From 54691e3cbeb9f6170ab2cbe1e427571be70a5851 Mon Sep 17 00:00:00 2001 From: idk Date: Thu, 8 May 2025 05:09:46 +0000 Subject: [PATCH] systemd stuff --- etc/systemd/system/gitea.service | 29 +++++++++++++++++++ .../system/gitea.service.d/user-config.conf | 22 ++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 etc/systemd/system/gitea.service create mode 100644 etc/systemd/system/gitea.service.d/user-config.conf diff --git a/etc/systemd/system/gitea.service b/etc/systemd/system/gitea.service new file mode 100644 index 0000000..fcb52c0 --- /dev/null +++ b/etc/systemd/system/gitea.service @@ -0,0 +1,29 @@ +[Unit] +Description=Gitea (Modified with multi-protocol TLS/I2P/Tor support) +Documentation=https://github.com/go-i2p/go-gitlooseleaf +After=network.target postgresql.service mysql.service mariadb.service +Wants=network.target + +[Service] +Type=simple +User=git +Group=git +WorkingDirectory=/var/lib/gitea +ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini +Restart=always +RestartSec=10 +Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea + +# Hardening measures +ProtectSystem=full +PrivateTmp=true +PrivateDevices=true +NoNewPrivileges=true +ReadWritePaths=/var/lib/gitea /etc/gitea +AmbientCapabilities=CAP_NET_BIND_SERVICE + +# Load user-modifiable configuration from drop-in directory +# This will automatically include all .conf files in gitea.service.d/ + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/etc/systemd/system/gitea.service.d/user-config.conf b/etc/systemd/system/gitea.service.d/user-config.conf new file mode 100644 index 0000000..abde056 --- /dev/null +++ b/etc/systemd/system/gitea.service.d/user-config.conf @@ -0,0 +1,22 @@ +[Service] +# User-configurable environment variables for multi-protocol support + +# Required for TLS certificate generation - CHANGE THIS! +Environment="EMAIL=your-email@example.com" + +# Optional: Set explicit hostname (defaults to system hostname if not set) +# Environment="HOSTNAME=your-hostname" + +# Optional: Performance tuning +# Environment="MAX_CONNECTIONS=500" +# Environment="RATE_LIMIT=24" + +# Optional: Certificate directory +# Environment="CERT_DIR=/var/lib/gitea/certs" + +# Optional: Additional environment variables for database, etc. +# Environment="GITEA_DATABASE_TYPE=postgres" +# Environment="GITEA_DATABASE_HOST=localhost:5432" +# Environment="GITEA_DATABASE_NAME=gitea" +# Environment="GITEA_DATABASE_USER=gitea" +# Environment="GITEA_DATABASE_PASSWD=gitea" \ No newline at end of file