#!/hint/bash -euE # Copyright (C) 2023 Umorpha Systems # SPDX-License-Identifier: AGPL-3.0-or-later load_module "$(dirname -- "${BASH_SOURCE[0]}")/base-sshd.sh" load_module "$(dirname -- "${BASH_SOURCE[0]}")/base-nginx.sh" packages+=(gitea) post_install+=(01:gitea:post_install) gitea:post_install() { local arg_mountpoint=$1 cat >"$arg_mountpoint/etc/gitea/app.ini" <<-EOF ;; Base setup ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; [server] PROTOCOL = http+unix HTTP_ADDR = /run/gitea/http.sock DOMAIN = git.mothstuff.lol ROOT_URL = https://git.mothstuff.lol/ ;; Database ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; [database] ;DB_TYPE = postgres ;HOST = /var/run/postgresql ;NAME = gitea ;USER = root ;SCHEMA = DB_TYPE = sqlite3 ;; Auth/Accounts ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; [service] ;DISABLE_REGISTRATION = true [openid] ENABLE_OPENID_SIGNIN = false ENABLE_OPENID_SIGNUP = false [oauth2_client] ENABLE_AUTO_REGISTRATION = true UPDATE_AVATAR = true ;; Other ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; [security] INSTALL_LOCK = true [log] MODE = console LEVEL = Info [cront.update_checker] ENABLED = false ;; Don't be an OAuth2 identity provider [oauth2] ENABLE = false EOF mydir="$(dirname -- "${BASH_SOURCE[0]}")" local infomaniak_config read -r infomaniak_config < <(jq -r tostring <<-EOF { "Provider": "openidConnect", "ClientID": "$(cat ${mydir}/../secrets/gitea-infomaniak-clientid.txt)", "ClientSecret": "$(cat ${mydir}/../secrets/gitea-infomaniak-clientsecret.txt)", "OpenIDConnectAutoDiscoveryURL": "https://login.infomaniak.com/.well-known/openid-configuration", "CustomURLMapping": null, "IconURL": "https://www.infomaniak.com/favicon.ico", "Scopes": null, "RequiredClaimName": "", "RequiredClaimValue": "", "GroupClaimName": "", "AdminGroup": "", "GroupTeamMap": "", "GroupTeamMapRemoval": false, "RestrictedGroup": "" } EOF ) # (id,type,name,is_active,is_sync_enabled,cfg,created_unix,updated_unix) #echo "INSERT INTO login_source VALUES(2,6,'Infomaniak',1,1,'${infomaniak_config}',1698546767,1698547012);" systemctl --root="$arg_mountpoint" enable gitea.service install -Dm644 /dev/stdin "$arg_mountpoint/etc/ssh/sshd_config.d/91-gitea.conf" <<-EOF AllowGroups gitea EOF install -Dm644 /dev/stdin "$arg_mountpoint/etc/nginx/sites/gitea.conf" <<-'EOF' # -*- mode: nginx; nginx-indent-level: 4; intent-tabs-mode: nil -*- server { server_name git.mothstuff.lol; include /etc/nginx/snippets/listen.conf; location / { client_max_body_size 512M; proxy_pass http://unix:/run/gitea/http.sock; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } #location /user/login { # return 302 /user/oauth2/Infomaniak; #} } EOF }