Gitea with Let's Encrypt Using Docker Compose

2023-09-01 18:31:13 -04:00
parent bfadd40ad7
commit ae60b92402
8 changed files with 565 additions and 108 deletions
--- a/.env
+++ b/.env
@ -0,0 +1,33 @@
 # Traefik Variables
 TRAEFIK_IMAGE_TAG=traefik:2.9
 TRAEFIK_LOG_LEVEL=WARN
 TRAEFIK_ACME_EMAIL=callvaldemar@gmail.com
 TRAEFIK_HOSTNAME=traefik.gitea.heyvaldemar.net
 # Basic Authentication for Traefik Dashboard
 # Username: traefikadmin
 # Passwords must be encoded using MD5, SHA1, or BCrypt https://hostingcanada.org/htpasswd-generator/
 TRAEFIK_BASIC_AUTH=traefikadmin:$$2y$$10$$sMzJfirKC75x/hVpiINeZOiSm.Jkity9cn4KwNkRvO7hSQVFc5FLO
 # Gitea Variables
 GITEA_POSTGRES_IMAGE_TAG=postgres:15
 GITEA_IMAGE_TAG=bitnami/gitea:1.20.3
 GITEA_DB_NAME=giteadb
 GITEA_DB_USER=giteadbuser
 GITEA_DB_PASSWORD=etFneCEtAWRKkfeQmkvwLWE
 GITEA_ADMIN_USERNAME=giteaadmin
 GITEA_ADMIN_PASSWORD=XfyEVC4uJLyXnrjDtQGk
 GITEA_ADMIN_EMAIL=giteaadmin@heyvaldemar.net
 GITEA_URL=https://gitea.heyvaldemar.net
 GITEA_HOSTNAME=gitea.heyvaldemar.net
 GITEA_SHELL_SSH_PORT=2222
 # Backup Variables
 BACKUP_INIT_SLEEP=30m
 BACKUP_INTERVAL=24h
 POSTGRES_BACKUP_PRUNE_DAYS=7
 DATA_BACKUP_PRUNE_DAYS=7
 POSTGRES_BACKUPS_PATH=/srv/gitea-postgres/backups
 DATA_BACKUPS_PATH=/srv/gitea-application-data/backups
 DATA_PATH=/bitnami/gitea
 POSTGRES_BACKUP_NAME=gitea-postgres-backup
 DATA_BACKUP_NAME=gitea-application-data-backup
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -1,3 +1,4 @@
 github: heyvaldemar
 patreon: heyvaldemar
 ko_fi: heyvaldemar
 custom: ['paypal.com/paypalme/heyValdemarCOM', 'buymeacoffee.com/heyValdemar', 'ko-fi.com/heyValdemar']
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,284 @@
 # Created by https://www.toptal.com/developers/gitignore/api/git,macos,xcode,jekyll,packer,ansible,vagrant,windows,notepadpp,terraform,powershell,terragrunt,sublimetext,ansibletower,visualstudiocode,linux
 # Edit at https://www.toptal.com/developers/gitignore?templates=git,macos,xcode,jekyll,packer,ansible,vagrant,windows,notepadpp,terraform,powershell,terragrunt,sublimetext,ansibletower,visualstudiocode,linux
 ### Ansible ###
 *.retry
 ### AnsibleTower ###
 # Ansible runtime and backups
 *.original
 *.tmp
 *.bkp
 *.*~
 # Tower runtime roles
 roles/**
 !roles/requirements.yml
 # Avoid plain-text passwords
 *pwd*
 *pass*
 *password*
 *.txt
 # Exclude all binaries
 *.bin
 *.jar
 *.tar
 *.zip
 *.gzip
 *.tgz
 ### Git ###
 # Created by git for backups. To disable backups in Git:
 # $ git config --global mergetool.keepBackup false
 *.orig
 # Created by git when using merge tools for conflicts
 *.BACKUP.*
 *.BASE.*
 *.LOCAL.*
 *.REMOTE.*
 *_BACKUP_*.txt
 *_BASE_*.txt
 *_LOCAL_*.txt
 *_REMOTE_*.txt
 ### Jekyll ###
 _site/
 .sass-cache/
 .jekyll-cache/
 .jekyll-metadata
 # Ignore folders generated by Bundler
 .bundle/
 vendor/
 ### Linux ###
 *~
 # temporary files which can be created if a process still has a handle open of a deleted file
 .fuse_hidden*
 # KDE directory preferences
 .directory
 # Linux trash folder which might appear on any partition or disk
 .Trash-*
 # .nfs files are created when an open file is removed but is still being accessed
 .nfs*
 ### macOS ###
 # General
 .DS_Store
 .AppleDouble
 .LSOverride
 # Icon must end with two \r
 Icon
 # Thumbnails
 ._*
 # Files that might appear in the root of a volume
 .DocumentRevisions-V100
 .fseventsd
 .Spotlight-V100
 .TemporaryItems
 .Trashes
 .VolumeIcon.icns
 .com.apple.timemachine.donotpresent
 # Directories potentially created on remote AFP share
 .AppleDB
 .AppleDesktop
 Network Trash Folder
 Temporary Items
 .apdisk
 ### macOS Patch ###
 # iCloud generated files
 *.icloud
 ### NotepadPP ###
 # Notepad++ backups #
 *.bak
 ### Packer ###
 # Cache objects
 packer_cache/
 # Crash log
 crash.log
 # https://www.packer.io/guides/hcl/variables
 # Exclude all .pkrvars.hcl files, which are likely to contain sensitive data,
 # such as password, private keys, and other secrets. These should not be part of
 # version control as they are data points which are potentially sensitive and
 # subject to change depending on the environment.
 #
 *.pkrvars.hcl
 # For built boxes
 *.box
 ### Packer Patch ###
 # ignore temporary output files
 output-*/
 ### PowerShell ###
 # Exclude packaged modules
 # Exclude .NET assemblies from source
 *.dll
 ### SublimeText ###
 # Cache files for Sublime Text
 *.tmlanguage.cache
 *.tmPreferences.cache
 *.stTheme.cache
 # Workspace files are user-specific
 *.sublime-workspace
 # Project files should be checked into the repository, unless a significant
 # proportion of contributors will probably not be using Sublime Text
 # *.sublime-project
 # SFTP configuration file
 sftp-config.json
 sftp-config-alt*.json
 # Package control specific files
 Package Control.last-run
 Package Control.ca-list
 Package Control.ca-bundle
 Package Control.system-ca-bundle
 Package Control.cache/
 Package Control.ca-certs/
 Package Control.merged-ca-bundle
 Package Control.user-ca-bundle
 oscrypto-ca-bundle.crt
 bh_unicode_properties.cache
 # Sublime-github package stores a github token in this file
 # https://packagecontrol.io/packages/sublime-github
 GitHub.sublime-settings
 ### Terraform ###
 # Local .terraform directories
 **/.terraform/*
 # .tfstate files
 *.tfstate
 *.tfstate.*
 # Crash log files
 crash.*.log
 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
 # password, private keys, and other secrets. These should not be part of version
 # control as they are data points which are potentially sensitive and subject
 # to change depending on the environment.
 *.tfvars
 *.tfvars.json
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
 override.tf
 override.tf.json
 *_override.tf
 *_override.tf.json
 # Include override files you do wish to add to version control using negated pattern
 # !example_override.tf
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
 ### Terragrunt ###
 # terragrunt cache directories
 **/.terragrunt-cache/*
 # Terragrunt debug output file (when using `--terragrunt-debug` option)
 # See: https://terragrunt.gruntwork.io/docs/reference/cli-options/#terragrunt-debug
 terragrunt-debug.tfvars.json
 ### Vagrant ###
 # General
 .vagrant/
 # Log files (if you are creating logs in debug mode, uncomment this)
 # *.log
 ### Vagrant Patch ###
 ### VisualStudioCode ###
 .vscode/*
 !.vscode/settings.json
 !.vscode/tasks.json
 !.vscode/launch.json
 !.vscode/extensions.json
 !.vscode/*.code-snippets
 # Local History for Visual Studio Code
 .history/
 # Built Visual Studio Code Extensions
 *.vsix
 ### VisualStudioCode Patch ###
 # Ignore all local history of files
 .history
 .ionide
 ### Windows ###
 # Windows thumbnail cache files
 Thumbs.db
 Thumbs.db:encryptable
 ehthumbs.db
 ehthumbs_vista.db
 # Dump file
 *.stackdump
 # Folder config file
 [Dd]esktop.ini
 # Recycle Bin used on file shares
 $RECYCLE.BIN/
 # Windows Installer files
 *.cab
 *.msi
 *.msix
 *.msm
 *.msp
 # Windows shortcuts
 *.lnk
 ### Xcode ###
 ## User settings
 xcuserdata/
 ## Xcode 8 and earlier
 *.xcscmblueprint
 *.xccheckout
 ### Xcode Patch ###
 *.xcodeproj/*
 !*.xcodeproj/project.pbxproj
 !*.xcodeproj/xcshareddata/
 !*.xcodeproj/project.xcworkspace/
 !*.xcworkspace/contents.xcworkspacedata
 /*.gcno
 **/xcshareddata/WorkspaceSettings.xcsettings
 # End of https://www.toptal.com/developers/gitignore/api/git,macos,xcode,jekyll,packer,ansible,vagrant,windows,notepadpp,terraform,powershell,terragrunt,sublimetext,ansibletower,visualstudiocode,linux
--- a/.infragenie/infrastructure_model.png
+++ b/.infragenie/infrastructure_model.png
--- a/README.md
+++ b/README.md
@ -1,35 +1,101 @@
-# Gitea with Let's Encrypt in a Docker Compose
+# Gitea with Let's Encrypt Using Docker Compose
-Install Docker Engine and Docker Compose by following my [guide](https://www.heyvaldemar.com/install-docker-engine-and-docker-compose-on-ubuntu-server/).
+📙 The complete installation guide is available on my [website](https://www.heyvaldemar.com/install-gitea-using-docker-compose/).
-Run `gitea-restore-application-data.sh` to restore application data if needed.
+❗ Change variables in the `.env` to meet your requirements.
-Run `gitea-restore-database.sh` to restore database if needed.
+💡 Note that the .env file should be in the same directory as `gitea-traefik-letsencrypt-docker-compose.yml`.
-Deploy Gitea server with a Docker Compose using the command:
+Create networks for your services before deploying the configuration using the commands:
 `docker network create traefik-network`
 `docker network create gitea-network`
 Deploy Gitea using Docker Compose:
 `docker compose -f gitea-traefik-letsencrypt-docker-compose.yml -p gitea up -d`
-# Infrastructure Model
+# Backups
-![Infrastructure model](.infragenie/infrastructure_model.png)
+
 The `backups` container in the configuration is responsible for the following:
 1. **Database Backup**: Creates compressed backups of the PostgreSQL database using pg_dump.
 Customizable backup path, filename pattern, and schedule through variables like `POSTGRES_BACKUPS_PATH`, `POSTGRES_BACKUP_NAME`, and `BACKUP_INTERVAL`.
 2. **Application Data Backup**: Compresses and stores backups of the application data on the same schedule. Controlled via variables such as `DATA_BACKUPS_PATH`, `DATA_BACKUP_NAME`, and `BACKUP_INTERVAL`.
 3. **Backup Pruning**: Periodically removes backups exceeding a specified age to manage storage. Customizable pruning schedule and age threshold with `POSTGRES_BACKUP_PRUNE_DAYS` and `DATA_BACKUP_PRUNE_DAYS`.
 By utilizing this container, consistent and automated backups of the essential components of your instance are ensured. Moreover, efficient management of backup storage and tailored backup routines can be achieved through easy and flexible configuration using environment variables.
 # gitea-restore-database.sh Description
 This script facilitates the restoration of a database backup:
 1. **Identify Containers**: It first identifies the service and backups containers by name, finding the appropriate container IDs.
 2. **List Backups**: Displays all available database backups located at the specified backup path.
 3. **Select Backup**: Prompts the user to copy and paste the desired backup name from the list to restore the database.
 4. **Stop Service**: Temporarily stops the service to ensure data consistency during restoration.
 5. **Restore Database**: Executes a sequence of commands to drop the current database, create a new one, and restore it from the selected compressed backup file.
 6. **Start Service**: Restarts the service after the restoration is completed.
 To make the `gitea-restore-database.shh` script executable, run the following command:
 `chmod +x gitea-restore-database.sh`
 Usage of this script ensures a controlled and guided process to restore the database from an existing backup.
 # gitea-restore-application-data.sh Description
 This script is designed to restore the application data:
 1. **Identify Containers**: Similarly to the database restore script, it identifies the service and backups containers by name.
 2. **List Application Data Backups**: Displays all available application data backups at the specified backup path.
 3. **Select Backup**: Asks the user to copy and paste the desired backup name for application data restoration.
 4. **Stop Service**: Stops the service to prevent any conflicts during the restore process.
 5. **Restore Application Data**: Removes the current application data and then extracts the selected backup to the appropriate application data path.
 6. **Start Service**: Restarts the service after the application data has been successfully restored.
 To make the `gitea-restore-application-data.sh` script executable, run the following command:
 `chmod +x gitea-restore-application-data.sh`
 By utilizing this script, you can efficiently restore application data from an existing backup while ensuring proper coordination with the running service.
 # Author
-hey, I’m Vladimir Mikhalev, but my friends call me Valdemar.
+
 I’m Vladimir Mikhalev, the [Docker Captain](https://www.docker.com/captains/vladimir-mikhalev/), but my friends can call me Valdemar.
 🌐 My [website](https://www.heyvaldemar.com/) with detailed IT guides\
 🎬 Follow me on [YouTube](https://www.youtube.com/channel/UCf85kQ0u1sYTTTyKVpxrlyQ?sub_confirmation=1)\
 🐦 Follow me on [Twitter](https://twitter.com/heyValdemar)\
 🎨 Follow me on [Instagram](https://www.instagram.com/heyvaldemar/)\
 🧵 Follow me on [Threads](https://www.threads.net/@heyvaldemar)\
 🐘 Follow me on [Mastodon](https://hachyderm.io/@heyValdemar)\
 🧊 Follow me on [Bluesky](https://bsky.app/profile/heyvaldemar.bsky.social)\
 🎸 Follow me on [Facebook](https://www.facebook.com/heyValdemarFB/)\
 🎥 Follow me on [TikTok](https://www.tiktok.com/@heyvaldemar)\
 💻 Follow me on [LinkedIn](https://www.linkedin.com/in/heyvaldemar/)\
 🐈 Follow me on [GitHub](https://github.com/heyvaldemar)
 # Communication
 👾 Chat with IT pros on [Discord](https://discord.gg/AJQGCCBcqf)\
 📧 Reach me at ask@sre.gg
 # Give Thanks
 💎 Support on [GitHub](https://github.com/sponsors/heyValdemar)\
 🏆 Support on [Patreon](https://www.patreon.com/heyValdemar)\
 🥤 Support on [BuyMeaCoffee](https://www.buymeacoffee.com/heyValdemar)\
--- a/gitea-restore-application-data.sh
+++ b/gitea-restore-application-data.sh
@ -1,17 +1,32 @@
 #!/bin/bash
-GITEA_CONTAINER=$(docker ps -aqf "name=gitea_gitea")
+# # gitea-restore-application-data.sh Description
-GITEA_BACKUPS_CONTAINER=$(docker ps -aqf "name=gitea_backups")
+# This script is designed to restore the application data.
 # 1. **Identify Containers**: Similarly to the database restore script, it identifies the service and backups containers by name.
 # 2. **List Application Data Backups**: Displays all available application data backups at the specified backup path.
 # 3. **Select Backup**: Asks the user to copy and paste the desired backup name for application data restoration.
 # 4. **Stop Service**: Stops the service to prevent any conflicts during the restore process.
 # 5. **Restore Application Data**: Removes the current application data and then extracts the selected backup to the appropriate application data path.
 # 6. **Start Service**: Restarts the service after the application data has been successfully restored.
 # To make the `gitea-restore-application-data.sh` script executable, run the following command:
 # `chmod +x gitea-restore-application-data.sh`
 # By utilizing this script, you can efficiently restore application data from an existing backup while ensuring proper coordination with the running service.
 GITEA_CONTAINER=$(docker ps -aqf "name=gitea-gitea")
 GITEA_BACKUPS_CONTAINER=$(docker ps -aqf "name=gitea-backups")
 BACKUP_PATH="/srv/gitea-application-data/backups/"
 RESTORE_PATH="/gitea/data/"
 BACKUP_PREFIX="gitea-application-data"
 echo "--> All available application data backups:"
-for entry in $(docker container exec -it $GITEA_BACKUPS_CONTAINER sh -c "ls /srv/gitea-application-data/backups/")
+for entry in $(docker container exec -it "$GITEA_BACKUPS_CONTAINER" sh -c "ls $BACKUP_PATH")
 do
  echo "$entry"
 done
 echo "--> Copy and paste the backup name from the list above to restore application data and press [ENTER]
--> Example: gitea-application-data-backup-YYYY-MM-DD_hh-mm.tar.gz"
+--> Example: ${BACKUP_PREFIX}-backup-YYYY-MM-DD_hh-mm.tar.gz"
 echo -n "--> "
 read SELECTED_APPLICATION_BACKUP
@ -19,11 +34,11 @@ read SELECTED_APPLICATION_BACKUP
 echo "--> $SELECTED_APPLICATION_BACKUP was selected"
 echo "--> Stopping service..."
-docker stop $GITEA_CONTAINER
+docker stop "$GITEA_CONTAINER"
 echo "--> Restoring application data..."
-docker exec -it $GITEA_BACKUPS_CONTAINER sh -c "rm -rf /etc/gitea/* && tar -zxpf /srv/gitea-application-data/backups/$SELECTED_APPLICATION_BACKUP -C /"
+docker exec -it "$GITEA_BACKUPS_CONTAINER" sh -c "rm -rf ${RESTORE_PATH}* && tar -zxpf ${BACKUP_PATH}${SELECTED_APPLICATION_BACKUP} -C /"
 echo "--> Application data recovery completed..."
 echo "--> Starting service..."
-docker start $GITEA_CONTAINER
+docker start "$GITEA_CONTAINER"
--- a/gitea-restore-database.sh
+++ b/gitea-restore-database.sh
@ -1,11 +1,27 @@
 #!/bin/bash
-GITEA_CONTAINER=$(docker ps -aqf "name=gitea_gitea")
+# # gitea-restore-database.sh Description
-GITEA_BACKUPS_CONTAINER=$(docker ps -aqf "name=gitea_backups")
+# This script facilitates the restoration of a database backup.
 # 1. **Identify Containers**: It first identifies the service and backups containers by name, finding the appropriate container IDs.
 # 2. **List Backups**: Displays all available database backups located at the specified backup path.
 # 3. **Select Backup**: Prompts the user to copy and paste the desired backup name from the list to restore the database.
 # 4. **Stop Service**: Temporarily stops the service to ensure data consistency during restoration.
 # 5. **Restore Database**: Executes a sequence of commands to drop the current database, create a new one, and restore it from the selected compressed backup file.
 # 6. **Start Service**: Restarts the service after the restoration is completed.
 # To make the `gitea-restore-database.shh` script executable, run the following command:
 # `chmod +x gitea-restore-database.sh`
 # Usage of this script ensures a controlled and guided process to restore the database from an existing backup.
 GITEA_CONTAINER=$(docker ps -aqf "name=gitea-gitea")
 GITEA_BACKUPS_CONTAINER=$(docker ps -aqf "name=gitea-backups")
 GITEA_DB_NAME="giteadb"
 GITEA_DB_USER="giteadbuser"
 POSTGRES_PASSWORD=$(docker exec $GITEA_BACKUPS_CONTAINER printenv PGPASSWORD)
 BACKUP_PATH="/srv/gitea-postgres/backups/"
 echo "--> All available database backups:"
-for entry in $(docker container exec -it $GITEA_BACKUPS_CONTAINER sh -c "ls /srv/gitea-postgres/backups/")
+for entry in $(docker container exec "$GITEA_BACKUPS_CONTAINER" sh -c "ls $BACKUP_PATH")
 do
  echo "$entry"
 done
@ -19,13 +35,13 @@ read SELECTED_DATABASE_BACKUP
 echo "--> $SELECTED_DATABASE_BACKUP was selected"
 echo "--> Stopping service..."
-docker stop $GITEA_CONTAINER
+docker stop "$GITEA_CONTAINER"
 echo "--> Restoring database..."
-docker exec -it $GITEA_BACKUPS_CONTAINER sh -c 'PGPASSWORD="$(echo $POSTGRES_PASSWORD)" dropdb -h postgres -p 5432 giteadb -U giteadbuser \
+docker exec "$GITEA_BACKUPS_CONTAINER" sh -c "dropdb -h postgres -p 5432 $GITEA_DB_NAME -U $GITEA_DB_USER \
-&& PGPASSWORD="$(echo $POSTGRES_PASSWORD)" createdb -h postgres -p 5432 giteadb -U giteadbuser \
+&& createdb -h postgres -p 5432 $GITEA_DB_NAME -U $GITEA_DB_USER \
-&& PGPASSWORD="$(echo $POSTGRES_PASSWORD)" gunzip -c /srv/gitea-postgres/backups/'$SELECTED_DATABASE_BACKUP' | PGPASSWORD=$(echo $POSTGRES_PASSWORD) psql -h postgres -p 5432 giteadb -U giteadbuser'
+&& gunzip -c ${BACKUP_PATH}${SELECTED_DATABASE_BACKUP} | psql -h postgres -p 5432 $GITEA_DB_NAME -U $GITEA_DB_USER"
 echo "--> Database recovery completed..."
 echo "--> Starting service..."
-docker start $GITEA_CONTAINER
+docker start "$GITEA_CONTAINER"
--- a/gitea-traefik-letsencrypt-docker-compose.yml
+++ b/gitea-traefik-letsencrypt-docker-compose.yml
@ -1,12 +1,62 @@
-# Gitea with Let's Encrypt in a Docker Compose
+# Gitea with Let's Encrypt Using Docker Compose
 # The complete installation guide is available on my https://www.heyvaldemar.com/install-gitea-using-docker-compose/
 # Change variables in the `.env` to meet your requirements.
 # Note that the .env file should be in the same directory as `gitea-traefik-letsencrypt-docker-compose.yml`.
 # Create networks for your services before deploying the configuration using the commands:
 # `docker network create traefik-network`
 # `docker network create gitea-network`
 # Deploy Gitea using Docker Compose:
 # `docker compose -f gitea-traefik-letsencrypt-docker-compose.yml -p gitea up -d`
 # Backups
 # The `backups` container in the configuration is responsible for the following:
 # 1. **Database Backup**: Creates compressed backups of the PostgreSQL database using pg_dump.
 # Customizable backup path, filename pattern, and schedule through variables like `POSTGRES_BACKUPS_PATH`, `POSTGRES_BACKUP_NAME`, and `BACKUP_INTERVAL`.
 # 2. **Application Data Backup**: Compresses and stores backups of the application data on the same schedule. Controlled via variables such as `DATA_BACKUPS_PATH`, `DATA_BACKUP_NAME`, and `BACKUP_INTERVAL`.
 # 3. **Backup Pruning**: Periodically removes backups exceeding a specified age to manage storage.
 # Customizable pruning schedule and age threshold with `POSTGRES_BACKUP_PRUNE_DAYS` and `DATA_BACKUP_PRUNE_DAYS`.
 # By utilizing this container, consistent and automated backups of the essential components of your instance are ensured.
 # Moreover, efficient management of backup storage and tailored backup routines can be achieved through easy and flexible configuration using environment variables.
 # # gitea-restore-database.sh Description
 # This script facilitates the restoration of a database backup.
 # 1. **Identify Containers**: It first identifies the service and backups containers by name, finding the appropriate container IDs.
 # 2. **List Backups**: Displays all available database backups located at the specified backup path.
 # 3. **Select Backup**: Prompts the user to copy and paste the desired backup name from the list to restore the database.
 # 4. **Stop Service**: Temporarily stops the service to ensure data consistency during restoration.
 # 5. **Restore Database**: Executes a sequence of commands to drop the current database, create a new one, and restore it from the selected compressed backup file.
 # 6. **Start Service**: Restarts the service after the restoration is completed.
 # To make the `gitea-restore-database.shh` script executable, run the following command:
 # `chmod +x gitea-restore-database.sh`
 # Usage of this script ensures a controlled and guided process to restore the database from an existing backup.
 # # gitea-restore-application-data.sh Description
 # This script is designed to restore the application data.
 # 1. **Identify Containers**: Similarly to the database restore script, it identifies the service and backups containers by name.
 # 2. **List Application Data Backups**: Displays all available application data backups at the specified backup path.
 # 3. **Select Backup**: Asks the user to copy and paste the desired backup name for application data restoration.
 # 4. **Stop Service**: Stops the service to prevent any conflicts during the restore process.
 # 5. **Restore Application Data**: Removes the current application data and then extracts the selected backup to the appropriate application data path.
 # 6. **Start Service**: Restarts the service after the application data has been successfully restored.
 # To make the `gitea-restore-application-data.sh` script executable, run the following command:
 # `chmod +x gitea-restore-application-data.sh`
 # By utilizing this script, you can efficiently restore application data from an existing backup while ensuring proper coordination with the running service.
 # Author
-# hey, I’m Vladimir Mikhalev, but my friends call me Valdemar.
+# I’m Vladimir Mikhalev, the Docker Captain, but my friends can call me Valdemar.
 # https://www.docker.com/captains/vladimir-mikhalev/
 # My website with detailed IT guides: https://www.heyvaldemar.com/
 # Follow me on YouTube: https://www.youtube.com/channel/UCf85kQ0u1sYTTTyKVpxrlyQ?sub_confirmation=1
 # Follow me on Twitter: https://twitter.com/heyValdemar
 # Follow me on Instagram: https://www.instagram.com/heyvaldemar/
 # Follow me on Threads: https://www.threads.net/@heyvaldemar
 # Follow me on Mastodon: https://hachyderm.io/@heyValdemar
 # Follow me on Bluesky: https://bsky.app/profile/heyvaldemar.bsky.social
 # Follow me on Facebook: https://www.facebook.com/heyValdemarFB/
 # Follow me on TikTok: https://www.tiktok.com/@heyvaldemar
 # Follow me on LinkedIn: https://www.linkedin.com/in/heyvaldemar/
@ -23,37 +73,33 @@
 # Support on Ko-fi: https://ko-fi.com/heyValdemar
 # Support on PayPal: https://www.paypal.com/paypalme/heyValdemarCOM
-# Install Docker Engine and Docker Compose by following my guide: https://www.heyvaldemar.com/install-docker-engine-and-docker-compose-on-ubuntu-server/
+networks:
-
+  gitea-network:
-# Run gitea-restore-application-data.sh to restore application data if needed.
+    external: true
-# Run gitea-restore-database.sh to restore database if needed.
+  traefik-network:
-
+    external: true
 # Deploy Gitea server with a Docker Compose using the command:
 # docker compose -f gitea-traefik-letsencrypt-docker-compose.yml -p gitea up -d
 volumes:
  gitea-data:
  gitea-config:
  gitea-postgres:
  gitea-postgres-backup:
  gitea-data-backups:
-  gitea-postgres-backups:
+  gitea-database-backups:
  traefik-certificates:
 services:
  postgres:
-    # Image tag (replace with yours)
+    image: ${GITEA_POSTGRES_IMAGE_TAG}
    image: postgres:14
    volumes:
      - gitea-postgres:/var/lib/postgresql/data
    environment:
-      # Database name (replace with yours)
+      POSTGRES_DB: ${GITEA_DB_NAME}
-      POSTGRES_DB: giteadb
+      POSTGRES_USER: ${GITEA_DB_USER}
-      # Database user (replace with yours)
+      POSTGRES_PASSWORD: ${GITEA_DB_PASSWORD}
-      POSTGRES_USER: giteadbuser
+    networks:
-      # Database password (replace with yours)
+      - gitea-network
      POSTGRES_PASSWORD: etFneCEtAWRKkfeQmkvwLWE
    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U postgres -h 127.0.0.1"]
+      test: [ "CMD", "pg_isready", "-q", "-d", "${GITEA_DB_NAME}", "-U", "${GITEA_DB_USER}" ]
      interval: 10s
      timeout: 5s
      retries: 3
@ -61,28 +107,29 @@ services:
    restart: unless-stopped
  gitea:
-    # Image tag (replace with yours)
+    image: ${GITEA_IMAGE_TAG}
    image: gitea/gitea:1.17
    volumes:
-      - gitea-data:/data
+      - gitea-data:/${DATA_PATH}
      - gitea-config:/etc/gitea
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
-      DB_TYPE: postgres
+      GITEA_DATABASE_HOST: postgres
-      DB_HOST: postgres:5432
+      GITEA_DATABASE_NAME: ${GITEA_DB_NAME}
-      # Database name (replace with yours)
+      GITEA_DATABASE_USERNAME: ${GITEA_DB_USER}
-      DB_NAME: giteadb
+      GITEA_DATABASE_PASSWORD: ${GITEA_DB_PASSWORD}
-      # Database user (replace with yours)
+      GITEA_ADMIN_USER: ${GITEA_ADMIN_USERNAME}
-      DB_USER: giteadbuser
+      GITEA_ADMIN_PASSWORD: ${GITEA_ADMIN_PASSWORD}
-      # Database password (replace with yours)
+      GITEA_ADMIN_EMAIL: ${GITEA_ADMIN_EMAIL}
-      DB_PASSWD: etFneCEtAWRKkfeQmkvwLWE
+      GITEA_RUN_MODE: prod
-      RUN_MODE: prod
+      GITEA_DOMAIN: ${GITEA_HOSTNAME}
-      SSH_PORT: 0
+      GITEA_SSH_DOMAIN: ${GITEA_HOSTNAME}
-      DISABLE_SSH: 'true'
+      GITEA_ROOT_URL: ${GITEA_URL}
-      HTTP_PORT: 3000
+      GITEA_HTTP_PORT: 3000
-      # Gitea URL (replace with yours)
+      GITEA_SSH_PORT: ${GITEA_SHELL_SSH_PORT}
-      ROOT_URL: https://gitea.heyvaldemar.net
+      GITEA_SSH_LISTEN_PORT: 22
    networks:
      - gitea-network
      - traefik-network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/"]
      interval: 10s
@ -91,8 +138,7 @@ services:
      start_period: 90s
    labels:
      - "traefik.enable=true"
-      # Gitea URL (replace with yours)
+      - "traefik.http.routers.gitea.rule=Host(`${GITEA_HOSTNAME}`)"
      - "traefik.http.routers.gitea.rule=Host(`gitea.heyvaldemar.net`)"
      - "traefik.http.routers.gitea.service=gitea"
      - "traefik.http.routers.gitea.entrypoints=websecure"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
@ -101,6 +147,11 @@ services:
      - "traefik.http.services.gitea.loadbalancer.passhostheader=true"
      - "traefik.http.routers.gitea.middlewares=compresstraefik"
      - "traefik.http.middlewares.compresstraefik.compress=true"
      - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.gitea-ssh.service=gitea-ssh"
      - "traefik.tcp.routers.gitea-ssh.entrypoints=ssh"
      - "traefik.tcp.services.gitea-ssh.loadbalancer.server.port=22"
      - "traefik.docker.network=traefik-network"
    restart: unless-stopped
    depends_on:
      postgres:
@ -109,10 +160,9 @@ services:
        condition: service_healthy
  traefik:
-    # Image tag (replace with yours)
+    image: ${TRAEFIK_IMAGE_TAG}
    image: traefik:2.8
    command:
-      - "--log.level=WARN"
+      - "--log.level=${TRAEFIK_LOG_LEVEL}"
      - "--accesslog=true"
      - "--api.dashboard=true"
      - "--api.insecure=true"
@ -121,12 +171,12 @@ services:
      - "--entryPoints.ping.address=:8082"
      - "--entryPoints.web.address=:80"
      - "--entryPoints.websecure.address=:443"
      - "--entryPoints.ssh.address=:${GITEA_SHELL_SSH_PORT}"
      - "--providers.docker=true"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.exposedByDefault=false"
      - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
-      # Email for Let's Encrypt (replace with yours)
+      - "--certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_ACME_EMAIL}"
      - "--certificatesresolvers.letsencrypt.acme.email=callvaldemar@gmail.com"
      - "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme/acme.json"
      - "--metrics.prometheus=true"
      - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
@ -135,7 +185,10 @@ services:
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - traefik-certificates:/etc/traefik/acme
    networks:
      - traefik-network
    ports:
      - "${GITEA_SHELL_SSH_PORT}:${GITEA_SHELL_SSH_PORT}"
      - "80:80"
      - "443:443"
    healthcheck:
@ -146,8 +199,7 @@ services:
      start_period: 5s
    labels:
      - "traefik.enable=true"
-      # Traefik URL (replace with yours)
+      - "traefik.http.routers.dashboard.rule=Host(`${TRAEFIK_HOSTNAME}`)"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.gitea.heyvaldemar.net`)"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
@ -155,10 +207,7 @@ services:
      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
      - "traefik.http.services.dashboard.loadbalancer.passhostheader=true"
      - "traefik.http.routers.dashboard.middlewares=authtraefik"
-      # Basic Authentication for Traefik Dashboard
+      - "traefik.http.middlewares.authtraefik.basicauth.users=${TRAEFIK_BASIC_AUTH}"
      # Username: traefikadmin (replace with yours)
      # Passwords must be encoded using MD5, SHA1, or BCrypt https://hostingcanada.org/htpasswd-generator/
      - "traefik.http.middlewares.authtraefik.basicauth.users=traefikadmin:$$2y$$10$$sMzJfirKC75x/hVpiINeZOiSm.Jkity9cn4KwNkRvO7hSQVFc5FLO"
      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
@ -166,43 +215,36 @@ services:
    restart: unless-stopped
  backups:
-    # Image tag (replace with yours)
+    image: ${GITEA_POSTGRES_IMAGE_TAG}
-    image: postgres:14
+    command: >-
-    # Database backups prune interval (replace with yours). Default is 7 days.
+      sh -c 'sleep $BACKUP_INIT_SLEEP &&
-    # find /srv/gitea-postgres/backups -type f -mtime +7 | xargs rm -f
+      while true; do
-
+        pg_dump -h postgres -p 5432 -d $GITEA_DB_NAME -U $GITEA_DB_USER | gzip > $POSTGRES_BACKUPS_PATH/$POSTGRES_BACKUP_NAME-$(date "+%Y-%m-%d_%H-%M").gz &&
-    # Application data backups prune interval (replace with yours). Default is 7 days.
+        tar -zcpf $DATA_BACKUPS_PATH/$DATA_BACKUP_NAME-$(date "+%Y-%m-%d_%H-%M").tar.gz $DATA_PATH &&
-    # find /srv/gitea-application-data/backups -type f -mtime +7 | xargs rm -f
+        find $POSTGRES_BACKUPS_PATH -type f -mtime +$POSTGRES_BACKUP_PRUNE_DAYS | xargs rm -f &&
-
+        find $DATA_BACKUPS_PATH -type f -mtime +$DATA_BACKUP_PRUNE_DAYS | xargs rm -f;
-    # Gitea backups interval (replace with yours). Default is 1 day.
+        sleep $BACKUP_INTERVAL; done'
    # sleep 24h
    # Run gitea-restore-application-data.sh to restore application data if needed.
    # Run gitea-restore-database.sh to restore database if needed.
    command: sh -c 'sleep 30m
             && while true; do
             PGPASSWORD="$$(echo $$POSTGRES_PASSWORD)"
             pg_dump
             -h postgres
             -p 5432
             -d giteadb
             -U giteadbuser | gzip > /srv/gitea-postgres/backups/gitea-postgres-backup-$$(date "+%Y-%m-%d_%H-%M").gz
             && tar -zcpf /srv/gitea-application-data/backups/gitea-application-data-backup-$$(date "+%Y-%m-%d_%H-%M").tar.gz /etc/gitea
             && find /srv/gitea-postgres/backups -type f -mtime +7 | xargs rm -f
             && find /srv/gitea-application-data/backups -type f -mtime +7 | xargs rm -f;
             sleep 24h; done'
    volumes:
-      - gitea-data:/etc/gitea
+      - gitea-postgres-backup:/var/lib/postgresql/data
-      # Application data backups location
+      - gitea-data:${DATA_PATH}
-      - gitea-data-backups:/srv/gitea-application-data/backups
+      - gitea-data-backups:${DATA_BACKUPS_PATH}
-      # Database backups location
+      - gitea-database-backups:${POSTGRES_BACKUPS_PATH}
      - gitea-postgres-backups:/srv/gitea-postgres/backups
    environment:
-      # Database password (replace with yours)
+      GITEA_DB_NAME: ${GITEA_DB_NAME}
-      POSTGRES_PASSWORD: etFneCEtAWRKkfeQmkvwLWE
+      GITEA_DB_USER: ${GITEA_DB_USER}
      PGPASSWORD: ${GITEA_DB_PASSWORD}
      BACKUP_INIT_SLEEP: ${BACKUP_INIT_SLEEP}
      BACKUP_INTERVAL: ${BACKUP_INTERVAL}
      POSTGRES_BACKUP_PRUNE_DAYS: ${POSTGRES_BACKUP_PRUNE_DAYS}
      DATA_BACKUP_PRUNE_DAYS: ${DATA_BACKUP_PRUNE_DAYS}
      POSTGRES_BACKUPS_PATH: ${POSTGRES_BACKUPS_PATH}
      DATA_BACKUPS_PATH: ${DATA_BACKUPS_PATH}
      DATA_PATH: ${DATA_PATH}
      POSTGRES_BACKUP_NAME: ${POSTGRES_BACKUP_NAME}
      DATA_BACKUP_NAME: ${DATA_BACKUP_NAME}
    networks:
      - gitea-network
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
      gitea:
        condition: service_healthy