fix: typo in file name

.gitea/workflows/cd.yaml

@@ -7,21 +7,15 @@ on:
 
 jobs:
   build_n_upload:
-    runs-on: linux
+    runs-on: self-hosted
     steps:
-      - name: Git checkout
+      - uses: actions/checkout@v6
-        uses: actions/checkout@v6
         with:
+          fetch-depth: 0
           fetch-tags: true
-      - name: Build tarball
+      - run: make tarball
-        run: make tarball
+      - run: rpmbuild -ba "$(make name).spec"
+      - run: make upload
         env:
-          GIT_REFERENCE: ${{ github.ref }}
+          PKG_TOKEN: ${{ secrets.PKG_TOKEN }}
-      - name: Build rpm package
-        run: rpmbuild -ba "$(make name).spec"
-      - name: Upload rpm package
-        run: make upload
-        env:
-          GIT_PACKAGES_USERNAME: ${{ vars.GIT_PACKAGES_USERNAME }}
-          GIT_PACKAGES_TOKEN: ${{ secrets.GIT_PACKAGES_TOKEN }}
 

.gitea/workflows/ci.yaml

@@ -7,15 +7,12 @@ on:
 
 jobs:
   lint_n_build:
-    runs-on: linux
+    runs-on: self-hosted 
     steps:
-      - name: Git checkout
+      - uses: actions/checkout@v6
-        uses: actions/checkout@v6
         with:
           fetch-depth: 0
           fetch-tags: true
-      - name: Build tarball
+      - run: shellcheck files/sbin/gitea_web_notify
-        run: make tarball
+      - run: make tarball
-      - name: Build rpm file
+      - run: rpmbuild -ba "$(make name).spec"
-        run: rpmbuild -ba "$(make name).spec"
-

Makefile

@@ -1,57 +1,90 @@
 NAME = netoik-git
 VERSION = $(shell git describe --abbrev=0)
 RELEASE = $(shell git rev-parse --short HEAD)
-REFERENCE = $(if $(GIT_REFERENCE),$(GIT_REFERENCE),$(shell git branch --show-current))
 ARCH = noarch
 OWNER = samuel
+SUMMARY = "Netoïk Git server"
+LICENSE = "MIT"
+URL = "https://git.netoik.io/$(OWNER)/$(NAME)"
+SOURCE0 = "$(NAME)-$(VERSION)-$(RELEASE).tar.gz"
 
 RPM_RPMDIR = $(shell rpm --eval '%{_rpmdir}')
 RPM_SBINDIR = $(shell rpm --eval '%{_sbindir}')
 RPM_SOURCEDIR = $(shell rpm --eval '%{_sourcedir}')
-RPM_SHAREDSTATEDIR = $(shell rpm --eval '%{_sharedstatedir}')
 RPM_SYSCONFDIR = $(shell rpm --eval '%{_sysconfdir}')
+RPM_TMPPATH = $(shell rpm --eval '%{_tmppath}')
 RPM_UNITDIR = $(shell rpm --eval '%{_unitdir}')
 
-RPM_TARBALL_PATH = $(RPM_SOURCEDIR)/$(NAME)-$(VERSION)-$(RELEASE).tar.gz
+RPM_TARBALL_PATH = $(RPM_SOURCEDIR)/$(SOURCE0)
-RPM_BUILD_PATH = $(RPM_RPMDIR)/$(BUILD_ARCH)/$(NAME)-$(VERSION)-$(RELEASE).$(BUILD_ARCH).rpm
+RPM_BUILD_PATH = $(RPM_RPMDIR)/$(ARCH)/$(NAME)-$(VERSION)-$(RELEASE).$(ARCH).rpm
+
+.PHONY: help
+help:
+	@grep -E '^[a-zA-Z0-9_-]+:.*?## .*' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
 
 .PHONY: name
-name:
+name:  ## Show project name
-	@echo $(NAME)
+	@echo "$(NAME)"
 
 .PHONY: version
-version:
+version:  ## Show current project version
-	@echo $(VERSION)
+	@echo "$(VERSION)"
 
 .PHONY: release
-release:
+release:  ## Show current project release
-	@echo $(RELEASE)
+	@echo "$(RELEASE)"
 
 .PHONY: arch
-arch:
+arch:  ## Show rpm arch target
-	@echo $(ARCH)
+	@echo "$(ARCH)"
 
 .PHONY: owner
-owner:
+owner:  ## Show project owner name
-	@echo $(OWNER)
+	@echo "$(OWNER)"
 
-.PHONY: install
+.PHONY: summary
-install:
+summary:  ## Show project summary
-	install --mode=755 --directory $(DESTDIR)$(RPM_SYSCONFDIR)/nginx/conf.d $(DESTDIR)$(RPM_SYSCONFDIR)/forgejo/conf $(DESTDIR)$(RPM_UNITDIR)/forgejo.service.d
+	@echo "$(SUMMARY)"
-	install --mode=644 --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/nginx/conf.d/ files/nginx/git.netoik.io.conf
+
-	install --mode=660 --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/forgejo/conf files/forgejo/netoik_app.ini
+.PHONY: license
-	install --mode=644 --target-directory=$(DESTDIR)$(RPM_UNITDIR)/forgejo.service.d files/systemd/forgejo.conf
+license:  ## Show project license
+	@echo "$(LICENSE)"
+
+.PHONY: url
+url:  ## Show project homepage URL
+	@echo "$(URL)"
+
+.PHONY: source0
+source0:  ## Show rpm source0 file name
+	@echo "$(SOURCE0)"
 
 $(RPM_TARBALL_PATH): *
 	git archive --format=tar.gz \
 	            --output="$@" \
 	            --prefix="$(NAME)-$(VERSION)/" \
 	            --verbose \
-	            "$(REFERENCE)"
+	            HEAD 
 
 .PHONY: tarball
-tarball: $(RPM_TARBALL_PATH)
+tarball: $(RPM_TARBALL_PATH)  ## Build rpm tarball
+
+.PHONY: install
+install:  ## Install files into rpm dest (requires env var DESTDIR)
+	@if [ -z "$(DESTDIR)" ]; then \
+		printf "[CRITICAL] Missing env var DESTDIR\n[CRITICAL] This command is designed to be called by rpmbuild only!\n" 1>&2; \
+		exit 1; \
+	fi
+	install --mode=755 --directory $(DESTDIR)$(RPM_SYSCONFDIR)/nginx/conf.d $(DESTDIR)$(RPM_SYSCONFDIR)/gitea $(DESTDIR)$(RPM_UNITDIR) $(DESTDIR)$(RPM_TMPPATH)/gitea_images $(DESTDIR)$(RPM_SBINDIR)
+	install --mode=644 --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/nginx/conf.d files/nginx/git.netoik.io.conf
+	install --mode=640 --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/gitea files/gitea/app.ini
+	install --mode=644 --target-directory=$(DESTDIR)$(RPM_UNITDIR) files/systemd/gitea.service files/systemd/actrunner@.service
+	install --mode=644 --target-directory=$(DESTDIR)$(RPM_TMPPATH)/gitea_images files/img/{favicon,logo}.{svg,png}
+	install --mode=755 --target-directory=$(DESTDIR)$(RPM_SBINDIR) files/sbin/gitea_web_notify
 
 .PHONY: upload
-upload:
+upload:  ## Upload rpm package to Gitea repository (requires env var PKG_TOKEN)
-	curl --fail-with-body --upload-file "$(RPM_BUILD_PATH)" --user "$(OWNER):$(GIT_PACKAGES_TOKEN)" https://git.netoik.io/api/packages/$(OWNER)/rpm/upload
+	@if [ -z "$(PKG_TOKEN)" ]; then \
+		printf "[CRITICAL] Missing env var PKG_TOKEN\n[CRITICAL] This command is designed to be called by Gitea Actions only!\n" 1>&2; \
+		exit 1; \
+	fi
+	curl --fail-with-body --upload-file "$(RPM_BUILD_PATH)" --user "$(OWNER):$(PKG_TOKEN)" https://git.netoik.io/api/packages/$(OWNER)/rpm/upload

README.md

@@ -1,3 +1,83 @@
-# Netoïk Git ![badge](https://git.netoik.io/samuel/netoik-git/actions/workflows/ci.yaml/badge.svg)
+# Netoïk Git Server ![badge](https://git.netoik.io/samuel/netoik-git/actions/workflows/ci.yaml/badge.svg)
+
+Build an RPM package which will install the Git server called Gitea with custom configuration.
+
+- listen on port 3000
+- reversed by nginx
+- rely on postgres for database
+- rely on valkey for cache
+
+
+# Development
+
+A `Makefile` is integrated to let you run some basic commands.
+
+- Display some information about the project
+  ```shell
+  make help
+  make name
+  make version
+  make release
+  make arch
+  ```
+
+- Build a tarball:
+  ```shell
+  make tarball
+  ```
+
+- Build an rpm package:
+  ```shell
+  rpmbuild -ba netoik-git.spec
+  ```
+
+- Upload rpm package to Gitea repository (env var `PKG_TOKEN` is required):
+  ```shell
+  make upload
+  ```
+
+
+# CI / CD
+
+Two workflows are set up.
+
+- Continuous Integration:
+  - triggered by each push event on branch `main`
+  - builds tarball
+  - builds rpm package
+
+- Continuous Delivery:
+  - triggered by each tag push event
+  - builds tarball
+  - builds rpm package
+  - uploads rpm package to repository
+
+
+# Deployment
+
+Some commands to deploy the RPM package on server
+
+- Add Gitea repo to your repo list:
+  ```shell
+  dnf config-manager --add-repo https://git.netoik.io/api/packages/samuel/rpm.repo
+  dnf repolist | grep gitea-samuel
+  ```
+
+- Show available versions:
+  ```shell
+  dnf search --showduplicates netoik-git
+  ```
+
+- Install or upgrade package:
+  ```shell
+  dnf --nogpgcheck --refresh --assumeyes --best install netoik-git
+  ```
+
+
+# Security Notes
+
+For security reasons, act runners does not have sudo privileges and so there is:
+- **no** Continuous Deployment because act runners cannot use `dnf`
+- **no** GPG signing because act runners cannot use `gpg`
+
 
-Build an RPM package which will install the Git UI server called Gitea.

files/gitea/app.ini

@@ -1,10 +1,13 @@
 # Do not edit this file unless you are aware about what you are doing!
 # See official doc here: https://docs.gitea.com/next/administration/config-cheat-sheet
 
-APP_NAME = Netoïk Git Server
+RUN_USER = gitea 
-RUN_USER = forgejo
 RUN_MODE = prod
-WORK_PATH = /var/lib/forgejo
+WORK_PATH = /var/lib/gitea
+
+[ui]
+THEMES=dark,light,auto
+DEFAULT_THEME=auto
 
 [server]
 DOMAIN = git.netoik.io
@@ -17,11 +20,24 @@ SSH_PORT = 22222
 [database]
 DB_TYPE = postgres
 HOST = /run/postgresql 
-NAME = forgejo
+NAME = gitea
-USER = forgejo
+USER = gitea
 
 [security]
 INSTALL_LOCK = true
+SECRET_KEY = $SECRET_KEY
+INTERNAL_TOKEN = $INTERNAL_TOKEN
 
 [service]
 DISABLE_REGISTRATION = true 
+
+[cache]
+ADAPTER = redis
+HOST = redis+socket:///run/valkey/valkey.sock
+
+[session]
+PROVIDER = redis
+PROVIDER_CONFIG = redis+socket:///run/valkey/valkey.sock
+
+[oauth2]
+JWT_SECRET = $JWT_SECRET

files/img/favicon.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="180" zoomAndPan="magnify" viewBox="0 0 135 135.000003" height="180" preserveAspectRatio="xMidYMid meet" version="1.0"><defs><g/><clipPath id="c8284118b8"><path d="M 0.496094 0 L 134.503906 0 L 134.503906 134.007812 L 0.496094 134.007812 Z M 0.496094 0 " clip-rule="nonzero"/></clipPath><clipPath id="7a25ccad2a"><path d="M 0.496094 11 L 87 11 L 87 114 L 0.496094 114 Z M 0.496094 11 " clip-rule="nonzero"/></clipPath><clipPath id="b80303876e"><rect x="0" width="135" y="0" height="135"/></clipPath></defs><g clip-path="url(#c8284118b8)"><g transform="matrix(1, 0, 0, 1, 0.000000000000000056, -0.000000000000003367)"><g clip-path="url(#b80303876e)"><g clip-path="url(#7a25ccad2a)"><g fill="#a6c6f7" fill-opacity="1"><g transform="translate(-8.941766, 113.113191)"><g><path d="M 95.3125 -3.65625 C 95.3125 -2.726562 94.988281 -1.882812 94.34375 -1.125 C 93.707031 -0.375 92.925781 0 92 0 L 70.5625 0 C 69.632812 0 68.820312 -0.375 68.125 -1.125 C 67.425781 -1.882812 67.078125 -2.726562 67.078125 -3.65625 L 67.078125 -64.984375 C 67.078125 -68.816406 66.492188 -71.953125 65.328125 -74.390625 C 64.171875 -76.835938 61.328125 -78.0625 56.796875 -78.0625 L 48.09375 -78.0625 C 43.5625 -78.0625 40.710938 -76.835938 39.546875 -74.390625 C 38.390625 -71.953125 37.8125 -68.816406 37.8125 -64.984375 L 37.8125 -3.65625 C 37.8125 -2.726562 37.460938 -1.882812 36.765625 -1.125 C 36.066406 -0.375 35.253906 0 34.328125 0 L 12.890625 0 C 11.960938 0 11.175781 -0.375 10.53125 -1.125 C 9.894531 -1.882812 9.578125 -2.726562 9.578125 -3.65625 L 9.578125 -64.984375 C 9.578125 -77.066406 12.859375 -86.128906 19.421875 -92.171875 C 25.984375 -98.210938 35.539062 -101.234375 48.09375 -101.234375 L 56.796875 -101.234375 C 69.347656 -101.234375 78.90625 -98.210938 85.46875 -92.171875 C 92.03125 -86.128906 95.3125 -77.066406 95.3125 -64.984375 Z M 95.3125 -3.65625 "/></g></g></g></g><g fill="#a6c6f7" fill-opacity="1"><g transform="translate(95.940777, 113.113191)"><g><path d="M 37.640625 -3.484375 C 37.640625 -2.554688 37.289062 -1.742188 36.59375 -1.046875 C 35.894531 -0.347656 35.082031 0 34.15625 0 L 13.765625 0 C 12.835938 0 11.992188 -0.347656 11.234375 -1.046875 C 10.484375 -1.742188 10.109375 -2.554688 10.109375 -3.484375 L 10.109375 -25.4375 C 10.109375 -26.363281 10.484375 -27.144531 11.234375 -27.78125 C 11.992188 -28.425781 12.835938 -28.75 13.765625 -28.75 L 34.15625 -28.75 C 35.082031 -28.75 35.894531 -28.425781 36.59375 -27.78125 C 37.289062 -27.144531 37.640625 -26.363281 37.640625 -25.4375 Z M 37.640625 -3.484375 "/></g></g></g></g></g></g></svg>

files/sbin/gitea_web_notify

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+# Display commands, exit on error and enable job control
+set -xem
+
+gitea web &
+until curl --fail --head http://localhost:3000
+do
+  sleep 1
+done
+systemd-notify --ready
+fg %1

files/systemd/actrunner@.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Gitea Actions runner #%i
+Documentation=https://gitea.com/gitea/act_runner
+After=gitea.service
+
+[Service]
+ExecStart=/usr/sbin/act_runner daemon
+ExecReload=/bin/kill -s HUP $MAINPID
+WorkingDirectory=/var/lib/actrunner%i
+TimeoutSec=0
+RestartSec=10
+Restart=always
+User=actrunner%i
+
+[Install]
+WantedBy=multi-user.target

files/systemd/forgejo.conf

@@ -1,3 +0,0 @@
-[Service]
-ExecStart=
-ExecStart=/usr/bin/forgejo web --config /etc/forgejo/conf/netoik_app.ini

files/systemd/gitea.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=Gitea (Git with a cup of tea)
+After=network.target postgresql.service valkey.service
+
+[Service]
+RestartSec=2s
+Type=notify
+User=gitea
+Group=gitea
+WorkingDirectory=/var/lib/gitea/
+Environment=GITEA_WORK_DIR=/var/lib/gitea
+ExecStart=/usr/sbin/gitea_web_notify
+Restart=always
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target

netoik-git.spec

@@ -3,17 +3,17 @@
 Name:           %(make name)
 Version:        %(make version)
 Release:        %(make release)
-Summary:        Netoik Reverse Proxy
+Summary:        %(make summary)
-License:        MIT
+License:        %(make license)
-URL:            https://git.netoik.io/%(make owner)/%(make name)
+URL:            %(make url)
 
-Source0:        %{name}-%{version}-%{release}.tar.gz
+Source0:        %(make source0)
 Buildarch:      %(make arch)
 BuildRequires:  make
-Requires:       netoik-rp netoik-db netoik-cache forgejo
+Requires:       netoik-rp netoik-db netoik-cache
 
 %description
-Install the Git UI server called Forgejo (fork of Gitea).
+Install the Git server called Gitea.
 
 %prep
 %autosetup -v
@@ -22,35 +22,134 @@ Install the Git UI server called Forgejo (fork of Gitea).
 %make_install
 
 %post
-# Change rights on config file
+# Display commands and exit on error
-chgrp forgejo %{_sysconfdir}/forgejo/conf/netoik_app.ini
+set -xe
 
-# Add user forgejo to db groups
+# Set environment variables
-usermod --groups postgres,valkey --append forgejo
+export ARCH=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/')
+export GITEA_BINARY=gitea-1.25.5-linux-$ARCH
+export GITEA_LUGIT_THEME=gitea-lugit-theme
+export GITEA_WORK_DIR=/var/lib/gitea
+export ACTRUNNER_BINARY=act_runner-0.3.0-linux-$ARCH
+
+# Create gitea user
+if ! id gitea >/dev/null 2>&1; then
+  useradd --base-dir %{_sharedstatedir} --create-home --shell $SHELL --system gitea
+fi
+runuser --user=gitea -- mkdir --parents %{_sharedstatedir}/gitea/{custom,data,log} %{_sharedstatedir}/gitea/custom/conf
+runuser --user=gitea -- ln --symbolic --force %{_sysconfdir}/gitea/app.ini %{_sharedstatedir}/gitea/custom/conf/app.ini
+usermod --groups postgres,valkey --append gitea
+printf 'export GITEA_WORK_DIR=%{_sharedstatedir}/gitea\n' >> %{_sharedstatedir}/gitea/.bash_profile
+
+# Download and install gitea binary
+wget --output-document $GITEA_BINARY https://dl.gitea.com/gitea/1.25.5/$GITEA_BINARY
+wget --output-document $GITEA_BINARY.asc https://dl.gitea.com/gitea/1.25.5/$GITEA_BINARY.asc
+gpg --keyserver hkps://keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
+gpg --verify $GITEA_BINARY.asc $GITEA_BINARY
+rm $GITEA_BINARY.asc
+chmod 755 $GITEA_BINARY
+mv $GITEA_BINARY %{_sbindir}/gitea
+
+# Replace secrets in app.ini
+export INTERNAL_TOKEN=$(runuser --user=gitea -- gitea generate secret INTERNAL_TOKEN)
+export JWT_SECRET=$(runuser --user=gitea -- gitea generate secret JWT_SECRET)
+export SECRET_KEY=$(runuser --user=gitea -- gitea generate secret SECRET_KEY)
+envsubst < %{_sysconfdir}/gitea/app.ini > %{_sysconfdir}/gitea/.app.ini.new
+mv %{_sysconfdir}/gitea/.app.ini.new %{_sysconfdir}/gitea/app.ini
+chmod 640 %{_sysconfdir}/gitea/app.ini
+chown root:gitea %{_sysconfdir}/gitea/app.ini
+
+# Add lugit theme
+wget --output-document %{_tmppath}/$GITEA_LUGIT_THEME.tar.gz https://github.com/lucas-labs/gitea-lugit-theme/releases/download/v1.0.1/$GITEA_LUGIT_THEME.tar.gz
+runuser --user=gitea -- tar --extract --gzip --overwrite --directory=%{_sharedstatedir}/gitea/custom --file %{_tmppath}/$GITEA_LUGIT_THEME.tar.gz
+rm %{_tmppath}/$GITEA_LUGIT_THEME.tar.gz
+runuser --user=gitea -- cp %{_tmppath}/gitea_images/* %{_sharedstatedir}/gitea/custom/public/assets/img
 
 # Create postgres user and db
-if ! runuser --user=postgres -- psql --quiet --tuples-only --command='\du' | grep --quiet forgejo; then
+if ! runuser --user=postgres -- psql --quiet --tuples-only --command='\du' | grep --quiet gitea; then
-  runuser --user=postgres -- createuser forgejo
+  runuser --user=postgres -- createuser gitea
-  runuser --user=postgres -- createdb --owner=forgejo forgejo
+fi
+if ! runuser --user=postgres -- psql --quiet --tuples-only --command='\l' | grep --quiet gitea; then
+  runuser --user=postgres -- createdb --owner=gitea gitea
+  runuser --user=gitea -- gitea migrate
 fi
 
 # Create admin user
-if ! runuser --user=forgejo -- forgejo --config %{_sysconfdir}/forgejo/conf/netoik_app.ini admin user list | grep samuel; then
+if ! runuser --user=gitea -- gitea admin user list | grep --quiet samuel; then
-  runuser --user=forgejo -- forgejo --config %{_sysconfdir}/forgejo/conf/netoik_app.ini admin user create --username samuel --email "samuel.campos@netoik.io" --admin --random-password --random-password-length 30 --fullname "Samuel Campos"
+  runuser --user=gitea -- gitea admin user create --username samuel --email "samuel.campos@netoik.io" --admin --random-password --random-password-length 30 --fullname "Samuel Campos"
+  runuser --user=gitea -- gitea admin user must-change-password samuel
 fi
 
-# Restart forgejo and nginx services
+# Download and install act_runner binary
+wget --output-document $ACTRUNNER_BINARY.xz https://gitea.com/gitea/act_runner/releases/download/v0.3.0/$ACTRUNNER_BINARY.xz
+wget --output-document $ACTRUNNER_BINARY.xz.sha256 https://gitea.com/gitea/act_runner/releases/download/v0.3.0/$ACTRUNNER_BINARY.xz.sha256
+cat $ACTRUNNER_BINARY.xz.sha256 | sha256sum --check --status
+rm $ACTRUNNER_BINARY.xz.sha256
+unxz $ACTRUNNER_BINARY.xz
+chmod 755 $ACTRUNNER_BINARY
+mv $ACTRUNNER_BINARY %{_sbindir}/act_runner
+
+# Restart gitea and nginx services
 systemctl daemon-reload
-systemctl reenable forgejo.service
+systemctl reenable gitea.service
-systemctl restart forgejo.service
+systemctl restart gitea.service nginx.service
-systemctl restart nginx.service
+
+# Create 4 actrunner users
+export ACTRUNNER_TOKEN=$(runuser --user=gitea -- gitea actions generate-runner-token)
+for i in $(seq 1 4); do
+  if ! id actrunner$i >/dev/null 2>&1; then
+    useradd --base-dir %{_sharedstatedir} --create-home --shell $SHELL --system actrunner$i
+  fi
+  runuser --user=actrunner$i -- rpmdev-setuptree
+  printf "runner:\n  file: %{_sharedstatedir}/actrunner$i/.runner\n" > %{_sharedstatedir}/actrunner$i/config.yaml
+  runuser --user=actrunner$i -- act_runner --config %{_sharedstatedir}/actrunner$i/config.yaml register --instance http://127.0.0.1:3000 --labels self-hosted --name actrunner$i --no-interactive --token $ACTRUNNER_TOKEN
+  systemctl reenable actrunner@$i.service
+  systemctl restart actrunner@$i.service
+done
+
+%postun
+# Display commands and exit on error
+set -xe
+
+# If uninstalling, then delete users and db
+if [ $1 == 0 ]; then
+	# Remove gitea user if existing
+	if id gitea >/dev/null 2>&1; then
+  	userdel --force --remove gitea
+	fi
+
+	# Remove gitea database if existing
+	if runuser --user=postgres -- psql --quiet --tuples-only --command='\l' | grep --quiet gitea; then
+  	runuser --user=postgres -- dropdb gitea
+	fi
+	if runuser --user=postgres -- psql --quiet --tuples-only --command='\du' | grep --quiet gitea; then
+		runuser --user=postgres -- dropuser gitea
+	fi
+
+	# Remove actrunner users if existing
+  for i in $(seq 1 4); do
+		if id actrunner$i >/dev/null 2>&1; then
+   		userdel --force --remove actrunner$i
+		fi
+  done
+fi
 
 %files
-%attr(660, root, -) %{_sysconfdir}/forgejo/conf/netoik_app.ini
+%dir %attr(755, root, root) %{_sysconfdir}/gitea
+%attr(640, root, -) %{_sysconfdir}/gitea/app.ini
+
 %attr(644, root, root) %{_sysconfdir}/nginx/conf.d/git.netoik.io.conf
 
-%dir %attr(755, root, root) %{_unitdir}/forgejo.service.d
+%attr(644, root, root) %{_unitdir}/gitea.service
-%attr(644, root, root) %{_unitdir}/forgejo.service.d/forgejo.conf
+%attr(644, root, root) %{_unitdir}/actrunner@.service
+
+%ghost %attr(755, root, root) %{_sbindir}/gitea
+%ghost %attr(755, root, root) %{_sbindir}/act_runner
+
+%dir %attr(755, root, root) %{_tmppath}/gitea_images
+%attr(644, root, root) %{_tmppath}/gitea_images/{favicon,logo}.{png,svg}
+
+%attr(755, root, root) %{_sbindir}/gitea_web_notify
 
 %changelog
 %autochangelog