docker-compose environment for the entire v.st system
https://v.st/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
55 lines
1.2 KiB
55 lines
1.2 KiB
2 years ago
|
#!/bin/bash
|
||
|
|
set -euo pipefail
|
||
|
|
die() { echo >&2 "$@" ; exit 1 ; }
|
||
|
|
|
||
|
|
DIRNAME="$(dirname $0)"
|
||
|
|
cd "$DIRNAME"
|
||
|
|
|
||
|
|
docker-compose down
|
||
|
|
|
||
|
|
../keycloak/client-delete gitea
|
||
|
|
|
||
|
|
GITEA_CLIENT_SECRET="$(openssl rand -hex 32)"
|
||
|
|
|
||
|
|
rm -f env.secrets
|
||
|
|
cat <<EOF > env.secrets
|
||
|
|
# DO NOT CHECK IN
|
||
|
|
#GITEA_CLIENT_SECRET=$GITEA_CLIENT_SECRET
|
||
|
|
EOF
|
||
|
|
|
||
|
|
../keycloak/client-create <<EOF || die "unable to create gitea client"
|
||
|
|
{
|
||
|
|
"clientId": "gitea",
|
||
|
|
"rootUrl": "https://$GITEA_HOSTNAME",
|
||
|
|
"adminUrl": "https://$GITEA_HOSTNAME",
|
||
|
|
"redirectUris": [ "https://$GITEA_HOSTNAME/*" ],
|
||
|
|
"webOrigins": [ "https://$GITEA_HOSTNAME" ]
|
||
|
|
"clientAuthenticatorType": "client-secret",
|
||
|
|
"secret": "$GITEA_CLIENT_SECRET"
|
||
|
|
}
|
||
|
|
EOF
|
||
|
|
|
||
|
|
docker-compose up -d || die "unable to start container"
|
||
|
|
|
||
|
|
echo SLEEPING
|
||
|
|
sleep 30
|
||
|
|
|
||
|
|
test -f ./data/app.ini || die "missing data/app.ini"
|
||
|
|
|
||
|
|
grep --quiet '\[openid\]' ./data/app.ini || {
|
||
|
|
echo <<EOF >>./data/app.ini || die "unable to enable OpenID in app.ini"
|
||
|
|
;service]
|
||
|
|
; Only allow registering via OpenID
|
||
|
|
;DISABLE_REGISTRATION = false
|
||
|
|
;ALLOW_ONLY_EXTERNAL_REGISTRATION = true
|
||
|
|
[openid]
|
||
|
|
; do not allow signin to local users via OpenID
|
||
|
|
ENABLE_OPENID_SIGNIN = false
|
||
|
|
; allow creation of new users via OpenID
|
||
|
|
ENABLE_OPENID_SIGNUP = true
|
||
|
|
EOF
|
||
|
|
}
|
||
|
|
|
||
|
|
echo "TODO: Configure openID by visiting login.${DOMAIN_NAME}/
|
||
|
|
|