Initial commit

Co-Authored-By: Oz <oz-agent@warp.dev>

scripts/install.sh

@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "${SCRIPT_DIR}/lib.sh"
+
+WITH_TLS=false
+OPEN_PUBLIC_WEB=false
+
+for arg in "$@"; do
+  case "$arg" in
+    --with-tls) WITH_TLS=true ;;
+    --open-public-web) OPEN_PUBLIC_WEB=true ;;
+    *) die "Unknown argument: $arg" ;;
+  esac
+done
+
+log "Starting Gitea install"
+require_cmd docker
+require_cmd curl
+
+load_env
+if [[ "${WITH_TLS}" == "true" ]]; then
+  : "${TLS_EMAIL:?TLS_EMAIL is required in .env when using --with-tls}"
+fi
+
+mkdir -p "${GITEA_BASE_PATH}" "${GITEA_BASE_PATH}/gitea-data" "${GITEA_BASE_PATH}/postgres" "${GITEA_BASE_PATH}/backups" "${GITEA_BASE_PATH}/caddy-data" "${GITEA_BASE_PATH}/caddy-config"
+
+log "Pulling images"
+if [[ "${WITH_TLS}" == "true" ]]; then
+  compose --profile tls pull
+else
+  compose pull
+fi
+
+log "Starting containers"
+if [[ "${WITH_TLS}" == "true" ]]; then
+  compose --profile tls up -d
+else
+  compose up -d
+fi
+
+wait_for_gitea_health
+apply_firewall_rules "${OPEN_PUBLIC_WEB}"
+
+cat <<MSG
+Install complete.
+
+Local access:
+  - Web UI: http://localhost:${GITEA_HTTP_PORT}
+  - SSH for Git: ssh://git@localhost:${GITEA_SSH_PORT}
+
+Expected repository root on host:
+  ${GITEA_BASE_PATH}/gitea-data/git/repositories
+MSG
+
+if [[ "${WITH_TLS}" == "true" ]]; then
+cat <<TLSMSG
+TLS profile enabled (Caddy).
+  - HTTPS endpoint (after DNS + router config): https://${GITEA_DOMAIN}
+  - ACME contact email: ${TLS_EMAIL}
+  - Optional firewall for 80/443 was $( [[ "${OPEN_PUBLIC_WEB}" == "true" ]] && printf 'enabled' || printf 'not changed' )
+TLSMSG
+fi
+
+cat <<NEXT
+
+Next:
+  1) Run scripts/test.sh$( [[ "${WITH_TLS}" == "true" ]] && printf ' --with-tls' || true )
+  2) Complete DNS/router/Cloudflare steps documented in README.md
+NEXT