128 lines
3.5 KiB
Bash
128 lines
3.5 KiB
Bash
#!/hint/bash -euE
|
|
# Copyright (C) 2023-2024 Umorpha Systems
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
load_module "$(dirname -- "${BASH_SOURCE[0]}")/base-sshd.sh"
|
|
load_module "$(dirname -- "${BASH_SOURCE[0]}")/base-nginx.sh"
|
|
|
|
packages+=(gitea)
|
|
|
|
post_install+=(20:gitea:post_install)
|
|
gitea:post_install() {
|
|
local arg_mountpoint=$1
|
|
|
|
cat >"$arg_mountpoint/etc/gitea/app.ini" <<-EOF
|
|
; Base setup ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
[server]
|
|
PROTOCOL = http+unix
|
|
HTTP_ADDR = /run/gitea/http.sock
|
|
DOMAIN = git.mothstuff.lol
|
|
ROOT_URL = https://git.mothstuff.lol/
|
|
|
|
; Database ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
[database]
|
|
; DB_TYPE = postgres
|
|
; HOST = /var/run/postgresql
|
|
; NAME = gitea
|
|
; USER = root
|
|
; SCHEMA =
|
|
DB_TYPE = sqlite3
|
|
|
|
; Auth/Accounts ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
[service]
|
|
DISABLE_REGISTRATION = true
|
|
|
|
[openid]
|
|
ENABLE_OPENID_SIGNIN = false
|
|
ENABLE_OPENID_SIGNUP = false
|
|
|
|
[oauth2_client]
|
|
ENABLE_AUTO_REGISTRATION = true
|
|
USERNAME = email
|
|
UPDATE_AVATAR = true
|
|
|
|
; Other ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
[security]
|
|
INSTALL_LOCK = true
|
|
|
|
[log]
|
|
MODE = console
|
|
LEVEL = Info
|
|
|
|
[cron.update_checker]
|
|
ENABLED = false
|
|
|
|
; Don't be an OAuth2 identity provider
|
|
[oauth2]
|
|
ENABLE = false
|
|
EOF
|
|
|
|
systemctl --root="$arg_mountpoint" enable gitea.service
|
|
|
|
install -Dm644 /dev/stdin "$arg_mountpoint/etc/ssh/sshd_config.d/91-gitea.conf" <<-EOF
|
|
AllowGroups gitea
|
|
EOF
|
|
|
|
install -Dm644 /dev/stdin "$arg_mountpoint/etc/nginx/sites/gitea.conf" <<-'EOF'
|
|
# -*- mode: nginx; nginx-indent-level: 4; intent-tabs-mode: nil -*-
|
|
server {
|
|
server_name git.mothstuff.lol;
|
|
include /etc/nginx/snippets/listen.conf;
|
|
error_log /var/log/nginx/main-error.http.git.mothstuff.lol.log error;
|
|
|
|
location / {
|
|
client_max_body_size 512M;
|
|
proxy_pass http://unix:/run/gitea/http.sock;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
}
|
|
location /user/login {
|
|
return 302 /user/oauth2/Infomaniak;
|
|
}
|
|
}
|
|
EOF
|
|
|
|
########################################################################
|
|
|
|
install -Dm755 /dev/stdin "$arg_mountpoint/etc/gitea/post-install" <<-'EOF'
|
|
#!/usr/bin/env bash
|
|
args=(
|
|
--name=Infomaniak
|
|
--provider=openidConnect
|
|
--key="$(cat /etc/umorpha-secrets/gitea-infomaniak-clientid.txt)"
|
|
--secret="$(cat /etc/umorpha-secrets/gitea-infomaniak-clientsecret.txt)"
|
|
--scopes=email
|
|
--skip-local-2fa=true
|
|
--auto-discover-url=https://login.infomaniak.com/.well-known/openid-configuration
|
|
--icon-url=https://www.infomaniak.com/favicon.ico
|
|
)
|
|
id=$(gitea admin auth list | awk '/Infomaniak/{print $1}')
|
|
if [[ -z "$id" ]]; then
|
|
gitea admin auth add-oauth "${args[@]}"
|
|
else
|
|
gitea admin auth update-oauth --id="$id" "${args[@]}"
|
|
fi
|
|
EOF
|
|
|
|
install -Dm644 /dev/stdin "$arg_mountpoint/etc/systemd/system/gitea-init.service" <<-'EOF'
|
|
[Unit]
|
|
Description=Initialize Gitea configuration
|
|
Requires=gitea.service
|
|
After=gitea.service
|
|
ConditionPathExists=/etc/umorpha-secrets/gitea-infomaniak-clientid.txt
|
|
ConditionPathExists=/etc/umorpha-secrets/gitea-infomaniak-clientsecret.txt
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
User=gitea
|
|
Group=gitea
|
|
ExecStart=/etc/gitea/post-install
|
|
EOF
|
|
|
|
mkdir -p -- "$arg_mountpoint/etc/systemd/system/gitea.service.wants"
|
|
ln -s "../gitea-init.service" "$arg_mountpoint/etc/systemd/system/gitea.service.wants"
|
|
}
|