Gitea
What to do?
I want to collect notes in a more organised way. Or at all, really. Otherwise things disappear. I’ve heard good things about Obsidian so thought I’d give it a try. But I’d like to have backups of my notes and have the option to collect notes on multiple devices such that they’d automatically be synched.
Obsidian has encrypted synch support, but only if you pay. Not that it’s a lot ($4/month), but that also requires setting up payments, which involves giving out personal data and that I don’t like.
So I had a look at alternative approaches. Turns out that Obsidian is just a collection of markdown files. And what’s really good for managing changes in a collection of text files? Git. That makes things nice and simple - a basic cron job that calls git commit + push would suffice, or maybe something more advanced that does it on save. Either way, it’s just a wrapper round git.
But then we’re back to protecting data. The default for git is just to use github. Thing is, it’s Microsoft, and call me biased, but I remember the 90s and don’t trust them. Especially not with my private notes. Initially I thought about doing some kind of encryption on commit etc., but that loses the magic of git, as it’s just random binaries flying around, rather than changesets. At that point I might as well use S3 or something.
That’s when I realised that I’m overcomplicating things (hehe). This is git. Git is simple (sort of), or at least not a massive bloated monstrosity like most things today. So I could just host it myself. This is something I’ve wanted to do for a while now - it’s unlikely for github to just up and disappear, but it’s not unheard of for them to delete repos for arbitrary reasons. Best to have more options.
Basic self hosted git
Having decided on this approach, it was time to learn something new. It turns out that hosting a git repo is basically:
- make the repo
- add the ssh keys you want to .ssh/authorized_keys
- point your remote at that folder
You want this to be done by a dedicated user for security reasons, but otherwise it’s trivial. So:
sudo adduser git
sudo usermod -aG ssh git
sudo su git
mkdir ~/.ssh
chmod 700 ~/.ssh
vim ~/.ssh/authorized_keys # add your ssh public key
chmod 600 ~/.ssh/authorized_keys
git init --bare <repo name>
That’s it. Nice and easy. This works. But it requires manually creating the repo and adding ssh keys. A lot of work, I know… Still - that has to be done by logging into the server and running a bunch of commands, but I don’t always have easy access to my raspberry pi. Sometimes I need to fire up my VPN to access it. That’s a whole extra step!
Gitea
So I decided to make things harder and add a GUI for managing repos. The first thing I found that seemed halfway decent was Gitea. This is basically a github clone for self hosting. Works though! At least for now?
Installation
Setting it up went quite smoothly. First install the binary:
wget -O gitea https://dl.gitea.com/gitea/1.23.8/gitea-1.23.8-linux-arm-6
chmod +x gitea
sudo mv gitea /usr/local/bin/
Create its data folders:
sudo mkdir -p /var/lib/gitea/{custom,data,log}
sudo chown -R git:git /var/lib/gitea/
sudo chmod -R 750 /var/lib/gitea/
And config:
sudo mkdir /etc/gitea
sudo chmod 770 /etc/gitea
sudo touch /etc/gitea/app.ini
sudo chown -R root:git /etc/gitea
Initial Setup
By default Gitea runs on port 3000, but I already have something there. Changing the port is just a matter of
adding the following to the config file (/etc/gitea
)
[server]
HTTP_PORT = 3001
Running as a service
I want this to always run. Since I have Systemd set up, might as well make it into a service. So the following
goes into /etc/systemd/system/gitea.service
[Unit]
Description=Gitea
After=network.target
[Service]
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
[Install]
WantedBy=multi-user.target
Then run the following to start it up:
sudo systemctl daemon-reload
sudo systemctl enable --now gitea
Gitea should now be available at http://localhost:3001
GUI Setup
If you then go to the website, you can set up the Gitea. This is mainly pointing to where it should store repos, what domain to use - that kind of thing.
Users
By default anyone can create a new user - this I wanted to disable, so I added the following to /etc/gitea/app.ini
:
DISABLE_REGISTRATION=true
After restarting it (sudo systemctl restart gitea
) there now is no option to create a user, only to log in.
Which is what I wanted, but now don’t have any way to log in. Luckily there’s a CLI option to do that:
sudo -u git /usr/local/bin/gitea --config /etc/gitea/app.ini admin user create \
--username <your username> \
--password <your password> \
--email <your email address> \
--must-change-password=false \
--admin=true
And now I have a user with which I can log in!
Config Nginx
My domain is handled by Nginx with subservers defined. I’d like to access gitea via https://ahiru.pl/git,
so this will require redirecting stuff. Luckily this is trivial with Nginx - adding the following to the
server definition in /etc/nginx/sites-enabled/ahiru.pl
is enough:
location /git {
proxy_pass http://127.0.0.1:3001/;
}
Then load nginx (sudo systemctl restart nginx
) and viola!
Mirroring
Gitea can apparently be set up to mirror existing repos. I tried it out with some Github repos that I have, and it copies the code over, but I’m not sure how well it syncs issues, PRs etc. Not that it’s much of a problem, of course…
Git problems
Most of this went smoothly. The main problem I had was trying to connect via git. I created an empty repo in Gitea,
made an empty repo locally, set git remote set-url git@ahiru.pl:user/test.git
(where user
is the gitea user
you created), made an initial commit and pushed. And got hit with:
fatal: 'user/test.git' does not appear to be a git repository
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
Lovely. This is where I had to break out the old -vvv
option. First thing that was strange was that I was getting
no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
. This
happens when an old version of sshd is used. But logging in to my Pi didn’t raise that error?
Turns out I’m stupid and forgot that ssh ahiru.pl
is not the same as ssh pi
, as the former goes through the router.
Which also has sshd set up. With a publicly available port? Thought I disabled that? Either way, git should be going to
the Pi, not the router. A simple port redirect fixed that.
That part allowed me to get to the Pi. But it was still complaining that it can’t log in via key - it always wanted my
password. This also turned out to be a stupid mistake. Looking in /etc/ssh/sshd_config
I have AllowGroups ssh
. So
only users in the ssh
group can ssh in. This was fixed by sudo usermod -aG ssh git
and now git push works!