# Basis

```
apt update
apt -y upgrade
apt -y install jq git pkg-config libssl-dev curl mc ca-certificates net-tools ufw
```

# Docker

```
install -m 0755 -d /etc/apt/keyrings

curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc

chmod a+r /etc/apt/keyrings/docker.asc

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
  
apt-get update

apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

cd /etc/docker/
\rm -rf daemon.json
wget https://git.fb1.uni-bremen.de/davrot/pages.git.neuro.uni-bremen.de/raw/branch/main/daemon.json

systemctl restart docker

sed -i -e 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw

ufw reload

ifconfig | grep "inet 172."

iptables -t nat -A POSTROUTING ! -o docker0 -s 172.17.0.0/16 -j MASQUERADE

ufw allow in on docker0
ufw route allow in on docker0
ufw route allow out on docker0
```

# eMail

```
# Add root to the /etc/aliases file and add the msmtprc file to /etc
apt -y install msmtp msmtp-mta mailutils

vi /etc/msmtprc
vi /etc/aliases
chmod 644 /etc/msmtprc
touch /var/log/msmtp.log
chmod 666 /var/log/msmtp.log

# echo "Test message" | mail -s "Test subject" root
```

# Firewall

```
ufw allow 443
ufw allow 80
ufw allow 22
ufw enable
```

# Forgejo runner

```
docker run --rm data.forgejo.org/forgejo/runner:6 forgejo-runner --version
docker run --rm data.forgejo.org/forgejo/runner:6 id

mkdir docker
cd docker
mkdir compose
cd compose
mkdir -p data
touch data/.runner
mkdir -p data/.cache
chown -R 1001:1001 data/.runner
chown -R 1001:1001 data/.cache
chmod 775 data/.runner
chmod 775 data/.cache
chmod g+s data/.runner
chmod g+s data/.cache
wget https://git.fb1.uni-bremen.de/davrot/pages.git.neuro.uni-bremen.de/raw/branch/main/pre_register/compose.yaml 
wget https://git.fb1.uni-bremen.de/davrot/pages.git.neuro.uni-bremen.de/raw/branch/main/down.sh
wget https://git.fb1.uni-bremen.de/davrot/pages.git.neuro.uni-bremen.de/raw/branch/main/up.sh
```

# Register 

```
docker exec -it runner /bin/sh
forgejo-runner register
```

```
URL https://git.fb1.uni-bremen.de/
TOKEN: [TOKEN from https://git.fb1.uni-bremen.de/admin/actions/runners]
LABEL: runner1
```

# After register 

```
cd /docker/compose
sh down.sh
\rm -rf compose.yaml
wget https://git.fb1.uni-bremen.de/davrot/pages.git.neuro.uni-bremen.de/raw/branch/main/post_register/compose.yaml
sh up.sh
```

# Forgejo

The /etc/forgejo/app.ini needs:
```
[actions]
ENABLED = true
```