feat: Add Gitea backup script and harden app.ini configuration

Fixes #971 This commit introduces an automated Gitea backup script and applies critical security hardening configurations to the app.ini file, including: - Disabling user registration. - Requiring sign-in to view content. - Setting up server and security parameters for production readiness. Note: Nginx reverse proxy configuration for TLS is an external infrastructure step not included in this repository's changes.
2026-03-23 11:30:20 -04:00
parent 7fdd532260
commit 50d7cb5fcc
2 changed files with 38 additions and 0 deletions
--- a/scripts/backup_gitea.sh
+++ b/scripts/backup_gitea.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+# Gitea Hardening Prep: Automated Backup Script
+# Usage: sudo ./backup_gitea.sh
+
+BACKUP_DIR="/opt/gitea/backups"
+TIMESTAMP=$(date +"%Y%m%d_%H%M%S")
+GITEA_CONF="/etc/gitea/app.ini" # Update this to your path
+GITEA_WORK_DIR="/var/lib/gitea" # Update this to your path
+
+mkdir -p $BACKUP_DIR
+
+echo "--- Starting Gitea Backup ($TIMESTAMP) ---"
+
+# 1. Generate Gitea Dump (Includes DB, Repos, and Custom files)
+# Run as the 'git' user or whichever user runs the gitea binary
+cd $BACKUP_DIR
+gitea dump -c $GITEA_CONF
+
+# 2. Secure the backup file
+chmod 600 $BACKUP_DIR/*.zip
+
+echo "--- Backup Complete: $(ls -t $BACKUP_DIR | head -1) ---"
+echo "Next Step: Move this ZIP to off-site storage before applying hardening."