#!/hint/bash -euE # Copyright (C) 2023 Umorpha Systems # SPDX-License-Identifier: AGPL-3.0-or-later load_module "$(dirname -- "${BASH_SOURCE[0]}")/base-sshd.sh" load_module "$(dirname -- "${BASH_SOURCE[0]}")/base-nginx.sh" packages+=(gitea) post_install+=(20:gitea:post_install) gitea:post_install() { local arg_mountpoint=$1 cat >"$arg_mountpoint/etc/gitea/app.ini" <<-EOF ;; Base setup ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; [server] PROTOCOL = http+unix HTTP_ADDR = /run/gitea/http.sock DOMAIN = git.mothstuff.lol ROOT_URL = https://git.mothstuff.lol/ ;; Database ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; [database] ;DB_TYPE = postgres ;HOST = /var/run/postgresql ;NAME = gitea ;USER = root ;SCHEMA = DB_TYPE = sqlite3 ;; Auth/Accounts ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; [service] ;DISABLE_REGISTRATION = true [openid] ENABLE_OPENID_SIGNIN = false ENABLE_OPENID_SIGNUP = false [oauth2_client] ENABLE_AUTO_REGISTRATION = true UPDATE_AVATAR = true ;; Other ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; [security] INSTALL_LOCK = true [log] MODE = console LEVEL = Info [cront.update_checker] ENABLED = false ;; Don't be an OAuth2 identity provider [oauth2] ENABLE = false EOF systemctl --root="$arg_mountpoint" enable gitea.service install -Dm644 /dev/stdin "$arg_mountpoint/etc/ssh/sshd_config.d/91-gitea.conf" <<-EOF AllowGroups gitea EOF install -Dm644 /dev/stdin "$arg_mountpoint/etc/nginx/sites/gitea.conf" <<-'EOF' # -*- mode: nginx; nginx-indent-level: 4; intent-tabs-mode: nil -*- server { server_name git.mothstuff.lol; include /etc/nginx/snippets/listen.conf; location / { client_max_body_size 512M; proxy_pass http://unix:/run/gitea/http.sock; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } #location /user/login { # return 302 /user/oauth2/Infomaniak; #} } EOF ######################################################################## install -Dm670 --owner=root --group=gitea /dev/stdin "$arg_mountpoint/etc/gitea/post-install" <<-EOF #!/bin/sh while ! gitea admin auth list | grep -q Infomaniak; do gitea admin auth add-oauth \\ --name=Infomaniak \\ --provider=openidConnect \\ --key=@CLIENT_ID@ \\ --secret=@CLIENT_SECRET@ \\ --auto-discover-url=https://login.infomaniak.com/.well-known/openid-configuration \\ --icon-url=https://www.infomaniak.com/favicon.ico done EOF install -Dm644 /dev/stdin "$arg_mountpoint/etc/systemd/system/gitea-init.service" <<-EOF [Unit] Description=Initialize Gitea configuration Requires=gitea.service After=gitea.service [Service] Type=oneshot User=gitea Group=gitea ExecStart=/etc/gitea/post-install EOF mkdir -p -- "$arg_mountpoint/etc/systemd/system/gitea.service.wants" ln -s "../gitea-init.service" "$arg_mountpoint/etc/systemd/system/gitea.service.wants" }