freedombone/src/freedombone-app-gogs

#!/bin/bash
#  _____               _           _
# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
#                              Freedom in the Cloud
#
# Gogs functions
#
# License
# =======
#
# Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

VARIANTS='developer'

IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1

GOGS_USERNAME='gogs'
GOGS_VERSION='0.11.29'

GIT_DOMAIN_NAME=
GIT_CODE=
GIT_ONION_PORT=8090
GIT_ADMIN_PASSWORD=
GOGS_BIN=
GOGS_PORT=3145

GOGS_SHORT_DESCRIPTION=$'Gogs'
GOGS_DESCRIPTION=$'Gogs git repo management'
GOGS_MOBILE_APP_URL=

gogs_variables=(ONION_ONLY
                GIT_ADMIN_PASSWORD
                GIT_DOMAIN_NAME
                GIT_CODE
                GIT_ONION_PORT
                MY_USERNAME
                DDNS_PROVIDER
                ARCHITECTURE)

function logging_on_gogs {
    echo -n ''
}

function logging_off_gogs {
    echo -n ''
}

function change_password_gogs {
    curr_username="$1"
    new_user_password="$2"
}

function install_interactive_gogs {
    if [[ $ONION_ONLY != "no" ]]; then
        GIT_DOMAIN_NAME='gogs.local'
        write_config_param "GIT_DOMAIN_NAME" "$GIT_DOMAIN_NAME"
    else
        function_check interactive_site_details
        interactive_site_details git
    fi
    APP_INSTALLED=1
}

function configure_interactive_gogs {
    dialog --title $"Gogs" \
           --backtitle $"Freedombone Control Panel" \
           --defaultno \
           --yesno $"\nAllow registration of new users?" 10 60
    sel=$?
    case $sel in
        0)
            sed -i "s|DISABLE_REGISTRATION =.*|DISABLE_REGISTRATION = false|g" /home/gogs/custom/conf/app.ini
            sed -i "s|SHOW_REGISTRATION_BUTTON =.*|SHOW_REGISTRATION_BUTTON = true|g" /home/gogs/custom/conf/app.ini
            ;;
        1)
            sed -i "s|DISABLE_REGISTRATION =.*|DISABLE_REGISTRATION = true|g" /home/gogs/custom/conf/app.ini
            sed -i "s|SHOW_REGISTRATION_BUTTON =.*|SHOW_REGISTRATION_BUTTON = false|g" /home/gogs/custom/conf/app.ini
            ;;
        255) return;;
    esac
    systemctl restart gogs
}

function gogs_parameters {
    if [[ ${ARCHITECTURE} == *"386" || ${ARCHITECTURE} == *"686" ]]; then
        CURR_ARCH=386
    fi
    if [[ ${ARCHITECTURE} == *"amd64" || ${ARCHITECTURE} == "x86_64" ]]; then
        CURR_ARCH=amd64
    fi
    if [[ ${ARCHITECTURE} == *"arm"* ]]; then
        CURR_ARCH=armv5
    fi
    if [ ! ${CURR_ARCH} ]; then
        echo $'No architecture specified'
        ARCHITECTURE=$(uname -m)
        if [[ ${ARCHITECTURE} == "arm"* ]]; then
            CURR_ARCH=armv5
            echo $"Using $CURR_ARCH"
        fi
        if [[ ${ARCHITECTURE} == "amd"* || ${ARCHITECTURE} == "x86_64" ]]; then
            CURR_ARCH=amd64
            echo $"Using $CURR_ARCH"
        fi
        if [[ ${ARCHITECTURE} == *"386" || ${ARCHITECTURE} == *"686" ]]; then
            CURR_ARCH=386
            echo $"Using $CURR_ARCH"
        fi
    fi

    GOGS_FILE=linux_${CURR_ARCH}.tar.gz
    GOGS_BIN="https://github.com/gogits/gogs/releases/download/v${GOGS_VERSION}/${GOGS_FILE}"
}

function gogs_create_database {
    if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
        GIT_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
    else
        if [ ! "${GIT_ADMIN_PASSWORD}" ]; then
            GIT_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
        fi
    fi
    if [ ! "$GIT_ADMIN_PASSWORD" ]; then
        return
    fi

    function_check create_database
    create_database gogs "$GIT_ADMIN_PASSWORD"
}

function reconfigure_gogs {
    echo -n ''
}

function upgrade_gogs {
    if ! grep -q 'gogs version:' "$COMPLETION_FILE"; then
        return
    fi

    GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
    GOGS_CONFIG_FILE=$GOGS_CONFIG_PATH/app.ini

    # Change port number if necessary
    if ! grep -q "HTTP_PORT = ${GOGS_PORT}" "${GOGS_CONFIG_FILE}"; then
        sed -i "s|HTTP_PORT =.*|HTTP_PORT = ${GOGS_PORT}|g" "${GOGS_CONFIG_FILE}"
        read_config_param GIT_DOMAIN_NAME
        sed -i "s|proxy_pass .*|proxy_pass http://localhost:${GOGS_PORT};|g" "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
        systemctl restart gogs
        systemctl restart nginx
    fi

    CURR_GOGS_VERSION=$(get_completion_param "gogs version")
    echo "gogs current version: ${CURR_GOGS_VERSION}"
    echo "gogs app version: ${GOGS_VERSION}"
    if [[ "${CURR_GOGS_VERSION}" == "${GOGS_VERSION}" ]]; then
        return
    fi

    cp "$GOGS_CONFIG_FILE $INSTALL_DIR/gogs_config.ini"

    if [ -d "$INSTALL_DIR/gogs-repositories" ]; then
        rm -rf "$INSTALL_DIR/gogs-repositories"
    fi
    if [ -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
        # shellcheck disable=SC2086
        mv /home/${GOGS_USERNAME}/gogs-repositories $INSTALL_DIR
    fi

    gogs_parameters
    echo "gogs binary upgrade: ${GOGS_BIN}"

    if [ ! -d "${INSTALL_DIR}" ]; then
        mkdir -p "${INSTALL_DIR}"
    fi
    cd "${INSTALL_DIR}" || exit 26784427
    if [ -d "${INSTALL_DIR}/gogs" ]; then
        rm -rf "${INSTALL_DIR}/gogs"
    fi
    GOGS_FILE=linux_${CURR_ARCH}.tar.gz
    if [ ! -f ${GOGS_FILE} ]; then
        wget ${GOGS_BIN}
    fi
    if [ ! -f ${GOGS_FILE} ]; then
        GOGS_FILE=linux_${CURR_ARCH}.zip
        GOGS_BIN="https://github.com/gogits/gogs/releases/download/v${GOGS_VERSION}/${GOGS_FILE}"
        if [ ! -f ${GOGS_FILE} ]; then
            wget ${GOGS_BIN}
        fi
        if [ ! -f ${GOGS_FILE} ]; then
            exit 37836
        else
            apt-get -yq install unzip
            unzip -o ${GOGS_FILE}
        fi
    else
        tar -xzf "${INSTALL_DIR}/${GOGS_FILE}"
    fi
    if [ ! -d "${INSTALL_DIR}/gogs" ]; then
        exit 37823
    fi
    rm -rf "/home/${GOGS_USERNAME:?}/"*
    cp -r "${INSTALL_DIR}/gogs/"* "/home/${GOGS_USERNAME}"
    if [ -f ${GOGS_FILE} ]; then
        rm ${GOGS_FILE}
    fi

    if [ ! -d ${GOGS_CONFIG_PATH} ]; then
        mkdir -p ${GOGS_CONFIG_PATH}
    fi

    cp "$INSTALL_DIR/gogs_config.ini" "$GOGS_CONFIG_FILE"
    if [ ! -f $GOGS_CONFIG_FILE ]; then
        echo $'Gogs ini file not upgraded'
        exit 873535
    fi
    rm "$INSTALL_DIR/gogs_config.ini"
    if [ -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
        rm -rf /home/${GOGS_USERNAME}/gogs-repositories
    fi
    if [ -d "$INSTALL_DIR/gogs-repositories" ]; then
        # shellcheck disable=SC2086
        mv $INSTALL_DIR/gogs-repositories /home/${GOGS_USERNAME}/gogs-repositories
    fi
    chown -R "${GOGS_USERNAME}":"${GOGS_USERNAME}" "/home/${GOGS_USERNAME}"

    sed -i "s|gogs version.*|gogs version:$GOGS_VERSION|g" "${COMPLETION_FILE}"
    systemctl restart mariadb
    systemctl restart gogs
}

function backup_local_gogs {
    if ! grep -q "gogs domain" "${COMPLETION_FILE}"; then
        return
    fi

    if [ ! -d "/home/${GOGS_USERNAME}/gogs-repositories" ]; then
        return
    fi

    echo $"Backing up gogs"

    function_check backup_database_to_usb
    backup_database_to_usb gogs

    function_check backup_directory_to_usb
    backup_directory_to_usb "/home/${GOGS_USERNAME}/custom" gogs
    backup_directory_to_usb "/home/${GOGS_USERNAME}/gogs-repositories" gogsrepos
    backup_directory_to_usb "/home/${GOGS_USERNAME}/.ssh" gogsssh

    echo $"Gogs backup complete"
}

function restore_local_gogs {
    if ! grep -q "gogs domain" "${COMPLETION_FILE}"; then
        return
    fi

    if [ ${#GIT_DOMAIN_NAME} -gt 2 ]; then
        function_check gogs_create_database
        gogs_create_database

        GOGS_CONFIG_PATH="/home/${GOGS_USERNAME}/custom/conf"
        GOGS_CONFIG_FILE="${GOGS_CONFIG_PATH}/app.ini"

        function_check restore_database
        restore_database gogs "${GIT_DOMAIN_NAME}"
        temp_restore_dir=/root/tempgogs
        if [ -d "${USB_MOUNT}/backup/gogs" ]; then
            echo $"Restoring Gogs settings"
            if [ ! -d $GOGS_CONFIG_PATH ]; then
                mkdir -p $GOGS_CONFIG_PATH
            fi
            if [ -d "/root/tempgogs/home/${GOGS_USERNAME}/custom" ]; then
                cp -r "/root/tempgogs/home/${GOGS_USERNAME}/custom/"* "/home/${GOGS_USERNAME}/custom/"
            else
                cp -r "/root/tempgogs/"* "/home/${GOGS_USERNAME}/custom/"
            fi
            # shellcheck disable=SC2181
            if [ ! "$?" = "0" ]; then
                function_check set_user_permissions
                set_user_permissions
                function_check backup_unmount_drive
                backup_unmount_drive
                exit 981
            fi
            echo $"Restoring Gogs repos"
            function_check restore_directory_from_usb
            restore_directory_from_usb "${temp_restore_dir}repos" gogsrepos
            if [ ! -d "/home/${GOGS_USERNAME}/gogs-repositories" ]; then
                mkdir "/home/${GOGS_USERNAME}/gogs-repositories"
            fi
            if [ -d "${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories" ]; then
                cp -r "${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories/"* "/home/${GOGS_USERNAME}/gogs-repositories/"
            else
                cp -r "${temp_restore_dir}repos/"* "/home/${GOGS_USERNAME}/gogs-repositories/"
            fi
            # shellcheck disable=SC2181
            if [ ! "$?" = "0" ]; then
                function_check set_user_permissions
                set_user_permissions
                function_check backup_unmount_drive
                backup_unmount_drive
                exit 67574
            fi
            echo $"Restoring Gogs authorized_keys"
            function_check restore_directory_from_usb
            restore_directory_from_usb ${temp_restore_dir}ssh gogsssh
            if [ ! -d /home/${GOGS_USERNAME}/.ssh ]; then
                mkdir /home/${GOGS_USERNAME}/.ssh
            fi
            if [ -d ${temp_restore_dir}ssh/home/${GOGS_USERNAME}/.ssh ]; then
                cp -r ${temp_restore_dir}ssh/home/${GOGS_USERNAME}/.ssh/* /home/${GOGS_USERNAME}/.ssh/
            else
                cp -r ${temp_restore_dir}/* /home/${GOGS_USERNAME}/.ssh/
            fi
            # shellcheck disable=SC2181
            if [ ! "$?" = "0" ]; then
                function_check set_user_permissions
                set_user_permissions
                function_check backup_unmount_drive
                backup_unmount_drive
                exit 8463
            fi
            rm -rf ${temp_restore_dir}
            rm -rf ${temp_restore_dir}repos
            rm -rf ${temp_restore_dir}ssh
            chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
        fi

        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
        sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
        MARIADB_PASSWORD=
        systemctl restart gogs
    fi
}

function backup_remote_gogs {
    if [ -d /home/$GOGS_USERNAME ]; then
        function_check suspend_site
        suspend_site ${GIT_DOMAIN_NAME}

        function_check backup_database_to_friend
        backup_database_to_friend gogs

        echo $"Obtaining Gogs settings backup"

        function_check backup_directory_to_friend
        backup_directory_to_friend /home/$GOGS_USERNAME/custom gogs

        echo $"Obtaining Gogs repos backup"

        # shellcheck disable=SC2086
        mv /home/$GOGS_USERNAME/gogs-repositories/*.git /home/$GOGS_USERNAME/gogs-repositories/bob
        backup_directory_to_friend /home/$GOGS_USERNAME/gogs-repositories gogsrepos

        echo $"Obtaining Gogs authorized_keys backup"

        backup_directory_to_friend /home/$GOGS_USERNAME/.ssh gogsssh

        function_check restart_site
        restart_site

        echo $"Gogs backup complete"
    fi
}

function restore_remote_gogs {
    if grep -q "gogs domain" "$COMPLETION_FILE"; then
        GIT_DOMAIN_NAME=$(get_completion_param "gogs domain")

        function_check gogs_create_database
        gogs_create_database

        GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
        GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini

        function_check restore_database_from_friend
        restore_database_from_friend gogs "${GIT_DOMAIN_NAME}"
        if [ -d "${SERVER_DIRECTORY}/backup/gogs" ]; then
            if [ ! -d $GOGS_CONFIG_PATH ]; then
                mkdir -p $GOGS_CONFIG_PATH
            fi
            if [ -d /root/tempgogs/home/${GOGS_USERNAME}/custom ]; then
                cp -r /root/tempgogs/home/${GOGS_USERNAME}/custom/* /home/${GOGS_USERNAME}/custom/
            else
                cp -r /root/tempgogs/* /home/${GOGS_USERNAME}/custom/
            fi
            # shellcheck disable=SC2181
            if [ ! "$?" = "0" ]; then
                exit 58852
            fi
            echo $"Restoring Gogs repos"
            restore_directory_from_friend /root/tempgogsrepos gogsrepos
            if [ ! -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
                mkdir /home/${GOGS_USERNAME}/gogs-repositories
            fi
            if [ -d /root/tempgogsrepos/home/${GOGS_USERNAME}/gogs-repositories ]; then
                cp -r /root/tempgogsrepos/home/${GOGS_USERNAME}/gogs-repositories/* /home/${GOGS_USERNAME}/gogs-repositories/
            else
                cp -r /root/tempgogsrepos/* /home/${GOGS_USERNAME}/gogs-repositories/
            fi
            # shellcheck disable=SC2181
            if [ ! "$?" = "0" ]; then
                exit 7649
            fi
            echo $"Restoring Gogs authorized_keys"
            restore_directory_from_friend /root/tempgogsssh gogsssh
            if [ ! -d /home/${GOGS_USERNAME}/.ssh ]; then
                mkdir /home/${GOGS_USERNAME}/.ssh
            fi
            if [ -d /root/tempgogsssh/home/${GOGS_USERNAME}/.ssh ]; then
                cp -r /root/tempgogsssh/home/${GOGS_USERNAME}/.ssh/* /home/${GOGS_USERNAME}/.ssh/
            else
                cp -r /root/tempgogsssh/* /home/${GOGS_USERNAME}/.ssh/
            fi
            # shellcheck disable=SC2181
            if [ ! "$?" = "0" ]; then
                exit 74239
            fi
            rm -rf /root/tempgogs
            rm -rf /root/tempgogsrepos
            rm -rf /root/tempgogsssh
            chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
            echo $"Restore of Gogs complete"
        fi

        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
        sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
        MARIADB_PASSWORD=
        systemctl restart gogs
    fi
}

function remove_gogs {
    if [ ${#GIT_DOMAIN_NAME} -eq 0 ]; then
        return
    fi
    systemctl stop gogs
    systemctl disable gogs

    nginx_dissite "${GIT_DOMAIN_NAME}"
    remove_certs "${GIT_DOMAIN_NAME}"
    if [ -d "/var/www/${GIT_DOMAIN_NAME}" ]; then
        rm -rf "/var/www/${GIT_DOMAIN_NAME}"
    fi
    if [ -f "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}" ]; then
        rm "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
    fi
    function_check drop_database
    drop_database gogs
    rm /etc/systemd/system/gogs.service
    systemctl daemon-reload
    rm -rf "/home/${GOGS_USERNAME:?}/"*
    remove_onion_service gogs ${GIT_ONION_PORT} 9418
    remove_completion_param "install_gogs"
    sed -i '/gogs /d' "$COMPLETION_FILE"
    remove_backup_database_local gogs

    groupdel -f gogs
    userdel -r gogs

    function_check remove_ddns_domain
    remove_ddns_domain "$GIT_DOMAIN_NAME"
}

function install_gogs {
    if [ ! "$GIT_DOMAIN_NAME" ]; then
        return
    fi

    adduser --disabled-login --gecos 'Gogs' $GOGS_USERNAME

    if [ ! -d /home/$GOGS_USERNAME ]; then
        echo $"/home/$GOGS_USERNAME directory not created"
        exit 783528
    fi

    groupadd gogs

    gogs_parameters

    if [ ! -d "${INSTALL_DIR}" ]; then
        mkdir -p "${INSTALL_DIR}"
    fi
    cd "${INSTALL_DIR}" || exit 24682467284
    if [ -d "$INSTALL_DIR/gogs" ]; then
        rm -rf "$INSTALL_DIR/gogs"
    fi
    GOGS_FILE="linux_${CURR_ARCH}.tar.gz"
    if [ ! -f ${GOGS_FILE} ]; then
        wget ${GOGS_BIN}
    fi
    if [ ! -f ${GOGS_FILE} ]; then
        GOGS_FILE=linux_${CURR_ARCH}.zip
        GOGS_BIN="https://github.com/gogits/gogs/releases/download/v${GOGS_VERSION}/${GOGS_FILE}"
        wget ${GOGS_BIN}
        if [ ! -f ${GOGS_FILE} ]; then
            exit 37836
        else
            apt-get -yq install unzip
            unzip -o ${GOGS_FILE}
        fi
    else
        tar -xzf "${INSTALL_DIR}/${GOGS_FILE}"
    fi
    if [ ! -d "${INSTALL_DIR}/gogs" ]; then
        exit 37823
    fi
    rm -rf "/home/${GOGS_USERNAME:?}/"*
    cp -r "${INSTALL_DIR}/gogs/"* "/home/${GOGS_USERNAME}"
    if [ -f ${GOGS_FILE} ]; then
        rm ${GOGS_FILE}
    fi

    if [ ! -f /home/${GOGS_USERNAME}/gogs ]; then
        echo 'Gogs binary not installed'
        exit 345562
    fi

    { echo "export GOROOT=/home/go";
      # shellcheck disable=SC2153
      echo "export GOPATH=\${GOROOT}/go${GO_VERSION}/bin";
      echo "export PATH=\$PATH:\$GOPATH"; } >> "/home/${GOGS_USERNAME}/.bashrc"
    chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}

    function_check install_mariadb
    install_mariadb

    function_check get_mariadb_password
    get_mariadb_password

    function_check gogs_create_database
    gogs_create_database

    if [ ! -f /home/${GOGS_USERNAME}/scripts/mysql.sql ]; then
        echo $'MySql template for Gogs was not found'
        exit 72528
    fi

    function_check initialise_database
    initialise_database gogs /home/${GOGS_USERNAME}/scripts/mysql.sql

    chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}

    { echo '[Unit]';
      echo 'Description=Gogs (Go Git Service)';
      echo 'After=syslog.target';
      echo 'After=network.target';
      echo 'After=mysqld.service';
      echo '';
      echo '[Service]';
      echo '#LimitMEMLOCK=infinity';
      echo '#LimitNOFILE=65535';
      echo 'Type=simple';
      echo 'User=gogs';
      echo 'Group=gogs';
      echo "WorkingDirectory=/home/${GOGS_USERNAME}";
      echo "ExecStart=/home/${GOGS_USERNAME}/gogs web";
      echo 'Restart=always';
      echo 'RestartSec=10';
      echo "Environment=\"USER=${GOGS_USERNAME}\" \"HOME=/home/${GOGS_USERNAME}\" \"GOPATH=/home/go/go${GO_VERSION}\"";
      echo '';
      echo '[Install]';
      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/gogs.service

    systemctl enable gogs
    systemctl daemon-reload
    systemctl start gogs

    if [ ! -d "/var/www/${GIT_DOMAIN_NAME}" ]; then
        mkdir "/var/www/${GIT_DOMAIN_NAME}"
    fi
    if [ -d "/var/www/${GIT_DOMAIN_NAME}/htdocs" ]; then
        rm -rf "/var/www/${GIT_DOMAIN_NAME}/htdocs"
    fi

    if [[ "${ONION_ONLY}" == "no" ]]; then
        function_check nginx_http_redirect
        nginx_http_redirect "${GIT_DOMAIN_NAME}"
        { echo 'server {';
          echo '    listen 443 ssl;';
          echo '    #listen [::]:443 ssl;';
          echo "    root /var/www/${GIT_DOMAIN_NAME}/htdocs;";
          echo "    server_name ${GIT_DOMAIN_NAME};";
          echo '    access_log /dev/null;';
          echo "    error_log /dev/null;";
          echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
        function_check nginx_ssl
        nginx_ssl "${GIT_DOMAIN_NAME}"
        function_check nginx_security_options
        nginx_security_options "${GIT_DOMAIN_NAME}"
        { echo '    add_header Strict-Transport-Security max-age=0;';
          echo '';
          echo '    location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
        function_check nginx_limits
        nginx_limits "${GIT_DOMAIN_NAME}" '10G'
        { echo "        proxy_pass http://localhost:${GOGS_PORT};";
          echo '    }';
          echo '';
          echo '    fastcgi_buffers 64 4K;';
          echo '';
          echo '    error_page 403 /core/templates/403.php;';
          echo '    error_page 404 /core/templates/404.php;';
          echo '';
          echo '    location = /robots.txt {';
          echo '        allow all;';
          echo '        log_not_found off;';
          echo '        access_log /dev/null;';
          echo '    }';
          echo '}';
          echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
    else
        echo -n '' > "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
    fi
    { echo 'server {';
      echo "    listen 127.0.0.1:${GIT_ONION_PORT} default_server;";
      echo "    root /var/www/$GIT_DOMAIN_NAME/htdocs;";
      echo "    server_name $GIT_DOMAIN_NAME;";
      echo '    access_log /dev/null;';
      echo "    error_log /dev/null;";
      echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
    function_check nginx_security_options
    nginx_security_options "${GIT_DOMAIN_NAME}"
    { echo '    add_header Strict-Transport-Security max-age=0;';
      echo '';
      echo '    location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
    function_check nginx_limits
    nginx_limits "${GIT_DOMAIN_NAME}" '10G'
    { echo "        proxy_pass http://localhost:${GOGS_PORT};";
      echo '    }';
      echo '';
      echo '    fastcgi_buffers 64 4K;';
      echo '';
      echo '    error_page 403 /core/templates/403.php;';
      echo '    error_page 404 /core/templates/404.php;';
      echo '';
      echo '    location = /robots.txt {';
      echo '        allow all;';
      echo '        log_not_found off;';
      echo '        access_log /dev/null;';
      echo '    }';
      echo '}'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"

    function_check configure_php
    configure_php

    function_check create_site_certificate
    create_site_certificate "${GIT_DOMAIN_NAME}" 'yes'

    nginx_ensite "${GIT_DOMAIN_NAME}"

    if [ ! -d /var/lib/tor ]; then
        echo $'No Tor installation found. Gogs onion site cannot be configured.'
        exit 877367
    fi
    if ! grep -q "hidden_service_gogs" "$ONION_SERVICES_FILE"; then
        { echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/';
          echo 'HiddenServiceVersion 3';
          echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}";
          echo "HiddenServicePort 9418 127.0.0.1:9418"; } >> "$ONION_SERVICES_FILE"
        echo $'Added onion site for Gogs'
    fi

    onion_update

    function_check wait_for_onion_service
    wait_for_onion_service 'gogs'

    GIT_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_gogs/hostname)

    systemctl restart mariadb
    systemctl restart php7.0-fpm
    systemctl restart nginx

    set_completion_param "gogs domain" "$GIT_DOMAIN_NAME"
    set_completion_param "gogs onion domain" "$GIT_ONION_HOSTNAME"

    function_check add_ddns_domain
    add_ddns_domain "${GIT_DOMAIN_NAME}"

    # obtain the secret key
    GOGS_SECRET_KEY="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a gogs -p "*"

    # create the configuration
    GOGS_CONFIG_PATH="/home/${GOGS_USERNAME}/custom/conf"
    if [ ! -d ${GOGS_CONFIG_PATH} ]; then
        mkdir -p ${GOGS_CONFIG_PATH}
    fi
    GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
    { echo "RUN_USER = $GOGS_USERNAME";
      echo 'RUN_MODE = prod';
      echo '';
      echo '[database]';
      echo 'DB_TYPE = mysql';
      echo 'HOST = 127.0.0.1:3306';
      echo 'NAME = gogs';
      echo 'USER = root';
      echo "PASSWD = $MARIADB_PASSWORD";
      echo 'SSL_MODE = disable';
      echo 'PATH = data/gogs.db';
      echo '';
      echo '[repository]';
      echo "ROOT = /home/$GOGS_USERNAME/gogs-repositories";
      echo '';
      echo '[server]'; } >> ${GOGS_CONFIG_FILE}
    if [[ ${ONION_ONLY} == 'no' ]]; then
        echo "DOMAIN = ${GIT_DOMAIN_NAME}" >> ${GOGS_CONFIG_FILE}
        echo "ROOT_URL = https://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
    else
        echo "DOMAIN = ${GIT_ONION_HOSTNAME}" >> ${GOGS_CONFIG_FILE}
        echo "ROOT_URL = http://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
    fi
    { echo "HTTP_PORT = ${GOGS_PORT}";
      echo "SSH_PORT = $SSH_PORT";
      echo 'SSH_DOMAIN = %(DOMAIN)s';
      echo "CERT_FILE = /etc/ssl/certs/${GIT_DOMAIN_NAME}.pem";
      echo "KEY_FILE = /etc/ssl/private/${GIT_DOMAIN_NAME}.key";
      echo 'DISABLE_ROUTER_LOG = true';
      echo '';
      echo '[session]';
      echo 'PROVIDER = file';
      echo '';
      echo '[log]';
      echo 'MODE = file';
      echo 'LEVEL = Info';
      echo '';
      echo '[security]';
      echo 'INSTALL_LOCK = true';
      echo "SECRET_KEY = $GOGS_SECRET_KEY";
      echo '';
      echo '[service]';
      echo 'DISABLE_REGISTRATION = false';
      echo 'SHOW_REGISTRATION_BUTTON = true';
      echo 'REQUIRE_SIGNIN_VIEW = false';
      echo 'ENABLE_CAPTCHA = false';
      echo '';
      echo '[other]';
      echo 'SHOW_FOOTER_BRANDING = false';
      echo 'SHOW_FOOTER_VERSION = false'; } >> ${GOGS_CONFIG_FILE}

    chmod 750 ${GOGS_CONFIG_FILE}
    chown -R "${GOGS_USERNAME}":"${GOGS_USERNAME}" "/home/${GOGS_USERNAME}"

    systemctl restart gogs

    if ! grep -q "gogs domain:" "${COMPLETION_FILE}"; then
        echo "gogs domain:${GIT_DOMAIN_NAME}" >> "${COMPLETION_FILE}"
    else
        sed -i "s|gogs domain.*|gogs domain:${GIT_DOMAIN_NAME}|g" "${COMPLETION_FILE}"
    fi

    function_check configure_firewall_for_git
    configure_firewall_for_git
    if ! grep -q "gogs version:" "${COMPLETION_FILE}"; then
        echo "gogs version:${GOGS_VERSION}" >> "${COMPLETION_FILE}"
    else
        sed -i "s|gogs version.*|gogs version:${GOGS_VERSION}|g" "${COMPLETION_FILE}"
    fi
    APP_INSTALLED=1
}

# NOTE: deliberately no exit 0