umorpha-boxes/modules/service-gitea.sh

112 lines
2.9 KiB
Bash

#!/hint/bash -euE
# Copyright (C) 2023 Umorpha Systems
# SPDX-License-Identifier: AGPL-3.0-or-later
load_module "$(dirname -- "${BASH_SOURCE[0]}")/base-sshd.sh"
load_module "$(dirname -- "${BASH_SOURCE[0]}")/base-nginx.sh"
packages+=(gitea)
post_install+=(01:gitea:post_install)
gitea:post_install() {
local arg_mountpoint=$1
cat >"$arg_mountpoint/etc/gitea/app.ini" <<-EOF
;; Base setup ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[server]
PROTOCOL = http+unix
HTTP_ADDR = /run/gitea/http.sock
DOMAIN = git.mothstuff.lol
ROOT_URL = https://git.mothstuff.lol/
;; Database ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[database]
;DB_TYPE = postgres
;HOST = /var/run/postgresql
;NAME = gitea
;USER = root
;SCHEMA =
DB_TYPE = sqlite3
;; Auth/Accounts ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[service]
DISABLE_REGISTRATION = true
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
[oauth2_client]
ENABLE_AUTO_REGISTRATION = true
UPDATE_AVATAR = true
;; Other ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[security]
INSTALL_LOCK = true
[log]
MODE = console
LEVEL = Info
[cront.update_checker]
ENABLED = false
;; Don't be an OAuth2 identity provider
[oauth2]
ENABLE = false
EOF
local infomaniak_config
read -r infomaniak_config < <(jq -r tostring <<-EOF
{
"Provider": "openidConnect",
"ClientID": "$(cat "$(dirname -- "${BASH_SOURCE[0]}")/secrets/gitea-infomaniak-clientid.txt)"
"ClientSecret": "$(cat "$(dirname -- "${BASH_SOURCE[0]}")/secrets/gitea-infomaniak-clientsecret.txt)"
"OpenIDConnectAutoDiscoveryURL": "https://login.infomaniak.com/.well-known/openid-configuration",
"CustomURLMapping": null,
"IconURL": "https://www.infomaniak.com/favicon.ico",
"Scopes": null,
"RequiredClaimName": "",
"RequiredClaimValue": "",
"GroupClaimName": "",
"AdminGroup": "",
"GroupTeamMap": "",
"GroupTeamMapRemoval": false,
"RestrictedGroup": ""
}
EOF
)
echo "INSERT INTO login_source VALUES(2,6,'Infomaniak',1,1,'${infomaniak_config}',1698546767,1698547012);"
systemctl --root="$arg_mountpoint" enable gitea.service
install -Dm644 /dev/stdin "$arg_mountpoint/etc/ssh/sshd_config.d/91-gitea.conf" <<-EOF
AllowGroups gitea
EOF
install -Dm644 /dev/stdin "$arg_mountpoint/etc/nginx/sites/gitea.conf" <<-'EOF'
# -*- mode: nginx; nginx-indent-level: 4; intent-tabs-mode: nil -*-
server {
server_name git.mothstuff.lol;
include /etc/nginx/snippets/listen.conf;
location / {
client_max_body_size 512M;
proxy_pass http://unix:/run/gitea/http.sock;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /user/login {
return 302 /user/oauth2/Infomaniak;
}
}
EOF
}