diff --git a/README.md b/README.md index 1123d5f..10df55f 100644 --- a/README.md +++ b/README.md @@ -17,5 +17,3 @@ apt install jq docker-compose ./nginx/setup ./start-all ``` - -* gitea requires some manual configuration; see [gitea/README][gitea/README.md] for more info diff --git a/gitea/README.md b/gitea/README.md index 3e56968..ef1b0be 100644 --- a/gitea/README.md +++ b/gitea/README.md @@ -1,9 +1,3 @@ # gitea -After the `setup` script has run, the website *still* requires a click to finish the installation. -Once that is done it will break since the OpenID login has not yet been configured. Run this to -fix it. - -``` -./add-auth -``` +OIDC setup is now automated diff --git a/gitea/add-auth b/gitea/add-auth deleted file mode 100644 index 0af8add..0000000 --- a/gitea/add-auth +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -# run this *after* initializing the database by clicking on the ok -# issue filed https://github.com/go-gitea/gitea/issues/19616 -source ../env.production -source ./env.production -source ../data/gitea/env.secrets - - -true || curl "https://${GITEA_HOSTNAME}/" \ - -v \ - -X POST \ - -H 'Origin: null' \ - -H 'Connection: keep-alive' \ - -H 'Upgrade-Insecure-Requests: 1' \ - -H 'Sec-Fetch-Dest: document' \ - -H 'Sec-Fetch-Mode: navigate' \ - -H 'Sec-Fetch-Site: same-origin' \ - -H 'Sec-Fetch-User: ?1' \ - -H 'TE: trailers' \ - -H 'Cookie: i_like_gitea=ac81483e536b3641' \ - -F "db_type=postgres" \ - -F "db_host=db:5432" \ - -F "db_user=gitea" \ - -F "db_passwd=gitea" \ - -F "db_name=gitea" \ - -F "ssl_mode=disable" \ - -F "db_schema=" \ - -F "charset=utf8" \ - -F "db_path=/data/gitea/gitea.db" \ - -F "app_name=${REALM} Gitea" \ - -F "repo_root_path=/data/git/repositories" \ - -F "lfs_root_path=/data/git/lfs" \ - -F "run_user=git" \ - -F "domain=${GITEA_HOSTNAME}" \ - -F "ssh_port=22" \ - -F "http_port=3000" \ - -F "app_url=https://${GITEA_HOSTNAME}/" \ - -F "log_root_path=/data/gitea/log" \ - -F "smtp_host=" \ - -F "smtp_from=" \ - -F "smtp_user=" \ - -F "smtp_passwd=" \ - -F "enable_federated_avatar=on" \ - -F "enable_open_id_sign_in=on" \ - -F "allow_only_external_registration=on" \ - -F "default_allow_create_organization=on" \ - -F "default_enable_timetracking=on" \ - -F "no_reply_address=noreply.${GITEA_HOSTNAME}" \ - -F "password_algorithm=pbkdf2" \ - -F "admin_name=root" \ - -F "admin_passwd=${GITEA_ADMIN_PASSWORD}" \ - -F "admin_confirm_passwd=${GITEA_ADMIN_PASSWORD}" \ - -F "admin_email=" \ -|| die "unable to initiate install" - - -docker-compose exec -u git gitea \ - gitea admin auth add-oauth \ - --name "keycloak" \ - --provider "openidConnect" \ - --key "gitea" \ - --secret "$GITEA_CLIENT_SECRET" \ - --auto-discover-url "https://${KEYCLOAK_HOSTNAME}/realms/${REALM}/.well-known/openid-configuration" \ - --group-claim-name "groups" \ - --admin-group "admin" \ -|| die "unable to add oauth interface" diff --git a/gitea/setup b/gitea/setup index 87a2c3b..d05db79 100755 --- a/gitea/setup +++ b/gitea/setup @@ -29,6 +29,8 @@ cat < "$SECRETS" GITEA_CLIENT_SECRET=$GITEA_CLIENT_SECRET GITEA_ADMIN_PASSWORD=$GITEA_ADMIN_PASSWORD GITEA__server__ROOT_URL=https://$GITEA_HOSTNAME/ +GITEA__security__INSTALL_LOCK=true +GITEA__security__SECRET_KEY=$(openssl rand -hex 32) EOF @@ -52,46 +54,6 @@ docker-compose up -d || die "unable to start container" info "waiting for startup..." sleep 5 -info "attempting to finish install" -curl "https://${GITEA_HOSTNAME}/" \ - -X POST \ - -f "db_type=postgres" \ - -f "db_host=db:5432" \ - -f "db_user=gitea" \ - -f "db_passwd=gitea" \ - -f "db_name=gitea" \ - -f "ssl_mode=disable" \ - -f "db_schema=" \ - -f "charset=utf8" \ - -f "db_path=/data/gitea/gitea.db" \ - -f "app_name=${REALM} Gitea" \ - -f "repo_root_path=/data/git/repositories" \ - -f "lfs_root_path=/data/git/lfs" \ - -f "run_user=git" \ - -f "domain=${GITEA_HOSTNAME}" \ - -f "ssh_port=22" \ - -f "http_port=3000" \ - -f "app_url=https://${GITEA_HOSTNAME}/" \ - -f "log_root_path=/data/gitea/log" \ - -f "smtp_host=" \ - -f "smtp_from=" \ - -f "smtp_user=" \ - -f "smtp_passwd=" \ - -f "enable_federated_avatar=on" \ - -f "enable_open_id_sign_in=on" \ - -f "allow_only_external_registration=on" \ - -f "default_allow_create_organization=on" \ - -f "default_enable_timetracking=on" \ - -f "no_reply_address=noreply.${GITEA_HOSTNAME}" \ - -f "password_algorithm=pbkdf2" \ - -f "admin_name=root" \ - -f "admin_passwd=${GITEA_ADMIN_PASSWORD}" \ - -f "admin_confirm_passwd=${GITEA_ADMIN_PASSWORD}" \ - -f "admin_email=" \ -|| die "unable to initiate install" - -sleep 10 - info "adding oauth login" docker-compose exec -u git gitea \ gitea admin auth add-oauth \