umorpha-boxes/modules/service-gitea.sh

128 lines
3.5 KiB
Bash
Raw Normal View History

2023-10-29 03:32:46 +00:00
#!/hint/bash -euE
2024-01-25 21:00:47 +00:00
# Copyright (C) 2023-2024 Umorpha Systems
2023-10-29 03:32:46 +00:00
# SPDX-License-Identifier: AGPL-3.0-or-later
load_module "$(dirname -- "${BASH_SOURCE[0]}")/base-sshd.sh"
load_module "$(dirname -- "${BASH_SOURCE[0]}")/base-nginx.sh"
packages+=(gitea)
2023-11-04 07:12:33 +00:00
post_install+=(20:gitea:post_install)
2023-10-29 03:32:46 +00:00
gitea:post_install() {
local arg_mountpoint=$1
cat >"$arg_mountpoint/etc/gitea/app.ini" <<-EOF
2023-12-11 18:01:33 +00:00
; Base setup ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2023-10-29 03:32:46 +00:00
[server]
PROTOCOL = http+unix
HTTP_ADDR = /run/gitea/http.sock
DOMAIN = git.mothstuff.lol
ROOT_URL = https://git.mothstuff.lol/
2023-12-11 18:01:33 +00:00
; Database ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2023-10-29 03:32:46 +00:00
[database]
2023-12-11 18:01:33 +00:00
; DB_TYPE = postgres
; HOST = /var/run/postgresql
; NAME = gitea
; USER = root
; SCHEMA =
2023-10-29 03:32:46 +00:00
DB_TYPE = sqlite3
2023-12-11 18:01:33 +00:00
; Auth/Accounts ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2023-10-29 03:32:46 +00:00
[service]
2023-12-11 18:01:33 +00:00
DISABLE_REGISTRATION = true
2023-10-29 03:32:46 +00:00
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
[oauth2_client]
ENABLE_AUTO_REGISTRATION = true
2023-12-11 18:01:33 +00:00
USERNAME = email
2023-10-29 03:32:46 +00:00
UPDATE_AVATAR = true
2023-12-11 18:01:33 +00:00
; Other ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2023-10-29 03:32:46 +00:00
[security]
INSTALL_LOCK = true
[log]
MODE = console
LEVEL = Info
2023-12-11 18:01:33 +00:00
[cron.update_checker]
2023-10-29 03:32:46 +00:00
ENABLED = false
2023-12-11 18:01:33 +00:00
; Don't be an OAuth2 identity provider
2023-10-29 03:32:46 +00:00
[oauth2]
ENABLE = false
EOF
systemctl --root="$arg_mountpoint" enable gitea.service
install -Dm644 /dev/stdin "$arg_mountpoint/etc/ssh/sshd_config.d/91-gitea.conf" <<-EOF
AllowGroups gitea
EOF
install -Dm644 /dev/stdin "$arg_mountpoint/etc/nginx/sites/gitea.conf" <<-'EOF'
# -*- mode: nginx; nginx-indent-level: 4; intent-tabs-mode: nil -*-
server {
server_name git.mothstuff.lol;
include /etc/nginx/snippets/listen.conf;
2024-01-25 10:27:59 +00:00
error_log /var/log/nginx/main-error.http.git.mothstuff.lol.log error;
2023-10-29 03:32:46 +00:00
location / {
client_max_body_size 512M;
proxy_pass http://unix:/run/gitea/http.sock;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
2023-12-11 18:01:33 +00:00
location /user/login {
return 302 /user/oauth2/Infomaniak;
}
2023-10-29 03:32:46 +00:00
}
EOF
2023-10-29 07:58:53 +00:00
########################################################################
2023-12-08 03:37:52 +00:00
install -Dm755 /dev/stdin "$arg_mountpoint/etc/gitea/post-install" <<-'EOF'
2023-12-11 18:01:33 +00:00
#!/usr/bin/env bash
args=(
--name=Infomaniak
--provider=openidConnect
--key="$(cat /etc/umorpha-secrets/gitea-infomaniak-clientid.txt)"
--secret="$(cat /etc/umorpha-secrets/gitea-infomaniak-clientsecret.txt)"
--scopes=email
--skip-local-2fa=true
--auto-discover-url=https://login.infomaniak.com/.well-known/openid-configuration
--icon-url=https://www.infomaniak.com/favicon.ico
)
id=$(gitea admin auth list | awk '/Infomaniak/{print $1}')
if [[ -z "$id" ]]; then
gitea admin auth add-oauth "${args[@]}"
else
gitea admin auth update-oauth --id="$id" "${args[@]}"
fi
EOF
2023-10-29 07:58:53 +00:00
2023-12-08 03:37:52 +00:00
install -Dm644 /dev/stdin "$arg_mountpoint/etc/systemd/system/gitea-init.service" <<-'EOF'
2023-11-14 00:28:24 +00:00
[Unit]
Description=Initialize Gitea configuration
Requires=gitea.service
After=gitea.service
2023-12-08 03:37:52 +00:00
ConditionPathExists=/etc/umorpha-secrets/gitea-infomaniak-clientid.txt
ConditionPathExists=/etc/umorpha-secrets/gitea-infomaniak-clientsecret.txt
2023-11-14 00:28:24 +00:00
[Service]
Type=oneshot
User=gitea
Group=gitea
2023-10-29 07:58:53 +00:00
ExecStart=/etc/gitea/post-install
EOF
2023-11-14 00:28:24 +00:00
mkdir -p -- "$arg_mountpoint/etc/systemd/system/gitea.service.wants"
ln -s "../gitea-init.service" "$arg_mountpoint/etc/systemd/system/gitea.service.wants"
2023-10-29 03:32:46 +00:00
}