Compare commits
26 Commits
freenginx-
...
main
Author | SHA1 | Date | |
---|---|---|---|
4838e809c6 | |||
c78984fcdd | |||
5710be8871 | |||
8b37e1131e | |||
dcbb6c1815 | |||
87c2f296b7 | |||
271e8eef2d | |||
a2aea661e2 | |||
5d9c20cd0f | |||
b62271c732 | |||
732fe5c17d | |||
62464117d3 | |||
98feebacf6 | |||
33125f2154 | |||
fa049f97aa | |||
6510607877 | |||
9a47f97982 | |||
f2020beb4c | |||
0eae506a34 | |||
3eaf559ba6 | |||
6d110b1f0e | |||
847cd3eebb | |||
90aa47c703 | |||
4b873606f2 | |||
0d322d34e7 | |||
4cb2beea61 |
105
alpine-initramfs-dropbear/README.md
Normal file
105
alpine-initramfs-dropbear/README.md
Normal file
File diff suppressed because it is too large
Load Diff
29
alpine-initramfs-dropbear/dropbear/unlock_disk
Normal file
29
alpine-initramfs-dropbear/dropbear/unlock_disk
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -- $(cat /proc/cmdline)
|
||||||
|
|
||||||
|
for opt; do
|
||||||
|
case "$opt" in
|
||||||
|
cryptroot=*)
|
||||||
|
KOPT_cryptroot=${opt#cryptroot=}
|
||||||
|
continue
|
||||||
|
;;
|
||||||
|
cryptdm=*)
|
||||||
|
KOPT_cryptdm=${opt#cryptdm=}
|
||||||
|
continue
|
||||||
|
;;
|
||||||
|
root=*)
|
||||||
|
KOPT_root=${opt#root=}
|
||||||
|
continue
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
while [ ! -b /dev/mapper/${KOPT_cryptdm} ]; do
|
||||||
|
/sbin/nlplug-findfs -c ${KOPT_cryptroot} -m ${KOPT_cryptdm} ${KOPT_debug_init:+-d} -p /sbin/mdev ${KOPT_root}
|
||||||
|
sleep 2
|
||||||
|
done
|
||||||
|
|
||||||
|
# Kill all struck nlplug-findfs jobs and dropbear
|
||||||
|
killall -9 nlplug-findfs
|
||||||
|
killall -9 dropbear
|
3
alpine-initramfs-dropbear/features.d/dropbear.files
Normal file
3
alpine-initramfs-dropbear/features.d/dropbear.files
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
/usr/sbin/dropbear
|
||||||
|
/sbin/cryptsetup
|
||||||
|
/etc/dropbear/*
|
3
alpine-initramfs-dropbear/features.d/dropbear.modules
Normal file
3
alpine-initramfs-dropbear/features.d/dropbear.modules
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
kernel/crypto/*
|
||||||
|
kernel/arch/*/crypto/*
|
||||||
|
kernel/drivers/md/dm-crypt.ko
|
1035
alpine-initramfs-dropbear/initramfs-dropbear
Normal file
1035
alpine-initramfs-dropbear/initramfs-dropbear
Normal file
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
32
build_gitea/Linux/init.d/gitea.initd
Normal file
32
build_gitea/Linux/init.d/gitea.initd
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
#!/sbin/openrc-run
|
||||||
|
|
||||||
|
supervisor=supervise-daemon
|
||||||
|
name=gitea
|
||||||
|
command="/usr/bin/gitea"
|
||||||
|
command_user="${GITEA_USER:-gitea}"
|
||||||
|
command_args="web --config '${GITEA_CONF:-/etc/gitea/app.ini}'"
|
||||||
|
supervise_daemon_args="--env GITEA_WORK_DIR='${GITEA_WORK_DIR:-/var/lib/gitea}' --chdir '${GITEA_WORK_DIR:-/var/lib/gitea}' --stdout '${GITEA_LOG_FILE:-/var/log/gitea/http.log}' --stderr '${GITEA_LOG_FILE:-/var/log/gitea/http.log}'"
|
||||||
|
pidfile="/run/gitea.pid"
|
||||||
|
extra_started_commands="reopen_log"
|
||||||
|
capabilities="^cap_net_bind_service"
|
||||||
|
|
||||||
|
depend() {
|
||||||
|
use logger dns
|
||||||
|
need net
|
||||||
|
after firewall mysql postgresql
|
||||||
|
}
|
||||||
|
|
||||||
|
#https://github.com/go-gitea/gitea/issues/17976
|
||||||
|
#reload() {
|
||||||
|
# ebegin "Reloading ${RC_SVCNAME}"
|
||||||
|
# ${supervisor} ${RC_SVCNAME} --signal HUP --pidfile "${pidfile}"
|
||||||
|
# eend $?
|
||||||
|
#}
|
||||||
|
|
||||||
|
reopen_log() {
|
||||||
|
ebegin "Reopening logfile for ${RC_SVCNAME}"
|
||||||
|
${supervisor} ${RC_SVCNAME} --signal USR1 --pidfile "${pidfile}"
|
||||||
|
eend $?
|
||||||
|
}
|
||||||
|
|
||||||
|
# Taken from https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/community/gitea/gitea.initd
|
@ -29,7 +29,49 @@ while [ ${#} -gt 0 ]; do
|
|||||||
;; # NodeJS Version
|
;; # NodeJS Version
|
||||||
--static | -s)
|
--static | -s)
|
||||||
BUILD_STATIC=true
|
BUILD_STATIC=true
|
||||||
;; # Build as Static Assets file
|
;; # Also Build Static Assets file
|
||||||
|
--type=* )
|
||||||
|
BUILD_TYPE="${1#*=}"
|
||||||
|
BUILD_TYPE="${BUILD_TYPE,,}"
|
||||||
|
case $BUILD_TYPE in
|
||||||
|
"gitea") BUILD_TYPE="gitea" ;;
|
||||||
|
"forgejo") BUILD_TYPE="forgejo" ;;
|
||||||
|
"")
|
||||||
|
echo "ERROR : --type= is empty!"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "ERROR : Vaild values for --type are -> gitea, forgejo"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
--patch=* )
|
||||||
|
PATCH_FILES="${1#*=}"
|
||||||
|
case $PATCH_FILES in
|
||||||
|
"")
|
||||||
|
echo "ERROR: --patch= is empty!"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
;;
|
||||||
|
esac # Add Patches to your Gitea build. Format -> patch1.patch or patch1.patch,https://patch (Absolute path)
|
||||||
|
;;
|
||||||
|
--build-arch=* )
|
||||||
|
BUILD_ARCH="${1#*=}"
|
||||||
|
case $BUILD_ARCH in
|
||||||
|
"x86_64") BUILD_ARCH="x86_64" ;;
|
||||||
|
"aarch64") BUILD_ARCH="aarch64" ;;
|
||||||
|
"")
|
||||||
|
echo "ERROR : --build-arch= is empty!"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "ERROR : Vaild values for --build-arch are -> x86_64, aarch64"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac # Architect for your binary to be build. This is for Cross-compiling etc.
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
@ -39,4 +81,5 @@ done
|
|||||||
|
|
||||||
# Known Issues
|
# Known Issues
|
||||||
|
|
||||||
|
- For Alpine Linux: to get `npm` installation working, please ensure community package is enable in `/etc/apk/repositories`
|
||||||
- This script required root privileges because of dependencies installation, which is hard to avoid.
|
- This script required root privileges because of dependencies installation, which is hard to avoid.
|
82
cryptsetup-veracrypt/cryptsetup-veracrypt.sh
Normal file
82
cryptsetup-veracrypt/cryptsetup-veracrypt.sh
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Veracrypt Cryptsetup script.
|
||||||
|
#
|
||||||
|
# Mount Veracrypt drive using cryptsetup
|
||||||
|
# Currently, only working as promting script, CLI style is not Yet supported.
|
||||||
|
|
||||||
|
mount(){
|
||||||
|
${SUDOERS} cryptsetup --type tcrypt --veracrypt open /dev/$drive $container_name
|
||||||
|
|
||||||
|
if [ -e "/dev/mapper/$container_name" ]; then
|
||||||
|
${SUDOERS} mkdir -p "/mnt/$container_name"
|
||||||
|
printf "Directory /mnt/%s created.\n" $container_name
|
||||||
|
else
|
||||||
|
printf "Device /dev/mapper/%s does not exist.\n" $container_name
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
${SUDOERS} mount ${MOUNT_PARAMETERS[@]} /dev/mapper/$container_name /mnt/$container_name
|
||||||
|
}
|
||||||
|
|
||||||
|
unmount(){
|
||||||
|
${SUDOERS} umount /mnt/$container_name
|
||||||
|
|
||||||
|
if [ -e "/dev/mapper/$container_name" ]; then
|
||||||
|
DIRECTORY_CLEANUP=true
|
||||||
|
else
|
||||||
|
printf "Device /dev/mapper/%s does not exist.\n" $container_name
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
${SUDOERS} cryptsetup close /dev/mapper/$container_name
|
||||||
|
|
||||||
|
if [[ "$DIRECTORY_CLEANUP" == true ]]; then
|
||||||
|
${SUDOERS} rmdir /mnt/$container_name
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
prompting() {
|
||||||
|
MODE=$1
|
||||||
|
printf "Available Disks:\n%s\n\nChoose: " "$DISKS"
|
||||||
|
read drive
|
||||||
|
|
||||||
|
printf "\nSelect Container Name: "
|
||||||
|
read container_name
|
||||||
|
|
||||||
|
case $MODE in
|
||||||
|
"mount") mount_permission_prompt && mount;;
|
||||||
|
"unmount") unmount;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
mount_permission_prompt() {
|
||||||
|
printf "Currently the Mount Parameters is hardcoded, so you have not much choice!\n"
|
||||||
|
printf "Mounting with '-o umask=000' (Y/n)? "
|
||||||
|
read mount_permission
|
||||||
|
case $mount_permission in
|
||||||
|
"Y"|"y") MOUNT_PARAMETERS+="-o umask=000" ;;
|
||||||
|
"N"|"n") ;;
|
||||||
|
*) mount_permission_prompt ;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
if sudo --validate; then
|
||||||
|
SUDOERS=sudo
|
||||||
|
else
|
||||||
|
SUDOERS=""
|
||||||
|
fi
|
||||||
|
|
||||||
|
DISKS=$(lsblk -n -o NAME,SIZE,TYPE)
|
||||||
|
MOUNT_PARAMETERS=()
|
||||||
|
|
||||||
|
printf "NOTICE! This script is intended to work with Veracrypt drives in linux only!\n"
|
||||||
|
printf "Mode: mount/unmount -> "
|
||||||
|
read MODE
|
||||||
|
|
||||||
|
MODE="${MODE,,}"
|
||||||
|
case $MODE in
|
||||||
|
"mount") prompting "mount";;
|
||||||
|
"unmount"|"umount") prompting "unmount";;
|
||||||
|
esac
|
7
gitea-patches/Readme.md
Normal file
7
gitea-patches/Readme.md
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
# Gitea Patches
|
||||||
|
|
||||||
|
`gitea-v1.22.3-activitypub.patch` Security/Privacy improvement for Gitea and Forgejo(the patch is focused on Gitea but should've work on forgejo too!). Return a fake 404 Page when user visiblity is either "private" or "limited"
|
||||||
|
|
||||||
|
`gitea-v1.22.3-no-contributorStats.patch` Gitea's Activity: "Recent Commit" "Code Frequency" "Contributors" is a resource-intensive tasks. This could turn small device into flames! This patch is remove 'ContributorStats'.
|
||||||
|
|
||||||
|
`gitea-v1.22.3-no-contributorStats-all.patch` same as above, But this patch also remove paths from web.go and templates
|
27
gitea-patches/gitea-v1.22.3-activitypub.patch
Normal file
27
gitea-patches/gitea-v1.22.3-activitypub.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
diff --git a/routers/api/v1/activitypub/person.go b/routers/api/v1/activitypub/person.go
|
||||||
|
index 995a148f0b..10043fcbe1 100644
|
||||||
|
--- a/routers/api/v1/activitypub/person.go
|
||||||
|
+++ b/routers/api/v1/activitypub/person.go
|
||||||
|
@@ -8,6 +8,7 @@ import (
|
||||||
|
"net/http"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
+ user_model "code.gitea.io/gitea/models/user"
|
||||||
|
"code.gitea.io/gitea/modules/activitypub"
|
||||||
|
"code.gitea.io/gitea/modules/log"
|
||||||
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
@@ -36,6 +37,14 @@ func Person(ctx *context.APIContext) {
|
||||||
|
|
||||||
|
// TODO: the setting.AppURL during the test doesn't follow the definition: "It always has a '/' suffix"
|
||||||
|
link := fmt.Sprintf("%s/api/v1/activitypub/user-id/%d", strings.TrimSuffix(setting.AppURL, "/"), ctx.ContextUser.ID)
|
||||||
|
+
|
||||||
|
+ // Fake 404 Error when user visiblity is private/limited
|
||||||
|
+ if ctx.ContextUser.Visibility.IsPrivate() || ctx.ContextUser.Visibility.IsLimited() {
|
||||||
|
+ // ctx.Error(status, title, obj)
|
||||||
|
+ ctx.Error(http.StatusNotFound, "", user_model.ErrUserNotExist{UID: ctx.ContextUser.ID}.Error())
|
||||||
|
+ return
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
person := ap.PersonNew(ap.IRI(link))
|
||||||
|
|
||||||
|
person.Name = ap.NaturalLanguageValuesNew()
|
BIN
gitea-patches/gitea-v1.22.3-no-contributorStats-all.patch
Normal file
BIN
gitea-patches/gitea-v1.22.3-no-contributorStats-all.patch
Normal file
Binary file not shown.
184
gitea-patches/gitea-v1.22.3-no-contributorStats.patch
Normal file
184
gitea-patches/gitea-v1.22.3-no-contributorStats.patch
Normal file
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user