#!/hint/bash -euE # Copyright (C) 2023 Umorpha Systems # SPDX-License-Identifier: AGPL-3.0-or-later load_module "$(dirname -- "${BASH_SOURCE[0]}")/base-sshd.sh" load_module "$(dirname -- "${BASH_SOURCE[0]}")/base-nginx.sh" packages+=(gitea) post_install+=(20:gitea:post_install) gitea:post_install() { local arg_mountpoint=$1 cat >"$arg_mountpoint/etc/gitea/app.ini" <<-EOF ; Base setup ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; [server] PROTOCOL = http+unix HTTP_ADDR = /run/gitea/http.sock DOMAIN = git.mothstuff.lol ROOT_URL = https://git.mothstuff.lol/ ; Database ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; [database] ; DB_TYPE = postgres ; HOST = /var/run/postgresql ; NAME = gitea ; USER = root ; SCHEMA = DB_TYPE = sqlite3 ; Auth/Accounts ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; [service] DISABLE_REGISTRATION = true [openid] ENABLE_OPENID_SIGNIN = false ENABLE_OPENID_SIGNUP = false [oauth2_client] ENABLE_AUTO_REGISTRATION = true USERNAME = email UPDATE_AVATAR = true ; Other ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; [security] INSTALL_LOCK = true [log] MODE = console LEVEL = Info [cron.update_checker] ENABLED = false ; Don't be an OAuth2 identity provider [oauth2] ENABLE = false EOF systemctl --root="$arg_mountpoint" enable gitea.service install -Dm644 /dev/stdin "$arg_mountpoint/etc/ssh/sshd_config.d/91-gitea.conf" <<-EOF AllowGroups gitea EOF install -Dm644 /dev/stdin "$arg_mountpoint/etc/nginx/sites/gitea.conf" <<-'EOF' # -*- mode: nginx; nginx-indent-level: 4; intent-tabs-mode: nil -*- server { server_name git.mothstuff.lol; include /etc/nginx/snippets/listen.conf; location / { client_max_body_size 512M; proxy_pass http://unix:/run/gitea/http.sock; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /user/login { return 302 /user/oauth2/Infomaniak; } } EOF ######################################################################## install -Dm755 /dev/stdin "$arg_mountpoint/etc/gitea/post-install" <<-'EOF' #!/usr/bin/env bash args=( --name=Infomaniak --provider=openidConnect --key="$(cat /etc/umorpha-secrets/gitea-infomaniak-clientid.txt)" --secret="$(cat /etc/umorpha-secrets/gitea-infomaniak-clientsecret.txt)" --scopes=email --skip-local-2fa=true --auto-discover-url=https://login.infomaniak.com/.well-known/openid-configuration --icon-url=https://www.infomaniak.com/favicon.ico ) id=$(gitea admin auth list | awk '/Infomaniak/{print $1}') if [[ -z "$id" ]]; then gitea admin auth add-oauth "${args[@]}" else gitea admin auth update-oauth --id="$id" "${args[@]}" fi EOF install -Dm644 /dev/stdin "$arg_mountpoint/etc/systemd/system/gitea-init.service" <<-'EOF' [Unit] Description=Initialize Gitea configuration Requires=gitea.service After=gitea.service ConditionPathExists=/etc/umorpha-secrets/gitea-infomaniak-clientid.txt ConditionPathExists=/etc/umorpha-secrets/gitea-infomaniak-clientsecret.txt [Service] Type=oneshot User=gitea Group=gitea ExecStart=/etc/gitea/post-install EOF mkdir -p -- "$arg_mountpoint/etc/systemd/system/gitea.service.wants" ln -s "../gitea-init.service" "$arg_mountpoint/etc/systemd/system/gitea.service.wants" }