docker-compose environment for the entire v.st system https://v.st/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
env/gitea/setup

68 lines
1.7 KiB

#!/bin/bash
die() { echo >&2 "gitea: ERROR $*" ; exit 1 ; }
info() { echo >&2 "gitea: $*" ; }
DIRNAME="$(dirname $0)"
cd "$DIRNAME"
source ../env.production || die "no top level environment"
source ./env.production || die "no local environment"
DATA="../data/gitea"
SECRETS="$DATA/env.secrets"
INI="$DATA/gitea/conf/app.ini"
if [ -r "$SECRETS" ]; then
docker-compose up -d || die "unable to start"
exit 0
fi
GITEA_CLIENT_SECRET="$(openssl rand -hex 32)"
GITEA_ADMIN_PASSWORD="$(openssl rand -hex 8)"
info "creating new secrets $SECRETS"
mkdir -p "$DATA"
cat <<EOF > "$SECRETS"
# DO NOT CHECK IN
GITEA_CLIENT_SECRET=$GITEA_CLIENT_SECRET
GITEA_ADMIN_PASSWORD=$GITEA_ADMIN_PASSWORD
GITEA__server__ROOT_URL=https://$GITEA_HOSTNAME/
GITEA__security__INSTALL_LOCK=true
GITEA__security__SECRET_KEY=$(openssl rand -hex 32)
EOF
docker-compose down 2>/dev/null
../keycloak/client-delete gitea 2>/dev/null
../keycloak/client-create <<EOF || die "unable to create gitea client"
{
"clientId": "gitea",
"rootUrl": "https://$GITEA_HOSTNAME",
"adminUrl": "https://$GITEA_HOSTNAME",
"redirectUris": [ "https://$GITEA_HOSTNAME/*" ],
"webOrigins": [ "https://$GITEA_HOSTNAME" ],
"clientAuthenticatorType": "client-secret",
"secret": "$GITEA_CLIENT_SECRET"
}
EOF
docker-compose up -d || die "unable to start container"
info "waiting for startup..."
sleep 5
info "adding oauth login"
docker-compose exec -u git gitea \
gitea admin auth add-oauth \
--name "keycloak" \
--provider "openidConnect" \
--key "gitea" \
--secret "$GITEA_CLIENT_SECRET" \
--auto-discover-url "https://${KEYCLOAK_HOSTNAME}/realms/${REALM}/.well-known/openid-configuration" \
--group-claim-name "groups" \
--admin-group "admin" \
|| die "unable to add oauth interface"