#!/hint/bash -euE
# Copyright (C) 2023  Umorpha Systems
# SPDX-License-Identifier: AGPL-3.0-or-later

load_module "$(dirname -- "${BASH_SOURCE[0]}")/base-sshd.sh"
load_module "$(dirname -- "${BASH_SOURCE[0]}")/base-nginx.sh"

packages+=(gitea)

post_install+=(01:gitea:post_install)
gitea:post_install() {
	local arg_mountpoint=$1

	cat >"$arg_mountpoint/etc/gitea/app.ini" <<-EOF
		;; Base setup ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
		[server]
		PROTOCOL = http+unix
		HTTP_ADDR = /run/gitea/http.sock
		DOMAIN = git.mothstuff.lol
		ROOT_URL = https://git.mothstuff.lol/

		;; Database ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
		[database]
		;DB_TYPE = postgres
		;HOST = /var/run/postgresql
		;NAME = gitea
		;USER = root
		;SCHEMA =

		DB_TYPE = sqlite3

		;; Auth/Accounts ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
		[service]
		;DISABLE_REGISTRATION = true

		[openid]
		ENABLE_OPENID_SIGNIN = false
		ENABLE_OPENID_SIGNUP = false

		[oauth2_client]
		ENABLE_AUTO_REGISTRATION = true
		UPDATE_AVATAR = true

		;; Other ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

		[security]
		INSTALL_LOCK = true

		[log]
		MODE = console
		LEVEL = Info

		[cront.update_checker]
		ENABLED = false

		;; Don't be an OAuth2 identity provider
		[oauth2]
		ENABLE = false
	EOF

	systemctl --root="$arg_mountpoint" enable gitea.service

	install -Dm644 /dev/stdin "$arg_mountpoint/etc/ssh/sshd_config.d/91-gitea.conf" <<-EOF
		AllowGroups gitea
	EOF

	install -Dm644 /dev/stdin "$arg_mountpoint/etc/nginx/sites/gitea.conf" <<-'EOF'
		# -*- mode: nginx; nginx-indent-level: 4; intent-tabs-mode: nil -*-
		server {
		    server_name git.mothstuff.lol;
		    include /etc/nginx/snippets/listen.conf;

		    location / {
		        client_max_body_size 512M;
		        proxy_pass http://unix:/run/gitea/http.sock;
		        proxy_set_header Host $host;
		        proxy_set_header X-Real-IP $remote_addr;
		        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		        proxy_set_header X-Forwarded-Proto $scheme;

		    }
		    #location /user/login {
		    #    return 302 /user/oauth2/Infomaniak;
		    #}
		}
	EOF

	########################################################################

	mydir="$(dirname -- "${BASH_SOURCE[0]}")"
	cat >"$arg_mountpoint/etc/gitea/post-install" <<-EOF
		#!/bin/sh
		while ! gitea admin auth list | grep -q Infomaniak; do 
		    gitea admin auth add-oauth \
		      --name=Infomaniak \
		      --provider=openidConnect \
		      --key=$(cat ${mydir}/../secrets/gitea-infomaniak-clientid.txt) \
		      --secret=$(cat ${mydir}/../secrets/gitea-infomaniak-clientsecret.txt) \
		      --auto-discover-url=https://login.infomaniak.com/.well-known/openid-configuration \
		      --icon-url=https://www.infomaniak.com/favicon.ico
		done
	EOF
	
	cat >"$arg_mountpoint/etc/tmpfiles.d/gitea-init.conf" <<-EOF
		z /etc/gitea/post-install 0670 root gitea
	EOF

	cat >"$arg_mountpoint/etc/systemd/system/gitea.service.d/init.conf" <<-EOF
		ExecStart=/etc/gitea/post-install
	EOF
}