gitea/data
 ;; SQLite Configuration
 ;;
 DB_TYPE = sqlite3
-;PATH= ; defaults to data/gitea.db
+PATH = /var/lib/gitea/data/gitea.db
 ;SQLITE_TIMEOUT = ; Query timeout defaults to: 500
 ;SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode
 ;;
@@ -563,7 +562,7 @@ ENABLE = true
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Root path for the log files - defaults to %(GITEA_WORK_DIR)/log
-;ROOT_PATH =
+ROOT_PATH = /var/log/gitea
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Main Logger
@@ -902,11 +901,11 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[repository]
+[repository]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)s/gitea-repositories.
 ;; A relative path is interpreted as _`AppWorkPath`_/%(ROOT)s
-;ROOT =
+ROOT = /var/lib/gitea/repositories
 ;;
 ;; The script type this server supports. Usually this is `bash`, but some users report that only `sh` is available.
 ;SCRIPT_TYPE = bash
@@ -999,16 +998,16 @@ LEVEL = Info
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[repository.local]
+[repository.local]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; Path for local repository copy. Defaults to `tmp/local-repo` (content gets deleted on gitea restart)
-;LOCAL_COPY_PATH = tmp/local-repo
+LOCAL_COPY_PATH = /var/lib/gitea/tmp/local-repo
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[repository.upload]
+[repository.upload]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
@@ -1016,7 +1015,7 @@ LEVEL = Info
 ;ENABLED = true
 ;;
 ;; Path for uploads. Defaults to `data/tmp/uploads` (content gets deleted on gitea restart)
-;TEMP_PATH = data/tmp/uploads
+TEMP_PATH = /var/lib/gitea/uploads
 ;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 ;ALLOWED_TYPES =
@@ -1353,7 +1352,7 @@ LEVEL = Info
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[indexer]
+[indexer]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
@@ -1364,7 +1363,7 @@ LEVEL = Info
 ;ISSUE_INDEXER_TYPE = bleve
 ;;
 ;; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
-;ISSUE_INDEXER_PATH = indexers/issues.bleve ; Relative paths will be made absolute against _`AppWorkPath`_.
+ISSUE_INDEXER_PATH = /var/lib/gitea/indexers/issues.bleve
 ;;
 ;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch (e.g. http://elastic:password@localhost:9200) or meilisearch (e.g. http://:apikey@localhost:7700)
 ;ISSUE_INDEXER_CONN_STR =
@@ -1767,11 +1766,11 @@ LEVEL = Info
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[picture]
+[picture]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;AVATAR_UPLOAD_PATH = data/avatars
+AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars
 ;REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars
 ;;
 ;; How Gitea deals with missing repository avatars
@@ -2513,11 +2512,11 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; lfs storage will override storage
 ;;
-;[lfs]
+[lfs]
 ;STORAGE_TYPE = local
 ;;
 ;; Where your lfs files reside, default is data/lfs.
-;PATH = data/lfs
+PATH = /var/lib/gitea/lfs
 ;;
 ;; override the minio base path if storage type is minio
 ;MINIO_BASE_PATH = lfs/

base/gitea/gitea.service.d.conf

@@ -1,6 +1,14 @@
 [Service]
-# If you don't want Gitea to be able to run on a port below 1024,
-# comment out the two values below
+# If you want to bind Gitea to a port below 1024, uncomment
+# the two values below, or use socket activation to pass Gitea its ports as above
+###
+#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+###
+# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
+# set the following value to false to allow capabilities to be applied on gitea process. The following
+# value if set to true sandboxes gitea service and prevent any processes from running with privileges
+# in the host user namespace.
+###
+#PrivateUsers=false
 ###
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-AmbientCapabilities=CAP_NET_BIND_SERVICE

base/gitea/gitea.spec

@@ -3,7 +3,7 @@
 
 Name:		gitea
 Version:	1.21.5
-Release:	4
+Release:	5%{dist}
 Summary:	Git with a cup of tea, painless self-hosted git service
 License:	MIT
 Group:		Development/Other
@@ -45,7 +45,7 @@ mkdir -p %{buildroot}%{_localstatedir}/log/%{name}
 mkdir -p %{buildroot}%{_sysconfdir}/systemd/system/%{name}.service.d/
 install -Dm 0755 %{name} %{buildroot}%{_bindir}/%{name}
 install -Dm 0640 %{SOURCE10} %{buildroot}%{_unitdir}/%{name}.service
-install -Dm 0640 %{SOURCE10} %{buildroot}%{_sysconfdir}/systemd/system/%{name}.service.d/port.conf
+install -Dm 0640 %{SOURCE11} %{buildroot}%{_sysconfdir}/systemd/system/%{name}.service.d/port.conf
 install -Dm 0660 %{SOURCE12} %{buildroot}%{_sysconfdir}/%{name}/app.ini
 
 install -p -D -m 0644 %{SOURCE6} \
@@ -64,9 +64,13 @@ cp -r options public templates %{buildroot}%{_datadir}/%{name}/web
 
 %post
 %tmpfiles_create %{_tmpfilesdir}/%{name}.conf
+%systemd_post gitea.service 
+
+%preun
+%systemd_preun gitea.service
 
 %postun
-userdel gitea
+%systemd_postun gitea.service
 
 %files
 %doc custom/conf/app.example.ini
@@ -83,6 +87,9 @@ userdel gitea
 %{_sysusersdir}/%{name}.conf
 
 %changelog
+* Wed Feb 21 2024 Raven <raven@sysadmins.ws> - 1.21.5-5
+- add systemd scriptlets
+
 * Wed Feb 21 2024 Raven <raven@sysadmins.ws> - 1.21.5-4
 - add CAP_NET_BIND_SERVICE