# Basis ``` apt update apt -y upgrade apt -y install jq git pkg-config libssl-dev curl mc ca-certificates net-tools ufw ``` # Docker ``` install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc chmod a+r /etc/apt/keyrings/docker.asc echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null apt-get update apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin cd /etc/docker/ \rm -rf daemon.json wget https://git.fb1.uni-bremen.de/davrot/pages.git.neuro.uni-bremen.de/raw/branch/main/daemon.json systemctl restart docker sed -i -e 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw ufw reload ifconfig | grep "inet 172." iptables -t nat -A POSTROUTING ! -o docker0 -s 172.17.0.0/16 -j MASQUERADE ufw allow in on docker0 ufw route allow in on docker0 ufw route allow out on docker0 ``` # eMail ``` # Add root to the /etc/aliases file and add the msmtprc file to /etc apt -y install msmtp msmtp-mta mailutils vi /etc/msmtprc vi /etc/aliases chmod 644 /etc/msmtprc touch /var/log/msmtp.log chmod 666 /var/log/msmtp.log # echo "Test message" | mail -s "Test subject" root ``` # Firewall ``` ufw allow 443 ufw allow 80 ufw allow 22 ufw enable ``` # Forgejo runner ``` docker run --rm data.forgejo.org/forgejo/runner:6 forgejo-runner --version docker run --rm data.forgejo.org/forgejo/runner:6 id mkdir docker cd docker mkdir compose cd compose mkdir -p data touch data/.runner mkdir -p data/.cache chown -R 1001:1001 data/.runner chown -R 1001:1001 data/.cache chmod 775 data/.runner chmod 775 data/.cache chmod g+s data/.runner chmod g+s data/.cache wget https://git.fb1.uni-bremen.de/davrot/pages.git.neuro.uni-bremen.de/raw/branch/main/pre_register/compose.yaml wget https://git.fb1.uni-bremen.de/davrot/pages.git.neuro.uni-bremen.de/raw/branch/main/down.sh wget https://git.fb1.uni-bremen.de/davrot/pages.git.neuro.uni-bremen.de/raw/branch/main/up.sh ``` # Register ``` docker exec -it runner /bin/sh forgejo-runner register ``` ``` URL https://git.fb1.uni-bremen.de/ TOKEN: [TOKEN from https://git.fb1.uni-bremen.de/admin/actions/runners] LABEL: runner1 ``` # After register ``` cd /docker/compose sh down.sh \rm -rf compose.yaml wget https://git.fb1.uni-bremen.de/davrot/pages.git.neuro.uni-bremen.de/raw/branch/main/post_register/compose.yaml sh up.sh ``` # Forgejo The /etc/forgejo/app.ini needs: ``` [actions] ENABLED = true ```