121 lines
3.3 KiB
Bash
121 lines
3.3 KiB
Bash
#!/hint/bash -euE
|
|
# Copyright (C) 2023 Umorpha Systems
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
load_module "$(dirname -- "${BASH_SOURCE[0]}")/base-sshd.sh"
|
|
load_module "$(dirname -- "${BASH_SOURCE[0]}")/base-nginx.sh"
|
|
|
|
packages+=(gitea)
|
|
|
|
post_install+=(20:gitea:post_install)
|
|
gitea:post_install() {
|
|
local arg_mountpoint=$1
|
|
|
|
cat >"$arg_mountpoint/etc/gitea/app.ini" <<-EOF
|
|
;; Base setup ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
[server]
|
|
PROTOCOL = http+unix
|
|
HTTP_ADDR = /run/gitea/http.sock
|
|
DOMAIN = git.mothstuff.lol
|
|
ROOT_URL = https://git.mothstuff.lol/
|
|
|
|
;; Database ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
[database]
|
|
;DB_TYPE = postgres
|
|
;HOST = /var/run/postgresql
|
|
;NAME = gitea
|
|
;USER = root
|
|
;SCHEMA =
|
|
|
|
DB_TYPE = sqlite3
|
|
|
|
;; Auth/Accounts ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
[service]
|
|
;DISABLE_REGISTRATION = true
|
|
|
|
[openid]
|
|
ENABLE_OPENID_SIGNIN = false
|
|
ENABLE_OPENID_SIGNUP = false
|
|
|
|
[oauth2_client]
|
|
ENABLE_AUTO_REGISTRATION = true
|
|
UPDATE_AVATAR = true
|
|
|
|
;; Other ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
[security]
|
|
INSTALL_LOCK = true
|
|
|
|
[log]
|
|
MODE = console
|
|
LEVEL = Info
|
|
|
|
[cront.update_checker]
|
|
ENABLED = false
|
|
|
|
;; Don't be an OAuth2 identity provider
|
|
[oauth2]
|
|
ENABLE = false
|
|
EOF
|
|
|
|
systemctl --root="$arg_mountpoint" enable gitea.service
|
|
|
|
install -Dm644 /dev/stdin "$arg_mountpoint/etc/ssh/sshd_config.d/91-gitea.conf" <<-EOF
|
|
AllowGroups gitea
|
|
EOF
|
|
|
|
install -Dm644 /dev/stdin "$arg_mountpoint/etc/nginx/sites/gitea.conf" <<-'EOF'
|
|
# -*- mode: nginx; nginx-indent-level: 4; intent-tabs-mode: nil -*-
|
|
server {
|
|
server_name git.mothstuff.lol;
|
|
include /etc/nginx/snippets/listen.conf;
|
|
|
|
location / {
|
|
client_max_body_size 512M;
|
|
proxy_pass http://unix:/run/gitea/http.sock;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
}
|
|
#location /user/login {
|
|
# return 302 /user/oauth2/Infomaniak;
|
|
#}
|
|
}
|
|
EOF
|
|
|
|
########################################################################
|
|
|
|
install -Dm755 /dev/stdin "$arg_mountpoint/etc/gitea/post-install" <<-'EOF'
|
|
#!/bin/sh
|
|
while ! gitea admin auth list | grep -q Infomaniak; do
|
|
gitea admin auth add-oauth \
|
|
--name=Infomaniak \
|
|
--provider=openidConnect \
|
|
--key="$(cat /etc/umorpha-secrets/gitea-infomaniak-clientid.txt)" \
|
|
--secret="$(cat /etc/umorpha-secrets/gitea-infomaniak-clientsecret.txt)" \
|
|
--auto-discover-url=https://login.infomaniak.com/.well-known/openid-configuration \
|
|
--icon-url=https://www.infomaniak.com/favicon.ico
|
|
done
|
|
EOF
|
|
|
|
install -Dm644 /dev/stdin "$arg_mountpoint/etc/systemd/system/gitea-init.service" <<-'EOF'
|
|
[Unit]
|
|
Description=Initialize Gitea configuration
|
|
Requires=gitea.service
|
|
After=gitea.service
|
|
ConditionPathExists=/etc/umorpha-secrets/gitea-infomaniak-clientid.txt
|
|
ConditionPathExists=/etc/umorpha-secrets/gitea-infomaniak-clientsecret.txt
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
User=gitea
|
|
Group=gitea
|
|
ExecStart=/etc/gitea/post-install
|
|
EOF
|
|
|
|
mkdir -p -- "$arg_mountpoint/etc/systemd/system/gitea.service.wants"
|
|
ln -s "../gitea-init.service" "$arg_mountpoint/etc/systemd/system/gitea.service.wants"
|
|
}
|