chore: bootstrap Atay Makhzan ops repo

This commit is contained in:
2026-06-19 15:35:48 +01:00
commit f6ba9ab02d
14 changed files with 639 additions and 0 deletions
+45
View File
@@ -0,0 +1,45 @@
#!/usr/bin/env bash
set -euo pipefail
STACK_DIR="${STACK_DIR:-/opt/gitea}"
GITEA_CONTAINER="${GITEA_CONTAINER:-gitea}"
DB_CONTAINER="${DB_CONTAINER:-gitea-db}"
POSTGRES_USER="${POSTGRES_USER:-gitea}"
POSTGRES_DB="${POSTGRES_DB:-gitea}"
cd "$STACK_DIR"
TS="$(date -u +%Y%m%d-%H%M%S)"
BK="$STACK_DIR/backups/$TS"
mkdir -p "$BK"
cp docker-compose.yml "$BK/docker-compose.yml"
if [ -f "$STACK_DIR/gitea-data/gitea/conf/app.ini" ]; then
cp "$STACK_DIR/gitea-data/gitea/conf/app.ini" "$BK/app.ini"
fi
{
echo "backup_utc=$TS"
echo "host=$(hostname)"
echo "date=$(date -u --iso-8601=seconds)"
echo "docker=$(docker --version)"
echo "compose=$(docker compose version 2>/dev/null || true)"
echo "gitea_version=$(docker exec -u git "$GITEA_CONTAINER" gitea --version 2>/dev/null || true)"
docker ps --format '{{.Names}} | {{.Image}} | {{.Status}} | {{.Ports}}'
} > "$BK/metadata.txt"
docker exec -u git "$GITEA_CONTAINER" mkdir -p /data/gitea/backup-tmp
DUMP_NAME="gitea-dump-$TS.zip"
docker exec -u git "$GITEA_CONTAINER" gitea dump \
-c /data/gitea/conf/app.ini \
-w /data/gitea \
-f "/data/gitea/backup-tmp/$DUMP_NAME" \
--quiet
cp "$STACK_DIR/gitea-data/gitea/backup-tmp/$DUMP_NAME" "$BK/$DUMP_NAME"
rm -f "$STACK_DIR/gitea-data/gitea/backup-tmp/$DUMP_NAME"
docker exec "$DB_CONTAINER" pg_dump -U "$POSTGRES_USER" -d "$POSTGRES_DB" -Fc > "$BK/gitea-postgres-$TS.dump"
sha256sum "$BK"/* > "$BK/SHA256SUMS"
echo "Backup created: $BK"
du -sh "$BK" "$BK"/*
+68
View File
@@ -0,0 +1,68 @@
#!/usr/bin/env bash
set -euo pipefail
STACK_DIR="${STACK_DIR:-/opt/gitea}"
TARGET_VERSION="${TARGET_VERSION:?set TARGET_VERSION, e.g. TARGET_VERSION=1.26.2}"
GITEA_CONTAINER="${GITEA_CONTAINER:-gitea}"
APPLY="${APPLY:-0}"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$STACK_DIR"
if [ ! -f docker-compose.yml ]; then
echo "docker-compose.yml not found in $STACK_DIR" >&2
exit 1
fi
echo "== Current version =="
docker exec -u git "$GITEA_CONTAINER" gitea --version || true
echo "== Creating backup first =="
"$SCRIPT_DIR/backup-gitea.sh"
echo "== Pulling target image =="
docker pull "gitea/gitea:$TARGET_VERSION"
docker run --rm --user git --entrypoint /usr/local/bin/gitea "gitea/gitea:$TARGET_VERSION" --version || true
OLD_IMAGE_ID="$(docker image inspect "$(docker inspect --format '{{.Config.Image}}' "$GITEA_CONTAINER")" --format '{{.Id}}' 2>/dev/null || true)"
if [ -n "$OLD_IMAGE_ID" ]; then
ROLLBACK_TAG="gitea/gitea:rollback-$(date -u +%Y%m%d-%H%M%S)"
docker tag "$OLD_IMAGE_ID" "$ROLLBACK_TAG"
echo "Rollback image tag: $ROLLBACK_TAG"
fi
echo "== Pinning docker-compose.yml to target version =="
python3 - <<PY
from pathlib import Path
import re
p = Path('$STACK_DIR/docker-compose.yml')
s = p.read_text()
s2 = re.sub(r'image:\s*gitea/gitea:[^\s]+', 'image: gitea/gitea:$TARGET_VERSION', s, count=1)
if s2 == s:
raise SystemExit('Could not find gitea/gitea image line to replace')
p.write_text(s2)
PY
docker compose config >/dev/null
if [ "$APPLY" != "1" ]; then
echo "Dry-run complete. Compose file was pinned, but service was not recreated."
echo "Review the diff, then run with APPLY=1 to recreate the Gitea service."
exit 0
fi
echo "== Recreating Gitea service only =="
docker compose up -d server
echo "== Waiting for readiness =="
for _ in $(seq 1 90); do
if curl -fsS "http://127.0.0.1:3001/api/v1/version" | grep -q "$TARGET_VERSION"; then
echo
echo "Gitea $TARGET_VERSION is ready."
exit 0
fi
sleep 2
done
echo "Gitea did not report target version in time" >&2
exit 1
+42
View File
@@ -0,0 +1,42 @@
#!/usr/bin/env bash
set -euo pipefail
DOMAIN="${DOMAIN:-ataymakhzan.com}"
SSH_PORT="${SSH_PORT:-2222}"
OWNER="${OWNER:-ibnezzoubayr}"
PROBE_REPO="${PROBE_REPO:-Empire-OS}"
LOCAL_URL="${LOCAL_URL:-http://127.0.0.1:3001}"
GITEA_CONTAINER="${GITEA_CONTAINER:-gitea}"
RUN_DOCKER_CHECKS="${RUN_DOCKER_CHECKS:-1}"
echo "== Local API version =="
curl -fsS "$LOCAL_URL/api/v1/version"
echo
echo "== External API version =="
curl -fsS "https://$DOMAIN/api/v1/version"
echo
echo "== External homepage status =="
curl -fsS -I -L --max-time 20 "https://$DOMAIN/" | sed -n '1,12p'
echo "== Git SSH authentication =="
SSH_OUT=$(ssh -p "$SSH_PORT" -o BatchMode=yes -o ConnectTimeout=10 -T "git@$DOMAIN" 2>&1 || true)
echo "$SSH_OUT"
echo "$SSH_OUT" | grep -Eiq 'successfully authenticated|Hi .*!|Welcome' || {
echo "Could not confirm successful SSH authentication from output" >&2
exit 1
}
echo "== Git ls-remote probe =="
git ls-remote --heads "ssh://git@$DOMAIN:$SSH_PORT/$OWNER/$PROBE_REPO.git" >/dev/null
echo "== Optional Docker/native checks =="
if [ "$RUN_DOCKER_CHECKS" = "1" ] && command -v docker >/dev/null 2>&1; then
docker exec -u git "$GITEA_CONTAINER" gitea --version
docker exec -u git "$GITEA_CONTAINER" gitea doctor check -c /data/gitea/conf/app.ini -w /data/gitea
else
echo "Skipping Docker checks. Set RUN_DOCKER_CHECKS=1 on the VPS to enable."
fi
echo "Atay Makhzan verification passed."